Re: [users@httpd] If statement against AUTHENTICATE_memberOf variable created by authnz_ldap

On 1/26/24 18:13, Eric Covener wrote: So the first question is: Is it normal that I have to use mod_rewrite to check for group membership ? I tried hundred of syntaxes with SetEnvIf or SetEnvIfExpr but I never managed to get it working. I'm not sure why but I guess it's somehow related to "race c

Re: [users@httpd] graceful-stop closes established connections without response

On Tue, Jan 30, 2024 at 11:54 AM Yann Ylavic wrote: > > On Tue, Jan 30, 2024 at 4:37 AM Sherrard Burton wrote: > > > > i was going to add some debugging lines, but when i took a quick look at > > the patch, i wasn't clear on which sections of the code i should be > > guaranteed to hit. can you be

Re: [users@httpd] graceful-stop closes established connections without response

On Tue, Jan 30, 2024 at 4:37 AM Sherrard Burton wrote: > > i was going to add some debugging lines, but when i took a quick look at > the patch, i wasn't clear on which sections of the code i should be > guaranteed to hit. can you be so kind as to send an updated patch with > some gratuitous loggi

Re: [users@httpd] graceful-stop closes established connections without response

On 1/29/24 12:25 PM, Yann Ylavic wrote: That's where we are, I think, if this first/light patch eventually helps significantly with the "local" graceful-stop which you care about still, it's possibly worth it since it requires no opt-in (but needs testing..), but going further looks overkill/

Re: [users@httpd] graceful-stop closes established connections without response

On Mon, Jan 29, 2024 at 4:59 PM Sherrard Burton wrote: > > On 1/29/24 10:17 AM, Yann Ylavic wrote: > > On Mon, Jan 29, 2024 at 3:06 PM Eric Covener wrote: > > > > The patch helps in this case because we no longer close the listening > > sockets unconditionally, I mean without first checking if th

Re: [users@httpd] graceful-stop closes established connections without response

On 1/29/24 10:17 AM, Yann Ylavic wrote: On Mon, Jan 29, 2024 at 3:06 PM Eric Covener wrote: The patch helps in this case because we no longer close the listening sockets unconditionally, I mean without first checking if there are new connections in the backlog. So I thought the option was ne

Re: [users@httpd] graceful-stop closes established connections without response

On 1/29/24 9:05 AM, Eric Covener wrote: Maybe I wasn't clear enough but this patch makes sense only if there is something in place that prevents new connections from arriving at the stopping httpd children processes (like a frontend/load-balancer or a tcp/bpf filter), otherwise they may never

Re: [users@httpd] graceful-stop closes established connections without response

On 1/29/24 8:59 AM, Yann Ylavic wrote: Maybe I wasn't clear enough but this patch makes sense only if there is something in place that prevents new connections from arriving at the stopping httpd children processes (like a frontend/load-balancer or a tcp/bpf filter), otherwise they may never

Re: [users@httpd] graceful-stop closes established connections without response

On Mon, Jan 29, 2024 at 4:21 PM Eric Covener wrote: > > > > It seems to me If there is no such LB/VIP that stops new connections > > > from landing on this server, the new option should be avoided. > > > > Correct. > > > > > But if there is such a LB/VIP, the option is not really needed. Is it >

Re: [users@httpd] graceful-stop closes established connections without response

> > It seems to me If there is no such LB/VIP that stops new connections > > from landing on this server, the new option should be avoided. > > Correct. > > > But if there is such a LB/VIP, the option is not really needed. Is it fair? > > The patch helps in this case because we no longer close the

Re: [users@httpd] graceful-stop closes established connections without response

On Mon, Jan 29, 2024 at 3:06 PM Eric Covener wrote: > > > Maybe I wasn't clear enough but this patch makes sense only if there > > is something in place that prevents new connections from arriving at > > the stopping httpd children processes (like a frontend/load-balancer > > or a tcp/bpf filter),

Re: [users@httpd] graceful-stop closes established connections without response

> Maybe I wasn't clear enough but this patch makes sense only if there > is something in place that prevents new connections from arriving at > the stopping httpd children processes (like a frontend/load-balancer > or a tcp/bpf filter), otherwise they may never really stop which does > not help for

Re: [users@httpd] graceful-stop closes established connections without response

On Mon, Jan 29, 2024 at 2:23 PM Yann Ylavic wrote: > > On Sun, Jan 28, 2024 at 5:26 AM Sherrard Burton wrote: > > > > On 1/27/24 09:46 PM, Eric Covener wrote: > > > > > > Both worker and event MPMs have a dedicated listener thread per child > > > process, so it will close those copies of the list

Re: [users@httpd] graceful-stop closes established connections without response

On Sun, Jan 28, 2024 at 5:26 AM Sherrard Burton wrote: > > On 1/27/24 09:46 PM, Eric Covener wrote: > > > > Both worker and event MPMs have a dedicated listener thread per child > > process, so it will close those copies of the listening sockets much > > more quickly. > > so that i am clear, are y

Re: [users@httpd] graceful-stop closes established connections without response

Eric, thanks for the quick reply. follow-up inline below: On 1/27/24 09:46 PM, Eric Covener wrote: apache2: 2.4.56-1~deb11u2, prefork MPM, mod_perl I think it's a large window on prefork where this can happen. If any process is busy processing a request, it cannot close its copy of the listen

Re: [users@httpd] graceful-stop closes established connections without response

> apache2: 2.4.56-1~deb11u2, prefork MPM, mod_perl I think it's a large window on prefork where this can happen. If any process is busy processing a request, it cannot close its copy of the listening socket. The OS will continue to complete TCP connections and acknowledge (some) data with nobody

Re: [users@httpd] Re: Issues with test framework against OpenSSL 3.2

> > The key here is the "unknown ca", failing the handshake, either because > > the trust chain is broken somehow or the certs need to be generated now > > in a different way with OpenSSL 3.2. I looked at ./t/conf/ssl/ca/asf/certs/ca.crt on the last system I ran the framework on, and it seems to b

Re: [users@httpd] If statement against AUTHENTICATE_memberOf variable created by authnz_ldap

> So the first question is: Is it normal that I have to use mod_rewrite to > check for group membership ? I tried hundred of syntaxes with SetEnvIf > or SetEnvIfExpr but I never managed to get it working. I'm not sure why > but I guess it's somehow related to "race condition" (lazy evaluation) > wh

Re: [users@httpd] Reducing redirects

You could consider creating a static table using RewriteMap: https://httpd.apache.org/docs/current/rewrite/rewritemap.html Rather than first doing http to https and www to non-www, consider adding the RewriteMap in the http- and www-vhosts that you have and redirecting to the final URL straight fro

Re: [users@httpd] Script behaving differently when run by Apache and when run from a shell by user www-data?

Hi Alan - spot on; thank you. To save having to learn about namespaces I've just started Apache without 'PrivateTmp' in the service file, and the script now works as expected (and 'lsns' no longer shows Apache as having its own mount namespace). journalctl also now shows that systemd unmounts

Re: [users@httpd] Apache/php Compression not enabled

If you put gibberish in the .htaccess, do you get a 500 error or do things still work? It's a quick test of whether it's being loaded or not for your request. Do you use mod_php or something fastcgi based? I think some of the fastcgi methods do not work with htaccess. ---

Re: [users@httpd] Script behaving differently when run by Apache and when run from a shell by user www-data?

On 1/23/2024 3:58 PM, EML wrote: > What's interesting here is that CGI appears to be doing something more > complex than simply forking a process. The script which is the problem > has an EUID of 0, so why can't it unmount a filesystem? Have I just > messed up (probably?) Or has Apache run me /wit

Re: [users@httpd] Script behaving differently when run by Apache and when run from a shell by user www-data?

IMO suexec would be better suited to handle more sensitive operations such as unmounting. CGI is not an interactive shell, as you discovered. Calling a separate script with the suid bit might work too. But I don't need an interactive shell: I need a way to run a script as user www-data,

Re: [users@httpd] Script behaving differently when run by Apache and when run from a shell by user www-data?

On Tue, Jan 23, 2024 at 2:12 PM EML wrote: > > Let's take a step back - why are you unmounting from a cgi script? > > It's a one-time setup when a user configures a new system. Most of these > users aren't shell-literate, so they configure by ticking boxes on a web > page. The system is a VPS, so

Re: [users@httpd] Script behaving differently when run by Apache and when run from a shell by user www-data?

On Tue, Jan 23, 2024 at 2:02 PM EML wrote: > The CGI Howto page contains some basic information on how Apache actually > runs a program, but is there any more detailed information anywhere? > > Specifically, I have a problem where a bash script runs as expected when > run from an interactive shel

Re: [users@httpd] Secure websockets and proxying

On Tue, Jan 23, 2024 at 5:22 PM Yann Ylavic wrote: > > On Tue, Jan 23, 2024 at 11:55 AM Erik Thuning wrote: > > > > I have a tomcat application running that accepts websockets. In front of > > this application I'm running apache as a reverse proxy. SSL is > > configured in apache, and my tomcat k

Re: [users@httpd] Secure websockets and proxying

On Tue, Jan 23, 2024 at 11:55 AM Erik Thuning wrote: > > I have a tomcat application running that accepts websockets. In front of > this application I'm running apache as a reverse proxy. SSL is > configured in apache, and my tomcat knows nothing about SSL. > > In the usual web traffic case, every

Re: [users@httpd] [httpd2.4.57]Possible conflicts between VHosts with SSL and LimitRequestLine

ener" À: "users" Envoyé: Dimanche 21 Janvier 2024 14:48:03 Objet: Re: [users@httpd] [httpd2.4.57]Possible conflicts between VHosts with SSL and LimitRequestLine The hostname, normally in the Host header, is not read until after the request line. So it cannot be effectively

Re: [users@httpd] Nginx to Apache

OpenVPN port-share has nothing to do with which HTTP server is running behind it. You should have a completely working Apache configuration separate from anything connected to OpenVPN, then you can change the listening port for HTTPD and have OpenVPN forward traffic to it. The sites-enabled folder

Re: [users@httpd] [httpd2.4.57]Possible conflicts between VHosts with SSL and LimitRequestLine

> > >> >> Is there any "permeability" between vhosts ? is there any precedence that >> could cause this vhost to be considered as the "master" of some options? >> Could anyone lead me to wha I am doing wrong? >> > Yes, the "default vhost" for a set of name based hosts has its configuration applied

Re: [users@httpd] [httpd2.4.57]Possible conflicts between VHosts with SSL and LimitRequestLine

The hostname, normally in the Host header, is not read until after the request line. So it cannot be effectively set in name based vhosts. The manual already warns about it On Sun, Jan 21, 2024, 9:26 AM Florent Thomas wrote: > Hi everyone, > > I'm running : > *Server version: Apache/2.4.57 (Deb

Re: [users@httpd] Removing trailing slashes with query strings

On Thu, Jan 18, 2024 at 7:44 AM Dave Wreski wrote: > Hi, > > [Tue Jan 16 08:55:13.289205 2024] [rewrite:trace1] [pid 904886:tid 904938] mod_rewrite.c(493): [client 68.111.193.42:0] 68.195.193.42 - - [ webstage.example.com/sid#560ba7f01a68][rid#7f2b1c0bc210/initial

Re: [users@httpd] Removing trailing slashes with query strings

Hi, [Tue Jan 16 08:55:13.289205 2024] [rewrite:trace1] [pid 904886:tid 904938] mod_rewrite.c(493): [client 68.111.193.42:0 ] 68.195.193.42 - - [webstage.example.com/sid#560ba7f01a68][rid#7f2b1c0bc210/initial

Re: [users@httpd] Removing trailing slashes with query strings

On Wed, Jan 17, 2024 at 9:21 AM Dave Wreski wrote: > Hi, > > [Tue Jan 16 08:55:13.289205 2024] [rewrite:trace1] [pid 904886:tid 904938] >>> mod_rewrite.c(493): [client 68.111.193.42:0] 68.195.193.42 - - [ >>> webstage.example.com/sid#560ba7f01a68][rid#7f2b1c0bc210/initial >>>

Re: [users@httpd] Removing trailing slashes with query strings

Hi, [Tue Jan 16 08:55:13.289205 2024] [rewrite:trace1] [pid 904886:tid 904938] mod_rewrite.c(493): [client 68.111.193.42:0 ] 68.195.193.42 - - [webstage.example.com/sid#560ba7f01a68][rid#7f2b1c0bc210/initial

Re: [users@httpd] Removing trailing slashes with query strings

On Tue, Jan 16, 2024 at 3:33 PM Dave Wreski wrote: > Hi, > On 1/16/24 3:03 PM, Dave Wreski wrote: > > > [Tue Jan 16 08:55:13.289205 2024] [rewrite:trace1] [pid 904886:tid 904938] >> mod_rewrite.c(493): [client 68.111.193.42:0] 68.195.193.42 - - [ >> webstage.example.com/sid#560ba7f01a68][rid#7f2b

Re: [users@httpd] Removing trailing slashes with query strings

Hi, On 1/16/24 3:03 PM, Dave Wreski wrote: [Tue Jan 16 08:55:13.289205 2024] [rewrite:trace1] [pid 904886:tid 904938] mod_rewrite.c(493): [client 68.111.193.42:0 ] 68.195.193.42 - - [webstage.example.com/sid#560ba7f01a68][rid#7f2b1c0bc210/initial

Re: [users@httpd] Removing trailing slashes with query strings

[Tue Jan 16 08:55:13.289205 2024] [rewrite:trace1] [pid 904886:tid 904938] mod_rewrite.c(493): [client 68.111.193.42:0 ] 68.195.193.42 - - [webstage.example.com/sid#560ba7f01a68][rid#7f2b1c0bc210/initial

Re: [users@httpd] Removing trailing slashes with query strings

On Tue, Jan 16, 2024 at 9:30 AM Dave Wreski wrote: > Hi, > > I have the following rule that works well to remove trailing slashes from >> URLs: >> >> RewriteCond %{REQUEST_FILENAME} !-d >> RewriteRule ^(.*)/$ $1 [R=301,L] >> >> This is done to prevent the non-slash URL from being treated as dupli

Re: [users@httpd] Removing trailing slashes with query strings

Hi, I have the following rule that works well to remove trailing slashes from URLs: RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)/$ $1 [R=301,L] This is done to prevent the non-slash URL from being treated as duplicate content with the URL with a slash. The

Re: [users@httpd] Removing trailing slashes with query strings

On Mon, Jan 15, 2024 at 10:16 PM Dave Wreski wrote: > Hi, > > I have the following rule that works well to remove trailing slashes from > URLs: > > RewriteCond %{REQUEST_FILENAME} !-d > RewriteRule ^(.*)/$ $1 [R=301,L] > > This is done to prevent the non-slash URL from being treated as duplicate

Re: [users@httpd] Rewrite query string?

On Thursday 04 January 2024 at 23:18:52, Frank Gingras wrote: > On Thu, Jan 4, 2024 at 5:03 PM Will Fatherley wrote: > > > > RewriteCond to know. Also, isn’t that the “starts with” operator, ^? What > > if the parameter comes second? A bit verbose, but: > > ^.*searchword=(\w{1})[&]{0,1}.*$ > >

Re: [users@httpd] Rewrite query string?

> > https://example.com/search?searchword=CVE-2021-4014&Search= >> >> I've tried the following RewriteCond/RewriteRule in various forms, but not >> sure what I'm doing wrong. >> >> RewriteCond %{QUERY_STRING} ^searchword=(.*) >> RewriteRule ^ q=$1 [NC,L] >> >> Ideas for what I'm doing wrong woul

Re: [users@httpd] Rewrite query string?

On Thu, Jan 4, 2024 at 5:03 PM Will Fatherley wrote: > > https://example.com/search?searchword=CVE-2021-4014&Search= >> >> I've tried the following RewriteCond/RewriteRule in various forms, but not >> sure what I'm doing wrong. >> >> RewriteCond %{QUERY_STRING} ^searchword=(.*) >> RewriteRule ^

Re: [users@httpd] Rewrite query string?

> https://example.com/search?searchword=CVE-2021-4014&Search= > > I've tried the following RewriteCond/RewriteRule in various forms, but not > sure what I'm doing wrong. > > RewriteCond %{QUERY_STRING} ^searchword=(.*) > RewriteRule ^ q=$1 [NC,L] > > Ideas for what I'm doing wrong would be great

Re: [users@httpd] Rewrite query string?

> However, this change is not reflected in the Location bar in my browser. You can append the 'R' flag if you need it to redirect. Otherwise, just the internal representation is changed. RewriteRule ^ %{REQUEST_URI}?search=%1 [NC,L,R] -

Re: [users@httpd] Rewrite query string?

https://example.com/search?searchword=CVE-2021-4014&Search= I've tried the following RewriteCond/RewriteRule in various forms, but not sure what I'm doing wrong. RewriteCond %{QUERY_STRING} ^searchword=(.*) RewriteRule ^ q=$1 [NC,L] Ideas for what I'm doing wrong would be greatly appreciated

Re: [users@httpd] Rewrite query string?

My email stay off my email From: Frank Gingras Sent: Thursday, January 4, 2024 2:03:49 PM To: users@httpd.apache.org Subject: Re: [users@httpd] Rewrite query string? On Thu, Jan 4, 2024 at 2:53 PM Dave Wreski wrote: Hi, I'm trying to replace "

Re: [users@httpd] Rewrite query string?

On Thu, Jan 4, 2024 at 2:53 PM Dave Wreski wrote: > Hi, > > I'm trying to replace "searchword" with just "search" in the following URL: > > https://example.com/search?searchword=CVE-2021-4014&Search= > > I've tried the following RewriteCond/RewriteRule in various forms, but not > sure what I'm do

Re: [users@httpd] Rewrite query string?

> RewriteRule ^/search$ %{REQUEST_URI}?search=%1 [NC,L] probably should restrict to /search as edited - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Rewrite query string?

On Thu, Jan 4, 2024 at 2:53 PM Dave Wreski wrote: > > Hi, > > I'm trying to replace "searchword" with just "search" in the following URL: > > https://example.com/search?searchword=CVE-2021-4014&Search= > > I've tried the following RewriteCond/RewriteRule in various forms, but not > sure what I'm

Re: [users@httpd] Problems with "VirtualHost"

; > Mutex proxy-balancer-shm: using_defaults > > Mutex rewrite-map: using_defaults > > Mutex authdigest-client: using_defaults > > Mutex lua-ivm-shm: using_defaults > > Mutex proxy: using_defaults > > Mutex authn-socache: using_defaults > > Mutex default: dir=&

RE: [users@httpd] Problems with "VirtualHost"

d=48 Group: name="apache" id=48 Thanks a lot! De: Frank Gingras Enviat: divendres, 15 de desembre de 2023 15:49 Per a: users@httpd.apache.org Tema: Re: [users@httpd] Problems with "VirtualHost" On Fri, Dec 15, 2023 at 2:57 AM Gestió Servidors mailto:sysadmin.c...@uab.cat.invalid>

Re: [users@httpd] Problems with "VirtualHost"

On Fri, Dec 15, 2023 at 2:57 AM Gestió Servidors wrote: > Hello, > > > > I have a small Apache where I run a redirection to two private hosts. My > machine (R, router) is connected to Interned and to a private LAN > (192.168.x.x/16). Behind “R”, there are two machines (A and B) that are > serving

Re: [users@httpd] Removing trailing slashes?

On Thu, Dec 14, 2023 at 10:21 AM Dave Wreski wrote: > Hi, > > I would stop using .htaccess files, first, and merge all rewrite rules in > the relevant vhost / Directory block. Then, I would use the rewrite log to > see what is really happening. > > Using multiple .htaccess files is a recipe to l

Re: [users@httpd] Removing trailing slashes?

Hi, I would stop using .htaccess files, first, and merge all rewrite rules in the relevant vhost / Directory block. Then, I would use the rewrite log to see what is really happening. Using multiple .htaccess files is a recipe to lose all your hair. These are Included in the directory block.

Re: [users@httpd] Removing trailing slashes?

On Thu, Dec 14, 2023 at 8:52 AM Dave Wreski wrote: > Hi, > > I have a FAQ, but need some additional info I haven't been able to find. >> I'm trying to process links Google has indicated are 404s that never really >> ever existed on our site. >> >> I have an htaccess file I'm Including with my mai

Re: [users@httpd] Removing trailing slashes?

Hi, I have a FAQ, but need some additional info I haven't been able to find. I'm trying to process links Google has indicated are 404s that never really ever existed on our site. I have an htaccess file I'm Including with my main apache config that only contains RewriteConds

Re: [users@httpd] Removing trailing slashes?

On Wed, Dec 13, 2023 at 7:13 PM Dave Wreski wrote: > Hi, > > I have a FAQ, but need some additional info I haven't been able to find. > I'm trying to process links Google has indicated are 404s that never really > ever existed on our site. > > I have an htaccess file I'm Including with my main ap

Re: [users@httpd] Re: users Digest 11 Dec 2023 01:09:34 -0000 Issue 6525

On Tuesday 12 December 2023 at 21:10:37, Michael B. Harris wrote: > I use Apache2 version 2.4.52 on Ubuntu server > > Apache2 is not running due to error encountered after last upgrade: > > AH00534: Apache2: Configuration error: No MPM loaded > > Does anyone have a fix for this? I am s

RE: [users@httpd] httpd -t -DDUMP_CONFIG and httpd -t -DDUMP_RUN_CFG not helping prove the value of MaxKeepAliveRequests / KeepAlive

> From: Yann Ylavic > Sent: Monday, December 11, 2023 5:45 AM > > On Mon, Dec 11, 2023 at 2:10 AM Jason Pyeron wrote: > > > > I thought I could > > > > httpd -t -DDUMP_CONFIG | grep -e KeepAlive > > httpd -t -DDUMP_RUN_CFG | grep -e KeepAlive > > > > but to no avail. > > DUMP_CONFIG comes with

Re: [users@httpd] httpd -t -DDUMP_CONFIG and httpd -t -DDUMP_RUN_CFG not helping prove the value of MaxKeepAliveRequests / KeepAlive

On Mon, Dec 11, 2023 at 2:10 AM Jason Pyeron wrote: > > I thought I could > > httpd -t -DDUMP_CONFIG | grep -e KeepAlive > httpd -t -DDUMP_RUN_CFG | grep -e KeepAlive > > but to no avail. DUMP_CONFIG comes with mod_info (LoadModule required), but it will only show the directives which are configu

Re: [users@httpd] Problem set addressttl

Thank you very much for the information. wt., 5 gru 2023 o 14:18 Yann Ylavic napisał(a): > Hi; > > On Tue, Dec 5, 2023 at 11:13 AM Piotr Redel wrote: > > > > I have apache version 2.4.54. I wanted to add the addressttl=60 > parameter in the BalancerMember section. > > The addressttl parameter i

Re: [users@httpd] Problem set addressttl

Hi; On Tue, Dec 5, 2023 at 11:13 AM Piotr Redel wrote: > > I have apache version 2.4.54. I wanted to add the addressttl=60 parameter in > the BalancerMember section. The addressttl parameter is a new feature not part by any release yet, it will be in the next one (2.4.59). Your only options for

Re: [users@httpd] RE: [External][users@httpd] Building 32-bit Apache-httpd

On Tue, Nov 28, 2023 at 12:11 PM Daga, Navin (Navin) wrote: > On Tue, Nov 28, 2023 at 9:19 AM Will Fatherley > wrote: > > > > >> Any help on this? How to build 32-bit Apache httpd on a 64-bit server? > > I am unsure of recommended workarounds as I usually have my package > manager build httpd di

RE: [users@httpd] RE: [External][users@httpd] Building 32-bit Apache-httpd

On Tue, Nov 28, 2023 at 9:19 AM Will Fatherley mailto:wefather...@gmail.com>> wrote: >> Any help on this? How to build 32-bit Apache httpd on a 64-bit server? I am unsure of recommended workarounds as I usually have my package manager build httpd directly from that OSs package index. That said,

Re: [users@httpd] RE: [External][users@httpd] Building 32-bit Apache-httpd

On Tue, Nov 28, 2023 at 9:19 AM Will Fatherley wrote: > > >> >> Any help on this? How to build 32-bit Apache httpd on a 64-bit server? >> > I am unsure of recommended workarounds as I usually have my package > manager build httpd directly from that OSs package index. That said, a > container or V

Re: [users@httpd] RE: [External][users@httpd] Building 32-bit Apache-httpd

> >> Any help on this? How to build 32-bit Apache httpd on a 64-bit server? > I am unsure of recommended workarounds as I usually have my package manager build httpd directly from that OSs package index. That said, a container or VM might be a possibility.

Re: [users@httpd] Still have messed up TLS

On Mon, Nov 27, 2023 at 2:47 PM John wrote: > On Sun, 2023-11-26 at 18:06 -0500, Paul wrote: > > On 2023-11-26 16:12, John wrote: > > > After a week of chasing this around I have managed to change the > problem several times but I'm > > > still > > > unable to get Apache started. I **think** the

Re: [users@httpd] Still have messed up TLS

On Sun, 2023-11-26 at 18:06 -0500, Paul wrote: > On 2023-11-26 16:12, John wrote: > > After a week of chasing this around I have managed to change the problem > > several times but I'm > > still > > unable to get Apache started.  I **think** there is something unrelated to > > the error that I'm

Re: [users@httpd] Still have messed up TLS

On 2023-11-26 16:12, John wrote: After a week of chasing this around I have managed to change the problem several times but I'm still unable to get Apache started. I **think** there is something unrelated to the error that I'm seeing that may have been included in the default config but before

Re: [users@httpd] Still have messed up TLS

On Sun, Nov 26, 2023 at 4:13 PM John wrote: > After a week of chasing this around I have managed to change the problem > several times but I'm still > unable to get Apache started. I **think** there is something unrelated to > the error that I'm seeing > that may have been included in the defaul

Re: [users@httpd] Still have messed up TLS

After a week of chasing this around I have managed to change the problem several times but I'm still unable to get Apache started. I **think** there is something unrelated to the error that I'm seeing that may have been included in the default config but before I go down that rabbit hole I real

Re: [users@httpd] Tracing redirects

> > - use a client on the first url, and write the location header to file or > stdout each time your 3xx response comes through > >> … using a script that has access to a set data structure that can store each request url, so as to break before the second request to the first resource :)

Re: [users@httpd] Tracing redirects

> Any ideas greatly appreciated. > Probably a good idea to think of a longer term vision for logging approach, but the two other possibilities I can think of are - awk grep or sed your configuration files with some desirable regular expression to include the rewrite directives and rules - use a

Re: [users@httpd] Still have messed up TLS

On Wed, Nov 22, 2023 at 10:30 PM John wrote: > > Thanks for the reply Aditya. > > The version of openssl is: openssl-3.0.7-6.el9_2.x86_64 > > the version of mod_ssl is: mod_ssl-2.4.53-11.el9_2.5.x86_64 > > The result of openssl ciphers -s -v tlsv1_3 is: > TLS_AES_256_GCM_SHA384 TLSv1.3 K

Re: [users@httpd] Still have messed up TLS

Thanks for the reply Aditya.   The version of openssl is: openssl-3.0.7-6.el9_2.x86_64 the version of mod_ssl is: mod_ssl-2.4.53-11.el9_2.5.x86_64 The result of openssl ciphers -s -v tlsv1_3 is: TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD T

Re: [users@httpd] HTTPD site update for ApacheHaus EOS

Thanks, I removed it from that page. On Tue, Nov 21, 2023 at 9:35 PM Aditya Shastri wrote: > > Hello, > > ApacheHaus has decided to stop providing Windows builds for Apache HTTPD. > > The Apache document referred to below still has the site that goes nowhere. > https://httpd.apache.org/docs/curre

Re: [users@httpd] Still have messed up TLS

To answer your question to the best of my knowledge, 1. Openssl 1.1.1 and above support TLSv1.3. These are the TLSv1.3 ciphers Openssl 3.0 support https://www.openssl.org/docs/man3.0/man3/SSL_CTX_set_ciphersuites.html 2. This link says that TLSv1.3 is supported. https://httpd.apache.org/docs/2.4/mo

Re: [users@httpd] Connection TLS Error

On Sun, 2023-11-19 at 16:16 -0500, Frank Gingras wrote: > > > On Sun, Nov 19, 2023 at 3:25 PM John wrote: > > On Sun, 2023-11-19 at 15:17 -0500, Eric Covener wrote: > > > On Sun, Nov 19, 2023 at 3:15 PM John wrote: > > > > > > > > On Sun, 2023-11-19 at 14:35 -0500, Eric Covener wrote: > > > >

Re: [users@httpd] Connection TLS Error

On Sun, Nov 19, 2023 at 3:25 PM John wrote: > On Sun, 2023-11-19 at 15:17 -0500, Eric Covener wrote: > > On Sun, Nov 19, 2023 at 3:15 PM John wrote: > > > > > > On Sun, 2023-11-19 at 14:35 -0500, Eric Covener wrote: > > > > On Sun, Nov 19, 2023 at 2:31 PM John wrote: > > > > > > > > > > When I

Re: [users@httpd] Connection TLS Error

On Sun, 2023-11-19 at 15:17 -0500, Eric Covener wrote: > On Sun, Nov 19, 2023 at 3:15 PM John wrote: > > > > On Sun, 2023-11-19 at 14:35 -0500, Eric Covener wrote: > > > On Sun, Nov 19, 2023 at 2:31 PM John wrote: > > > > > > > > When I try to connect to Apache (2.4.53) using TLS 1.3 I get a br

Re: [users@httpd] Connection TLS Error

On Sun, Nov 19, 2023 at 3:15 PM John wrote: > > On Sun, 2023-11-19 at 14:35 -0500, Eric Covener wrote: > > On Sun, Nov 19, 2023 at 2:31 PM John wrote: > > > > > > When I try to connect to Apache (2.4.53) using TLS 1.3 I get a browser > > > error: > > > Error code: SSL_ERROR_RX_RECORD_TOO

Re: [users@httpd] Connection TLS Error

On Sun, 2023-11-19 at 14:35 -0500, Eric Covener wrote: > On Sun, Nov 19, 2023 at 2:31 PM John wrote: > > > > When I try to connect to Apache (2.4.53) using TLS 1.3 I get a browser > > error: > >     Error code: SSL_ERROR_RX_RECORD_TOO_LONG    (Firefox) > > What does your SSL-enabled virtual

Re: [users@httpd] Connection TLS Error

On Sun, Nov 19, 2023 at 2:31 PM John wrote: > > When I try to connect to Apache (2.4.53) using TLS 1.3 I get a browser error: > Error code: SSL_ERROR_RX_RECORD_TOO_LONG(Firefox) What does your SSL-enabled virtualhost look like?

Re: [users@httpd] Re: users Digest 18 Nov 2023 20:42:58 -0000 Issue 6519

No, that was the immediate problem and someone else suggested it So I imported mod_ssl but at the moment that just moved the error elsewhere. The default Rocky Apache installation breaks everything up into little pieces in separate files and they aren't always compatible, certainly not with th

Re: [users@httpd] SSLEngine error

Have you enabled the Apache SSL module? To install mod_ssl, run: dnf install mod_ssl To enable the mod_ssl module, run: apachectl restart httpd apachectl -M | grep ssl You will see: ssl_module (shared) https://docs.rockylinux.org/guides/web/mod_SSL_apache/ On Sat, 18 Nov 2023 at 15:43, John

Re: [users@httpd] SSLEngine error

Right on - thank you. That lead to a whole bunch more errors but at least they are new! John == On Sat, 2023-11-18 at 12:46 -0800, rakesh r wrote: > make sure you have installed mod_ssl. > > Thanks > Rakesh > > On Sat, Nov 18, 2023 at 12:43 PM John wrote: > > > > I'm trying to bring up A

Re: [users@httpd] SSLEngine error

make sure you have installed mod_ssl. Thanks Rakesh On Sat, Nov 18, 2023 at 12:43 PM John wrote: > > I'm trying to bring up Apache on a new server running Rocky Linux 9.1 and > also upgrade the version > of Apache from 2.4.25 to current. > > I have installed a .pem format certificate and when I

Re: [users@httpd] Tightening security on my webserver

Hi Frank I should mention that a hacker found this vulnerability and sent me the URL. I'm reasonably confident this isn't coming from my PHP application. The text from the path_info is turning up in the , here's a screenshot [image: image.png] But my PHP code generates this code like this: Hm

Re: [users@httpd] Tightening security on my webserver

You could look at the AcceptPathInfo directive in the meantime as well. On Tue, Nov 14, 2023 at 4:04 PM Frank Gingras wrote: > The URI path part of pathinfo is not "ignored", nor "considered" by the > web server. It is simply passed to the php application. If your application > chooses to includ

Re: [users@httpd] Tightening security on my webserver

The URI path part of pathinfo is not "ignored", nor "considered" by the web server. It is simply passed to the php application. If your application chooses to include it in the response, then the application must be corrected. On Tue, Nov 14, 2023 at 3:57 PM Murray Collingwood < mur...@focus-compu

Re: [users@httpd] Tightening security on my webserver

Hi Frank Yes, and I can do this, but I'm really surprised that this extra content is even being reflected back to the web user. My assumption was if I ignore anything beyond my "appwaz.php" it will be ignored by the web server so why is this text being reflected back as part of the response??

Re: [users@httpd] Tightening security on my webserver

Since you're using appwaz.php to serve your content and parsing the pathinfo, it falls back on your php application to discard values that are malicious or incorrect. On Tue, Nov 14, 2023 at 3:37 PM Murray Collingwood < mur...@focus-computing.com.au> wrote: > Good question @Frank, and yes it is.

Re: [users@httpd] Tightening security on my webserver

Good question @Frank, and yes it is. Cheers Murray On Wed, 15 Nov 2023 at 07:36, Frank Gingras wrote: > To be clear, is sobs.com.au your domain name? > > On Tue, Nov 14, 2023 at 1:26 PM Murray Collingwood < > mur...@focus-computing.com.au> wrote: > >> Hi folks >> >> First time poster. I rece

Re: Re: Re: [users@httpd] Unable to unset Set-Cookie response header&In-Reply-To=

On Tue, Nov 14, 2023 at 3:11 PM Luigi Bellio wrote: > > Hi Rainer, > > I tried also in this way but the "Set-Cookie" response header is present. > > I did further tests ... the response header is set also when returning > static resources, for example > > Set-Cookie: > 7133ee39c88e27dfb0

RE: Re: Re: [users@httpd] Unable to unset Set-Cookie response header&In-Reply-To=

Hi Rainer,     I tried also in this way but the "Set-Cookie" response header is present.     I did further tests ... the response header is set also when returning static resources, for example Set-Cookie: 7133ee39c88e27dfb06de1e1feafdacd=64ca85231009a6bb674397ffaccb3d14; path=/; H

Re: [users@httpd] Tightening security on my webserver

To be clear, is sobs.com.au your domain name? On Tue, Nov 14, 2023 at 1:26 PM Murray Collingwood < mur...@focus-computing.com.au> wrote: > Hi folks > > First time poster. I recently became aware that hackers were able to > include scripts in my URLs that would run (when reflected back to the > c

Re: Re: [users@httpd] Unable to unset Set-Cookie response header&In-Reply-To=

On Tue, Nov 14, 2023 at 3:24 PM Luigi Bellio wrote: > > Hi Eric, > > thanks for your feedback ... I just tried, nothing is changed ... > moreover as documented the "always" directive should apply to all > response codes not only "on success". You're missing one important issue the documenta

Re: [users@httpd] Unicode Chars not working

cale' is utf-8 Paul One thing I did notice in the headers, is the old server has transfer-encoding: chunked but the new server does not have that, it has Vary: accept-encoding *From:* phunction *Sent:* Saturday, November 11, 2023 4:14 PM *To:* users@httpd.apache.org *Subject:* Re: [users

<    1   2   3   4   5   6   7   8   9   10   >