Re: [users@httpd] SSL VHosts
Hi Peter, On 30.08.21 04:24, Peter Horn wrote: > I have been successfully running an Apache server for some years (currently > 2.4.41 on Ubuntu 20.04LTS). > I have three "real" http vhosts on port 80, findable through a dynamic DNS > service. I also have a (first in line) default vhost with an "unreachable" > ServerName, which returns a 4xx status, > and exposes the request to fail2ban. > This takes care of the script kiddies and IOT bug-probers who access by IP > address, not hostname. > Recently I upgraded to https on port 443, using LetsEncrypt and CertBot. The > transition went smoothly; http requests to the vhosts on port 80 are returned > a 301 redirect permanent to https. > I have two questions: > 1. Can I implement the same "nameless catchall" in the https environment, or > does the vhost selection work differently there? My ssl cert appears to name > all three real vhosts, but I am unsure > what happens when a request doesn't match any of them. The cert you are using lists only these three names (you could check via "openssl x509 -in -noout -text"). All connections using IP addresses or names not part of the cert should fail on TLS handshake (at least if certificate is validated by the client). You might catch clients, which do not validate certificates with your current TLS setup (that would be clients connecting using IP). Clients that validate the certificate will not send the actual request. Let's encrypt does not issue certificates for IP addresses (https://community.letsencrypt.org/t/ssl-on-a-ip-instead-of-domain/90635/3), so you can not simply add your IP to the certificate. > 2. Are there any adverse consequences to closing down http / port 80 now that > the vhosts are up on https / port 443? That depends, new browsers versions are currently changing their behaviour on site access (e.g. see https://blog.mozilla.org/security/2021/08/10/firefox-91-introduces-https-by-default-in-private-browsing/, https://www.bleepingcomputer.com/news/google/google-chrome-90-released-with-https-as-the-default-protocol/). Older Browsers try HTTP (port 80) before trying HTTPS (port 443), some even do not try HTTPS, if the initial HTTP fails. YMMV. I'd suggest to keep the HTTP vhost for pure redirects and additionally set the Strict-Transport-Security header (see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security) on HTTPS requests. With the header, most browsers will cache the information that HTTPS is enabled for your site and even enforce it for the time you set in the header. hth. Thomas - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] HSTS verification
Hi, On 02.07.21 09:27, @lbutlr wrote: > When checking for https HSTS compliance on htstpreload.org I get a warning > >> We cannot connect to https://example.net using TLS ("Get >> https://example.net: http: server gave HTTP response to HTTPS client"). What is in your access logs, can you identify the request and check which virtual hosts served it? You can enable logging of the virtual host in the access log or log to dedicated files (see https://httpd.apache.org/docs/2.4/mod/mod_log_config.html#formats for a list of what is available). > And I do not understand how this can be. The page in questions loads as https > with a valid cert and the http query is set to redirect to https > > >ServerName www.example.net >ServerAlias foo.example.net >ServerAlias example.net >DocumentRoot /usr/local/www/example/ >DirectoryIndex index.html >ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/usr/local/www/example/$1 >SSLEngine on >SSLCertificateFile /usr/local/etc/dehydrated/certs/example.net/cert.pem >SSLCertificateKeyFile > /usr/local/etc/dehydrated/certs/example.net/privkey.pem >SSLCertificateChainFile > /usr/local/etc/dehydrated/certs/example.net/chain.pem >SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 >SSLHonorCipherOrder on >SSLCipherSuite > ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS >#SSLUseStapling On >Header always set Strict-Transport-Security "max-age=15638400; > includeSubdomains;" >Header always set X-Frame-Options DENY >Alias /.well-known/ /usr/local/www/.well-known/ > > > >ServerName www.example.net >ServerAlias foo,example.net >ServerAlias example.net >ServerAlias webmail.example.net >Redirect / https://www.example.net/ >Alias /.well-known/ /usr/local/www/.well-known/ > > > I do not see anything onbviously wrong here (there is a typo on "ServerAlias foo,example.net" though, assume this is just an example issue). However, your TLS virtualhost is bound to a fixed IP, your plain HTTP virtual host is bound to all available IPs on the machine. My guess would be virtual host mismatch or a DNS specific issue (does example.net resolve to different IPs for different resolvers?). Again access logs may reveal some more information on that. hth, Thomas - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Intermittent SSL failure on Tomcat port
Hi Madhan, I suppose you would have better chances with that on the Tomcat users list, however your Tomcat and Java versions are quite old (even if Tomcat in this version is still actively supported by the project, Java 7 is totally outdated in regards to TLS support). Are you using tc-native (TLS with OpenSSL) or pure Java TLS? Are any Middleboxes (that perform TLS inspection) in place? I would rather invest time to update to more recent stack (that will lead to acceptable security, IIRC Java 7 does not support TLS1.2)... Tomcat version details:- Server version: Apache Tomcat/7.0.91 Server built: Sep 13 2018 19:52:12 UTC Server number: 7.0.91.0 OS Name:Linux OS Version: 2.6.32-431.20.3.el6.x86_64 Architecture: i386 JVM Version:1.7.0_201-mockbuild_2018_10_22_02_29-b00 JVM Vendor: Oracle Corporation Best regards, Thomas - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Season Greetings
The year 2018 has been again exciting in terms of growth of the Apache community and the Feature set of the Apache HTTPD server. In 2018 we celebrated 15 years Apache Lounge, wow.. time is flying. I am thrilled to see so many folks making use of Apache Lounge Binaries and visiting the Apache Lounge, more and more non-windows users are participating. For many of users the forum is a big valuable archive and also thanks to the moderators Mario, Gregg and Tom we continued the quality level. Also big thanks to all the members who answered questions from users. It is really rewarding to see that the effort we put into the Apache Server is appreciated so much. For the next weeks, I'll be spending time with my family enjoying Christmas end of year festivities. As exciting as computers and servers can be, this year will also forever serve as a reminder of what is really important: family, friends and the compassion of strangers. I wish for you and your families time to reconnect, enjoy traditions, and to find some rest during the holiday season. Whatever you celebrate, I hope you take a moment to reflect on the year that is closing and on your goals for 2019 as it approaches. Many thanks to all my friends in the Apache Community and ASF and enjoy the holidays ! Steffen http://www.apachelounge.com/ - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Apache httpd 2.4.37 GA Win available
Vote to release httpd-2.4.37 has PASSED. See www.apachelounge.com/viewtopic.php?p=37467 - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] SSLCertificateChainFile
I am putting to together a config for both RH6 and RH7 systems. RH6 used Apache/2.2.15, RH7 uses Apache/2.4.6. I understand that in 2.4.8 SSLCertificateChainFile is deprecated and the intermediates should be appended to the file that SSLCertificateFile points to. Can 2.2 and < 2.4.8 work properly if the SSLCertificateChainFile in the config is NOT used and instead the intermediates are appended the file that SSLCertificateChainFile points to as you would in 2.4.8 and greater. Just thinking that if it will work correctly, the config would be the same now and when 2.4.8 and greater gets in place. We have done this on a test system and it seems to work, however I'm not sure if we are just fooling ourselves and it isn't even seeing the intermediates and the client just isn't complaining. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Apache httpd 2.4.34-dev Win snapshot available
Snap 2 now available On Thursday 21/06/2018 at 16:05, Apache Lounge wrote: http://www.apachelounge.com/viewtopic.php?p=36981 - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Apache httpd 2.4.34-dev Win snapshot available
www.apachelounge.com/viewtopic.php?p=36981 - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Apache httpd 2.4.33-vote available
See www.apachelounge.com/viewtopic.php?p=36618 When you see/have issues please mail to me and/or file it in Bugzilla. Enjoy, Apache Lounge Team - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Tomcat mod_jk & isapi_redirect.dll updated VC15 to 1.2.43
Windows bin updated see: https://www.apachelounge.com/viewtopic.php?p=36570 https://www.apachelounge.com/viewtopic.php?p=36571 Cheers - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: OwnCloud 9 Installation
Am 01.05.2016 um 11:48 schrieb Volker Wysk: > Hallo! > > Ich versuche, die OwnCloud v9, die im Apache-Server läuft, zum Laufen zu > bringen. apache2 und owncloud können beide ohne Fehler installiert werden, > doch wenn ich danach http://localhost/owncloud aufrufe, bekomme ich nur einen > 404-Fehler. > > Jemand hat mir gesagt, daß das eigentlich "out of the box" funktionieren > sollte. > > Wo muß ich nachschauen, um herauszufinden, was geschieht? In /var/log/apache2 > ist nicht erhellendes. > > Dafür ist die Apache Mailingliste wohl eher die falsche Wahl. Aber der 404 heißt, daß die aufgerufene Seite nicht gefunden wurde. Also wird der Documentroot nicht stimmen. Mit freundlichem Gruß M.Schwarz -- Evolution Hosting Full-Service-Provider http://evolution-hosting.eu Tel: +49 (0)531 2625 187 Fax: +49 (0)531 2097 859 68 Sitz: Braunschweig UID: DE280048158 - To unsubscribe, e-mail: users-de-unsubscr...@httpd.apache.org For additional commands, e-mail: users-de-h...@httpd.apache.org
[users@httpd] slow reload apache22
hello world, so i run Apache/2.2.31 on FreeBSD9. 64 bit. Hosting about 400 websites on this virtual server that executes well enough - except, whenever i make configuration changes and gracefully reload the httpd, the service kind of stalls for about 10-20 seconds. The server acts as reverse proxy onto the backend servers, that might just as well be httpd in many cases, however when these reloads the same way, content is instantly available, but on the proxy content becomes dramatically slow responding right after "apachectl graceful" was executed, then after <20 seconds its fast responding again. I run no custom cache solution on top of apache, only customsized SSL cache, but i cant see if this should interfere with plain http requests performance. I would like to be able to serve the users with fast respondstimes eventhough i have to reload the config several times during the day. The websites are located in about 50 config files, with about 400 VirtualHosts inside. I only serve some small icons as content directly on the proxy, all the rest is either text errorpages in config or strict reverse proxy. Does anyone else have this poor experience ? -or even better a tip for a solution to get this solved ? br Congo, Denmark - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [users@httpd] VirtualHosts, SSLProtocol, and SSLCipherSuite
hello hello hello, i recently posted a similar issue with the topic Weirdo intepretation of SSLprotocol order on this distlist (may 7th 2015) I found that (at least on) Apache 2.2.29 64bit Prefork, the sslProtocol order is only challenged once for the whole server, that is the first occurence to appear. I think this is your problem too... Someone asked me to build a backported dist of httpd, or at least a patch.. however, time never got to me... The general solution seems to be running httpd 2.4.13+, but its unclear to me, whether the problem resides in openssl maybe.. however, its not fixed out of the blue. And i know, this doesnt answer your question, but it may make things a little clearer :) br Congo On 2015-06-17 00:37, karl karloff wrote: So that does not actually help in the case of SSLv3 because SNI is an extension to TLS. It seems like this is not possible in Apache given the usage of OpenSSL as the SSL/TLS library. Does that sum it up? Thanks, Karl Date: Tue, 16 Jun 2015 23:54:39 +0200 From: ylavic@gmail.com To: users@httpd.apache.org Subject: Re: [users@httpd] VirtualHosts, SSLProtocol, and SSLCipherSuite On Tue, Jun 16, 2015 at 10:48 PM, karl karloff karlkarl...@hotmail.com wrote: I am attempting to set up more than one subdomain on :443 in this example. so something like sslv3.example.com:443 responds with SSLv3 only tlsv1.example.com:443 responds with TLSv1.0 only ... I wasn't aware that could be achieved using the ServerName directive. The underlying IP/interface should be the same for all subdomains, but each subdomain responds by accepting only a single SSLProtocol. Does that make sense? It does, however there is a limitation currently in OpenSSL in that it can't renegotiate the protocol. Hence this configuration will work only with browsers/clients supporting (and advertising) the Server Name Indication (SNI), which allows to select the correct VirtualHost before the negotiation occurs. Otherwise, Apache HTTPd will have to negotiate before being able to read the requested Host header, and hence determine the VirtualHost. Thus it will do the negotiation occording to the parameters (protocol, ciphers, ...) of the first vhost declared on the listening IP:port. If finally the determined vhost is not the one used for the negotiation, it will ask for a renegotiation which, as said above, won't take the SSLProtocol into consideration due to OpenSSL not being able to do that (the SSLCipherSuite can be renegotiated though). So all should be fine with SNI only. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [users@httpd] RE: Apache Reverse Proxy deletes meta http-equiv=“Content-type” content=“text/html; charset=utf-8” / from code
hello hello hello, Ive seen exactly that behavior many times in 2.2.29. Once ProxyHTMLEnable is invoked in a vhost, output is heavily influenced, eventhough there are no rules to define modification of any html at all.. The rules i define works flawlessly, but the filter invocation swallows more than it should... i have been pulling my hair for this problem, with the result of light baldness... I wasnt aware of the bug report - yet, i am not sure, whether it applies a fix at some point for the 2.2 branch - anyone to know this ? br congo On 2015-06-16 17:25, Cruz Villanueva, Juan wrote: Hello Yann, Thanks for your reply. I'll review this link. It's really possible that it's related I'll post my findings later. Thanks. Juan Cruz Villanueva -Original Message- From: Yann Ylavic [mailto:ylavic@gmail.com] Sent: martes, 16 de junio de 2015 9:09 To: users@httpd.apache.org Subject: Re: [users@httpd] RE: Apache Reverse Proxy deletes meta http-equiv=“Content-type” content=“text/html; charset=utf-8” / from code On Tue, Jun 16, 2015 at 8:58 AM, Cruz Villanueva, Juan juan.cruz-villanu...@hp.com wrote: one has seen this issue (or similar one) before? Maybe https://bz.apache.org/bugzilla/show_bug.cgi?id=56287 ? Regards, Yann. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Weirdo intepretation of SSLprotocol order
Hello, Well - a patched version... what do you mean -i've build apache22-2.2.29_2 from ports... so its already up to date. However openssl runtime is openssl-1.0.1_16, where i see there is a openssl-1.0.2_1 available from ports. I prefer to build from ports, in order to host a standardized environment for the web.. I have been looking into migration to apache httpd 2.4, but from my understanding the config interpretor is not backwards compatible, so i have to renew all configs. I run around 50 domains and 450 sites, and about 15 instances of apache httpd.. so there will be a bunch of config redoing.. Do you mean - building 2.2.29 from apache.org sources ? br congo On 2015-05-07 11:13, Yann Ylavic wrote: Hello, you may hit an issue fixed in [1] (for upcoming 2.4.13). Can you manage to build a patched httpd-2.2.29 from sources? Regards, Yann. [1] http://svn.us.apache.org/r1663258 On Wed, May 6, 2015 at 2:54 PM, apa...@thva.dk wrote: hello, So i have an apache 2.2.29 running Prefork on FreeBSD 64bit. I have a number of vhosts included - one vhost per domain name. In any of these vhost containers the SSLProtocol directive seems to be ignored, but only the default vhost is dictating the SSLProtocol for all other (this is ofcourse the first HTTPS enabled vhost container, which might be relevant). Though documentation argues that its applicable per vhost, and not only in server config. For testing purpose, i use add the following to my sub-vhost: SSLProtocol -ALL +TLSv1.2 But when the default vhost is configured as such: SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2 - that final example is the only, thats used throughout the webserver. I read in http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslprotocol, that it should be applicable per virtual host. The goal is to host some sites via TLS 1.2 only, and some other ones only in TLS 1.1 for instance. Does anyone else meet the same challenge or know how to resolve this ? br congo - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Weirdo intepretation of SSLprotocol order
hello, So i have an apache 2.2.29 running Prefork on FreeBSD 64bit. I have a number of vhosts included - one vhost per domain name. In any of these vhost containers the SSLProtocol directive seems to be ignored, but only the default vhost is dictating the SSLProtocol for all other (this is ofcourse the first HTTPS enabled vhost container, which might be relevant). Though documentation argues that its applicable per vhost, and not only in server config. For testing purpose, i use add the following to my sub-vhost: SSLProtocol -ALL +TLSv1.2 But when the default vhost is configured as such: SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2 - that final example is the only, thats used throughout the webserver. I read in http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslprotocol, that it should be applicable per virtual host. The goal is to host some sites via TLS 1.2 only, and some other ones only in TLS 1.1 for instance. Does anyone else meet the same challenge or know how to resolve this ? br congo - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Support for HTTP 2.0
Hi, I would like to know is there any version of apache that is able to support HTTP 2.0? If no, what is the roadmap for apache to support HTTP 2.0? Thank you. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: Visual C++ Processor Pack
Hallo Mario, vielen Dank für deine Hilfe, der Build Vorgang läuft jetzt durch. Ich benötige die exportierten Makefiles für den InstallBin Build-Lauf. Bei diesem Build werden die Windows-Makefiles verwendet, auch aus der IDE heraus. Für apr-util sind die Makefiles jedoch selbst in dem Win-Sources-Paket nicht exportiert bzw. enthalten. Jetzt fehlt mir nur noch die Info, wie ich die Datenbankunterstützung in apr-util korrekt integrieren muss, damit auch z.B. die DLL für die mysql- Unterstützung erzeugt wird. Leider gibt es wohl wenig Doku und Anleitungen zu apr-util, ich kann nix passendes dazu finden. Gruß Elmar Da wird mit den Make-Files gear Am 2012-12-26 22:25, schrieb Mario Brandt: Hallo, vielleicht spannend ist das momentane Thema dazu in der Developer mailing liste. Demnächst kommt ein patch für Windows für die Dokumentation. http://people.apache.org/~gsmith/httpd/diffs/unix_to_win_build.diff Wie dem auch sei, hier der Link wie die make files exportiert werden. http://httpd.apache.org/docs/trunk/platform/win_compiling.html#exportingmakfiles Aber das mit dem fixwin32mak.pl script hatte ich ja schon geschrieben. Nur hatte ich den Link nicht gefunden. Gruß Mario 2012/12/19 Mario Brandt jbl...@gmail.com: Hallo Elmar, in apr-util-1.5.1-win32-src.zip sind die dsp Dateien enthalten. Das reicht normalerweise um den server mit der GUI zu kompilieren. Ansonsten gibt es noch fixwin32mak.pl in srclib\apr\build (zu starten aus der source root). Wie schon geschrieben benutze ich VC9 wo das kein Problem darstellt. Es gibt sogar ein Tutorial apache nur auf der command line zu kompilieren http://wiki.apache.org/httpd/Win32VC9Build Mit der GUI ist es jedoch deutlich einfacher. Übrigens mit den Runtime files laufen die VC9 builds auch unter Windows 2000. Wenn Du keine Lust auf den ganzen Kram hast, dann auch meine builds unter apachehaus.com herunterladen ;) Doch zurück zu deiner eigentlichen Frage. Der Grund dafür, dass nicht mehr alle make files enthalten sind, ist die Frage bei den Entwicklern, ob die GUI oder die commandline unter Windows genutzt werden soll. Keiner hat so recht Lust beides zupflegen. Ich kann Dir aber ans Herz legen bald auf den Apache 2.4 um zusteigen. 2.2 wird nicht mehr weiterentwickelt. Gruß Mario - To unsubscribe, e-mail: users-de-unsubscr...@httpd.apache.org For additional commands, e-mail: users-de-h...@httpd.apache.org - To unsubscribe, e-mail: users-de-unsubscr...@httpd.apache.org For additional commands, e-mail: users-de-h...@httpd.apache.org
Re: Visual C++ Processor Pack
Hallo Mario, ich habe es inzwischen geschafft, den Apache 2.2.22 komplett zu builden. Die Version 2.2.23, die zum Download angeboten wird, hat allerdings kein korrekt vorbereitetes APR Paket (apr, apr-iconv und apr-util) integriert. Bisher habe ich die Make-Files analysiert und herausgefunden, dass für die dbd in apr-util die Make-Files aus dem Visual-Studio exportiert werden müssen. Allerdings bekomme ich Fehler beim verwenden der exportierten Make-Files. Weißt du als erfahrener Insider, warum die APR Pakete nicht für das Visual-Studio vorbereitet sind und woher ich die Info bekomme, wie ich diese Pakete präparieren muss ? Tausend Dank im voraus. Gruß Elmar Am 2012-11-21 23:31, schrieb Mario Brandt: Hallo Elmar, eigentlich sind die Windowspackete kurz nach den Unix archiven verfügbar. Diesmal hatte jedoch keiner Lust etwas zu packen. Das gleiche gillt auch für die 2.4.x version. Im Grunde sind die archive aber gleich, bis auf die Lineendings. Daher hat man sich entschieden nur noch universelle sources anzubieten. Du kannst alle die sourcen. im tar.gz formar runterladen (auch alle wichtigen Sachen in srclib) und dann mit perl die Linendings ändern. srclib\apr\build\lineends.pl Und voila hat hast Du die Windows version. Ob und wann es wieder msi installer oder exe Dateien geben wird, wird gerade in der developer list rege diskutiert. Warum eigentlich noch Apache 2.2? Und VC6 ist auch schon ziemlich alt ;) Ich glaub das stammt noch aus Windows 98 Zeiten. Gruß Mario - To unsubscribe, e-mail: users-de-unsubscr...@httpd.apache.org For additional commands, e-mail: users-de-h...@httpd.apache.org - To unsubscribe, e-mail: users-de-unsubscr...@httpd.apache.org For additional commands, e-mail: users-de-h...@httpd.apache.org
[users@httpd] AuthnProviderAlias not working in 2.4 but did in 2.2
Hi, before I start: I guess it is tricky missconfiguration but I don't get it :( May someone could help? What happend? I have upgraded from Apache 2.2 to 2.4. I was using AuthnProviderAlias to use two AuthUserFiles for Basic authentication. The configuration was working on Apache 2.2 but stopped working on 2.4. I have tried to simplify the use case. This was resulting in the following config: http://pastebin.de/31329 . As you can see it also fails with using only one AuthnProviderAlias. The difference between the working and the none working config is the use of the AuthnProviderAlias directive (last two lines in Directory section). I have already spoken to some peoples at IRC. They suggested me to run strace to see which files are opened by apache. The difference between the working and the none working configuration is just the use of the htpasswd file: http://pastebin.de/31328 Apache version and loaded modules: http://pastebin.de/31330 Any ideas what's going on there or how to dig further into the problem? thanks in advance, Daniel - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: Visual C++ Processor Pack
Hallo Mario, das ldap Problem entstand, weil für den 2.2.x Apache Server scheinbar nur die Version 1.4.1 von apr-util verwendet werden kann. Warum die aktuelle Version nicht funktioniert verstehe ich nicht ... ein Hinweis in der Win-32 Readme wäre wirklich hilfreich gewesen :( Zum builden des Apache 2.2.23 habe ich den tag aus SVN exportiert, aber in diesem Stand sind keine APR Projekte enthalten, daher habe ich natürlich die aktuellen Versionen verwendet. Aktuell ist auf den Download-Mirrors auch kein win-32 Paket für die 2.2.23 erhältlich, in dem alles schon integriert ist ... Ist das normal, dass die win-32 Versionen erst Monate später zur Verfügung gestellt werden ? Danke für deinen Support. Gruß Elmar Version Am 2012-11-19 20:43, schrieb Mario Brandt: Hallo, für den letzten Apache aus 2.2.x habe ich APR 1.4.6, APR-Util 1.4.1. APR-Iconv 1.2.1. genommen. (und OpenSSL 1.0.1c, Zlib 1.2.7) Wobei ich VC6 lange nicht mehr benutzt habe. Das LDAP Problem kenne ich nicht. Mit Apache 2.4.3 habe ich da keine Probleme. Mit 2.2 habe ich das aber auch nicht ausprobiert. Allerdings erinnere ich mich, dass LDAP immer nur über ldap:// und nicht ldaps:// lief in der 2.2 Version (wenn ich mich recht entsinne). Gruß Mario - To unsubscribe, e-mail: users-de-unsubscr...@httpd.apache.org For additional commands, e-mail: users-de-h...@httpd.apache.org - To unsubscribe, e-mail: users-de-unsubscr...@httpd.apache.org For additional commands, e-mail: users-de-h...@httpd.apache.org
Re: Visual C++ Processor Pack
Hallo Mario, danke für deine Antwort. An der Sache mit den Line-Endings bin ich vorgestern fast verzweifelt, da hätte ich die Info gut brauchen können ... ;) Das VS 6 hat sich nämlich strikt geweigert das dsw-File zu laden, obwohl in SVN kein Unterschied zwischen den Files angezeigt wurde ... wieder was gelernt in Bezug auf SVN, die Dateien werden scheinbar nicht nur über MD5 Checksummen verglichen ... Das perl Script ist ja ne feine Sache, aber in der Build-Anleitung steht, dass Perl optional ist ... das stimmt dann ja gar nicht mehr ... dann muss ich erst mal Perl installieren ... Das wäre aber doch schade, wenn keine msi-Pakete mehr angeboten würden ? Wohin tendieren die Entwickler da gerade ? Ich wollte erst mal mit den Basics starten (VS 6.0) und dann das Ganze mit einer neueren Version von VS probieren ... ich habe einen Win 2000 Server, der wird ja nicht mehr von allen VS Versionen unterstützt ... In Bezug auf das LDAP Problem habe ich mich geirrt, das Problem besteht weiterhin... hast du wirklich keine LDAP Library in dein Projekt integriert ? ... oder etwas an den Header-Files konfiguriert ? Gruß Elmar Am 2012-11-21 23:31, schrieb Mario Brandt: Hallo Elmar, eigentlich sind die Windowspackete kurz nach den Unix archiven verfügbar. Diesmal hatte jedoch keiner Lust etwas zu packen. Das gleiche gillt auch für die 2.4.x version. Im Grunde sind die archive aber gleich, bis auf die Lineendings. Daher hat man sich entschieden nur noch universelle sources anzubieten. Du kannst alle die sourcen. im tar.gz formar runterladen (auch alle wichtigen Sachen in srclib) und dann mit perl die Linendings ändern. srclib\apr\build\lineends.pl Und voila hat hast Du die Windows version. Ob und wann es wieder msi installer oder exe Dateien geben wird, wird gerade in der developer list rege diskutiert. Warum eigentlich noch Apache 2.2? Und VC6 ist auch schon ziemlich alt ;) Ich glaub das stammt noch aus Windows 98 Zeiten. Gruß Mario - To unsubscribe, e-mail: users-de-unsubscr...@httpd.apache.org For additional commands, e-mail: users-de-h...@httpd.apache.org - To unsubscribe, e-mail: users-de-unsubscr...@httpd.apache.org For additional commands, e-mail: users-de-h...@httpd.apache.org
[users@httpd] Problem with building apache httpd from win sources
Hello, I am trying to build the apache httpd version 2.2.22 from the windows sources, but running in the following problem with ldap support of apr-util: apr_ldap.h(136) : fatal error C1189: #Fehler : Support for LDAP v2.0 toolkits has been removed from apr-util. Please use an LDAP v3.0 toolkit. Can anyone tell me, where I can find an instruction note, how to integrate the ldap sources or library correct into apr-util. I did not find something useful ... Thanks for your help. Greetings - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Re: Visual Studio C++ 6 Processor Pack
Hello Good Guy, thanks for your answer. I have looked through your suggested download list, but did not find the Processor Pack for Visual C++ 6, that is needed to assemble the SSL code with the build procedure. Do you have another idea where to get this optional software pack ? Thanks a lot. apache-admin Am 2012-11-16 02:30, schrieb Good Guy: On 15/11/2012 20:36, apache-ad...@ultra-it.de wrote: Hello, I want to build the new version 2.2.23 of the Apache HTTPD on myself to get involved in the debugging of the http server. Unfortunately I was not able to find the Visual C++ 6.0 Processor Pack at microsofts download center nor on the web. Does anyone know, where I can get this processor pack ? Would be great, if you could help me. Thanks a lot. apache-admin http://www.cnet.com/topic-software/microsoft-visual-c.html - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Visual C++ Processor Pack
Hallo zusammen, ich möchte die neue Version 2.2.23 des Apache HTTPD selbst builden, um einen Debug durchzuführen. Leider kann ich bei Microsoft und auch im Web das Visual C++ 6.0 Processor Pack nicht finden. Unter welchem Begriff kann ich das im Download-Center oder im Netz finden. Das wäre echt super, wenn ihr mir da helfen könntet. Vielen Dank im voraus. apache-admin - To unsubscribe, e-mail: users-de-unsubscr...@httpd.apache.org For additional commands, e-mail: users-de-h...@httpd.apache.org
[users@httpd] Visual Studio C++ 6 Processor Pack
Hello, I want to build the new version 2.2.23 of the Apache HTTPD on myself to get involved in the debugging of the http server. Unfortunately I was not able to find the Visual C++ 6.0 Processor Pack at microsofts download center nor on the web. Does anyone know, where I can get this processor pack ? Would be great, if you could help me. Thanks a lot. apache-admin - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Apache reverse proxy 2-way SSL authentication
Hello list, I am investigating what kind of reverse proxy solution would fit a customers requirement. I am also looking at Apache. One of the requirements is to support 2-way SSL authentication. Is this possible with Apache (using version 2.2) as reverse proxy? And if so any config examples would be appreciated. Regards, Lars - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Getting error: request failed: error reading the headers
Hello there, I have some entries in my error_log that driving me crazy. [Tue Nov 15 15:06:36 2011] [error] [client 74.125.78.92] request failed: error reading the headers, referer: http://www.example.com/page1.html [Tue Nov 15 15:06:36 2011] [error] [client 66.102.12.89] request failed: error reading the headers, referer: http://www.example.com/page5.html [Tue Nov 15 15:09:32 2011] [error] [client 74.125.78.86] request failed: error reading the headers, referer: http://www.example.com/page18.html There are many more entries like that with other pages on my server. These are all IPs from Google. I fear that Google is not able to view my pages the correct way. I’m not sure but maybe these error logs are there since I added a rewrite rule from http://example.com to http://www.example.com. RewriteCond %{HTTP_HOST} ^example\.com$ [NC] RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301] Can this be the cause of the error? Has anybody an idea why I'm getting this error? Dont know if it matters. I'm using Drupal 6 at the page where getting the errors. Thanks for help. Greets Manuel - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Peak download performance with single file
On Sat, Apr 23, 2011 at 07:46:37PM +0530, vrukesh panse wrote: But, when we simultaneosly download more than one file (for example, two different 10MB text files), we get total download speed of 12Mbps. This is the kind of thing you might see if the *client* TCP receive window is being filled. It may not be the server's fault. I'd also look into support of 'TCP window scaling' and 'selective acks'. Neither which I believe XP does by default. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] mod_proxy_balancer - no way to name pool members by IP.
On Fri, Feb 04, 2011 at 11:06:48PM +, dfw-apa...@white.u-net.com wrote: On Fri, Feb 04, 2011 at 05:36:01PM +, Igor Gali?? wrote: But ProxySet only allows you to set the same Variables as ProxyPass does. host is none of them. Indeed. This appears to be the problem. Such an option is missing. Right now I'm looking into 2.2's source to see how to add an option preservehost=(on|off). Can you please test: http://people.apache.org/~igalic/patches/mod_proxy-preserve_host.diff duh.. nodocumentationpatch! But I'm pretty sure you can guess how to use it ;) http://people.apache.org/~igalic/patches/mod_proxy-preserve_host.2.diff Adds: Documentation, CHANGES update, MMN bump Also has a _set variable analogous to the other options. Bonus: compiles. Untested so far. Thanks. I've poked and snuffled, but a co-worker has pointed out that there may be problems if this worker is a member of two different balance pools. The connection properties would be controlled by the worker, but what is sent down that connection should be controlled by the balancer pool. I followed your earlier lead when you mentioned ProxyPreserveHost is now localisable in trunk. I dug out svn commit r824072 which looks to be exactly what I need. It should prevent shared workers getting mixed up by allowing me to set the Host at the Proxy balancer://.. level. I have a sneaking suspicion trying to set Proxy http://10.* for a worker would never work anyway, as the system won't see that as the destination. It will see the balancer instead, so only the Proxy balancer://.. config would apply anyway. We'll see how far I get. As it turns out, after a very long journey, I didn't get very far at all. I needed to backport a few mod_proxy thread safety patches from 2.3 to 2.2.17 or else apachebench was just a massacre. After backporting the localisable ProxyPreserveHost patch I successfully overwrote the Host header from inside a Proxy block, allowing me to control which vhost I talked to on the backend member. Unfortunately this kludged Host header makes its way into your cached object headers and your access log... Now, you can fix the log by catching the Host in a Setenvif and logging that, and I don't *think* anything looks at the Host header in the cached object, but it turns out there is a more unpleasant problem : This works as expected : RewriteRule /foo(.*) balancer://back.foo.com/fooback/$1 [P] And this also proxypasses, but *none* of the directives in the Proxy balancer://back.foo.com/ take effect: Location /foo RewriteRule /foo(.*) balancer://back.foo.com/fooback/$1 [P] /Location No, I don't know why. Without the Proxy block directives to control the Host header sent to the backend, the backend gives us the finger, as its balancer member IP/hostname is not the vhost we want. I think I'm going to have to retreat. It looks like I will need a patch to *specify* a host header at the balancer config level. Does anyone have any tips on how this might be done? DFW PS: Ignoring parameter 'lbset=0' for worker 'http://10.1.2.3' because of worker sharing (I backported a log verbosity patch too) Ignoring the other variables I can understand, but shouldn't lbset be unique to each balancer? e.g. I share the same backend workers amongst several balancers, but each backend IP may serve each vhost to a differing degree. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] mod_proxy_balancer - no way to name pool members by IP.
On Fri, Feb 04, 2011 at 11:06:48PM +, dfw-apa...@white.u-net.com wrote: On Fri, Feb 04, 2011 at 05:36:01PM +, Igor Gali?? wrote: But ProxySet only allows you to set the same Variables as ProxyPass does. host is none of them. Indeed. This appears to be the problem. Such an option is missing. Right now I'm looking into 2.2's source to see how to add an option preservehost=(on|off). Can you please test: http://people.apache.org/~igalic/patches/mod_proxy-preserve_host.diff duh.. nodocumentationpatch! But I'm pretty sure you can guess how to use it ;) http://people.apache.org/~igalic/patches/mod_proxy-preserve_host.2.diff Adds: Documentation, CHANGES update, MMN bump Also has a _set variable analogous to the other options. Bonus: compiles. Untested so far. Thanks. I've poked and snuffled, but a co-worker has pointed out that there may be problems if this worker is a member of two different balance pools. The connection properties would be controlled by the worker, but what is sent down that connection should be controlled by the balancer pool. I followed your earlier lead when you mentioned ProxyPreserveHost is now localisable in trunk. I dug out svn commit r824072 which looks to be exactly what I need. It should prevent shared workers getting mixed up by allowing me to set the Host at the Proxy balancer://.. level. I have a sneaking suspicion trying to set Proxy http://10.* for a worker would never work anyway, as the system won't see that as the destination. It will see the balancer instead, so only the Proxy balancer://.. config would apply anyway. We'll see how far I get. As it turns out, after a very long journey, I didn't get very far at all. After backporting the localisable ProxyPreserveHost patch I successfully overwrote the Host header from inside a Proxy block, allowing me to control which vhost I talked to on the backend member. Unfortunately this kludged Host header makes its way into your cached object headers and your access log... Now, you can fix the log by catching the Host in a Setenvif and logging that, and I don't *think* anything looks at the Host header in the cached object, but it turns out there is a more unpleasant problem : This works as expected : RewriteRule /foo(.*) balancer://back.foo.com/fooback/$1 [P] And this also proxypasses, but *none* of the directives in the Proxy balancer://back.foo.com/ take effect: Location /foo RewriteRule /foo(.*) balancer://back.foo.com/fooback/$1 [P] /Location No, I don't know why. Without the Proxy block directives to control the Host header sent to the backend, the backend gives us the finger, as its balancer member IP/hostname is not the vhost we want. I also needed to backport a few mod_proxy_http.c thread safety patches from 2.3 to 2.2.17 or else apachebenching was just a massacre. I think I'm going to have to retreat. It looks like I will need a patch to *specify* a host header at the balancer config level. Does anyone have any tips on how this might be done? DFW PS: Ignoring parameter 'lbset=0' for worker 'http://10.1.2.3' because of worker sharing (I backported a log verbosity patch too) Ignoring the other variables I can understand, but shouldn't lbset be unique to each balancer? e.g. I share the same backend workers amongst several balancers, but each backend IP may serve each vhost to a differing degree. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] mod_proxy_balancer - no way to name pool members by IP.
On Wed, Apr 20, 2011 at 02:17:43PM -0400, Eric Covener wrote: and I don't *think* anything looks at the Host header in the cached object, you could add a Vary on the Host header. I'd rather not play with the Host header after all if I can help it. If it Vary's on Host, won't it check that the Host matches the cached object's Host? Which it never will coz we broke it to get the backend proxy Host header working. DFW - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] mod_proxy_balancer - no way to name pool members by IP.
On Thu, Feb 03, 2011 at 11:00:25PM +, Igor Gali?? wrote: - dfw-apa...@white.u-net.com wrote: I've hit a vexing impasse with mod_proxy_balancer. I have a pool of backend boxes. They vhost many domains, so need the specific Host: header in requests to them (the *same* Host: header for all of them) I proxy requests to them potentially thousands of times a second, and their IP's are not going to be changing, so I name the BalancerMembers by IP address, as the DNS lookup overhead is a fatal waste of CPU, especially if your DNS servers melt and your site dies unnecessarily. (No, /etc/hosts is not possible. http://httpd.apache.org/docs/current/mod/mod_proxy.html#startup That only mentions ProxyBlock. We do not use ProxyBlock. Also, when we lost DNS, we lost the site, so reality has the last word regardless. The sitename has multiple A records, and I make the backends choose individualiseable vhosts. Besides, my hosts file is vast!) Unfortunately, when I try and use mod_headers to set the Host: header for these backend connections, the balancer layer destroys the result and replaces it with the IP. Apparently, if I switch ProxyPreserveHost on, I may get further, but since that's a site-wide setting a side effect would mean all Not quite sure what you mean by site-wide, but: http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost says: Context:server config, virtual host It does. Our site is a vhost. It has squillions of proxypasses to squillions of different backend boxes run by squillions of different people. I want to add another backend without breaking all of the other ones. of my other proxied directories would now get the wrong Host: header. All the RewriteRule [P]'s would break and I would have to catch and Wit a sec. You're using mod_rewrite for proxying? Why? (http://bash.org/?866112) Because I'm rewriting the URL, and then proxying it? Because I'm using rewritemaps? Because I like the letter P? Pick one :) Also, this problem is only using ProxyPass, so mod_rewrite is not the problem here. replace the Host in every single one of them in individual Proxy blocks. That deluge of perpetual kludgery does not appeal. What I need is a way to tell a ProxyPass or BalancerMember, that they should use a certain Host: header in its communications with this backend. e.g. BalancerMember http://10.0.0.1/foo/ host=foobar.com Now I'm confused. How do your configs actually look like? ProxyPreserveHost Off ProxyPass /foo/ balancer://www.mybackend1.net/ Proxy balancer://www.mybackend1.net ProxySet lbmethod=bybusyness timeout=10 BalancerMember http://192.168.0.1 lbset=0 retry=0 ttl=5 BalancerMember http://10.0.0.1lbset=1 retry=0 ttl=5 /Proxy Proxy http://192.168.0.1 RequestHeader set Host www.mybackend1.net /Proxy Proxy http://10.0.0.1 RequestHeader set Host www.mybackend1.net /Proxy ProxyPass /bar/ http://www.mybackend2.net/ ProxyPass /bar1/ http://www.mybackend3.net/ ProxyPass /bar2/ http://www.mybackend4.net/ ... 192.168.0.1 receives 'Host: 192.168.0.1', not the 'Host: www.mybackend1.net' I want it to. www.mybackend2.net receives 'Host: www.mybackend2.net' and I want to keep it that way. The logical alternative would have been to be able to specify a certain target IP to connect to instead of a certain Host name to use e.g. BalancerMember http://foobar.com/foo/ address=10.0.0.1 but I suspect apache would then be unable to set Proxy block rules for individual balancer members since they'd all declare the same URL and you'd be unable to match them individually You can use ProxySet http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyset in Proxy and BalancerMember But ProxySet only allows you to set the same Variables as ProxyPass does. host is none of them. Indeed. This appears to be the problem. Such an option is missing. DFW - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] mod_proxy_balancer - no way to name pool members by IP.
On Fri, Feb 04, 2011 at 05:36:01PM +, Igor Gali?? wrote: But ProxySet only allows you to set the same Variables as ProxyPass does. host is none of them. Indeed. This appears to be the problem. Such an option is missing. Right now I'm looking into 2.2's source to see how to add an option preservehost=(on|off). Can you please test: http://people.apache.org/~igalic/patches/mod_proxy-preserve_host.diff duh.. nodocumentationpatch! But I'm pretty sure you can guess how to use it ;) http://people.apache.org/~igalic/patches/mod_proxy-preserve_host.2.diff Adds: Documentation, CHANGES update, MMN bump Also has a _set variable analogous to the other options. Bonus: compiles. Untested so far. Thanks. I've poked and snuffled, but a co-worker has pointed out that there may be problems if this worker is a member of two different balance pools. The connection properties would be controlled by the worker, but what is sent down that connection should be controlled by the balancer pool. I followed your earlier lead when you mentioned ProxyPreserveHost is now localisable in trunk. I dug out svn commit r824072 which looks to be exactly what I need. It should prevent shared workers getting mixed up by allowing me to set the Host at the Proxy balancer://.. level. I have a sneaking suspicion trying to set Proxy http://10.* for a worker would never work anyway, as the system won't see that as the destination. It will see the balancer instead, so only the Proxy balancer://.. config would apply anyway. We'll see how far I get. DFW - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] mod_proxy_balancer - no way to name pool members by IP.
I've hit a vexing impasse with mod_proxy_balancer. I have a pool of backend boxes. They vhost many domains, so need the specific Host: header in requests to them (the *same* Host: header for all of them) I proxy reqeusts to them potentially thousands of times a second, and their IP's are not going to be changing, so I name the BalancerMembers by IP address, as the DNS lookup overhead is a fatal waste of CPU, especially if your DNS servers melt and your site dies unnecessarily. (No, /etc/hosts is not possible. The sitename has multiple A records, and I make the backends choose individualiseable vhosts. Besides, my hosts file is vast!) Unfortunately, when I try and use mod_headers to set the Host: header for these backend connections, the balancer layer destroys the result and replaces it with the IP. Apparently, if I switch ProxyPreserveHost on, I may get further, but since that's a site-wide setting a side effect would mean all of my other proxied directories would now get the wrong Host: header. All the RewriteRule [P]'s would break and I would have to catch and replace the Host in every single one of them in individual Proxy blocks. That deluge of perpetual kludgery does not appeal. What I need is a way to tell a ProxyPass or BalancerMember, that they should use a certain Host: header in its communications with this backend. e.g. BalancerMember http://10.0.0.1/foo/ host=foobar.com The logical alternative would have been to be able to specify a certain target IP to connect to instead of a certain Host name to use e.g. BalancerMember http://foobar.com/foo/ address=10.0.0.1 but I suspect apache would then be unable to set Proxy block rules for individual balancer members since they'd all declare the same URL and you'd be unable to match them individually So, I currently can't use my backends in mod_proxy_balancer Does anyone have any suggestions? DFW - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] What IP address is this log entry coming from? (Is :: a valid IP address?)
Turns out the box only had 2GB RAM and was simply running out of physical memory - running a web server on swap is a Bad Idea(TM). We tossed in 8GB more (10GB RAM total) and the problem seems to have gone away. It was a real head-scratcher since we were told that the box had awesome hardware so the thought that there might not be enough hardware never even crossed our minds. The make sure MaxClients isn't way over the capacity of your machine tip below is what led us to the 2GB RAM issue. Thanks Jeff. You're the man! From: Apache Issues apacheiss...@yahoo.com To: users@httpd.apache.org Sent: Thu, September 2, 2010 1:50:10 PM Subject: Re: [us...@httpd] What IP address is this log entry coming from? (Is :: a valid IP address?) We're trying a few of your suggestions. Kind of hard to test it. Thanks for the quick responses. From: Jeff Trawick traw...@gmail.com To: users@httpd.apache.org Sent: Thu, September 2, 2010 12:34:43 PM Subject: Re: [us...@httpd] What IP address is this log entry coming from? (Is :: a valid IP address?) On Thu, Sep 2, 2010 at 3:03 PM, Apache Issues apacheiss...@yahoo.com wrote: That won't work. I can't even get results from 'ps aux' to get a pid, SSH is super laggy (I can type maybe one character every 4 or 5 seconds - if I'm that lucky), and most commands never complete. The hardware has been tested and is fine. The problem occurs randomly - we've gone a week without incident before but we've also had days where this problem crops up 4-6 times throughout the day. The :: log entries are the first real clue to the cause. And the only solution we've come up with is to reboot the box. wild ideas any monitoring scripts which can take action at the first sign of the problem might be more successful than interactive attempts at capturing ps, running gcore against high CPU process, whatever change your Listen portnumber directives to Listen 0.0.0.0:portnumber to avoid httpd seeing an IPv6 connection (especially one with no source address or which it somehow mangles to look like that) CPU rlimits on httpd perhaps? (I don't think I've ever tried that) Can you nice the httpd down? (haven't tried that) make sure MaxClients isn't way over the capacity of your machine
Re: [us...@httpd] What IP address is this log entry coming from? (Is :: a valid IP address?)
Our server just went nuts again. And again :: shows up in the logs right around the moment it started chugging 100% CPU. Help! From: Apache Issues apacheiss...@yahoo.com To: users@httpd.apache.org Sent: Wed, September 1, 2010 11:36:02 AM Subject: Re: [us...@httpd] What IP address is this log entry coming from? (Is :: a valid IP address?) Okay... That makes it rather difficult to track down a solution. Any theory as to why this occurs/how this can occur would be quite helpful. From: Tom Evans tevans...@googlemail.com To: users@httpd.apache.org Sent: Wed, September 1, 2010 8:12:23 AM Subject: Re: [us...@httpd] What IP address is this log entry coming from? (Is :: a valid IP address?) On Tue, Aug 31, 2010 at 12:00 AM, Apache Issues apacheiss...@yahoo.com wrote: I'm using: CustomLog /var/log/apache2/access_log %a %l %u %t \%r\ %s %b \%{Referer}i\ And I occasionally see this right around the time the CPU starts running at 100%: :: - - [27/Aug/2010:12:28:01 -0700] GET /favicon.ico HTTP/1.1 200 - - %a is supposed to be an IP address, so what IP address is ::? I'm only somewhat familiar with IPv6 but I've never seen :: before. http://en.wikipedia.org/wiki/IPv6_address#Notation One or any number of consecutive groups of zero value may be replaced with two colons. [ ... ] The localhost (loopback) address, 0:0:0:0:0:0:0:1, and the IPv6 unspecified address, 0:0:0:0:0:0:0:0, are reduced to ::1 and ::, respectively. Cheers Tom
Re: [us...@httpd] What IP address is this log entry coming from? (Is :: a valid IP address?)
That won't work. I can't even get results from 'ps aux' to get a pid, SSH is super laggy (I can type maybe one character every 4 or 5 seconds - if I'm that lucky), and most commands never complete. The hardware has been tested and is fine. The problem occurs randomly - we've gone a week without incident before but we've also had days where this problem crops up 4-6 times throughout the day. The :: log entries are the first real clue to the cause. And the only solution we've come up with is to reboot the box. From: Jeff Trawick traw...@gmail.com To: users@httpd.apache.org Sent: Thu, September 2, 2010 11:32:10 AM Subject: Re: [us...@httpd] What IP address is this log entry coming from? (Is :: a valid IP address?) On Thu, Sep 2, 2010 at 2:24 PM, Apache Issues apacheiss...@yahoo.com wrote: Our server just went nuts again. And again :: shows up in the logs right around the moment it started chugging 100% CPU. Help! attach to the high CPU httpd process with a debugger and get backtraces see http://httpd.apache.org/dev/debugging.html
Re: [us...@httpd] What IP address is this log entry coming from? (Is :: a valid IP address?)
We're trying a few of your suggestions. Kind of hard to test it. Thanks for the quick responses. From: Jeff Trawick traw...@gmail.com To: users@httpd.apache.org Sent: Thu, September 2, 2010 12:34:43 PM Subject: Re: [us...@httpd] What IP address is this log entry coming from? (Is :: a valid IP address?) On Thu, Sep 2, 2010 at 3:03 PM, Apache Issues apacheiss...@yahoo.com wrote: That won't work. I can't even get results from 'ps aux' to get a pid, SSH is super laggy (I can type maybe one character every 4 or 5 seconds - if I'm that lucky), and most commands never complete. The hardware has been tested and is fine. The problem occurs randomly - we've gone a week without incident before but we've also had days where this problem crops up 4-6 times throughout the day. The :: log entries are the first real clue to the cause. And the only solution we've come up with is to reboot the box. wild ideas any monitoring scripts which can take action at the first sign of the problem might be more successful than interactive attempts at capturing ps, running gcore against high CPU process, whatever change your Listen portnumber directives to Listen 0.0.0.0:portnumber to avoid httpd seeing an IPv6 connection (especially one with no source address or which it somehow mangles to look like that) CPU rlimits on httpd perhaps? (I don't think I've ever tried that) Can you nice the httpd down? (haven't tried that) make sure MaxClients isn't way over the capacity of your machine
Re: [us...@httpd] What IP address is this log entry coming from? (Is :: a valid IP address?)
Okay... That makes it rather difficult to track down a solution. Any theory as to why this occurs/how this can occur would be quite helpful. From: Tom Evans tevans...@googlemail.com To: users@httpd.apache.org Sent: Wed, September 1, 2010 8:12:23 AM Subject: Re: [us...@httpd] What IP address is this log entry coming from? (Is :: a valid IP address?) On Tue, Aug 31, 2010 at 12:00 AM, Apache Issues apacheiss...@yahoo.com wrote: I'm using: CustomLog /var/log/apache2/access_log %a %l %u %t \%r\ %s %b \%{Referer}i\ And I occasionally see this right around the time the CPU starts running at 100%: :: - - [27/Aug/2010:12:28:01 -0700] GET /favicon.ico HTTP/1.1 200 - - %a is supposed to be an IP address, so what IP address is ::? I'm only somewhat familiar with IPv6 but I've never seen :: before. http://en.wikipedia.org/wiki/IPv6_address#Notation One or any number of consecutive groups of zero value may be replaced with two colons. [ ... ] The localhost (loopback) address, 0:0:0:0:0:0:0:1, and the IPv6 unspecified address, 0:0:0:0:0:0:0:0, are reduced to ::1 and ::, respectively. Cheers Tom
[us...@httpd] What IP address is this log entry coming from? (Is :: a valid IP address?)
I'm using: CustomLog /var/log/apache2/access_log %a %l %u %t \%r\ %s %b \%{Referer}i\ And I occasionally see this right around the time the CPU starts running at 100%: :: - - [27/Aug/2010:12:28:01 -0700] GET /favicon.ico HTTP/1.1 200 - - %a is supposed to be an IP address, so what IP address is ::? I'm only somewhat familiar with IPv6 but I've never seen :: before. I'm attempting to try to figure out why, on random occasions, the server CPU suddenly spikes to 100%. I'm not sure where the problem lies. Could be Apache, MySQL, PHP, or something else (e.g. the OS). This problem has been ongoing for months now and the only fix is to reboot the box, which is a rather frustrating solution. The :: issue is the first possible clue I've gotten. It seems to crop up only around the times the server is at 100% in the logs.
[us...@httpd] mod_authnz_ldap: constructible AuthLDAPBindDN
I've searched the mod_authnz documentation and also had already a look into mod_authnz's sources to find an existing chance to configure some kind of variable bindDN-Pattern but after reading both I understand mod_authnz the way that it is mandatory to either use anonymous bind or some kind of proxy-user bind (AuthLDAPBindDN) to search for an user's DN (e.g. searching for uid/email) to bind to the LDAP server using the found DN and the user provided password. Have I missed something during my readings or is this an unsupported feature? For example apache's tomcat 5.5/6.0 JNDIrealm's configuration already does provide a userPattern (please see http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#JNDIRealm and search for userPattern). Please let me explain the background why there is a common demand for such a mod_authnz feature: Anonymous and even proxy-user based search request could harm a company's restrictive data privacy policies. Therefore some directory information tree (DIT) and LDAP server designs offer advanced but very easy (for clients like mod_authnz) to implement/use approaches to offer the administrator a chance to get rid of the need for proxy-user based search but to be able to make an authorization decission directly in each user's context. As searching the user's branch seems not very harmful in regard to privacy concerns searching the groups and their memberships is definitively more interesting. In modern directory designs/implementations therefore an user's group membership is also stored (as the DNs of the groups a distinct user is member of) directly in each user's entry where the directory keeps track of the referential integrity (which for example is supported by openldap). Thus there is no need to expose the groups and their membership in general to any service's proxy-user. Instead, the authorization decision can be made directly using the authenticated user's ldap connection as the user has been successfully bind to the LDAP server before. Take for example this shortend LDIF based user entry: dn: uid=userA,dc=example,dc=com uid: userA memberOf: cn=groupA,dc=example,dc=com memberOf: cn=groupB,dc=example,dc=com memberOf: cn=groupC,dc=example,dc=com IMHO there's no a need to prior search for (uid=userA) using a proxy user in case the company's default policy is to just permit the uid for login (instead of the eMail address for example) and use the user provided uid to construct the bindDN which will be bind against the LDAP server using the provided password. If the bind was successful the user's connection (in this user's context) can be used to *compare* his memberOf attribute against the authorized groupDN. Please note that an LDAP server that only allows the compare operation on the memberOf attribute (which can be enforced by LDAP server internal ACLs) will not disclose any others of this user's group membership information to the service (compare != search and compare != read) which fulfills most restrictive privacy policies. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] mod_authnz_ldap: constructible AuthLDAPBindDN
Eric Covener schrieb: On Sat, Jun 19, 2010 at 7:48 AM, apache...@stresst.net wrote: I've searched the mod_authnz documentation and also had already a look into mod_authnz's sources to find an existing chance to configure some kind of variable bindDN-Pattern but after reading both I understand mod_authnz the way that it is mandatory to either use anonymous bind or some kind of proxy-user bind (AuthLDAPBindDN) to search for an user's DN (e.g. searching for uid/email) to bind to the LDAP server using the found DN and the user provided password. Look at the trunk documentation, there are a few recently added directives in this neighborhood. Ahhh that sounds very fine: http://httpd.apache.org/docs/trunk/mod/mod_authnz_ldap.html Thanks a lot for your help! How are the chances that these directives get backported into mod_authnz_ldap of any httpd 2.2.[15]? - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] mod_authnz_ldap: constructible AuthLDAPBindDN
Eric Covener schrieb: On Sat, Jun 19, 2010 at 10:49 AM, apache...@stresst.net wrote: Eric Covener schrieb: On Sat, Jun 19, 2010 at 7:48 AM, apache...@stresst.net wrote: I've searched the mod_authnz documentation and also had already a look into mod_authnz's sources to find an existing chance to configure some kind of variable bindDN-Pattern but after reading both I understand mod_authnz the way that it is mandatory to either use anonymous bind or some kind of proxy-user bind (AuthLDAPBindDN) to search for an user's DN (e.g. searching for uid/email) to bind to the LDAP server using the found DN and the user provided password. Look at the trunk documentation, there are a few recently added directives in this neighborhood. Ahhh that sounds very fine: http://httpd.apache.org/docs/trunk/mod/mod_authnz_ldap.html Thanks a lot for your help! How are the chances that these directives get backported into mod_authnz_ldap of any httpd 2.2.[15]? Not too likely at the moment, but if you test them on trunk and provide feedback maybe a bit more likely. ok, I'll give feedback in case I get the current trunk version to compile successfully on my ldap development system and also: if you need or want me to test/debug special LDAP related features of trunk's mod_authnz_ldap just let me know. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] The requested URL ....was not found on this server - Scratch my head
Hi, Check RewriteEngine on Amit On Fri, Apr 9, 2010 at 10:04 PM, Wang, Mary Y mary.y.w...@boeing.comwrote: Hi, I'm in the process of upgrading to httpd 2.0.46. I'm getting this error when it goes to this URL https://devbrass2.ana.bna.boeing.com/projects/ms-tools-charts/ . The page showed as The requested URL /projects/ms-tools-charts/ was not found on this server. The ssl_error_log showed File does not exist: /usr/brass/www/projects/ms-tools-charts/, I read several blogs and postings, and many people suggested using the RewriteEngine directive. I've never used the rewriteengine directive in the previous apache configuration (it worked before). In the httpd.conf file I have defined the following: ServerName devbrass2.ana.bna.boeing.com:443 DocumentRoot /usr/brass/www # This should be changed to whatever you set DocumentRoot to. # Directory /usr/brass/www Options Indexes FollowSymLinks AllowOverride All Order allow,deny Allow from all /Directory I'm running on Redhat. Any ideas on how I can fix this problem? Thanks in advance. Mary - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] inter module communication
Hi Edgar, I am trying to call a function from all modules into one module, for example if i have the following modules, A,B,C,D. and X I want to be able to call a function in module X from A,B,C, and D. your thoughts? hash On Thu, Mar 11, 2010 at 2:13 AM, Edgar Frank ef-li...@email.de wrote: 10/03/10 hashim qaderi Is there an example of how to communicate between apache modules? Any help would be appreciated. Hi. The easy way is, communication via request_rec-notes. You have to pay attention to the module/hook excution order, but you have to do this anyway for your module to function properly. Another way are request environment variables. Or you could use optional functions, but that depends heavily on what you are trying to achieve. Maybe with a litte more detail, we could help you out better. Regards, Edgar - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] How to set prefer-language from a URL parameter without cookies?
Hi, I Show you an example of access manual from browser . having different language support AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br|ru))?(/.*)?$ /usr/local/apache2/manual$1 Directory /usr/local/apache2/manual Options Indexes AllowOverride None Order allow,deny Allow from all Files *.html SetHandler type-map /Files SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|pt-br|ru)/ prefer-language=$1 RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|pt-br|ru)){2,}(/.*)?$ /manual/$1$2 LanguagePriority en de es fr ja ko pt-br ru ForceLanguagePriority Prefer Fallback /Directory It gives u an idea Amit http://new-innovation.blogspot.com/ On Tue, Aug 18, 2009 at 2:37 PM, Victor Engmark victor.engm...@gmail.comwrote: Hi all, I'm trying to do language auto-negotiation in .htaccess on version 2.0.63, and it mostly works (see code below). The only thing that doesn't is the env=prefer-language:%1 part, and I can't figure out why. I tried asking at Stack Overflow http://stackoverflow.com/questions/1280220/how-to-use-setenv-with-a-url-parameter , but although the answers are good, none of them seem to work. The manual http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html#rewriterule didn't mention any gotchas and Google didn't help, so this is the last try before going back to a PHP hack. # Available languages AddLanguage en .en AddLanguage fr .fr AddLanguage no .no # Priority (highest first) LanguagePriority no en fr # Fallback to specified language priority if the browser doesn't supply any of the supported languages ForceLanguagePriority Fallback # Language auto-negotiation Options +MultiViews # Set cookie when setting language in URL RewriteEngine On RewriteBase / RewriteCond %{QUERY_STRING} (?:^|)language=(en|fr|no) RewriteRule ^(.*)$ $1? [cookie=language:%1:.aspaass.no:7200 :/,env=prefer-language:%1,redirect=permanent] # Disable caching if the cookie was set RewriteCond %{HTTP_COOKIE} language=(.*) RewriteRule .* - [env=cookie_language:%1] IfDefine cookie_language Header append Vary cookie Header set Cache-Control store, no-cache, must-revalidate, post-check=0, pre-check=0 /IfDefine # Set preferred language from cookie if it exists SetEnvIf Cookie language=(.+) prefer-language=$1 -- Victor Engmark - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Apache graceful-stop
Hi, when u run graceful-stop , it will work in different manner Let see first it kill parent process if any child process serve request.. it continue to server, but not accept new request ..new request handle by new child process ... mean it will take a little bit time to kill all running httpd process . hope got an idea now ! Amit http://new-innovation.blogspot.com/http://new-innovation.blogspot.com/ On Wed, Aug 12, 2009 at 7:52 PM, Mohit Anchlia mohitanch...@gmail.comwrote: I installed Apache 2.2.11 and tested graceful-stop. When I run graceful-stop I still see all the httpd processes even though there is nothing listening on port 80. Those httpd processes stay there even though there are no incoming or existing sessions. Is there a bug someone knows about or am I doing something wrong? - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Specific filesystem for cache
Hi Try JFS or XFS file System can be used for Better i/o Performance in MOD_DISK_CACHE JFS: Journaling File System : having better journiling faster then ext3 XFS: Xtra Large File System : Read Write Performance Is Much Better Thanks Amit Maheshwari On Thu, Aug 6, 2009 at 1:18 AM, Fábio Jr. fjuniorli...@gmail.com wrote: Hello all. I'm wondering if someone have a suggestion of what filesystem to use in the cache directory used by mod_disk_cache. I'm having some i/o problems, and want to choose the right filesystem, since I use a separate partition for the cache. Thanks []s Fábio Jr. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] [solved] Re: [us...@httpd] Apache dies in Freebsd jail
From out of left field with a little inspiration: I hazarded a look at the host log files and found I was getting exited on sig 11 errors from httpd- even though ps was still showing it as running in the jail. So a google search now showed up some more possible causes; most of those surrounding mods. In particular php was common with extensions causing a lot of failures. I now had something to work with. I commented out all the extensions in php/extensions.ini and restarted apache: Its alive! I then tried to work out why- I suspected memory, but more googling found reordering of the extensions to help, but which ones? I went through one by one each of the extensions to find a culprit or space problem (actually got impatient and by the end tried 4 at a time) and found 4 which seemed similar and did cause a failure. I commented out different combinations and finally hit on the spl extension; uncommenting all others apache kept going, so here was my culprit. Googled some more, and couldn't find a reason why it would be hurting. So I ran php -v on the cli and got a seg fault with spl, I ran gdb php -v and got a different error which had to be deciphered (something to do with misc.c), but if spl was not available mysql and others whinged. More googling... tried apache php5 spl seg fault and got an obscure reference: spl was not the problem at all! I had in my endeavours to resolve this issue put the spl extension at the beginning of the extensions.ini file, apparently the recode extension can cause conflicts because the mysql and imap extension want it, and recode is not available until later in the extensions.ini- put recode at the beginning and presto! Finally everybody's happy... :) Sorry to waste electrons (so to speak), but I figured someone might have a similar issue and I'm hoping this will point them in the right direction sooner rather than hours of endless searching for something they're not sure they're searching for. I've also given my workings in the resolution to save maybe/maybe not the same kind of problem. The spl/recode extension issue is rather obscure, the majority of references only point to reordering of extensions but don't say which ones. BTW: why didn't I think of the php mod first? I was sure I had php and apache working fine before- I just hadn't installed all of the extensions due to space... :) Such is life... Cheers On Wed 5/08/09 2:02 PM , apache-u...@herveybayaustralia.com.au wrote: I know this sounds like a headline, but its true. I had a disk space problem in the jail, so I reconfigured and restored the apache on the new disk size. I then added my other modules that I required from ports. I then checked if it all worked, and I got nada- firefox tells me the sites valid but the server won't connect. So far I've tried upping log levels to debug, httpd -X, and running portupgrade -fRr apache. All to no avail- I can get no message or hint or idea of why apache fails. If I run ps -ax I see httpd -DNOHTTPACCEPT or httpd -X still running (apparently), but I can't see any listeners on any ports/interfaces with sockstat. I need some help debugging this- something (ANYTHING!) that will give me a clue on what I've missed here. I'd rather not just blow it all away without attempting to find out what the hell is behind this. I'm running a jailed FreeBSD 7.2 and apache-2.2.11_7 built from ports. I've built php5-5.2.10, mod_perl2-2.0.4_2,3, and mod_python-3.3.1_2 all from ports as well. I've tried the freebsd-questions list, but I haven't got a response or seen my message even get through. Any clues will be much appreciated. My logs aren't giving me anything, only that all the modules are all loading ok. I had some ssl cache warnings, but they're resolved (I think). I believe it can't bind to the network for some reason: I need to find that reason :) Cheers Msg sent via @Mail - http://atmail.com/ - The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: from the digest: For additional commands, e-mail: Msg sent via @Mail - http://atmail.com/ - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Apache dies in Freebsd jail
I know this sounds like a headline, but its true. I had a disk space problem in the jail, so I reconfigured and restored the apache on the new disk size. I then added my other modules that I required from ports. I then checked if it all worked, and I got nada- firefox tells me the sites valid but the server won't connect. So far I've tried upping log levels to debug, httpd -X, and running portupgrade -fRr apache. All to no avail- I can get no message or hint or idea of why apache fails. If I run ps -ax I see httpd -DNOHTTPACCEPT or httpd -X still running (apparently), but I can't see any listeners on any ports/interfaces with sockstat. I need some help debugging this- something (ANYTHING!) that will give me a clue on what I've missed here. I'd rather not just blow it all away without attempting to find out what the hell is behind this. I'm running a jailed FreeBSD 7.2 and apache-2.2.11_7 built from ports. I've built php5-5.2.10, mod_perl2-2.0.4_2,3, and mod_python-3.3.1_2 all from ports as well. I've tried the freebsd-questions list, but I haven't got a response or seen my message even get through. Any clues will be much appreciated. My logs aren't giving me anything, only that all the modules are all loading ok. I had some ssl cache warnings, but they're resolved (I think). I believe it can't bind to the network for some reason: I need to find that reason :) Cheers Msg sent via @Mail - http://atmail.com/ - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] How can I secure my apache server from DoS attack ?
Please Change Following Parameters Timeout 60 KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 5 MinSpareServers 5 MaxSpareServers 10 StartServers 5 MaxClients 150 MaxRequestsPerChild 4000 Then Kernel settings are like : tcp_keepalive_time=900 tcp_fin_timeout=30 tcp_max_orphans=16384 tcp_tw_reuse=1 tcp_tw_recycle=1 tcp_rfc1337=1 tcp_no_metrics_save=1 tcp_fin_timeout 60 conf.default.rp_filter=1 tcp_syncookies=1 tcp_synack_retries=3 tcp_syn_retries=3 Regards Amit Maheshwari Linux System Administrator New Del On Tue, Jun 23, 2009 at 5:55 PM, Neelesh Gurjar neel@gmail.com wrote: Hi, I have a web server which has CentOS Linux 2.6.18-028stab059.6-ent kernel and Apache 1.3.37 running on it. 2 days back I got one script to test DoS attack on website. It is called slowloris.pl from http://ha.ckers.org/slowloris/ I run that script against my server and it worked. It stopped my website for some time. That time all other services like SSH were working fine. Can anybody suggests any configuration changes at Apache and OS/Kernel level to prevent from this type of attack ? Currently I am using following settings: Timeout 300 KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 5 MinSpareServers 5 MaxSpareServers 10 StartServers 5 MaxClients 150 MaxRequestsPerChild 0 Then Kernel settings are like : tcp_keepalive_time 7200 tcp_keepalive_time 9 tcp_keepalive_intvl 75 tcp_syn_retries 5 tcp_synack_retries 5 tcp_fin_timeout 60 -- Regards NeeleshG LINUX is basically a simple operating system, but you have to be a genius to understand the simplicity
Re: [us...@httpd] How do you build a FIPS 140-2 apache ?!?!?!
Not the best answers. But it was not a good question neither. Can anyone supply the step-by-steps for building apache with FIPS 140-2 openssl? is NOT a good question. There is a guide you should have readed before, about how to ask good questions. Because the answer is: Yes. I'm almost sure somebody can do it. Community answers are not always right to the point. You are not paying. The good thing about open source is that now that you know the answer, YOU can publish it. And you should have asked: subject: building an apache with openssl fips 140-2 I have made this, this and this. I have problems with THIS. Later I will do that other thing. which documentation should I read? I use 'alfa' linux, with apache version x.y.z, and openssl version H. El mié 27-may-09, Frank Gingras francois.ging...@gmail.com escribió: De: Frank Gingras francois.ging...@gmail.com Asunto: Re: [us...@httpd] How do you build a FIPS 140-2 apache ?!?!?! Para: users@httpd.apache.org Fecha: miércoles, 27 de mayo de 2009, 3:51 pm Sam, Since you're 'theman', I guess we assumed you'd manage on your own. Seriously, however, no one is forcing you to use this software. Go ahead and use commercial software, we won't mind. Frank Sam theman wrote: I was able to build a FIPS 140-2 apache, thanks to nobody at the apache users list. I banged my head against the wall for 2 days, and pieced together a lot of confused emails... WHY do apache developers not go the extra half foot and publish a doc. They will develop code out the gazoo, but then not tell anyone HOW to use it and people wonder why open source software is gradually being flushed down the toliet by the Oracle corp's of the world!! From: j.zucker...@gmail.com Date: Tue, 26 May 2009 19:13:15 -0700 To: users@httpd.apache.org Subject: Re: [us...@httpd] How do you build a FIPS 140-2 apache ?!?!?! On Tue, May 26, 2009 at 12:44 PM, Sam theman xray...@hotmail.com wrote: Hello, Can anyone supply the step-by-steps for building apache with FIPS 140-2 openssl? Sam Insert movie times and more without leaving Hotmail®. See how. hotmail ads? lol - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org _ Hotmail® goes with you. http://windowslive.com/Tutorial/Hotmail/Mobile?ocid=TXT_TAGLM_WL_HM_Tutorial_Mobile1_052009 - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org ¡Viví la mejor experiencia en la web! Descargá gratis el nuevo Internet Explorer 8 http://downloads.yahoo.com/ieak8/?l=ar - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] apache 2.2.3, virtual host and balancer manager. Only one balancer can be monitored
We have configured an apache http server instance to serve as load balancer between 3 aplications and 6 tomcat nodes, each application served by 2 nodes each, using virtual host and mod_proxy_balancer. This is the file which we use to set the first applicacion A to be served by nodes sftomcat02 and sftomcat05. (conf.d/vh_a_tramix.conf) Everything works as expected until this point: - request are directed to the vh according to the url. - request are balanced between tomcat nodes, session aware. - if a node goes down, after a while, request are redirected to the surviving node But balancer shows only a balancer (the first one to be read?) vh_a_tramix.conf follows: VirtualHost *:80 ServerAdmin anotherguy DocumentRoot /var/www/html ServerName www.a.ar ErrorLog logs/www.a.ar-error_log CustomLog logs/www.a.ar-error_log-access_log common ProxyRequests off Proxy * Order deny,allow Allow from all /Proxy ProxyPass /balancer-manager ! ProxyPass / balancer://a/ #ProxyPassReverse / balancer://a/ Proxy balancer://a BalancerMember ajp://sftomcat02:8029 route=tts2 #BalancerMember ajp://sftomcat05:8059 route=tts5 /Proxy ProxySet balancer://a stickysession=JSESSIONID nofailover=Off Location /balancer-manager SetHandler balancer-manager Order deny,allow Allow from all /Location /VirtualHost similar vh are configured (say vh_b_tramix.conf and vh_c_tramix.conf) but request to balancer-manager on this virtual hosts fails (tomcat node responds, so... is not trapped even by the ProxyPass /balancer-manager ! directive). I have tried to change ProxyPass /balancer-manager ! to ProxyPass /balancer-manager2 ! (and changed rest of file 'accordingly') and still fails. So, I kindly ask: Is it necesary to change something? (version? config?) Is this behaviour expected / to be changed? Which task should I accomplish to solve this is issue (if possible)? Does anybody have seen it working? Thanks in advance for any help you can provide. Yahoo! Cocina Recetas prácticas y comida saludable http://ar.mujer.yahoo.com/cocina/ - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Mod_rewrite and mod_proxy_balancer
sorry for asking... I do not understand why you use rewrite... I would use Location or ProxyPass directive. Simpler... Can not do a test now... but it seems pretty straight forward. --- El mié 20-may-09, ricardo figueiredo ricardoogra...@gmail.com escribió: De: ricardo figueiredo ricardoogra...@gmail.com Asunto: Re: [us...@httpd] Mod_rewrite and mod_proxy_balancer Para: users@httpd.apache.org Fecha: miércoles, 20 de mayo de 2009, 6:00 pm Anyone ??? Or my English isn't good ?? Ricardo On Wed, May 20, 2009 at 3:13 PM, ricardo13 ricardoogra...@gmail.com wrote: Hi all, I have a web cluster with 6 machines. Three machines serve only clients (class 1) and others serve only normal users (class 2). I use apache with modules mod_rewrite and mod_proxy_balancer. Use mod_rewrite to classify (between class1 and class2) incoming requests and mod_proxy_balancer forward request to the cluster (class1 or class2). Now, When I type in browser, for example http://localhost/1;, the cluster A serve my request and when I type http://localhost/2;, the cluster B serve my request. Now, I would like to know how I drop a request when come with other type user ?? For example, http://localhost/3; I tried this, but doesn't work. My httpd.conf: IfModule rewrite_module RewriteEngine on RewriteLog /usr/local/apache2/logs/rewrite_log RewriteLogLevel 5 RewriteLock /usr/local/apache2/logs/file.lock RewriteMap prgmap prg:/usr/local/apache2/admControl RewriteCond ${prgmap:$1} ^/bad_url$ RewriteRule /bad_url - [F] RewriteRule ^/(.*) balancer:/${prgmap:$1} [P] /IfModule Proxy balancer://class1 BalancerMember http://192.168.1.11 BalancerMember http://192.168.1.12 BalancerMember http://192.168.1.13 /Proxy Proxy balancer://class2 BalancerMember http://192.168.1.14 BalancerMember http://192.168.1.15 BalancerMember http://192.168.1.16 /Proxy My admControl: #include stdio.h #include stdlib.h int main(int argc,char *argv[]) { char input; int id; while(1) { fscanf(stdin, %d, id); switch(id) { case 1: fprintf(stdout, /class1); break; case 2: fprintf(stdout, /class2); break; case default: fprintf(stdout, /bad_url); break; } fprintf(stdout, \n); fflush(stdout); } return EXIT_SUCCESS; } Remember, How I drop a request from http:localhost/3 ??? Thank you Ricardo -- View this message in context: http://www.nabble.com/Mod_rewrite-and-mod_proxy_balancer-tp23640723p23640723.html Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org -- Muito Obrigado Ricardo ¡Viví la mejor experiencia en la web! Descargá gratis el nuevo Internet Explorer 8 http://downloads.yahoo.com/ieak8/?l=ar - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] apache 2.2.3, virtual host and balancer manager. Only one balancer can be monitored
I have read doc again, and after testing a little I think I should move Location directive to a different file (outside vh definition), in order to make sense, but results are the same... Thank you again. --- El mié 20-may-09, mboxdario-apa...@yahoo.com.ar mboxdario-apa...@yahoo.com.ar escribió: De: mboxdario-apa...@yahoo.com.ar mboxdario-apa...@yahoo.com.ar Asunto: [us...@httpd] apache 2.2.3, virtual host and balancer manager. Only one balancer can be monitored Para: users@httpd.apache.org Fecha: miércoles, 20 de mayo de 2009, 6:13 pm We have configured an apache http server instance to serve as load balancer between 3 aplications and 6 tomcat nodes, each application served by 2 nodes each, using virtual host and mod_proxy_balancer. This is the file which we use to set the first applicacion A to be served by nodes sftomcat02 and sftomcat05. (conf.d/vh_a_tramix.conf) Everything works as expected until this point: - request are directed to the vh according to the url. - request are balanced between tomcat nodes, session aware. - if a node goes down, after a while, request are redirected to the surviving node But balancer shows only a balancer (the first one to be read?) vh_a_tramix.conf follows: VirtualHost *:80 ServerAdmin anotherguy DocumentRoot /var/www/html ServerName www.a.ar ErrorLog logs/www.a.ar-error_log CustomLog logs/www.a.ar-error_log-access_log common ProxyRequests off Proxy * Order deny,allow Allow from all /Proxy ProxyPass /balancer-manager ! ProxyPass / balancer://a/ #ProxyPassReverse / balancer://a/ Proxy balancer://a BalancerMember ajp://sftomcat02:8029 route=tts2 #BalancerMember ajp://sftomcat05:8059 route=tts5 /Proxy ProxySet balancer://a stickysession=JSESSIONID nofailover=Off Location /balancer-manager SetHandler balancer-manager Order deny,allow Allow from all /Location /VirtualHost similar vh are configured (say vh_b_tramix.conf and vh_c_tramix.conf) but request to balancer-manager on this virtual hosts fails (tomcat node responds, so... is not trapped even by the ProxyPass /balancer-manager ! directive). I have tried to change ProxyPass /balancer-manager ! to ProxyPass /balancer-manager2 ! (and changed rest of file 'accordingly') and still fails. So, I kindly ask: Is it necesary to change something? (version? config?) Is this behaviour expected / to be changed? Which task should I accomplish to solve this is issue (if possible)? Does anybody have seen it working? Thanks in advance for any help you can provide. Yahoo! Cocina Recetas prácticas y comida saludable http://ar.mujer.yahoo.com/cocina/ - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org Yahoo! Cocina Recetas prácticas y comida saludable http://ar.mujer.yahoo.com/cocina/ - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] apache 2.2.3, virtual host and balancer manager. Only one balancer can be monitored
Well... it didnt worked, because i didn't rebooted httpd, but balancer-manager now is working for all vh sites. It has to be defined globally (probably the location /balancer-manager directive which can not have scheme or server name), outside virtual host definition. Sorry for the noise. Greetings. --- El mié 20-may-09, mboxdario-apa...@yahoo.com.ar mboxdario-apa...@yahoo.com.ar escribió: De: mboxdario-apa...@yahoo.com.ar mboxdario-apa...@yahoo.com.ar Asunto: Re: [us...@httpd] apache 2.2.3, virtual host and balancer manager. Only one balancer can be monitored Para: users@httpd.apache.org Fecha: miércoles, 20 de mayo de 2009, 7:18 pm I have read doc again, and after testing a little I think I should move Location directive to a different file (outside vh definition), in order to make sense, but results are the same... Thank you again. --- El mié 20-may-09, mboxdario-apa...@yahoo.com.ar mboxdario-apa...@yahoo.com.ar escribió: De: mboxdario-apa...@yahoo.com.ar mboxdario-apa...@yahoo.com.ar Asunto: [us...@httpd] apache 2.2.3, virtual host and balancer manager. Only one balancer can be monitored Para: users@httpd.apache.org Fecha: miércoles, 20 de mayo de 2009, 6:13 pm We have configured an apache http server instance to serve as load balancer between 3 aplications and 6 tomcat nodes, each application served by 2 nodes each, using virtual host and mod_proxy_balancer. This is the file which we use to set the first applicacion A to be served by nodes sftomcat02 and sftomcat05. (conf.d/vh_a_tramix.conf) Everything works as expected until this point: - request are directed to the vh according to the url. - request are balanced between tomcat nodes, session aware. - if a node goes down, after a while, request are redirected to the surviving node But balancer shows only a balancer (the first one to be read?) vh_a_tramix.conf follows: VirtualHost *:80 ServerAdmin anotherguy DocumentRoot /var/www/html ServerName www.a.ar ErrorLog logs/www.a.ar-error_log CustomLog logs/www.a.ar-error_log-access_log common ProxyRequests off Proxy * Order deny,allow Allow from all /Proxy ProxyPass /balancer-manager ! ProxyPass / balancer://a/ #ProxyPassReverse / balancer://a/ Proxy balancer://a BalancerMember ajp://sftomcat02:8029 route=tts2 #BalancerMember ajp://sftomcat05:8059 route=tts5 /Proxy ProxySet balancer://a stickysession=JSESSIONID nofailover=Off Location /balancer-manager SetHandler balancer-manager Order deny,allow Allow from all /Location /VirtualHost similar vh are configured (say vh_b_tramix.conf and vh_c_tramix.conf) but request to balancer-manager on this virtual hosts fails (tomcat node responds, so... is not trapped even by the ProxyPass /balancer-manager ! directive). I have tried to change ProxyPass /balancer-manager ! to ProxyPass /balancer-manager2 ! (and changed rest of file 'accordingly') and still fails. So, I kindly ask: Is it necesary to change something? (version? config?) Is this behaviour expected / to be changed? Which task should I accomplish to solve this is issue (if possible)? Does anybody have seen it working? Thanks in advance for any help you can provide. Yahoo! Cocina Recetas prácticas y comida saludable http://ar.mujer.yahoo.com/cocina/ - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org Yahoo! Cocina Recetas prácticas y comida saludable http://ar.mujer.yahoo.com/cocina/ - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org Yahoo! Cocina Recetas prácticas y comida saludable http://ar.mujer.yahoo.com/cocina/ - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] WebDAV works for anything but Windows Vista and Windows 7
André Warnier wrote: André Warnier wrote: Summaries (apparently recently updated) can be found here : http://greenbytes.de/tech/webdav/webfolder-client-list.html http://greenbytes.de/tech/webdav/webdav-redirector-list.html Thanks for these summary links and the hints, André. Looks like Windows's WebDAV support is a nightmare indeed. Even in Windows 7, WebDAV support doesn't seem to be good. Maybe one hint, if you have not seen or tried it before : when you create/connect the DAV folder under Windows, at the moment it asks for the URL/path, make sure to add the :port number after the hostname, even if it is the default port for the protocol. Like, connect to http(s)://server.company.com:port/dirname Sorry, according to the summaries above, it would seem that for Vista it may be just the opposite : the port number should /not/ be specified. I've tried both variants once again, but there wasn't any difference. However, another of the listed cases may apply : I see your URL is https://www.numlock.ch/webdav/testshare , which would fall in the category server-discovery of the above pages. Suggestion : - in the server configuration, define an Alias /testdav/ /webdav/testshare/ - in Windows, try connecting to https://www.numlock.ch/testdav The same for this, unfortunately. Also with a publicly readable parent directory. Daniel - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] WebDAV works for anything but Windows Vista and Windows 7
Pete.LeMay wrote: Vista and I'm assuming W7 have issues with most webdav, These are the extra steps on the client I've had to do to make vista work with webdav from a win server. (a) The below update must be applied. http://www.microsoft.com/downloads/details.aspx?FamilyId=17C36612-632E-4C04-9382-987622ED1D64displaylang=en It is also necessary to have the client machine completely current will all Windows updates (and client restarted of course). (b) Access through Internet Explorer does not work, the user must access via Windows Explorer: Windows Vista - Map Web Folder: - Computer - Map Network Drive - Connect to a Web site that you can use to store our documents and pictures - Enter address Thanks, Pete. I tried this hotfix already, but I applied it again. Vista wasn't impressed, however. A pretty strange thing is that the version of the WebDAV mini redirector (mrxdav.sys) on my Vista box is 6.0.6001.18000. According to http://greenbytes.de/tech/webdav/webdav-redirector-list.html it should be 6.0.6001.22167 with the latest Vista updates applied. According to Windows Update I've installed all the available updates for Vista. Daniel - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Apache ldap authentication and secrurity
Server - RH5 httpd-2.2.3 I have setup a server that uses ssl ldap authentication. This all works fine. I am trying to understand the connection from a client browser to the server. I am sniffing the packets on the server with tcpdump and also have tried wireshark. Since the server is using http not https I assumed that all traffic from the client browser to the server would be in clear text. So, when I connect to the server with the client browser I get the authentication window. I enter a username and passwd. Looking at the traffic on the server I see everything but the username and passwd. I would of thought that it would transmit the username and pass in clear text to the server since it is using http. The web server goes to the ldap server using ssl, so that traffic is encrypted as I expected. I'm just confused as to why the username and pass is not seen when looking at the packets. This is of course good behavior, but I am just trying to understand how it works. It seems that I have done this before with earlier versions and have seen the username and pass. Maybe I'm just remembering this wrong. Anyone know how this works? - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] WebDAV works for anything but Windows Vista and Windows 7
Hi all, my WebDAV setup works fine for Windows XP, Linux, Mac OS X, Java, but it doesn't work at all when using the native WebDAV client of Windows Vista (and Windows 7). https://www.numlock.ch/webdav/testshare user: testshare pwd: testshare The share uses a self-signed certificate and the configuration looks as follows: Directory /path/to/webdav/testshare Options Indexes Dav On AuthType Basic AuthName Some name AuthUserFile /path/to/pwdfile Require user testshare /Directory # Note: setenvif_module is loaded by default IfModule setenvif_module BrowserMatch Microsoft Data Access Internet Publishing Provider redirect-carefully BrowserMatch MS FrontPage redirect-carefully BrowserMatch ^WebDrive redirect-carefully BrowserMatch ^WebDAVFS/1.[012345] redirect-carefully BrowserMatch ^gnome-vfs/1.0 redirect-carefully BrowserMatch ^XML Spy redirect-carefully BrowserMatch ^Dreamweaver-WebDAV-SCM1 redirect-carefully /IfModule The error message on Windows Vista (64 bit business edition) reads in about: Specified folder invalid. Choose another folder Apache doesn't log any error at all, suggesting that Vista's request doesn't even reach the server for whatever strange reason (note that using a Java-based DAVExplorer client on the same Windows Vista box works fine, however). Strangely, I couldn't spot any WebDAV related error message in Windows Vista's logs either. I already tried a lot of the (server and client side) hints I found on the web, but none of them helped. I'd appreciate if any of you could confirm whether accessing my test share using Windows Vista (64 bit) works. The mission's primary target is to make my Apache WebDAV share work nicely with Vista/Windows 7 (or the other way round, more appropriately ;). Thanks Daniel - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [EMAIL PROTECTED] rewrite help
I have figured out the problem. Once apache tested the request URI it tested it a second time as an internal redirect and would fail, or get in a loop. So I just had to tell it not to check for /wc , which wasn't excluded by the !-f and !-d because it doesn't exist on the filesystem because it is a perl handler. my config that works: RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} !^/wc RewriteRule ^(.*)$ /wc?uni=$1 [L] Thanks solprovider and André for your help. Ukiah On Tue, Nov 04, 2008 at 08:53:00AM +0100, André Warnier wrote: Also, maybe be aware that (.*) will match anything, even the empty string, so you may end up with /wc?uni= (unless as solprovider indicates, you have a different rule for /). It may be better to use ^/(.+)$, which will only match if there is actually something after the /. [EMAIL PROTECTED] wrote: Do not escape the question mark. RewriteRule ^/(.*) /wc?uni=$1 [L] - the first character must be a slash and is not included in the $1 variable. - Add /wc?uni= before the rest of the URL on the same server. - Discard any querystring from the visitor. (No QSA flag.) - [L] = stop processing RewriteRules. You may want another RewriteRule for /, HTH, solprovider On 11/3/08, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I am trying to get a redirect to work so that I can get friendl URLs for my website. I am using mod_perl and have written a little handler as a controler to handle all requests. What I currently have that works as follows. RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f [OR] RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^wc/(.*) /wc\?uni=$1 [L] The user types in: http://example.com/wc/docName and apache rewrites: http://example.com/wc?arg=docName Where /wc is my perl handler, as such: PerlModule Examplepackage::WC Location /wc SetHandler perl-script PerlResponseHandler Examplepackage::WC /Location This works and it's great, but I want to work just a little different. I want the user to type in: http://example.com/docName and apache rewrite: http://example.com/wc?arg=docName I have tried a few different RewriteRule types and either they 404 or it exceedes 10 internal redirects (internal server error). I have tried: RewriteRule ^/(.*) /wc\?uni=$1 [L] RewriteRule ^(.*) /wc\?uni=$1 [L] RewriteRule /(.*) /wc\?uni=$1 [L] RewriteRule . /wc\?uni=$1 [L] RewriteRule /(.*)$ /wc\?uni=$1 [L] and other such permutations. What am I doing wrong? - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] rewrite help
I am trying to get a redirect to work so that I can get friendl URLs for my website. I am using mod_perl and have written a little handler as a controler to handle all requests. What I currently have that works as follows. RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f [OR] RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^wc/(.*) /wc\?uni=$1 [L] The user types in: http://example.com/wc/docName and apache rewrites: http://example.com/wc?arg=docName Where /wc is my perl handler, as such: PerlModule Examplepackage::WC Location /wc SetHandler perl-script PerlResponseHandler Examplepackage::WC /Location This works and it's great, but I want to work just a little different. I want the user to type in: http://example.com/docName and apache rewrite: http://example.com/wc?arg=docName I have tried a few different RewriteRule types and either they 404 or it exceedes 10 internal redirects (internal server error). I have tried: RewriteRule ^/(.*) /wc\?uni=$1 [L] RewriteRule ^(.*) /wc\?uni=$1 [L] RewriteRule /(.*) /wc\?uni=$1 [L] RewriteRule . /wc\?uni=$1 [L] RewriteRule /(.*)$ /wc\?uni=$1 [L] and other such permutations. What am I doing wrong? - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Serve static files from Apache 2.2.9 question
add a documentroot for your static files in your configuration, something like : DocumentRoot C:/Program Files/Apache Software Foundation/Tomcat 6.0/webapps/your-webapp-id David Williams-15 wrote: Hello All, I'm trying to set up Apache 2.2.9 web server on Windows to front, in this case, a Tomcat environment. What I would like to do is direct certain file types, for example .css files, to Apache and proxy the rest to Tomcat. I've got Apache proxing all but the .css files using the following. ProxyRequests Off Proxy * Order deny,allow Allow from all /Proxy ProxyPassMatch ^(/.*\.css)$ ! ProxyPass /myapp http://example.com:port/myapp ProxyPassReverse /myapp http://example.com:port/myapp Now what I need to do is direct the .css files to Apache and that's where I'm not sure what to do next. Does anyone have any suggestions? Thanks for your help, David -- View this message in context: http://www.nabble.com/Serve-static-files-from-Apache-2.2.9-question-tp19850061p20042560.html Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Running an Apache server with SCTP
Hi I´m trying to change the configuration of Apachein order to let it work with SCTP. I have foundsome models in the net : http://pel.cis.udel.edu/ or www.sctp.org Thoseversions seem to work only with Kame SCTP on FreeBSD I´m using Ubuntu8.04 and LKSCTP. Thx for anyKind of Help HakimAdhari UniversityOf Dortmund
[EMAIL PROTECTED] http header parsing
has anyone found a scenarion, wherein based on a condition, the http header will NOT be parsed at all... what the steps involved, after an http request reaches the server,
[EMAIL PROTECTED] ACL - access control lists
does apache servers use ACLs to check conditions based on the incoming http request URL, even before the header is parsed?
Re: [EMAIL PROTECTED] RewriteMap with Java RewriteLock
Thanks for your answer. I already try this but when I write this script, I don't know how to handle the loop with stdin (in the shell script or in the java file ?) : I try this in the shell : #!/bin/sh while read text do java -classpath /path/to/java/class/ MainClass done But it don't seem to work.. I didn't manage to configure the lock file, could it be the main problem ? I just add RewriteLock /etc/apache2/myLock.lock in my http.conf file. But apache server simply don't start with that, without any error in the log file. I try creating the file or not, with chmod 777. But I think I miss something. Somebody could help ? Thanks Cedric Le 15 juil. 08 à 13:28, Eric Covener a écrit : On Tue, Jul 15, 2008 at 4:26 AM, Anazys - Apache [EMAIL PROTECTED] wrote: Hi all, I try tu use a RewriteMap to rewrite dynamically urls on MacOS 10.5 Leopard Server. The code is really simple in the http.conf file : RewriteMapmymap prg:/path/to/map.class RewriteRule ^/path/(.*)$ /path/page?${mymap:$1} But when I launch Apache, I have this message in error log : [Mon Jul 14 15:47:43 2008] [error] (86)Bad CPU type in executable: exec of '/etc/apache2/Main.class' failed Anybody knows what could be the problem ? Is it possible tu use a Java file for RewriteMap ? You need to write a shell script that launches java class, and use the script in your Apache config. Class files are not executables. -- Eric Covener [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] RewriteMap with Java RewriteLock
My Java class read from stdin (System.in), the main problem is the loop : with the while read text, there is an infinite loop. But when I only write a call from the shell to the java class : #!/bin/sh java -classpath /path/to/java/class/ MainClass It work perfectly the first time but nothing after this first call. It's normal because there isn't any loop, but i don't know how to write this loop in the shell script. Thanks for your help Eric. Le 16 juil. 08 à 15:38, Eric Covener a écrit : On Wed, Jul 16, 2008 at 3:01 AM, Anazys - Apache [EMAIL PROTECTED] wrote: Thanks for your answer. I already try this but when I write this script, I don't know how to handle the loop with stdin (in the shell script or in the java file ?) : I try this in the shell : #!/bin/sh while read text do java -classpath /path/to/java/class/ MainClass done Your java class should read from stdin. -- Eric Covener [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] RewriteMap with Java
Hi all, I try tu use a RewriteMap to rewrite dynamically urls on MacOS 10.5 Leopard Server. The code is really simple in the http.conf file : RewriteMapmymap prg:/path/to/map.class RewriteRule ^/path/(.*)$ /path/page?${mymap:$1} But when I launch Apache, I have this message in error log : [Mon Jul 14 15:47:43 2008] [error] (86)Bad CPU type in executable: exec of '/etc/apache2/Main.class' failed Anybody knows what could be the problem ? Is it possible tu use a Java file for RewriteMap ? Thanks for your help Cedric. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Apache 2.0 support for huge files (2 GB) on 64 bit platform
Hi, my current state of information is that to allow serving huge files on a 32 bit system I need to: - set compile time flags D_LARGEFILE_SOURCE AND -D_FILE_OFFSET_BITS=64 - set LimitRequestBody to a high enough value Are the compile switches necessary on a 64 bit platform as well? Thanks for any help. Christian - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Apache 2.0 support for huge files (2 GB) on 64 bit platform
Hi, my current state of information is that to allow serving such huge files on a 32 bit system I need to: - set compile time flags D_LARGEFILE_SOURCE AND -D_FILE_OFFSET_BITS=64 - set LimitRequestBody to a high enough value Are the compile switches necessary on a 64 bit platform as well? Thanks for any help. Christian - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Roadmap for Apache HTTP 2.0 and/or 2.2
Hello, I have been asked to evaluate the life cycle contingencies for our apache servers. So far I have been unable to find something like a roadmap to see how future releases are planned for the different branches. Is there such a thing ? I am especially interested in how long the branches are likely to stay supported with bugfixes etc. Thanks for any hints Christian - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: stabiliaetsprobleme mit apache-2.2.6
Hallo Uwe, bittekein tofu... [EMAIL PROTECTED] schrieb: hier erstmal meine config. wenn Du was angeanhen haben solltest, so ist das nicht angekommen.. Da der apache mit mod_php doch relativ verbreitet kann ich mir nicht vorstellen dass es daran liegt. ich ein ähnliches Verhalten mal mit mod_php erlebt, da war ein Datenbankinterface die Uhrsache, das die apachen prozesse nicht wirklich gestorben sind... das ganze klingt ein wenig dannach... Deshalb die Frage, siehst Du in den server-status, den fall, das wenn der apche nichts zu tun hat, auch wieder prozesse erfolgreich abgebaut werden ? wogegen und wie hat Du das php gebaut? fragt falk -- Überwachungsstaat - Nein Danke! Vorratsdatenspeicherung Abschaffen! http://www.vorratsdatenspeicherung.de -- Apache HTTP Server Mailing List users-de unsubscribe-Anfragen an [EMAIL PROTECTED] sonstige Anfragen an [EMAIL PROTECTED] --
Re: stabiliaetsprobleme mit apache-2.2.6
[EMAIL PROTECTED] schrieb: ich habe die netbsd-default-config (prefork) verwendet. da ich netbsd-default-config nicht kenne, sage mir doch wo ich sie finde... mod_auth_pgsql und mod_php (5.2.4). nur um das Problem mal einzukreisen, ohne mod_php verhält sich der apache genau so? zu den Prozesse im Graceful: leider befinden sich die von mir angesprochenen prozesse oft auch nach 1-2 stunden noch im Graceful. so lange duerfte kein request dauern. schneller workaround: die betreffenden pids nach dem gracful manuell killen (nicht schön, aber wirkungsvoll) falk -- Apache HTTP Server Mailing List users-de unsubscribe-Anfragen an [EMAIL PROTECTED] sonstige Anfragen an [EMAIL PROTECTED] --
Re: stabiliaetsprobleme mit apache-2.2.6
Das einige Prozesse im Graceful finishing bleiben, ist beim gracful gewünscht, das sind die Prozesse die gerade noch Requests bearbeiten, die Prozesse sollten nach dem die Requests abgefrühstückt sind, verschwinden. Erzähl mahl mehr über den apachen, z.B. mit welchen Modulen Du Ihn gebaut hast usw... falk [EMAIL PROTECTED] schrieb: ich glaube ein graceful restart ist ein SIGUSR1 an den apache. Leider klappt das bei mir auch nicht so richtig. Wenn man auf der server-status seite nachsieht bekommt man fuer jeden prozess den aktuellen zustand. nach dem SIGUSR1 verbleiben einige prozesse in g Graceful finishing. Nach jedem SIGUSR1 kommen ein paar dazu usw. Aus diesem Grund bin ich auf SIGHUP gegangen. Leider treten hier die schon beschriebenen probleme auf. -- Apache HTTP Server Mailing List users-de unsubscribe-Anfragen an [EMAIL PROTECTED] sonstige Anfragen an [EMAIL PROTECTED] --
[EMAIL PROTECTED] Apache 2.2 MPM Worker Virtual Memory Usage
There appears to be a significant difference between Apache 2.2 MPM Worker and MPM Perfork virtual memory usage. As well as between Apache 2.2 MPM Worker and Apache 1.3 virtual memory usage. This can become an issue in a VPS (virtual private server) environment where resources are more constrained. I am seeing 280MB vs 5.8MB of VM usage per process. You could argue that worker is supposed to use more virtual memory, as running multiple threads per process it actually uses less. But, that is not the case. Total VPS privvmpages is 2.1GB vs 358MB. What is really interesting here is why is it so much higher. You would expect some increase but it looks like most (if not all) of the virtual memory of each of the 7 worker processes is not shared. 7 * 280MB = 2GB. Which means it can't be code. I don't see how it could be this much code anyway. So then what is it? (Conversely most of the 2.2 perfork virtual memory is shared code. 150 * 5.8MB = 850MB,which is more than 358MB for the entire VPS.) Is the code building some kind of large local process database? Anyway to turn it off? Note I do have PHP or any other programmatic modules loaded. See below for configure info. Thanks... # # Apache 2.2 Worker Thread Memory Usage # # Process data. 599 28344 28338 20 0 5772 1772 - S? 0:00 /usr/local/apache/bin/httpd -k start -DSSL 599 28347 28338 20 0 282496 2020 pipe_w Sl ? 0:00 /usr/local/apache/bin/httpd -k start -DSSL 599 28349 28338 22 0 282496 2020 pipe_w Sl ? 0:00 /usr/local/apache/bin/httpd -k start -DSSL 599 28351 28338 22 0 282496 2020 pipe_w Sl ? 0:00 /usr/local/apache/bin/httpd -k start -DSSL 599 28352 28338 22 0 282496 2020 pipe_w Sl ? 0:00 /usr/local/apache/bin/httpd -k start -DSSL 599 28360 28338 20 0 282496 2020 pipe_w Sl ? 0:00 /usr/local/apache/bin/httpd -k start -DSSL 599 30684 28338 15 0 282496 2020 pipe_w Sl ? 0:00 /usr/local/apache/bin/httpd -k start -DSSL 5 0 28338 1 16 0 5868 2468 - Ss ? 0:00 /usr/local/apache/bin/httpd -k start -DSSL 599 28345 28338 20 0 282632 2660 pipe_w Sl ? 0:00 /usr/local/apache/bin/httpd -k start -DSSL # Vpsstat data. +--+++++--+ | Resource |Current | Recent Max |Barrier | Limit | Failures | +--+++++--+ Primary Parameters +--+++++--+ | all memory | 157.0 MB |n/a | 1024.0 MB |n/a | n/a | | vmguarpages |n/a |n/a | 256.0 MB |n/a |0 | | oomguarpages | 146.4 MB | 146.5 MB |n/a |n/a |0 | | privvmpages | 2.1 GB | 2.1 GB |n/a |n/a |0 | | physpages| 146.4 MB | 146.5 MB |n/a |n/a |0 | +--+++++--+ Secondary Parameters +--+++++--+ | kmemsize | 9.8 MB | 9.9 MB | 2.0 GB | 2.0 GB |0 | | tcpsndbuf| 423.6 kB | 423.6 kB | 2.0 GB | 2.0 GB |0 | | tcprcvbuf| 562.2 kB | 562.2 kB | 2.0 GB | 2.0 GB |0 | | othersockbuf |94.4 kB |94.4 kB | 2.0 GB | 2.0 GB |0 | | dgramrcvbuf | 0 B | 0 B | 2.0 GB | 2.0 GB |0 | | shmpages | 5.2 MB | 5.2 MB |n/a |n/a |0 | | lockedpages | 0 B | 0 B |n/a |n/a |0 | +--+++++--+ Auxiliary Parameters +--+++++--+ | numproc |271 |272 |n/a |400 |0 | | numtcpsock | 35 | 35 |n/a |500 |0 | | numothersock | 70 | 70 |n/a |500 |0 | | numfile | 5663 | 5680 |n/a | 8192 |0 | | numflock | 9 | 9 |200 |220 |0 | | numpty | 2 | 2 |n/a | 64 |0 | | numiptent| 75 | 75 |n/a |500 |0 | +--+++++--+ # Configure options. CFLAGS/CPPFLAGS = -pipe -Os -march=pentium4 ./configure --enable-deflate --enable-expires --enable-headers --enable-imagemap --enable-logio --enable-nonportable-atomics=yes --enable
[EMAIL PROTECTED] Apache 2.2.6 and CGI problem - solved - doc bug?
Thanks to my not reading Joshua Silve's reply and his second correction everything is working. I needed a Directory entry for the directory that had the *html files that call the JavaScript and CGI files. So I needed three entries as follows: For the file with *html: AllowOverride None Options +Includes AddType text/html .html AddOutputFilter INCLUDES .html Order allow,deny Allow from all For the JavaScript area: AllowOverride None Options +Includes Order allow,deny Allow from all For the CGI scripts: AllowOverride None Options +ExecCGI Order allow,deny Allow from all I'll give the Apache people a few days to read this as I think this is a doucmentation bug. 1. I think the http://httpd.apache.org/docs/2.2/howto/cgi.html should have link to http://httpd.apache.org/docs/2.2/howto/ssi.html. Some of the data is related and required to get CGI running. 2. An example of http.conf entries (like given above) should be included with explanation on why each entry is needed with a recommended settings (which would need someone with more experience than me). Thanks, David - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Apache 2.2.6 and CGI problem.
I'm a newbie to Apache and throwing myself on the wisdom of the list. I'm running FreeBSD6.2 in a jail with Apache 2.2.6. The basic set-up works but I'm having problems with dynamic HTML and cgi scripts. I'm using perl for my testing. Going through the HowTo I can invoke the script as a direct URL. I can make a tag with an href of /cgi-bin/xxx.pl and clicking on the link brings up the script's result. So it looks like I have the CGI rules configured correctly. But no matter what I've tried I can't get the text into the HTML page when it loads initially. I've tried: #exec cgi=/cgi-bin/xxx.pl and a number of tags that shouldn't and didn't work. All I see are the HTML tags. Including all my failed attempts as place holders for my stupidity. I must be missing a config item somewhere but I can't see it. Config that I've update are: IfModule alias_module ScriptAlias /cgi-bin/ /usr/local/www/cgi-bin/ /IfModule IfModule mime_module TypesConfig mime.types AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddHandler cgi-script .cgi .pl /IfModule Directory /usr/local/www/cgi-bin/ AllowOverride None Options +ExecCGI +Includes Order allow,deny Allow from all /Directory I don't believe I need the +Includes as I'm not doing anything with shtml at this point. If anyone sees anything I've missed it would be great if they would enlighten my ignorance. Thanks - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Any idea how to get the second SSL cert working?
Sounds like you are trying to do ssl hosting with name-based virtual hosts. That won't work. An explanation is here: http://wiki.apache.org/httpd/NameBasedSSLVHosts Joshua. Yup - that's it exactly. Thanks Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Any idea how to get the second SSL cert working?
I have 2 certs installed. One is for the main site and the other is for a subdomain. Both are set up as VirtualHosts in the ssl.conf file. I also set the default one to use the primary site's certs. The certs are from GoDaddy. I have a NameVirtualHost specified for port 80 and port 443. It seems like I have everything covered, but I go to the subdomain and it tells me it's using the cert for the main site. The main site cert does appear to be working properly. Any ideas? Side note... I'm trying to point port 80 and 443 to the same directory on the server for the main site. Could that be causing the problem? - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] No remote user in LOG file in CGI (HTTP Authentification)
Hello, According to my previous post on the bug track: http://issues.apache.org/bugzilla/show_bug.cgi?id=43018 This is a script in PHP that is called by the a CGI handler in Apache. HTTP Authentification. In a normal Apache module environnement, a HTTP Authentification is called and we can see on the log of Apache : IP - USER - [DATETIME] GET / HTTP/1.1 200 SIZE REFERER AGENT Meanwhile, in a CGI environnement, Apache call a CGI script, in my exemple PHP and pass him variables. So in order of compatibility to pass the authentification to the PHP script, we have to set a .htaccess where : RewriteEngine on RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L HTTP:Authorization%7D,L] So with it in environnement variables we can see : [REDIRECT_REMOTE_USER] = Basic dGl0aTp0b3Rv [REDIRECT_STATUS] = 200 where dGl0aTp0b3Rv is corresponding to user:password titi:toto (base64) Of course, with network analyzer, we can see that the browser send to the Apache serveur in HTTP headers : Authorization: Basic dGl0aTp0b3Rv (our titi:toto) In this cas, Apache log don't indicate the user : IP - - - [DATETIME] GET / HTTP/1.1 200 SIZE REFERER AGENT Ok, the use of PHP is independant of Apache log writes but if browser send Authorization: Basic dGl0aTp0b3Rv in a module Apache or CGI Apache (PHP), why Apache, that see the basic, don't write the remote_user in the log ? In normal environnement, whithout CGI, handler ..., the browser send the same request and the log indicate the USER. According to the track response, I've replaced the %u to %u in the LogFormat directive but the user authentified still no appear in the log : IP - - - [DATETIME] GET / HTTP/1.1 200 SIZE REFERER AGENT Has anyone the same problem or a soltion ? Thank you for any help. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] No remote user in LOG file in CGI (HTTP Authentification)
Hi, Authentification is configured by PHP, it send to the browser required headers in order to provide authentification : header(WWW-Authenticate: Basic realm=\Realm\); header(HTTP/1.0 401 Unauthorized); For the CGI, it is called in Apache CONF as following : AddHandler cgi-php5 .php5 .php Action cgi-php5 /php5/php5-cgi SuexecUserGroup existing_user users where /php5/php5-cgi is the executable compiled CGI PHP and existing_user is an non privilegied user of the unix system. So the PHP (CGI) script is executed with existing_user privilege. The authentification mechanism is OK, I login in the CGI script perfectly with credential titi:toto but logs'apache don't indicate titi as %u (LogFormat) Thanks, Joshua Slive a écrit : On 8/3/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hello, According to my previous post on the bug track: http://issues.apache.org/bugzilla/show_bug.cgi?id=43018 This is a script in PHP that is called by the a CGI handler in Apache. HTTP Authentification. Your problem is very hard to decipher. Exactly how is authentication configured, and exactly how is your CGI called? Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] mod_deflate/mod_mem_cache issues
Thanks for the help, Joshua. I configured apache to use mod_disk_cache and it seems to be working and compressed content is getting served up correctly. Guess that means it is a bug in mod_mem_cache ? I still have to run some tests to check the performance of (caching on disk + compression) vs ( caching in memory) though. From: Joshua Slive [EMAIL PROTECTED] Reply-To: users@httpd.apache.org To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] mod_deflate/mod_mem_cache issues Date: Wed, 19 Jul 2006 20:01:48 -0400 On 7/19/06, Apache User [EMAIL PROTECTED] wrote: Hi, I have an Apache 2.2.2 setup on a Redhat box. Mod_proxy(mod_proxy_ajp) is being used to connect to tomcat on the same machine. Caching is implemented using mod_cache(mod_mem_cache). This setup works fine and caching seems to be working as expected. The problem occurs when I try to optimize further by supporting HTML compression using mod_deflate. In this case, whenever deflated documents are served by the cache the Content-length returned is 0. Is this a known issue ? Can mod_deflate and mod_mem_cache be used together ? Or is it that mod_mem_cache cannot handle compressed content ? I don't have any specific info on this problem, but I'd highly recommend using mod_disk_cache in place of mod_mem_cache. It is better tested, and will be more performant in most scenarios. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ FREE pop-up blocking with the new MSN Toolbar get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] mod_deflate/mod_mem_cache issues
Hi, I have an Apache 2.2.2 setup on a Redhat box. Mod_proxy(mod_proxy_ajp) is being used to connect to tomcat on the same machine. Caching is implemented using mod_cache(mod_mem_cache). This setup works fine and caching seems to be working as expected. The problem occurs when I try to optimize further by supporting HTML compression using mod_deflate. In this case, whenever deflated documents are served by the cache the Content-length returned is 0. Is this a known issue ? Can mod_deflate and mod_mem_cache be used together ? Or is it that mod_mem_cache cannot handle compressed content ? Here's the output from lwp-request( the second one shows the serving up of cached content) [EMAIL PROTECTED] lwp-request -uedsx http://localhost:80/Main.do -H Accept-Encoding:gzip,deflate LWP::UserAgent::new: () LWP::UserAgent::request: () LWP::UserAgent::send_request: GET http://localhost:80/Main.do LWP::UserAgent::_need_proxy: Not proxied LWP::Protocol::http::request: () LWP::Protocol::collect: read 670 bytes LWP::Protocol::collect: read 4096 bytes LWP::Protocol::collect: read 3002 bytes LWP::UserAgent::request: Simple response: OK GET http://localhost:80/Main.do 200 OK Cache-Control: no-store, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Tue, 18 Jul 2006 18:27:35 GMT Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Content-Length: 7768 Content-Type: text/html;charset=ISO-8859-1 Expires: Tue, 18 Jul 2006 18:30:37 GMT Last-Modified: Tue, 18 Jul 2006 18:27:37 GMT Client-Date: Tue, 18 Jul 2006 18:27:37 GMT Client-Peer: 127.0.0.1:80 Client-Response-Num: 1 [EMAIL PROTECTED] lwp-request -uedsx http://localhost:80/Main.do -H Accept-Encoding:gzip,deflate LWP::UserAgent::new: () LWP::UserAgent::request: () LWP::UserAgent::send_request: GET http://localhost:80/Main.do LWP::UserAgent::_need_proxy: Not proxied LWP::Protocol::http::request: () LWP::UserAgent::request: Simple response: OK GET http://localhost:80/Main.do 200 OK Cache-Control: no-store, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Tue, 18 Jul 2006 18:28:32 GMT Age: 56 Server: Apache/2.2.2 (Unix) Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Content-Length: 0 Content-Type: text/html;charset=ISO-8859-1 Expires: Tue, 18 Jul 2006 18:30:37 GMT Last-Modified: Tue, 18 Jul 2006 18:27:37 GMT Client-Date: Tue, 18 Jul 2006 18:28:32 GMT Client-Peer: 127.0.0.1:80 Client-Response-Num: 1 Here's the deflate.log contents GET /Main.do HTTP/1.1 7750/35169 (22%) GET /Main.do HTTP/1.1 -/- (-%) Relevant sections of my httpd.conf: LoadModule cache_module modules/mod_cache.so LoadModule mem_cache_module modules/mod_mem_cache.so LoadModule deflate_module modules/mod_deflate.so LoadModule expires_module modules/mod_expires.so LoadModule headers_module modules/mod_headers.so LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_ajp_module modules/mod_proxy_ajp.so # # mod_expires settings # IfModule expires_module ExpiresActive On ExpiresByType text/css access plus 1 day ExpiresByType image/gif access plus 1 month ExpiresByType image/jpeg access plus 1 month /IfModule # # mod_proxy/mod_proxy ajp settings # IfModule proxy_module ProxyRequests Off Proxy * Order deny,allow Allow from all /Proxy ProxyPass /favicon.ico ! ProxyPass / ajp://localhost:8009/ ProxyPassReverse / ajp://localhost:8009/ /IfModule # # mod_cache/mod_mem_cache settings # IfModule cache_module IfModule mem_cache_module CacheEnable mem / CacheStoreNoStore On # CacheIgnoreCacheControl On # CacheIgnoreNoLastMod On # CacheMaxExpire 150 MCacheSize 4096 MCacheMaxObjectCount 200 MCacheMinObjectSize 1 MCacheMaxObjectSize 524288 /IfModule /IfModule # # Worker MPM settings # IfModule mpm_worker_module StartServers 1 MaxClients 250 ThreadsPerChild 50 MinSpareThreads 25 MaxSpareThreads 75 /IfModule IfModule deflate_module SetOutputFilter DEFLATE SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|rar|zip)$ no-gzip DeflateFilterNote Input instream DeflateFilterNote Output outstream DeflateFilterNote Ratio ratio LogFormat '%r %{outstream}n/%{instream}n (%{ratio}n%%)' deflate CustomLog logs/deflate.log deflate BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4\.0[678] no-gzip BrowserMatch \bMSIE !no-gzip !gzip-only-text/html IfModule headers_module Header append Vary User-Agent /IfModule /IfModule Any insight, suggestions or assistance with this would be very much appreciated. Thank you. --S _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional
[EMAIL PROTECTED] Apache 2.2.2 error with FreeBSD 6.1
Good Day, I have a strange problem, I've just compiled httpd-2.2.2 on FreeBSD 6.1. When I try to start it up I get this message: Assertion failed: (lu-lu_myreq-lr_owner == lu), function _lock_acquire, file /usr/src/lib/libpthread/sys/lock.c, line 171. Abort trap (core dumped) I think the problem lies with the fact httpd is linked to libpthreads twice. Here is the ldd of httpd: libm.so.4 = /lib/libm.so.4 (0x280b7000) libpcre.so.0 = /usr/local/lib/libpcre.so.0 (0x280cd000) libaprutil-1.so.2 = /usr/local/lib/libaprutil-1.so.2 (0x280ec000) libgdbm.so.3 = /usr/local/lib/libgdbm.so.3 (0x28101000) libdb4.so.0 = /usr/local/lib/libdb4.so.0 (0x28107000) libpq.so.4 = /usr/local/pgsql/lib/libpq.so.4 (0x2818d000) libexpat.so.5 = /usr/local/lib/libexpat.so.5 (0x281a7000) libapr-1.so.2 = /usr/local/lib/libapr-1.so.2 (0x281c8000) libcrypt.so.3 = /lib/libcrypt.so.3 (0x281e8000) libpthread.so.20 = /usr/local/lib/libpthread.so.20 (0x2820) libc.so.6 = /lib/libc.so.6 (0x28218000) libssl.so.4 = /usr/lib/libssl.so.4 (0x282ef000) libcrypto.so.4 = /lib/libcrypto.so.4 (0x2831d000) libpthread.so.2 = /usr/lib/libpthread.so.2 (0x2840f000) I figure to ask here as some of you use FreeBSD. Any suggestions or ideas are welcome. I don't know why it's linked to libpthread twice. Thanks, J - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] .htaccess: How to cut only the middle branch from a directory tree?
One bewildering observation on a low-traffic, co-hosted account (hence no logs, unusual first lines required in .htaccess) by a provider using Apache 1.3.29: Some directories didn't seem to get the password protection they deserve. I figured out that the protection on every level in the directory tree can be obtained by creating this structure of subdirectories below root: /1/2/3 - and then uploading an .htaccess with these contents into each of them: PerlSetVar AuthFile /.htpasswd AuthType Basic AuthName confidential documents require valid-user Apache requires a password on http://site.dom/1/2/3, http://site.dom/1/2 and http://site.dom/1 - however when uploading a different .htaccess that is supposed to open up (ONLY) http://site.dom/1/2 to the middle directory of /1/2, something unexpected is caused by this /1/2/.htaccess file: PerlSetVar AuthFile /.htpasswd AuthType Basic AuthName wide open order deny,allow Satisfy any Besides directory 2, its subdirectory 3 becomes accessible without credentials, as well, although the more restrictive version of .htaccess has remained in...3 and should therefore be unaffected by any changes to /1/2/.htaccess - is there any explanation for this, and a way around the issue? (The format of .htaccess being largely restricted by the hosting provider's requirements, of course...)? If this is a feature, how does one make sure that the .htaccess placed in the sub-sub-subdirectory /1/2/3 is observed, so 3 will not be affected by changes to the .htaccess for its parent directory, i.e. remain protected just like /1 ? - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Why the sudden need to raise MaxClients?
We are using Apache 2.0.54 on Debian GNU/Linux (standard Debian packages). The server had been running for several months with absolutely no problems. A couple of days ago, Apache started slowing down, then would eventually stop responding completely. The only way to fix it was to restart Apache. It got to the point that Apache would only stay functional for a few seconds at a time. Watching the Apache logs revealed no unusual activity before the lockup. I discovered the MaxClients setting, which in Debian defaults to 20 for the prefork MPM. I raised it to 100, and the problem went away. I believe the default for this value is normally 256. What would cause this problem all of the sudden? My first thought was a DOS attack. Am I on the right track? --df - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] trouble mod_fcgid module on Apache-2.2.0
Nick Kew wrote: On Thursday 08 December 2005 21:05, Joe Apache wrote: Hello, I've tried to compile some modules on Apache-2.2.0 with little success. I've compiled lots of modules on it. Most of them were originally written for 2.0. Hey httpd users, this is sort of the wrong place for this... but I know that Nick Krew provided a patch for mod_fcgid on Apache-2.1.x. I'm trying to compile it for 2.2.0 and getting this error: rch/unix/fcgid_proc_unix.c: In function 'ap_unix_create_privileged_process': arch/unix/fcgid_proc_unix.c:81: error: 'SUEXEC_BIN' undeclared (first use in this function) arch/unix/fcgid_proc_unix.c:81: error: (Each undeclared identifier is reported only once arch/unix/fcgid_proc_unix.c:81: error: for each function it appears in.) make: *** [fcgid_proc_unix.slo] Error 1 I contacted the programmer with no luck... any ideas? Thanks, J - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Compiling Modules on Apache-2.2.0
Hello, I've tried to compile some modules on Apache-2.2.0 with little success. For example, here is the error message for mod_fastcgi: mod_fastcgi.c: In function `init_module': mod_fastcgi.c:271: error: `ap_null_cleanup' undeclared (first use in this function) mod_fastcgi.c:271: error: (Each undeclared identifier is reported only once mod_fastcgi.c:271: error: for each function it appears in.) mod_fastcgi.c: In function `process_headers': mod_fastcgi.c:726: warning: return makes pointer from integer without a cast mod_fastcgi.c:730: warning: assignment makes pointer from integer without a cast mod_fastcgi.c:740: warning: assignment makes pointer from integer without a cast mod_fastcgi.c:769: warning: initialization makes pointer from integer without a cast mod_fastcgi.c:839: warning: return makes pointer from integer without a cast mod_fastcgi.c:843: warning: return makes pointer from integer without a cast mod_fastcgi.c: In function `set_uid_n_gid': mod_fastcgi.c:1023: warning: passing arg 1 of `memcpy' makes pointer from integer without a cast mod_fastcgi.c:1025: warning: assignment makes pointer from integer without a cast mod_fastcgi.c:1034: warning: assignment makes pointer from integer without a cast mod_fastcgi.c:1035: warning: assignment makes pointer from integer without a cast mod_fastcgi.c: In function `do_work': mod_fastcgi.c:2322: error: `ap_null_cleanup' undeclared (first use in this function) mod_fastcgi.c: In function `create_fcgi_request': mod_fastcgi.c:2426: warning: cast to pointer from integer of different size mod_fastcgi.c:2454: warning: cast to pointer from integer of different size mod_fastcgi.c:2480: warning: assignment makes pointer from integer without a cast mod_fastcgi.c:2493: warning: assignment makes pointer from integer without a cast mod_fastcgi.c: In function `apache_is_scriptaliased': mod_fastcgi.c:2535: warning: initialization makes pointer from integer without a cast mod_fastcgi.c: In function `post_process_for_redirects': mod_fastcgi.c:2560: warning: passing arg 1 of `ap_internal_redirect_handler' makes pointer from integer without a cast mod_fastcgi.c: In function `check_user_authentication': mod_fastcgi.c:2683: warning: assignment makes pointer from integer without a cast mod_fastcgi.c:2701: warning: comparison between pointer and integer mod_fastcgi.c: In function `check_user_authorization': mod_fastcgi.c:2750: warning: assignment makes pointer from integer without a cast mod_fastcgi.c:2766: warning: comparison between pointer and integer mod_fastcgi.c: In function `check_access': mod_fastcgi.c:2810: warning: assignment makes pointer from integer without a cast mod_fastcgi.c:2827: warning: comparison between pointer and integer *** Error code 1 What gives? Has Apache-2.2.0 changed that much from v2.0.x? Thanks for any pointers. J - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] httpd-2.2.0 on FreeBSD 6 working... one small message, though
ok I remove all traces of APR and it works! Now I have this message: [Wed Dec 07 12:37:09 2005] [warn] (2)No such file or directory: Failed to enable the 'httpready' Accept Filter Any ideas? Thanks for all you help, J - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Compile httpd-2.2.0 on FreeBSD 6
Hello, I'm having problem compiling httpd-2.2.0 on FreeBSD 6 versions i386 and amd64. The errors are has follows: server/.libs/libmain.a(exports.o)(.data+0xae0): undefined reference to `apr_memcache_stats' server/.libs/libmain.a(exports.o)(.data+0xae8): undefined reference to `apr_memcache_version' server/.libs/libmain.a(exports.o)(.data+0xaf0): undefined reference to `apr_memcache_decr' server/.libs/libmain.a(exports.o)(.data+0xaf8): undefined reference to `apr_memcache_incr' server/.libs/libmain.a(exports.o)(.data+0xb00): undefined reference to `apr_memcache_delete' server/.libs/libmain.a(exports.o)(.data+0xb08): undefined reference to `apr_memcache_replace' server/.libs/libmain.a(exports.o)(.data+0xb10): undefined reference to `apr_memcache_add' server/.libs/libmain.a(exports.o)(.data+0xb18): undefined reference to `apr_memcache_set' server/.libs/libmain.a(exports.o)(.data+0xb20): undefined reference to `apr_memcache_getp' server/.libs/libmain.a(exports.o)(.data+0xb28): undefined reference to `apr_memcache_create' server/.libs/libmain.a(exports.o)(.data+0xb30): undefined reference to `apr_memcache_server_create' server/.libs/libmain.a(exports.o)(.data+0xb38): undefined reference to `apr_memcache_disable_server' server/.libs/libmain.a(exports.o)(.data+0xb40): undefined reference to `apr_memcache_enable_server' server/.libs/libmain.a(exports.o)(.data+0xb48): undefined reference to `apr_memcache_find_server' server/.libs/libmain.a(exports.o)(.data+0xb50): undefined reference to `apr_memcache_add_server' server/.libs/libmain.a(exports.o)(.data+0xb58): undefined reference to `apr_memcache_find_server_hash' server/.libs/libmain.a(exports.o)(.data+0xb60): undefined reference to `apr_memcache_hash' server/.libs/libmain.a(exports.o)(.data+0xbb8): undefined reference to `apr_md4_set_xlate' *** Error code 1 Anyone have httpd-2.2.0 install on FreeBSD 6... any pointers are appreciated. Thanks, J - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Compile httpd-2.2.0 on FreeBSD 6
server/.libs/libmain.a(exports.o)(.data+0xae0): undefined reference to `apr_memcache_stats' Where did you get your version of apr from? The bundled version doesn't include apr_memcache. I installed apr-1.2.2 from the apache.org. I wasn't able to ./configure it (APR version was 0.9.7 it said) Is that the problem you think? J - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Creating a Catch-Everything Catch-All
Gary, thank you so much for taking the time to answer. If possible, could you clarify how I should format the _default_ virtualhost entry? A typical virtualhost entry in my conf looks like this: --- VirtualHost xx.36.161.82 ServerAlias mydomain.com ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/mydomain/public_html BytesLog domlogs/mydomain.com-bytes_log ServerName www.mydomain.com User mydomain Group mydomain CustomLog /usr/local/apache/domlogs/mydomain.com combined ScriptAlias /cgi-bin/ /home/mydomain/public_html/cgi-bin/ /VirtualHost --- What parts of that should I alter to create a _default_ virtualhost? Should I simply replace the mydomain.com with ServerAlias *.*, and Servername www.mydomain.com with *.*.*? Sorry, again, for my lack of clue on this, I really am finding this bewildering. Thanks, Donnacha On Mon, 17 Oct 2005 13:55:10 -0700, Gary W. Smith [EMAIL PROTECTED] said: This requires two things. One, you need to configure DNS to catchall. I'm not sure how to do this but search google for bind and all. As for the other one, create a vitual site as _default_ and give server aliases. Then if you create a real virtual site you will need to use the qualified domain name for it (say ServerAlias jack.thissite.com) in the configuration. ServerAlias thissite.com ServerAlias *.thissite.com Then I would just create a 404 rule that points to a single pave and remove all of the other content. I think that's the easiest way. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, October 17, 2005 1:25 PM To: users@httpd.apache.org Subject: [EMAIL PROTECTED] Creating a Catch-Everything Catch-All Please forgive my lack of clue. I have read the FAQ and googled ferociously but haven't been able to find a solution, I hope that someone here can help me. I would like anybody to be able to point their domains at my nameservers and for anybody browsing to thatdomain.com or www.thatdomain.com or *.thatdomain.com or thatdomain.com/* to see a default/catch-all PHP page. Of course, if someone browses to a domain I have defined I don't want them to see the catch-all. From my research so far, I suspect there is some way to achieve this using default virtualhosts and I have tried entering various entries into httpd.conf but, unfortunately, most of the instructions I'm working from presume more basic knowledge than I have and leave out certain parts of the entry that are probably obvious to everyone but me. I would greatly appreciate it if someone could show me exactly what a comprehensive default virtualhost entry that catches all variations and subdomains etc should look like, and tell me if there are any other settings I should also be changing. Again, sorry if this is all very obvious stuff, I honestly haven't been able to get my head around it. Thanks, Donnacha - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Redirecting limit for this URL exceeded.
Joshua, thanks a lot. I created an entry in that form and restarted Apache but, unfortunately, it doesn't seem to work. Here is what I exactly entered: --- VirtualHost *:80 ServerName cvfx.com Redirect / http://www.cvfx.com/ /VirtualHost --- ... and the existing entry for cvfx is as follows: --- VirtualHost 72.36.161.82 ServerAlias www.cvfx.com ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/cvfx/public_html BytesLog domlogs/cvfx.com-bytes_log ServerName www.cvfx.com User cvfx Group cvfx CustomLog /usr/local/apache/domlogs/cvfx.com combined ScriptAlias /cgi-bin/ /home/cvfx/public_html/cgi-bin/ /VirtualHost --- To test it, I browsed to docmo.com which is pointed to my nameservers, ns1.cvfx.com and ns2.cvfx.com, but which has not been entered as a virtualhost entry on this server. Unfortunately, both docmo.com and www.docmo.com resulted in a Site Not Found error. One question I have about doing this as a redirect is, will this remove my PHP page's ability to know what domain the user originally wanted? That's a pretty important part of the service I want to offer. I very much appreciate your help, thank you. Donnacha On Mon, 17 Oct 2005 17:54:04 -0400, Joshua Slive [EMAIL PROTECTED] said: On 10/17/05, Mukarram Syed [EMAIL PROTECTED] wrote: VirtualHost *:80 ServerName esalton.com ServerAlias www.esalton.com Redirect / http://www.esalton.com/ /VirtualHost This is our second redirect-loop question today. This is a redirection loop because the redirected URL hits the same Redirect as the original URL. You want. VirtualHost *:80 ServerName esalton.com Redirect / http://www.esalton.com/ /VirtualHost VirtualHost *:80 ServerAlias www.esalton.com DocumentRoot ... /VirtualHost Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] doubts on jsp requirements
Hello world, I've doubts on few things to use jSP/jsl in my environment jboss-3.2.2/tomcat41 Hope some of you can help me to make it clearer... I think my environment was JSP 1.1 compliant. Is that true? I don't see those files in my jboss directory (even in jakarta-tomcat-4.1.31 standard distrib) ... I suppose that should be considered as normal. The point is where should i found standard.jar and jstl.jar (in order to get my tld files)? On my mind if my env is JSP1.1 compliant, it should integrates these libs and i wouldn't have to insert them my my war ... Where am i wrong ? thx, - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[users@httpd] Error accessing some pages
Sme of my users got the error Due to the presence of characters known to be used in cross site scripting attacks, access is forbidden. This web site does not allow Urls which might include embedded HTML tags when accessing one of the Intranet applications. Kindly advise is this error from apache and how can it be resolved. Thank you _ Find just what you are after with the more precise, more powerful new MSN Search. http://search.msn.com.sg/ Try it now. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[users@httpd] ??text?? On serveral webpages are questionmarks (??) where text is suppost to be or what has to be clear
Hello, I have set up apache on a fedora box: Linux hostname.nl 2.6.9-1.667 #1 Tue Nov 2 14:41:25 EST 2004 i686 i686 i386 GNU/Linux httpd-2.0.52-3 It al runs fine, but On serveral pages are questionmarks (??) where text is suppost to be or what has to be clear: Examples: http://www.afrekening.nl http://www.t-t-n.nl/uitslagen/uitsl_04/Klaverjassen.htm (table) http://www.zin-pa.nl/index_bestanden/slide0005.htm I think it is caused because the html is made in Word or powerpoint or other Microsoft #$!#$@ stuff. How can I solve this behavior? Thanx Nico - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[ANN] Apache HTTP Server 2.0.48 freigegeben
Apache HTTP Server 2.0.48 freigegeben Wir, die Apache Software Foundation und das Apache HTTP Server Projekt, freuen uns, das elfte öffentliche Release des Apache HTTP Servers 2.0 bekannt zu geben. Diese Ankündigung führt die wesentlichen Änderungen von 2.0.48 gegenüber 2.0.47 auf. Die Ankündigung ist auch in englischer Sprache unter http://www.apache.org/dist/httpd/Announcement2.txt verfügbar. Diese Version des Apache ist vornehmlich ein Bug-Fix-Update. Eine kurze Zusammenfassung der behobenen Fehler ist am Ende des Dokuments aufgeführt. Apache 2.0.48 behebt insbesondere 2 Sicherheitslücken. Bei der Verwendung eines Thread-fähigen MPMs konnte eine falsche Handhabung von CGI-Redirects in mod_cgid dazu führen, dass CGI-Ausgaben an den falschen Client ausgeliefert wurden. [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0789] In mod_alias und mod_rewrite konnte ein Pufferüberlauf auftreten, wenn ein regulärer Ausdrück mit mehr als 9 speichernden Klammernpaaren angewendet wurde. [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542] Dieses Release ist zu Modulen kompatibel, die für Apache 2.0.42 und später kompiliert wurden. Wir betrachten dieses Release als die beste verfügbare Version des Apache und empfehlen allen Benutzern früherer Versionen ein Upgrade. Apache 2.0.48 steht unter http://httpd.apache.org/download.cgi zum Download bereit. Für eine vollständige Liste der Änderungen lesen Sie bitte die Datei CHANGES_2.0, welche von der obigen Seite aus verlinkt ist. Apache 2.0 bietet zahlreiche Erweiterungen, Verbesserungen und Performancesteigerungen gegenüber der 1.3-Codebasis. Eine Übersicht der seit 1.3 eingeführten Features finden Sie unter http://httpd.apache.org/docs-2.0/new_features_2_0.html Wenn Sie diese Version des Apache installieren oder auf diese Version updaten, beachten Sie bitte folgendes: Sollten Sie den Apache mit einem der threaded-MPMs verwenden wollen, so müssen Sie sicherstellen, dass die Module (und die benötigten Bibliotheken), die Sie verwenden wollen, Thread-sicher sind. Weitere Informationen erfragen Sie bitte bei den jeweiligen Anbietern dieser Module. Wesentliche Änderungen des Apache 2.0.48 Seit Apache 2.0.47 geschlossene Sicherheitslücken *) SECURITY [CAN-2003-0789]: mod_cgid: Korrektur falscher Handhabungen des Sockets AF_UNIX, der zur Kommunikation mit dem cgid-Daemaon und dem CGI-Skript verwendet wird. [Jeff Trawick] *) SECURITY [CAN-2003-0542]: Behebung von Pufferüberläufen in mod_alias und mod_rewrite, welche auftraten, falls reguläre Ausdrücke mit mehr als 9 speichernden Klammernpaaren angewendet wurden. [André Malo] Seit Apache 2.0.47 behobene Fehler und neue Features *) mod_include: Korrektur eines Speicherzugriffsfehlers, der auftrat, wenn der Dateiname nicht angegeben war, z.B. bei der Ausführung von Fehlerbedingungen. PR 23836. [Brian Akins [EMAIL PROTECTED], André Malo] *) Korrektur des Konfigurationsparsers, um foo.../foo-Container zu unterstützen (ohne Argumente im öffnenten Tag), wie httpd 1.3 sie unterstützt. Ohne diese Änderung wären die Perl-Abschnitte von mod_perl 2.0 ungültig. [Philippe M. Chiasson [EMAIL PROTECTED]] *) mod_cgid: Korrektur einer zerstörten Hash-Tabelle, welche dazu führen konnte, dass am Ende des Request das falsche Skript aufgeräumt wurde. [Jeff Trawick] *) Aktualisierung der httpd-*.conf-Dateien zur besseren Erläuterung der Beziehung von AddType und AddEncoding bei der Definition von Dateiendungen für komprimierte Dateien. [Roy Fielding] *) mod_rewrite: Kein stillschweigendes Beenden mehr, wenn das Öffnen des RewriteLogs fehlschlägt. PR 23416. [André Malo] *) mod_rewrite: Korrektur der Option [P] in mod_rewrite, um umgeschriebene Anfragen unter Verwendung von proxy: zu senden. Der Code hatte manipulierten URIs mehrere proxy:-Felder hinzugefügt. PR: 13946. [Eider Oliveira [EMAIL PROTECTED]] *) chache_util: Korrektur von ap_check_cache_freshness um max_age, smax_age und expires wie in der RFC 2616 definiert zu prüfen. [Thomas Castelle [EMAIL PROTECTED]] *) Es wird nun sichergestellt, dass die ssl-std.conf während der Quelltext-Konfiguration generiert wird und es werden jetzt die erweiterten Konfigurationsvariablen für ein Verhalten wie bei der httpd-std.conf verwendet. PR: 19611 [Thom May] *) mod_ssl: Behebung von Speicherzugriffsfehlern nach einer misslungenen Neuverhandlung (Renegotiation). PR 21370 [Hartmut Keil [EMAIL PROTECTED]] *) mod_autoindex: Enthält ein Verzeichnis eine in der Direktive DirectoryIndex enthaltene Datei, so wird das Verzeichnissymbol nicht länger durch das Symbol dieser
[ANNOUNCE][SECURITY] Apache 2.0.47 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Apache 2.0.47 Released The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the tenth public release of the Apache 2.0 HTTP Server. This Announcement notes the significant changes in 2.0.47 as compared to 2.0.46. This version of Apache is principally a security and bug fix release. A summary of the bug fixes is given at the end of this document. Of particular note is that 2.0.47 addresses four security vulnerabilities: Certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one could result in the weak ciphersuite being used in place of the strong one. [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0192] Certain errors returned by accept() on rarely accessed ports could cause temporal denial of service, due to a bug in the prefork MPM. [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0253] Denial of service was caused when target host is IPv6 but ftp proxy server can't create IPv6 socket. [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0254] The server would crash when going into an infinite loop due to too many subsequent internal redirects and nested subrequests. [VU#379828] The Apache Software Foundation would like to thank Saheed Akhtar and Yoshioka Tsuneo for the responsible reporting of two of these issues. This release is compatible with modules compiled for 2.0.42 and later versions. We consider this release to be the best version of Apache available and encourage users of all prior versions to upgrade. Apache 2.0.47 is available for download from http://httpd.apache.org/download.cgi Please see the CHANGES_2.0 file, linked from the above page, for a full list of changes. Apache 2.0 offers numerous enhancements, improvements, and performance boosts over the 1.3 codebase. For an overview of new features introduced after 1.3 please see http://httpd.apache.org/docs-2.0/new_features_2_0.html When upgrading or installing this version of Apache, please keep in mind the following: If you intend to use Apache with one of the threaded MPMs, you must ensure that the modules (and the libraries they depend on) that you will be using are thread-safe. Please contact the vendors of these modules to obtain this information. Apache 2.0.47 Major changes Security vulnerabilities closed since Apache 2.0.46 *) SECURITY [CAN-2003-0192]: Fixed a bug whereby certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one could result in the weak ciphersuite being used in place of the strong one. [Ben Laurie] *) SECURITY [CAN-2003-0253]: Fixed a bug in prefork MPM causing temporary denial of service when accept() on a rarely accessed port returns certain errors. Reported by Saheed Akhtar [EMAIL PROTECTED]. [Jeff Trawick] *) SECURITY [CAN-2003-0254]: Fixed a bug in ftp proxy causing denial of service when target host is IPv6 but proxy server can't create IPv6 socket. Fixed by the reporter. [Yoshioka Tsuneo [EMAIL PROTECTED]] *) SECURITY [VU#379828] Prevent the server from crashing when entering infinite loops. The new LimitInternalRecursion directive configures limits of subsequent internal redirects and nested subrequests, after which the request will be aborted. PR 19753 (and probably others). [William Rowe, Jeff Trawick, André Malo] Bugs fixed and features added since Apache 2.0.46 *) core_output_filter: don't split the brigade after a FLUSH bucket if it's the last bucket. This prevents creating unneccessary empty brigades which may not be destroyed until the end of a keepalive connection. [Juan Rivera [EMAIL PROTECTED]] *) Add support for streamy PROPFIND responses. [Ben Collins-Sussman [EMAIL PROTECTED]] *) mod_cgid: Eliminate a double-close of a socket. This resolves various operational problems in a threaded MPM, since on the second attempt to close the socket, the same descriptor was often already in use by another thread for another purpose. [Jeff Trawick] *) mod_negotiation: Introduce prefer-language environment variable, which allows to influence the negotiation process on request basis to prefer a certain language. [André Malo] *) Make mod_expires' ExpiresByType work properly, including for dynamically-generated documents. [Ken Coar, Bill Stoddard] -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/C2DDZjW2wN6IXdMRAm9BAKCBj7KgdN8sLTZpUFu5aVJTjyEJlQCePz3Y QF51aRaqbVdSwZYxalnSC+Y= =2mza