> Also, Apache should have reported this unclosed on restart.
Config parsing isn't file based/scoped. If you use it eats
everything until the closing even if it's from a different
Include'ed file and not what you intended.
-
T
On Mon, Oct 7, 2024 at 7:12 AM Eric Covener wrote:
>
> >> [Sun Oct 06 10:02:48.889047 2024] [authz_core:error] [pid 10:tid
> >> 131326541519672] [client 192.168.16.1:49194] AH01630: client denied by
> >> server configuration:
> >> /usr/local/apache2/
>> [Sun Oct 06 10:02:48.889047 2024] [authz_core:error] [pid 10:tid
>> 131326541519672] [client 192.168.16.1:49194] AH01630: client denied by
>> server configuration:
>> /usr/local/apache2/htdocs/apps/admin/public_html/.htaccess
This error means it's not filesystem permissions. Are there other
related now. I also don't think it's a resource allocation problem, as
> there's plenty of free memory.
>
> What else can I do to troubleshoot this?
>
> dave
>
>
--
Eric Covener
cove...@gmail.com
-
pying, distributing
> or taking any action in reliance on the contents of this email is strictly
> prohibited. Disclaimer: This email may contain information that is intended
> to lend technical knowledge and support to the recipient. Laws,
> regulations, and best practices change, and the
On Thu, Sep 26, 2024 at 10:26 PM Dave Wreski
wrote:
>
> Hi,
>
> I'm using httpd-2.4.62 on fedora40 and noticed periodic errors related to
> core dumps. Is this a potential bug? I see there are several similar bug
> reports with previous versions but never a resolution.
The crash symptom by ites
-
> [xct-launchpad-dev.domain.com/sid#7009f8][rid#7fc5a8004f80/initial] applying
> pattern '^--proto--/(.*)' to uri
> '/--proto--//xct-iat-stl-1.domain.com/xct/aiotp-initial-request.xct'
>
> [Thu Sep 05 06:17:05.862673 2024] [rewrite:trace3] [pid 3531713:tid 3531735]
On Mon, Sep 9, 2024 at 1:25 PM Daiya, Devendra singh
wrote:
>
> Hi Eric, Team,
>
>
>
> We tested our application with 2.4.62 pointing to older version of
> mod_rewrite.so module (2.4.59) and application is working fine.
>
>
>
> Could you please let us know if there are any limitation defined in
> Is there anything we need to update in config file for Rewrite rule?
I responded last week with followup questions.
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.
> Could you please review this case and let us know if we need to adjust any
> configuration with 2.4.62 version.
>
> 2.4.62 (failing to error.html)
>
> [Mon Aug 19 14:14:47.360450 2024] [rewrite:trace4] [pid 1177:tid 11999]
> mod_rewrite.c(505): [client :] - -
> [cci-launchpad-dev.hostname.com
On Tue, Aug 13, 2024 at 1:13 PM Ohrstrom, Jeffrey wrote:
> we use LuaHookFixups to set some things and I get the sense that could have
> something to do with it.
Can you share pun_proxy.lua?
Can you test with pun_proxy.lua only touching r->handler in the way
that SetHandler example looks in
ht
L and then use hcuri= to
use it from the healthcheck? Or does it not dodge the other problems?
--
Eric Covener
cove...@gmail.com
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
> >46 Order deny,allow
This allows access by default.
"Order allow,deny" denies access by default.
> > The idea is that I can quickly limit access to the website by
> > uncommenting just a single line in the config. However when I change it
> > to
> >
> >47 #Deny
> Main DocumentRoot: "/var/www/html" <<< why
There is an implicit global server configuration used when requests
don't match any IP-based virtual host.
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For ad
On Mon, Jul 1, 2024 at 2:51 PM Matthew Goebel wrote:
>
> Going from 2.4.59 to 2.5.60 I had to make the following change in my
> httpd.conf file.
>
> AddType application/x-httpd-php .php
>
> to
>
> AddHandler application/x-httpd-php .php
Thanks Matthew, this makes perfect sense. I will add this t
On Mon, Jul 1, 2024 at 2:45 PM Jack Swan wrote:
>
> Have an existing application and Apache installation (have been using Apache
> for years).
>
> Upgraded Apache from 2.4.59 to 2.4.60 today and the browser prompts to save
> the index.php file instead of
> serving/processing it when just enterin
On Thu, Jun 20, 2024 at 7:08 PM Dave Wreski
wrote:
> Hi, I should add that I wrote the following to remove an errant question
> mark from the end of another URL, but it doesn't appear to work for the
> homepage.
>
> RewriteCond %{THE_REQUEST} /features\? [NC]
>
RewriteRule ^ %{REQUEST_URI} [L,R=3
> RewriteRule ^(.*)/+$ https://linuxsecurity.com$1 [R=301,END]
>
> I've also set logging to trace5 (even though none of the entries were above
> trace4) - shouldn't it provide me with enough info to determine where/why
> it's looping?
I think it loops because it redirects https://linuxsecurity.c
eferer:
> https://linuxsecurity.com/
> escaping https://linuxsecurity.com for redirect, referer:
> https://linuxsecurity.com/
> redirect to https://linuxsecurity.com [REDIRECT/301], referer:
> https://linuxsecurity.com/
>
> This just loops repeatedly until it dies.
https://hc.apache.org/mail.html
On Mon, Jun 10, 2024 at 3:42 AM Sahil Sharma D
wrote:
>
> Hello team,
>
>
>
> Which version of https client and Core is compatible with openjdk21?
>
>
>
> Regards,
>
> Sahil
>
On Sun, Apr 21, 2024 at 7:57 AM Priyanshi Shah
wrote:
>
> Hi,
>
> We have converted our Apache error logs to JSON format by defining the format
> in httpd.conf file
>
> ErrorLogFormat "{"timestamp":"%{u}t", "ApacheModule": "%m", "level":"%l",
> "ApacheProcessId": "%P", "ApacheThreadId": "%T", "A
> What is the point of not starting httpd if there is an issue with a single
> virtual host?
This gives the best feedback to the user that the config couldn't be honored.
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.
post-configuration failed. This is when the collected
config is acted upon, which is not really within line-by-line mode.
Normally there's a preceding error message with more details, maybe in
a vhost-specific error log?
--
Eric Covener
cove...@gmail.com
Severity: low
Affected versions:
- Apache HTTP Server 2.4.0 through 2.4.58
Description:
HTTP Response splitting in multiple modules in Apache HTTP Server allows an
attacker that can inject malicious response headers into backend applications
to cause an HTTP desynchronization attack.
Users
Affected versions:
- Apache HTTP Server through 2.4.58
Description:
Faulty input validation in the core of Apache allows malicious or exploitable
backend/content generators to split HTTP responses.
This issue affects Apache HTTP Server: through 2.4.58.
Credit:
Orange Tsai (@orange_8361) fr
Severity: moderate
Affected versions:
- Apache HTTP Server 2.4.17 through 2.4.58
Description:
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2
in order to generate an informative HTTP 413 response. If a client does not
stop sending headers, this leads to memor
On Wed, Apr 3, 2024 at 1:06 PM Aditya Shastri
wrote:
>
> Hello,
>
> One of my pipelines triggered when the github apache httpd tags were
> created for 2.4.59-rc1-candidate (the next one on the list after the
> previous 2.4.59) and 2.4.55.
>
> I wonder if there was an issue with the 2.4.55 release
Might have to prefix with %{DOCUMENT_ROOT}
On Sat, Mar 9, 2024 at 11:48 AM Eric Covener wrote:
>
> Try without [PT].
>
> On Sat, Mar 9, 2024 at 11:17 AM Dave Wreski
> wrote:
> >
> > Hi,
> >
> > I think the issue is that mod_proxy uses r->filen
; I'm not sure I understand what that means - do you have a recommendation for
> how I should configure this instead?
>
> dave
>
>
>
--
Eric Covener
cove...@gmail.com
-
To unsubscribe, e-mail: users-unsub
;GET /content/view/161567
> HTTP/1.1" 404 2983 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
> (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36" X:"SAMEORIGIN" 0/932130
> 1690/11576/2983 H:HTTP/1.1
> U:/news/hackscracks/historic-hacker-attack-o
k-on-ebay-happened-3-months-ago
>
> If I replace [PT] with [L,R=301] it successfully loads the destination link,
> but I'm concerned I may be creating an additional redirect. What's the proper
> way to do this in my case?
>
>
--
Eric Covener
cove...@gmail.com
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
> What would a best practice of 'informing' the proxyhost about that it is
> being proxied and it should send the defaulthost hostname?
can try https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypreservehost
-
To unsubscr
On Tue, Feb 6, 2024 at 3:09 PM Holzhaus,Joe
wrote:
>
> Hi,
>
>
>
> We are using it as a proxy server to just pass thru data. We started getting
> this message about a month ago and not able to track down the culprit and not
> sure how to stop it. Any troubleshooting tips would be helpful.
>
>
> > It seems to me If there is no such LB/VIP that stops new connections
> > from landing on this server, the new option should be avoided.
>
> Correct.
>
> > But if there is such a LB/VIP, the option is not really needed. Is it fair?
>
> The patch helps in this case because we no longer close the
> Maybe I wasn't clear enough but this patch makes sense only if there
> is something in place that prevents new connections from arriving at
> the stopping httpd children processes (like a frontend/load-balancer
> or a tcp/bpf filter), otherwise they may never really stop which does
> not help for
> apache2: 2.4.56-1~deb11u2, prefork MPM, mod_perl
I think it's a large window on prefork where this can happen. If any
process is busy processing a request, it cannot close its copy of the
listening socket. The OS will continue to complete TCP connections and
acknowledge (some) data with nobody
> > The key here is the "unknown ca", failing the handshake, either because
> > the trust chain is broken somehow or the certs need to be generated now
> > in a different way with OpenSSL 3.2.
I looked at ./t/conf/ssl/ca/asf/certs/ca.crt on the last system I ran
the framework on, and it seems to b
> So the first question is: Is it normal that I have to use mod_rewrite to
> check for group membership ? I tried hundred of syntaxes with SetEnvIf
> or SetEnvIfExpr but I never managed to get it working. I'm not sure why
> but I guess it's somehow related to "race condition" (lazy evaluation)
> wh
If you put gibberish in the .htaccess, do you get a 500 error or do
things still work? It's a quick test of whether it's being loaded or
not for your request.
Do you use mod_php or something fastcgi based? I think some of the
fastcgi methods do not work with htaccess.
---
>
>
>>
>> Is there any "permeability" between vhosts ? is there any precedence that
>> could cause this vhost to be considered as the "master" of some options?
>> Could anyone lead me to wha I am doing wrong?
>>
>
Yes, the "default vhost" for a set of name based hosts has its
configuration applied
The hostname, normally in the Host header, is not read until after the
request line. So it cannot be effectively set in name based vhosts.
The manual already warns about it
On Sun, Jan 21, 2024, 9:26 AM Florent Thomas
wrote:
> Hi everyone,
>
> I'm running :
> *Server version: Apache/2.4.57 (Deb
> However, this change is not reflected in the Location bar in my browser.
You can append the 'R' flag if you need it to redirect. Otherwise,
just the internal representation is changed.
RewriteRule ^ %{REQUEST_URI}?search=%1 [NC,L,R]
-
> RewriteRule ^/search$ %{REQUEST_URI}?search=%1 [NC,L]
probably should restrict to /search as edited
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Using a ? in the substitution will replace the existing query
- %1 is the first capture in the preceding condition
--
Eric Covener
cove...@gmail.com
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
On Wed, Nov 22, 2023 at 10:30 PM John wrote:
>
> Thanks for the reply Aditya.
>
> The version of openssl is: openssl-3.0.7-6.el9_2.x86_64
>
> the version of mod_ssl is: mod_ssl-2.4.53-11.el9_2.5.x86_64
>
> The result of openssl ciphers -s -v tlsv1_3 is:
> TLS_AES_256_GCM_SHA384 TLSv1.3 K
gt; To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
--
Eric Covener
cove...@gmail.com
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
On Sun, Nov 19, 2023 at 3:15 PM John wrote:
>
> On Sun, 2023-11-19 at 14:35 -0500, Eric Covener wrote:
> > On Sun, Nov 19, 2023 at 2:31 PM John wrote:
> > >
> > > When I try to connect to Apache (2.4.53) using TLS 1.3 I get a browser
> &g
On Sun, Nov 19, 2023 at 2:31 PM John wrote:
>
> When I try to connect to Apache (2.4.53) using TLS 1.3 I get a browser error:
> Error code: SSL_ERROR_RX_RECORD_TOO_LONG(Firefox)
What does your SSL-enabled virtualhost look like?
On Tue, Nov 14, 2023 at 3:11 PM Luigi Bellio wrote:
>
> Hi Rainer,
>
> I tried also in this way but the "Set-Cookie" response header is present.
>
> I did further tests ... the response header is set also when returning
> static resources, for example
>
> Set-Cookie:
> 7133ee39c88e27dfb0
Set-Cookie" returned by the proxied backend is
> not unset and is returned to client. What is missing?
>
> Thanks for your support?
>
> Luigi Bellio.
--
Eric Covener
cove...@gmail.com
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
at 2:27 AM (대학원생) 양성현 (컴퓨터공학과)
wrote:
>
> I appreciate you for your response.
>
> I understand that some ./configure flags can affect the httpd executable.
>
> May I know some examples which ./configure flag affects the httpd executable?
> ____
> 보
> Does apache httpd binary depend on the compile options?
It may, but a change to a ./configure flag will not necessarily affect
the httpd executable.
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional co
> Yes, that would be mod session and it’s related modules
No, that doesn't satisfy the following:
> If someone authenticates on https://www.example.com/webapp, the url is
> available for everyone.
--
Eric Covener
cove...@gmail.com
---
On Thu, Jul 20, 2023 at 9:08 AM Andrew Hoff
wrote:
>
> Hello,
>
> Strange problem. Everything was going great for at least six years then all
> of a sudden authentication using port 80 failed. Authentication using port
> 443 works fine.
> I first noticed the problem because apache no longer crea
On Fri, Jun 30, 2023 at 5:49 AM David Balazic
wrote:
>
> Hi!
>
> How does apache httpd 2.4 handle multiple VirtualHost directives for the same
> address ?
There is no virtual host merging. It should be a simple test.
-
To unsub
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
--
Eric Covener
cove...@gmail.com
-
To
On Wed, Jun 21, 2023 at 1:45 PM Kaushal Shriyan
wrote:
>
> Hi,
>
> When I hit http://nodejs.mydomain.com:8000/demo/index.html (without ssl) it
> works with port number using the below httpd config file. Is there a way to
> enable SSL connections?
>
> httpd.conf file configuration
> #cat /etc/htt
On Tue, Jun 6, 2023 at 5:33 AM Ravi Chandra wrote:
>
> Hi,
>
>We are using the Apache2.4.57 version on one of the servers. Here we have
> facing an issue when we add the external drive to the config file. Kindly
> find the below error message which we found in the EventViewer.
>
> The Apache
On Wed, May 24, 2023 at 7:46 AM Mateusz Kempski
wrote:
>
> They are all identical VMs. We can also reproduce this on bigger
> servers. I don't think this is caused by Rocky or Ubuntu config. I can
> see 2 problems during my tests.
> 1. httpd does not add any servers when test is running. It kills
On Sat, May 13, 2023 at 11:03 AM Marc wrote:
>
> How do I get that the file (docroot)/images/favicon.ico is not loaded from
> the disk but instead from the /tmp/os-favicon.ico?
Use the Alias directive. https://httpd.apache.org/docs/2.4/urlmapping.html
---
On Mon, May 8, 2023 at 1:22 PM sebb wrote:
>
> Another issue is that there is no link to the syntax to be used for
> the various conditions.
>
> For example, how does on express a file/path test or a string comparison?
> AFAICT the only example is for a regex, though that is not made explicit.
Ar
On Mon, May 8, 2023 at 10:29 AM Daniel Gruno wrote:
>
> On 2023-05-08 08:44, Eric Covener wrote:
> > On Mon, May 8, 2023 at 9:41 AM Frank Gingras wrote:
> >>
> >> Sebb,
> >>
> >> Are you sure about that? I would verify before we venture to clari
On Mon, May 8, 2023 at 9:41 AM Frank Gingras wrote:
>
> Sebb,
>
> Are you sure about that? I would verify before we venture to clarify the docs.
I think sebb is right, I've occasionally had to try to weirdly
propagate it or delay/combine it.
In a rule or condition, the captures of the preceding
On Sun, May 7, 2023 at 9:55 AM John Iliffe wrote:
>
> Thanks Frank.
>
> What I did was:
> wget https://apr.apache.org/download.cgi/apr-1.7.4.tar.bz2
Maybe this redirected to a download mirror URL in the past, but it
doesn't now and this URL isn't on the website.
The website links to https://dl
On Sat, Apr 29, 2023 at 2:54 PM sebb wrote:
>
> Is it possible to add a timestamp prefix to messages logged by an
> application, e.g. to stderr?
>
> I was hoping that ErrorLogFormat would do this, but it seems that only
> applies to messages logged by the server.
stderr inside the server itself g
>
> I have added tracing and see that the OCSP is revoked. I guess my question
> is, if the certificate is revoked, should Apache deny access to the
> website? Because it is still allowing access even though the OCSP server
> mentions that it's revoked.
>
Is there anything in the docs that implies
>
> One other question - is there an order of processing the .htaccess in the
> document root and the virtual host config? Are they both processed
> together, or does one take precedence over the other?
>
If VirtualHost is the only enclosing scope, it is processed earlier so it
has lower precedenc
somehow supersedes the previous
> Require.
>
> With the last Require commented out, it works as expected (blocking all
> bots listed in the SetEnvIf), with the exception that it also restricts
> libwww access to the RSS feeds.
>
I don't follow the full intended logic, but if SOMENAME2 is required for
access but can never be set due to the regex, I don't think there is
necessarily something more to it.
--
Eric Covener
cove...@gmail.com
On Tue, Apr 11, 2023 at 9:29 AM Dave Wreski
wrote:
>
> Hi,
>
> On 4/10/23 11:48 PM, Tatsuki Makino wrote:
>
> Dave Wreski wrote on 2023/04/11 10:54:
>
> SetEnvIf user-agent "(?i:TurnitinBot)" stayout=1
> SetEnvIf Request_URI "^linuxsecurity_features\.*$" !stayout
>
> I have done it in the past, to
>
> .htaccess: negative Require directive has no effect in
> directive
>
Ah, I guess you'll have to restore the RequireAll and its contents.
t;, requireall, and require all granted leaving just "Require
not env stayout"
2. Ditch the RewriteRule and do a second SetEnvIf for the exception
(SetEnvIf Request_URI linuxsecurity_features\.xml$ !stayout"
--
Eric Covener
cove...@gmail.com
On Wed, Apr 5, 2023 at 9:28 AM Eric Covener wrote:
>
> On Wed, Apr 5, 2023 at 9:19 AM David Tkacik
> wrote:
> >
> > Hello :)
> >
> > I’m running Apache/2.4.55 with mod_ldap.x86_64 2.4.55-1.amzn2
> >
> > I’m trying to make to work the ldap
On Wed, Apr 5, 2023 at 9:19 AM David Tkacik
wrote:
>
> Hello :)
>
> I’m running Apache/2.4.55 with mod_ldap.x86_64 2.4.55-1.amzn2
>
> I’m trying to make to work the ldap over SSL to LDAP provided by Google. But
> unfortunately no success.
> Via plain LDAP using stunnel all works as expected. But
A few weird things:
- the old gen should not be able to accept new connections
- generally if it's left running, I would want to look at what
threads were left running (pstack or often better the few gdb commands
here: https://httpd.apache.org/dev/debugging.html#backtrace). Often
something will
On Mon, Mar 13, 2023 at 7:38 AM Thomas Åkesson
wrote:
>
>
> Try e.g. [R,B= ?,...]
>
> The question mark is to avoid the issue of not being able to have " "
> as the final character in this syntax.
> >>>
> >>
> >> Sorry, the above doesn't work. Someone reported in another thread
On Fri, Mar 10, 2023 at 5:56 PM Eric Covener wrote:
>
> > > Try e.g. [R,B= ?,...]
> > >
> > > The question mark is to avoid the issue of not being able to have " "
> > > as the final character in this syntax.
> >
>
> Sorry, the above do
> > Try e.g. [R,B= ?,...]
> >
> > The question mark is to avoid the issue of not being able to have " "
> > as the final character in this syntax.
>
Sorry, the above doesn't work. Someone reported in another thread: [R,B=\ ]
> Thanks for the suggestion. I am unable to make 2.4.52 (Ubuntu) accept
On Fri, Mar 10, 2023 at 8:56 AM Thomas Åkesson
wrote:
>
> Hi,
>
> We are experiencing the effect that a RewriteRule resulting in R (redirect)
> are blocked (403) with AH10410 despite being encoded before 2.4.56 (the
> resulting Location header was ok). Is this change intentional?
>
> Example:
>
Severity: moderate
Description:
HTTP Response Smuggling vulnerability in Apache HTTP Server via
mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through
2.4.55.
Special characters in the origin response header can truncate/split the
response forwarded to the client.
Cred
Severity: important
Description:
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through
2.4.55 allow a HTTP Request Smuggling attack.
Configurations are affected when mod_proxy is enabled along with some form of
RewriteRule
or ProxyPassMatch in which a non-specific pa
> ErrorLog entry:
I mean the contents of the log.
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
> Except for anything under /tmp.
>
> I always get 403 Forbidden for that.
>
What's the verbatim ErrorLog entry for it?
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@http
On Sat, Feb 11, 2023 at 1:38 PM Phil Kemp wrote:
>
> I have followed and consulted many of the online resources for configuring
> https access to my website.
>
>
>
> I still cannot get https to work.
>
>
>
> I get that my website is unreachable.
Test with a command-line client that gives you mor
On Thu, Feb 9, 2023 at 7:31 AM Antony Stone
wrote:
>
> On Thursday 09 February 2023 at 12:24:44, bc BC wrote:
>
> > Thanks for your suggestion
> >
> > 1) yes, but same issue
> >
> > 2) i just tried now, and cache remains empty, and no log about caching on
> > debug mode
>
> I would recommend testi
On Fri, Feb 3, 2023 at 10:07 AM David Lopez
wrote:
>
> It seems we have to find a common ground on what we are talking about.
>
> 1. Latest Apache version is 2.4.55, whose date is 2023-01-17, and can be
> downloaded from
> https://dlcdn.apache.org/httpd/httpd-2.4.55.tar.bz2
>
> 2. Latest version
On Thu, Feb 2, 2023 at 1:31 PM David Lopez
wrote:
>
> Dear Eric, I thought so too. But as I said, it can be tested with LATEST
> official download packages/releases available. What we both saw was not a
> definite solution. Thanks for your kind comment.
1.7.1 wasn't released when you tested. Ha
On Sun, Jan 29, 2023 at 9:56 AM David Lopez
wrote:
>
> This is a very subtle bug that has been around in latest software since a few
> months ago. In different forums you will see it reported in different
> packages of different kinds of software and manufacturers.
>
> Concretely in Apache we ca
>
>
> Le mar. 24 janv. 2023 à 16:32, Eric Covener a écrit :
>>
>> > CacheEnable disk /
>>
>> https://httpd.apache.org/docs/2.4/mod/mod_cache.html#cacheenable
>>
>> I think you need a non-/ argument here for forward proxy
>>
>> --
> CacheEnable disk /
https://httpd.apache.org/docs/2.4/mod/mod_cache.html#cacheenable
I think you need a non-/ argument here for forward proxy
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands,
> The text seems rather to imply that the description/example is supposed to be
> as it is,
> but then the behaviour described is somewhat "counter-intuitive", i.e., I
> don't see how
> I could have deduced it from the descriptions of RewriteOptions and .
> The description of RewriteOptions Inher
> In others servers with apache 2.2.34 (for example) and Prefork module the
> Average process size (MB) is around 80.
> Now, with event module is around 250-500 (see below)
> Threads Per Child 25
Should be about 25 times fewer processes for the same workload, so
comparing the average per pr
Severity: moderate
Description:
Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response
headers to be truncated early, resulting in some headers being incorporated
into the response body. If the later headers have any security purpose, they
will not be interpreted by t
Severity: moderate
Description:
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to
smuggle requests to the AJP server it forwards requests to. This issue affects
Apache HTTP Server Apache HTTP Se
Severity: moderate
Description:
A carefully crafted If: request header can cause a memory read, or write of a
single zero byte, in a pool (heap) memory location beyond the header value
sent. This could cause the process to crash.
This issue affects Apache HTTP Server 2.4.54 and earlier.
Ref
On Thu, Jan 5, 2023 at 7:51 PM jason kerr wrote:
>
> I have a wood pellet boiler that is connected via ethernet cable to my home
> router. I can access the boiler to perform various functions whilst on the
> local LAN but not externally. There is no way to password protect this page
> so I didn
On Tue, Dec 20, 2022 at 10:08 AM vicky chb wrote:
>
> Is there anyway we can store session data at apache level, also is it going
> to store the user credentials at apache level?
Yes, you can store and retrieve session data in Apache. But your
backend application can't read or write to it, so it
On Tue, Dec 20, 2022 at 9:38 AM vicky chb wrote:
>
> Login is happening at the backend Application which is configured with
> Keycloak. The architecture looks like below
>
> Backend App <-> Apache <---openidconnect---> keycloak
>
> So, whenever User visits the website, the request goes to Apache
On Tue, Dec 20, 2022 at 8:57 AM vicky chb wrote:
>
> Hi,
>
> We have Apache configured as Frontend web server for our backend java
> application over ajp protocol and using mod_jk. Now, we want to maintain the
> user session for some period of time,
>
> For ex: If a user is logged in using his
On Sat, Dec 10, 2022 at 7:49 AM Eric Covener wrote:
>
> > I thought of setting a variable with SetEnvIfExpr, or with RewriteCond,
> > but they're not designed for that and I don't think that's possible.
>
> I think the SetEnvIfExpr way is the way to go.
Wh
> I thought of setting a variable with SetEnvIfExpr, or with RewriteCond,
> but they're not designed for that and I don't think that's possible.
I think the SetEnvIfExpr way is the way to go.
-
To unsubscribe, e-mail: users-unsub
1 - 100 of 3198 matches
Mail list logo
