Re: [users@httpd] Header set Link?

2024-11-16 Thread Eric Covener
> Header add Link "; > rel=\"canonical\"" env=REDIRECT_PDF_CANONICAL_URL > However, the %{HTTP_HOST} variable doesn't seem to be set. I don't think you can expect that environment variable to be defined. Maybe you want to switch the value argu

Re: [users@httpd] Apache Directive Closure Problem

2024-10-11 Thread Eric Covener
> Also, Apache should have reported this unclosed on restart. Config parsing isn't file based/scoped. If you use it eats everything until the closing even if it's from a different Include'ed file and not what you intended. - T

Re: [users@httpd] Help with Apache Configuration in Dockerized PHP Application

2024-10-07 Thread Eric Covener
On Mon, Oct 7, 2024 at 7:12 AM Eric Covener wrote: > > >> [Sun Oct 06 10:02:48.889047 2024] [authz_core:error] [pid 10:tid > >> 131326541519672] [client 192.168.16.1:49194] AH01630: client denied by > >> server configuration: > >> /usr/local/apache2/

Re: [users@httpd] Help with Apache Configuration in Dockerized PHP Application

2024-10-07 Thread Eric Covener
>> [Sun Oct 06 10:02:48.889047 2024] [authz_core:error] [pid 10:tid >> 131326541519672] [client 192.168.16.1:49194] AH01630: client denied by >> server configuration: >> /usr/local/apache2/htdocs/apps/admin/public_html/.htaccess This error means it's not filesystem permissions. Are there other

Re: [users@httpd] AH00051: child pid 3886730 exit signal Segmentation fault (11), possible coredump in /etc/httpd

2024-09-27 Thread Eric Covener
related now. I also don't think it's a resource allocation problem, as > there's plenty of free memory. > > What else can I do to troubleshoot this? > > dave > > -- Eric Covener cove...@gmail.com -

Re: [users@httpd] How to fix Apache HTTPD Unauthenticated/Open Web Proxy Vulnerability?

2024-09-27 Thread Eric Covener
pying, distributing > or taking any action in reliance on the contents of this email is strictly > prohibited. Disclaimer: This email may contain information that is intended > to lend technical knowledge and support to the recipient. Laws, > regulations, and best practices change, and the

Re: [users@httpd] AH00051: child pid 3886730 exit signal Segmentation fault (11), possible coredump in /etc/httpd

2024-09-27 Thread Eric Covener
On Thu, Sep 26, 2024 at 10:26 PM Dave Wreski wrote: > > Hi, > > I'm using httpd-2.4.62 on fedora40 and noticed periodic errors related to > core dumps. Is this a potential bug? I see there are several similar bug > reports with previous versions but never a resolution. The crash symptom by ites

Re: FW: [users@httpd] rewrite rule issue with Apache 2.4.62

2024-09-13 Thread Eric Covener
I haven't had a chance to look, please open a bug with as much detail as you can: https://bz.apache.org/bugzilla/enter_bug.cgi?product=Apache%20httpd-2 On Fri, Sep 13, 2024 at 2:36 PM Daiya, Devendra singh wrote: > > Hey Eric, > > > > Did you get chance to review below l

Re: FW: [users@httpd] rewrite rule issue with Apache 2.4.62

2024-09-09 Thread Eric Covener
On Mon, Sep 9, 2024 at 1:25 PM Daiya, Devendra singh wrote: > > Hi Eric, Team, > > > > We tested our application with 2.4.62 pointing to older version of > mod_rewrite.so module (2.4.59) and application is working fine. > > > > Could you please let us know if th

Re: FW: [users@httpd] rewrite rule issue with Apache 2.4.62

2024-08-28 Thread Eric Covener
> Is there anything we need to update in config file for Rewrite rule? I responded last week with followup questions. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.

Re: [users@httpd] rewrite rule issue with Apache 2.4.62

2024-08-23 Thread Eric Covener
> Could you please review this case and let us know if we need to adjust any > configuration with 2.4.62 version. > > 2.4.62 (failing to error.html) > > [Mon Aug 19 14:14:47.360450 2024] [rewrite:trace4] [pid 1177:tid 11999] > mod_rewrite.c(505): [client :] - - > [cci-launchpad-dev.hostname.com

Re: [users@httpd] 2.4.62 broke my UDS reverse proxy

2024-08-13 Thread Eric Covener
On Tue, Aug 13, 2024 at 1:13 PM Ohrstrom, Jeffrey wrote: > we use LuaHookFixups to set some things and I get the sense that could have > something to do with it. Can you share pun_proxy.lua? Can you test with pun_proxy.lua only touching r->handler in the way that SetHandler example looks in ht

Re: [users@httpd] mod_proxy health check custom header

2024-08-12 Thread Eric Covener
L and then use hcuri= to use it from the healthcheck? Or does it not dodge the other problems? -- Eric Covener cove...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] temporary enable/disable access

2024-08-02 Thread Eric Covener
> >46 Order deny,allow This allows access by default. "Order allow,deny" denies access by default. > > The idea is that I can quickly limit access to the website by > > uncommenting just a single line in the config. However when I change it > > to > > > >47 #Deny

Re: [users@httpd] apachectl -S question/confusion?

2024-07-24 Thread Eric Covener
> Main DocumentRoot: "/var/www/html" <<< why There is an implicit global server configuration used when requests don't match any IP-based virtual host. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For ad

Re: [users@httpd] DirectoryIndex broken in Apache 2.4.60?

2024-07-01 Thread Eric Covener
On Mon, Jul 1, 2024 at 2:51 PM Matthew Goebel wrote: > > Going from 2.4.59 to 2.5.60 I had to make the following change in my > httpd.conf file. > > AddType application/x-httpd-php .php > > to > > AddHandler application/x-httpd-php .php Thanks Matthew, this makes perfect sense. I will add this t

Re: [users@httpd] DirectoryIndex broken in Apache 2.4.60?

2024-07-01 Thread Eric Covener
On Mon, Jul 1, 2024 at 2:45 PM Jack Swan wrote: > > Have an existing application and Apache installation (have been using Apache > for years). > > Upgraded Apache from 2.4.59 to 2.4.60 today and the browser prompts to save > the index.php file instead of > serving/processing it when just enterin

Re: [users@httpd] Removing single question mark?

2024-06-20 Thread Eric Covener
On Thu, Jun 20, 2024 at 7:08 PM Dave Wreski wrote: > Hi, I should add that I wrote the following to remove an errant question > mark from the end of another URL, but it doesn't appear to work for the > homepage. > > RewriteCond %{THE_REQUEST} /features\? [NC] > RewriteRule ^ %{REQUEST_URI} [L,R=3

Re: [users@httpd] Stripping trailing slashes (again)

2024-06-13 Thread Eric Covener
> RewriteRule ^(.*)/+$ https://linuxsecurity.com$1 [R=301,END] > > I've also set logging to trace5 (even though none of the entries were above > trace4) - shouldn't it provide me with enough info to determine where/why > it's looping? I think it loops because it redirects https://linuxsecurity.c

Re: [users@httpd] Stripping trailing slashes (again)

2024-06-13 Thread Eric Covener
eferer: > https://linuxsecurity.com/ > escaping https://linuxsecurity.com for redirect, referer: > https://linuxsecurity.com/ > redirect to https://linuxsecurity.com [REDIRECT/301], referer: > https://linuxsecurity.com/ > > This just loops repeatedly until it dies.

Re: [users@httpd] Compatible version with openjdk21

2024-06-10 Thread Eric Covener
https://hc.apache.org/mail.html On Mon, Jun 10, 2024 at 3:42 AM Sahil Sharma D wrote: > > Hello team, > > > > Which version of https client and Core is compatible with openjdk21? > > > > Regards, > > Sahil >

Re: [users@httpd] Apache error logs of module "proxy_ajp" is not converting to JSON format

2024-04-21 Thread Eric Covener
On Sun, Apr 21, 2024 at 7:57 AM Priyanshi Shah wrote: > > Hi, > > We have converted our Apache error logs to JSON format by defining the format > in httpd.conf file > > ErrorLogFormat "{"timestamp":"%{u}t", "ApacheModule": "%m", "level":"%l", > "ApacheProcessId": "%P", "ApacheThreadId": "%T", "A

Re: [users@httpd] better configtest

2024-04-17 Thread Eric Covener
> What is the point of not starting httpd if there is an issue with a single > virtual host? This gives the best feedback to the user that the config couldn't be honored. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.

Re: [users@httpd] better configtest

2024-04-16 Thread Eric Covener
post-configuration failed. This is when the collected config is acted upon, which is not really within line-by-line mode. Normally there's a preceding error message with more details, maybe in a vhost-specific error log? -- Eric Covener cove...@gmail.com

[users@httpd] CVE-2024-24795: Apache HTTP Server: HTTP Response Splitting in multiple modules

2024-04-04 Thread Eric Covener
Severity: low Affected versions: - Apache HTTP Server 2.4.0 through 2.4.58 Description: HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users

[users@httpd] CVE-2023-38709: Apache HTTP Server: HTTP response splitting

2024-04-04 Thread Eric Covener
Affected versions: - Apache HTTP Server through 2.4.58 Description: Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. Credit: Orange Tsai (@orange_8361) fr

[users@httpd] CVE-2024-27316: Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames

2024-04-04 Thread Eric Covener
Severity: moderate Affected versions: - Apache HTTP Server 2.4.17 through 2.4.58 Description: HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memor

Re: [users@httpd] HTTPD Github latest release

2024-04-03 Thread Eric Covener
On Wed, Apr 3, 2024 at 1:06 PM Aditya Shastri wrote: > > Hello, > > One of my pipelines triggered when the github apache httpd tags were > created for 2.4.59-rc1-candidate (the next one on the list after the > previous 2.4.59) and 2.4.55. > > I wonder if there was an issue with the 2.4.55 release

[users@httpd] rewrite redirect exclude path

2024-03-26 Thread eric tse
/ * I would like to integrate some requirements, i.e. if root or path not equal /foo/bar/* or /foo/bar1/* redirect to https://backend.domain.com/foo/bar Can you please help what's the best syntax to approach this? Many thanks, Eric

Re: [users@httpd] RewriteMap and patterns

2024-03-09 Thread Eric Covener
Might have to prefix with %{DOCUMENT_ROOT} On Sat, Mar 9, 2024 at 11:48 AM Eric Covener wrote: > > Try without [PT]. > > On Sat, Mar 9, 2024 at 11:17 AM Dave Wreski > wrote: > > > > Hi, > > > > I think the issue is that mod_proxy uses r->filen

Re: [users@httpd] RewriteMap and patterns

2024-03-09 Thread Eric Covener
; I'm not sure I understand what that means - do you have a recommendation for > how I should configure this instead? > > dave > > > -- Eric Covener cove...@gmail.com - To unsubscribe, e-mail: users-unsub

Re: [users@httpd] RewriteMap and patterns

2024-03-08 Thread Eric Covener
;GET /content/view/161567 > HTTP/1.1" 404 2983 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 > (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36" X:"SAMEORIGIN" 0/932130 > 1690/11576/2983 H:HTTP/1.1 > U:/news/hackscracks/historic-hacker-attack-o

Re: [users@httpd] RewriteMap and patterns

2024-03-07 Thread Eric Covener
k-on-ebay-happened-3-months-ago > > If I replace [PT] with [L,R=301] it successfully loads the destination link, > but I'm concerned I may be creating an additional redirect. What's the proper > way to do this in my case? > > -- Eric Covener cove...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] working with a reverse proxy

2024-02-27 Thread Eric Covener
> What would a best practice of 'informing' the proxyhost about that it is > being proxied and it should send the defaulthost hostname? can try https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypreservehost - To unsubscr

Re: [users@httpd] AH10224: tunnel timed out

2024-02-07 Thread Eric Covener
On Tue, Feb 6, 2024 at 3:09 PM Holzhaus,Joe wrote: > > Hi, > > > > We are using it as a proxy server to just pass thru data. We started getting > this message about a month ago and not able to track down the culprit and not > sure how to stop it. Any troubleshooting tips would be helpful. > >

Re: [users@httpd] graceful-stop closes established connections without response

2024-01-29 Thread Eric Covener
> > It seems to me If there is no such LB/VIP that stops new connections > > from landing on this server, the new option should be avoided. > > Correct. > > > But if there is such a LB/VIP, the option is not really needed. Is it fair? > > The patch helps in this case because we no longer close the

Re: [users@httpd] graceful-stop closes established connections without response

2024-01-29 Thread Eric Covener
> Maybe I wasn't clear enough but this patch makes sense only if there > is something in place that prevents new connections from arriving at > the stopping httpd children processes (like a frontend/load-balancer > or a tcp/bpf filter), otherwise they may never really stop which does > not help for

Re: [users@httpd] graceful-stop closes established connections without response

2024-01-27 Thread Eric Covener
> apache2: 2.4.56-1~deb11u2, prefork MPM, mod_perl I think it's a large window on prefork where this can happen. If any process is busy processing a request, it cannot close its copy of the listening socket. The OS will continue to complete TCP connections and acknowledge (some) data with nobody

Re: [users@httpd] Re: Issues with test framework against OpenSSL 3.2

2024-01-26 Thread Eric Covener
> > The key here is the "unknown ca", failing the handshake, either because > > the trust chain is broken somehow or the certs need to be generated now > > in a different way with OpenSSL 3.2. I looked at ./t/conf/ssl/ca/asf/certs/ca.crt on the last system I ran the framework on, and it seems to b

Re: [users@httpd] If statement against AUTHENTICATE_memberOf variable created by authnz_ldap

2024-01-26 Thread Eric Covener
> So the first question is: Is it normal that I have to use mod_rewrite to > check for group membership ? I tried hundred of syntaxes with SetEnvIf > or SetEnvIfExpr but I never managed to get it working. I'm not sure why > but I guess it's somehow related to "race condition" (lazy evaluation) > wh

Re: [users@httpd] Apache/php Compression not enabled

2024-01-24 Thread Eric Covener
If you put gibberish in the .htaccess, do you get a 500 error or do things still work? It's a quick test of whether it's being loaded or not for your request. Do you use mod_php or something fastcgi based? I think some of the fastcgi methods do not work with htaccess. ---

Re: [users@httpd] [httpd2.4.57]Possible conflicts between VHosts with SSL and LimitRequestLine

2024-01-21 Thread Eric Covener
> > >> >> Is there any "permeability" between vhosts ? is there any precedence that >> could cause this vhost to be considered as the "master" of some options? >> Could anyone lead me to wha I am doing wrong? >> > Yes, the "default vhost" for a set of name based hosts has its configuration applied

Re: [users@httpd] [httpd2.4.57]Possible conflicts between VHosts with SSL and LimitRequestLine

2024-01-21 Thread Eric Covener
The hostname, normally in the Host header, is not read until after the request line. So it cannot be effectively set in name based vhosts. The manual already warns about it On Sun, Jan 21, 2024, 9:26 AM Florent Thomas wrote: > Hi everyone, > > I'm running : > *Server version: Apache/2.4.57 (Deb

Re: [users@httpd] Rewrite query string?

2024-01-04 Thread Eric Covener
> However, this change is not reflected in the Location bar in my browser. You can append the 'R' flag if you need it to redirect. Otherwise, just the internal representation is changed. RewriteRule ^ %{REQUEST_URI}?search=%1 [NC,L,R] -

Re: [users@httpd] Rewrite query string?

2024-01-04 Thread Eric Covener
> RewriteRule ^/search$ %{REQUEST_URI}?search=%1 [NC,L] probably should restrict to /search as edited - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Rewrite query string?

2024-01-04 Thread Eric Covener
Using a ? in the substitution will replace the existing query - %1 is the first capture in the preceding condition -- Eric Covener cove...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Still have messed up TLS

2023-11-22 Thread Eric Covener
On Wed, Nov 22, 2023 at 10:30 PM John wrote: > > Thanks for the reply Aditya. > > The version of openssl is: openssl-3.0.7-6.el9_2.x86_64 > > the version of mod_ssl is: mod_ssl-2.4.53-11.el9_2.5.x86_64 > > The result of openssl ciphers -s -v tlsv1_3 is: > TLS_AES_256_GCM_SHA384 TLSv1.3 K

Re: [users@httpd] HTTPD site update for ApacheHaus EOS

2023-11-22 Thread Eric Covener
gt; To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > -- Eric Covener cove...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Connection TLS Error

2023-11-19 Thread Eric Covener
On Sun, Nov 19, 2023 at 3:15 PM John wrote: > > On Sun, 2023-11-19 at 14:35 -0500, Eric Covener wrote: > > On Sun, Nov 19, 2023 at 2:31 PM John wrote: > > > > > > When I try to connect to Apache (2.4.53) using TLS 1.3 I get a browser > &g

Re: [users@httpd] Connection TLS Error

2023-11-19 Thread Eric Covener
On Sun, Nov 19, 2023 at 2:31 PM John wrote: > > When I try to connect to Apache (2.4.53) using TLS 1.3 I get a browser error: > Error code: SSL_ERROR_RX_RECORD_TOO_LONG(Firefox) What does your SSL-enabled virtualhost look like?

Re: Re: Re: [users@httpd] Unable to unset Set-Cookie response header&In-Reply-To=

2023-11-14 Thread Eric Covener
On Tue, Nov 14, 2023 at 3:11 PM Luigi Bellio wrote: > > Hi Rainer, > > I tried also in this way but the "Set-Cookie" response header is present. > > I did further tests ... the response header is set also when returning > static resources, for example > > Set-Cookie: > 7133ee39c88e27dfb0

Re: [users@httpd] Unable to unset Set-Cookie response header

2023-11-14 Thread Eric Covener
Set-Cookie" returned by the proxied backend is > not unset and is returned to client. What is missing? > > Thanks for your support? > > Luigi Bellio. -- Eric Covener cove...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Inquiry about apache httpd compile option

2023-09-20 Thread Eric Covener
at 2:27 AM (대학원생) 양성현 (컴퓨터공학과) wrote: > > I appreciate you for your response. > > I understand that some ./configure flags can affect the httpd executable. > > May I know some examples which ./configure flag affects the httpd executable? > ____ > 보

Re: [users@httpd] Inquiry about apache httpd compile option

2023-09-18 Thread Eric Covener
> Does apache httpd binary depend on the compile options? It may, but a change to a ./configure flag will not necessarily affect the httpd executable. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional co

Re: [users@httpd] allow general access after 1 auth

2023-08-12 Thread Eric Covener
> Yes, that would be mod session and it’s related modules No, that doesn't satisfy the following: > If someone authenticates on https://www.example.com/webapp, the url is > available for everyone. -- Eric Covener cove...@gmail.com ---

Re: [users@httpd] Cannot authenticate (after six years)

2023-07-20 Thread Eric Covener
On Thu, Jul 20, 2023 at 9:08 AM Andrew Hoff wrote: > > Hello, > > Strange problem. Everything was going great for at least six years then all > of a sudden authentication using port 80 failed. Authentication using port > 443 works fine. > I first noticed the problem because apache no longer crea

Re: [users@httpd] config - how are multiple VirtualHost directives for the same address handled?

2023-06-30 Thread Eric Covener
On Fri, Jun 30, 2023 at 5:49 AM David Balazic wrote: > > Hi! > > How does apache httpd 2.4 handle multiple VirtualHost directives for the same > address ? There is no virtual host merging. It should be a simple test. - To unsub

Re: [users@httpd] Contribution to Apache HTTP Server Project

2023-06-27 Thread Eric Covener
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org -- Eric Covener cove...@gmail.com - To

Re: [users@httpd] node.js application listening on port 8000 enabled with SSL certificate returns ERR_SSL_PROTOCOL_ERROR on browser.

2023-06-21 Thread Eric Covener
On Wed, Jun 21, 2023 at 1:45 PM Kaushal Shriyan wrote: > > Hi, > > When I hit http://nodejs.mydomain.com:8000/demo/index.html (without ssl) it > works with port number using the below httpd config file. Is there a way to > enable SSL connections? > > httpd.conf file configuration > #cat /etc/htt

Re: [users@httpd] Apache service reported path is invalid

2023-06-07 Thread Eric Covener
On Tue, Jun 6, 2023 at 5:33 AM Ravi Chandra wrote: > > Hi, > >We are using the Apache2.4.57 version on one of the servers. Here we have > facing an issue when we add the external drive to the config file. Kindly > find the below error message which we found in the EventViewer. > > The Apache

Re: [users@httpd] Keepalive closing connections prematurely on high load on newer httpd versions

2023-05-24 Thread Eric Covener
On Wed, May 24, 2023 at 7:46 AM Mateusz Kempski wrote: > > They are all identical VMs. We can also reproduce this on bigger > servers. I don't think this is caused by Rocky or Ubuntu config. I can > see 2 problems during my tests. > 1. httpd does not add any servers when test is running. It kills

Re: [users@httpd]

2023-05-13 Thread Eric Covener
On Sat, May 13, 2023 at 11:03 AM Marc wrote: > > How do I get that the file (docroot)/images/favicon.ico is not loaded from > the disk but instead from the /tmp/os-favicon.ico? Use the Alias directive. https://httpd.apache.org/docs/2.4/urlmapping.html ---

Re: [users@httpd] Unclear RewriteCond docs

2023-05-08 Thread Eric Covener
On Mon, May 8, 2023 at 1:22 PM sebb wrote: > > Another issue is that there is no link to the syntax to be used for > the various conditions. > > For example, how does on express a file/path test or a string comparison? > AFAICT the only example is for a regex, though that is not made explicit. Ar

Re: [users@httpd] Unclear RewriteCond docs

2023-05-08 Thread Eric Covener
On Mon, May 8, 2023 at 10:29 AM Daniel Gruno wrote: > > On 2023-05-08 08:44, Eric Covener wrote: > > On Mon, May 8, 2023 at 9:41 AM Frank Gingras wrote: > >> > >> Sebb, > >> > >> Are you sure about that? I would verify before we venture to clari

Re: [users@httpd] Unclear RewriteCond docs

2023-05-08 Thread Eric Covener
On Mon, May 8, 2023 at 9:41 AM Frank Gingras wrote: > > Sebb, > > Are you sure about that? I would verify before we venture to clarify the docs. I think sebb is right, I've occasionally had to try to weirdly propagate it or delay/combine it. In a rule or condition, the captures of the preceding

Re: [users@httpd] Error in APR files

2023-05-07 Thread Eric Covener
On Sun, May 7, 2023 at 9:55 AM John Iliffe wrote: > > Thanks Frank. > > What I did was: > wget https://apr.apache.org/download.cgi/apr-1.7.4.tar.bz2 Maybe this redirected to a download mirror URL in the past, but it doesn't now and this URL isn't on the website. The website links to https://dl

Re: [users@httpd] Possible to add timestamp to application logs (e.g. stderr)?

2023-04-29 Thread Eric Covener
On Sat, Apr 29, 2023 at 2:54 PM sebb wrote: > > Is it possible to add a timestamp prefix to messages logged by an > application, e.g. to stderr? > > I was hoping that ErrorLogFormat would do this, but it seems that only > applies to messages logged by the server. stderr inside the server itself g

Re: [users@httpd] Re: [EXTERNAL] Re: [users@httpd] OCSP Stapling Configuration Setup

2023-04-24 Thread Eric Covener
> > I have added tracing and see that the OCSP is revoked. I guess my question > is, if the certificate is revoked, should Apache deny access to the > website? Because it is still allowing access even though the OCSP server > mentions that it's revoked. > Is there anything in the docs that implies

Re: [users@httpd] SetEnvIf and exceptions

2023-04-12 Thread Eric Covener
> > One other question - is there an order of processing the .htaccess in the > document root and the virtual host config? Are they both processed > together, or does one take precedence over the other? > If VirtualHost is the only enclosing scope, it is processed earlier so it has lower precedenc

Re: [users@httpd] SetEnvIf and exceptions

2023-04-11 Thread Eric Covener
somehow supersedes the previous > Require. > > With the last Require commented out, it works as expected (blocking all > bots listed in the SetEnvIf), with the exception that it also restricts > libwww access to the RSS feeds. > I don't follow the full intended logic, but if SOMENAME2 is required for access but can never be set due to the regex, I don't think there is necessarily something more to it. -- Eric Covener cove...@gmail.com

Re: [users@httpd] SetEnvIf and exceptions

2023-04-11 Thread Eric Covener
On Tue, Apr 11, 2023 at 9:29 AM Dave Wreski wrote: > > Hi, > > On 4/10/23 11:48 PM, Tatsuki Makino wrote: > > Dave Wreski wrote on 2023/04/11 10:54: > > SetEnvIf user-agent "(?i:TurnitinBot)" stayout=1 > SetEnvIf Request_URI "^linuxsecurity_features\.*$" !stayout > > I have done it in the past, to

Re: [users@httpd] SetEnvIf and exceptions

2023-04-10 Thread Eric Covener
> > .htaccess: negative Require directive has no effect in > directive > Ah, I guess you'll have to restore the RequireAll and its contents.

Re: [users@httpd] SetEnvIf and exceptions

2023-04-08 Thread Eric Covener
t;, requireall, and require all granted leaving just "Require not env stayout" 2. Ditch the RewriteRule and do a second SetEnvIf for the exception (SetEnvIf Request_URI linuxsecurity_features\.xml$ !stayout" -- Eric Covener cove...@gmail.com

Re: [users@httpd] mod_ldap SNI ? Google LDAP server ?

2023-04-05 Thread Eric Covener
On Wed, Apr 5, 2023 at 9:28 AM Eric Covener wrote: > > On Wed, Apr 5, 2023 at 9:19 AM David Tkacik > wrote: > > > > Hello :) > > > > I’m running Apache/2.4.55 with mod_ldap.x86_64 2.4.55-1.amzn2 > > > > I’m trying to make to work the ldap

Re: [users@httpd] mod_ldap SNI ? Google LDAP server ?

2023-04-05 Thread Eric Covener
On Wed, Apr 5, 2023 at 9:19 AM David Tkacik wrote: > > Hello :) > > I’m running Apache/2.4.55 with mod_ldap.x86_64 2.4.55-1.amzn2 > > I’m trying to make to work the ldap over SSL to LDAP provided by Google. But > unfortunately no success. > Via plain LDAP using stunnel all works as expected. But

Re: [users@httpd] old gen workers sticking around post 2.4.49

2023-03-23 Thread Eric Covener
A few weird things: - the old gen should not be able to accept new connections - generally if it's left running, I would want to look at what threads were left running (pstack or often better the few gdb commands here: https://httpd.apache.org/dev/debugging.html#backtrace). Often something will

Re: [users@httpd] CVE-2023-25690: Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy

2023-03-13 Thread Eric Covener
On Mon, Mar 13, 2023 at 7:38 AM Thomas Åkesson wrote: > > > Try e.g. [R,B= ?,...] > > The question mark is to avoid the issue of not being able to have " " > as the final character in this syntax. > >>> > >> > >> Sorry, the above doesn't work. Someone reported in another thread

Re: [users@httpd] CVE-2023-25690: Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy

2023-03-11 Thread Eric Covener
On Fri, Mar 10, 2023 at 5:56 PM Eric Covener wrote: > > > > Try e.g. [R,B= ?,...] > > > > > > The question mark is to avoid the issue of not being able to have " " > > > as the final character in this syntax. > > > > Sorry, the above do

Re: [users@httpd] CVE-2023-25690: Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy

2023-03-10 Thread Eric Covener
> > Try e.g. [R,B= ?,...] > > > > The question mark is to avoid the issue of not being able to have " " > > as the final character in this syntax. > Sorry, the above doesn't work. Someone reported in another thread: [R,B=\ ] > Thanks for the suggestion. I am unable to make 2.4.52 (Ubuntu) accept

Re: [users@httpd] CVE-2023-25690: Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy

2023-03-10 Thread Eric Covener
On Fri, Mar 10, 2023 at 8:56 AM Thomas Åkesson wrote: > > Hi, > > We are experiencing the effect that a RewriteRule resulting in R (redirect) > are blocked (403) with AH10410 despite being encoded before 2.4.56 (the > resulting Location header was ok). Is this change intentional? > > Example: >

[users@httpd] CVE-2023-27522: Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting

2023-03-07 Thread Eric Covener
Severity: moderate Description: HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client. Cred

[users@httpd] CVE-2023-25690: Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy

2023-03-07 Thread Eric Covener
Severity: important Description: Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pa

Re: [users@httpd] Apache is unable to access /tmp in any way

2023-02-15 Thread Eric Covener
> ErrorLog entry: I mean the contents of the log. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache is unable to access /tmp in any way

2023-02-15 Thread Eric Covener
> Except for anything under /tmp. > > I always get 403 Forbidden for that. > What's the verbatim ErrorLog entry for it? - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@http

Re: [users@httpd] problem configuring https

2023-02-11 Thread Eric Covener
On Sat, Feb 11, 2023 at 1:38 PM Phil Kemp wrote: > > I have followed and consulted many of the online resources for configuring > https access to my website. > > > > I still cannot get https to work. > > > > I get that my website is unreachable. Test with a command-line client that gives you mor

Re: [users@httpd] cannot use cache in forward proxy configuration

2023-02-09 Thread Eric Covener
On Thu, Feb 9, 2023 at 7:31 AM Antony Stone wrote: > > On Thursday 09 February 2023 at 12:24:44, bc BC wrote: > > > Thanks for your suggestion > > > > 1) yes, but same issue > > > > 2) i just tried now, and cache remains empty, and no log about caching on > > debug mode > > I would recommend testi

Re: [users@httpd] Bug autoconf

2023-02-03 Thread Eric Covener
On Fri, Feb 3, 2023 at 10:07 AM David Lopez wrote: > > It seems we have to find a common ground on what we are talking about. > > 1. Latest Apache version is 2.4.55, whose date is 2023-01-17, and can be > downloaded from > https://dlcdn.apache.org/httpd/httpd-2.4.55.tar.bz2 > > 2. Latest version

Re: [users@httpd] Bug autoconf

2023-02-02 Thread Eric Covener
On Thu, Feb 2, 2023 at 1:31 PM David Lopez wrote: > > Dear Eric, I thought so too. But as I said, it can be tested with LATEST > official download packages/releases available. What we both saw was not a > definite solution. Thanks for your kind comment. 1.7.1 wasn't release

Re: [users@httpd] Bug autoconf

2023-02-02 Thread Eric Covener
On Sun, Jan 29, 2023 at 9:56 AM David Lopez wrote: > > This is a very subtle bug that has been around in latest software since a few > months ago. In different forums you will see it reported in different > packages of different kinds of software and manufacturers. > > Concretely in Apache we ca

Re: [users@httpd] cannot use cache in forward proxy configuration

2023-01-24 Thread Eric Covener
> > > Le mar. 24 janv. 2023 à 16:32, Eric Covener a écrit : >> >> > CacheEnable disk / >> >> https://httpd.apache.org/docs/2.4/mod/mod_cache.html#cacheenable >> >> I think you need a non-/ argument here for forward proxy >> >> --

Re: [users@httpd] cannot use cache in forward proxy configuration

2023-01-24 Thread Eric Covener
> CacheEnable disk / https://httpd.apache.org/docs/2.4/mod/mod_cache.html#cacheenable I think you need a non-/ argument here for forward proxy - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands,

Re: [users@httpd] Meaning of RewriteRules in adjacent sections

2023-01-20 Thread Eric Covener
> The text seems rather to imply that the description/example is supposed to be > as it is, > but then the behaviour described is somewhat "counter-intuitive", i.e., I > don't see how > I could have deduced it from the descriptions of RewriteOptions and . > The description of RewriteOptions Inher

Re: [users@httpd] Apache (php) Average process size with Event module

2023-01-20 Thread Eric Covener
> In others servers with apache 2.2.34 (for example) and Prefork module the > Average process size (MB) is around 80. > Now, with event module is around 250-500 (see below) > Threads Per Child 25 Should be about 25 times fewer processes for the same workload, so comparing the average per pr

[users@httpd] CVE-2022-37436: Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting

2023-01-17 Thread Eric Covener
Severity: moderate Description: Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by t

[users@httpd] CVE-2022-36760: Apache HTTP Server: mod_proxy_ajp Possible request smuggling

2023-01-17 Thread Eric Covener
Severity: moderate Description: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Se

[users@httpd] CVE-2006-20001: Apache HTTP Server: mod_dav out of bounds read, or write of zero byte

2023-01-17 Thread Eric Covener
Severity: moderate Description: A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. Ref

Re: [users@httpd] Server won't direct to Internal IP address

2023-01-05 Thread Eric Covener
On Thu, Jan 5, 2023 at 7:51 PM jason kerr wrote: > > I have a wood pellet boiler that is connected via ethernet cable to my home > router. I can access the boiler to perform various functions whilst on the > local LAN but not externally. There is no way to password protect this page > so I didn

Re: [users@httpd] Session persist in apache

2022-12-20 Thread Eric Covener
On Tue, Dec 20, 2022 at 10:08 AM vicky chb wrote: > > Is there anyway we can store session data at apache level, also is it going > to store the user credentials at apache level? Yes, you can store and retrieve session data in Apache. But your backend application can't read or write to it, so it

Re: [users@httpd] Session persist in apache

2022-12-20 Thread Eric Covener
On Tue, Dec 20, 2022 at 9:38 AM vicky chb wrote: > > Login is happening at the backend Application which is configured with > Keycloak. The architecture looks like below > > Backend App <-> Apache <---openidconnect---> keycloak > > So, whenever User visits the website, the request goes to Apache

Re: [users@httpd] Session persist in apache

2022-12-20 Thread Eric Covener
On Tue, Dec 20, 2022 at 8:57 AM vicky chb wrote: > > Hi, > > We have Apache configured as Frontend web server for our backend java > application over ajp protocol and using mod_jk. Now, we want to maintain the > user session for some period of time, > > For ex: If a user is logged in using his

  1   2   3   4   5   6   7   8   9   10   >