Re: [users@httpd] Not able to make .so file during install apache-2.4.18

2016-04-13 Thread Yann Ylavic
On Wed, Apr 13, 2016 at 10:39 AM, Yann Ylavic <ylavic@gmail.com> wrote: > Does adding --enable-so=yes make a difference? Otherwise, please attach your config.log file. > > Regards, > Yann. - To unsubscr

Re: [users@httpd] Not able to make .so file during install apache-2.4.18

2016-04-13 Thread Yann Ylavic
Hi, On Wed, Apr 13, 2016 at 9:15 AM, Hemant Chaudhary wrote: > > CFLAGS="-Wextensions -Wv -D__TANDEM"; export CFLAGS > "./configure" \ > "--prefix=/home/hemant/testC/apache" \ > "--with-included-apr" \ >

Re: [users@httpd] Not able to make .so file during install apache-2.4.18

2016-04-12 Thread Yann Ylavic
Hello Hemant, On Tue, Apr 12, 2016 at 10:58 AM, Hemant Chaudhary wrote: > While installing apache-2.4.18 on Non Stop HP, I am not able to create .so > file(shared file) which is required in httpd.conf. It is creating '.a ' > file in modules but not ' .so ' .

Re: [users@httpd] Self-compiled httpd and OpenSSL: Trying to start httpd without using LD_LIBRARY_PATH

2016-04-08 Thread Yann Ylavic
On Fri, Apr 8, 2016 at 3:01 PM, Poggenpohl, Daniel wrote: > > Then I use my new shiny command to remove the global_symbol_pipe bug in the > libtool script: > LIBTOOL=/moodle/installers/httpd-2.4.18/srclib/apr/libtool; sed >

Re: [users@httpd] Self-compiled httpd and OpenSSL: Trying to start httpd without using LD_LIBRARY_PATH

2016-04-07 Thread Yann Ylavic
On Thu, Apr 7, 2016 at 5:21 PM, Poggenpohl, Daniel wrote: > > LDFLAGS="-L$OPENSSLDIR/lib -R $OPENSSLDIR/lib" I don't know which compiler you are using, but gcc's -R is not working correctly (on Linux at least), whereas "-Wl,-rpath,$OPENSSLDIR/lib" is...

Re: [users@httpd] MPM Worker : Two processes launched with no activity

2016-04-01 Thread Yann Ylavic
On Fri, Apr 1, 2016 at 6:52 PM, Sylvain Goulmy wrote: > Thanks for your analysis Yann, i'll stay tuned on the dev mailing list. I committed [1], will wait a bit for others to review it and then propose a backport. Regards, Yann. [1] http://svn.apache.org/r1737447

Re: [users@httpd] MPM Worker : Two processes launched with no activity

2016-04-01 Thread Yann Ylavic
On Fri, Apr 1, 2016 at 9:57 AM, Sylvain Goulmy wrote: > > No i don't use that directive, here is the extract of the running > configuration : OK, actually this is caused by the introduction of Listeners Buckets (SO_REUSEPORT handling), precisely in 2.4.17. Before we used to

Re: [users@httpd] Debian way or standard

2016-04-01 Thread Yann Ylavic
On Fri, Apr 1, 2016 at 1:02 PM, rap wrote: > > The Debian style for Apache2 configuration is different from the standard > version. Are there reasons why I shouldn't/couldn't use the standard Apache > version from apache.org on top of Debian instead of the Debian version > packages?

Re: [users@httpd] MPM Worker : Two processes launched with no activity

2016-03-31 Thread Yann Ylavic
On Thu, Mar 31, 2016 at 1:12 PM, Sylvain Goulmy wrote: > Hi Yann, > > Two children processes. Did you configure ListenCoresBucketsRatio? - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For

Re: [users@httpd] MPM Worker : Two processes launched with no activity

2016-03-31 Thread Yann Ylavic
On Thu, Mar 31, 2016 at 10:46 AM, Sylvain Goulmy wrote: > > I'm currently using apache 2.4.17 on RHEL with the worker mode configured > this way : > > - ThreadLimit : 200 > - ServerLimit : 50 > - ThreadsPerChild : 50 > - MaxRequestWorkers : 150 > - MinSpareThreads : 10 > -

Re: [users@httpd] .so modules not being created Apache 2.4.18

2016-03-30 Thread Yann Ylavic
On Tue, Mar 29, 2016 at 9:51 PM, Leonay Wynn wrote: > ok did that and make got an error. is it telling me to recompile openssl > with the -fPIC option?? > > /usr/bin/ld: /usr/local/ssl/lib/libssl.a(s3_srvr.o): relocation R_X86_64_32 > against `a local symbol' can not be used

Re: [users@httpd] .so modules not being created Apache 2.4.18

2016-03-29 Thread Yann Ylavic
On Tue, Mar 29, 2016 at 9:18 PM, Leonay Wynn wrote: > make depend results: You still need "make && make install" after "make depend". - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For

Re: [users@httpd] .so modules not being created Apache 2.4.18

2016-03-29 Thread Yann Ylavic
On Tue, Mar 29, 2016 at 8:52 PM, Yann Ylavic <ylavic@gmail.com> wrote: > On Tue, Mar 29, 2016 at 7:52 PM, Leonay Wynn <lwkj...@gmail.com> wrote: >> I need to upgrade from 2.2 to to 2.4 >> >> i used ./configure --prefix=/apps/httpd --enable-ssl >> --wi

Re: [users@httpd] .so modules not being created Apache 2.4.18

2016-03-29 Thread Yann Ylavic
On Tue, Mar 29, 2016 at 7:52 PM, Leonay Wynn wrote: > I need to upgrade from 2.2 to to 2.4 > > i used ./configure --prefix=/apps/httpd --enable-ssl > --with-ssl=/usr/local/ssl --with-mpm=worker --enable-module=headers > > as well as > ./configure --prefix=/apps/httpd

Re: [users@httpd] TLSv1.2

2016-03-29 Thread Yann Ylavic
On Tue, Mar 29, 2016 at 6:03 PM, Leonay Wynn wrote: > I have added ./configure --prefix=/apps/httpd --enable-ssl > --with-ssl=/usr/local/ssl --with-mpm=worker --enable-module=headers > --enable-shared=headers > > my mod_headers.so is not being generated with this. I tried to

Re: [users@httpd] Unable to set up virtual hosts on Mac

2016-03-22 Thread Yann Ylavic
On Tue, Mar 22, 2016 at 10:06 AM, Roparzh Hemon <roparzhhe...@gmail.com> wrote: > On Tue, Mar 22, 2016 at 9:56 AM, Yann Ylavic <ylavic@gmail.com> wrote: >> It's usually not a good idea to have the HTTP server own (and be able >> to write to) the files/directory it

Re: [users@httpd] Unable to set up virtual hosts on Mac

2016-03-22 Thread Yann Ylavic
On Mon, Mar 21, 2016 at 1:31 PM, Roparzh Hemon wrote: > > Contents of /private/etc/apache2/httpd.conf file : [] > > User myusernamehere > Group staff It's usually not a good idea to have the HTTP server own (and be able to write to) the files/directory it serves. So you

Re: [users@httpd] Unable to set up virtual hosts on Mac

2016-03-22 Thread Yann Ylavic
On Tue, Mar 22, 2016 at 9:15 AM, Yann Ylavic <ylavic@gmail.com> wrote: > > Here you probably need something like: > > Sorry, without the trailing /, ie: and with the path/name you finally chose for you site... > Require all granted > D

Re: [users@httpd] Unable to set up virtual hosts on Mac

2016-03-22 Thread Yann Ylavic
On Mon, Mar 21, 2016 at 1:31 PM, Roparzh Hemon wrote: > > Contents of /private/etc/apache2/extra/httpd-vhosts.conf file : [] > > > ServerName strawberry.com > ServerAlias www.strawberry.com > DocumentRoot "/Users/myusernamehere/Sites/strawberry" > ErrorLog

Re: Re: [users@httpd] Lots of messages "[ssl:warn] Resource deadlock avoided: AH02026: Failed to acquire SSL session cache lock"

2016-03-10 Thread Yann Ylavic
On Thu, Mar 10, 2016 at 4:14 PM, Hildegard Meier wrote: > >> > Mutex file:${APACHE_LOCK_DIR} default >> >> Does it come from Ubuntu? >> If so, I don't any modern Linux should configure the "file" mutex >> mechanism by default, and you could possibly report it... > > Yes, that is

Re: [users@httpd] Lots of messages "[ssl:warn] Resource deadlock avoided: AH02026: Failed to acquire SSL session cache lock"

2016-03-10 Thread Yann Ylavic
On Thu, Mar 10, 2016 at 11:09 AM, Hildegard Meier wrote: > Reading > https://httpd.apache.org/docs/2.4/en/mod/core.html#mutex > > I guess, expected behaviour of active directive > > Mutex file:${APACHE_LOCK_DIR} default Does it come from Ubuntu? If so, I don't any modern Linux

Re: [users@httpd] Lots of messages "[ssl:warn] Resource deadlock avoided: AH02026: Failed to acquire SSL session cache lock"

2016-03-09 Thread Yann Ylavic
Hi, On Wed, Mar 9, 2016 at 2:18 PM, Hiwot Wonago wrote: > hello everyone, please don't hijack threads, just open a new one. Regards, Yann. - To unsubscribe, e-mail:

Re: [users@httpd] Lots of messages "[ssl:warn] Resource deadlock avoided: AH02026: Failed to acquire SSL session cache lock"

2016-03-08 Thread Yann Ylavic
On Tue, Mar 8, 2016 at 4:44 PM, hildegard meier wrote: > OS: > Ubuntu 14.04 LTS > > Kernel: > 3.13.0-79-generic x86_64 > > Apache: > 2.4.7-1ubuntu4.5 What's the output of: # apachectl -V ? - To unsubscribe,

Re: [users@httpd] blocking xmlrpc.php

2016-03-08 Thread Yann Ylavic
Hi, On Tue, Mar 8, 2016 at 11:36 AM, Miguel González wrote: > > I suspect that the previous connections trying to explote xmlrpc.php are > now just being logged and shown as "Waiting for connection". > > Maybe the iptables rule should be different? Did you try REJECT

Re: [users@httpd] Howto accept only one connection

2016-02-19 Thread Yann Ylavic
On Fri, Feb 19, 2016 at 1:32 PM, Oliver Graute wrote: > > my requirement is: > > "The Apache server listens on port 443i (https). It must accept only one > connection at a time on this port" > > so its one socket opened between the client and the server. I guess

Re: [users@httpd] Block access to "OPTIONS *"

2016-02-12 Thread Yann Ylavic
On Fri, Feb 12, 2016 at 10:47 AM, Daniel wrote: > The typical way to block OPTIONS in 2.2 does not need mod_rewrite at all > IIRC. You just add this in your location/directory: > > deny from all > > > and will return 403 if you try OPTIONS

Re: [users@httpd] Block access to "OPTIONS *"

2016-02-12 Thread Yann Ylavic
On Fri, Feb 12, 2016 at 2:38 AM, Spork Schivago wrote: > Sorry to put in here, but is there away for me to test to see if my server > is affected by this OPTIONS issue? OPTIONS is not an issue, could you elaborate? > I have cPanel / WHM and ConfigServer > Firewall

Re: [users@httpd] Block access to "OPTIONS *"

2016-02-11 Thread Yann Ylavic
Hello, On Thu, Feb 11, 2016 at 10:56 PM, Toomas Aas wrote: > > Approach 1: > - > RewriteCond %{REQUEST_METHOD} OPTIONS > RewriteRule .* - [R=405,L] > - You also need to set: RewriteOptions

Re: [users@httpd] How to build Apache with FIPS mode capable?

2016-02-10 Thread Yann Ylavic
Hi, On Wed, Feb 10, 2016 at 11:14 PM, Christopher Schultz wrote: > > To those down and dirty with httpd: is there a reason not to > UNCONDITIONALLY build against OpenSSL's FIPS_mode_set? If the library > doesn't support FIPS mode, it will complain about it and

Re: [users@httpd] Frequently updating static content

2016-01-20 Thread Yann Ylavic
On Wed, Jan 20, 2016 at 9:36 PM, David Rush wrote: > I'm using Apache 2.4 (on Linux) to serve some static files that are > re-created and re-written every two minutes. The nature of our site is that > we get hammered with high request rates from time to time (thousands of >

Re: [users@httpd] Apache stops serving pages

2016-01-12 Thread Yann Ylavic
On Tue, Jan 12, 2016 at 4:32 AM, Jim Walls wrote: > > I'm running out of ideas. > > Anybody else? Did you try Kevin's proposal, that is : AcceptFilter http none AcceptFilter https none ? Regards, Yann.

Re: [users@httpd] Apache stops serving pages

2016-01-12 Thread Yann Ylavic
On Tue, Jan 12, 2016 at 5:40 PM, Jim Walls <j...@k6ccc.org> wrote: > Yann Ylavic asked: >> Did you try Kevin's proposal, that is : >> AcceptFilter http none >> AcceptFilter https none > > > I don't remember seeing that message, so no I didn't. > > Howev

Re: [users@httpd] unexpected behaviour of default host

2015-12-29 Thread Yann Ylavic
On Tue, Dec 29, 2015 at 8:49 PM, Hajo Locke wrote: > > > Am 29.12.2015 um 20:07 schrieb Eric Covener: >> >> On Tue, Dec 29, 2015 at 2:05 PM, Hajo Locke wrote: >>> >>> In Apache 2.2 we used additional "Servername *", but with 2.4 it is not >>> allowed to use

Re: [users@httpd] Help with Apache configuration

2015-12-29 Thread Yann Ylavic
On Tue, Dec 29, 2015 at 3:16 PM, Yann Ylavic <ylavic@gmail.com> wrote: > > You possibly need something like: > > RewriteRule ^/app1/(.*) > http://host_name1:app1_port/app/WebObjects/app.woa/$1 [P] > RewriteRule ^/app2/(.*) > http://host_name2:app2_port/a

Re: [users@httpd] Help with Apache configuration

2015-12-29 Thread Yann Ylavic
Hi, On Fri, Dec 18, 2015 at 2:35 PM, chetan jain wrote: > > #For app-1 > >RewriteRule ^/app1$ /app1/ [R] >RewriteRule ^/app1/(.*) /app/WebObjects/app.woa/$1 [P] >ProxyPass /app/WebObjects/app.woa/ > http://host_name1:app1_port/app/WebObjects/app.woa/ >

Re: [users@httpd] ProxyPass + Redirect

2015-12-17 Thread Yann Ylavic
On Thu, Dec 17, 2015 at 8:14 AM, Marat Khalili wrote: > Crude, but what about: > > ProxyPassMatch "^/foo/(.+)$" "http://localhost:8009/foo/$1; or (along the lines): ProxyPassMatch ^/foo/((?!index\.html$).+)$ http://localhost:8009/foo/$1 Regards, Yann.

Re: [users@httpd] explicitly including other ciphers for use with https

2015-12-08 Thread Yann Ylavic
On Tue, Dec 8, 2015 at 8:51 PM, Ron Croonenberg wrote: > > This is just a bunch of hardware, with connections between it's nodes. > The whole thing/cluster is not connected to anything 'internet', not even > LAN. I worry about those connections being secure as much as I worry

Re: [users@httpd] Re: mpm-event, ServerLimit and ThreadsPerChild on multicore systems

2015-11-20 Thread Yann Ylavic
Hello, it probably depends on your workload and stability/scalability expectations. >From my testing, the more threads vs processes, the better for performances and memory footprint. But also more impacted connections when a problem occurs (process crash)... Regards, Yann. On Fri, Nov 20, 2015

Re: [users@httpd] Redirect[Match] behind load-balancer switching protocols

2015-11-18 Thread Yann Ylavic
On Tue, Nov 17, 2015 at 10:06 PM, Christopher Schultz wrote: > > Is there another environment variable or other setting that I need to > use in order to override httpd's protocol-detection? You could specify: Protocol https in the corresponding VirtualHost

Re: [users@httpd] Getting "connection refused" Apache 2.4

2015-11-16 Thread Yann Ylavic
On Tue, Nov 17, 2015 at 1:11 AM, Yann Ylavic <ylavic@gmail.com> wrote: > On Tue, Nov 17, 2015 at 12:23 AM, o haya <oh...@yahoo.com.invalid> wrote: >> >> This is with the as-built Apache configuration settings (i.e., I haven't >> tried tweaking them

Re: [users@httpd] Getting "connection refused" Apache 2.4

2015-11-16 Thread Yann Ylavic
On Tue, Nov 17, 2015 at 12:23 AM, o haya wrote: > > This is with the as-built Apache configuration settings (i.e., I haven't > tried tweaking them). Please share your settings for ServerLimit, MaxRequestWorkers (was MaxClients in 2.2.x), MaxSpareThreads, MinSpareThreads

Re: [users@httpd] Persistent proxied connections with Apache 2.4.x?

2015-11-06 Thread Yann Ylavic
Hi Jim, disclaimer: I'm not an NTLM expert... On Tue, Nov 3, 2015 at 3:04 PM, o haya wrote: > > I think that other info that binds to the authenticated user is at the > SharePoint application level (maybe persisted in the app on the client side) > because it doesn't look like

Re: [users@httpd] Apache closes the connection after receiving a request.

2015-11-03 Thread Yann Ylavic
On Tue, Nov 3, 2015 at 12:47 PM, Novi Jinx wrote: > > Recently I have experienced a behaviour of Apache on my PROD environment that > I could not explain. My Apache decided to close a TCP connection right after > successfully receiving a request (sent ACK back to a

Re: [users@httpd] Persistent proxied connections with Apache 2.4.x?

2015-10-27 Thread Yann Ylavic
Hi Jim, On Tue, Oct 27, 2015 at 1:57 AM, o haya wrote: > > First of all, as a kind of an aside remark (sorry for the "pun" :)), from my > testing, it appears that if I have "ProxySet keepalive=On" inside a > , then the requests to the backend all have "Connection:

Re: [users@httpd] Persistent proxied connections with Apache 2.4.x?

2015-10-26 Thread Yann Ylavic
Hi Jim, sorry for the late, I'm not much online these days. On Sun, Oct 25, 2015 at 9:54 PM, o haya wrote: > > - With respect to proxying NTLM authentication, does the "aside connections" > functionality that was mentioned earlier accomplish the same thing as using >

Re: [users@httpd] Common configuration-set for all VirtualHost's

2015-10-22 Thread Yann Ylavic
On Thu, Oct 22, 2015 at 12:05 AM, Binyamin <7rai...@inbox.lv> wrote: > > Does Apache (httpd) has compatibility to define configuration-set for all > VirtualHost's like: You can have a look at mod_macro: https://httpd.apache.org/docs/2.4/mod/mod_macro.html. Regards, Yann.

Re: [users@httpd] Chunked transfer delay with httpd 2.4 on Windows.

2015-10-19 Thread Yann Ylavic
On Mon, Oct 19, 2015 at 11:44 PM, Andy Wang wrote: > > Spdficially, note the 5 second delay between the first segment (No. 1854) > and the second data segment (1856). Does it correspond to the KeepAliveTimeout configured on the httpd side? (Note that if you did not configure it,

Re: [users@httpd] Chunked transfer delay with httpd 2.4 on Windows.

2015-10-19 Thread Yann Ylavic
On Tue, Oct 20, 2015 at 12:15 AM, Andy Wang <aw...@ptc.com> wrote: > > On 10/19/2015 05:08 PM, Yann Ylavic wrote: >> >> On Mon, Oct 19, 2015 at 11:44 PM, Andy Wang <aw...@ptc.com> wrote: >>> >>> >>> Spdficially, note the 5 second delay bet

Re: [users@httpd] mod_rewrite

2015-10-13 Thread Yann Ylavic
Hello, On Tue, Oct 13, 2015 at 12:27 AM, Earl Terwilliger wrote: > > if I want to block anyone manually typing in a link (no referer) + > hotlinking (probably has a referer). Do i need the [OR] on the 1st > RewriteCond and not the 2nd one? It seems to work with OR on both >

Re: [users@httpd] Need Open SSL

2015-10-06 Thread Yann Ylavic
Hello, you can download binaries for Windows by following: http://httpd.apache.org/docs/current/platform/windows.html#down Regards, Yann. On Tue, Oct 6, 2015 at 8:52 AM, Mahendiran Vel wrote: > Hi All, > > I'm going to use Apache openssl to my project(windows Server). when

Re: [users@httpd] VirtualHost configuration not working?

2015-10-05 Thread Yann Ylavic
On Sat, Oct 3, 2015 at 4:25 PM, Felix Rubio Dalmau wrote: > > After this change, if I ping site3.example.com, the address is properly > resolved to the vpn (10.8.0.1). Then, from Firefox, I access > http://site3.example.com and the URL is magically converted into >

Re: [users@httpd] VirtualHost configuration not working?

2015-09-30 Thread Yann Ylavic
Hi, can you provide the output of "apachectl -S"? You may hide real names with site1, site2, ... but please keep one name per orinal name. Regards, Yann. On Tue, Sep 29, 2015 at 8:07 PM, Felix Rubio Dalmau wrote: > Hi Marat, httpd-users :) > > > > I have updated

Re: [users@httpd] mod_cache + worker mpm + php-fpm mangling response headers on cache misses

2015-09-16 Thread Yann Ylavic
Hi Ed, On Tue, Sep 15, 2015 at 10:10 PM, Edward Lu wrote: > This looks like a bug. I believe I've tracked down the cause to a single > errant line in the cache module; can you apply the attached patch to 2.4.x > and see if it fixes the problem? I think the patch would also

Re: [users@httpd] Re: Single Sign-On windows AD authentication with Windows Apache web server

2015-09-07 Thread Yann Ylavic
Hi, On Mon, Sep 7, 2015 at 7:53 AM, Ashish Mistry wrote: > I have gone through many articles by searching on Google. I have tried > searching the below terms > - "Apache web server single sign-on for window AD server" > - "Single sign-on for windows AD for apache web

Re: [users@httpd] Difference between Apache 2.2.4 Vs 2.2.25

2015-09-04 Thread Yann Ylavic
On Fri, Sep 4, 2015 at 7:54 PM, Yimin Huang wrote: > > I'm new to this mailing list. Please don't hijack threads, open a new one with a relevant subject. Regards, Yann. - To unsubscribe, e-mail:

Re: [users@httpd] Errors when installing apache 2.4.16 on Linux

2015-09-04 Thread Yann Ylavic
Hi, On Fri, Sep 4, 2015 at 11:46 PM, Yimin Huang wrote: > > When I did "make", I got the following > error in exports.c. Did you try "make clean && make"? Regards, Yann. - To unsubscribe, e-mail:

Re: [users@httpd] SSLProxyMachineCertificatePath certificate selection

2015-09-03 Thread Yann Ylavic
On Tue, Sep 1, 2015 at 12:54 AM, Andika Daud wrote: > > Does anyone how SSLProxyMachineCertificatePath cert selection works? I mean > how does the proxy server knows which certificate to use/present to the > remote servers? By matching its certificates' issuer against the CA

Re: [users@httpd] Convert mod_jk to mod_proxy

2015-09-03 Thread Yann Ylavic
On Thu, Sep 3, 2015 at 10:36 AM, Yann Ylavic <ylavic@gmail.com> wrote: > > On Thu, Sep 3, 2015 at 10:13 AM, aparna Puram <aparnapu...@gmail.com> wrote: >> >> ProxyPass /*.png ! > > ProxyPassMatch instea

Re: [users@httpd] EC Parameters

2015-09-03 Thread Yann Ylavic
On Thu, Sep 3, 2015 at 8:33 AM, Jason - wrote: > Suppose that I have an EC curve name - let's say secp521r1. How do I insert > it into my first certificate file so that Apache can accept it? This > functionality is shortly described here ( >

Re: [users@httpd] Convert mod_jk to mod_proxy

2015-09-03 Thread Yann Ylavic
Hello, On Thu, Sep 3, 2015 at 10:13 AM, aparna Puram wrote: > > Can I use as following? > > ProxyPass /*.png ! ProxyPassMatch instead. > ProxyPassReverse /*.png ! Not needed (makes no sense). Regards, Yann.

Re: [users@httpd] Convert mod_jk to mod_proxy

2015-09-03 Thread Yann Ylavic
On Thu, Sep 3, 2015 at 11:47 AM, aparna Puram wrote: > So, This from uri woker properties > > > !/*.png=* works same as ProxyPassMatch \.png$ ! > > > ? I don't know mod_jk, but if the purpose is to not forward png requests to the backend then yes (those will be served

Re: [users@httpd] RE: Mod_cluser with JBOSS EAP6.3

2015-09-03 Thread Yann Ylavic
On Thu, Sep 3, 2015 at 12:09 PM, Narasimha Rao Gajje wrote: > Did anyone please help me on this. mod_cluster is a third-party module, so you may have more chance on their mailing-list/forum. Regards, Yann.

Re: [users@httpd] ECC Curve Order Preference

2015-09-02 Thread Yann Ylavic
On Wed, Sep 2, 2015 at 1:48 PM, Jason - wrote: > I have Ubuntu 15.04 with Apache 2.4.10 (OpenSSL 1.0.1f) and I would like to > configure Apache ssl.conf specifically for "ECC Curve Order", as on Windows > 10, where I select the preferred order of Elliptic Curves. I have

Re: [users@httpd] Badboy load testing of Apache

2015-08-28 Thread Yann Ylavic
On Fri, Aug 28, 2015 at 9:49 PM, Rose, John B jbr...@utk.edu wrote: Does anyone have any experience using a tool called Badboy for load testing of Apache? Comments? Good? Bad? FWIW, given the name I'd say the latter :p - To

Re: [users@httpd] SSL Session Id lost?

2015-07-23 Thread Yann Ylavic
On Thu, Jul 23, 2015 at 3:50 PM, Alex Soto asot...@gmail.com wrote: It seems that everything is configured correctly since sometimes works. Have you ever found something similar or knows what it can be happening? Do you think that maybe the problem is on client (browser) side? We say that

Re: [users@httpd] Re: Http trailers in chunked requests

2015-07-23 Thread Yann Ylavic
On Thu, Jul 23, 2015 at 11:03 AM, Sachin Shetty sachin.she...@gmail.com wrote: From the change list, I found that you added support for MergeTrailers in 2.4.11 - any idea on how I could make it work? I just need apache to let the trailers pass through to the upstream haproxy, I am not

Re: [users@httpd] Re: Problem in chunked response

2015-07-22 Thread Yann Ylavic
On Wed, Jul 22, 2015 at 8:58 AM, skbarik skba...@gmail.com wrote: We are very heavily dependant upon the extension to indicate certain status to client. and unfortunately we dont have any control over backend to change this. Is there way to configure mod proxy to not discard this. No,

Re: [users@httpd] Apache 2.4: SSLProtocol directive not taking effect

2015-07-22 Thread Yann Ylavic
On Wed, Jul 22, 2015 at 11:14 PM, Hébergement web ArbreBinaire.com hebergem...@arbrebinaire.com wrote: Hi, We've been stumped by a configuration problem of our Apache 2.4 server, on CentOS 7. Our goal is to prevent the Poodle vulnerability by removing the SSLv3 protocol. But it seems this

Re: [users@httpd] Re: Problem in chunked response

2015-07-21 Thread Yann Ylavic
On Tue, Jul 21, 2015 at 10:31 AM, shailender shailender.khugs...@gmail.com wrote: Is there any configuration available in apache which can be applied to send the chunk as it is to client. mod_proxy won't forward chunk-extensions, and it is not required to (see [1]) since they are hop-by-hop

Re: [users@httpd] Cannot get ExecCGI to work with userdir apache 2.4.6

2015-07-20 Thread Yann Ylavic
On Mon, Jul 20, 2015 at 5:09 PM, Tucker, Doug tuck...@lyle.smu.edu wrote: Directory /*/*/*/public_html You may also use DirectoryMatch ([1]) to be more precise/restrictive about root paths, by using regular expressions. [1] http://httpd.apache.org/docs/2.4/mod/core.html#directorymatch

Re: [users@httpd] lookaround in mod_substitute pattern

2015-07-10 Thread Yann Ylavic
Hi Zimmi, On Fri, Jul 10, 2015 at 1:26 PM, Zimmi zimm...@gmail.com wrote: Are only lookahead (?=foo) supported in mod_substitute, and not the other (negative lookahead, lookbehind and negative lookbehind) ? Other syntax or did I miss something ? A lookbehind assertion needs its subject to be

Re: [users@httpd] unsubscribe

2015-07-08 Thread Yann Ylavic
On Wed, Jul 8, 2015 at 9:48 AM, Mark VLIZ mark.vancrombru...@vliz.be wrote: - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org Just do the above. -

Re: [users@httpd] advice on using rotatelogs, CusomLog etc

2015-06-25 Thread Yann Ylavic
Hi, On Thu, Jun 25, 2015 at 11:04 AM, Russell Stanfield russel...@hotmail.com wrote: I tried adding this: ErrorLog |/usr/sbin/rotatelogs -f -c /apps/squid/var_log_httpd/error_log.%Y.%m.%d.%H.%M 86400 common But when I stopped/started Apache I got this error: Starting httpd: Syntax error

Re: [users@httpd] using RedirectMatch and regular expressions

2015-06-24 Thread Yann Ylavic
On Wed, Jun 24, 2015 at 7:48 AM, Meedendorp, Bert bert.meedend...@kadaster.nl wrote: I'm trying the next line: RedirectMatch /sap/opu/odata/sap/ZVPOSTREAD_SRV/AktepostSet(.*(\bBSL01\b).*) http://10.103.140.62/BSL01_X_1197.json ( This gives no match !? ) The incoming url looks

Re: [users@httpd] VirtualHosts, SSLProtocol, and SSLCipherSuite

2015-06-16 Thread Yann Ylavic
On Tue, Jun 16, 2015 at 10:48 PM, karl karloff karlkarl...@hotmail.com wrote: I am attempting to set up more than one subdomain on :443 in this example. so something like sslv3.example.com:443 responds with SSLv3 only tlsv1.example.com:443 responds with TLSv1.0 only ... I wasn't aware that

Re: [users@httpd] VirtualHosts, SSLProtocol, and SSLCipherSuite

2015-06-16 Thread Yann Ylavic
Maybe mod_gnutls or libressl (working with patched mod_ssl, available in trunk but not yet backported) can do better here, I don't know enough about them to tell. Regards, Yann. On Wed, Jun 17, 2015 at 12:37 AM, karl karloff karlkarl...@hotmail.com wrote: So that does not actually help in the

Re: [users@httpd] RE: Apache Reverse Proxy deletes meta http-equiv=“Content-type” content=“text/html; charset=utf-8” / from code

2015-06-16 Thread Yann Ylavic
On Tue, Jun 16, 2015 at 8:58 AM, Cruz Villanueva, Juan juan.cruz-villanu...@hp.com wrote: No one has seen this issue (or similar one) before? Maybe https://bz.apache.org/bugzilla/show_bug.cgi?id=56287 ? Regards, Yann. - To

Re: [users@httpd] Issue with Mutual SSL Authentication

2015-06-09 Thread Yann Ylavic
On Tue, Jun 9, 2015 at 9:29 AM, Karan Mengi karan_me...@infosys.com wrote: The problem appears to be that HTTPD does not include the issuer details while presenting its certificate to the server, so probably its failing chain verification. We have tried many options found on the net like

Re: [users@httpd] Problem with accessing Document Root (?)

2015-06-07 Thread Yann Ylavic
On Sun, Jun 7, 2015 at 4:17 PM, Stephen step...@roissy.ca wrote: In my virtual-sites file I have: VirtualHost *:80 ServerAdmin webmaster@localhost DocumentRoot /home/stephen/www/roissy.ca/public_html ServerName www.roissytest.ca ErrorLog

Re: [users@httpd] mod_headers: REQUEST_URI for static files

2015-06-07 Thread Yann Ylavic
On Sun, Jun 7, 2015 at 1:24 PM, Christian Weiske cwei...@cweiske.de wrote: $ curl -I example.org/ ... Link: http://example.org/index.htm; rel=self But I do not get the original request URI (/ only), which is what I'm looking for. If you want the original URI instead of the DirectoryIndex,

Re: [users@httpd] Problem with accessing Document Root (?)

2015-06-07 Thread Yann Ylavic
On Sun, Jun 7, 2015 at 10:12 PM, Yann Ylavic ylavic@gmail.com wrote: On Sun, Jun 7, 2015 at 5:44 PM, Stephen step...@roissy.ca wrote: Thank you. adding the file extension allowed some progress to be made. Not I get this in my browser: Forbidden You possibly need to give rights to /home

Re: [users@httpd] Problem with accessing Document Root (?)

2015-06-07 Thread Yann Ylavic
On Sun, Jun 7, 2015 at 5:44 PM, Stephen step...@roissy.ca wrote: Thank you. adding the file extension allowed some progress to be made. Not I get this in my browser: Forbidden You possibly need to give rights to /home/stephen/www, eg: Directory /home/stephen/www/ Options Indexes

Re: [users@httpd] mod_headers: REQUEST_URI for static files

2015-06-06 Thread Yann Ylavic
On Sat, Jun 6, 2015 at 1:38 PM, Christian Weiske cwei...@cweiske.de wrote: I'm trying to do that with mod_header and the following configuration: Header append Link 'http://example.org%{REQUEST_URI}e; rel=self' You could use %{REQUEST_URI}s (a trailing s instead of e) if mod_ssl is loaded

Re: [users@httpd] SSLOpenSSLConfCmd DHParameters and 2048-bit groups in Apache httpd 2.2.29 (current)

2015-05-22 Thread Yann Ylavic
On Fri, May 22, 2015 at 11:08 PM, karl karloff karlkarl...@hotmail.com wrote: Apache httpd 2.4.8+ (including 2.4.12 -- current) appear to have support for this using the a configuration entry similar to this one: SSLOpenSSLConfCmd DHParameters /PATH/dhparams.pem It has also been

Re: [users@httpd] Problem with name-based virtual hosts

2015-05-17 Thread Yann Ylavic
Hi Pierre, the _default_ vhost has a special meaning (see [1]), can you still reproduce with * instead (since other vhost also uses *)? Regards, Yann. [1] http://httpd.apache.org/docs/2.4/vhosts/examples.html#default On Sun, May 17, 2015 at 11:53 AM, Pierre Wieser pwie...@trychlos.org wrote:

Re: [users@httpd] Proxy balancer, handle an http 503 status from a BalancerMember

2015-05-15 Thread Yann Ylavic
Hi, this is an implicit behaviour. Regards, Yann. On Fri, May 15, 2015 at 10:31 AM, nik600 nik...@gmail.com wrote: Dear all is possible to handle the specific http 503 status from a BalancerMember and re-forward the request to another member? Thanks to all in advance -- /*/

Re: [users@httpd] Proxy balancer, handle an http 503 status from a BalancerMember

2015-05-15 Thread Yann Ylavic
% of error and 50% of ok. 2015-05-15 11:09 GMT+02:00 Yann Ylavic ylavic@gmail.com: Hi, this is an implicit behaviour. Regards, Yann. On Fri, May 15, 2015 at 10:31 AM, nik600 nik...@gmail.com wrote: Dear all is possible to handle the specific http 503 status from a BalancerMember

Re: [users@httpd] mod_authz_dbd regression in apache 2.4.12?

2015-05-12 Thread Yann Ylavic
Hello Michel, On Mon, May 11, 2015 at 10:54 PM, Michel Stam mic...@reverze.net wrote: I was tinkering over the weekend with mod_authz_dbd and mysql, and i could not get a RequireAny/RequireAll to match on multiple Require dbd-group statements. It would always match only the last result from

Re: [users@httpd] Random latency in reentrant calls (Bug 57916)

2015-05-12 Thread Yann Ylavic
Hi Luc, can you please provide the corresponding error log (level debug)? There may be higher (overall) times spent, but still difference for the same % of requests. Regards, Yann. On Tue, May 12, 2015 at 10:03 AM, Luc Andre landre3...@gmail.com wrote: Thanks for your reply. We did a test

Re: [users@httpd] SSL not working for ServerAlias through load balancer

2015-05-12 Thread Yann Ylavic
Probably a silly question, but, is first.abc.com accessible (dns, route, ...) from the client host? Regards, Yann. On Tue, May 12, 2015 at 9:12 PM, Rose, John B jbr...@utk.edu wrote: We gave that a try based on your recommendation, but it did not change the result. We are still looking for

Re: [users@httpd] SSL not working for ServerAlias through load balancer

2015-05-12 Thread Yann Ylavic
://first.abc.com does not If I understand your question correctly. John On 5/12/15 3:40 PM, Yann Ylavic ylavic@gmail.com wrote: Probably a silly question, but, is first.abc.com accessible (dns, route, ...) from the client host? Regards, Yann. On Tue, May 12, 2015 at 9:12 PM, Rose, John B jbr

Re: [users@httpd] SSL not working for ServerAlias through load balancer

2015-05-12 Thread Yann Ylavic
, ...). On Tue, May 12, 2015 at 11:02 PM, Rose, John B jbr...@utk.edu wrote: It is not generating an entry in the Apache log files. Unless we have missed it. But we believe have looked thru them thoroughly. On 5/12/15 4:01 PM, Yann Ylavic ylavic@gmail.com wrote: Can you see the connection arrive

Re: [users@httpd] SSL not working for ServerAlias through load balancer

2015-05-12 Thread Yann Ylavic
the browser. It seems to be getting to the server. tcp0 0 xxx.xxx.xxx.xxx:443 yyy.yyy.yyy.yyy:35948 TIME_WAIT tcp0 0 xxx.xxx.xxx.xxx:443 yyy.yyy.yyy.yyy:36375 FIN_WAIT2 Etc. On 5/12/15 5:13 PM, Yann Ylavic ylavic@gmail.com wrote: Can't

Re: [users@httpd] Random latency in reentrant calls (Bug 57916)

2015-05-12 Thread Yann Ylavic
that spinning a new process can take up to 2 seconds on a powerful server :-( On Tue, May 12, 2015 at 12:26 PM, Yann Ylavic ylavic@gmail.com wrote: So is it working as expected now? On Tue, May 12, 2015 at 12:07 PM, Luc Andre landre3...@gmail.com wrote: My mistake, apache2.conf

Re: [users@httpd] Random latency in reentrant calls (Bug 57916)

2015-05-12 Thread Yann Ylavic
So is it working as expected now? On Tue, May 12, 2015 at 12:07 PM, Luc Andre landre3...@gmail.com wrote: My mistake, apache2.conf is overridden by /mods-enabled/mpm_prefork.conf sorry about that... On Tue, May 12, 2015 at 12:03 PM, Luc Andre landre3...@gmail.com wrote: php_sapi_name:

Re: [users@httpd] Weirdo intepretation of SSLprotocol order

2015-05-11 Thread Yann Ylavic
On Mon, May 11, 2015 at 11:30 AM, apa...@thva.dk wrote: Do you mean - building 2.2.29 from apache.org sources ? Yes, at least for testing purpose. This would help backporting the change from 2.4.x to 2.2.x. Regards, Yann. -

Re: [users@httpd] Weirdo intepretation of SSLprotocol order

2015-05-07 Thread Yann Ylavic
Hello, you may hit an issue fixed in [1] (for upcoming 2.4.13). Can you manage to build a patched httpd-2.2.29 from sources? Regards, Yann. [1] http://svn.us.apache.org/r1663258 On Wed, May 6, 2015 at 2:54 PM, apa...@thva.dk wrote: hello, So i have an apache 2.2.29 running Prefork on

Re: [users@httpd] DNS lookup failure for: hostname

2015-04-23 Thread Yann Ylavic
Hi Yasser, Coudn't it be that your DNS server/network is not following the load? Can you still reproduce the failures with jbosshost in your /etc/hosts? Regards, Yann. On Thu, Apr 23, 2015 at 8:20 PM, Yasser yarafa...@gmail.com wrote: The test ran for two hours on 4/21/2015 between 8pm and

Re: [users@httpd] Re: spam

2015-04-16 Thread Yann Ylavic
Still the wrong list :) On Thu, Apr 16, 2015 at 1:20 PM, Kevin A. McGrail kmcgr...@pccc.com wrote: Sorry, it is not our job to provide support for GetResponse.com Their answer is wrong and as best I can tell they have old rules and need to look at running sa-update. Telling you to consult

Re: [users@httpd] Fwd: Re: effectiveness of DCC checks?

2015-04-16 Thread Yann Ylavic
Probably the wrong mailing list ;) Regards, Yann. On Thu, Apr 16, 2015 at 12:54 PM, Kevin A. McGrail kmcgr...@pccc.com wrote: Vernon, do you have a recommended score for the implementation of DCC with SA? There are concerns that bulk mail from good senders has been hit by DCC which is

<    1   2   3   4   5   >