Kind Regards RMG
-- Roger Goudarzi Email: rog...@arkasoft.com WWW: http://www.Arkasoft.com T:+1-(408)-660-3635 F:+1-(408)-493-4576 UK: +44-779-461-5892 On Aug 11, 2014, at 10:27, users-digest-h...@httpd.apache.org wrote: > > users Digest 11 Aug 2014 09:27:27 -0000 Issue 4869 > > Topics (messages 109829 through 109853) > > Re: Use Allow from IP when there is a proxy exist? > 109829 by: Pete Houston > 109830 by: Igor Cicimov > 109831 by: Mark jensen > 109832 by: Igor Cicimov > 109833 by: Tom Evans > 109836 by: Igor Cicimov > > Rewrite and automount question > 109834 by: Rose, John B > 109839 by: Rose, John B > 109840 by: Rich Bowen > 109843 by: Rose, John B > 109845 by: Nick Kew > > Re: Windows Apache 2.4.9 restarts itself > 109835 by: Jeff Trawick > 109846 by: Jeff Trawick > > Apache.org server-status > 109837 by: Rose, John B > 109838 by: Jeff Trawick > > Re: ApacheCon CFP closes June 25 > 109841 by: Rich Bowen > > Re: Order of applicatoin of sites-enabled configs > 109842 by: Rich Bowen > > How to forbid browsers to cache some pages? > 109844 by: Mark jensen > 109847 by: fedora > 109848 by: Mark jensen > > Apache 2.2:How to enable module: mod_expires.c > 109849 by: Mark jensen > 109850 by: Eric Covener > 109851 by: Mark jensen > 109852 by: Pete Houston > > SSL Library Error: error:2D06D075:FIPS routines:fips_pkey_signature_test:test > failure (Type=RSA SHA1 X931) > 109853 by: Abdul Anshad > > Administrivia: > > --------------------------------------------------------------------- > To post to the list, e-mail: users@httpd.apache.org > To unsubscribe, e-mail: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-digest-h...@httpd.apache.org > > ---------------------------------------------------------------------- > > > From: Pete Houston <p...@openstrike.co.uk> > Subject: Re: [users@httpd] Use Allow from IP when there is a proxy exist? > Date: August 7, 2014 at 22:49:55 GMT+1 > To: users@httpd.apache.org > > > On Thu, Aug 07, 2014 at 09:19:10PM +0000, Mark jensen wrote: >> How can I make Apache to deal with the client IP not the proxy IP? > > Use mod_remoteip. > > Pete > -- > Openstrike - improving business through open source > http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 > > > > From: Igor Cicimov <icici...@gmail.com> > Subject: Re: [users@httpd] Use Allow from IP when there is a proxy exist? > Date: August 7, 2014 at 22:56:26 GMT+1 > To: users <users@httpd.apache.org> > > > > > But what if we use proxy (squid) in front, then the source IP will be the > > proxy IP, How can I make Apache to deal with the client IP not the proxy IP? > > > You mean tell squid to send the source ip to apache? Check squid > documentation how to do that or set proxy-for header. What can apache do > about something it doesnt know about? > > > > > > From: Mark jensen <ngiw2...@hotmail.com> > Subject: RE: [users@httpd] Use Allow from IP when there is a proxy exist? > Date: August 8, 2014 at 2:15:50 GMT+1 > To: "users@httpd.apache.org" <users@httpd.apache.org> > > > I have found something like that, iS it true to use it: > > Your .htaccess file: > # ALLOW USER BY IP > order deny,allow > deny from all > SetEnvIF X-Forwarded-For "1.2.3.4" AllowIP > SetEnvIF X-Forwarded-For "5.6.7.8" AllowIP > Allow from env=AllowIP > allow from 1.2.3.4 > allow from 5.6.7.8source: > http://frustratedtech.com/post/42641261089/htaccess-file-to-block-ips-coming-from-varnish > > > > From: Igor Cicimov <icici...@gmail.com> > Subject: RE: [users@httpd] Use Allow from IP when there is a proxy exist? > Date: August 8, 2014 at 9:23:40 GMT+1 > To: users <users@httpd.apache.org> > > > > > Your .htaccess file: > > # ALLOW USER BY IP > > order deny,allow > > deny from all > > SetEnvIF X-Forwarded-For "1.2.3.4" AllowIP > > SetEnvIF X-Forwarded-For "5.6.7.8" AllowIP > > Allow from env=AllowIP > > allow from 1.2.3.4 > > allow from 5.6.7.8source: > > http://frustratedtech.com/post/42641261089/htaccess-file-to-block-ips-coming-from-varnish > > > Looks sane to me although don't see the need for the last 2 allow since they > are already included by the previous "Allow from env=AllowIP". You can also > use regexp like: > > SetEnvIF X-Forwarded-For "1.2.3.4|5.6.7.8|7.8.9.[2-5]|3.4.5.[69]" AllowIP > > just as example. > > > > From: Tom Evans <tevans...@googlemail.com> > Subject: Re: [users@httpd] Use Allow from IP when there is a proxy exist? > Date: August 8, 2014 at 14:20:50 GMT+1 > To: users@httpd.apache.org > > > On Fri, Aug 8, 2014 at 9:23 AM, Igor Cicimov <icici...@gmail.com> wrote: >> >>> Your .htaccess file: >>> # ALLOW USER BY IP >>> order deny,allow >>> deny from all >>> SetEnvIF X-Forwarded-For "1.2.3.4" AllowIP >>> SetEnvIF X-Forwarded-For "5.6.7.8" AllowIP >>> Allow from env=AllowIP >>> allow from 1.2.3.4 >>> allow from 5.6.7.8source: >>> http://frustratedtech.com/post/42641261089/htaccess-file-to-block-ips-coming-from-varnish >>> >> Looks sane to me although don't see the need for the last 2 allow since they >> are already included by the previous "Allow from env=AllowIP". You can also >> use regexp like: >> >> SetEnvIF X-Forwarded-For "1.2.3.4|5.6.7.8|7.8.9.[2-5]|3.4.5.[69]" AllowIP >> > > Looks insane to me. If squid is setting X-Forwarded-For and you trust > squid, use mod_remoteip or mod_rpaf2 so that apache knows the real > client address and will use it in authentication and logging. > > Using string matching, or even worse, regexp matching on > X-Forwarded-For is a mistake as it is error prone - you must specify > your authentication as a string or regexp, not as it's native type - > and worse it is potentially malicious as squid does not scrub > X-Forwarded-For, it appends to it, making your simple string match > easily exploitable. > > mod_remoteip and mod_rpaf both know about X-Forwarded-For, they allow > you to specify which hosts you trust to add X-Forwarded-For, and they > interpret the X-Forwarded-For correctly as an IP address, allowing you > to specify your configuration in it's natural form. > > Cheers > > Tom > > > > > From: Igor Cicimov <icici...@gmail.com> > Subject: Re: [users@httpd] Use Allow from IP when there is a proxy exist? > Date: August 8, 2014 at 15:40:47 GMT+1 > To: users <users@httpd.apache.org> > > > > On 08/08/2014 11:21 PM, "Tom Evans" <tevans...@googlemail.com> wrote: > > > > On Fri, Aug 8, 2014 at 9:23 AM, Igor Cicimov <icici...@gmail.com> wrote: > > > > > >> Your .htaccess file: > > >> # ALLOW USER BY IP > > >> order deny,allow > > >> deny from all > > >> SetEnvIF X-Forwarded-For "1.2.3.4" AllowIP > > >> SetEnvIF X-Forwarded-For "5.6.7.8" AllowIP > > >> Allow from env=AllowIP > > >> allow from 1.2.3.4 > > >> allow from 5.6.7.8source: > > >> http://frustratedtech.com/post/42641261089/htaccess-file-to-block-ips-coming-from-varnish > > >> > > > Looks sane to me although don't see the need for the last 2 allow since > > > they > > > are already included by the previous "Allow from env=AllowIP". You can > > > also > > > use regexp like: > > > > > > SetEnvIF X-Forwarded-For "1.2.3.4|5.6.7.8|7.8.9.[2-5]|3.4.5.[69]" AllowIP > > > > > > > Looks insane to me. If squid is setting X-Forwarded-For and you trust > > squid, use mod_remoteip or mod_rpaf2 so that apache knows the real > > client address and will use it in authentication and logging. > > > > Using string matching, or even worse, regexp matching on > > X-Forwarded-For is a mistake as it is error prone - you must specify > > your authentication as a string or regexp, not as it's native type - > > and worse it is potentially malicious as squid does not scrub > > X-Forwarded-For, it appends to it, making your simple string match > > easily exploitable. > > > > Not if you use "forward-for truncate" > > > mod_remoteip and mod_rpaf both know about X-Forwarded-For, they allow > > you to specify which hosts you trust to add X-Forwarded-For, and they > > interpret the X-Forwarded-For correctly as an IP address, allowing you > > to specify your configuration in it's natural form. > > > > Cheers > > > > Tom > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > > For additional commands, e-mail: users-h...@httpd.apache.org > > > > > > From: "Rose, John B" <jbr...@utk.edu> > Subject: Rewrite and automount question > Date: August 8, 2014 at 14:51:56 GMT+1 > To: "users@httpd.apache.org" <users@httpd.apache.org> > > > We have experimented with using Rewrite to replace /~someuser with /someuser > > However there is a problem with systems using automounter in the case of an > http request for a non-existing http://someserver.com/someuser > > Anyone have a way to implement the above without doing undesired automount > attempts of a non-existent "someuser"? > > Thanks > > > > > > From: "Rose, John B" <jbr...@utk.edu> > Subject: Re: Rewrite and automount question > Date: August 8, 2014 at 16:59:20 GMT+1 > To: "users@httpd.apache.org" <users@httpd.apache.org> > > > mod_userdir does not seem to cause superfluous automounter attempts when an > http request to a non-existent web address, http://website.com/~someuser, is > received > > Is there some way to implement that mechanism with > http://website.com/someuser http requests for a nonexistent "someuser"? > > From: <Rose>, John Rose <jbr...@utk.edu> > Date: Friday, August 8, 2014 9:51 AM > To: "users@httpd.apache.org" <users@httpd.apache.org> > Subject: Rewrite and automount question > > We have experimented with using Rewrite to replace /~someuser with /someuser > > However there is a problem with systems using automounter in the case of an > http request for a non-existing http://someserver.com/someuser > > Anyone have a way to implement the above without doing undesired automount > attempts of a non-existent "someuser"? > > Thanks > > > > > > From: Rich Bowen <rbo...@rcbowen.com> > Subject: Re: [users@httpd] Re: Rewrite and automount question > Date: August 8, 2014 at 20:24:44 GMT+1 > To: users@httpd.apache.org > > > > On 08/08/2014 11:59 AM, Rose, John B wrote: >> mod_userdir does not seem to cause superfluous automounter attempts when an >> http request to a non-existent web address, http://website.com/~someuser, is >> received >> >> Is there some way to implement that mechanism with >> http://website.com/someuser http requests for a nonexistent "someuser"? > > What's automounter? Is that some process that mounts a user's home directory > on a remote share or something? > > I suppose you could query a list of valid users on server startup, and use > that (via mod_macro or something?) to generate a list of Alias directives? Or > possibly use a RewriteMap to do the same thing based on a list of users, > although RewriteMap can be a bit of a performance bottleneck. > > --Rich > > >> >> From: <Rose>, John Rose <jbr...@utk.edu> >> Date: Friday, August 8, 2014 9:51 AM >> To: "users@httpd.apache.org" <users@httpd.apache.org> >> Subject: Rewrite and automount question >> >> We have experimented with using Rewrite to replace /~someuser with /someuser >> >> However there is a problem with systems using automounter in the case of an >> http request for a non-existing http://someserver.com/someuser >> >> Anyone have a way to implement the above without doing undesired automount >> attempts of a non-existent "someuser"? >> >> Thanks >> >> > > -- > Rich Bowen - rbo...@rcbowen.com - @rbowen > http://apachecon.com/ - @apachecon > > > > From: "Rose, John B" <jbr...@utk.edu> > Subject: Re: [users@httpd] Re: Rewrite and automount question > Date: August 8, 2014 at 20:40:18 GMT+1 > To: "users@httpd.apache.org" <users@httpd.apache.org> > > > "What's automounter? Is that some process that mounts a user's home directory > on a remote share or something?" > > Yes. But only when it is requested. I.e. When you login via ssh, or access a > web site via http whose content is in the remote filesystem, etc. You may > refer to it as autofs. > > > From: Rich Bowen <rbo...@rcbowen.com> > Reply-To: "users@httpd.apache.org" <users@httpd.apache.org> > Date: Friday, August 8, 2014 3:24 PM > To: "users@httpd.apache.org" <users@httpd.apache.org> > Subject: Re: [users@httpd] Re: Rewrite and automount question > > > On 08/08/2014 11:59 AM, Rose, John B wrote: >> mod_userdir does not seem to cause superfluous automounter attempts when an >> http request to a non-existent web address, http://website.com/~someuser, is >> received >> >> Is there some way to implement that mechanism with >> http://website.com/someuser http requests for a nonexistent "someuser"? > > What's automounter? Is that some process that mounts a user's home directory > on a remote share or something? > > I suppose you could query a list of valid users on server startup, and use > that (via mod_macro or something?) to generate a list of Alias directives? Or > possibly use a RewriteMap to do the same thing based on a list of users, > although RewriteMap can be a bit of a performance bottleneck. > > --Rich > > >> >> From: <Rose>, John Rose <jbr...@utk.edu> >> Date: Friday, August 8, 2014 9:51 AM >> To: "users@httpd.apache.org" <users@httpd.apache.org> >> Subject: Rewrite and automount question >> >> We have experimented with using Rewrite to replace /~someuser with /someuser >> >> However there is a problem with systems using automounter in the case of an >> http request for a non-existing http://someserver.com/someuser >> >> Anyone have a way to implement the above without doing undesired automount >> attempts of a non-existent "someuser"? >> >> Thanks >> >> > > -- > Rich Bowen - rbo...@rcbowen.com - @rbowen > http://apachecon.com/ - @apachecon > > > > From: Nick Kew <n...@webthing.com> > Subject: Re: [users@httpd] Rewrite and automount question > Date: August 8, 2014 at 22:36:43 GMT+1 > To: users@httpd.apache.org > > > > On 8 Aug 2014, at 14:51, Rose, John B wrote: > >> We have experimented with using Rewrite to replace /~someuser with /someuser > > How very 1997. > >> However there is a problem with systems using automounter in the case of an >> http request for a non-existing http://someserver.com/someuser > > That's your filesystem. Apache has no knowledge of whether a directory > exists until it performs a lookup. And it's the lookup that triggers the > automount. > Check your NFS options. > > Using NFS with apache - or anywhere exposed to the public 'net - > is not encouraged. Not good for either security or performance. > >> Anyone have a way to implement the above without doing undesired automount >> attempts of a non-existent "someuser"? > > Most simply, make sure AllowOverride is set to None. > > You could also see if mod_cache helps, and if it doesn't > then you've diagnosed a major inefficiency in your server. > But mod_cache will only reduce, not eliminate, NFS accesses. > > -- > Nick Kew > > > > From: Jeff Trawick <traw...@gmail.com> > Subject: Re: [users@httpd] Windows Apache 2.4.9 restarts itself > Date: August 8, 2014 at 15:21:37 GMT+1 > To: "users@httpd.apache.org" <users@httpd.apache.org> > > > On Thu, Aug 7, 2014 at 9:45 AM, Agnetta Kamugisha > <kamugis...@nccommunitycolleges.edu> wrote: > Jeff, > > Check this link. > > We had to implement this workaround. > https://www.apachelounge.com/viewtopic.php?t=6037 > > FWIW, AH00344 after AH00356 shouldn't be interesting. The listening socket > got closed as part of shutting down after the original problem. I hope to > improve logging of that in the shutdown scenario so that people don't worry > about that. > > This "netsh winsock reset" hint is interesting. With the report we have on > 2.4.10, which tells us which handle goes bad (thus triggering AH00356), the > bad handle is a rather generic handle. (CreateEvent(NULL, TRUE, FALSE, > NULL);) > > When, or how often, do you need to use "netsh winsock reset"? > > Please confirm that you were seeing AH00356 without "netsh winsock reset". > > (I can imagine that there are situations with third-party winsock layers > where "netsh winsock reset" helps with the AH00344 error which doesn't come > right after the AH00356 error.) > > Thanks! > > > > From: Jeff Trawick <traw...@gmail.com> > Subject: Re: [users@httpd] Windows Apache 2.4.9 restarts itself > Date: August 9, 2014 at 1:34:03 GMT+1 > To: "users@httpd.apache.org" <users@httpd.apache.org> > > > On Fri, Aug 8, 2014 at 10:21 AM, Jeff Trawick <traw...@gmail.com> wrote: > On Thu, Aug 7, 2014 at 9:45 AM, Agnetta Kamugisha > <kamugis...@nccommunitycolleges.edu> wrote: > Jeff, > > Check this link. > > We had to implement this workaround. > https://www.apachelounge.com/viewtopic.php?t=6037 > > FWIW, AH00344 after AH00356 shouldn't be interesting. The listening socket > got closed as part of shutting down after the original problem. I hope to > improve logging of that in the shutdown scenario so that people don't worry > about that. > > This "netsh winsock reset" hint is interesting. With the report we have on > 2.4.10, which tells us which handle goes bad (thus triggering AH00356), the > bad handle is a rather generic handle. (CreateEvent(NULL, TRUE, FALSE, > NULL);) > > When, or how often, do you need to use "netsh winsock reset"? > > Uhh, for those trying this, be aware that after doing that it says to restart > the computer ;) > > > Please confirm that you were seeing AH00356 without "netsh winsock reset". > > (I can imagine that there are situations with third-party winsock layers > where "netsh winsock reset" helps with the AH00344 error which doesn't come > right after the AH00356 error.) > > Thanks! > > > > -- > Born in Roswell... married an alien... > http://emptyhammock.com/ > http://edjective.org/ > > > > > From: "Rose, John B" <jbr...@utk.edu> > Subject: Apache.org server-status > Date: August 8, 2014 at 15:56:06 GMT+1 > To: "users@httpd.apache.org" <users@httpd.apache.org> > > > Looking at the apache.org server-status I do not see any of these … > > "OPTIONS * HTTP/1.0" > > In the "Request" column > > While I see quite a few in ours. > > Why does apache.org not have any of these entries? > > thanks > > > > > > From: Jeff Trawick <traw...@gmail.com> > Subject: Re: [users@httpd] Apache.org server-status > Date: August 8, 2014 at 16:02:51 GMT+1 > To: "users@httpd.apache.org" <users@httpd.apache.org> > > > On Fri, Aug 8, 2014 at 10:56 AM, Rose, John B <jbr...@utk.edu> wrote: > Looking at the apache.org server-status I do not see any of these … > > "OPTIONS * HTTP/1.0" > > In the "Request" column > > While I see quite a few in ours. > > Why does apache.org not have any of these entries? > > thanks > > > > You're using prefork MPM and your configuration > (MinSpareServers/MaxSpareServers/etc.) results in child processes being > created and destroyed on a somewhat regular basis? > > The prefork MPM will wake up processes with an OPTIONS request as part of > process management. > > apache.org runs the event MPM. > > > -- > Born in Roswell... married an alien... > http://emptyhammock.com/ > http://edjective.org/ > > > > > From: Rich Bowen <rbo...@rcbowen.com> > Subject: Re: [users@httpd] ApacheCon CFP closes June 25 > Date: August 8, 2014 at 20:26:31 GMT+1 > To: "J.Lance Wilkinson" <jl...@psu.edu> > Cc: users@httpd.apache.org > > > > On 08/06/2014 01:18 PM, J.Lance Wilkinson wrote: >> Rich Bowen wrote: >>> >>> On 06/16/2014 11:06 AM, J.Lance Wilkinson wrote: >> ...snip... >>>> Those of us at edu sites sometimes need to put in for travel/training >>>> funding as much as a year in advance, and my own institution's >>>> budgeting process cuts of June 30th for the Fiscal Year 2014-2015. >>> >> ...snip... >>> ACNA 2015 will be in roughly the same timeframe as ACNA 2014 was (ie, >>> April) and we're currently working on locations. I'll be announcing dates >>> and location at ACEU, at the very latest. Hopefully well before then. >> >> Anything firmer yet besides "roughly April 2015" for those of us who >> desperately need to put in for funding? > > I should have a firm answer to this (which will be announced on this list, > among other places) within the next week, or two at most. > > > -- > Rich Bowen - rbo...@rcbowen.com - @rbowen > http://apachecon.com/ - @apachecon > > > > > > From: Rich Bowen <rbo...@rcbowen.com> > Subject: Re: [users@httpd] Order of applicatoin of sites-enabled configs > Date: August 8, 2014 at 20:31:24 GMT+1 > To: users@httpd.apache.org > > > > On 08/07/2014 05:16 PM, M Busche wrote: >> Frank, >> >> I don't think you understood what I was trying to say. My complaint was >> that in the pre-packaged configuration made with the ubuntu distribution, >> the default vhost configuration is placed in a file prefixed with the string >> 000 which causes it to be loaded first. I renamed it to have a prefix 999, >> so that it was loaded (and processed) last. > > Note that 999 still comes before abc, so you might consider zzz instead of > 999 in order to avoid the same surprise later. > >> I think we are in complete agreement. My original query was to find out >> whether there was something I was confused about, or alternatively an >> explanation as to why-on-earth the people who put together the ubuntu >> distribution would set things up that way. >> >> > > The short answer is that Debian did this in order to make it easier to do > stuff from the command line with the various utilities that they ship with > their Apache httpd packages. The longer answer has to do with how good ideas > mutate into complicated systems over the decades. > > -- > Rich Bowen - rbo...@rcbowen.com - @rbowen > http://apachecon.com/ - @apachecon > > > > From: Mark jensen <ngiw2...@hotmail.com> > Subject: How to forbid browsers to cache some pages? > Date: August 8, 2014 at 22:11:24 GMT+1 > To: "users@httpd.apache.org" <users@httpd.apache.org> > > > How to configure Apache to want to forbid browsers from caching all web > pages in www1.example.com/public > and in www1.example.com/books so every time I ask the browser about any page > it brings it from source. > but I want it to cache the pages under: www1.example.com? > > > > From: fedora <fed...@ayni.com> > Subject: Re: [users@httpd] How to forbid browsers to cache some pages? > Date: August 9, 2014 at 5:59:28 GMT+1 > To: users@httpd.apache.org > > > I thought there was a <META ...> Tag in HTML, something linke NO-CACHE. > Whether the browsers respect it, is another question... > > suomi > > > On 2014-08-08 23:11, Mark jensen wrote: >> How to configure Apache to want to forbid browsers from caching all web >> pages in www1.example.com/public >> and in www1.example.com/books so every time I ask the browser about any page >> it brings it from source. >> but I want it to cache the pages under: www1.example.com? >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> > > > > > From: Mark jensen <ngiw2...@hotmail.com> > Subject: RE: [users@httpd] How to forbid browsers to cache some pages? > Date: August 9, 2014 at 13:42:57 GMT+1 > To: "users@httpd.apache.org" <users@httpd.apache.org> > > > I have found a good tutorial for my goal: > > http://support.tigertech.net/prevent-caching > > > > From: Mark jensen <ngiw2...@hotmail.com> > Subject: Apache 2.2:How to enable module: mod_expires.c > Date: August 9, 2014 at 15:04:15 GMT+1 > To: "users@httpd.apache.org" <users@httpd.apache.org> > > > doing httpd -l returns: > > core.c > prefork.c > http_core.c > mod_so.c > > How to enable the mod_expires module? > > > > From: Eric Covener <cove...@gmail.com> > Subject: Re: [users@httpd] Apache 2.2:How to enable module: mod_expires.c > Date: August 9, 2014 at 15:09:34 GMT+1 > To: users@httpd.apache.org > > > Load it with LoadModule > > (use -M to show dynamically loaded modules.) > > On Sat, Aug 9, 2014 at 10:04 AM, Mark jensen <ngiw2...@hotmail.com> wrote: >> doing httpd -l returns: >> >> core.c >> prefork.c >> http_core.c >> mod_so.c >> >> How to enable the mod_expires module? >> > > > > -- > Eric Covener > cove...@gmail.com > > > > > From: Mark jensen <ngiw2...@hotmail.com> > Subject: RE: [users@httpd] Apache 2.2:How to enable module: mod_expires.c > Date: August 9, 2014 at 15:14:36 GMT+1 > To: "users@httpd.apache.org" <users@httpd.apache.org> > > > Doing httpd -M | grep expire: > > expires_module (shared) > Syntax OK > > and I have found this line in conf file: > > LoadModule expires module modules/mod_expires.so > > but "ExpireDefault" didn't work > > > > From: Pete Houston <p...@openstrike.co.uk> > Subject: Re: [users@httpd] Apache 2.2:How to enable module: mod_expires.c > Date: August 9, 2014 at 16:22:18 GMT+1 > To: users@httpd.apache.org > > > On Sat, Aug 09, 2014 at 02:14:36PM +0000, Mark jensen wrote: >> and I have found this line in conf file: >> >> LoadModule expires module modules/mod_expires.so >> >> but "ExpireDefault" didn't work > > There's no such directive in Apache 2.2 as "ExpireDefault". Perhaps if > you tried "ExpiresDefault" you might have more success. Note that it > takes an argument, so using it without one should still result in a > syntax error. > > Pete > -- > Openstrike - improving business through open source > http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 > > > > From: Abdul Anshad <ab...@visolve.com> > Subject: SSL Library Error: error:2D06D075:FIPS > routines:fips_pkey_signature_test:test failure (Type=RSA SHA1 X931) > Date: August 11, 2014 at 10:26:44 GMT+1 > To: users@httpd.apache.org > > > Hello All, > > I have a set up which runs Apache http-2.4.10 and openssl-1.0.1i, when I try > to start the http server with FIPS mode i get the following error. > > [Mon Aug 11 14:39:24.407781 2014] [suexec:notice] [pid 380] AH01232: suEXEC > mechanism enabled (wrapper: /apps/apache/2.4.10/bin/suexec) > [Mon Aug 11 14:39:24.428616 2014] [ssl:emerg] [pid 380] AH01885: FIPS mode > failed > [Mon Aug 11 14:39:24.428656 2014] [ssl:emerg] [pid 380] SSL Library Error: > error:2D06D075:FIPS routines:fips_pkey_signature_test:test failure (Type=RSA > SHA1 X931) > [Mon Aug 11 14:39:24.428663 2014] [ssl:emerg] [pid 380] AH02312: Fatal error > initialising mod_ssl, exiting. > AH00016: Configuration Failed > > Could somebody help me out with this issue ? Thanks in advance. > > -- > Regards, > Abdul > > --- > This email is free from viruses and malware because avast! Antivirus > protection is active. > http://www.avast.com > > > >
smime.p7s
Description: S/MIME cryptographic signature
