Re: [users@httpd] Re: ssl-vhost-mixing issue
On Mon, Feb 21, 2011 at 10:09:14AM +0100, Hajo Locke wrote: VirtualHost ip1.ip1.ip1.ip1:443 Servername example.com SSLCertificateFile crt1 /VirtualHost VirtualHost ip2.ip2.ip2.ip2:443 Servername example.com SSLCertificateFile crt2 /VirtualHost See https://issues.apache.org/bugzilla/show_bug.cgi?id=43218#c5 It will work if you use a different ServerName (even varying the port would fix it) in the vhost with a different cert. Regards, Joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] SSLRequire SUCCESS but actually failure (2 possible bugs)
On Mon, Nov 01, 2010 at 04:42:41PM -0400, Jeff Blaine wrote:
...
[Mon Nov 01 14:50:14 2010] [error] [client xxx.xx.160.29] access
to /apps/rtsrv1dev/share/html/ failed, reason: SSL requirement
expression not fulfilled (see SSL logfile for more details)
However, note the SUCCESS (bogus?) via CustomLog of
%{SSL_CLIENT_VERIFY}x
The SUCCESS doesn't sound bogus in this context - it merely indicates
whether or not the client cert itself verified OK, which is orthogonal
to SSLRequire.
You're not using the worker MPM here are you?
Here's what *DOES WORK* for all parties with certificates, but
is not really what we want, and as I understand the docs, the
other (full DN) should work.
SSLRequire %{SSL_CLIENT_S_DN_CN} in { \
Yes, the full DN comparison should work; I wouldn't necessarily
recommend it though.
It could be an SSLRequire bug you are hitting here, can't say without
debugging it; if you can verify with vanilla upstream 2.2.17 you could
file a bug at issues.apache.org, or else open a support ticket with Red
Hat for the RHEL5 package.
Regards, Joe
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] AuthDigestDomain doesn't work
On Sun, Sep 12, 2010 at 12:45:38AM -0400, Andrew Schulman wrote: ... Looking around for an explanation of this, I found very little. The most I could find was one comment (http://stackoverflow.com/questions/357939/example-of-using-authtype-digest-to-authenticate-a-user-once-across-sub-domains/1978392#1978392) claiming that Most browsers do not respect the Digest domain directive and will not resend credentials for other URIs. As far as I know, Opera is the only browser that honors it. Can anyone comment on whether this is true? Is AuthDigestDomain essentially useless, because most browsers won't honor it? I checked Firefox a while back and this was still true; can't speak for MSIE but I haven't heard about anybody using this successfully with the big browsers. Regards, Joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Ssl front end proxy and Segmentation fault (11)
On Wed, Sep 08, 2010 at 12:01:56AM -0400, Jason Pyeron wrote: -Original Message- From: Jason Pyeron [mailto:jpye...@pdinc.us] Sent: Tuesday, September 07, 2010 22:03 To: users@httpd.apache.org Subject: [us...@httpd] Ssl front end proxy and Segmentation fault (11) I am trying to reverse proxy client certs, here is the config snipit: Fyi: the version is httpd-2.0.52-41.ent.7.centos4 For 2.0.x I would suspect: https://issues.apache.org/bugzilla/show_bug.cgi?id=24030 I'd move to use of SSLProxyMachineCertificateFile and make sure the configured file has a single cert and private key in that order. Regards, Joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] OCSP-validation fails
On Tue, Aug 17, 2010 at 05:26:22PM +0200, Ulf Wahlqvist wrote: CASE 1/ If I set: SSLOCSPDefaultResponder http://ocsp.trust.telia.com SSLOCSPOverrideResponder on The validation will fail with SSL Library Error: error:2707307F:OCSP routines:OCSP_check_validity:status too old Presuming this is not a system clock skew issue - mod_ssl enforces a max response age of 6 minutes at the moment. This should be configurable but isn't; if you could file a bug on that it'd be great. CASE 3/ If I set: SSLOCSPDefaultResponder http://ocsp.trust.telia.com - Try to authenticate - It will fail as in 2 above. - Do NOT close the browser (IE, by the way) - set: SSLOCSPDefaultResponder http://ocsp.trust.telia.com SSLOCSPOverrideResponder on - restart using apachectl graceful - Retry to authenticate - It will now SUCCEED! You can reproduce this every time? You have to misconfigure then reconfigure and restart the server to get it working? Weird. Regards, Joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Re: Dav Locks corrupting; need some troubleshooting tools
On Thu, Oct 15, 2009 at 03:27:29PM +0100, Dick Davies wrote: [sorry for the crosspost, but not sure where this should go]. To answer my own question: got to the bottom of it; looks to me like the lock DB is a hash of inode - locktoken Steps to reproduce: * PUT file * LOCK file * PROPGET file (note down the locktoken) use something other than DAV to delete 'file' (e.g. a cronjob) mod_dav doesn't support operations on the repository outside of its control - this has always been the case. You should think of the DAV repository as owned by mod_dav. Regards, Joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Re: mod_ssl and Transfer-Encoding: chunked wastes ~58 bytes per chunk.
CC'ing d...@. On Tue, Aug 18, 2009 at 09:26:24PM +0100, Alex Stapleton wrote: First some background. We use Apache HTTPD 2.0 over a high-latency, high packet loss GPRS WAN. The cost per byte is tangible. We use SSL. We also use Transfer-Encoding: chunked sometimes. This is a machine monitoring application. We are using iframe streaming to push real time data to operators browsers. I have noticed after much faffing around with wireshark that httpd will transmit 3 Application Data fragments for each chunk in a chunked HTTP stream. The fragments are the HTTP chunk size, the chunk data, and then a CRLF. All fragments in an SSL session are rounded to the length of the ciphers block size. This results in the 4+2 bytes for the chunk frame ending up being 64 bytes of data over TCP. A waste of 58 bytes per chunk in this case. Interesting observation. It would not be correct to fix this by adding buffering in the chunk filter. For a plain HTTP connection, any buffering/coalescing of packets is already done as necessary by the core output filter. Typically, a (chunk-size, data, crlf) brigade can get sent using writev() without requiring any copying. Translating many small buckets into many less-small SSL app-data records is certainly inefficient - and that's a property of SSL, so, I think it would be correct to fix this by adding some buffering in mod_ssl on the plaintext side of the output filter, i.e. in ssl_io_filter_output and ssl_filter_write. Any thoughts from d...@? Regards, Joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [EMAIL PROTECTED] Browser handling of 413 Request Entity Too Large
On Tue, Apr 15, 2008 at 05:01:52PM -0700, Ray Van Dolson wrote: Hi all, running into this on an old Apache 2.0.46 installation (actually httpd-2.0.46-70.ent from RHEL 3 Update 9). When a user attempts to upload a large file it's exceeding the LimitRequestBody size and Apache returns a 413 error. It appears however that the browser (IE6 and FireFox 2.x in this case) do not display the 413 message and instead show an error as if the connection has been reset. This is the 2.0.x lingering close bug; it's fixed in 2.2.x. https://issues.apache.org/bugzilla/show_bug.cgi?id=35292 Regards, joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Return of bug 14219 in version 2.2.8? (too many SSL VHs causes fopen to fail) - UNDERSTOOD (?)
On Fri, Apr 04, 2008 at 11:52:15AM +0200, Boyle Owen wrote: ... As an aside, our apache listens on 88 ports and has 102 piped log files to write to. Add on STDIN/OUT/ERR and the Pid and Lock files and that's how we get to 195. Comparing the two versions, we see the only difference is in the number of pipes - 102 in 2.2.6 and 235 in 2.2.8. So something is doubling up the number of pipes (and then some...) I then trawled the code to see what has changed and found that there is a recent addition to server/log.c (http://svn.apache.org/viewvc/httpd/httpd/tags/2.2.8/server/log.c?view=d iffr1=602466r2=602467) that seems to redirect SDTOUT and STDERR to the access and error logs. Would this have the effect of doubling the number of pipes? ... Can you capture truss output (truss -o foo bin/httpd or something similar) and file a bug? It sounds like a regression in the piped logger code, it shouldn't be leaving any more open fds in the parent AFAIK. joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] apache start segmentation fault: EMLINK (Too many links)
On Thu, Dec 14, 2006 at 11:36:35AM +0100, alex handle wrote: Hi! Yesterday i migrated an old webserver (Apache 1.3.34, FreeBSD 5.2.1) to Apache 2.2.3 and FreeBSD 6.1. The configuration consists of 776 vhost. After importing the vhosts.conf file i did a apachectl configtest and it showed no errors. But with apachectl start i get an segmentation fault. open(/dev/random, O_RDONLY|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW) = 1495 select(1496, [0 3 4 6 8 9 10 11 13 14 16 18 20 21 22 29 33 34 35 37 38 40 42 Did you have mod_ssl loaded in the previous configuration? Versions of OpenSSL older than 0.9.8c can crash when reading from the random device on some platforms when the fd number returned by open has been pushed above the FD_SETSIZE setting. If that's really the cause then there are a number of possible choices: 1) disable mod_ssl 2) recompile OpenSSL with -DFD_SETSIZE=4096 if the platform allows this 3) upgrade to a newer OpenSSL joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] make error --with-dbm=gdbm, version 2.0.59
On Thu, Dec 14, 2006 at 10:04:01AM -0600, K. Clair wrote: I don't think it has anything to do with the installed libraries: httpd-2.0.55 with the same configure options compiles with no errors on the same machine. I also tried to compile httpd-2.0.57, and I got the same make error as with 2.0.59. Again, all of this was done on the same system. Has anyone been able to compile 2.0.59 with the --with-dbm=gdbm configure option? Does it work if you pass --with-gdbm as well? I can't reproduce a failure exactly like this. joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] httpd 2.2.3 build issue
On Mon, Nov 06, 2006 at 11:56:56AM -0500, Gary D. Margiotta wrote: ... The compile worked fine the first time on the same VM image, but now on subsequent builds can't seem to get past this part. I'm looking for any cruft in the system which may have been left over from any previous compile/install, but no success yet. Can you try passing --with-included-apr to configure? joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Compiling Apache 2.2.3 - SuSe 10.1 64 bits
On Sat, Nov 04, 2006 at 12:56:12PM -0300, Rodolfo wrote: Does anyone know how to solve it ? I receive the following message after I comand the make ... /usr/lib/libexpat.so: could not read symbols: File in wrong format collect2: ld returned 1 exit status Try running rpm --erase expat-devel.i386 joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Apache 2.2.3 and 'File Descriptor Limits'
The SLACK_LINE stuff was about preserving low-numbered fds for use by stdio because of the Solaris 8-bit fd limit with stdio. It's not in 2.x because 2.x doesn't use stdio for logging. If you're hitting fd limits in 2.2 it is only because of kernel fd limits which need fixing with limit/ulimit/etc (unless you suspect fd leaks somewhere; truss will tell you). joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] httpd: fatal: hardware capability unsupported
On Tue, May 23, 2006 at 12:11:34PM -0300, Felipe Tocchetto wrote: httpd ./configure --prefix=/usr/local/httpd-2.0.58 --enable-ssl --with-ssl=/usr/local/openssl-0.9.8b ... bash-3.00# ./httpd -k start ld.so.1: httpd: fatal: hardware capability unsupported: 0x1000 [ SSE2 ] Killed It's possible this is due to use of assembler in OpenSSL, if you build httpd without mod_ssl enabled does it work? If so you can then try and narrow the problem down; pass noasm to the OpenSSL Configure script, check you are using the right Configure target to build OpenSSL; mail openssl-users@openssl.org for more help. joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] [error] (9)Bad file descriptor: apr_socket_accept: (client socket)
On Fri, May 19, 2006 at 05:32:35PM -0400, [EMAIL PROTECTED] wrote: I've spent hours googling and asked about this error message on a PHP list and was directed here. Every time I gracefully restart Apache 2.2.2, the error log reports: [Thu May 18 19:59:29 2006] [notice] Graceful restart requested, doing restart [Thu May 18 19:59:29 2006] [error] (9)Bad file descriptor: apr_socket_accept: (client socket) Can you file a bug on this? [Thu May 18 19:59:30 2006] [notice] Apache configured -- resuming normal operations [Thu May 18 19:59:30 2006] [warn] long lost child came home! (pid 2881) On rare occasion, Apache 2.2.2 is crashing with: [Fri May 19 17:29:05 2006] [notice] child pid 11243 exit signal Segmentation fault (11) (Long list, all the child pids different of course.) And a separate bug on this; please follow the instructions at the following URL to generate a backtrace: http://httpd.apache.org/dev/debugging.html#crashes Regards, joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Apache with SSL
On Thu, May 18, 2006 at 11:07:59AM +0530, Kaushal Shriyan wrote: Anyone - when I try starting Apache directly (outsie of samon using: apachectl sslstart) I get the error: [EMAIL PROTECTED] apache]$ ./bin/apachectl sslstart /oap//blogsdev/blogs_as3/apache/bin/httpd: error while loading shared libraries: libaprutil-0.so.0: cannot open shared object file: No such file or directory But the file does exist in apache/lib, and has the right permissions. Any ideas? This probably means you have moved the httpd installation to a different directory from the original installation directory. That won't work by default. Presuming this is Linux, you can add the line LD_LIBRARY_PATH=/path/to/apache/lib to the bin/envvars file to make it pick up the libraries in this path. joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Large files
On Thu, May 11, 2006 at 11:58:15AM -0400, Mike VanHorn wrote: I have compiled and built 2.0.58, but I am still getting the same error: (79)Value too large for defined data type I'd been checking and LFS was supposedly fixed in 2.0.53, so why am I getting this error? I'm on Solaris 10 x86. The unnecessarily obscure more up to date reference means 2.2.x - see http://httpd.apache.org/docs/2.2/new_features_2_2.html - 2.2.x releases have large file support out of the box. No 2.0.x release has large file support on 32-bit platforms (there are some hacks you can use, but this is not recommended or supported). Regards, joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Segmentation fault when calling ldap_connect from PHP page
On Wed, Apr 26, 2006 at 10:17:34AM +, Conor Murphy wrote: Hi, I'm trying to connect to an LDAP server from a PHP page. If I use the php cli to execute the page, everything works okay. However, when I access the same page through httpd, I get a blank response and the error_log contains an entry like child pid 3552 exit signal Segmentation fault (11). The page just looks like There are fixes in testing for LDAP in php/httpd on 64-bit platforms: # yum --enablerepo=updates-testing httpd php joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Images / files partially loading?
On Wed, Feb 22, 2006 at 05:05:35PM -0800, Evan Platt wrote: Here's the situation, I've looked in the faq, not sure what wording to use, so that could partially be my problem... One solution I found was to enable Enable SendFile Off, that didn't help.. Here's the setup: 6.0 mbps/600k DSL (6 megs down, 600 k upstream). 2 computers on network: Dell PC, and Mac G4. Mac G4 is running apache.2.0.52. Upgrade to 2.0.55 or 2.2.0, there's a known issue with earlier 2.0.x releases on OS X (well, an OS X kernel bug which was not worked around) which can cause responses to be truncated at 64K. joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Apache 2.2 seems to have problems with CIFS mounted filesystems
On Tue, Feb 14, 2006 at 01:43:12PM -0800, Tim Garton wrote: Has anyone else run into anything like this? Just upgraded to Apache 2.2.0 on a linux box running 2.6.10 kernel. This machine mounts some windows shares via CIFS (eg. mount -t cifs //windowsfs/share /local/mount/point) For some of the virtual hosts the UserDir's lie on these mounted CIFS filesystems. After upgrading to 2.2, whenever you try to visit one of these UserDir pages, if it's an .html page you get the html but no images work, if it's anything else you get a blank page. Additionally, we see these in our error logs: [Mon Feb 13 14:55:08 2006] [info] [client 172.16.10.7] (75)Value too large for defined data type: core_output_filter: writing data to the network Could you capture the strace output when this happens? e.g. strace -o /tmp/httpd.strace httpd -X ... send a request which triggers the error CTRL-C. then gzip and upload /tmp/httpd.strace somewhere; please don't post it to this list. It might be useful also to know the: - Linux distribution - CPU architecture - glibc version Regards, joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Apache 2.2 seems to have problems with CIFS mounted filesystems
On Wed, Feb 15, 2006 at 09:49:52AM -0800, Tim Garton wrote: Ok, I took Joe's advice. You can find the strace at: http://staff.hightechhigh.org/~tgarton/httpd.strace.gz The other info you asked for is: Linux distro - Slackware 10.1 CPU arch - x86(Pentium III) glibc version - 2.3.2 Thanks. The error: sendfile64(8, 9, [0], 5571) = -1 EOVERFLOW (Value too large for defined data type) should never happen; I suppose this could be a bug in the CIFS driver, but it's a little odd. You can use EnableSendfile off to work around the issue. Upgrading the kernel might fix it properly. joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] SSL in Apache 2.2.0
On Thu, Feb 02, 2006 at 05:54:18PM +0100, Kövesdán Gábor wrote:
CustomLog /var/log/apache/httpd-ssl_request.log \
%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\ %b
If I set here (globally) SSLEngine optional or on, Apache didn't even
start, and I get this in the error log:
You need SSLEngine on somewhere. What error was produced from
apachectl? How did it fail to start? There aren't any errors in the
error_log you posted.
[Thu Feb 02 17:35:06 2006] [info] mod_unique_id: using ip addr 217.20.133.7
[Thu Feb 02 17:35:07 2006] [info] Init: Seeding PRNG with 0 bytes of entropy
...
joe
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Cannot startup apache in RHEL AS 4.
On Tue, Feb 07, 2006 at 03:30:43PM +0530, [EMAIL PROTECTED] wrote: I am not able to start up httpd in RHEL AS 4. The error I get is as follows. Starting httpd: Syntax error on line 190 of /etc/httpd/conf/httpd.conf: Cannot load /etc/httpd/modules/mod_jk.so into server: /etc/httpd/modules/mod_jk.so: failed to map segment from shared object: Permission denied This is probably due to the SELinux policy. Try running: # restorecon -v /etc/httpd/modules/mod_jk.so to label the DSO properly. joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] SSL in Apache 2.2.0
On Tue, Feb 07, 2006 at 03:07:07PM +0100, Kövesdán Gábor wrote: Joe Orton wrote: You need SSLEngine on somewhere. What error was produced from apachectl? How did it fail to start? There aren't any errors in the error_log you posted. Exactly what I wrote. I know SSLEngine On is needed somewhere. Here is the result once more. Take the config I made online (there's the link in the bugreport), modify httpd-ssl.conf to contain SSLEngine On (that file is included in httpd.conf), and start the server with debug loging: I can't reproduce any problems here using your config. For the configuration with SSLEngine On in global context, where the server silently fails to start up, can you do: strace -o /tmp/httpd.trace httpd -X then gzip the httpd.trace and upload it somewhere or send it to me privately. (this may reveal parts of your private key file, so use a test key pair before doing it or edit the strace log). What OS, and what version of OpenSSL are you using, also? joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] SSL in Apache 2.2.0
On Tue, Feb 07, 2006 at 03:43:18PM +0100, Kövesdán Gábor wrote: Joe Orton wrote: I can't reproduce any problems here using your config. For the configuration with SSLEngine On in global context, where the server silently fails to start up, can you do: strace -o /tmp/httpd.trace httpd -X then gzip the httpd.trace and upload it somewhere or send it to me privately. (this may reveal parts of your private key file, so use a test key pair before doing it or edit the strace log). What OS, and what version of OpenSSL are you using, also? joe Unfortunately, strace doesn't build on amd64 thus I can't use it. Is there some other way to get a trace? Use truss on FreeBSD, the syntax is the same as the strace command above. joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Dual SAN certificate support
On Fri, Feb 03, 2006 at 10:08:19AM -0600, Savage, Robert CTR USTRANSCOM J6 wrote: Event Type: Error Event Source: Service Control Manager Event Category: None Event ID: 7024 Date: 2/2/2006 Time: 8:20:18 AM User: N/A Computer: UNDERDOG Description: The Apache2 service terminated with service-specific error 1. When I edit ssl.conf to point to a single-SAN certificate for another IP-based virtual web site, Apache starts up smartly with no errors. Is it possible for you to debug this crash? I don't know how to get a stack backtrace on Win32 but that's what I'd to see to investigate this any further. Can you give the openssl x509 -text output of the certificate which causes the crash at startup? joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] sumbol multiple-defined when compiling httpd 2.2.0 on Solaris 8
On Mon, Feb 06, 2006 at 09:51:10AM +0100, Nico De Ranter wrote: thanks but I don't seem to be able to apply the patch (on a fresh httpd-2.2.0 directory) mena.[root]# cd httpd-2.2.0/srclib/apr mena.[root]# patch -p1 apr-1.2.2-random.patch Looks like a unified context diff. Hunk #1 failed at line 57. Hunk #2 failed at line 5. Maybe the patch has been mangled in the download? If not perhaps try a GNU patch rather than whatever comes with Solaris. The patch applies cleanly to a 2.2.0 tarball. joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Dual SAN certificate support
On Thu, Feb 02, 2006 at 04:20:42PM -0600, Savage, Robert CTR USTRANSCOM J6 wrote: Acronym defined: SAN = Subject Alternative Name Certificate contains two FQDN entries, one an alias to the other: DNSName: fully.qualified.name DNSName: alias-of.qualified.name What I got back from the CA is a certificate that's slightly longer than one for a single FQDN host. Apache2 refuses to start with this Dual SAN cert. mod_ssl doesn't care about what subjectAltName extensions might be in the certificate, though it might cause false warnings about subject CN mismatches. What error is being printed when the server fails to start? What does the error_log say? Regards, joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Apache 2.0.55 SSL and POST problem
On Tue, Jan 31, 2006 at 02:42:27PM +, Stephen Collyer wrote: Joe Orton wrote: On Tue, Jan 31, 2006 at 12:34:27PM +, Stephen Collyer wrote: I have an SSL enabled Apache 2.0.55, with a CGI enabled Location accessible via SSL. When I try to execute a POST against this location, I get a 405 Method not allowed response. This is http://issues.apache.org/bugzilla/show_bug.cgi?id=12355 - which was fixed in 2.2.0; you can apply this patch to 2.0.x releases: http://issues.apache.org/bugzilla/attachment.cgi?id=16495 Joe Thanks - that certainly looks like the problem. I notice that there are some potential workarounds mentioned on that page. Is there an official workaround, or should someone with a 2.0 Apache simply bite the bullet and apply the patch ? (or move to 2.2.0 ?) Ignore all the patches in the PR other than the one I referenced above - that is the same as the code which went into 2.2. There is no official fix for 2.0 unless and until something gets committed, but the above patch is as close as you'll get until then. joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Solaris SIGBUS and core on changes to mmap'd files
On Thu, Jan 19, 2006 at 06:08:21PM -, Matt Willsher wrote: I have a set up where by Apache serves static content from an NFS share. This works ok most of the time but we have been getting occasional BUS signals, resulting in core dump, when reading files. This apparently occurs because the requested file changes between it being mmap'd and the memcpy. This is a known issue with 1.3. Upgrade to 2.0, and the server will usually use sendfile(), which avoids the problem, and the EnableMMAP and EnableSendfile directives are available to control it precisely. In general if files on your site are modified in-place you will sometimes be serving corrupt content, so this situation is generally better avoided in the first place. Regards, joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] php_admin_flag question
On Wed, Jan 18, 2006 at 08:13:00PM -0600, Graham Frank wrote: I am trying to restrict a open_basedir to the document root of the domain. So I have the following in httpd.conf. Location / php_admin_value open_basedir / /Location open_basedir takes a filesystem path, that directive has no effect at all. open_basedir itself is not a reliable security barrier in any case, see http://www.php.net/security-note.php. joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] file size limitation?
On Thu, Jan 12, 2006 at 10:41:11AM -0500, Chris Purcell wrote: Is there a maximum file size limitation in Apache where you cannot download files over 4GB?I have both an Apache 1.3.29 server and an Apache 2.2.0 server with the same files on them. One file is 4.2GB and the other is 5GB. When you view the files in your browser on the 1.3.29 server, the files are shown as 165MB and 787MB, respectively. On the Apache 2.2.0 server, the file sizes are shown correctly, but when you try to download them, they fail once you reach the 4GB mark of the download. That's likely to be a client limitation - 2.2 will correctly handle large files. What client? I don't believe any of the browsers currently handle large files correctly; modern versions of wget and most versions of curl will, however. joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Odd SSI SegFaults using 2.0.55
On Mon, Jan 09, 2006 at 10:27:03PM -0600, Josh Trutwin wrote: I had a request to enable SSI on one of the domains I manage on a 2.0.55 server (built from source) on Debian Linux. SSI behavior can only be described as odd. ... I verified the existence and permission of all files. This causes a Seg Fault in the apache logs though: [Mon Jan 09 22:05:49 2006] [notice] child pid 10562 exit signal Segmentation fault (11) Can you get a backtrace and file a bug? http://httpd.apache.org/dev/debugging.html#crashes joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Having trouble installing Apache 2.2.0 on SUSE LINUX version 9
On Thu, Jan 05, 2006 at 10:32:24AM -0500, [EMAIL PROTECTED] wrote: I am trying to install Apache Server on a SUSE LINUX Version 9 machine. The machine is X86_64. ... pr_ldap_option.lo misc/apr_reslist.lo misc/apr_rmm.lo misc/apu_version.lo misc/apr_queue.lo misc/apr_date.lo uri/apr_uri.lo xml/apr_xml.lo strmatch/apr_strmatch.lo xlate/xlate.lo dbd/apr_dbd.lo dbd/apr_dbd_sqlite2.lo dbd/apr_dbd_sqlite3.lo dbd/ap r_dbd_pgsql.lo -lrt -lcrypt -lpthread -ldl -lgdbm -ldb-4.2 /usr/lib/libexpat.la /usr/local/apr-httpd//lib/libapr-1.la - lrt -lcrypt -lpthread -ldl /usr/lib/libexpat.so: could not read symbols: Invalid operation collect2: ld returned 1 exit status This is a known bug; you can run rpm --erase expat-devel.i386 as root to workaround the problem. Rgeards, joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Having trouble installing Apache 2.2.0 on SUSE LINUX version 9
On Thu, Jan 05, 2006 at 11:07:09AM -0500, [EMAIL PROTECTED] wrote: expat-devel.i386 is not installed on the system. And the expat 1.95.7-37.1 and the expat-32bit all seem to have quite a large number of running programs that depend on them being installed. You don't need the 32-bit expat-devel package for any running programs; that's the one you need to remove. Thanks for the suggestion, though. You state that it's a known bug - is there a web page or something that you can share with me so I can research it more? The bug is: http://issues.apache.org/bugzilla/show_bug.cgi?id=28205 joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Apache 2.2.0 SSL build issues: multiple definition of`SHA256_Update'
On Wed, Jan 04, 2006 at 09:28:24AM -0700, Brian Kosick wrote: ... make[4]: Entering directory `/var/build/edg-bali/Build/edg/edg-build/httpd.2.2.0/src/httpd-2.2.0/support' /var/build/edg-bali/Build/edg/edg-build/httpd.2.2.0/src/httpd-2.2.0/srclib/apr/libtool --silent --mode=link gcc -g -O2 -pthread -L/var/build/edg-bali/Build/edg/edg-build/openssl/build/lib -o ab -static ab.lo -lm /var/build/edg-bali/Build/edg/edg-build/httpd.2.2.0/src/httpd-2.2.0/srclib/pcre/libpcre.la /var/build/edg-bali/Build/edg/edg-build/httpd.2.2.0/src/httpd-2.2.0/srclib/apr-util/libaprutil-1.la -lgdbm -ldb-4.1 -lexpat /var/build/edg-bali/Build/edg/edg-build/httpd.2.2.0/src/httpd-2.2.0/srclib/apr/libapr-1.la -luuid -lrt -lcrypt -lpthread -ldl -lssl -lcrypto -L/usr/kerberos/lib -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto -lresolv -ldl -lz /var/build/edg-bali/Build/edg/edg-build/openssl/build/lib/libcrypto.a(sha256.o)(.text+0x0): In function `SHA256_Update': : multiple definition of `SHA256_Update' This is a problem in APR, you can apply the following patch: http://people.apache.org/~jorton/apr-1.2.2-random.patch by doing: cd srclib/apr patch -p1 apr-1.2.2-random.patch and then rebuilding. Regards, joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] httpd installation on hp-ux 11.11 pa-risc2.0-64bit
On Mon, Dec 19, 2005 at 10:27:14AM -0500, Boys Santos wrote: Joe, Thanks for taking this question. Configure was ran as follows: export CFLAGS=+DD64 ./configure Can you try instead: unset CFLAGS export CC=cc +DD64 ./configure and see if that works? If not, does it work if you don't specify +DD64 at all? joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] httpd installation on hp-ux 11.11 pa-risc2.0-64bit
On Sat, Dec 17, 2005 at 09:39:10AM -0500, Boys Santos wrote: I am trying to install httpd version 2.2.0 on an hp-ux 11.11 pa-risc2.0-64bit box. Following is the error from make: /bin/sh /tmp/httpd-2.2.0/srclib/apr/libtool --silent --mode=compile cc - Ae +Z +DAportable -mt +DD64 -DHAVE_CONFIG_H -DHPUX11 -D_REENTRANT -D_XOPEN_SOUR CE_EXTENDED -D_LARGEFILE64_SOURCE -I./include -I/tmp/httpd-2.2.0/srclib/apr/in clude/arch/unix -I./include/arch/unix -I/tmp/httpd-2.2.0/srclib/apr/include -o file_io/unix/open.lo -c file_io/unix/open.c touch file_io/unix/open.lo cc: warning 441: Previous '+DA' or '+DD' option overridden by '+DD64' option. cc: file_io/unix/open.c, line 115: error 1588: O_LARGEFILE undefined. *** Error exit code 1 That's pretty strange, configure has already checked that O_LARGEFILE is available. Can you upload the srclib/apr/config.log file somewhere or send it to me privately? Please also describe exactly how you ran configure. joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Apache 2.1.9 - core_output_filter: writing data to the network errors, when downloading large files
On Thu, Dec 15, 2005 at 12:42:00PM -0800, Cletus Murphy wrote: It appears that when a user downloads a file over 5G, the download fails. - I'm seeing the following error's in the logfile: (104)Connection reset by peer: core_output_filter: writing data to the network (32)Broken pipe: core_output_filter: writing data to the network ..I've confirmed I'm able to download the entire file using wget. Is this error related to the users web browser?, is it the network?, or a problem with apache? Most browsers don't handle large file downloads properly (be that 2Gb or 4Gb), it's most likely to be a browser bug. Regards, joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Problem when mixing NameVirtualHost + non with SSL - Oops, no RSA or DSA server certificate found?!
On Fri, Dec 09, 2005 at 05:59:21PM +, Nick Burch wrote: From this, I see all my vhosts are defined, and correctly set for SSL/not SSL. During the loading iteration, it loads one certificate+key fine. Then it loads the second. After that, no more vhosts are checked! It seems therefore that it's dropping out of the vhost iteration early for some reason, and hence not loading all the certificates+keys. Have you got a minimal configuration which reproduces this? That would be the first step to tracking this down. Regards, joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Problem when mixing NameVirtualHost + non with SSL - Oops, no RSA or DSA server certificate found?!
On Wed, Dec 14, 2005 at 06:16:03PM +, Nick Burch wrote: On Wed, 14 Dec 2005, Nick Burch wrote: The config is still a bit complex, but it's getting there OK, config is attached. Drop it into a largely fresh /etc/apache2/ Three of the private keys are encrypted, all with the password test Apache will load keys+certs for webmail.test, melody.test, fluffy-internal.test. It won't get around to loading keys+certs for fluffy-b.test, fluffy-a.test or nems.test, and hence will bomb out. Shout if any of it doesn't make sense None of it makes sense :) How is this bundle'o'stuff included in httpd.conf? Are you using vendor packages or a build from tarball (I guess Debian from the layout)? There are a couple of obscure mod_ssl problems which can be caused by bad packaging. joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] compiling apache 2.2 with openldap on solairs 9
On Wed, Dec 07, 2005 at 09:39:49AM -0500, [EMAIL PROTECTED] wrote: ... Configure options to Apache ./configure --with-ldap-sdk=openldap --enable-ssl --with-ssl=/usr/local/ssl --enable-authnz-ldap --enable-ldap --with-ldap=/usr/local Don't pass an argument to --with-ldap, try, e.g.: --with-ldap --with-ldap-lib=/usr/local/lib \ --with-ldap-include=/usr/local/include (you may also need to set LD_LIBRARY_PATH=/usr/local/lib) joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Compile httpd-2.2.0 on FreeBSD 6
On Tue, Dec 06, 2005 at 06:59:23PM -0500, Joe Apache wrote: server/.libs/libmain.a(exports.o)(.data+0xae0): undefined reference to `apr_memcache_stats' Where did you get your version of apr from? The bundled version doesn't include apr_memcache. I installed apr-1.2.2 from the apache.org. I wasn't able to ./configure it (APR version was 0.9.7 it said) Please upload the output of configure and the config.log file produced somewhere. It looks like you have a patched or broken installation of APR on your system somewhere (perhaps from the ports?). joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] httpd-2.2.0 on FreeBSD 6 working... one small message, though
On Wed, Dec 07, 2005 at 11:40:05AM -0500, Joe Apache wrote: ok I remove all traces of APR and it works! Now I have this message: [Wed Dec 07 12:37:09 2005] [warn] (2)No such file or directory: Failed to enable the 'httpready' Accept Filter This is a harmless warning and should probably be an info-level error messages rather than warn-level; can you file a bug on that? joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Another apache 2.2 configure question
On Wed, Dec 07, 2005 at 06:17:46PM +0100, Alexander Stoll wrote: Hi there, the configure-option --disable-ipv6 seems no longer properly supported, during build libtool fails on a undefined symbol sock_is_ipv6 in libapr-1.so. Is this a bug or is this configure option not supported anymore? Looks like an APR bug, can you file it in bugzilla? You shouldn't really need --disable-ipv6 on any modern system though, what platform are you using? joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Apache 2 start_ssl - missing symbol
On Sun, Nov 27, 2005 at 12:27:52PM +, Stephen Collyer wrote: httpd is linking against libcrypto 0.9.7 in /usr/lib which is missing the symbol in question. So now the question is why did my configure not force linking against my local copy of 0.9.8a ? ... Is -with-ssl not supported anymore, or am I screwing up in some other way ? Can you try setting: export PKG_CONFIG_PATH=/home/stephen/apache/openssl-0.9.8a/lib/pkgconfig before running configure? joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Apache 2 start_ssl - missing symbol
On Sat, Nov 26, 2005 at 10:57:11AM +, Stephen Collyer wrote: When I start Apache, I get this: [EMAIL PROTECTED] $ bin/apachectl startssl Syntax error on line 251 of /usr/local/apache2-ssl/conf/httpd.conf: Cannot load /usr/local/apache2-ssl/modules/mod_ssl.so into server: /usr/local/apache2-ssl/modules/mod_ssl.so: undefined symbol: X509_STORE_CTX_set_depth nm tells me that X509_STORE_CTX_set_depth appears as a text symbol in openssl-0.9.8a/crypto/x509/x509_vfy.o and also the static library openssl-0.9.8a/libcrypto.a so I guess it's some link error, but I'm not sure what. Anyone got any ideas as to what I've screwed up ? In 2.0.x you can't build mod_ssl as a DSO against OpenSSL if OpenSSL is only available as static libraries. You can either build OpenSSL shared libraries, or upgrade to 2.1.x, where this should work OK (though I wouldn't recommend it at all). joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] mod_proxy_html question
On Fri, Nov 25, 2005 at 09:22:56AM +0100, Joost de Heer wrote: Hello, I have a mod_proxy_html question: This is not a support forum for mod_proxy_html, you might be better off contacting Nick directly. Regards, joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Apache stops/freezes before Digest: done
On Tue, Nov 22, 2005 at 05:49:31PM +0100, Joel CARNAT wrote: ... [warn] NameVirtualHost *:80 has no VirtualHosts [notice] Digest: generating secret for digest authentication ... Pass --with-devrandom=/dev/urandom to configure when you build the server (or when you build APR, if you do that separately). joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] how to turn off ssl debug log
On Fri, Nov 11, 2005 at 01:24:18PM +0800, jiesheng zhang wrote: Hi, My system is suse 9.3, apache 2.0 and mod_ssl. The /var/log/apache2/error_log has lots of ssl debug information such as this --- [Thu Nov 10 22:55:48 2005] [debug] ssl_engine_io.c(1593): | 01d0: d6 07 05 83 7f f6 3c cb-50 cc b3 a2 eb 1c f8 2f ...P../ | -- How can I configure apache to turn off the debug log from ssl? This only happens if you have LogLevel debug configured; to turn it off just for the SSL vhost, put LogLevel info or higher in the SSL VirtualHost ... block. joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Re: [warn] (99)Cannot assign requested address: connect to listener on [::]:443
On Wed, Nov 09, 2005 at 09:29:24AM -0600, Joe A wrote: noone has seen this before? If you're building from tarballs, update to 2.0.54 or later; if you're using Fedora, run yum update and there's a specific fix for a problem in the Fedora httpd package which caused this. joe On 10/26/05, Joe A [EMAIL PROTECTED] wrote: I noticed these entries in my Apache2 error_log file this evening. I would greatly appreciate it if someone could fill me in as to what it means. [Wed Oct 26 19:49:37 2005] [warn] (99)Cannot assign requested address: connect to listener on [::]:443 [Wed Oct 26 21:02:36 2005] [warn] (99)Cannot assign requested address: connect to listener on [::]:443 [Wed Oct 26 21:21:19 2005] [warn] (99)Cannot assign requested address: connect to listener on [::]:443 [Wed Oct 26 22:29:14 2005] [warn] (99)Cannot assign requested address: connect to listener on [::]:443 [Wed Oct 26 23:00:58 2005] [warn] (99)Cannot assign requested address: connect to listener on [::]:443 -joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Help with Digest Authentication
On Wed, Nov 02, 2005 at 11:33:32AM -0500, Leo Papadopoulos wrote: Dear httpd-users and Joshua: Here is the information Joshua asked for. The httpd.conf file is configured with: In your first post you said you had: AuthName private area which is it really using? The string configured as the AuthName must exactly match the realm string passed to htdigest otherwise auth will fail. I'd get rid of the AuthDigestDomain setting from the config as it doesn't make much difference. joe Location /private/ AuthType Digest AuthName http://sip.telecomcto.com/ AuthDigestDomain /private/ http://sip.telecomcto.com/ AuthDigestFile /etc/httpd/conf/htdigusers Require valid-user /Location The error log says: [Wed Nov 02 11:24:40 2005] [error] [client 69.0.78.113] Digest: user `leo' in realm `http://sip.telecomcto.com/' not found: /private/ The htdigusers file says: leo:http://sip.telecomcto.com/:23496e7646ea444ff7930fbd325d32f I still cannot log in. I get rejected as you can see from the error message, but I don't know why. Leo P. -Original Message- From: Joshua Slive [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 02, 2005 10:49 AM To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] Help with Digest Authentication On 11/1/05, Leo Papadopoulos [EMAIL PROTECTED] wrote: When I access http://sip.telecomcto.com/private Firefox brings up the username password box, but when I type it in it does not accept the username and password and just brings up the dialog box again.. Anything interesting in the apache error_log? Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Why wont apache start with this httpd.conf?
On Thu, Oct 13, 2005 at 03:38:22PM +0200, Søren Neigaard wrote: I have a strange problem on Fedora Core 4. I have edited my httpd.conf, and now apache will not start when i use the /etc/init.d/httpd script, but if do a configtest it says ok, and if i start apache manually with /usr/sbin/httpd it allso works just fine. This is an SELinux issue. In FC4, SELinux policy is only applied if httpd is started via the init script. You'd have to correctly label the docroots outside /var/www so that the SELinux policy will allow access; see the following guides for more information: http://fedora.redhat.com/docs/selinux-apache-fc3/ http://fedora.redhat.com/docs/selinux-faq-fc3/ e.g. something like this should work: # chcon -R -t httpd_sys_content_t /home/www/ ... VirtualHost 192.168.0.253 DocumentRoot /home/www/html /VirtualHost Regards, joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] only 64k per file downloading from my webserver
On Sun, Oct 09, 2005 at 09:21:43PM -0500, William Rowe wrote: Joshua Slive wrote: On 10/9/05, Ashley Williams [EMAIL PROTECTED] wrote: Two minutes of research came up with this, which shows two workarounds and a patch to fix the problem: http://issues.apache.org/bugzilla/show_bug.cgi?id=34332 I see nothing in the report that indicates it was also backported before 0.9.7 was rolled; a shame really since this will continue to hinder OSX users. http://svn.apache.org/viewcvs.cgi/apr/apr/tags/0.9.7/build/apr_hints.m4?rev=291729view=log the fix is in 0.9.7. joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Re: Error with ssl and php4
On Fri, Oct 07, 2005 at 03:46:13PM +, Com Puter wrote: The openssl libraries are installed and can be verified with a static version of mod-ssl compiled in by checking the output of: lsof |grep libssl which returns several apache2 processes having /usr/lib/libssl.so.0.9.7 open. This has me puzzled, it should work but doesn't. It is almost like the libssl .so is not being made available to the included loadmodule processes. This is a Debian specific problem, please report it to Debian. http://www.debian.org/Bugs/Reporting joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Dumping core
On Fri, Oct 07, 2005 at 03:51:20AM +0100, binoj johny wrote: Iam working on apache 2.0.47 with ssl and reverse proxy in AIX 5.2.Everything is working fine but apache is dumping core in a regular basis.THe dumping of sore is less during the night time but in peak hours it will be 2 times in hour and in the error log iam getting like this ... I have given log level to debug mode So iam getting like this Mon Oct 03 20:00:02 2005] [debug] proxy_http.c(310): proxy: keepalive address match (keep original socket) [Mon Oct 03 20:00:02 2005] [info] SSL0240I: SSL Handshake Failed, Socket has been closed. This is IHS, I'd guess -- contact IBM for support. joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Apache 2.0: Recommended Mutex types for Solaris 8,9,10
On Wed, Oct 05, 2005 at 03:36:45PM +0200, Axel-Stéphane SMORGRAV wrote: Joe, Thanks for replying to my post. Isn't the AcceptMutex only used inside the parent process to serialise the access to the accept(2) system call ? It's used in *children* to do that, yes. Is your comment about cross-process mutex relevant for SSLMutex rather than AcceptMutex , and would that mean that in your opinion although it might be OK to use pthread for AcceptMutex it should be avoided in the case of SSLMutex ? The same concerns apply to both equally. If the process crashes holding the SSLMutex then all processes which try to server SSL are liable to deadlock. Would you have any idea of the performance implications of using fcntl or flock over sysvsem or pthread ? No idea on Solaris, sorry, you'd have to benchmark this. Regards, joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Apache 2.0: Recommended Mutex types for Solaris 8,9,10
On Mon, Oct 03, 2005 at 11:17:38AM +0200, Axel-Stéphane SMORGRAV wrote: As far as I can tell, in Apache versions 2.0.49 and prior the default Mutex type (at least for AcceptMutex) was pthread. It then changed to fcntl around Apache 2.0.50 leading me to post the following http://issues.eu.apache.org/bugzilla/show_bug.cgi?id=32325 issue, and explicitly set both mutexes to pthread which appeared to solve the problem. Several people have since posted similar problems and solved the issue by explicitly setting the mutex types to something other than AcceptMutex default and SSLMutex default. Does anyone have any idea of the pros and cons of the different mutex types, provided they are available on any given platform? Is there any reason to use a different mutex implementation for AcceptMutex than you would for SSLMutex? What are the performance and operational issues with each mutex type? A pthread cross-process mutex is not released if the process holding it segfaults; this can lead to the entire server deadlocking particularly if using a threaded MPM. I don't think anybody knows what conditions will lead to the fcntl EDEADLK issue on Solaris, that is really a problem which needs more investigation. (historically, 1.3 always used fnctl on Solaris IIRC, so it is definitely the most tried and tested) joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] How to disable buffering in an Apache proxy server?
On Mon, Sep 26, 2005 at 09:25:17PM +0200, Klaus Ebbe Grue wrote: Hi, Can you help with a hint for this scenario: * If Apache is used as an http reverse proxy, * if it relays a response from a backend server to a client, * if the response is in HTTP/1.1 chunked transfer encoding, * and if the response consists of many small chunks, * then the proxy buffers the small chunks and pass them on in big chunks. How can one instruct Apache to pass chunks on without delay and buffering and rechunking? httpd 2.1.x releases should flush buffered content to the client whenever the backend server stalls - so if you try the 2.1.7 beta it should behave as you expect; please file bugs if not. Regards, joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Apache2.0.48 Illegal instruction Segmentation fault issues
On Mon, Sep 26, 2005 at 07:36:34PM -0700, Jignesh Badani wrote: ... [Mon Sep 26 18:25:45 2005] [notice] child pid 326 exit signal Illegal instruction (4) The management is wanting to know the cause and so do I. What is the best way to debug this ? I know we could upgrade to the latest 2.0.54 and we Follow the instructions on obtaining a backtrace at this URL, and post the backtrace here: http://httpd.apache.org/dev/debugging.html#crashes joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Apache - High Memory Usage Problem - HELP!
On Tue, Sep 27, 2005 at 08:37:16AM -0700, Marc Perkel wrote: Kind of an odd problem but I'm moving my stuff to a new server and for some reason Apache (2.0.54) is using a lot more memory on the new server than on the old server. I'm hosting the same web sites and (I think) I have all the same software installed. Both running Fedora Core 4. The new server is running the 64 bit Linux. The new server is a dual core athlon - the old has 2 Xeon CPUs. Both have 4 gigs of ram. 64-bit platforms will in general show more memory use than a 32-bit platform due to pointers etc being twice as big. Linux on amd64 will also appear to have unnaturally virtual memory use due to the way the loader/kernel interact. But this isn't actually physical RAM being used up so don't worry about it. To compare the two systems make sure that you have exactly the same modules being loaded; PHP for instance will show up larger VM use because it drags in so many shared libraries. joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Bug: apache/mod_svn intermittently creates transaction dirs with incorrect permissions or ownership such that the transaction breaks.
On Tue, Sep 20, 2005 at 12:29:02AM -0400, John Duprey wrote: I'm seeing strange behavior with an apache module (Subversion's mod_svn). Subversion commits through mod_svn are intermittently failing because files and/or directories are being created with ROOT ownership!! or permissions such that the user apache cannot write. This problem happens frequenlty, but _not_always_, so I know it isn't an outright configuration problem in apache or subversion. Apache is set to run as user apache. I've posted this to the subversion mailing lists and plan to file a bug. Are you running any other third-party modules in this httpd installation? If you can get the server into a state where newly created directories always have the wrong permissinos, you could strace a child process and see exactly what it is doing. joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Please!! OSX/Unix 1.3 - 2.0 start from scratch ( Uninstall remove)
On Sat, Sep 17, 2005 at 10:56:20PM +1000, Haali Goodsell wrote: configure: creating ./config.status config.status: creating Makefile ./config.status: fork: Resource temporarily unavailable Something went wrong here. Try it again, and try using the latest version, 2.0.54. joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] ErrorDocumet segfault w/ php
On Thu, Sep 08, 2005 at 09:08:31PM -0700, Jason Morehouse wrote: ErrorDocument 404 /404.php ... server error_log: [Thu Sep 08 21:11:32 2005] [notice] child pid 2102 exit signal Segmentation fault (11) If I change the ErrorDocument to a plain html file it works fine. If I go directly to the php document in a browser, it works fine. We are using redhat enterprise linux 4. httpd-2.0.52 and PHP 5.1 RC1. It's a bug in that version of PHP, it was fixed since then (and was not present in 5.0.x releases either IIRC). joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Bug or Feature : global SSLVerifyClient in VirtualHost overrides the same in Location?
On Tue, Aug 30, 2005 at 10:23:16AM +0200, Yefym Dmukh wrote:
SSLVerifyClient is documented as working in directory context, so it
should also work in Location context. The manual page for mod_ssl does
explicitly say that a SSL renegotiation is triggered if a request for the
location is received.
Then this is a bug, because it doesn't work for Location
Simple test scenario is :
1. access document root location - SSLVerifyClient optional , cance
certificate choice window.
2. access location Location /auth with SSLVerifyClient require - no
triggered SSL negotiation - access without certificate granted.
That should not happen, it would be a serious security issue if it did.
I'd suspect you're seeing a cached session being reused if you're seeing
access granted to a location with SSLVerifyClient require.
Please can you confirm this: add %{SSL_CLIENT_S_DN}x to some CustomLog
line so that you can log whether the client cert is actually being
picked up or not for access to the protected location.
If this isn't working properly it's something we need to get fixed, but
I can't reproduce any problems here.
Regards,
joe
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Why does Apache use up all my memory?
On Thu, Aug 18, 2005 at 02:48:26PM -0400, George Adams wrote: Joe, I just wanted to thank you again. The byterange patch you gave me worked just beautifully. Great, thanks for the feedback. I've proposed this for backport to the 2.0.x branch now so it should show up in a 2.0.x release eventually, pending review. joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Why does Apache use up all my memory?
On Wed, Aug 17, 2005 at 12:12:05PM -0400, George Adams wrote: Joe Are these all simple static files, or is /out/ handled by some CGI Joe script etc? Joe, you're right - they do get passed through a Perl script for processing. However, unless I'm mistaken, I don't THINK the following code would produce the kind of problems I'm seeing: OK, no, it's not your code at fault, it's a bug in httpd. You can apply this patch: http://people.apache.org/~jorton/ap_byterange.diff and I guess I should really submit this for backport to 2.0.x. Joe, thanks for the patch. I'll apply it and see if it helps. One last followup question, though. It seems like there must be tons of sites in the world doing what I'm doing - serving a large amount of downloads. And probably most of those sites are running Apache, and probably a lot of them are using Apache 2.0.x . How is it that they don't seem to have the same problem? If this bug has survived in Apache 2 this long, it must be fairly obscure. Is there some unique set of circumstances that is causing this bug to affect only me and a few others, and not a large number of other Apache servers? The bug only triggers with: - a CGI/... script which generates a large response - a user pointing a download accelerator (or suchlike) at said script. and it has been reported two times on this list in as many weeks - so not that uncommon I guess. joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Why does Apache use up all my memory?
On Mon, Aug 15, 2005 at 11:00:02AM -0400, George Adams wrote: Thanks, Joe and Jon for your helpful thoughts regarding my Apache memory problem. Here's some more information: Joe 1-015823W 0.001742573500GET /out/388.mp3 Joe 2-0 15824 W 0.00 1742573499 GET /out/238.mp3 Joe Joe Are these all simple static files, or is /out/ handled by some CGI Joe script etc? Joe, you're right - they do get passed through a Perl script for processing. However, unless I'm mistaken, I don't THINK the following code would produce the kind of problems I'm seeing: OK, no, it's not your code at fault, it's a bug in httpd. You can apply this patch: http://people.apache.org/~jorton/ap_byterange.diff and I guess I should really submit this for backport to 2.0.x. joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Authentication on Solaris fails when password 8 chars and using MD5 encoded passwords (or digest)
On Thu, Aug 11, 2005 at 12:24:06PM +0200, [EMAIL PROTECTED] wrote: When replacing getpass() with getpassphrase() on Solaris (does the same but with passwords up to 256 chars) all works fine but this is not a portable solution I guess. Another option would be truncating the password that the client had send to 8 chars before validating (but many people like longer passwords for their better strength) Any thoughts for a portable fix? 2.0.x (really, APR) will use getpassphrase() if available. Regards, joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Why does Apache use up all my memory?
On Tue, Aug 09, 2005 at 11:05:49AM -0400, George Adams wrote: I have an Apache 2.0.54 server on a Gentoo Linux (2.6.11) box which has 1Gig RAM and an additional 1Gig swap space. The server handles a lot of people downloading sermons from our church website (which are no larger than 18Meg MP3 files), but I can't figure out how to keep the server from running out of memory. ... And here's what the Apache /server-status URL showed earlier today (I had just restarted the server, but it immediately filled up with download requests, all from the same guy, apparently using a download accelerator judging by the duplicate requests): Srv PID M CPUReq Request 0-015822W 0.48 0GET /out/181.mp3 HTTP/1.1 1-015823W 0.001742573500GET /out/388.mp3 HTTP/1.1 2-015824W 0.001742573499GET /out/238.mp3 HTTP/1.1 Are these all simple static files, or is /out/ handled by some CGI script etc? ... 15853 apache18 0 98.9m 53m 2000 S 0.0 5.3 0:00.51 apache2 if when this happens, you can capture the output of e.g. strace -p 15853 as root, that might help. joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Problem logging SIGTERM to ErrorLog when piping to rotatelogs
On Thu, Jul 21, 2005 at 10:06:37AM -0400, Craft, Wesley wrote: This is a strange problem when using rotate logs. We have multiple apache servers running and the one without rotatelogs being piped to from the ErrorLog directive reports the following in the error log when shutting down: [Wed Jun 15 14:08:46 2005] [notice] caught SIGTERM, shutting down The servers that pipe the ErrorLog through rotatelogs have this (on a line by itself, no timestamp): Terminated At shutdown the rotatelogs process will be sent SIGTERM along with the rest of the process group, so it may exit before the children have to to log their shutdown messages (it's a race). I don't know why it would log that line, though, might be something Solaris-specific. joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users@httpd] Large File Support in Apache 1.3.33
On Thu, Jul 07, 2005 at 08:10:42AM +1000, Dan Goodes wrote: Hi Folks I remember reading somewhere that Apache 1.3.33 supposedly supports large files 2G on 32-bit systems. However I'm not having much success. No, this won't work in 1.3 since 1.3 uses long to represent file sizes. This approach should work with recent 2.0 releases, however. But it causes incompatibilities with third-party modules and it's not really supported in 2.0 either. In the recent 2.1.6 alpha release large file support works out of the box, no special compiler flags needed. Regards, joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users@httpd] file size error? But I don't have a file this big...
On Wed, Jul 06, 2005 at 02:58:22PM -0700, Dan Trainor wrote: Jason Czerak wrote: Wed Jul 06 16:25:18 2005] [notice] child pid 24242 exit signal File size limit exceeded (25) [Wed Jul 06 16:27:00 2005] [notice] child pid 24368 exit signal File size limit exceeded (25) [Wed Jul 06 16:27:02 2005] [notice] child pid 24523 exit signal File size limit exceeded (25) [Wed Jul 06 16:30:14 2005] [notice] child pid 24630 exit signal File size limit exceeded (25) ... Check access and error logs. One of them is 2G. 2.0.54 on Linux can handle 2Gb error/access log files. But some other module or script is definitely accessing or trying to create 2Gb files on this server. If you enable core dumps then you can find out exactly where; start the server with ulimit -c unlimited and add e.g. CoreDumpDirectory /tmp to your httpd.conf, then run gdb on the core dumps produced in /tmp. joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users@httpd] Alias and user directories gives 403 errors
On Fri, May 20, 2005 at 10:12:14AM +0100, Andrew Walmsley wrote: I'm trying to duplicate a server setup from one machine running Redhat 9.0 and Apache 2.0.44 to a machine running Red Hat Enterprise 2.6.9-5.0.5.Elsmp and Apache 2.0.52 The machine was setup, and Apache test page works correctly, tarred over relevant user directories and Apache conf.d files. This setup works fine on the old machine. With UserDir disabled, we use an alias file in conf.d to change /~atx/ to /home/atx/public_html/ Whenever we try to connect to it, 403 errors are given. Access to /home/atx/public/ is 755 for all directories, home owned by root, atx below by atx This is probably due to the SELinux policy - please see, e.g: http://fedora.redhat.com/docs/selinux-apache-fc3/ http://fedora.redhat.com/docs/selinux-apache-fc3/sn-user-homedir.html there is RHEL-specific SELinux information in the RHEL documentation, too. Regards, joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users@httpd] Mysterious intermittent apache2 crashes (not sure how to investigate)
On Tue, May 17, 2005 at 03:56:19PM -0400, Shaun Fanning wrote: Hi, I am running apache2 with mod_php (php 4.3.9) on RedHat ES on a dual processor x86 box. It is running with prefork MPM to avoid any multi-threading issues with PHP. Several times over the last month, apache has died when our load spiked with a lot of concurrent users. Does the error_log list any segmentation faults? If you're using the stock Red Hat packages you should call Red Hat support or file the issue in https://bugzilla.redhat.com/bugzilla/. Regards, joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Possible bug in httpd-2.1.3-beta mod_proxy_balancer (URL arguments omitted)
On Sun, May 08, 2005 at 08:03:28PM -0400, Dave O'Hair wrote: I may have found a bug in httpd-2.1.3-beta mod_proxy_balancer. Or more likely I just don't have it configured properly. Here's the entries from httpd.conf: ... The proxy/balance thing works great until I pass this URL to Apache: http://apachehost:80/Supplier/SupplierServlet?action=reset http://apachehost/Supplier/SupplierServlet?action=reset The URL that gets forwarded to the back-end server is missing the URL arguments (the ?action=reset part). Dave, can you file a bug on this in bugzilla - I'm not sure whether it has been fixed already? http://issues.apache.org/bugzilla/ Regards, joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
