Re: [users@httpd] Re: conditionally create a Virtual Host?

[Jens Kallup]

Hello,

Apache is a WebServer, that handles "static" content.
With modules Handlers, you can extend this to dynamic
serve like with PHP or Perl.
PHP/Perl are programming Languages, which can be use
to "create" static and/or dynamic output on server
side.
PHP code is written as text file format, and can only
be viewed on server side (if you configured your Web
Server (Apache), and don't having mistakes (Syntax
Errors) in PHP source file.
Because Your PHP (HTML) files consists of static text
or data.
To say the Apache (which serve all content related
stuff) a PHP source file can be a normal text file or
a combination/mixture of HTML, and PHP code - Apache
does all the things what are needed to create a static
WebSite.
This begin with the HTML tag .
Alle code that resides within this block, are served
by a PHP Handler, that must be configured in the config
file.
With Protocols like GET,POST... you can send requests
or get responses.
Therefore it give AJAX.
AJAX is mostly used by JavaScript Textfiles on Client
side.
JavaScript is a programming Language on Client Side,
which extends the HTML file format for dynamic
content.
To handle the logic of Your WebSite, PHP comes with a
bunch of functions.
So you can programming a PHP script that create/read/
write a database like MySQL, SQLite, etc..
For this (MySQL) it give a DataBase Server, what is
differnt thing as a WebServer like Apache.
A DataBase Server can be used for Desktop Applications
too.
I suggest, "not to have all server service's on one
server machines.", because the maintain..
You can configure Your Apache with differnt Office Open
Times, with differnt "static" WebSites (can be PHP
script or WebServer URL/URI).
You can configure Your Apache, to get/send Header
informations with rewrite_module.
So it is possible to read-out the Browser-Agent what
the user used at serve time Your Apache.
You can configure Your Apache, to have thousends of
Domains, and Subdomains with one IP (without having
bind9 - a Domain Name Server (DNS) installed on Your
server(s)).
You can configure Your Apache to serve WebSites with
thousends ipv6 local IP numbers without having direct
internet connection.
You can configure Your Apache to "protect" content for
display, getting with direct direcives or password per
user, and password in different password file for each
folder or protect folders per ACL groups, ip ranges ...
You can configure Your Apache with differnt DocumentRoot
folders.
I suggest: "not saving htdocs (also all Your content on
Windows drive C:. or under Windows User Home folder. So
you should always use seperate hard disk partition, and
better, not the same disk, and make Backup Your data.
This can be done by Your favorite Backup Software or
(for cheap) github.com like Software which help You to
"save" state's of Your programming process. So it could
be possible to "backport" a Project without override the
old data.".

Hope this help - HTH, Jens



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Re: conditionally create a Virtual Host?

[Eric Covener]

On Wed, Jan 13, 2021 at 8:03 PM Heather Lotz  wrote:
>
> Thanks for pointing that out.
>
> 
> works correctly.  "Correctly" meaning that Apache starts whether or not the 
> external drive that's mapped to Z: is attached to the PC, 
> localhost:8080/miscellaneous/ resolves when Z: is attached, 
> localhost:8080/miscellaneous/ gives a 404 Not Found response when Z: is not 
> attached.
>
> I also tried
> 
> and that works correctly as well.
>
> The tag name "IfFile" implies that the condition given within the tag must be 
> for a specific file but it seems that supplying only the drive letter is 
> sufficient.  Will  tags work reliably with only the drive letter as 
> the condition as opposed to a specific file?
>

I am not completely sure, but it seems the code evaluates to true when
the parameter is a directory, and c:/ is a directory.  While it's not
documented it seems pretty unlikely to be changed.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Re: conditionally create a Virtual Host?

[Heather Lotz]

Thanks for pointing that out.


works correctly.  "Correctly" meaning that Apache starts whether or not the 
external drive that's mapped to Z: is attached to the PC, 
localhost:8080/miscellaneous/ resolves when Z: is attached, 
localhost:8080/miscellaneous/ gives a 404 Not Found response when Z: is not 
attached.

I also tried

and that works correctly as well.

The tag name "IfFile" implies that the condition given within the tag must be 
for a specific file but it seems that supplying only the drive letter is 
sufficient.  Will  tags work reliably with only the drive letter as the 
condition as opposed to a specific file?


From: Eric Covener 
Sent: Wednesday, January 13, 2021 6:36 PM
To: users@httpd.apache.org 
Cc: Christophe JAILLET 
Subject: Re: [users@httpd] Re: conditionally create a Virtual Host?

> 

No colon after drive letter?

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Re: conditionally create a Virtual Host?

[Eric Covener]

> 

No colon after drive letter?

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] Re: conditionally create a Virtual Host?

[Heather Lotz]

Recently, I upgraded to Apache 2.4.46 on my Windows 10 laptop and tried 
modifying httpd-vhosts.conf to conditionally create the Virtual Host as follows:



DocumentRoot "Z:/files/development/xampp/code/htdocs"

Options Indexes
Require all granted




Unfortunately, it is exhibiting the exact same behavior as documented earlier -
Apache starts whether or not the external drive that's mapped to Z: is attached 
to the PC.  However, code within the  tags is not executed because 
localhost:8080/miscellaneous/ returns a 404 error, even though that is a valid 
address.  When the  tags are commented out then 
localhost:8080/miscellaneous/ resolves correctly (Z: has to be attached when 
the  tags are disabled so Apache will start).

I have also tried

# same VirtualHost code as above

but get the exact same result as described above.

Since a fix was created, tested, then deployed in Apache 2.4.43 for this 
specific issue I'm wondering why it's still behaving as it was prior to version 
2.4.43 on my laptop.  Thoughts?

-

From:Eric Covener 
Sent:Tuesday, October 13, 2020 7:28 AM
To:users@httpd.apache.org 
Cc:Christophe JAILLET 
Subject:Re: [users@httpd] Re: conditionally create a Virtual Host?

On Tue, Oct 13, 2020 at 8:11 AM Heather Lotz  wrote:
>
> Was this change released in a patch or will it be released in the next minor 
> version?

The change is part of 2.4.43 (and later)

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



From: Heather Lotz 
Sent: Tuesday, October 13, 2020 7:11 AM
To: Christophe JAILLET ; users@httpd.apache.org 

Subject: [users@httpd] Re: conditionally create a Virtual Host?

Was this change released in a patch or will it be released in the next minor 
version?


From: Christophe JAILLET 
Sent: Thursday, September 5, 2019 2:12 PM
To: users@httpd.apache.org ; Heather Lotz 

Subject: Re: conditionally create a Virtual Host?

Hi,

we don't have a fixed schedule for release.
2.4.41 has just been released a few weeks ago.

Unless a serious regression is spotted or some security issues discovered, you 
should not expect a new release before, let say, 3-4 months.
If you want to have an idea of the "release rate", have a look at [1].

CJ

[1]: 
http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?revision=1866035=markup=date


Le 05/09/2019 à 00:41, Heather Lotz a écrit :
That is fantastic news!  Thank-you very much for figuring it out and fixing it. 
 Assuming the change gets approved, approximately when will the next release 
become available?


From: Christophe JAILLET 

Sent: Wednesday, September 4, 2019 2:14 PM
To: users@httpd.apache.org 
; Heather Lotz 

Subject: Re: conditionally create a Virtual Host?

Hi,

The issue has been tracked down and has been fixed on trunk in r1866418 [1].

It will be proposed for backport and should be in next release if the change is 
approved.

Best regards,
CJ

[1]: http://svn.apache.org/viewvc?rev=1866418=rev


Le 01/09/2019 à 01:11, Heather Lotz a écrit :
Hello - Just wondering if there has been any progress made on getting  
to work for Windows.


From: Heather Lotz 
Sent: Saturday, August 24, 2019 11:40 AM
To: Christophe JAILLET 
; 
users@httpd.apache.org 

Subject: Re: conditionally create a Virtual Host?

Seeking clarification - does this mean you were able to reproduce the issue?


From: Christophe JAILLET 

Sent: Saturday, August 24, 2019 5:18 AM
To: users@httpd.apache.org 
; Heather Lotz 

Subject: Re: conditionally create a Virtual Host?

Hi,

confirmed, using the binaries provided by https://www.apachelounge.com/download/

CJ

Le 23/08/2019 à 23:53, Heather Lotz a écrit :
Right, I have zero knowledge of C.  That would be super if you would be able to 
replicate the issue in a Windows environment.  Admittedly, I don't know what a 
Windows binary is.

I ran some more tests, based on your suggestion, and also found a couple of 
links about DOS device paths that proved to be helpful*.

Here are the results -
For each of these Apache would not start:





For each of these Apache would start whether Z: was connected to the PC or not. 
 However, the code within the  tags never executed because 
localhost:8080/miscellaneous/ 

Re: [users@httpd] Apache in under attack.

[@lbutlr]

> On 12 Jan 2021, at 01:52, Jason Long  wrote:
> 
> It show me:
> 
> 13180 X.X.X.X
>1127 X.X.X.X 
> 346 X.X.X.X 
> 294 X.X.X.X 
> 241 X.X.X.X 
> 169 X.X.X.X 
> 168 X.X.X.X
> 157 X.X.X.X
> 155 X.X.X.X
> 153 X.X.X.X

Your server would not be getting bogged down by that few connections unless 
your hardware is very weak or you are hosting something insane.

I have a very lightly used web server that gets more than 40K hits a day 
running on a Celeron machine with a whole 4GB of RAM and my load average is in 
the 1.2 range consistently.

I wonder if there is not some configuration error.

Also, the URLs shown in your logs starting with /tag/ followed by a long series 
of hex digits, do those look like valid URLs for your server?

Do a dig -x on the IP that is hitting you 13,000 times and see where it is. You 
can try firewalling it, but if it's not some misconfigured server, the DOS will 
simply move to another IP.

> https://paste.ubuntu.com/p/PsxM8yPXPQ/

I haven't run F2B in quite a while, but is that a list of IPs that you are 
whitelisiing or does [Protect] mean "Protect FROM"?

But if 13,000 queries are crippling your web server, I think your real problem 
lies elsewhere than the 13,000 hits.

(You are loading almost double the modules that I am, by the way. It seems like 
an lot. Do you know why each of those modules is enabled?)

-- 
They say whisky'll kill you, but I don't think it will I'm ridin'
with you to the top of the hill


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

RE: [users@httpd] Aw: Re: [users@httpd] Apache in under attack. [EXT]

[James Smith]

You can get the information from top - but if you want it in the command line 
you run:

ps -e -o rsz,vsz,sz,cp,cmd | grep apache2 | grep -v grep | sort -k 1 -n

rsz - is the resident size - this is the amount of memory the programme is 
actually reserving in memory

The output had the following type of lines:

> 1299300 3986396 996599  84 /usr/sbin/httpd -DFOREGROUND

So you can three the resident memory is approx. 1.25G

-Original Message-
From: Andrea Croci  
Sent: 13 January 2021 09:59
To: users@httpd.apache.org
Subject: Re: [users@httpd] Aw: Re: [users@httpd] Apache in under attack. [EXT]

Hi James,

what was the command you used to see that apache uses ~1GB of memory? I deleted 
the mail and that was a bad idea: there were some very useful commands you were 
giving us here.

On 12.01.21 12:17, James Smith wrote:
> That shows you only have 2 incoming requests. How many lines if you 
> remove the TIME_WAIT
>
> Try: netstat -n | grep ':80 ' | wc
>
> This may show lots of short requests happening over time
>
> But to be honest the host important thing you need to do is strip down 
> the list of modules you are using - that is what is causing you 
> problems - the apache processes are so large you are causing the 
> server to swap -
>
> If you are permanently using a lot of swap then that slows down your 
> processes and can cause your request to back up (a bit like a traffic 
> jam)
>
> You should only really have about 20-30 modules running.
>
> -Original Message-
> From: Jason Long 
> Sent: 12 January 2021 11:14
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Aw: Re: [users@httpd] Apache in under 
> attack. [EXT]
>
> It show me:
>
> # netstat -n | grep ':80 ' | grep -v TIME_WAIT
> tcp6       0      0 X.X.X.X:80        X.X.X.X:16126      FIN_WAIT2
> tcp6       0      0 X.X.X.X:80        X.X.X.X:64595      FIN_WAIT2
>
>
>
>
>
>
> On Tuesday, January 12, 2021, 02:20:00 PM GMT+3:30, James Smith 
>  wrote:
>
>
>
>
>
> If you want incoming traffic you can do:
>
> netstat -n | grep ':443 ' | grep -v TIME_WAIT
>
> The incoming IP should be the 2nd address
>
> (or ':80 ' if you aren't doing SSL)
>
> Remove the grep -v TIME_WAIT to see all connections {and recent 
> connections}
>
> -Original Message-
> From: Jason Long 
> Sent: 12 January 2021 10:33
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Aw: Re: [users@httpd] Apache in under 
> attack. [EXT]
>
> Output is:
>
> 1688 323400 80850   0 /usr/sbin/httpd -DFOREGROUND
>   6384 517620 129405   0 /usr/sbin/httpd -DFOREGROUND
> 1163280 3898288 974572  63 /usr/sbin/httpd -DFOREGROUND
> 1250040 3912624 978156  64 /usr/sbin/httpd -DFOREGROUND
> 1299300 3986396 996599  84 /usr/sbin/httpd -DFOREGROUND
> 1367304 4012976 1003244  74 /usr/sbin/httpd -DFOREGROUND
>
> How can I see the IP addresses and their incoming traffic?
>
>
>
>
>
>
> On Tuesday, January 12, 2021, 01:49:21 PM GMT+3:30, James Smith 
>  wrote:
>
>
>
>
>
> Another thing to look at is to restart the apache process and see memory 
> usage. You can either use top. Or you can use a cron job which emails you the 
> output of:
>
> ps -e -o rsz,vsz,sz,cp,cmd | grep apache2 | grep -v grep | sort -k 1 
> -n
>
> to see if you start or if it grows gradually
>
> -Original Message-
> From: Jason Long 
> Sent: 12 January 2021 10:01
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Aw: Re: [users@httpd] Apache in under 
> attack. [EXT]
>
> I did below rule, but not worked:
> # iptables -A INPUT -p tcp --syn --dport 80 -m connlimit 
> --connlimit-above 20 -j REJECT --reject-with tcp-reset
>
>
>
>
>
>
>
> On Tuesday, January 12, 2021, 01:15:40 PM GMT+3:30, Florian Schwalm 
>  wrote:
>
>
>
>
>
>
> It can be done with iptables or take a look at fail2ban:
> https://urldefense.proofpoint.com/v2/url?u=https-3A__security.stackexc
> hange.com_q_35773_213194=DwIFaQ=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZF
> I0SqQnqBo=oH2yp0ge1ecj4oDX0XM7vQ=I9F0cXVKI5lNIkmNjSJUj4c7qqr061vJX
> 88jzcMLpvA=_jkuSoCIH2P5CqYmZuedFXUmuuq3Uf5PkIKE5nk_B3o=
>
> Am 12.01.21, 10:26 schrieb Jason Long :
>>    Thank you, but "Firewalld" or "iptables" can't do it automatically? When 
>> an IP sending many request then it automatically blocked.
>>
>>
>>
>>
>>
>>
>> On Tuesday, January 12, 2021, 12:49:50 PM GMT+3:30, James Smith 
>>  wrote:
>>
>>
>>
>>
>>
>> Jason,
>>
>> I would also query why your process are ~ 1G resident that seems quite large 
>> for apache.
>>
>> What modules do you have enabled  - even with mod_perl embedded I would not 
>> want them to go about 500-800M depending on the site of your box.
>>
>> I know Apache is very good at grabbing memory for each process - but 
>> it doesn't tend to hand it back - and just keeps it (just in case)
>>
>> It looks like you either have a memory leak - or the code is 
>> collecting too much data before squirting it out
>>
>> There are other setups that you may want to look at if you have large 
>> dynamic requests and a lot of small static request 

Re: [users@httpd] Aw: Re: [users@httpd] Apache in under attack. [EXT]

[Antony Stone]

On Wednesday 13 January 2021 at 10:59:12, Andrea Croci wrote:

> Hi James,
> 
> what was the command you used to see that apache uses ~1GB of memory? I
> deleted the mail and that was a bad idea: there were some very useful
> commands you were giving us here.

You can view the entire thread archive at 
http://mail-archives.apache.org/mod_mbox/httpd-users/202101.mbox/browser

Regards,


Antony.

-- 
I want to build a machine that will be proud of me.

 - Danny Hillis, creator of The Connection Machine

   Please reply to the list;
 please *don't* CC me.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Aw: Re: [users@httpd] Apache in under attack. [EXT]

[Andrea Croci]

Hi James,

what was the command you used to see that apache uses ~1GB of memory? I
deleted the mail and that was a bad idea: there were some very useful
commands you were giving us here.

On 12.01.21 12:17, James Smith wrote:

That shows you only have 2 incoming requests. How many lines if you remove the 
TIME_WAIT

Try: netstat -n | grep ':80 ' | wc

This may show lots of short requests happening over time

But to be honest the host important thing you need to do is strip down the list 
of modules you are using - that is what is causing you problems - the apache 
processes are so large you are causing the server to swap -

If you are permanently using a lot of swap then that slows down your processes 
and can cause your request to back up (a bit like a traffic jam)

You should only really have about 20-30 modules running.

-Original Message-
From: Jason Long 
Sent: 12 January 2021 11:14
To: users@httpd.apache.org
Subject: Re: [users@httpd] Aw: Re: [users@httpd] Apache in under attack. [EXT]

It show me:

# netstat -n | grep ':80 ' | grep -v TIME_WAIT
tcp6       0      0 X.X.X.X:80        X.X.X.X:16126      FIN_WAIT2
tcp6       0      0 X.X.X.X:80        X.X.X.X:64595      FIN_WAIT2






On Tuesday, January 12, 2021, 02:20:00 PM GMT+3:30, James Smith 
 wrote:





If you want incoming traffic you can do:

netstat -n | grep ':443 ' | grep -v TIME_WAIT

The incoming IP should be the 2nd address

(or ':80 ' if you aren't doing SSL)

Remove the grep -v TIME_WAIT to see all connections {and recent connections}

-Original Message-
From: Jason Long 
Sent: 12 January 2021 10:33
To: users@httpd.apache.org
Subject: Re: [users@httpd] Aw: Re: [users@httpd] Apache in under attack. [EXT]

Output is:

1688 323400 80850   0 /usr/sbin/httpd -DFOREGROUND
  6384 517620 129405   0 /usr/sbin/httpd -DFOREGROUND
1163280 3898288 974572  63 /usr/sbin/httpd -DFOREGROUND
1250040 3912624 978156  64 /usr/sbin/httpd -DFOREGROUND
1299300 3986396 996599  84 /usr/sbin/httpd -DFOREGROUND
1367304 4012976 1003244  74 /usr/sbin/httpd -DFOREGROUND

How can I see the IP addresses and their incoming traffic?






On Tuesday, January 12, 2021, 01:49:21 PM GMT+3:30, James Smith 
 wrote:





Another thing to look at is to restart the apache process and see memory usage. 
You can either use top. Or you can use a cron job which emails you the output 
of:

ps -e -o rsz,vsz,sz,cp,cmd | grep apache2 | grep -v grep | sort -k 1 -n

to see if you start or if it grows gradually

-Original Message-
From: Jason Long 
Sent: 12 January 2021 10:01
To: users@httpd.apache.org
Subject: Re: [users@httpd] Aw: Re: [users@httpd] Apache in under attack. [EXT]

I did below rule, but not worked:
# iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 20 
-j REJECT --reject-with tcp-reset







On Tuesday, January 12, 2021, 01:15:40 PM GMT+3:30, Florian Schwalm 
 wrote:






It can be done with iptables or take a look at fail2ban:
https://urldefense.proofpoint.com/v2/url?u=https-3A__security.stackexchange.com_q_35773_213194=DwIFaQ=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo=oH2yp0ge1ecj4oDX0XM7vQ=I9F0cXVKI5lNIkmNjSJUj4c7qqr061vJX88jzcMLpvA=_jkuSoCIH2P5CqYmZuedFXUmuuq3Uf5PkIKE5nk_B3o=

Am 12.01.21, 10:26 schrieb Jason Long :

   Thank you, but "Firewalld" or "iptables" can't do it automatically? When an 
IP sending many request then it automatically blocked.






On Tuesday, January 12, 2021, 12:49:50 PM GMT+3:30, James Smith 
 wrote:





Jason,

I would also query why your process are ~ 1G resident that seems quite large 
for apache.

What modules do you have enabled  - even with mod_perl embedded I would not 
want them to go about 500-800M depending on the site of your box.

I know Apache is very good at grabbing memory for each process - but it doesn't 
tend to hand it back - and just keeps it (just in case)

It looks like you either have a memory leak - or the code is collecting too 
much data before squirting it out

There are other setups that you may want to look at if you have large dynamic 
requests and a lot of small static request (images/css/js) where you run two 
web servers - one serving static content and proxying back to dynamic content.

James

-Original Message-
From: James Smith 
Sent: 12 January 2021 09:09
To: users@httpd.apache.org
Subject: RE: [users@httpd] Apache in under attack. [EXT]

Put a firewall rule into block whatever that first IP address is then.

Something like:

firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source 
address='X.X.X.X' reject"

If you are seeing a current attack then you can tweak Charles' command line to:

tail -1 access.log | awk '{print $1}' | sort | uniq -c | sort -nr | head

or I often use cut instead of awk..

tail -1 access.log | cut -d ' ' -f 1 | sort | uniq -c | sort -nr | head

-Original Message-
From: Jason Long 
Sent: 12 January 2021 08:53
To: users@httpd.apache.org
Subject: Re: [users@httpd] Apache in under attack. [EXT]