Re: [users@httpd] Is it possible to start httpd, with reading the certificates of non-root user?
Ajay, Looks like OpenSSL is finding something in your key file it can't parse... Windows line endings maybe? S. -- Sander Temme san...@temme.net Sent from my phone On Sep 4, 2012, at 1:26 AM, Ajay Garg wrote: > Hi all. > > I have a WebDAV share setup in the context of httpd; and things work like a > charm, when the key- and crt-file are in the context of "root" user and > "root" group. > > > However, if I generate the key and crt files in the context of some other > user; modify the paths in "/etc/httpd/conf.d/ssl.conf", and try to restart, I > get the logs :: > > ## > [Tue Sep 04 13:48:40 2012] [error] Init: Unable to read server certificate > from file /home/ajay/test_folder/ssl.key > [Tue Sep 04 13:48:40 2012] [error] SSL Library Error: 218529960 > error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag > [Tue Sep 04 13:48:40 2012] [error] SSL Library Error: 218595386 > error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error > ## > > > > So, just wish to ask :: Am I doing something which is not possible (by > design) ? :) > > Will be grateful for a reply. > > > Thanks and Regards, > Ajay > > - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] How does client decrypt data in a HTTPS-based WebDAV transfer
Ajay, On Mar 25, 2012, at 9:54 PM, Ajay Garg wrote: > Thanks Eric for the reply. > > Eric, but how is the shared secret comfigured? > I do not remember configuring anything like this for the HTTPS-based WebDAV > server. As your DAV client and the server set up their SSL connection, they exchange information that is used by either side to derive a set of session encryption keys. This starts with a piece of random data generated by the client, wrapped in the public key from the server's certificate, and sent to the server. Since only the server has the corresponding private key, no eavesdropper can intercept this piece of data, and no one but the server and client have the proper input material to derive those session keys. Once the session keys are created, they are used by either side to sign, encrypt, decrypt and verify the SSL records sent across the connection. So the only thing that is pre-arranged is the key/certificate on the server, and the fact that the client trusts the server certificate (through the CA certificate in the client's key store or CA bundle). Hope this helps, S. > Thanks and Regards, > Ajay > > On Sun, Mar 25, 2012 at 11:39 PM, Eric Covener wrote: > > BUT, HOW IS THE CLIENT ABLE TO DECRYPT THE DATA? (I have been running both > > webdav server and client on the same machine; so it might very well > > be the case that some info from "ssl.conf" and/or "httpd.conf" is being used > > at the client side. However, I am just guessing ... > > Under SSL, the client and server negotiate a shared secret used to > encrypt/decrypt the data. > > They can set this up securely because the client starts this process > with info encrypted with the servers public key. > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > -- scte...@apache.orghttp://www.temme.net/sander/ PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] RE: Suspicious URL:Re: [users@httpd] Problems in setting up a "HTTPS" based WebDAV server
Ajay, Let's table the issue of certificates, and move on to getting your server started. You have a good key, and a good certificate. The fact that you can run openssl s_server with it proves that. What concerns me is that you have mod_ssl configuration language in your main configuration file. When you use the Red Hat supplied httpd configuration, it Includes everything in /etc/httpd/conf.d. Among the files in this directory is ssl.conf, which contains configuration language for a VirtualHost on port 443. With its own SSLCertificateFile, and its own SSLCertificateKeyFile. What if those configuration options are interfering with yours, and you end up using a mixture of the two? I'm actually not sure what would happen. Please try the following: 1) Comment out your VirtualHost definition at the bottom of httpd.conf 2) Find the SSLCertificateFile and SSLCertificateKeyFile parameters in conf.d/ssl.conf, and substitute your key and certificate file paths. 3) Stop and start your server. Does it start up now? Can you connect to it with a browser? S. On Mar 24, 2012, at 10:52 PM, Ajay Garg wrote: > Thanks a ton, Daniel. > > I think, you are the first one to hit the nail on the head :-) > Thanks again; I am obliged. > > Daniel, it seems that for generating certificates "class 2" identification is > required (http://www.startssl.com/?app=34) > > Anyhow, since currently I am just in the development/testing phase, so what I > just need is the feature working. > > Sorry if I may sound a bit too demanding, but I will be really grateful if > you could let me now the appropriate commands to generate appropriate > "SSLCertificateKeyFile" and "SSLCertificateFile", which will get the > "connection to HTTPS WebDAV" server working (just about working locally). For > production-based deployment, certificates can be generated on an official > basis by my organisation. > > > Thanks and Regards, > Ajay > > On Sat, Mar 24, 2012 at 6:50 PM, Daniel Ruggeri wrote: > On 3/23/2012 11:47 PM, Ajay Garg wrote: > > I used the following command to generate the ".key" and ".crt" :: > > > > > > openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout > > ssl.key -out ssl.crt > > > > > > > > I will be grateful, if you could let me know the required command(s) > > to generate the "RSA Server Certificate", and the ".key" :-) > > You already have both (ssl.key is your private key and ssl.crt is your > certificate file). The key becomes SSLCertificateKeyFile and the cert > becomes SSLCertificateFile in your httpd.conf. Since you generated both > at the same time, they are sure to match. > > It's important to note that you now have what is called a self-signed > cert (its identity is only vouched for by itself) and practically every > client on the Internet will warn or refuse to connect to your server. > It's up to you to decide if that is a problem or not - if this is > something you will only use privately, it's probably OK. > > To get past this, you need to generate a certificate signing request and > send it to a reputable CA for signing. I believe > http://www.startssl.com/ offers this service for free, but there a few > other free ones out there. > > openssl req -out ssl.csr -key ssl.key -new > > (This generates ssl.csr which you can safely email to be signed) > > -- > Daniel Ruggeri > > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > -- scte...@apache.orghttp://www.temme.net/sander/ PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Apache 2.4.1 third party dependencies
On Mar 2, 2012, at 2:28 PM, Andy Wang wrote: > 've been following the various changes with Apache 2.4.x (and 2.3.x during > development regarding the removal of apr/apr-util and pcre from the Apache > source bundle and noted that: > http://httpd.apache.org/docs/2.4/install.html > > says nothing about PCRE as a requirement, but the default configure options > look for pcre and blow up if it can't find it. I just committed this change: http://svn.apache.org/viewvc?rev=1296736&view=rev Does that help clarify things? S. -- scte...@apache.orghttp://www.temme.net/sander/ PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users] Re: [users@httpd] Getting fixes before they are released
Michael, On Mar 3, 2012, at 10:47 AM, Michael Felt wrote: > I know there are some fixes to 2.4.1 already done - how would I pick those up > (rather than going to trunk or 2.5.0 as of today?). Fixes to the 2.4 releases appear in the 2.4.x branch as they are backported. Check out http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x from Subversion and you'll be at the bleeding edge of the stable branch. > There is some mention of a patches directory, but I do not see current info. > > regards. > > Same for 2.2.22 Same deal, but check out http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x S. -- scte...@apache.orghttp://www.temme.net/sander/ PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Apache startup error
On Oct 31, 2011, at 7:28 AM, Nick Riesland wrote: > Allow from 127.0.0.0/255.0.0.0 ::1/128 What if you split that across two Allow from statements? S. -- scte...@apache.orghttp://www.temme.net/sander/ PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Survery: how do you use httpd?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear Apache users, I have created a quick survey to see how YOU use Apache and what is important to you: http://www.surveymonkey.com/s/HFGDY3C It's only eight questions, and there's only one matrix! Shouldn't take but a minute to fill out. Nothing official: I'm just curious. I'll post the results back to the list and if I get interesting stuff, I may do a Lightning Talk about it next week at ApacheCon. Thank you! S. - -- scte...@apache.orghttp://www.temme.net/sander/ PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJOrkuaAAoJEJu4Y7D1G7iKBcwQAJprGuKpdZ7V0HLfZ6rXcgoW 9owfIOW96aFhS5O6nXJDQhXkxjbkJVkdczcZ0NcyPlEQ780mkqi1LrjwyKX+mCQr aM7dguFHI4kd8DMqs5vrpaaSnY2bFfkW3P9qiNC+/yAXT+EyGLdiJwsQrbPha633 3k76arNqF9+NA4CTuj+NwBcyfrjlyah4XU7dGS7ZOCypJSEefjBpJnS0L852J+KC JLbNGGqeTcfhDvx+V7n6ELmk8y0qNQHGQWP5WW7WlbUcER0liIfz15gysBK8H4Zo Xu49p1Q4Uu2cE3kUvYdszuDhn5fYHWCpi/tfu4Zl+L+uX5A23t1ggDfh6o1RwgkL g5Ap/mMK1upa6IESzbFtSgf/w70W2Arnx502YCLBH5ese8BfvlNudooxCqSccfBJ Z1zEOaszxmLdzzACyA2tDVhddZe1R8GKHZjPJYvtO3t7QxFgk65KrKFUeKwi7XYL ncNbxYlLjee/XA91CIHliIL2SIXi8Gjc+gROGJkS44GGZqP3Hd5dIO3wca19jRP7 XfKuwCdYcLAwQ1sIOy6uqz6aQXPhPIIbc95Jr4U6rMTiPwJPD2S9gj/6mVTKEJgv 0k23JdlpWMRRa+5qeNOy6QkHHEhQZ0FxRfBNZMSly67M+rDk7WniEwyU+8wHX0YN 04Zc/fHMUO9YhJlowbKl =kZLK -END PGP SIGNATURE- - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] HTTP meetup at ApacheCon?
On Oct 29, 2011, at 7:20 AM, Eric Covener wrote: > Please bump the interest count linked below if you'll attend the HTTP > meetup on Thursday Nov 11 at ApacheCon in Vancouver: Done... who else is coming? S. > http://wiki.apache.org/apachecon/ApacheMeetupsNa11 > > http://na11.apachecon.com/ > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] change default apache welcome page
On Oct 14, 2011, at 5:52 AM, Eric Covener wrote: >> >>> Regards >> >> I checked it but no change still welcome page appears. And how to change >> default error page ?? > > Checked it or changed it? Did you clear your browser cache? > > You can change the default by editing it. And then restarting your server. S. -- scte...@apache.orghttp://www.temme.net/sander/ PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] phishing problem
On Jul 12, 2011, at 1:37 AM, Patrick Proniewski wrote: > Hi, > > Apache servers are not victims of phishing attacks. > Users are victims of phishing attacks. > > As the OP is french, I'm continuing in french: Patrick, remember that one of the reasons we have these conversations on a mailinglist is that others can also benefit from the information exchanged. You're not just talking to Frank, you're talking to all of us. Keeping the conversation in English will ensure maximum benefit. Thank you, S. > Comme je ne dis plus haut, tes serveurs ne peuvent pas être victimes d'une > attaque de phishing. Un phishing c'est une attaque par abus de confiance (ou > de bêtise), et ça se situe donc directement au niveau de l'utilisateur. > Le seul moyen de lutter contre le phishing c'est d'éduquer les utilisateurs. > Tu peux toujours proposer des services en https, si les utilisateurs se > moquent de la validité des certificats, c'est mort. > > Tu ne donnes pas assez de détails pour qu'on puisse comprendre ce qu'il s'est > passé, donc impossible de te donner des pointeurs vers de la doc. > Quoi qu'il en soit, si les utilisateurs ont été dirigés à leur insu vers un > serveur "pirate", il n'existe aucune configuration d'apache qui peut les > protéger, puisque par définition, les utilisateurs arrivent sur un serveur > qui n'est pas le tien. > > On 12 juil. 2011, at 10:20, Frank Bonnet wrote: > >> Hello >> >> Few weeks ago we discovered that two of our apache servers >> has been victims of phishing attack. >> >> The first one is running squirrelmail webmail and the second one >> in running our extranet services for students and professors. >> >> Both of them are using https and require authentication. >> >> The two phising pages had the same look and feel than original servers >> of course ! >> >> The "traps" has been used to grab users's login and passwords as usual. >> >> The attack has been performed by "real" hackers that have been paid >> by some students to hack passwords of "interresting" people. >> maybe some hacked DNS or Internet routers has been compromised/used ? >> >> I would be VERY interrested by ANY documentation about that kind >> of phising techniques and HOW to fight them ( if possible ) also >> I would be interrested by any apache gurus advices ... >> Would it be possible to configure something in apache to track down >> that kind of problem ? any log analyzer that could help ? >> >> Thank you very much > > Patrick PRONIEWSKI > -- > Administrateur Système - DSI - Université Lumière Lyon 2 > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Reminder: TAC Assistance to ApacheCon NA 2011 closes July 8th
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi All, Just a friendly (and final) reminder that applications for financial help to attend ApacheCon NA 2011 in Vancouver close this coming Friday 8th July (2200 BST : UTC+1). Financial assistance is available for Travel (planes, trains, whatever) , Accomodation (at the conference venue hotel) and Conference entrance fees. Dependant on your circumstances will decide how much of that you would be given. Please visit http://apache.org/travel for more information and a link to the application form. Remember: We DO help people get to ApacheCon and other Apache events every year, we DO want to help people get there who otherwise could not, that is why we exist. Spread the word, you are welcome to tweet, blog, email, post, phone or smoke signal to anyone who you think might benefit from attending ApacheCon this year. Kind Regards, The Travel Assistance Committee. -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJOFIfaAAoJEJu4Y7D1G7iKxjkP/RI+FUTDOapL3+1NqwsQhnps XUa7v+nfQC+/J1SnqISge6EberqOPBSVzqNGzq299nbC3ANljbmolOKxp8b5gUFQ fmAixkq8D41byW/Ct+c8gO3uyGbiolps75+b+wB50eM+W7OuO2s+eI6FnCchx93a z5LDz6+o8F3f4GRDZYcN4toRNRu5FYpbgnP+z93SFlDu1BV6idRc9453GSHaMnAK A3XOhfuni7OEmvcO0XwVem5W8BK5P1nk9lO1MXUvRp2Lg4X9i8NnN5MSBdkheHfc cxveJgRXAo9aE0WdyR8fjVLvEJBdlpWDWsJRCb/7+fROl9ek3j7A7cxaAodgU6fa Qc4jGcvD8geqhdP18b4IxgphZsdyqhfDuOyskFswnnUmqzIj2uRetRXxt7mGVJh5 hgJV2BoGK4ix+0/AP5UMjgwgte4e5z5LnqYvnK3SdJxNlMjkhnN2C40ytjp+59ub y4FZ7o4idnHYhiFMdRVsN/h+SeycrW6AP7xjvvsCJeefeioR/AKINimTMKUS+VS2 wTc2KvXmJe5OBb03GJtDN1gv8dM2pfjBzQ5VMdnCWKf8T0Mtk26ogam7j8Y48fS3 pVtJm+aOEpkCpRfr0nWWh4w4vG5eaGEfLjE6GRZBEqbz9GtNGpP08lCv7/ybqdey udoxTUpzdmGGGBcMzNLG =VxYQ -END PGP SIGNATURE- - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] unistall apache 2
On Jun 24, 2011, at 12:18 PM, julio peppe wrote: > i undestud , but and other files in file system same : > > /etc/init.d/apache2 ... ??? exist other files in other folders?? The init.d stuff etc. was added by the 'apache2' Debian package. The default Apache installation does not install startup scripts: that's up to you (or your friendly packager). > or same /usr/loca/apache2 ?? That's where we put all of our stuff unless you specify otherwise. S. > if unic folder is /usr/local/apache2 , that's easy :) > > tahnks....for now :) > > > > 2011/6/24 Sander Temme > > On Jun 24, 2011, at 11:30 AM, julio peppe wrote: > > > I try this first , but file "uninstall" dont be in folder.. > > > > mistery. > > > > any help??? > > We don't have an uninstall target in our Makefiles. > > If you just did ./configure; make; make install, your Apache installation > will be under /usr/local/apache2. Delete that directory tree and your > installation is gone. If you specified a different prefix to configure, or > fine tuned your installation directories, hunt for bits of your installation > accordingly. > > If you don't remember the parameters you gave configure, look in config.nice > under the build subdirectory. > > S. > > > > > 2011/6/24 Sharl.Jimh.Tsin > > On 2011年06月24日 23:06, julio peppe wrote: > > HI everyone , i install apache 2 in my debian 6 , but , how i havee > > UNISTALL apache 2 ? > > > > i dont use apt-ge install , i used to install ./configure | make \ make > > install > > version of package. > > > > > > > > please help . > > > > > > > > -- > > Júlio S. Peppe. > > Programador > > > > > > cd to your folder which contains the source code,and run "make uninstall". > > > > -- > > Best regards, > > Sharl.Jimh.Tsin (From China *Obviously Taiwan INCLUDED*) > > > > Using Gmail? Please read this important notice: > > http://www.fsf.org/campaigns/jstrap/gmail?10073. > > > > > > - > > The official User-To-User support forum of the Apache HTTP Server Project. > > See http://httpd.apache.org/userslist.html> for more info. > > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > > " from the digest: users-digest-unsubscr...@httpd.apache.org > > For additional commands, e-mail: users-h...@httpd.apache.org > > > > > > > > > > -- > > Júlio S. Peppe. > > Programador > > > > > > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > > > > -- > Júlio S. Peppe. > Programador > > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] unistall apache 2
On Jun 24, 2011, at 11:30 AM, julio peppe wrote: > I try this first , but file "uninstall" dont be in folder.. > > mistery. > > any help??? We don't have an uninstall target in our Makefiles. If you just did ./configure; make; make install, your Apache installation will be under /usr/local/apache2. Delete that directory tree and your installation is gone. If you specified a different prefix to configure, or fine tuned your installation directories, hunt for bits of your installation accordingly. If you don't remember the parameters you gave configure, look in config.nice under the build subdirectory. S. > > 2011/6/24 Sharl.Jimh.Tsin > On 2011年06月24日 23:06, julio peppe wrote: > HI everyone , i install apache 2 in my debian 6 , but , how i havee UNISTALL > apache 2 ? > > i dont use apt-ge install , i used to install ./configure | make \ make > install > version of package. > > > > please help . > > > > -- > Júlio S. Peppe. > Programador > > > cd to your folder which contains the source code,and run "make uninstall". > > -- > Best regards, > Sharl.Jimh.Tsin (From China *Obviously Taiwan INCLUDED*) > > Using Gmail? Please read this important notice: > http://www.fsf.org/campaigns/jstrap/gmail?10073. > > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > > > > -- > Júlio S. Peppe. > Programador > > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Travel Assistance applications now open for ApacheCon NA 2011
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The Apache Software Foundation (ASF)'s Travel Assistance Committee (TAC) is now accepting applications for ApacheCon North America 2011, 7-11 November in Vancouver BC, Canada. The TAC is seeking individuals from the Apache community at-large --users, developers, educators, students, Committers, and Members-- who would like to attend ApacheCon, but need some financial support in order to be able to get there. There are limited places available, and all applicants will be scored on their individual merit. Financial assistance is available to cover flights/trains, accommodation and entrance fees either in part or in full, depending on circumstances. However, the support available for those attending only the BarCamp (7-8 November) is less than that for those attending the entire event (Conference + BarCamp 7-11 November). The Travel Assistance Committee aims to support all official ASF events, including cross-project activities; as such, it may be prudent for those in Asia and Europe to wait for an event geographically closer to them. More information can be found at http://www.apache.org/travel/index.html including a link to the online application and detailed instructions for submitting. Applications will close on 8 July 2011 at 22:00 BST (UTC/GMT +1). We wish good luck to all those who will apply, and thank you in advance for tweeting, blogging, and otherwise spreading the word. Regards, The Travel Assistance Committee - -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJN7VhPAAoJEJu4Y7D1G7iKgHUQAK5jQfCrdj94GaPTnyHNkXNT wvseWS9DmiW+HvIVBiWPwZG0sESoV8xy+oFiMigwrrA5LZWYPkihRSzr2i8L1L3k SpglLc2i9gfSnrUtbkBlguWl6JmBoKGJF/v2han7osCeCGlGYO6oAohNqs6Ie0qU V6jsICKQESNadzHmdDUTFp3iu5J3EkCj2I0eBjUlYGwHdNmwc0QzHiJkG212aU4Y XtSTxAfeUxigQ5B6VDp1+/zw0P/39XWw9Ip/XJWo/dk11n50obZj7MFqbTzRIrcg 7JWALCnO2ipwWdyLHRFMdmNaauvKMzkLBpO/h+ur/i+CFLdWwmyQCSuFOfcQtv6P ekMxqFZdXYDs8Edu7AUBcE+iVnPOW8p99qo3OK4l3Rt9eYiEMA5qGFY8taIX9KmI qsTb3YthCOUoJGg5aRajKDEfsdXBkqp4vrhY/W2lV7KsDaRLRYR7tmzKcXY+K2Rt rya3xtqY4yHbnx/sIKT2O5p6dUSOIFts3pggdeVZDMRfKNPfwFARZD4Cv7FfBMdF uF/4sY0KsbDE+KhMf14c8IA4x0nR8ohjkEzJVuHFZqyBIvimZplVdZlh7kk+lG8v pQLTOAzok3yVMgqkIu+JPcLeXNUYj7I1Md2flVzzj4DMn5dJlQxfG+CI/1GI0MXF fHPM6SToANHkuMbbpvs0 =zBne - -END PGP SIGNATURE- -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJN7Vh3AAoJEJu4Y7D1G7iKn6gQAJegL5RIo+pBf22dqi+lfzca iSARsNMVdcd0DDoXlKGwAefnrF6QkaLrL0kl2Ffb42JnwWTQl9wjGPTpTfqctfLQ MjhYuoGSf6/rRXI30T03oDEEht4inky91sU+VPVtoAokwvJTEGC/1ijBlqNfTe+E ZWgsRlgr+EYg4c2sQtsjV9XI8l58kNINZsgaUSGAtet3qcVjiW3zbhySlKAD4FHV C/iF2UKIcM2nnGreHCJzOetDuto4jlkfWiaVRPtxWjOmCJz1sCDodyypowg9Pskc 68Cdfa0PpQMx/2SDgntBcKZEiqGIsF6deo1+mMXe/CRMiaa7a85GdO7wPMd6FLZz 9/wqAq8epAqAvJUx5+hZuFTe9e8P8Hs9Lg+jOheEWGvtNT6bybFXQv686GXEPJtU 1TWWGm+HTo0WETxdTNsHRl5b5Wkae32vKB9fMyJVWBYb8xFK1ubSogFFpRxXiocY ra7l/vdsbH+cA2bDutqS0QHWx4+89LQ74kue+knhKEpcVmp4nMtPWmcZjLHAI73D gCHnZ9oScU2FVfZMxirXfMOLZYzCZW+/0lKAVue1VEUduagDOxC8um3k2Fn0UImy iLjjqI2OIVkopTTpd3XQZV6S2TT2MM+0denMomKIXKfzRpC2iJcEqGB9oQcHiAVC W7yPnSxsXTKGxh8ILaAQ =j8ae -END PGP SIGNATURE- - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] permissions problem on my webserver
On Feb 4, 2011, at 7:08 AM, James Godrej wrote: > when I go to a browser then rather than seeing the index page what I see is > the > directory starts getting downloaded.(Now I see a permissions denied error) > "You don't have permission to access / on this server." You must have removed that index.html, and the resultant overlay of the Options statements in your config is that Indexes are forbidden. Note that the default vhost on Ubuntu has a block, and the main server config doesn't. I have never heard of Ilias, but you'll find that http://localhost/ilias/ will give you better results. S. > > Following is my vhost > > >ServerAdmin webmaster@localhost >DocumentRoot /var/www >ErrorLog /var/log/apache2/error.log >LogLevel warn >CustomLog /var/log/apache2/access.log combined > You don't specify Options Indexes for , so you're working with whatever the server default is. > and following line I see in log > 192.168.43.1 - - [04/Feb/2011:20:31:08 +0530] "GET / HTTP/1.1" 403 261 "-" > "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.12) Gecko/20101027 > Ubuntu/10.04 (lucid) Firefox/3.6.12" > > and in error.log > > [Fri Feb 04 20:30:23 2011] [error] [client 192.168.43.1] Directory index > forbidden by Options directive: /var/www/ > [Fri Feb 04 20:31:08 2011] [error] [client 192.168.43.1] Directory index > forbidden by Options directive: /var/www/ Options, or lack thereof which means you're working with whatever is the server default. > What should I do in this situation? What are you trying to achieve? The path to the Ilias installation is under the subdirectory, can you get there? Would you rather have that in the root dir? If you want to show content in the root dir, put content in there (you must have removed the default index.html). If you want to have Ilias in the root dir, unzip it there or make the ilias directory your root. S. -- Sander Temme scte...@apache.org PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Apache HTTPD 2.2.6 + mod_ssl 2.2.6 -- odd error...
On Dec 1, 2010, at 7:30 AM, J.Lance Wilkinson wrote: > In hindsight, the fact these messages were not prefixed by typical > Apache error log tokens like like [timestamp] [severity] [client] > should have been the tipoff here. That is true, log messages from the server (through ap_log_error() variants) have a well defined format. > MANAGE SSL CERTIFICATES. The output from backtick'd calls to the > OPENSSL utility was being output to syserr which of course PHP (using > mod_php5) was shunting to the Apache error log for lack of a better > place to put it. Apache redirects the stderr stream to its error log after it starts up. PHP et. al. have no influence over this. > Should be safe to proceed with the other applications of these new > certificates that are so critical today. > > Thanks for everybody's patience and indulgence -- clearly this should > never have been posted here, but I was desperate. Good to hear, happy to help out. That's why we have this list! S. -- Sander Temme scte...@apache.org PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Apache HTTPD 2.2.6 + mod_ssl 2.2.6 -- odd error...
On Nov 30, 2010, at 8:37 PM, J.Lance Wilkinson wrote: > But my httpd log files present an unexpected error each and every time a > browser visits an SSL encrypted page (2 examples cited): So there is no discernible negative impact on the client? > User interface error > unable to load Private Key > 22439:error:0906A068:PEM routines:PEM_do_header:bad password > read:/on10/build-nd/G10U10B0B/usr/src/common/openssl/crypto/pem/pem_lib.c:401: > > Any idea what these might be? It's hard to guess what's going on here without a backtrace. A cursory glance at the OpenSSL source suggests that things FAIL when this error is triggered, so successful SSL connections seem unlikely under those circumstances. I would not be surprised if this should cause your server to fail to start. So the fact that it doesn't happen when the server starts (which is when we read the SSL private keys and certificates from disk), and does not cause the connections to the browser to fail, suggests that this does not have anything to do with mod_ssl. What other modules do you have that might be reading a private key from a PEM blob on every request? > I have already verified that the private key file is NOT password protected. > I've also seen notations on both sites for Apache and mod_ssl: > >"Why does my 2048-bit private key not work?" >http://www.modssl.org/docs/2.8/ssl_faq.html >http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#keysize > > both seem to say say that 2048-bit private keys are NOT ALLOWED because of > incompatibility w/ certain web browsers. Meanwhile it's not clear that I > could even generate a 2048-bit public key without having a 2048-bit private > key. So how could these COMODO certs EVER work if this was the issue? Surely that is very old and no longer relevant. If you visit https://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#keysize , you will find it protected by a 4096 bit key. > Count this with a layer of extreme urgency, as this new vendor is my only > source for certificates now, and I have two production webservers with current > certs expiring in about 30 hours that I need to replace w/ these new certs. Besides the weird error messages, what is the impact on functionality at this point? S. -- Sander Temme scte...@apache.org PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Apache 2.2.3 and PKI Token certificate Authentication
Sarva, On Nov 3, 2010, at 9:31 AM, Saravanan Kannan wrote: > We need some guidance (or) installation steps on how to implement the PKI > token certificates with Apache Web Server 2.2.3 for authentication purposes. > Currently our production environment uses the iPlanet 6.1 webserver and > Weblogic 10.0 as the application layer. The iPlanet 6.1 webserver will be > migrated to Apache 2.2.3 and the PKI Token certificate will be configured for > the authentication. We currently do not have expertise in our group in how to > configure the Apache 2.2.3 webserver with the PKI token certification for > authentication. Any reference materials or steps invovled in configuring the > PKI Token certificate for authentication will be helpful. Apache comes with mod_ssl, which runs on top of OpenSSL. OpenSSL uses PEM-encoded key and certificate files: it does not have the concept of a Token like iPlanet does. You need to export the key, certificate and certificate chain from the Token into PEM files for use by Apache. There is a module called mod_nss which uses the Netscape Security Library, the same crypto back-end used by iPlanet. This should allow you to use the same Token that you currently use. It was created by Red Hat, so I don't know if it's available on SuSE. I have not tried it. > OS = Linux ( SLES 10 MP2) > Apache Version = 2.2.3 Are you using Apache 2.2.3 as it came with your operating system? If you downloaded and installed it yourself, keep in mind that 2.2.3 is quite old and we have released new versions since. If you got it from SuSE, they will update it for you. S. -- Sander Temme scte...@apache.org PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Which version of OpenSSL should be used to build Apache 2.2.16?
On Sep 13, 2010, at 4:25 PM, Robert Christian wrote: > Apache 2.2.16 is currently the "best available version" of the HTTP Server. I > made some changes to the source and need to recompile with OpenSSL. My > question is, should I use OpenSSL 0.9.8o or OpenSSL 1.0.0a? The latter is a > more recent, major release, but Apache couples HTTPD 2.2.16 with Apache HTTP Server 2.2.16 should build against either OpenSSL 0.9.8 or OpenSSL 1.0. Let us know if you experience otherwise. > OpenSSL 0.9.8o in their binary offering. See "Win32 Binary including OpenSSL > 0.9.8o (MSI Installer)" on the download page. The Windows binary is not a release by the Apache Software Foundation, but a courtesy offering. The person who built that decided to include the 0.9.8o version, which is entirely up to him. Are you running on Windows? > There is little to no documentation regarding Apache's decision here. Our release is the source code, which as far as I know will build against either OpenSSL branch. Regards, Sander -- Sander Temme scte...@apache.org PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Upgrade 1.3.12 -> 2.2.16: Reverse Proxy issues [WAS: Jserv issue ???]
On Sep 13, 2010, at 10:57 AM, Mike Schleif wrote: > Does NOT work: > > > DOES work: > > > Actually, the former works with IE, but does NOT work with Firefox. Editing > the former to the latter, the latter works with both IE and Firefox. > > Is this the type of problem that the HTML and/or XML modules will resolve? > Is this automatic? Or, dependent on configuration of modules? Yes, that's what that/those modules are for. You'll have to explicitly specify which strings to search-and-replace: the module is not so smart that it can figure out what to do by itself. And, as you noted earlier, you will need to round up some Windows builds of some additional libraries. > > [2] There is another problem with a form that will NOT accept entries into > form fields. Still trying to identify the source to the problem; but, again, > this form DOES work with IE, and does NOT work with Firefox. I'm hoping that > the source is similar to [1] above. Possible, depending on what's going on. A point of attention would be what is the action= parameter of the form, is that a hardcoded URL that would mess up the proxy? If that or something similar is the case, you could also search-and-replace that with mod-proxy-html. > What need I look into? Resolving these issues, my client is ready to Reverse > Proxy in Production; and their problem is resolved. Thank you, for all of > your attention to this. Good to hear. Hope you can iron out those last wrinkles! S. -- Sander Temme scte...@apache.org PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Upgrade 1.3.12 -> 2.2.16: Jserv issue ???
On Sep 10, 2010, at 5:23 AM, Mike Schleif wrote: > SSL: move all SSL to the new frontend? No SSL running on legacy web server? Absolutely. You'll find that Apache 2.2.16 comes with mod_ssl bundled. Terminate SSL on the currently shipping server. Note that the Apache Software Foundation only ships source code: an important distinction on a platform that doesn't bundle the web server by default, and where users usually don't wield compilers. However, a build with and without SSL enabled is usually made available as a courtesy, and can be downloaded from http://httpd.apache.org/download.cgi . You may also find Windows builds on sites like http://www.apachelounge.com/ . S. -- Sander Temme scte...@apache.org PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Upgrade 1.3.12 -> 2.2.16: Jserv issue ???
On Sep 9, 2010, at 9:04 PM, Mike Schleif wrote: > > Run Apache 2.2.16 in front as reverse proxy, perhaps with mod_security to > > keep the stuff you don't want out? That would allow you to leave the > > Oracle stuff untouched. > > Wow! Thank you for a clue. > > "Run Apache 2.2.16 in front as reverse proxy ..." > > What's that about? You'd install a recent version of Apache (2.2.16 being the latest at this time) on the machine, and run it on port 80 (or whatever the current Apache binds to; move the current one to a different port like 81). Then configure the front-end Apache to: ProxyPass / http://localhost:81/ ProxyPassReverse / http://localhost:81/ This way, clients will connect to the 2.2.16 on port 80, which will forward their requests to the older httpd. > The reason my client's come to this is, whenever a Firefox browser initiates > a session, the Apache service dies on Windows VM. > > I've tried to identify the crash root cause; but, of course, nobody will help > with Apache 1.3.12. Does that affect your recommendation? Bummer. Hard to debug if you don't have debug symbols for the exact compile of the server, which I don't suppose Oracle would be able to produce for you. And then there would be very few on this planet who could interpret the dump. If anything, this circumstance reinforces my recommendation. Apache 1.3 was never designed to run on Windows, and insofar that it did has never been more than an experiment. Apache 2.2 runs much better on Windows: the platform is considered a first class citizen. Putting a more modern Apache in front of your old one will have it take care of the network traffic and deal with any client idiosyncrasies. And if a particular request or sequence makes your 1.3 backend die, the request will still be logged by the front-end. Newer Apache versions also have more elaborate logging capabilities for troubleshooting. This allows you to filter out the culprit requests using mod_security or something like that, or rewrite them to something that won't crash your 1.3. You can also selectively proxy requests back, and eventually have everything served by the modern front-end. At that point you'd only pass the requests for the antiquated JServ stuff back to the 1.3. S. > If ever I can be of service to you; contact me at once. > > I wish for you a truly extraordinary day ... > > -- > Best Regards, > > Mike Schleif > 612-235-6060 > http://mdsresource.net > http://www.linkedin.com/in/schleif > http://facebook.com/MDSResource > http://twitter.com/mikeschleif > > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > -- Sander Temme scte...@apache.org PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Upgrade 1.3.12 -> 2.2.16: Jserv issue ???
On Sep 9, 2010, at 5:29 AM, Mike Schleif wrote: > OK, I understand what you're saying. However, all I'm asking is, How can I > load Jserv 1.1 functionality in Apache 2.2.16? Mod_jserv is dead. Has been dead for a decade. Its functionality (insofar that I remember what it once did) has been replaced by Tomcat. > Oracle hasn't supported 8.1 in years. > > We're trying to see if we can upgrade the web server portion while leaving > all else as-is. Run Apache 2.2.16 in front as reverse proxy, perhaps with mod_security to keep the stuff you don't want out? That would allow you to leave the Oracle stuff untouched. S. -- Sander Temme scte...@apache.org PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] ECC support
On Aug 16, 2010, at 1:11 PM, Frank Zappo wrote: > I'm looking for documentation describing Apache support for and the process > required to transition an Apache webserver from RSA to ECC. Is anyone aware > of any such documentation that may be useful? Or if you have expertise in > this area, could I ask you a few questions? Support for ECC keys is in trunk, and in the 2.3.x Alphas we have been releasing. Build that against a sufficiently recent version of OpenSSL and tell us whether and how it works for you. S. -- Sander Temme scte...@apache.org PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Apache 2.2.15 says You do not have permission to view [this file]
On Jul 30, 2010, at 7:34 AM, Frank Gingras wrote: > May I borrow excerpts from your response for a wiki article? We answer those > questions over and over, and I would very much like to link to a complete > response instead. I put my response on my blog: http://www.temme.net/sander/2010/07/30/file-system-permissions-for-apache/ Quote away! Attribution appreciated. S. -- Sander Temme scte...@apache.org PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Apache 2.2.15 says You do not have permission to view [this file]
James, The Apache HTTP Server needs read access to its configuration files and the files it serves. In and of itself, the server does not need write access anywhere on the system: even its log files are opened for write when the server is still root, and the open file descriptors passed to the child processes which change their user id to the lesser privileged user. Read access only. The web server user should not own, or be able to write to, its configuration files or content. Content, other than CGI scripts, generally does not need Execute permissions. Even PHP files that are interpreted by the server do not need to be Executable. Certain applications, especially publishing platforms and Content Management Systems that you manage and populate through the web server itself using a browser, require that certain directories on the system be made writable by the web server user. You can do this by changing the owner of the directory to that user (usually www but ymmv), or by making the directory group-writable and changing the group to the group as which Apache runs. Making directories writable by the web server should be done only with care and consideration. The usual threat model is that someone manages to upload (for instance) a PHP script of their own making into the document root, and simply executes that by accessing it through a browser. Now someone is executing code on your machine. Google for 'r57' for an example of what such code can do. If a web app needs writable directories, it's often better to have those outside the DocumentRoot: that way the uploads can't be accessed from the outside through a direct URL. Some applications (Wordpress for instance) support this, others do not. In many cases, writable directories are not strictly necessary even though the web app might like them: rather than upload plugins (which contain code that gets executed or interpreted, yech!) through the web browser, upload them through ssh and manually unpack them on the server. The CMS Joomla! likes to write its configuration file to the Document Root on initial install (which promptly becomes a popular attack target) but if it can't write to the Document Root, it will output the config to the browser to the user can manually upload it. Hope this helps. S. On Jul 29, 2010, at 5:35 PM, James Godrej wrote: > This I understand. > But then do other users not need read write permissions. > There is hardly any thing given on this page > http://httpd.apache.org/docs/trunk/misc/security_tips.html#serverroot > You mentioned ServerRoot not be chowned to Apache. > But if not then to what should it be and there is nothing about Document Root > to be chowned ? > Who should own the Document Root there are many applications I download from > internet in their README pages it says > to chown those directories to apache. > Otherwise it never worked. > What should I do in this situation? > > From: Eric Covener > To: users@httpd.apache.org > Sent: Thu, 29 July, 2010 10:45:53 PM > Subject: Re: [us...@httpd] Apache 2.2.15 says You do not have permission to > view [this file] > > > Oh man an experienced sys admin told me to do it that way. > > Please tell me what is wrong in this and where is this documented on Apache > > docs. > > I want to read. > > > This is a general principle -- don't grant more access than necessary. > Apache doesn't need to own files to be able to serve (read) them. > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > > -- Sander Temme scte...@apache.org PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Apache2.3.6 alpha and mod_ssl
On Jul 29, 2010, at 7:20 AM, Anas Barrachad wrote: > > Sorry it's just a problem while writing this message, i put the right line > with "--enable-ssl" whithout space, the make and make install are > sucessfull, but when i check the modules directory, i can't find the > "mod_ssl.so" Mere --enable-ssl will statically link the module into the server, and it will show up in the output of /usr/local/apache/bin/httpd -l. To build a loadable module, pass --enable-ssl=shared. Or, pass --enable-mods-shared=all to build all your modules as SOs. > There is no mod_ssl package for apache 2 (stopped at Apache 1.3.41) That depends on Debian packaging, not much we can tell you about that. However, since Apache 2 the SSL module is part of the server distribution. Before that, mod_ssl was separately maintained and released. S. > Thank you, > > Anas > > > > Federico del Vall wrote: >> >> Remove blank space in enable- ssl >> Should read "enable-ssl" >> Try to get a matching ssl package and install first. >> This is how I solved a similar problem just yesterday in a Centos i386 >> environment. >> >> Frederic >> >> 2010/7/29 Anas Barrachad >> >>> Hello, I'm trying to install the last version of apache (2.3.6 alpha) for >>> the OCSP features, but i can't get tje mod_ssl in the modules folder !! >>> here >>> is my config line : ./configure --enable-module=all >>> --prefix=/usr/local/apache --enable- ssl --with-ssl=/usr/local/ssl/ i'm >>> running in Debian 5 with openssl-1.0.0a installed. Do you have anny >>> suggestions to solve this problem ? Thank you in advance Anas >>> -- >>> View this message in context: [us...@httpd] Apache2.3.6 alpha and >>> mod_ssl<http://old.nabble.com/-users%40httpd--Apache2.3.6-alpha-and-mod_ssl-tp29296589p29296589.html> >>> >>> Sent from the Apache HTTP Server - Users mailing list >>> archive<http://old.nabble.com/Apache-HTTP-Server---Users-f55.html>at >>> Nabble.com. >>> >> >> > > -- > View this message in context: > http://old.nabble.com/-users%40httpd--Apache2.3.6-alpha-and-mod_ssl-tp29296589p29296895.html > Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com. > > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > -- Sander Temme scte...@apache.org PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] [crit] (28)No space left on device
On Jul 21, 2010, at 6:15 AM, Vikrama Sanjeeva wrote: > Hello everybody, > > I am getting below error on Apache/2.2.11 (Unix) running on Solaris 10 > production machine: > > "[crit] (28)No space left on device: mod_rewrite: could not create > rewrite_log_lock" Yeah, this is misleading. No, your disk is fine. You're running out of space for undo structures on the mod_rewrite lock semaphore. Tune your system to increase the maximum number of undo structures your kernel allows. See here for more info: http://publib.boulder.ibm.com/httpserv/ihsdiag/solaris_sysvsem.html Note that you might need more undo structures than it suggests because you may have an accept_mutex as well as a rewrite_log_lock. Experiment. S. > I have checked device space on which apache is installed and its fine: > > @machine: /usr/local/apache2/bin> df -h /usr > Filesystem size used avail capacity Mounted on > /dev/dsk/c1t0d0s0 79G 9.6G68G13%/ > > After googling this error I tried below commands, but no success: > > ipcs -s | grep www [returned nothing] > > > Please guide why this error is coming and what its permenent resolution. > > > httpd.conf # > > StartServers 8 > MinSpareServers5 > MaxSpareServers 20 > MaxClients 250 > MaxRequestsPerChild 0 > > httpd.conf # > > ALSO: > > there is a cron which do daily log rollup and restarts httpd using below > command: > "apachectl graceful" > > > Looking for help. > > Bye, > Viki > > > > > > -- Sander Temme scte...@apache.org PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] [Travel Assistance] - Applications Open for ApacheCon NA 2010
Sent on behalf of the Travel Assistance Committee: The Travel Assistance Committee is now taking in applications for those wanting to attend ApacheCon North America (NA) 2010, which is taking place between the 1st and 5th November in Atlanta. The Travel Assistance Committee is looking for people who would like to be able to attend ApacheCon, but who need some financial support in order to be able to get there. There are limited places available, and all applications will be scored on their individual merit. Financial assistance is available to cover travel to the event, either in part or in full, depending on circumstances. However, the support available for those attending only the barcamp is smaller than that for people attending the whole event. The Travel Assistance Committee aims to support all ApacheCons, and cross-project events, and so it may be prudent for those in Asia and the EU to wait for an event closer to them. More information can be found on the main Apache website at http://www.apache.org/travel/index.html - where you will also find a link to the online application and details for submitting. Applications for applying for travel assistance are now being accepted, and will close on the 7th July 2010. Good luck to all those that will apply. You are welcome to tweet, blog as appropriate. Regards, The Travel Assistance Committee. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] JuHun J Ryu is out of the office.
On May 8, 2010, at 4:24 PM, Jonathan Zuckerman wrote: > and Jonathan R. Zuckerman is out of coffee. Also good to know. S. > On Fri, May 7, 2010 at 6:43 PM, wrote: > I will be out of the office starting 05/07/2010 and will not return until > 05/08/2010. > > > I will be out of office for Success Rx in Pasadena. > > For Health Education, please call ext 3018. > > For Conference Room Scheduling, please call ext 2663. > > Thank you > > -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Re: {SPAM?} RE: [us...@httpd] UTF-8 strings through ap_log_cerror
On May 1, 2010, at 10:32 AM, Luis Neves wrote: > mod_authz_ldap has another way to validate a certificate. Instead of using > the issuer and subject fields I will try to use all the client certificate as > the validation field, this way I dont have to deal with utf8 problems, I > hope... That might work: the unparsed certificate would not have been mangled by httpd. If whichever program ends up parsing it does adhere to the RFC, you'd end up with the right data. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] UTF-8 strings through ap_log_cerror
Luis, On Apr 30, 2010, at 3:28 PM, Luis Neves wrote: > Hi list members, > > see here http://marc.info/?l=apache-httpd-dev&m=127242179232546&w=2 > > I am the original poster of this issue, unfortunally so far I have no answers > to my problem and maybe you can give me some clues > > I think this issue is not only related to the logs apache is creating "in > ssl_engine_kernel.c" but must be in another place as well, i say this because > the mod_authz_ldap is using the incorreclty values (with '\x') to query the > ldap directory. > So IMHO it needs fixing somewere else too. I am not sure, but I think what's going on is that modules/ssl/ssl_engine_vars.c calls X509_NAME_oneline() on line 382 and 388 (in trunk). This populates the "environment" variables that I assume you have configured to pass on to mod_authz_ldap. Per Stephen Henson on the openssl-users list, the right function to use is X509_NAME_print_ex() using (per Kaspar Brand on the d...@httpd list) a memory BIO and XN_FLAG_RFC2253 for formatting. Using X509_NAME_print_ex() in these spots would get the DN out of the certificate in a sensible format. The problem is, however, that the ssl_var_lookup_ssl_cert() function returns a char *, not a wchar_t *. So, even if we were to have get the certificate data in the right format, we couldn't pass it up the call stack without escaping it since ssl_var_lookup_ssl_cert(), ssl_var_lookup_ssl(), ssl_var_lookup() and all the functions that call it all expect a char *, and return a char *. This goes up all the way to the ssl_hook_Fixup() function registered as the ap_hook_fixups handler for mod_ssl: this is where the "environment" gets populated with stuff that mod_authz_ldap can use. To fix this issue would mean making this call stack Unicode clean all the way to the top. This of course may cause an avalanche of side effects throughout the code, so before you know it you're rewriting the entire web server. So regarding your last comment on the OpenSSL list, it's not that basic. mod_ssl has been part of Apache for ten years or more, and existed as a third party module before that. I would not be surprised if Unicode did not exist when this code was written, so the reason we use a legacy function there is that it is, really, legacy code. I doubt you're the first to run into this issue. However, apparently no one confronted with the problem of UTF-8 characters in a client certificate DN has had the time, acumen and energy to solve the problem. > I need somebody to confirm this because if it is the case I need to find > other way to check the certificates > If not, so how do I am suposed to use the correct values on the other modules? > and lastly: should a BUG be filed for this? As it happens, there is a partial patch in bug 48780: https://issues.apache.org/bugzilla/show_bug.cgi?id=48780 However, I don't know if you can stuff Unicode DNs into a char * like Peter is doing. And we'd have to do the same thing for the Issuer field. But if this works, maybe we should entertain it. Luis, would this solve your problem? S. > Thank you a lot > Luis > > just for context, heres my first post on this problem: > > I am trying to match the values coming from apache/mod_ssl/mod_authz_ldap > against some fields (subjectDN and issuerDN) in an Openldap directory > the problem is that Apache is receiving certificate data that contains UTF8 > encoded chars > > That chars are being incorrectly encoded with '\x' characters (deprecated > source code? bug?) and this is making the effect of mod_authz_ldap failing > the query with "bad search filter" error > > Here some example data on the ssl_error.log > http://www.mail-archive.com/openssl-us...@openssl.org/msg60934.html > > I need help on solving this, Iam sucked and dont know what to do to put this > thing working > Can someboby help me please? > > PS: Im using Apache 2.2.3 on a Centos 5.4, against openldap > > Hotmail: Trusted email with Microsoft’s powerful SPAM protection. Sign up now. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] statistic for mod_jk/mod_proxy requests by source-ip
On Apr 25, 2010, at 1:54 AM, ap wrote: > > > Hi Sander, > > thanks for your answer, but could you give me some more detail? > Is there an httpd2 command option to show these information? > > Thanks for your help in advance. See the bottom of http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_scache.c?view=co which defines a hook handler for mod_status. It gets registered with the server on mod_ssl.c:317. To see what the result looks like, see the bottom of the page at http://www.apache.org/server-status You'd have to implement something similar for mod_jk: sorry, no command-line options for this. S. > T. > > On Sat, 24 Apr 2010 15:53:26 -0700, Sander Temme > wrote: >> On Apr 24, 2010, at 1:47 PM, ap wrote: >> >>> >>> Hi all, >>> > http://mail2.tiri.de/?_task=mail&_id=16128969284bd402ee24c06&_action=compose# >>> is it possible to build a relation between mod_status and >>> mod_proxy/mod_jk >>> ? >> >> Probably. Mod_ssl registers something on mod_status: you might look at >> how it does that. >> >> S. >> >>> I.e. I need an answer to the question >>> >>> how many client (client-ip) addresses are connected to a specific > worker? >>> >>> ## >>> mod_status shows something like >>> >>> Srv PIDAcc M CPU SS Req Conn Child Slot Client > >>> VHost Request >>> 0-0 21308 0/7/7 _ 0.00 155 0.0 0.01 0.01 02.client.de >>> apache.local GET /sample HTTP/1.0 >>> 1-0 21309 0/12/12 _ 0.02 381 0.0 0.02 0.02 01.client.de >>> apache.local GET /status HTTP/1.0 >>> 2-0 21310 0/6/6 _ 0.01 501 0.0 0.01 0.01 01.client.de >>> apache.local GET /status HTTP/1.0 >>> 3-0 21311 0/9/9 _ 0.01 571 0.0 0.02 0.02 01.client.de >>> apache.local GET /balancer-manager HTTP/1.0 >>> 4-0 21312 0/7/7 W 0.01 0 0 0.0 0.01 0.01 02.client.de >>> apache.local GET /status HTTP/1.0 >>> 5-0 21316 0/6/6 _ 0.01 341 0.0 0.01 0.01 01.client.de >>> apache.local GET /status HTTP/1.0 >>> 6-0 - 0/0/3 . 0.00 92717 0 0.0 0.00 0.00 127.0.0.1 >>> apache.local OPTIONS * HTTP/1.0 >>> 7-0 - 0/0/5 . 0.00 92716 0 0.0 0.00 0.02 127.0.0.1 >>> apache.local OPTIONS * HTTP/1.0 >>> 8-0 21503 0/7/7 _ 0.02 268 3 0.0 0.02 0.02 01.client.de >>> apache.local GET /balancer-manager HTTP/1.0 >>> 9-0 16383 0/3/3 _ 0.00 134 0.0 0.00 0.00 02.client.de >>> apache.local GET /sample/ HTTP/1.0 >>> 10-0 16384 0/4/4 _ 0.00 9 28 0.0 0.01 0.01 02.client.de >>> apache.local GET /sample/pages/sample.jsf HTTP/1.0 >>> 11-0 16385 0/3/3 _ 0.00 4 1 0.0 0.01 0.01 01.client.de >>> apache.local GET /status HTTP/1.0 >>> >>> ## >>> mod_proxy_balancer shows something like >>> >>> Type Sticky Sessions Force Sticky Sessions Retries LB Method Locking > >>> Recover Wait Time Max Reply Timeouts >>> lb TrueFalse 2 Request > Optimistic >>> 600 >>> >>> Good Degraded Bad/Stopped Busy Max Busy Next Maintenance >>> 110 0158/120 >>> >>> Balancer Members [Hide] >>> >>> Name Type Host Addr Act > State >>> D F M V Acc Err CE RE Wr Rd Busy Max Route RR Cd Rs >>> [E|R] eco75st1 ajp13 app:18009 10.80.1.10:18009 ACT OK/IDLE 0 1 1 0 > 2 >>> 0 0 0 1.1K 6.1K 01 jvm1 0/0 >>> [E|R] eco75st2 ajp13 app:28009 10.80.1.10:28009 DIS OK/IDLE 0 1 1 0 > 0 >>> 0 0 0 0000 jvm2 0/0 >>> >>> >>> Thanks for any ideas in advance. >>> >>> - >>> The official User-To-User support forum of the Apache HTTP Server >>> Project. >>> See http://httpd.apache.org/userslist.html> for more info. >>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >>> " from the digest: users-digest-unsubscr...@httpd.apache.org >>> For additional commands, e-mail: users-h...@httpd.apache.org >>> >>> > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] statistic for mod_jk/mod_proxy requests by source-ip
On Apr 24, 2010, at 1:47 PM, ap wrote: > > Hi all, > > is it possible to build a relation between mod_status and mod_proxy/mod_jk > ? Probably. Mod_ssl registers something on mod_status: you might look at how it does that. S. > I.e. I need an answer to the question > > how many client (client-ip) addresses are connected to a specific worker? > > ## > mod_status shows something like > > Srv PIDAcc M CPU SS Req Conn Child Slot Client > VHost Request > 0-0 21308 0/7/7 _ 0.00 155 0.0 0.01 0.01 02.client.de > apache.local GET /sample HTTP/1.0 > 1-0 21309 0/12/12 _ 0.02 381 0.0 0.02 0.02 01.client.de > apache.local GET /status HTTP/1.0 > 2-0 21310 0/6/6 _ 0.01 501 0.0 0.01 0.01 01.client.de > apache.local GET /status HTTP/1.0 > 3-0 21311 0/9/9 _ 0.01 571 0.0 0.02 0.02 01.client.de > apache.local GET /balancer-manager HTTP/1.0 > 4-0 21312 0/7/7 W 0.01 0 0 0.0 0.01 0.01 02.client.de > apache.local GET /status HTTP/1.0 > 5-0 21316 0/6/6 _ 0.01 341 0.0 0.01 0.01 01.client.de > apache.local GET /status HTTP/1.0 > 6-0 - 0/0/3 . 0.00 92717 0 0.0 0.00 0.00 127.0.0.1 > apache.local OPTIONS * HTTP/1.0 > 7-0 - 0/0/5 . 0.00 92716 0 0.0 0.00 0.02 127.0.0.1 > apache.local OPTIONS * HTTP/1.0 > 8-0 21503 0/7/7 _ 0.02 268 3 0.0 0.02 0.02 01.client.de > apache.local GET /balancer-manager HTTP/1.0 > 9-0 16383 0/3/3 _ 0.00 134 0.0 0.00 0.00 02.client.de > apache.local GET /sample/ HTTP/1.0 > 10-0 16384 0/4/4 _ 0.00 9 28 0.0 0.01 0.01 02.client.de > apache.local GET /sample/pages/sample.jsf HTTP/1.0 > 11-0 16385 0/3/3 _ 0.00 4 1 0.0 0.01 0.01 01.client.de > apache.local GET /status HTTP/1.0 > > ## > mod_proxy_balancer shows something like > > Type Sticky Sessions Force Sticky Sessions Retries LB Method Locking > Recover Wait Time Max Reply Timeouts > lb TrueFalse 2 Request Optimistic > 600 > > Good Degraded Bad/Stopped Busy Max Busy Next Maintenance > 110 0158/120 > >Balancer Members [Hide] > >Name Type Host Addr Act State > D F M V Acc Err CE RE Wr Rd Busy Max Route RR Cd Rs > [E|R] eco75st1 ajp13 app:18009 10.80.1.10:18009 ACT OK/IDLE 0 1 1 0 2 > 0 0 0 1.1K 6.1K 01 jvm1 0/0 > [E|R] eco75st2 ajp13 app:28009 10.80.1.10:28009 DIS OK/IDLE 0 1 1 0 0 > 0 0 0 0000 jvm2 0/0 > > > Thanks for any ideas in advance. > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] ServerLimit and MaxClients
On Apr 16, 2010, at 11:40 PM, Brent Clark wrote: > What is the consequences of an overly increased ServerLimit and MaxClients. Your server will run out of memory, and start thrashing memory to disk. Performance quickly deteriorates. > And to add to this puzzle. What if the number of apache process reach that > limit. The first time this happens, you get an emit in the error log. Apache will run with that many children until the parent process decides they are not needed anymore. MaxClients is a misnomer: it is the maximum number of worker processes/threads the server will spin up. Those workers receive incoming connections from the listener socket(s). When the server gets busy, connections will queue in the kernel (see ListenBackLog). Only when the kernel runs out of resources (your workers don't empty the hopper fast enough) will your web server start dropping incoming connections. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Centralized logging.
On Apr 8, 2010, at 1:52 PM, Ray Van Dolson wrote: > The options I see so far are: Anyone using mod_log_spread and a spread ring to distribute logs? S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Reminder: ApacheCon NA 2010 HTTP Server Track Call for Participation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Reminder: the Call For Proposals for the Apache HTTP Server track closes TOMORROW NIGHT, April 4. If you would like to submit a session proposal, please do so now! See below for instructions. - ApacheCon North America 2010 will be held 1-5 November 2010, at the Westin Peachtree in Atlanta, Georgia, USA. The official conference, trainings and expo of the Apache Software Foundation (ASF) will run to Atlanta this November, with dozens of sessions on Servers, Cloud Computing, Search NoSQL, Incubating projects, innovations, emerging technologies, and more. ApacheCon would not be complete without a track dedicated to the project that started it all, the Apache HTTP Server. The Project Management Committee (PMC) are currently planning our own technical track for ApacheCon. We are solliciting 50-minute presentations for our conference track, to fill one day at the conference. Topics of interest include: * Case studies on deployment of the Apache HTTP Server within your organization * How-to sessions on working with certain aspects of the Apache HTTP Server technology * What's New? sessions on new features of recent and upcoming versions of the Apache HTTP Server * Sessions discussing third-party extensions to the Apache HTTP Server * Security topics surrounding the Apache HTTP Server * Performance and scalability of Apache HTTP Server deployment * Cool things we all should know the Apache HTTP Server can do * How you solved particularly gnarly problems deploying the Apache HTTP Server Submissions are open to anyone with relevant expertise: ASF affiliation is not required to present at, attend, or otherwise participate in ApacheCon. Please keep in mind that whilst we are encourage submissions that the highlight the use of specific Apache solutions, we are unable to accept marketing/commercially-oriented presentations. All accepted speakers (not co-presenters) qualify for general conference admission and a minimum of two nights lodging at the conference hotel. Additional hotel nights and travel assistance are possible, depending on the number of presentations given and type of assistance needed. To submit a presentation proposal, please edit the following Wiki page: http://wiki.apache.org/httpd/ApacheCon2010Atlanta and add your proposal, including: 1) Your full name, title and organization 2) Contact information, including your e-mail address. Feel free to obfuscate if you think that this will make a difference in your SPAM load 3) The name of your proposed session (keep your title simple and relevant to the topic) 4) A 75-200 word overview of your presentation 5) A 100-200 word speaker bio that includes prior conference speaking or related experience You will find an empty table template at the bottom of the page. Please copy this and fill it in. Please mail any quesions regarding proposal submissions to p...@httpd.apache.org. To be considered, proposals must be received by Sunday, April 4nd, 2010, at 23:59:59 Pacific Time. Following this time, the PMC will hold a vote and suggest the most interesting proposals to the ApacheCon Planning Committee for acceptance to the conference. Note that the Apache HTTP Server PMC does not itself accept session proposals: it merely makes recommendations to the Planning Committee. Key Dates: April 4, 2010: Call for Participation closes May 17, 2010: Speaker Acceptance/Rejection notification November 1-5, 2010: ApacheCon NA 2010 We look forward to seeing you in Atlanta! Sander Temme Apache HTTP Server Track Coordinator -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (Darwin) iQIcBAEBAgAGBQJLuAsFAAoJEJu4Y7D1G7iK8+IP/2Vksf9BUIH+FftV2/CQYEPv R2OPHp3lCaTo30YTWE++q3gCMA64JjPOTD386GMEqyCG1xRDsbRCrztXlrfPExM7 SG5X/1CLYXyvDvWNK7UvW0aXlYGeZH/UZpoVD6P8rvCP3s1GBl4QT/mXbHbTsrxH xqCoezCX5TloPH+VNtnAlsIq0vmWeWQ5xDmbH7LRbl/eTQdRlQb52sCeK4vjVUdF 7Kjee8TwomHqjfaztyzRJsQcwfgzXq1iKwuFkL/ZXl6qHR4ob6Qo7DcSr8En/Ug2 +x5rv5k/85bbVv00BLBcHnkSIzly+E+19BjIqkFoBdgG0dTjm6YGP+NWiw4qtS/U CbfC4VAeX3stsfaMeElHPUrGPZ9CBx2uKAaXHvi7UXbfskiAT6P0zPhJq+PLuoOg ImySdlWoAq94ZZJziktfIxppRaOqbiEL5LXCMvyBYMmmEgZ15Z+lmdWk0akoedZp ous+m12nYTq9DsK/+iQxHytIxnmQNsOmsghdNllORkWhA4sdgQt3XUdiR+JSWqkY OQXN0Gy/PbPzLgqbM+GkXsTZoJJ0M4nAvjODrNaH89RGD4dBMW/O4PATuVfSpjCB 7ZI4G0CG0FFE01J3ingX+X/nAWXA4N/WHD/J9SRmFHrrLi805kIMcyDxzsKptdVE oSmqggCWEADo1JaJ/nE4 =ROm7 -END PGP SIGNATURE- -- san...@temme.net http://www.temme.net/sander/ PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-di
Re: [us...@httpd] apach - solaris - sparc - 32 bit ?
On Mar 26, 2010, at 12:36 PM, Rajwinder-office Singh wrote: > 1. I downloaded apache source > 2. compiled on solaris 10 sparc When you ran ./configure, it should have a host, build and target architecture triplet that comes out of config.guess/config.sub (included in the source). This designates how your server is to be built: you can override what ./configure does by adding a --target flag. For instance, you could say sparc64 instead of sparc. Then the server and its libraries will be built 64bits. I am not sure about the exact invocation: do experiment. Note that 64bits Solaris can run both 32bits and 64bits binaries, and that 64bits does not necessarily mean faster. In fact, if youf server does not need to do things like access over 4Gb of memory (which is rare for anything save a database server), you might be better off with a 32bits build. S. > r...@psccissuzon023 # uname -a > SunOS psccissuzon023 5.10 Generic_142900-02 sun4v sparc SUNW,T5240 > > 3. When i did apachectl -V : > > Server loaded: APR 1.3.3, APR-Util 1.3.4 > Compiled using: APR 1.3.3, APR-Util 1.3.4 > Architecture: 32-bit ?? > > 4. Then i downloaded apache package for spark and still the same result .. so > does that means solaris will show like that only or i can have 64 bit apache > on solaris some how .. > > Please add/correct > > Thanks > Rajwinder > > > -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] ap_hook_monitor
On Mar 25, 2010, at 8:36 PM, Brad Lira wrote: > does anyone has an example of ap_hook_monitor, > thanks in advance. http://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/examples/mod_example_hooks.c Callback is x_monitor(). If you run your server with this module, you'll see it emit a log line every few seconds. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] What would you like to see at ApacheCon North America 2010?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Apache HTTP Server community, The Apache httpd Project Management Committee is working on the content for our very own track at the upcoming ApacheCon conference, November 1-5 in Atlanta. What would you like to see presented at the conference? The Wiki page for our track: http://wiki.apache.org/httpd/ApacheCon2010Atlanta has an area where you can add your requests. Go to the Wiki, edit the page (you may have to register if you haven't already) and tell us. Would you like to see how-tos on configuring and using the server? Sessions on upcoming new features? Deployment and scalability? Security topics? Tell us what you would like to see at the conference! Of course we can't promise that we'll cover a specific topic, but I think knowing what you would like to see is useful. Finally, if you would like to present a session, whether on a requested topic or anything else related to the Apache HTTP Server, add your proposal to the bottom part of the Wiki page by copying the empty table template and filling out the fields. To learn more about ApacheCon, go to http://www.apachecon.com/ To request or propose a session in the httpd track, go to: http://wiki.apache.org/httpd/ApacheCon2010Atlanta Regards, Sander Temme Apache HTTP Server Track Coordinator ApacheCon North America 2010 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (Darwin) iQIcBAEBAgAGBQJLq45SAAoJEJu4Y7D1G7iKA9IP/08ojZE5h5Gn7cL0+qW4Djpl BXgJrhHd2x5lW+d0LBSuFIqEnPDMBMDA8/xnLVclNQaRMYJ9xCfXcqrysCKLDqlb 4FOhT5jbe4ZYUIng5pFC+RvIKebDfeucThcz7DQnTmZv42xEATszby/W3JBHUjh7 5ZJHzxt2RzL5uc14CwNY52bgX723xyKWi/uYI26I9+fLg1yRplguEAN5opaW/CVw zb14neu9zNRlATSFoZI1/hlh7EI0AyxPaM8PTHjtQ1tGYiysJaMX0Uuza4opuWZf MaQ6FOqafyfHL/T6ljwUtOcVhvdbiLaSCRfgV5YXuu+wVcwWfPAxNGjMf045KUiR 8CakmNBLcxS59e7icjNghy5cxmFdY6SEnwS9n4tReL8w9f+dI7luiJpQn0bSDFt2 UHE7hus+KhjOA90MN4rackdzyv4/wKTG7/I/dRB21WjtMXehUlH0QPSKxk0RZvrG zVk8C9QYsPUW4MsO8PvO/nCbeJSowq0knj4AWuT5XUY7vvuaJfcPFYZ5MJ5WA83n 6d6W/p7IUs0GavlQqg/OP4DvGw+OiRxxGqa7W4MW4vakVnGrciXkJj0tbI+rWiG1 UEaC657R4NiVTZf0UsMweKjUuL6adOU6Le1TpO651pOXhX0Oih1DHrGM+kSONR3L RGsC27BFCWKCvIsoF3Wh =N4BO -END PGP SIGNATURE----- -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] ApacheCon NA 2010 HTTP Server Track Call for Participation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ApacheCon North America 2010 will be held 1-5 November 2010, at the Westin Peachtree in Atlanta, Georgia, USA. The official conference, trainings and expo of the Apache Software Foundation (ASF) will run to Atlanta this November, with dozens of sessions on Servers, Cloud Computing, Search NoSQL, Incubating projects, innovations, emerging technologies, and more. ApacheCon would not be complete without a track dedicated to the project that started it all, the Apache HTTP Server. The Project Management Committee (PMC) are currently planning our own technical track for ApacheCon. We are solliciting 50-minute presentations for our conference track, to fill one day at the conference. Topics of interest include: * Case studies on deployment of the Apache HTTP Server within your organization * How-to sessions on working with certain aspects of the Apache HTTP Server technology * What's New? sessions on new features of recent and upcoming versions of the Apache HTTP Server * Sessions discussing third-party extensions to the Apache HTTP Server * Security topics surrounding the Apache HTTP Server * Performance and scalability of Apache HTTP Server deployment * Cool things we all should know the Apache HTTP Server can do * How you solved particularly gnarly problems deploying the Apache HTTP Server Submissions are open to anyone with relevant expertise: ASF affiliation is not required to present at, attend, or otherwise participate in ApacheCon. Please keep in mind that whilst we are encourage submissions that the highlight the use of specific Apache solutions, we are unable to accept marketing/commercially-oriented presentations. All accepted speakers (not co-presenters) qualify for general conference admission and a minimum of two nights lodging at the conference hotel. Additional hotel nights and travel assistance are possible, depending on the number of presentations given and type of assistance needed. To submit a presentation proposal, please edit the following Wiki page: http://wiki.apache.org/httpd/ApacheCon2010Atlanta and add your proposal, including: 1) Your full name, title and organization 2) Contact information, including your e-mail address. Feel free to obfuscate if you think that this will make a difference in your SPAM load 3) The name of your proposed session (keep your title simple and relevant to the topic) 4) A 75-200 word overview of your presentation 5) A 100-200 word speaker bio that includes prior conference speaking or related experience You will find an empty table template at the bottom of the page. Please copy this and fill it in. Please mail any quesions regarding proposal submissions to p...@httpd.apache.org. To be considered, proposals must be received by Sunday, April 4nd, 2010, at 23:59:59 Pacific Time. Following this time, the PMC will hold a vote and suggest the most interesting proposals to the ApacheCon Planning Committee for acceptance to the conference. Note that the Apache HTTP Server PMC does not itself accept session proposals: it merely makes recommendations to the Planning Committee. Key Dates: April 4, 2010: Call for Participation closes May 17, 2010: Speaker Acceptance/Rejection notification November 1-5, 2010: ApacheCon NA 2010 We look forward to seeing you in Atlanta! Sander Temme Apache HTTP Server Track Coordinator -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (Darwin) iQIcBAEBAgAGBQJLpxTlAAoJEJu4Y7D1G7iKB64QAKNCzqAor7FYgGZ6pOQfx1Ww 23BnJ8T2TWoMjav31McX7GgMaZK9b5X4gGy/TiCU695EuIMCtHu7V7rJncIrfbwF csmfvFPDUBzCLDAa1r5qitqy2SA0lBxpZkDABGhY9Yy05m01HXQqq0pWQDMl21VC e+TR2kXdAWmiBi604CIahsN+ek3K6m3LmmL7A/LRT210RTD8EYHuCHepC9FpdCvo uToy8ZU724FqHqW8gWrg0dcXIiIpBkrrZy/RvjXg5UWubokfk9QuG99e+cKnXofK P9VBptOAss0YlRL5gNPwd8FUyFfh+bPT3q1BxTAOolMghCWVzsPHCrRkIGavsLm2 Bik8OJnYH1UjSX8T6un7L42RQhEpQ2UZIjzlaVXFwtI3ZESc/vEM0Rh0yFYZKntg 89D0JqKeN4xb+O40M241Nvt3tj7nHE1ZVmVaoFq0cYULF7vnkeLgQadjXUbvpxgS 6gX0WYGsZA6DLD7lTpiNOxSLs7LOpWK6L4fsOcFe/LTEhSOKc2BImpId+vPJCL6c km2R2DpTCuyR0VTnOU9yDWniSaOaf85YCZcOkk1hokYBHEPawrHRiIQ/nFzDgRka qNZ7SzzkSSttqnfrA0pRXDcET1u+L1VoiVwWPGFXEG9InxWW/EsAlLF+NjmZVqt+ RjgTqhraVbOryn+hECMD =G6Q/ -END PGP SIGNATURE- -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] apache httpd server 2.3.5 alpha CAN NOT load the module libphp5.so,WHY?
On Mar 12, 2010, at 9:08 PM, 夏蒸鑫 wrote: > what should I do now? update httpd or update php? PHP will need to be updated to support Apache HTTP Server 2.3 and 2.4. This is why we release Alphas, so module developers have an opportunity to catch up. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [us...@httpd] Re: apache httpd server 2.3.5 alpha configure fail,help
Sharl, On Mar 10, 2010, at 11:19 PM, 夏蒸鑫 wrote: > hey! anybody here?? > > I just want help.. On what platform are you compiling? Can you list the exact steps you took since downloading the release? Please note that a lot of subscribers to this list are in Europe and America: do not expect an immediate response since many of us may be asleep. Also, unless someone has already experienced the same problem you are having, there may be no answer since it may not be known. > Best regards, > Sharl.Jimh.Tsin S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [us...@httpd] How do I pick up correct version of SSL
On Feb 21, 2010, at 7:17 PM, John Iliffe wrote: > I have just created a new server running Red Hat EL5.4. I decided to > update the version of Apache to 2.2.14 at the same time. > > I compiled with "enable-ssl=" but the log shows that > the openssl in use is the default shipped with the operating system. > How do I get Apache to pick up the proper openssl version? Two issues: 1) As Igor points out, --with-ssl=/foo/bar/openssl steers the Apache build system to the OpenSSL installed under /foo/bar. The build system will pick up the include and lib subdirectories. If your OpenSSL is 0.9.8x, you may have to set and export LD_LIBRARY_PATH=/foo/bar/openssl/lib before you ./configure to make the test programs pick up the right libraries as opposed to the system copies. 2) At runtime, the httpd binary needs to find the libssl.so and libcrypto.so. It seems that on Linux (or in the httpd build system in particular), rpath doesn't work so the path to the libraries is not hardcoded in the binaries. If you compiled against your own OpenSSL 0.9.8x, the runtime will pick up the system copy unless you set and export LD_LIBRARY_PATH=/foo/bar/openssl/lib on the shell that starts the webserver. A couple of LoadFile directives in your config may also help. 3) It gets worse. On Red Hat, the C library links against OpenSSL for the Kerberos stuff, and EVERYTHING (including httpd) links against the C library. This means that the system copy of OpenSSL gets loaded when httpd starts, before it loads mod_ssl.so and resolves the dynamic library bits in it. Hence, you are likely to end up pulling in the system OpenSSL, whatever steps from 2) above you might try to make it otherwise. Nor will tearing out your hair help. If your own OpenSSL is not 0.9.8x (but 1.0.0z or 0.9.7y), this should not be a problem. Enjoy, S. > I have a horrible feeling that I have missed something important in the > config but I have had no success so far in finding it. > > Thanks in advance. > > John > > > > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [us...@httpd] mod_proxy_html v3.1.2 fails to install on Solaris10
On Jan 31, 2010, at 5:19 PM, Igor Cicimov wrote: > # /usr/local/apache2/bin/apxs -c -I/usr/local/include/libxml2 -i -a > mod_proxy_html.c > /usr/local/apache2/build/libtool --silent --mode=compile gcc -prefer-pic > -DSOLARIS2=10 -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT -D_LARGEFILE64_SOURCE > -g -O2 -I/usr/local/apache2/include -I/usr/local/apache2/include > -I/usr/local/apache2/include -I/usr/local/include/libxml2 -c -o > mod_proxy_html.lo mod_proxy_html.c && touch mod_proxy_html.slo > mod_proxy_html.c:66:25: mod_xml2enc.h: No such file or directory Where on your system lives mod_xml2enc.h? S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [us...@httpd] Sporadic Apache delays
Alok, This is indeed very strange. Rest assured that Apache does not have a "swamp-1%-of-requests-just-to-mess-with-Alok" config option: we would not turn that on by default. How does the delay manifest itself? Are you running analysis software like Wily CEM or Tealeaf? Search for commonality in the problem requests: origin, destination, resource, etc. Try to get a packet trace and analyze it. Try to see where the delay occurs: a nameserver lookup? A retransmission? All Apache does is read a request from a file descriptor, and write the response to that same file descriptor. All the network stuff happens outside its purview (except for NS lookups). Good luck, S. On Dec 22, 2009, at 5:03 PM, Alok Chugh wrote: Hi Apache Gurus, I am really troubled by this. Please provide your suggestions on how to address this: My website is having sporadic delays (about 1% of requests are delayed). Most of the delayed resources are placed locally on the same box as Apache only and are not being proxied... See the below log entries in extended log format: 210.56.91.174 - - [05/Aug/2009:23:01:48 +1000] 89 "GET /dafiles/OCA/ OptusHome/HomeRedesign/lib/jquery.js HTTP/1.1" 200 100196 "http://mobile.optuszoo.com.au/cocoon/cgi-bin/info2you/static_file/display_file.cgi?file=helppictures.html " "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" 220.238.26.112 - - [05/Aug/2009:23:07:24 +1000] 90 "GET /home/ contents/personal/banner_central_1.jpg?_=1 HTTP/1.1" 200 55745 "http://www.optus.com.au/home/index.html " "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.1.4322)" 219.90.225.57 - - [05/Aug/2009:23:02:59 +1000] 174 "GET /dafiles/OCA/ OptusHome/HomeRedesign/lib/jquery.js HTTP/1.1" 200 100196 "http://mobile.optuszoo.com.au/cocoon/aggregate/game.optus.mmode.ws/ojg_prd/html/gameMain.php?node_id=30121 " "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729 )" All of these log entries took more than 60 seconds despite of being present locally. I am using Apache 2.0.52 on Red Hat Enterprise Linux ES release 4 (Nahant Update 3). The Apache is built in prefork mode. This is a Production website serving millions of requests daily but we are having a large farm serving the customers and have sufficient capacity. The interesting thing is consistently and at all times 1% of the requests are being delayed and the web resources being delayed are random and most often local. Thanks, Kind Regards, Alok Chugh - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Silent Installation Apache HTTP Server
Thomas, On Dec 17, 2009, at 6:30 AM, Buchbauer Thomas wrote: > Does anybody know, if there is a way to install Apache HTTP Server > silent, with something like a response-files as input? > With response-file I mean, a file as input for the setup, which contains > values for all configurable settings in the setup (e.g. location, > repositories-path, port, ...). What platform? S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [us...@httpd] SSL on Apache 2.2.14
ong path" shouldn't be a problem either. Those are just >> > "the last place to look" for an .so. Solaris will use what is in >> > the 'crle' command and the LD_LIBRARY_PATH environment variable >> > first (I'm not sure of the order). >> > >> > You may or may not have a mod_ssl.so, depending on how you compiled >> > apache. If you run: >> > >> > httpd -l (that's an el) >> > >> > It will list out which modules are compiled in. If you see >> > mod_ssl.c, you will not have a mod_ssl.so. Otherwise, mod_ssl.so >> > should normally be in your apache's modules subdirectory. >> > >> > Do you only get the error on Firefox and not IE? >> > >> > Dan >> > >> > >> > Please respond to users@httpd.apache.org >> > >> > >> > To:users@httpd.apache.org >> > cc: (bcc: Dan Mitton/YD/RWDOE) >> > Subject:Re: [us...@httpd] SSL on Apache 2.2.14 >> > >> > >> > LSN: Not Relevant >> > User Filed as: Not a Record >> > >> > Here is the complete command: >> > >> > openssl s_server -cert /erd/www/erd/server/apache/httpd-2.2.14/ >> > installed/conf/ssl.crt/www-erdc.crt -key /erd/www/erd/server/apache/ >> > httpd-2.2.14/installed/conf/ssl.key/www-erdc.secureprivate.key - >> > CAfile /erd/www/erd/server/apache/httpd-2.2.14/installed/conf/ssl.crt/ >> > intermediate.crt -www >> > >> > Your suggested 'GET / HTTP/1.0\r\r' was successful. >> > >> > However, I found something interesting doing an ldd -- a few of them >> > have wrong paths: >> > >> > bash-2.05# ldd httpd >> > libm.so.1 => /usr/lib/libm.so.1 >> > libaprutil-1.so.0 => /wrong/path >> > libexpat.so.0 => /wrong/path >> > libapr-1.so.0 => /wrong/path >> > libuuid.so.1 => /usr/lib/libuuid.so.1 >> > libsendfile.so.1 => /usr/lib/libsendfile.so.1 >> > librt.so.1 =>/usr/lib/librt.so.1 >> > libsocket.so.1 =>/usr/lib/libsocket.so.1 >> > libnsl.so.1 => /usr/lib/libnsl.so.1 >> > libpthread.so.1 => /usr/lib/libpthread.so.1 >> > libdl.so.1 =>/usr/lib/libdl.so.1 >> > libthread.so.1 =>/usr/lib/libthread.so.1 >> > libc.so.1 => /usr/lib/libc.so.1 >> > libucb.so.1 => (file not found) >> > libresolv.so.2 =>/usr/lib/libresolv.so.2 >> > libelf.so.1 => /usr/lib/libelf.so.1 >> > libucb.so.1 => /usr/ucblib/libucb.so.1 >> > libaio.so.1 => /usr/lib/libaio.so.1 >> > libmd5.so.1 => /usr/lib/libmd5.so.1 >> > libmp.so.2 =>/usr/lib/libmp.so.2 >> > /usr/platform/SUNW,Sun-Fire-V250/lib/libc_psr.so.1 >> > /usr/platform/SUNW,Sun-Fire-V250/lib/libmd5_psr.so.1 >> > >> > I wasn't sure where to find mod_ssl.so -- I could only find mod_ssl.h. >> > >> > Is there a way to change the links without rebuilding? >> > >> > Thank you, >> > John >> > >> > On Nov 25, 2009, at 11:21 AM, Sander Temme wrote: >> > >> > > >> > > On Nov 25, 2009, at 10:17 AM, John J. Consolati wrote: >> > > >> > >> Thank you for the reply. >> > >> >> > >> Unfortunately, upgrading Solaris isn't an option. Here is the >> > >> version I have to work with (quite old..): >> > >> >> > >> bash-2.05# cat /etc/release >> > >> Solaris 9 4/04 s9s_u6wos_08a SPARC >> > >> Copyright 2004 Sun Microsystems, Inc. All Rights >> > Reserved. >> > >> Use is subject to license terms. >> > >>Assembled 22 March 2004 >> > >> bash-2.05# uname -a >> > >> SunOS lucky 5.9 Generic_118558-17 sun4u sparc SUNW,Sun-Fire-V250 >> > >> >> > >> I've been using the Sun cc, not gcc, to compile everything. >> > >> >> > >> >> > >> Here is the output from the openSSL commands: >> > >> >> > >> openssl -certsetc etc >> > > >> > > What is your complete command line here? >> > > >
Re: [us...@httpd] SSL on Apache 2.2.14
; prefork anyway, but I specified it in the /config before compilation. >> >> I've Googled to my wit's end for several days without finding anything >> conclusive. Some pages hint at compilation options, others at >> compilers (I'm using Sun's cc, not gcc), but nothing conclusive. >> >> Here is one question I couldn't find the answer to, though: if I >> requested a server certificate using a specific version of OpenSSL, >> can I use that same certificate in a different version of Apache with >> a different version of OpenSSL? Or do I have to re-request if I >> upgrade OpenSSL? A long shot I know, but I'm running out of options... >> >> Thank you for the help, >> John >> >> On Nov 25, 2009, at 12:07 PM, dan_mit...@ymp.gov wrote: >> >> > >> > John, >> > >> > You should not need to upgrade Solaris. I've got apache running on >> > a solaris 9 box just fine. >> > >> > Your "wrong path" shouldn't be a problem either. Those are just >> > "the last place to look" for an .so. Solaris will use what is in >> > the 'crle' command and the LD_LIBRARY_PATH environment variable >> > first (I'm not sure of the order). >> > >> > You may or may not have a mod_ssl.so, depending on how you compiled >> > apache. If you run: >> > >> > httpd -l (that's an el) >> > >> > It will list out which modules are compiled in. If you see >> > mod_ssl.c, you will not have a mod_ssl.so. Otherwise, mod_ssl.so >> > should normally be in your apache's modules subdirectory. >> > >> > Do you only get the error on Firefox and not IE? >> > >> > Dan >> > >> > >> > Please respond to users@httpd.apache.org >> > >> > >> > To:users@httpd.apache.org >> > cc: (bcc: Dan Mitton/YD/RWDOE) >> > Subject:Re: [us...@httpd] SSL on Apache 2.2.14 >> > >> > >> > LSN: Not Relevant >> > User Filed as: Not a Record >> > >> > Here is the complete command: >> > >> > openssl s_server -cert /erd/www/erd/server/apache/httpd-2.2.14/ >> > installed/conf/ssl.crt/www-erdc.crt -key /erd/www/erd/server/apache/ >> > httpd-2.2.14/installed/conf/ssl.key/www-erdc.secureprivate.key - >> > CAfile /erd/www/erd/server/apache/httpd-2.2.14/installed/conf/ssl.crt/ >> > intermediate.crt -www >> > >> > Your suggested 'GET / HTTP/1.0\r\r' was successful. >> > >> > However, I found something interesting doing an ldd -- a few of them >> > have wrong paths: >> > >> > bash-2.05# ldd httpd >> > libm.so.1 => /usr/lib/libm.so.1 >> > libaprutil-1.so.0 => /wrong/path >> > libexpat.so.0 => /wrong/path >> > libapr-1.so.0 => /wrong/path >> > libuuid.so.1 => /usr/lib/libuuid.so.1 >> > libsendfile.so.1 => /usr/lib/libsendfile.so.1 >> > librt.so.1 =>/usr/lib/librt.so.1 >> > libsocket.so.1 =>/usr/lib/libsocket.so.1 >> > libnsl.so.1 => /usr/lib/libnsl.so.1 >> > libpthread.so.1 => /usr/lib/libpthread.so.1 >> > libdl.so.1 =>/usr/lib/libdl.so.1 >> > libthread.so.1 =>/usr/lib/libthread.so.1 >> > libc.so.1 => /usr/lib/libc.so.1 >> > libucb.so.1 => (file not found) >> > libresolv.so.2 =>/usr/lib/libresolv.so.2 >> > libelf.so.1 => /usr/lib/libelf.so.1 >> > libucb.so.1 => /usr/ucblib/libucb.so.1 >> > libaio.so.1 => /usr/lib/libaio.so.1 >> > libmd5.so.1 => /usr/lib/libmd5.so.1 >> > libmp.so.2 =>/usr/lib/libmp.so.2 >> > /usr/platform/SUNW,Sun-Fire-V250/lib/libc_psr.so.1 >> > /usr/platform/SUNW,Sun-Fire-V250/lib/libmd5_psr.so.1 >> > >> > I wasn't sure where to find mod_ssl.so -- I could only find mod_ssl.h. >> > >> > Is there a way to change the links without rebuilding? >> > >> > Thank you, >> > John >> > >> > On Nov 25, 2009, at 11:21 AM, Sander Temme wrote: >> > >> > > >> > > On Nov 25, 2009, at 10:17 AM, John J. Consolati wrote: >> > > >> > >> Thank you for the reply. >> > >> &g
Re: [us...@httpd] SSL on Apache 2.2.14
p, I appreciate it. > > Regards, > John > > > On Nov 25, 2009, at 10:00 AM, daniel.goul...@and.co.uk wrote: > >> This sounds like a Solaris bug. >> >> Make sure you have a recent version of Solaris or the latest patches >> installed... >> >> What release/patch level are you using? >> >> Danny >> >> >> >> From: "John J. Consolati" [mailto:"John J. >> Consolati" ] >> Sent: 25 November 2009 17:23 >> To: users@httpd.apache.org >> Subject: [us...@httpd] SSL on Apache 2.2.14 >> >> >> Hello, >> >> Hopefully someone will be able to help, as I've been working on this >> problem for quite a while and have hit a wall. I'm trying to upgrade >> Apache 2.0.47 to 2.2.14, and I need SSL support. Everything seems to >> build and compile okay, but when I try to access my site running on >> 2.2.14, I get a strange error from Firefox: "Secure connection >> failed. An error occurred during a connection to xx. SSL peer >> reports incorrect Message Authentication Code. (Error code: >> ssl_error_bad_mac_alert)." >> >> I've tried compiling with OpenSSL 0.9.8L and 0.9.8G with the same >> results. This is hosted on a Solaris sparc box. The 2.2.14 server is >> utilizing all the same files and SSL certificates as the 2.0.47 >> server. I've called Verisign; I have valid certificates, but they've >> never heard of this error before. If I self-sign a certificate and >> test it with the 2.2.14 server, it seems to work (except for the >> expected error message regarding self-signed certificates). >> >> Searching on Google has led me to try forcing Apache to compile with >> prefork enabled (but it seems to default to that anyway on Solaris). >> I've also tried statically linking Apache during compile with the same >> results. >> >> If anyone has any ideas or suggestions, I'd very much appreciate them... >> Thank you, >> John >> >> - >> The official User-To-User support forum of the Apache HTTP Server >> Project. >> See < URL:http://*httpd.apache.org/userslist.html> for more info. >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> " from the digest: users-digest-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> >> >> __ >> This email has been scanned by the MessageLabs Email Security System. >> For more information please visit http://*www.*messagelabs.com/email >> __ >> >> >> __ >> This e-mail and any attached files are intended for the named addressee >> only. It contains information, which may be confidential and legally >> privileged and also protected by copyright. Unless you are the named >> addressee (or authorised to receive for the addressee) you may not copy or >> use it, or disclose it to anyone else. If you received it in error please >> notify the sender immediately and then delete it from your system. Please be >> advised that the views and opinions expressed in this e-mail may not reflect >> the views and opinions of Associated Newspapers Limited or any of its >> subsidiary companies. We make every effort to keep our network free from >> viruses. However, you do need to check this e-mail and any attachments to it >> for viruses as we can take no responsibility for any computer virus which >> may be transferred by way of this e-mail. Use of this or any other e-mail >> facility signifies consent to any interception we might lawfully carry out >> to prevent abuse of these faciliti >> es. >> Associated Newspapers Ltd. Registered Office: Northcliffe House, 2 Derry St, >> Kensington, London, W8 5TT. Registered No 84121 England. > > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [us...@httpd] SSL on Apache 2.2.14
On Nov 25, 2009, at 9:23 AM, John J. Consolati wrote: > Hopefully someone will be able to help, as I've been working on this problem > for quite a while and have hit a wall. I'm trying to upgrade Apache 2.0.47 > to 2.2.14, and I need SSL support. Everything seems to build and compile > okay, but when I try to access my site running on 2.2.14, I get a strange > error from Firefox: "Secure connection failed. An error occurred during a > connection to xx. SSL peer reports incorrect Message Authentication > Code. (Error code: ssl_error_bad_mac_alert)." This means that, after the handshake, the client and server have a different idea of what their session keys are. This happens when the pre-master secret that the client sent was decrypted with a private key that does not belong to the certificate that the server passed to the client. Do you by any chance use a Hardware Security Module to protect the private key? Can you try using your key file and certs with a simple test server included with openssl? Like so: openssl s_server -cert /path/to/yourSSLCertificateFile -key /path/to/yourSSLCertificateKeyFile -CAfile /path/to/yourSSLCertificateChainFile -www and then from a different terminal connect to localhost:4433 curl -i https://localhost:4433/ or openssl s_client -connect localhost:4433 and see if that works. S. > I've tried compiling with OpenSSL 0.9.8L and 0.9.8G with the same results. > This is hosted on a Solaris sparc box. The 2.2.14 server is utilizing all > the same files and SSL certificates as the 2.0.47 server. I've called > Verisign; I have valid certificates, but they've never heard of this error > before. If I self-sign a certificate and test it with the 2.2.14 server, it > seems to work (except for the expected error message regarding self-signed > certificates). > > Searching on Google has led me to try forcing Apache to compile with prefork > enabled (but it seems to default to that anyway on Solaris). I've also tried > statically linking Apache during compile with the same results. > > If anyone has any ideas or suggestions, I'd very much appreciate them... > > Thank you, > John > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [us...@httpd] Apache logs
On Aug 21, 2009, at 11:49 AM, Andrew Hole wrote: Apache logs are written when the request is completed (when browser received the response)? Apache access logs are written during the logging phase of the request processing, which is usually after the respone has been written to the client. The response may not have been received by the client at this time, since Apache itself doesn't care about the actual network data transfer. It just writes to a socket descriptor, and leaves the rest up to the operating system. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [us...@httpd] Is it okay to not use exportable ciphers?
On Aug 20, 2009, at 3:16 PM, Brian Mearns wrote: For the sake of security, I'd like to configure my SSL/TLS server to not allow export level ciphers (using the SSLCipherSuite directive). Is this going to realistically limit the number of people who can use a secure connection to my site? Specifically, will visitors from other countries (outside the US) be able to support the stronger (non-exportable) ciphers? You can configure a logfile to record what ciphers your users are currently using, and draw conclusions from that. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [us...@httpd] redirect IE6 with mod_rewrite
On Aug 2, 2009, at 4:26 PM, MK wrote: On 08/02/2009 06:35:32 PM, Eric Covener wrote: You can't redirect to a relative path. Yeah, that was it. Kind of peeved, tho, that even with LogLevel set to "debug" apache throws absolutely no explanation or error for this. mod_rewrite shares its thoughts with you through the RewriteLog at RewriteLogLevel (or somesuch). At level 10, it gets quite chatty and tells you what it does and why so. S. "Your browser (or proxy) sent a request that this server could not understand" is meaningless in light of the fact that it was just a wrong url, esp since not even a packet sniffer could examine the text of the request after it has been "rewritten". - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [us...@httpd] What 'configure' options used to build RPM image of Apache, ie, --prefix=/etc/httpd --bindir etc.
On Jul 29, 2009, at 2:46 AM, David (Dave) Donnan wrote: Hello. I'm a new-bee and I apologize, in advance, for my ignorance. Also, I hope I've done sufficient research and, therefore, am asking questions the smart way! Alternate Subject: In order to install a patch, how can I overlay a squid 'configure/make/make install' onto an existing RPM installation ? And, is this method possible/advised ? RPM Version: httpd-2.2.11-2.fc10.i386 Fedora 10 Actually, the Redhat Package Manager packages are not really ever the topic of discussion on this list: they are maintained by Redhat themselves and merely consume the Apache software. I need to install the following patch: https://issues.apache.org/bugzilla/show_bug.cgi?id=45107 Bug 45107 - Client certificate attribute UID not usable in env var SSL_CLIENT_S_DN_UID since wrong NID/OID assigned I deduced the patch is not available in the latest package 2.2.12: No mention of BUG here: http://mirrors.linhub.com/apache/httpd/CHANGES_2.2.12 Apache 2.2.12 Released 2009-07-23 So I thought the following would be a good strategy 1. Download httpd-2.2.11-2 sourcecode 2. patch -p0 patch-apache-2.2.8-mod_ssl-uid-2.txt 3. configure/make/make install Apache to overlay existing RPM installation I would suggest a slightly different strategy to incorporate this fix into your package. When I performed the above, using 'configure' (without command line options), Apache installed in /usr/local/apache2 (as documented). However this doesn't resemble my RPM installation, notably, no 'conf.d' subdirectory, no symbolic links such as 'run -> ../../var/run', etc, with which I'm (read: we are) now familiar/comfortable. You should consider obtaining the latest Source RPM (SRPM) for the Red Hat version that you have installed. You can then drop in the patch file (note that Redhat patches start one directory higher than the one attached to the Bugzilla entry) and add the patch to the spec file. In that file, you can also make changes like your own suffix to the package version number which is a good idea to keep your modifications recognizable. I find this: ftp://people.redhat.com/mharris/hacks/rpmbuild-nonroot-1.0.tar.gz indispensable and have in fact never built an RPM any other way. It localized the build scaffolding under your home dir and allows you to build without becoming root. You will also need to install some extra packages, most notably rpm- build and its dependencies. Q1. What 'configure' options (--prefix, --bindir etc.) would allow me to 'overlay' my patch onto the existing RPM installation ? I don't want to break any RPM apache functionality (ssl, cgi etc.). The RPM build comes with the right configure invocation and produces a package that fits right in with all the other packages on your system. You can upgrade the existing installation (if present) using rpm --upgrade. Q2. Is this 'overlay' a good idea, in practice ? No, because it forces you to have a build environment, and keeps you from using the package manager to its full effect. Any help would be greatly appreciated, Dave PS: I found the following examples but I need to be certain: http://www.directadmin.com/forum/showthread.php?t=28112 and many others Don't worry about that, use the configure invocation Redhat came up with as part of your rpm build. Where within Thales are you? I'm in E-Security. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [us...@httpd] Canonical ignores port
On Jul 14, 2009, at 3:24 PM, Marcin 'Rambo' Roguski wrote: SERVER_PORT gets value from ServerName no matter what value of UseCanonicalName is Workaround is to not set a port in ServerName Is this a bug? You're missing Port directive. Port is no longer in httpd 2.x. But try to play with UseCanonicalPhysicalPort. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [us...@httpd] Windows rotatelogs, cmd.exe permission
On Jul 8, 2009, at 11:09 AM, Philip J Dicke wrote: Windows does not seem to have the "apachectl graceful" command that unix does. The only solution that I see is to run apache, where it writes straight to a log file, write a script that shuts down httpd, moves the log file and restarts httpd. I've had good success using the following approach: 1) move the logfiles(s) to a new name, with a timestamp or whatever 2) Send httpd.exe -n ServiceName -k graceful (wrowe tells us that restart and graceful are the same thing on Windows) 3) Wait a second, a minute, an hour or whatever you need to make sure the old httpd child has in fact gone away and has stopped writing to the open file descriptor of the old logfile. 4) Do what you need to do to the old logfile (compress, explode into vhosts, analyze, whatever, it's yours now) The fact that httpd keeps writing to the old logfile ensures that you don't miss any log entries, and the graceful restart ensures uninterrupted service. As wrowe says, the service interface only knows to kill the program under consideration entirely, and then start it up again. This is obviously too harsh if you expect to keep serving requests, and fortunately not necessary. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [us...@httpd] global variable use in mod_proxy_http.c
On Jun 24, 2009, at 12:47 PM, Brian Kim wrote: In mod_proxy_http.c, I globally declared a variable, like unsiged int count = 0; And I make it increase whenever the proxy gets a new http request. You mean when your httpd child processes get a new http request. I expect it increases like 1, 2, 3, 4,... but it is always same 1. How many test requests did you use, did you touch all the children? Does anydoby know why this happens? How can I use a global variable in mod_proxy_http? Declare it as shared memory, or extend the existing Scoreboard. See mod_example_ipc.c for the former. http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/examples/mod_example_ipc.c?view=co I am really new to this proxy stuff. I hope somebody can anwser to my simple question. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [us...@httpd] Apache under Windows 2003 or Linux ?
On Jun 21, 2009, at 5:26 AM, Pierre Labrecque wrote: I have to install a web server to run several wikis on it. These wikis will be in use for around 150 to 200 users (Technical Support wikis for a Help Desk). This web server must be always on, fast, etc… I have read some comments on the web that said that it’s a “heresy” to run Apache on a Windows 2003 system. But as I’m not familiar with Linux (my knowledge This is not a religion: you should run on whatever you can best operate and maintain. about it is equal to zero), I would like to know if for my needs it’s OK to run the web server on a Windows 2003 system. I Bless you my child, you have been absolved. Apache runs fine on Windows, you will even find pre-built binaries of the latest Apache release on the apache.org download site. want a fast server, but as this is just for 150-200 users (this is not a Google web site!), may I expect honest performance and stability? What I will install is: Windows 2003, latest Apache, PHP, MySQl and Mediawiki packages. Nothing else. Same for PHP and MySQL, you can find Windows downloads for both. This would work well if you want to set up a LAMP (or WAMP) based web application on a platform you know and can support. Of course, if you want to learn about Linux, setting up an internal web site would make for an interesting project to learn on the job. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [us...@httpd] Apache2 compile error on Solaris 10
On Jun 14, 2009, at 10:50 PM, Igor Cicimov wrote: Hi Sander, Thanks for your reply. No I don't have /usr/ccs/bin in my PATH. So you say I need to include it? What else should I include in my PATH? /usr/ccs/bin contains some helper programs called by the compiler. Yes, you need it on your PATH in order to build things, and it is kind of a mystery to me that you were able to run configure without it since configure checks for the presence of said utilities. S. Thanks again for your help I really appreciate it. Igor On Mon, Jun 15, 2009 at 3:33 PM, Sander Temme wrote: On Jun 14, 2009, at 10:17 PM, Igor Cicimov wrote: Trying to solve the problem I have install apr and aprutils packages from free solaris but the error is still there. I also have all the dependences for the server installed as expat, sasl and openssl. Any idea what's wrong? What's your PATH? Do you have /usr/ccs/bin in it, and is it before / usr/ucb? S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [us...@httpd] Apache2 compile error on Solaris 10
On Jun 14, 2009, at 10:17 PM, Igor Cicimov wrote: Trying to solve the problem I have install apr and aprutils packages from free solaris but the error is still there. I also have all the dependences for the server installed as expat, sasl and openssl. Any idea what's wrong? What's your PATH? Do you have /usr/ccs/bin in it, and is it before / usr/ucb? S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [us...@httpd] https works, http doesn't
On Jun 1, 2009, at 4:57 PM, John Oliver wrote: As you may know, if you don't put any content in /var/www/html, Red Hat will serve the 403 error page because it has configured Directory Listings of /var/www/html to be forbidden. By striking coincidence, that error page HTML document is dolled up to look like the default "this is a Red Hat box" page you (should) see in your browser. Yup, but DirectoryIndex (or my manually spoecifying index.html) ought to take care of that. In the bare install, there is nothing in /var/www/html, and Options -Indexes forbids to serve directory listing. So you get the 403, which is the "yay I'm using Red Hat" page. And it's logged in error_log as a 403. At log level "error", so your default catches it. The fact that you're not seeing that is very, very weird. So what have you changed to your config? You HAVE changed things: for starters deflate is not on by default. ServerTokens OS No, nothing there that leaps out at me. What's in conf.d/*.conf? S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [us...@httpd] https works, http doesn't
On Jun 1, 2009, at 3:24 PM, John Oliver wrote: [Mon Jun 01 15:21:19 2009] [debug] mod_deflate.c(447): [client 128.49.61.83] Zlib: Compressed 305 to 232 : URL /index.html So it's trying to serve you something. This is probably the internally generated response from the server after it boinked on serving the standard error page document. Your access log: 192.49.61.83 - - [01/Jun/2009:15:12:35 -0700] "GET / HTTP/1.1" 403 - "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10" 192.49.61.83 - - [01/Jun/2009:15:12:38 -0700] "GET /favicon.ico HTTP/ 1.1" 403 250 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv: 1.9.0.10) Gecko/2009042316 Firefox/3.0.10" Interesting that it would serve *no content* for the / and 250 bytes for the favicon.ico. Suggests a different data path is followed. As you may know, if you don't put any content in /var/www/html, Red Hat will serve the 403 error page because it has configured Directory Listings of /var/www/html to be forbidden. By striking coincidence, that error page HTML document is dolled up to look like the default "this is a Red Hat box" page you (should) see in your browser. So what have you changed to your config? You HAVE changed things: for starters deflate is not on by default. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [us...@httpd] https works, http doesn't
On Jun 1, 2009, at 3:27 PM, Frank Gingras wrote: John, Then you are looking in the wrong error log, since a 403 is always logged. The other possibility is that you're hitting browser cache. Yes, but John's other e-mail does show activity, which means he's actually serving pages. We're looking at the right log, and it's trying to serve the right file. S. Frank John Oliver wrote: On Mon, Jun 01, 2009 at 06:00:22PM -0400, Frank Gingras wrote: John, What does the error log say, exactly? Absolutely nothing, besides the messages from httpd starting. John Oliver wrote: Forbidden You don't have permission to access / on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. Web server is RHEL 5.2 running httpd-2.2.3-22.el5 Nothing is logged to any error_log. Access attempts are logged and look OK. There is no firewall... iptables is stopped, and I get the same result from localhost. Nothing is logged to audit.log, and the problem persists afetr "setenforce 0" There is an index.html with 644, and it's in /var/www/html with 755, and that is set as the DocumentRoot. HTTPS works perfectly. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [us...@httpd] https works, http doesn't
On Jun 1, 2009, at 2:52 PM, John Oliver wrote: Forbidden You don't have permission to access / on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. Web server is RHEL 5.2 running httpd-2.2.3-22.el5 Nothing is logged to any error_log. I believe that is impossible: 403s are logged. Are you sure you are looking in the right log? What are the access controls on your DocumentRoot? What is the LogLevel in your configuration file? Access attempts are logged and look OK. There is no Do you mean the access attempt that resulted in the above response? What response code is logged? firewall... iptables is stopped, and I get the same result from localhost. Nothing is logged to audit.log, and the problem persists afetr "setenforce 0" You are definitely talking to the httpd, not to your firewall. There is an index.html with 644, and it's in /var/www/html with 755, and that is set as the DocumentRoot. HTTPS works perfectly. What are the differences in access controls between your SSL vhost and your plaintext vhost (or the main server, as the case may be)? S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [us...@httpd] How does Prefork work?
" time. Doug Bell -- Senior Developer, Plain Black Corp. [ http://plainblack.com ] - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org -- View this message in context: http://www.nabble.com/How-does-Prefork-work--tp23754946p2376.html Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [us...@httpd] Httpd on Ubuntu 9.04
On May 22, 2009, at 5:39 AM, John Hudak wrote: WHY does the Debian distro 'relocate' things such as apache? Don't ask us, ask them. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [us...@httpd] Slow performance
On May 16, 2009, at 9:48 AM, Jaime wrote: first system. It worked MUCH faster. It dropped from 40-60 seconds to send an email message to only 2-5 seconds. The in-production Reverse lookup timeout? S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
[us...@httpd] [Travel Assistance] Applications for ApacheCon EU 2009 - Now Open
The Travel Assistance Committee is now accepting applications for those wanting to attend ApacheCon EU 2009 between the 23rd and 27th March 2009 in Amsterdam. The Travel Assistance Committee is looking for people who would like to be able to attend ApacheCon EU 2009 who need some financial support in order to get there. There are very few places available and the criteria is high, that aside applications are open to all open source developers who feel that their attendance would benefit themselves, their project(s), the ASF or open source in general. Financial assistance is available for travel, accommodation and entrance fees either in full or in part, depending on circumstances. It is intended that all our ApacheCon events are covered, so it may be prudent for those in the United States or Asia to wait until an event closer to them comes up - you are all welcome to apply for ApacheCon EU of course, but there must be compelling reasons for you to attend an event further away that your home location for your application to be considered above those closer to the event location. More information can be found on the main Apache website at http://www.apache.org/travel/index.html - where you will also find a link to the online application form. Time is very tight for this event, so applications are open now and will end on the 4th February 2009 - to give enough time for travel arrangements to be made. Good luck to all those that apply. Regards, The Travel Assistance Committee - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] More than 100 child process r running of apache 2.0.52
On Jan 16, 2009, at 2:36 PM, Aftab Alam - IT wrote: Can u let me is this a error or a memory problem. Something in your server is leaking memory: perhaps there is a module active that doesn't correctly clean up after itself. Setting the MaxRequestsPerChild to a non-zero value (but not too low, the ten thousand Eric suggests is a good starting point) will help you by causing child processes to terminate before they get too big. Strictly spoken, this is a programming error, somewhere, but these can be very hard to track down. This is why MaxRequestsPerChild is there. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [us...@httpd] Why fastcgi is not popular in Apache?
On Jan 17, 2009, at 5:19 PM, howard chen wrote: Just wonder why not many people using fastcgi in Apache, rather, people tends to use mod_php, mod_perl, mod_python etc. I think you might find some positive movement in this area recently. For instance, see http://mail-archives.apache.org/mod_mbox/httpd-dev/200901.mbox/%3c496abecf.9060...@rowe-clan.net%3e and other threads on the list in the weeks preceding. Seems fastcgi is more popular in Lighttpd, are there technical reason behind? As the other response points out, perhaps it has to do with the bigger ecosystem that allows you to run more language environments in-process without having to resort to other moving parts. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [us...@httpd] Troubleshooting Apache Out of Memory Errors
On Jan 4, 2009, at 9:41 PM, Plutocrat wrote:
- Apache/2.2.3 using prefork
- PHP 5.1.6 (cli)
What do you mean when you say 'cli'? Are you using mod_php, or
running it as a CGI?
- mysql Ver 14.12 Distrib 5.0.45
- Joomla 1.5.7 (latest version)
- Wordpress 2.x (latest version)
MaxClients 256
memory_limit = 100M
I've seen Joomla use a lot of memory. I've used it on a Windows
server, and have seen the single 100 thread child process balloon to
800Mb and stay there. If you get 256 child processes and have each
allocate 100Mb of memory, you end up with 25Gb memory allocated in
your 4Gb swapspace: that is just not going to fit.
Note that memory_limit is per script executed. I believe the default
is 8Mb: what made you change that?
OK, if you're still with me, thanks for getting this far. So before
the Out of Memory, the CPU load is around 70% and the load average
is high, but not critical. After the Out of Memory, the entre Swap
is full, the load average is insane, and the disk is swapping like
crazy. There also seem to be a lot of httpd processes spawned, but
not really doing much. At this point the server is inaccessible.
Over the next hour or two the swap never really empties, and only
returns to normal after a reboot.
I'd look at a couple of things:
1) How does your MySQL server configuration match that Apache
configuration? Does
your httpd ever have problems connecting to MySQL?
2) When you look at your processes in top, does the RSS column for
your httpd
processes show any disturbing development? How big do the
processes get
in the 4000 connections you allow them?
3) When you filter all the 404 ("File does not exist") out of your
error log, are
you left with any clues?
If I were to take a shot at your problem, I'd look in the direction of
a scenario where your child processes get bigger than 8Mb, and
something makes child processes hang sufficiently long that the parent
has to spawn more children to service requests. Those children then
also hang on the same resource, which causes more children to be
spawned to serve incoming requests, eventually filling up your memory
you'll break down rapidly from there.
S.
--
Sander Temme
scte...@apache.org
PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
smime.p7s
Description: S/MIME cryptographic signature
Re: Can't Compile httpd 2.2.11 linked statically with ssl and zlib
On Dec 18, 2008, at 5:47 AM, xPostings wrote: compiled zlib: ./configure make make install What's your prefix here? It'd probably default to /usr/local compiled openssl 0.9.8i: ./config no-zlib shared make make install Again, what's the prefix? And, specifying 'shared' will build the *.so libraries which are then picked up by the Apache build system. compiled apache httpd: ./buildconf ./configure --prefix=/usr/local/apache2.2.11 \ --enable-static-support \ --with-mpm=worker \ --enable-mods-shared=all \ --enable-so \ --enable-deflate=static \ --with-z=/usr/local/lib \ Usually, you point to the top of the zlib installation which would be / usr/local, under which the compiler finds the include/headers and the linker finds the lib/libraries. --enable-ssl=static \ --with-ssl=/usr/local/ssl \ This must match your prefix above, or the default. --enable-rewrite=static \ --enable-auth-basic=static \ --enable-authn-file=static \ --enable-authz-user=static \ --enable-authz-groupfile=static \ --enable-authz-host=static \ --enable-expires=static \ --enable-headers=static If I look to the depencies with ldd there is a dynamically linked libz and libssl: linux-gate.so.1 => (0xe000) libssl.so.0.9.8 => /usr/lib/i686/cmov/libssl.so.0.9.8 (0xb7eb9000) libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xb7d7e000) That's your system installation of openssl 0.9.8*. Two things may have happened: 1) You linked against the .so shared libraries in your installation, but at runtime you're picking up the system copy. It seems that embedding the hard path to the shared libraries in the calling binary doesn't work too well on Linnicks. This can be remedied by adding / usr/local/ssl/lib (or whatever, see the discussion on prefix above) to the LD_LIBRARY_PATH environment variable when you start Apache. This can be done in the script that starts the server, or on the command line for testing. 2) The System openssl was found in favor of yours when configuring. This should not happen. Study your ./configure output where it tries to find the proper openssl library and see what exactly happens there. libm.so.6 => /lib/tls/i686/cmov/libm.so.6 (0xb7d59000) libaprutil-1.so.0 => /usr/local/apache2.2.11/lib/ libaprutil-1.so.0 (0xb7d3d000) libexpat.so.0 => /usr/local/apache2.2.11/lib/libexpat.so.0 (0xb7d21000) libapr-1.so.0 => /usr/local/apache2.2.11/lib/libapr-1.so.0 (0xb7cfc000) librt.so.1 => /lib/tls/i686/cmov/librt.so.1 (0xb7cf3000) libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1 (0xb7cc4000) libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0xb7cb2000) libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7cae000) libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7b7d000) libz.so.1 => /usr/lib/libz.so.1 (0xb7b69000) Again, that's the system copy. Same story, plus it may not have found yours because your parameter was off. Again, see your ./configure output. /lib/ld-linux.so.2 (0xb7efe000) What's going wrong? libssl and libz shouldn't be linked dynamically. With httpd 2.2.3 and the same configuration I haven't had these problems. ldd from the old 2.2.3 shows following depencies: linux-gate.so.1 => (0xe000) libm.so.6 => /lib/tls/i686/cmov/libm.so.6 (0xb7edf000) libaprutil-1.so.0 => /usr/local/apache2.2.3/lib/ libaprutil-1.so.0 (0xb7ec9000) libexpat.so.0 => /usr/local/apache2.2.3/lib/libexpat.so.0 (0xb7eac000) libapr-1.so.0 => /usr/local/apache2.2.3/lib/libapr-1.so.0 (0xb7e8a000) librt.so.1 => /lib/tls/i686/cmov/librt.so.1 (0xb7e81000) libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1 (0xb7e53000) libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0xb7e4) libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7e3c000) libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7d0b000) /lib/ld-linux.so.2 (0xb7f0a000) No openssl libraries linked to this one. Are you sure they weren't just linked into mod_ssl.so? S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [EMAIL PROTECTED] Where should I put my java servlet .class file ?
On Dec 5, 2008, at 1:15 PM, Albert Joseph wrote: Very good. I had just installed Tomcat. Now where can I put my servlet .class file ? I once knew this but it has slipped my mind. The http://tomcat.apache.org/ site has some introductory materials, for instance http://tomcat.apache.org/tomcat-6.0-doc/appdev/index.html . Tomcat also has its own user mailinglist. S. -- Sander Temme [EMAIL PROTECTED] PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [EMAIL PROTECTED] Apache On Multi Core/Multi Processors
On Dec 3, 2008, at 3:45 PM, Bruno - e-comBR wrote: I want to know how much Apache's HTTPD takes the advantages of multiple CPUs. Is there any difference about performance betwen using worker or prefork as MPM?? Depends on your operating system architecture. However, in any situation the design of the most popular Apache MPMs has each worker handling a particular connection from beginning to end. This is the case whether workers are pre-forked processes, or whether they are threads in a child process (worker, Windows MPM). Effectively this means that most of the time, workers are waiting for something to do: waiting to read something from the network, for the backend to return data, etc. This means that you usually run many more workers than you have CPU cores. Being a little "out of topic", let me ask you... On a Linux SMP system, does a n Core processor works like n processors?? Is there any differences taking performance advantages of multiple CPUs betwen using multiple threads or multiple processes?? On Linux specifically, you have two factors at work: 1) Linux process structures are relatively lighweight 2) As far as the Linux kernel is concerned, each thread is mapped onto a process structure The last one means you don't win performance by going to threads instead of staying with processes, and the first one means that the penalty of context-switching between many processes is smaller on Linux than on some other systems (like Solaris). Just to make you understand the issue, I'm want to setup a dedicated web server with two Quad Core processors, and I can't use worker(which is multi-threaded) because I'm using mod_php. So, what I really want to know: it's a fact that many CPU's(2 processors x 4 cores = 8) will improve the processing performance?? Actually, I believe the core of PHP is now threadsafe and re-entrant. However, the PHP group can't make any assumptions or claims about threadsafety of the libraries PHP uses, so they won't state PHP runs under multithreaded MPMs. And, because of the circumstances discussed above, there is no practical gain from running threads on Linux so PHP has little motivation to improve this situation. HtH, S. -- Sander Temme [EMAIL PROTECTED] PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [EMAIL PROTECTED] achectl Not Working
On Nov 30, 2008, at 11:02 PM, apache123 wrote: Sander Temme-2 wrote: On Nov 30, 2008, at 8:20 PM, apache123 wrote: Hi, I tried apachectl command on two Linux hosts where Apache HTTP Server is installed. The command is giving result only on one host not on the other. What output do you get when you run the apachectl command on the not updated host (no. 2)? "When I run command it returns nothing. Commands excerpt: [EMAIL PROTECTED] ~]# /usr/sbin/apachectl -v [EMAIL PROTECTED] ~]# /usr/sbin/apachectl -V [EMAIL PROTECTED] ~]# /usr/sbin/apachectl help [EMAIL PROTECTED] ~]# /usr/sbin/httpd -v [EMAIL PROTECTED] ~]# /usr/sbin/httpd -V [EMAIL PROTECTED] ~]# /usr/sbin/httpd help That is most strange: apachectl is a thin wrapper around httpd -k, and httpd should return something when invoked in this way. Could it be that it has been replaced by something that behaves differently from the way Apache does? S. [EMAIL PROTECTED] ~]# ps -ef | grep httpd root 3950 1 0 Nov25 ?00:00:08 /usr/sbin/httpd apache 20564 3950 0 Nov30 ?00:00:00 /usr/sbin/httpd apache 20565 3950 0 Nov30 ?00:00:00 /usr/sbin/httpd apache 20568 3950 0 Nov30 ?00:00:00 /usr/sbin/httpd apache 20570 3950 0 Nov30 ?00:00:00 /usr/sbin/httpd apache 20572 3950 0 Nov30 ?00:00:00 /usr/sbin/httpd apache 20574 3950 0 Nov30 ?00:00:00 /usr/sbin/httpd apache 20576 3950 0 Nov30 ?00:00:00 /usr/sbin/httpd apache 20578 3950 0 Nov30 ?00:00:00 /usr/sbin/httpd root 13888 13832 0 08:31 pts/500:00:00 grep httpd [EMAIL PROTECTED] ~]# " 1. Red Hat Enterprise Linux ES release 4 (Nahant Update 6) [ apachectl working fine ] 2. Red Hat Enterprise Linux AS release 4 (Nahant) [ apachectl not working ] S. -- Sander Temme [EMAIL PROTECTED] PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF -- View this message in context: http://www.nabble.com/achectl-Not-Working-tp20765887p20766973.html Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Sander Temme [EMAIL PROTECTED] PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [EMAIL PROTECTED] achectl Not Working
On Nov 30, 2008, at 8:20 PM, apache123 wrote: Hi, I tried apachectl command on two Linux hosts where Apache HTTP Server is installed. The command is giving result only on one host not on the other. What output do you get when you run the apachectl command on the not updated host (no. 2)? 1. Red Hat Enterprise Linux ES release 4 (Nahant Update 6) [ apachectl working fine ] 2. Red Hat Enterprise Linux AS release 4 (Nahant) [ apachectl not working ] S. -- Sander Temme [EMAIL PROTECTED] PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [EMAIL PROTECTED] how httpd was compiled
On Nov 30, 2008, at 5:05 PM, Anurag Gujral wrote: Thats is why I wanted to know if there is way to find out how a particuar httpd was compiled. If your installation is complete, you should find a file called config.nice in the build subdirectory. It has the exact invocation of the configure script used to set up the build process. That should allow you to recreate your compilation. If that isn't present, don't despair: a combination of httpd -l and the contents of the modules subdirectory will tell you what modules were enabled, and httpd -V will tell you some of the path prefix choices that were made. Also, running ldd on the httpd binary and on the individual modules will tell you where Apache expects to find its libraries: that will allow you to recreate the --with-package=... parameters to configure Most of the configure options have to do with turning modules on and off, so if you collect that information you're most of the way there. Good luck, S. -- Sander Temme [EMAIL PROTECTED] PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [EMAIL PROTECTED] error_log file of 150 Gb!!
On Nov 19, 2008, at 9:29 PM, Justin Wright wrote: I read somewhere that apache limited or could limit the size of the log files as it was writing them? I couldn’t find any configuration settings like this in the documentation. Ah, the good old "read somwhere" approach. No, Apache itself has nothing to do with the log files, it just writes to'em. If Apache is writing directly to the logfile, you can move it out of the way and then send Apache a Graceful restart. This won't interrupt service, but it'll open a new logfile without losing any precious data (since it has an open filehandle on the old file, regardless of your renaming it). If you're writing to logrotate, I don't know what your options are. Look in the source for logrotate, perhaps it has a signal it responds to in a similar way. If not, then that would be a neat patch. And, take a Big Foam Cluebat to your customer. Then make them pay extra for you to clean up the mess they made. S. -- Sander Temme [EMAIL PROTECTED] PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [EMAIL PROTECTED] rpm for httpd-2.0.63
On Nov 12, 2008, at 9:51 AM, Anurag Gujral wrote: I was looking for rpm for httpd-2.0.63 could not find it on apache.Does anyone has/know where to get rpm for httpd-2.0.63. Red Hat? S. -- Sander Temme [EMAIL PROTECTED] PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [EMAIL PROTECTED] CGI on Apache 2.2
On Nov 12, 2008, at 9:23 AM, Bill Ferrarini wrote: Thanks for helping me the error logs says it cannot find the path and it couldn't create the child process 720003: index.cgi then the next line says system cannot find the path specified: couldn't spawn child process. and then gives the url for the file. Rather than paraphrasing, feel free to copy and paste the relevant lines directly into your e-mail. PS we are running on Windows! Associate the .cgi filename extension with your Perl interpreter? You do have Perl installed, right? S. -- Sander Temme [EMAIL PROTECTED] PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [EMAIL PROTECTED] CGI on Apache 2.2
On Nov 12, 2008, at 8:35 AM, Bill Ferrarini wrote: I am tearing my hair out having read and tried many things, I'm about ready to toss this out the window! lol What Does the Error Log Say? S. -- Sander Temme [EMAIL PROTECTED] PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [EMAIL PROTECTED] [apache2.3.0] download
On Oct 14, 2008, at 7:23 AM, GanGan wrote: where can i find apache 2.3.0 for download and testing ? why ? for fun :) We haven't actuallly rolled any releases of 2.3.x (or 2.4.x) yet, so you'll have to get them from Subversion. You'll need the trunks of httpd, apr and apr-util. Alternatively, you can get snapshots from http://cvs.apache.org/snapshots/ . Get the latest of httpd, apr and apr-util, untar httpd and untar the other two under the srclib directory of httpd. Then you'll need to run ./buildconf in the httpd source directory, which will build the configure script. You'll need autoconf, libtool and possibly some more stuff on your box to do this. Don't worry, it'll complain if it can't find something and will tell you what it's looking for. Then you have a configure script that you can call as you normally would. I highly encourage you to play around with the bleeding edge, and tell us what you think. But if you just want to set up a server, why not download the released version, 2.2.9, from http://httpd.apache.org/download.cgi ? S. -- Sander Temme [EMAIL PROTECTED] PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [EMAIL PROTECTED] How to start Apache automatically with certificate?
Hi Ingrid, On Aug 28, 2008, at 6:31 AM, Tan, Liao wrote: Ok, ic I can simply remove the passphrase, and provided the new key be readabale by root only, I should not have any security problems... is it simply remove it? or any other settings, configuratios, re-installation? What has been proposed is that you decrypt the private key and have Apache use that, so it won't prompt for a password when it starts up. This requires no reconfiguration except to point Apache to the file that contains the decrypted private key. Giving the key read-only permissions for only the root user is a good idea. You should end up with permisions that look like -r and root ownership in the ls -l output for the key file. The discussion on whether to start Apache as root is off-topic for this thread, and potentially harmful. Apache starts as root for two very good reasons: 1) to bind to low-numbered ports and b) to open log files for writing in locations to which its children can't write. The server reads the configuration files (and the private key file) while it is still root, and its children inherit that configuration, and the open file descriptors for the sockets and the log file, after they change user id. Because the children changer user id, they can't write to the log directory, or in fact anywhere except directories like /tmp. They also can't read that private key file which offers some protection, although they have a copy of the key sitting in memory for use in SSL handshakes. If someone were to find and exploit a vulnerability in the server software that allows them to read the entire memory space of the server, they can find that key. But this is true whether or not the private key was encrypted to begin with. Does this give you enough security? That depends on how much security you need. The address from which you post suggests that you are in the financial service industry, and you might want to look into requirements within your company regarding private key protection. You don't tell us whether this is an Internet-facing server or not (and we really don't have to know), but please realize that if anyone were to retrieve the private key of your website, they can use that key and the certificate to impersonate your website with a simple DNS spoofing attack. You could look into protecting the private key with a Hardware Security Module or HSM. An HSM protected key can only be used within the secure envelope of the HSM, so even if someone were to steal the key material they couldn't use it because the HSM stays behind in your data center. HSM protected keys can be configured to allow unattended starts of the server, without having to type passphrases. I work for a company that makes HSMs: contact me offline if you want to chat about this option. S. -- Sander Temme [EMAIL PROTECTED] PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [EMAIL PROTECTED] How to install SSL certificate for virtual server?
On Aug 28, 2008, at 8:46 AM, [EMAIL PROTECTED] wrote: ^ This needs to be a different IP address from the one for www.myserver1.com . You'll also need a Listen statement for it (if you're not listening on all available IPs). ServerName www.myserver2.com ^ This hostname needs to resolve to the IP address above. SSLCertificateFile /usr/local/apache/conf/ssl.crt/www.myserver2.com.crt SSLCertificateKeyFile /usr/local/apache-1.3.37/conf/ssl.key/www.myserver2.com.key Any reason why the paths are different? Were you given a chain of authority file by your CA? You need to point to that with SSLCertificateChainFile so the client can make the connection between the CA that signed your cert and the root CA it knows about. S. -- Sander Temme [EMAIL PROTECTED] PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [EMAIL PROTECTED] How to restart Apache
On Aug 27, 2008, at 6:13 AM, Bradley Giesbrecht wrote: Others will answer this better I'm sure and I haven't used Debian in a while but I would do: Debian names its httpd 'apache2'. [EMAIL PROTECTED]:~$ cat /var/run/apache2.pid 5692 [EMAIL PROTECTED]:~$ sudo rm /var/run/apache2.pid [sudo] password for sctemme: [EMAIL PROTECTED]:~$ cat /var/run/apache2.pid cat: /var/run/apache2.pid: No such file or directory $sudo ps ax | grep httpd [EMAIL PROTECTED]:~$ ps -lC apache2 F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD 5 S 0 5692 1 0 78 0 - 43517 - ?00:00:00 apache2 5 S33 7436 5692 0 77 0 - 43517 - ?00:00:00 apache2 5 S33 7437 5692 0 77 0 - 43517 - ?00:00:00 apache2 5 S33 7438 5692 0 77 0 - 43517 - ?00:00:00 apache2 5 S33 7439 5692 0 81 0 - 43517 - ?00:00:00 apache2 5 S33 7440 5692 0 81 0 - 43517 - ?00:00:00 apache2 (don't have to be root to do this) $sudo kill "lowest httpd process id goes here" The one you want to touch is the one with PPID 1: that's the parent process. [EMAIL PROTECTED]:~$ sudo kill -HUP 5692 $sudo /etc/init.d/apache2 start [EMAIL PROTECTED]:~$ cat /var/run/apache2.pid 5692 In other words: a restart as effected by the Hangup signal puts the pidfile back. I would be worried about its disapearance in the first place though. -- Sander Temme [EMAIL PROTECTED] PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [EMAIL PROTECTED] Question
On Aug 9, 2008, at 9:51 AM, Greg Creamean wrote: How can I fix this problem? Open the file as Admin? S. -- Sander Temme [EMAIL PROTECTED] PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [EMAIL PROTECTED] error when MAKE Apache 2.2.*: exports.c : error: previous definition of '...' was here
On Jul 30, 2008, at 5:25 AM, Ben Aurel wrote: exports.c:1309: error: redefinition of 'ap_hack_apr_allocator_free' exports.c:155: error: previous definition of 'ap_hack_apr_allocator_free' was here Could you cast a glance at those areas of server/exports.c and see if you notice anything weird about the paths in the comments above the declarations? I have seen stuff like this happen when I called buildconf in the various spots around httpd and APR with inconsistent --with-apr* parameters, with trailing slashes on the directory name and without. This *should* not affect you if you just run ./configure && make as you described, and I see you force --with-included-apr so you're building the package as you got it. But it'd still be a good idea to see what's going on with those declarations. S. -- Sander Temme [EMAIL PROTECTED] PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [EMAIL PROTECTED] apache > iis asp > mssql
On Jul 15, 2008, at 7:52 AM, Tom Brown wrote: I have apache sat in front of some IIS servers to do some logging, they just pass the request over to IIS. I have an issue where there are sql injection attacks coming through and i wonder at the URL level can i filter these out and thrown them away at the apache level. I am checking through but it seems that 'VARCHAR' is being used in the attack but not in any valid URL - Is there any rewrite or similar to be able to mitigate this? Check out modSecurity http://www.modsecurity.org/ S. -- Sander Temme [EMAIL PROTECTED] PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [EMAIL PROTECTED] How to configure Apache 2.x for HTTP 1.0 version?
On Jul 14, 2008, at 10:52 PM, Anand Kulkarni wrote: I want HTTP 1.0 protocol because I heard that passing content length in HTTP 1.0 request is not mandatory. It's not mandatory in 1.1 either. See http://www.faqs.org/rfcs/rfc2616.html and scroll down to section 14.13. You'll see that Content-Length doesn't merit more than SHOULD, which is short of MUST and means you don't strictly spoken have to send it. According to section 4.4 of the RFC, you have several options to indicate the length of your resource. You could just send it and close the connection (option 5), which would do the trick but won't allow the client to calculate how long it has left to go. Further in section 4.4 it says that clients MUST send a Content-Length header with *requests* that contain a request body, and the server can respond with a 400 or 411 if the client doesn't comply. But that's the *request*, not the response your application sends. In any case, it doesn't necessarily matter what you *heard*. The RFC is the definitive source of information, stop hearing and start reading. S. -- Sander Temme [EMAIL PROTECTED] PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [EMAIL PROTECTED] How to configure Apache 2.x for HTTP 1.0 version?
On Jul 14, 2008, at 9:05 PM, Anand Kulkarni wrote: I am working on Apache 2.x. The default protcol followed is HTTP 1.1. But HTTP 1.1 is a persistent protocol and hence I want Apache to follow HTTP 1.0 protocol. What do you mean by 'persistent'? So, How to configure Apache 2.x for HTTP 1.0 version? Keepalives off work for you? That gets you rid of the Keepalive feature without doing away with the rest of the protocol features. S. -- Sander Temme [EMAIL PROTECTED] PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [EMAIL PROTECTED] php and apache
On Jul 9, 2008, at 3:49 PM, Matt Funk wrote: Anyway, I am running apache/2.2.9 on a debian etch box. My setup used to work but after a friend did a debian upgrade something seems to have gone wrong. Have your friend fix it. (: S. Oh, you're probably missing an AddHandler x-httpd-php .php somewhere in your config hierarchy. S. -- Sander Temme [EMAIL PROTECTED] PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [EMAIL PROTECTED] Re: [ANNOUNCEMENT] Apache HTTP Server 2.2.9 Released
On Jun 14, 2008, at 5:57 PM, Cauchy Song wrote: When upgrading or installing this version of Apache, please bear in mind that if you intend to use Apache with one of the threaded MPMs (other than the Prefork MPM), you must ensure that any modules you will be using (and the libraries they depend on) are thread-safe. Is this means that I can't use apache 2.2.9 in those no kernel space threads OS, like OpenBSD ? Yes, but use the Prefork MPM, as before. S. -- Sander Temme [EMAIL PROTECTED] PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [EMAIL PROTECTED] apache 2.2.3 and load balancing
On Jun 1, 2008, at 1:05 AM, Eric Bowman wrote: I'm in a situation (RHEL 5.1) where the only "supported" version of Apache is 2.2.3. We are wishing to avail of the session affinity load balancing features in mod_proxy_balancer, and I'm wondering what the general consensus is on how suitable that version is regarding that feature. Are you using the Red Hat supplied version of Apache? Keep in mind that they backport patches from later 2.2 releases and from trunk, but their version number stays the same. Review the source RPM to see what's really going on. It has its own Changes file. Even if you were to use vanilla 2.2.3, do you have any information that the features you need were not up to snuff in that version? In any case I'd recommend that you set up a test installation and see if what you need to work, works. That way you have your own benchmark. S. -- Sander Temme [EMAIL PROTECTED] PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [EMAIL PROTECTED] rolling log files
On Mar 23, 2008, at 3:10 PM, Sam Carleton wrote: Is there any way to make Apache roll it's log files? http://httpd.apache.org/docs/2.2/logs.html#rotation S. -- Sander Temme [EMAIL PROTECTED] PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Load Balancing
On Mar 17, 2008, at 3:45 AM, Krist van Besien wrote: What would happen in this case were app1 dead. Would all requests then go to app2, or would half of all requests just fail? The former. And it'll pick the failed backend back up when it comes back online. S. -- Sander Temme [EMAIL PROTECTED] PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
[EMAIL PROTECTED] Call for Papers Opens for ApacheCon US 2008
*** *** Forwarded by request of the conference planners. Please reply to the list, *** or contact the planners at the e-mail address at the bottom of the message. *** Call for Papers Opens for ApacheCon US 2008 !REMINDER: this will be a short CFP, ending on 3 April, so please be sure to get your CFP submissions in soon! The Apache Software Foundation (ASF) invites submissions to its official users' conference, ApacheCon US 2008, held 3 November through 7 November, 2008 at the Sheraton New Orleans. ApacheCon serves as a forum for showcasing the ASF's latest developments, including its projects, membership, and communities. ApacheCon offers unparalleled educational opportunities, with dedicated presentations, hands-on trainings, and sessions that address core technology, development, business/marketing, and licensing issues in Open Source. The conference program includes competitively selected presentations, trainings/workshops, and a small number of invited speakers. All sessions undergo a peer review process by the ApacheCon Conference Planning team. With the great success of ApacheCon US 2007, we are excited to move to New Orleans in 2008. We're proud to announce that we are going to intensify and deepen the pre-conference trainings by offering 2-day trainings alongside full- and half-day trainings, and each training session will have certifications of completion for those who fulfill all the requirements of the training. The ASF comprises some of the most active and recognized developers in the Open Source community. By bringing together the pioneers, developers, and users of flagship Open Source technologies, ApacheCon provides an influential platform for dialogue, between the speaker and the audience, between project contributors and the community at large, traversing a wide range of ideas, expertise, and personalities. ApacheCon welcomes submissions from like-minded delegates across many fields, geographic locations, and areas of development. Please note you do not need to be committer or project contributor at the ASF to submit a proposal! The unique nature of the Apache community lends itself to creating a conference content that is not only the best of Open Source but cutting edge as well. Conference Themes and Topics * Apache HTTP server topics: installation, configuration, migration * ASF-wide projects such as, Jakarta, Tomcat, Maven, Geronimo, Harmony, Lucene, SpamAssassin, Portals, and Web Services * Scripting languages and dynamic content such as Java, Perl, Python, Ruby, XSL, and PHP * Security and e-commerce * Performance tuning, load balancing and high availability * New technologies and initiatives such as Web Services and Web 2.0 * ASF-Incubated projects such as Abdera, CXF, and Qpid * Case studies and industry profiles demonstrating the use of Apache software * Open source community and business models, legal and marketing issues NOTE: Marketing-oriented submissions aimed at promoting specific organizations or products will not be accepted. Submission Guidelines Submissions must include title; speaker's name with affiliation and email address; format (Training vs. General Session) and duration (1-hour general session, or half-, full-day, or two-day training); expertise level (beginner to advanced); a full description including abstract and objectives (200 words or less); intended audience and maximum number of participants, with background knowledge expected of the participants (Trainings only); and speaker bio (100 words or less). Full presentation and training materials will be due at a later date, as noted below. Types of Submissions: Trainings, General Sessions, Case Studies and Industry Profiles. Speakers whose proposals are accepted have registration fees waived, reasonable travel and part of their lodging expenses paid. Only one speaker will be covered per accepted proposal. Important Dates Proposal submission deadline: 3 April, 2008 *Before* ApacheCon Europe! Notification of acceptance:25 April, 2008 Materials for Web site:3 October, 2008 Materials for Trainings: 17 October, 2008 Conference Date: Monday to Friday, 3-7 November 2008 Trainings: Monday and Tuesday, 3-4 November 2008 General Sessions: Wednesday to Friday, 5-7 November 2008 To submit your completed proposal, please follow the directions to logon here to the existing ApacheCon CFP system: http://www.us.apachecon.com/us2008/ Use your existing ApacheCon CFP login, or create a new one as needed. Then under ApacheCon US 2008 Status and Options, click the "Fill out a CFP form" link. If you are not yet subscribed to the ApacheCon announcement mailing list, send an email message to [EMAIL PROTECTED] About ApacheCon US 2008 ApacheCon is co-produced by the Apache Software Foundation and Stone Circle Productions
Re: [EMAIL PROTECTED] Do NOT add a slash at the end of the directory path.
On Feb 6, 2008, at 5:33 PM, Lloyd Parkes wrote: I would give it a go to test things out, but I only have access to large government web servers, so maybe not. How about setting up a test server for yourself, on your own machine? That'll give you something you can test out to your heart's desire. S. -- Sander Temme [EMAIL PROTECTED] PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [EMAIL PROTECTED] Where to download the Apache developer versions?
Ben, On Jan 21, 2008, at 10:27 PM, Sonixxfx wrote: Can someone tell me where the Apache developer versions can be downloaded from? I am unable to find them. When you download the Apache HTTP Server, version 2.2.8, through http://httpd.apache.org/download.cgi ...you'll find everything you need to serve web sites and dynamic CGI content, build an application router with mod_proxy and manipulate requests with mod_rewrite and mod_alias, and develop custom modules using the C API. If you want to develop dynamic content in another language, you'll need to install the appropriate module like mod_php, mod_perl, mod_python or mod_tcl. S. -- Sander Temme [EMAIL PROTECTED] PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [EMAIL PROTECTED] Is Apache2.2 FIPS compliant?
Robin, On Jan 12, 2008, at 6:34 AM, robingandhi21 wrote: Please let me know if anybody have any idea of Apache2.2 being FIPS compliant? By itself, no. Apache does not do anything special for key management or access control to key material. However, Apache can use a FIPS 140 certified Hardware Security Module like nCipher's nShield card and use keys protected by its Security World. This will make you FIPS 140-2 Level 2 or 3 compliant. Note: I work for nCipher. Let me know if you'd like more information about using hardware-protected keys. Sander -- Sander Temme [EMAIL PROTECTED] PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
