Re: [users@httpd] Connection TLS Error

On Sun, 2023-11-19 at 14:35 -0500, Eric Covener wrote: > On Sun, Nov 19, 2023 at 2:31 PM John wrote: > > > > When I try to connect to Apache (2.4.53) using TLS 1.3 I get a browser > > error: > >     Error code: SSL_ERROR_RX_RECORD_TOO_LONG    (Firefox) > > What does your SSL-enabled

Re: [users@httpd] Connection TLS Error

On Sun, Nov 19, 2023 at 2:31 PM John wrote: > > When I try to connect to Apache (2.4.53) using TLS 1.3 I get a browser error: > Error code: SSL_ERROR_RX_RECORD_TOO_LONG(Firefox) What does your SSL-enabled virtualhost look like?

[users@httpd] Connection TLS Error

When I try to connect to Apache (2.4.53) using TLS 1.3 I get a browser error: Error code: SSL_ERROR_RX_RECORD_TOO_LONG(Firefox) with no errors shown in the Apache error log. I'm trying to serve a static page (ie no PHP content) I tried netstat -lpan | grep 443 and that only shows

Re: [users@httpd] Re: users Digest 18 Nov 2023 20:42:58 -0000 Issue 6519

No, that was the immediate problem and someone else suggested it So I imported mod_ssl but at the moment that just moved the error elsewhere. The default Rocky Apache installation breaks everything up into little pieces in separate files and they aren't always compatible, certainly not with

[users@httpd] Re: users Digest 18 Nov 2023 20:42:58 -0000 Issue 6519

May not fix your problem, but I'm curious if mod_ssl was imported? On Sat, Nov 18, 2023 at 12:43 PM wrote: > > > users Digest 18 Nov 2023 20:42:58 - Issue 6519 > > Topics (messages 122954 through 122954) > > SSLEngine error > 122954 by: John > > Administrivia: > >

Re: [users@httpd] SSLEngine error

Have you enabled the Apache SSL module? To install mod_ssl, run: dnf install mod_ssl To enable the mod_ssl module, run: apachectl restart httpd apachectl -M | grep ssl You will see: ssl_module (shared) https://docs.rockylinux.org/guides/web/mod_SSL_apache/ On Sat, 18 Nov 2023 at 15:43,

Re: [users@httpd] SSLEngine error

Right on - thank you. That lead to a whole bunch more errors but at least they are new! John == On Sat, 2023-11-18 at 12:46 -0800, rakesh r wrote: > make sure you have installed mod_ssl. > > Thanks > Rakesh > > On Sat, Nov 18, 2023 at 12:43 PM John wrote: > > > > I'm trying to bring up

Re: [users@httpd] SSLEngine error

make sure you have installed mod_ssl. Thanks Rakesh On Sat, Nov 18, 2023 at 12:43 PM John wrote: > > I'm trying to bring up Apache on a new server running Rocky Linux 9.1 and > also upgrade the version > of Apache from 2.4.25 to current. > > I have installed a .pem format certificate and when

[users@httpd] SSLEngine error

I'm trying to bring up Apache on a new server running Rocky Linux 9.1 and also upgrade the version of Apache from 2.4.25 to current. I have installed a .pem format certificate and when I try to start Apache I get this error: Starting The Apache HTTP Server... httpd[12399]: AH00526: Syntax

Re: [users@httpd] Tightening security on my webserver

Hi Frank I should mention that a hacker found this vulnerability and sent me the URL. I'm reasonably confident this isn't coming from my PHP application. The text from the path_info is turning up in the , here's a screenshot [image: image.png] But my PHP code generates this code like this:

Re: [users@httpd] Tightening security on my webserver

You could look at the AcceptPathInfo directive in the meantime as well. On Tue, Nov 14, 2023 at 4:04 PM Frank Gingras wrote: > The URI path part of pathinfo is not "ignored", nor "considered" by the > web server. It is simply passed to the php application. If your application > chooses to

Re: [users@httpd] Tightening security on my webserver

The URI path part of pathinfo is not "ignored", nor "considered" by the web server. It is simply passed to the php application. If your application chooses to include it in the response, then the application must be corrected. On Tue, Nov 14, 2023 at 3:57 PM Murray Collingwood <

Re: [users@httpd] Tightening security on my webserver

Hi Frank Yes, and I can do this, but I'm really surprised that this extra content is even being reflected back to the web user. My assumption was if I ignore anything beyond my "appwaz.php" it will be ignored by the web server so why is this text being reflected back as part of the

Re: [users@httpd] Tightening security on my webserver

Since you're using appwaz.php to serve your content and parsing the pathinfo, it falls back on your php application to discard values that are malicious or incorrect. On Tue, Nov 14, 2023 at 3:37 PM Murray Collingwood < mur...@focus-computing.com.au> wrote: > Good question @Frank, and yes it is.

Re: [users@httpd] Tightening security on my webserver

Good question @Frank, and yes it is. Cheers Murray On Wed, 15 Nov 2023 at 07:36, Frank Gingras wrote: > To be clear, is sobs.com.au your domain name? > > On Tue, Nov 14, 2023 at 1:26 PM Murray Collingwood < > mur...@focus-computing.com.au> wrote: > >> Hi folks >> >> First time poster. I

Re: Re: Re: [users@httpd] Unable to unset Set-Cookie response header=

On Tue, Nov 14, 2023 at 3:11 PM Luigi Bellio wrote: > > Hi Rainer, > > I tried also in this way but the "Set-Cookie" response header is present. > > I did further tests ... the response header is set also when returning > static resources, for example > > Set-Cookie: >

RE: Re: Re: [users@httpd] Unable to unset Set-Cookie response header=

Hi Rainer,     I tried also in this way but the "Set-Cookie" response header is present.     I did further tests ... the response header is set also when returning static resources, for example Set-Cookie: 7133ee39c88e27dfb06de1e1feafdacd=64ca85231009a6bb674397ffaccb3d14; path=/;

Re: [users@httpd] Tightening security on my webserver

To be clear, is sobs.com.au your domain name? On Tue, Nov 14, 2023 at 1:26 PM Murray Collingwood < mur...@focus-computing.com.au> wrote: > Hi folks > > First time poster. I recently became aware that hackers were able to > include scripts in my URLs that would run (when reflected back to the >

[users@httpd] Tightening security on my webserver

Hi folks First time poster. I recently became aware that hackers were able to include scripts in my URLs that would run (when reflected back to the client web browser). Is there a simple configuration in Apache that allows me to apply strict rules to the URLs that would stop this happening?

Re: Re: [users@httpd] Unable to unset Set-Cookie response headerIn-Reply-To=

On Tue, Nov 14, 2023 at 3:24 PM Luigi Bellio wrote: > > Hi Eric, > > thanks for your feedback ... I just tried, nothing is changed ... > moreover as documented the "always" directive should apply to all > response codes not only "on success". You're missing one important issue the

Re: [users@httpd] Unicode Chars not working

On 2023-11-13 22:17, Chris me wrote: I rechecked the response headers, interesting thing is the server that works is just sending content-type: text/thml but the one that does not work is sending  content-type: text/html and charset=UTF-8 even though it is sending the charset after I

RE: Re: [users@httpd] Unable to unset Set-Cookie response headerIn-Reply-To=

Hi Eric,     thanks for your feedback ... I just tried, nothing is changed ... moreover as documented the "always" directive should apply to all response codes not only "on success".     Thanks for any support,         Luigi. On 2023/11/14 13:22:06 Eric Covener wrote: > > Header

Re: [users@httpd] Unable to unset Set-Cookie response header

> Header always unset Set-Cookie Try without "always" On Tue, Nov 14, 2023 at 6:25 AM Luigi Bellio wrote: > > Hi all, > > we are using version 2.4.57 of Apache HTTPd with this configuration > > > ServerName :1080 > CustomLog combined > ErrorLog > >

[users@httpd] Unable to unset Set-Cookie response header

Hi all,     we are using version 2.4.57 of Apache HTTPd with this configuration         ServerName :1080     CustomLog  combined     ErrorLog     DocumentRoot "/usr/local/apache2/conf/extra"         Require all granted    

RE: [users@httpd] Unicode Chars not working

I rechecked the response headers, interesting thing is the server that works is just sending content-type: text/thml but the one that does not work is sending content-type: text/html and charset=UTF-8 even though it is sending the charset after I un-commented it in charset.conf. So why does

Re: [users@httpd] Unsubscribe

On Monday 13 November 2023 at 21:54:49, Michela wrote: > Empty Message Please see the headers of every mail on this list: list-help: list-unsubscribe: list-post: Or the footers: To

[users@httpd] Unsubscribe

Empty Message

Re: [users@httpd] Ubuntu/Apache2/laravel - test project setup in subdirs

> Date: Sunday, November 12, 2023 21:48:57 -0500 > From: bruce > > > the target url that's giving me an issue.. > > http://161.35.5.174/wave/ current live site for now > Symfony \ Component \ HttpKernel \ Exception \ Meth > odNotAllowedHttpException PHP 8.2.10-2ubuntu1 > 9.52.16 > The

Re: [users@httpd] Ubuntu/Apache2/laravel - test project setup in subdirs

Frank, I create the alias in the mod.confcat /etc/apache2/mods-available/alias.conf # Aliases: Add here as many aliases as you need (with no limit). The format is # Alias fakename realname # # Note that if you include a trailing / on fakename then the server will # require it to be present in the

Re: [users@httpd] Ubuntu/Apache2/laravel - test project setup in subdirs

On Sun, Nov 12, 2023 at 6:47 PM bruce wrote: > Hi. > > Setting up a test laravel app to run as a subdir: > ie /var/www/html/wave/wave/public (index.php) > > the idea is to have the url > http://1.2.3.4/wave (is this possible? or dies it need to be > http://1.2.3.4/wave/index.php

Re: [users@httpd] ubuntu apache2

Hi Paul! Thanks for the reply!! I'm answering below (I've also resubmitted a post with a bit more data) A couple of questions. If you have access to and root privileges on your server, what system are you running? (# cat /etc/os-release) - I think you said Ubuntu. Maybe # apache2 -v would

[users@httpd] Ubuntu/Apache2/laravel - test project setup in subdirs

Hi. Setting up a test laravel app to run as a subdir: ie /var/www/html/wave/wave/public (index.php) the idea is to have the url http://1.2.3.4/wave (is this possible? or dies it need to be http://1.2.3.4/wave/index.php in the url ?? I'd also like the base url to be

Re: [users@httpd] Unicode Chars not working

Please see below, I do not top post. On 2023-11-12 17:09, Chris me wrote: Yes, the headers are the same on both, there is no header directive to set character set, as I have stated. IE, there is nothing like content="text/html; charset=iso-8859-1" /> in the header. There has to be something

RE: [users@httpd] Unicode Chars not working

Yes, the headers are the same on both, there is no header directive to set character set, as I have stated. IE, there is nothing like in the header. There has to be something different in the 2 apache servers, the one that works is an older 2.4.4 and the new one is 2.4.57 that is not working

[users@httpd] Apache dropping Content-Length header for HEAD responses where Content-Length is 0

Hi, Using Apache 2.4.57 on Fedora with default configuration I'm observing that for HEAD response the Content-Length header is not being sent for empty files (it is present for non-empty files). When changing HEAD to GET the header is present for such files. Sidney Shek asked very similar

Re: [users@httpd] ubuntu apache2

> Date: Sunday, November 12, 2023 00:09:54 -0500 > From: bruce > > ok... > http://157.245.251.134 > --generates the default apache page.. > > > http://157.245.251.134/wave/ > --generates a 403 forbidden... > from nginx!!! ok.. looks like nginx is/might be interfering > with this...

Re: [users@httpd] ubuntu apache2

A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? On 2023-11-12 00:35, bruce wrote: ok.. weird... appears might have been a timing thing.. i get errs.. but they're all apache

Re: [users@httpd] ubuntu apache2

ok.. weird... appears might have been a timing thing.. i get errs.. but they're all apache errs.. except -- now shows nginx... this is weird! On Sun, Nov 12, 2023 at 12:09 AM bruce wrote: > > hi... > > ok... > http://157.245.251.134 > --generates the default apache page.. > > >

Re: [users@httpd] ubuntu apache2

hi... ok... http://157.245.251.134 --generates the default apache page.. http://157.245.251.134/wave/ --generates a 403 forbidden... from nginx!!! ok.. looks like nginx is/might be interfering with this... makes sense... another person had been modifying some things and was going to use

Re: [users@httpd] ubuntu apache2

hi.. /etc/apache2# cat /etc/apache2/sites-available/wave.conf ServerAdmin f...@yahoo.com ServerName 161.35.5.174 ServerAlias temp DocumentRoot /var/www/html/wave/wave/public DirectoryIndex index.php /public/index.php #Options Indexes FollowSymLinks

Re: [users@httpd] ubuntu apache2

On Sat, Nov 11, 2023 at 10:37 PM bruce wrote: > Weird > > Seems the "DocumentRoot" as displayed in > apachectl -S > AH00558: apache2: Could not reliably determine the server's fully > qualified domain name, using 127.0.1.1. Set the 'ServerName' directive > globally to suppress this message >

Re: [users@httpd] ubuntu apache2

Weird Seems the "DocumentRoot" as displayed in apachectl -S AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message VirtualHost configuration: *:80 161.35.5.174

Re: [users@httpd] ubuntu apache2

On Sat, Nov 11, 2023 at 9:25 PM bruce wrote: > I wasnt sure if servername is optional, or used. Since I have no > domain/server, I'm assuming I can the use the test ipAddress.. > > still testing! > > thanks > > On Sat, Nov 11, 2023 at 8:46 PM Frank Gingras wrote: > > > > > > > > On Sat, Nov 11,

Re: [users@httpd] ubuntu apache2

I wasnt sure if servername is optional, or used. Since I have no domain/server, I'm assuming I can the use the test ipAddress.. still testing! thanks On Sat, Nov 11, 2023 at 8:46 PM Frank Gingras wrote: > > > > On Sat, Nov 11, 2023 at 8:41 PM bruce wrote: >> >> arrggg.. >> >> Ok. something's

Re: [users@httpd] ubuntu apache2

On Sat, Nov 11, 2023 at 8:41 PM bruce wrote: > arrggg.. > > Ok. something's going on that I'm missing.. > > I changed the wave.conf in the /etc/apache/sites-available > /etc/apache2/sites-enabled > > I actually renamed the file to wave.conf1 > I did the a2dissites *.conf as well as

Re: [users@httpd] Unicode Chars not working

On Sat, Nov 11, 2023 at 8:31 PM phunction wrote: > Seeing how it's an exact copy from the other server and the other server > is fine I would think that's more of a Apache configuration isn't it? > > The content itself does not specify a character set. > > > > Sent from my Galaxy > > >

Re: [users@httpd] ubuntu apache2

arrggg.. Ok. something's going on that I'm missing.. I changed the wave.conf in the /etc/apache/sites-available /etc/apache2/sites-enabled I actually renamed the file to wave.conf1 I did the a2dissites *.conf as well as stopped/restarted apache2 I then did apachectl -S AH00558: apache2: Could

Re: [users@httpd] Unicode Chars not working

Seeing how it's an exact copy from the other server and the other server is fine I would think that's more of a Apache configuration isn't it?The content itself does not specify a character set.Sent from my Galaxy Original message From: Frank Gingras Date: 2023-11-11 4:02

Re: [users@httpd] Unicode Chars not working

On Sat, Nov 11, 2023 at 6:49 PM Chris me wrote: > Hi, > > I am moving my site from one server to another, both are apache 2. The > files where tarred and zipped on one linux server and copied to another > linux server. > > > > On the new server, any pages with a Unicode character is getting

[users@httpd] Unicode Chars not working

Hi, I am moving my site from one server to another, both are apache 2. The files where tarred and zipped on one linux server and copied to another linux server. On the new server, any pages with a Unicode character is getting served with the black diamond and question mark. I enabled

Re: [users@httpd] ubuntu apache2

On Sat, Nov 11, 2023 at 6:20 PM bruce wrote: > Thanks.. > > Tried again. Same results. As far as 2.2 directives vs 2.4.. could you > clarify? > > Pretty sure this is simple.. but can't see what's missing... > > thanks > > On Sat, Nov 11, 2023 at 6:05 PM Frank Gingras wrote: > > > > > > > > On

Re: [users@httpd] ubuntu apache2

Thanks.. Tried again. Same results. As far as 2.2 directives vs 2.4.. could you clarify? Pretty sure this is simple.. but can't see what's missing... thanks On Sat, Nov 11, 2023 at 6:05 PM Frank Gingras wrote: > > > > On Sat, Nov 11, 2023 at 5:46 PM bruce wrote: >> >> Hi Frank!! >> >> thanks

Re: [users@httpd] ubuntu apache2

On Sat, Nov 11, 2023 at 5:46 PM bruce wrote: > Hi Frank!! > > thanks for the reply. > > If you don't mind.. here's my setup > ubuntu -- apache2 > > > /etc/apache2/mods-available/alias.conf > -- > Alias /icons/

Re: [users@httpd] ubuntu apache2

Hi Frank!! thanks for the reply. If you don't mind.. here's my setup ubuntu -- apache2 /etc/apache2/mods-available/alias.conf -- Alias /icons/ "/usr/share/apache2/icons/" #Alias /wave/ "/var/www/html/wave" Alias /wave/

Re: [users@httpd] ubuntu apache2

On Sat, Nov 11, 2023 at 5:16 PM bruce wrote: > Hi. > > Trying to set up a test http://1.2.3.4/foo > > where I have a laravel/php setup > /var/www/html/foo/foo/public <<< > > As far as I can tell, there should be an "alias.conf" -- foo.conf in the > /etc/apache2/conf-availables/alias.conf >

[users@httpd] ubuntu apache2

Hi. Trying to set up a test http://1.2.3.4/foo where I have a laravel/php setup /var/www/html/foo/foo/public <<< As far as I can tell, there should be an "alias.conf" -- foo.conf in the /etc/apache2/conf-availables/alias.conf /etc/apache2/sites-available/foo and the base httpd.conf I think

[users@httpd] help pointers -- ubuntu apache for subdir apps

Hi. Have a couple of test apps that I want to setup and run as "subdir" apps. ie http://1.2.3.4/app1 http://1.2.3.4/app2 the dir tree example would be /var/www/html/app1 /var/www/html/app2 app1 would be a "laravel/php" app2 would be a nodejs/npm app... I have no clue as to how to implement

Re: [users@httpd] Question Error apache

El lun, 6 nov 2023 a las 12:05, Nacho Herrerías () escribió: > I have a problem with Apache. Now and then i get an alert from my SIEM, > telling me this: auditd: process ended abnormally type=ANOM_ABEND > msg=audit(1699052664.898:938628): auid=4294967295 uid=1001 gid=1002 > ses=4294967295

Re: [users@httpd] Apache 2.4 Balancer still sends requests to the server with status "Init Err"

Hello, Thank you all for your help. The basic functions work (the important thing is the combination of timeout and failontimeout=on). I will tune up the appropriate settings for the parameters. Fica - To unsubscribe, e-mail:

Re: [users@httpd] Apache 2.5 Source Code ?

Hello, if you look into the documentation[1], you will see that there is no 2.5 version as Gills correctly stated.. However, if you click on `trunk` (Development branch), it will present itself as version 2.5. You can find its sources in the official repository[2]. Hope it helps. [1]

Re: [users@httpd] Apache 2.5 Source Code ?

The Apache Software Foundation hosts many projects, of which httpd is probably the best known. If you refer to that: there is no (released) Apache httpd 2.5. The latest release is 2.4.58. Source is here . On Mon, Nov 6, 2023 at 4:40 PM

[users@httpd] Apache 2.5 Source Code ?

Where can I get the source code to build Apache 2.5 for Red Hat 8 ? The links on apache.org redirect to the source for Apache 2.4, and I don't see any packages for Apache 2.5 in the Red Hat repos. Thanks, -Joe

[users@httpd] Question Error apache

I have a problem with Apache. Now and then i get an alert from my SIEM, telling me this: auditd: process ended abnormally type=ANOM_ABEND msg=audit(1699052664.898:938628): auid=4294967295 uid=1001 gid=1002 ses=4294967295 pid=32043 comm="httpd" exe="/usr/sbin/httpd" sig=7 res=1 AUID="unset"

Re: [users@httpd] Apache 2.4 Balancer still sends requests to the server with status "Init Err"

On Wed, Nov 1, 2023 at 3:55 PM Daniel Ferradal wrote: > > > > El mié, 1 nov 2023 a las 8:32, escribió: >> >> Hello everybody. >> >> I use Apache 2.4.37 on Red Hat as balancer for two Tomcat servers. We have >> this configuration of balancer: >> >> BalancerMember https://192.168.1.40:8443

Re: [users@httpd] Apache 2.4 Balancer still sends requests to the server with status "Init Err"

El vie, 3 nov 2023 a las 9:36, escribió: > > > Now when the first server is in "bad condition" (192.168.1.40:8443 is > available, but the server does not respond), Apache waits 10 s and than it > sends 502 error to client, instead of using the second server. What is > wrong? Thanks in advance. >

Re: [users@httpd] Apache 2.4 Balancer still sends requests to the server with status "Init Err"

Hello Daniel, Thank you very much for your advice. Based on it I modified the configuration: BalancerMember https://192.168.1.40:8443 route=TOMCAT_SRV1 timeout=10 retry=30 BalancerMember https://192.168.1.50:8443 route=TOMCAT_SRV2 timeout=10 retry=30 ProxySet

Re: [users@httpd] really basic -- maybe off-topic question

On 2023-11-01 10:30, bruce wrote: I'm looking into Saas apps, and I'm seeing "frameworks". Some of these Saas/App frameworks don't appear to use apache/nginx as a "webserver", but the app will have a "Url" in an "env" file. So, somehow/somewhere the app is implementing some sort of server

[users@httpd] really basic -- maybe off-topic question

I'm looking into Saas apps, and I'm seeing "frameworks". Some of these Saas/App frameworks don't appear to use apache/nginx as a "webserver", but the app will have a "Url" in an "env" file. So, somehow/somewhere the app is implementing some sort of server logic/function. Is this normal? The

Re: [users@httpd] Apache 2.4 Balancer still sends requests to the server with status "Init Err"

El mié, 1 nov 2023 a las 8:32, escribió: > Hello everybody. > > I use Apache 2.4.37 on Red Hat as balancer for two Tomcat servers. We have > this configuration of balancer: > > BalancerMember https://192.168.1.40:8443 route=TOMCAT_SRV1 timeout=60 > ping=1ms > BalancerMember

[users@httpd] Apache 2.4 Balancer still sends requests to the server with status "Init Err"

Hello everybody. I use Apache 2.4.37 on Red Hat as balancer for two Tomcat servers. We have this configuration of balancer: BalancerMember https://192.168.1.40:8443 route=TOMCAT_SRV1 timeout=60 ping=1ms BalancerMember https://192.168.1.50:8443 route=TOMCAT_SRV2 timeout=60 ping=500ms

[users@httpd] Building 32-bit Apache-httpd

I'm trying to build Apache httpd RPM from the source tarball as mentioned in https://httpd.apache.org/docs/2.4/install.html I need to generate 32 bit RPM. However, I could not find any documentation on how to build 32 bit version from the source. Essentially, what options need to be provided to

[users@httpd] Re: Weird issue with "H2Push" combined with FilesMatch

Hello, I decided to re-create the problem on a fresh install. I used 2 win64 releases provided by apachelounge.com * httpd-2.4.54-win64-VC15.zip * httpd-2.4.58-win64-VS17.zip I configured only the bare minimum needed to re-create the problem. They are both configured the same, and

Re: [users@httpd] Unable to build Apache httpd

On Tue, Oct 24, 2023 at 5:32 AM Frank Gingras wrote: > > Perhaps the libtool version is older/different - what happens when you remove > the space? > > On Fri, Oct 20, 2023 at 12:19 PM Daga, Navin (Navin) wrote: >> >> I'm trying to build Apache httpd RPM from the source tarball as mentioned in

Re: [users@httpd] Weird issue with "H2Push" combined with FilesMatch

On 2023-10-24 14:09, Frank Gingras wrote: [snip] Keep in mind that nghttp2 is a build requirement for HTTP/2, which was outlined in the threads pertaining to CVE 2033-44487. Testing with that tool should be fine. Good point, thanks. I had missed it. In the Ubuntu world (nearly all of my

Re: [users@httpd] Weird issue with "H2Push" combined with FilesMatch

Hello Paul, Sorry, that's hotmail default behavior for replies. I have tried removing all default quoted text for this post and quoting manually to see how it turns out. What version of Apache / httpd? What server system / version? I personally had never heard of Nghttp, and their website

Re: [users@httpd] Weird issue with "H2Push" combined with FilesMatch

On Tue, Oct 24, 2023 at 2:02 PM Paul wrote: > On 2023-10-24 13:17, Jose Stefan wrote: > > Please don't top-post > > > No, not that I am aware off. The push is only triggered by the > > "H2PushResource" directive shown. Which I tried to showcase with the > > 3^rd test. > > > > Within fileA.php

Re: [users@httpd] Weird issue with "H2Push" combined with FilesMatch

On 2023-10-24 13:17, Jose Stefan wrote: Please don't top-post No, not that I am aware off. The push is only triggered by the "H2PushResource" directive shown. Which I tried to showcase with the 3^rd  test. Within fileA.php and fileB.php the stylesheet is loaded with this line: A tag

Re: [users@httpd] Weird issue with "H2Push" combined with FilesMatch

Hello Paul, No, not that I am aware off. The push is only triggered by the "H2PushResource" directive shown. Which I tried to showcase with the 3rd test. Within fileA.php and fileB.php the stylesheet is loaded with this line: A tag within the html content, and not a header. To perform my

Re: [users@httpd] Weird issue with "H2Push" combined with FilesMatch

On 2023-10-24 11:31, Jose Stefan wrote: Hello, I have a weird issue while using "H2Push". I'm turning it off, but depending where it's nested it doesn't work as expected. Subset of config shown at the end. I'm using version: 2.4.52-1ubuntu4.6 on Ubuntu 22.04 LTS. With the code as

[users@httpd] Weird issue with "H2Push" combined with FilesMatch

Hello, I have a weird issue while using "H2Push". I'm turning it off, but depending where it's nested it doesn't work as expected. Subset of config shown at the end. I'm using version: 2.4.52-1ubuntu4.6 on Ubuntu 22.04 LTS. With the code as presented, it still triggers a push for "fileC.css".

Re: [users@httpd] Unable to build Apache httpd

Perhaps the libtool version is older/different - what happens when you remove the space? On Fri, Oct 20, 2023 at 12:19 PM Daga, Navin (Navin) wrote: > I'm trying to build Apache httpd RPM from the source tarball as mentioned > in https://httpd.apache.org/docs/2.4/install.html > > > > However,

Re: [users@httpd] CVE-2033-44487

Yes, you need to upgrade to 2.4.58, and make sure your system has nghttp2 .57 installed. On Thu, Oct 19, 2023 at 7:31 PM Brian Southern wrote: > Has anyone been able to definitively determine if Apache HTTP 2.4.53 is > vulnerable to CVE-2023-44487? I've found forums where users and apparent >

Re: [users@httpd] dynamic ssl cert/key selection

On Fri, Oct 20, 2023 at 5:31 PM Marc wrote: [...] > >ServerAlias test.*.* [...] > > > > A trivial and safe way if you need a solution asap might involve declaring > > a for each host. > > I would like to have single access/error log for all these serveralias > matches. That's no

[users@httpd] Unable to build Apache httpd

I'm trying to build Apache httpd RPM from the source tarball as mentioned in https://httpd.apache.org/docs/2.4/install.html However, it always fails with the error "libtool: error: require no space between '-L' and '-R'" Complete Error : /usr/lib64/apr-1/build/libtool --silent

RE: [users@httpd] dynamic ssl cert/key selection

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -. F1 Outsourcing Development Sp. z o.o. Poland t: +48 (0)12 4207 835 e: m...@f1-outsourcing.eu > -Original Message- > From: Will Fatherley > Sent: Friday, 20 October 2023 16:04 > To: users@httpd.apache.org >

Re: [users@httpd] dynamic ssl cert/key selection

> Is there a way to chose what ssl certs/keys to load when you have > something like > > ServerAlias test.*.* > > So when host test.example.com is serviced, that it will get > > SSLCertificateFile "/etc/pki/tls/certs/example.com.crt" > > > So when host test.example.net is serviced, that it will

[users@httpd] dynamic ssl cert/key selection

Is there a way to chose what ssl certs/keys to load when you have something like ServerAlias test.*.* So when host test.example.com is serviced, that it will get SSLCertificateFile "/etc/pki/tls/certs/example.com.crt" So when host test.example.net is serviced, that it will get

[users@httpd] CVE-2033-44487

Has anyone been able to definitively determine if Apache HTTP 2.4.53 is vulnerable to CVE-2023-44487? I've found forums where users and apparent sysadmins indicate it may be, however the only reference to this CVE I've been able to locate on Apache.org is as a comment made within another CVE

[users@httpd] CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST

Severity: moderate Affected versions: - Apache HTTP Server 2.4.17 through 2.4.57 Description: When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to

[users@httpd] CVE-2023-43622: Apache HTTP Server: DoS in HTTP/2 with initial windows size 0

Severity: low Affected versions: - Apache HTTP Server 2.4.55 through 2.4.57 Description: An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker

[users@httpd] CVE-2023-31122: Apache HTTP Server: mod_macro buffer over-read

Severity: low Affected versions: - Apache HTTP Server through 2.4.57 Description: Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. Credit: David Shoon (github/davidshoon) (finder) References:

Re: [users@httpd] basic question ---

Can you keep the replies on-list? Multiviews is just the simplest approach, and there is no such thing as "everyone does X". It depends. You can certainly solve a problem in the most convoluted way possible, but it doesn't mean that it's the correct way. On Mon, Oct 16, 2023 at 5:22 PM Tatsuki

Re: [users@httpd] basic question ---

Hello. Frank Gingras wrote on 2023/10/17 02:22: > That's just multiviews. For that matter, do everyone else do multiviews? What if we simply name the file b, and then do the following? SetHandler php-script # If it works via CGI as well. SetHandler cgi-script Regards.

Re: [users@httpd] basic question ---

That's just multiviews. On Mon, Oct 16, 2023 at 12:49 PM bruce wrote: > Hi Frank. > > Thanks for the reply. > > Not converting. > > But I've seen example open source demo/apps > where the app/url >http://www.foo.com/a >http://www.foo.com/b > are valid... > > and when I inspect the

Re: [users@httpd] basic question ---

Hi Frank. Thanks for the reply. Not converting. But I've seen example open source demo/apps where the app/url http://www.foo.com/a http://www.foo.com/b are valid... and when I inspect the dir, I get a.php - b.php... So I'm assuming that there's something happening in the

Re: [users@httpd] basic question ---

You should use multviews, so that if you request /a, it will expand to a.php. Converting a.php to b.php makes no sense; why would you request another script in that case? You should also look at the FallbackResource directive, and use pathinfo to handle URI parameters, instead of the query

[users@httpd] basic question ---

running apache2 old copy of centos trying to understand how to test a few things. I can have http://www.abc.com/a.php a.php can fire off a page to "b.php" I'm trying to figure out what to do in the httpd.conf file to "ignore/hide" the .php so the displayed url would be http://www.abc.com/b

Re: [users@httpd] preciso de ajuda

I'll answer in English for the benefit of the list (you can use google translate). For windows, the recommended installers are from the apache lounge site: https://www.apachelounge.com/ Alternatively, you can install xampp, but that should not be run in production. On Sun, Oct 15, 2023 at 6:17 

[users@httpd] preciso de ajuda

preciso saber como RODAR CORRETAMENTE : INSTALAR , CONFIGURAR E SUBIR o Apache 2.4 ou a mais nova versão em meu computador com o WINDOWS 10 PRO Endel

Re: [users@httpd] Peer digest using sha1 on TLS connection - Chrome fails

Just as an update - it appears that there was a vhost config that went unnoticed - this from the guy who found it: "We noticed with SSLLabs that there was 2 SSL certificates getting pulled when testing against the xxx.xxx.xxx.domain Looking against the config being included in the Apache when

<    1   2   3   4   5   6   7   8   9   10   >