[Httpd Wiki] Update of "PHP-FPM" by thumbs
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "PHP-FPM" page has been changed by thumbs: https://wiki.apache.org/httpd/PHP-FPM?action=diff&rev1=14&rev2=15 Comment: Combined FilesMatch and If in the recipe, thanks to mspo `` + Combining [[http://httpd.apache.org/docs/current/mod/core.html#filesmatch|FilesMatch]] and [[http://httpd.apache.org/docs/current/mod/core.html#if|If]] can achieved as such: + + `` + === For the impatient === - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "php" by thumbs
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "php" page has been changed by thumbs: https://wiki.apache.org/httpd/php?action=diff&rev1=12&rev2=13 Comment: Added link to the more specific wordpress page. This method is suitable for versions 2.0 or 2.2. It allows for a threaded mpm such as worker, which will significantly reduce the RAM requirements on your server. And mod_fcgid is an official Apache module. Please see the [[php-fcgid|following article]] + + == Setting up wordpress with php-fpm == + + Please see the following [[PHPFPMWordpress|article]] == Using mod_php as a DSO with a threaded mpm (2.0 and newer) == - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "php" by thumbs
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "php" page has been changed by thumbs: https://wiki.apache.org/httpd/php?action=diff&rev1=11&rev2=12 Comment: "Deprecated" was too strong. The approach is still in use. This is probably the least used approach of all, due to the headaches of maintaining a thread-safe php library, and since most linux distributions do not ship those packages. - == Using mod_php as a DSO (deprecated) == + == Using mod_php as a DSO (legacy) == This method is the oldest and slowest possible configuration. It was suitable for version 2.2 and older, and requires the use of the prefork mpm. === Why you shouldn't use mod_php with the prefork mpm anymore === - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "ReleaseStrategyProposal" by EricCovener
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change
notification.
The "ReleaseStrategyProposal" page has been changed by EricCovener:
https://wiki.apache.org/httpd/ReleaseStrategyProposal
New page:
= release strategy proposal =
== Problems to address ==
* Instability of stable releases
* +1: covener
* Conservatively managed distributions are drifting farther and farther away
from HEAD
* +1: covener
== Things working well ==
* New modules can get into users' hands pretty easily.
* +1: covener
* Few streams to worry about
* +1: covener
* Long lifecycle of a release
* +1: covener
== Proposal 1 ==
This is a WIP. Please feel free to edit if you preserve the spirit, or fork it
into a new proposal if you don't.
The philosophy here is to have 1 or more conservatively managed releases but to
also always have 1 or more
more liberally managed releases where slightly more disruptive things are
tolerated. But the latter
is neither trunk nor a "development" release.
Some things that characterize a more conservatively managed release:
* Behavior changes tend to be opt-in.
* Refactoring is limited.
* New function, new directives, and new modules are acceptable if their
enablement doesn't put the stability of existing function at risk.
* For example, mod_md on its own would have been OK, but the changes to
mod_ssl to accommodate it would have needed to be (at best) guarded differently.
1. Establish a litmus test ("rules") for what can go into early maintenance
levels of a release
1. Establish rules for what can go into later maintenance levels of a release
1. Establish rules for how a major.minor graduates from "early" to "late"
* What does it mean for the previous 1 or 2 major.minor?
* We owe special handling to 2.4 because it didn't start this way.
1. Formally document the above
How this would work over time:
* 2.6 is released with a few new/small things
* 2.4 is stabilized
* 2.6.$small continues to get the kinds of things we're doing in 2.4 today
* Eventually something big comes along and we do a 2.7 or 2.8
* 2.6 is stabilized when 2.7/2.8 is released
* 2.4 sticks around but maybe we pick an EOL. For 2.4, we pick it farther
out then we normally would since the policy is post-GA.
=== Problems ===
* Do we need to only pick a subset of major.minor's to be eventually-LTS so we
don't end up with different distributions on arbitrary major.minors? This
helps cap the # of streams in service AND avoids distributions picking
different ones and causing more work on all sides.
-
To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org
For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "AIXPlatform" by EricCovener
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "AIXPlatform" page has been changed by EricCovener: https://wiki.apache.org/httpd/AIXPlatform?action=diff&rev1=20&rev2=21 = Compiling on AIX = + + <> + + == creating an installp package == The latest version 2.2 and 2.4 distributions include a directory ./build/aix with scripts that will create an installp package. This approach expects you to also download and package the APR and APR-UTIL packages in advance. Unfortunately, the build/aix scripts are not yet included in the APR downloads. They are available at http://dl.aixtools.net/httpd/apr-buildaix-1.5.x.tar and http://dl.aixtools.net/httpd/apr-util-buildaix-1.5.x.tar - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "AIXPlatform" by EricCovener
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "AIXPlatform" page has been changed by EricCovener: https://wiki.apache.org/httpd/AIXPlatform?action=diff&rev1=19&rev2=20 Comment: add openssl 1.1 hint % t/TEST }}} + == Using OpenSSL 1.1 == + In my experience, openssl 1.1.0.f and 1.1.0.g causes SIGILL crashes at process termination. + A simple workaround is to add LoadFile to libcrypto.so.1.1 before loading mod_ssl. This prevents libcrypto from being unloaded when mod_ssl is dlclose()'ed. + Secondly, since having openssl 1.1 in your LIBPATH breaks most other tools like perl and wget, you should only add this path to bin/envvars. + - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "RewriteLog" by thumbs
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change
notification.
The "RewriteLog" page has been changed by thumbs:
https://wiki.apache.org/httpd/RewriteLog?action=diff&rev1=5&rev2=6
Comment:
Removed older recipe as per Rich, and the broken link
[[http://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewriteloglevel|RewriteLogLevel]]
5
- = Recipes =
-
- Here is a recipe for creating a rewrite log that is actually readable. It is
based on Rich Bowen's presentation
[[http://people.apache.org/~rbowen/presentations/Apache_Nuts_Bolts_files/|Apache
Nuts and Bolts]]
-
- Config:
- {{{
- RewriteLog "||/usr/local/rewrite_log_pipe"
- }}}
-
- Instead of logging to a file, the output will be piped through a script:
-
- {{{#!perl
- #!/usr/bin/env perl
-
- $|++
- open (F, ">>/tmp/rewrite.log");
- select F;
-
- while (<>) {
- s/^.*(\(\d\).*)/$1/;
- print;
- }
- }}}
-
- This script opens the file `/tmp/rewrite.log`, looks for anything in the
input that looks like '''(1)''' or '''(2)''' and drops everything before that.
-
- Before:
-
- {{{
- 94.62.148.237 - - [22/May/2012:04:05:50 +0300]
[94.62.148.237/sid#7f65cc4cbac0][rid#7f65cc7f7ef8/initial] (2) [perdir
/srv/www/vhosts/hc-profi/] rewrite 'favicon.ico' -> '/index.php'
- 94.62.148.237 - - [22/May/2012:04:05:50 +0300]
[94.62.148.237/sid#7f65cc4cbac0][rid#7f65cc7f7ef8/initial] (2) [perdir
/srv/www/vhosts/hc-profi/] trying to replace prefix /srv/www/vhosts/hc-profi/
with /
- 94.62.148.237 - - [22/May/2012:04:05:50 +0300]
[94.62.148.237/sid#7f65cc4cbac0][rid#7f65cc7f7ef8/initial] (1) [perdir
/srv/www/vhosts/hc-profi/] internal redirect with /index.php [INTERNAL REDIRECT]
- 94.62.148.237 - - [22/May/2012:04:05:50 +0300]
[94.62.148.237/sid#7f65cc4cbac0][rid#7f65cc7f60a8/initial/redir#1] (2) init
rewrite engine with requested uri /index.php
- 94.62.148.237 - - [22/May/2012:04:05:50 +0300]
[94.62.148.237/sid#7f65cc4cbac0][rid#7f65cc7f60a8/initial/redir#1] (1) pass
through /index.php
- 94.62.148.237 - - [22/May/2012:04:05:50 +0300]
[94.62.148.237/sid#7f65cc4cbac0][rid#7f65cc7f60a8/initial/redir#1] (3) [perdir
/srv/www/vhosts/hc-profi/] strip per-dir prefix:
/srv/www/vhosts/hc-profi/index.php -> index.php
- 94.62.148.237 - - [22/May/2012:04:05:50 +0300]
[94.62.148.237/sid#7f65cc4cbac0][rid#7f65cc7f60a8/initial/redir#1] (3) [perdir
/srv/www/vhosts/hc-profi/] applying pattern '^test_.*$' to uri 'index.php'
- 94.62.148.237 - - [22/May/2012:04:05:50 +0300]
[94.62.148.237/sid#7f65cc4cbac0][rid#7f65cc7f60a8/initial/redir#1] (3) [perdir
/srv/www/vhosts/hc-profi/] strip per-dir prefix:
/srv/www/vhosts/hc-profi/index.php -> index.php
- 94.62.148.237 - - [22/May/2012:04:05:50 +0300]
[94.62.148.237/sid#7f65cc4cbac0][rid#7f65cc7f60a8/initial/redir#1] (3) [perdir
/srv/www/vhosts/hc-profi/] applying pattern '^index\.php$' to uri 'index.php'
- 94.62.148.237 - - [22/May/2012:04:05:50 +0300]
[94.62.148.237/sid#7f65cc4cbac0][rid#7f65cc7f60a8/initial/redir#1] (1) [perdir
/srv/www/vhosts/hc-profi/] pass through /srv/www/vhosts/hc-profi/index.php
- }}}
-
- After:
-
- {{{
- (2) [perdir /srv/www/vhosts/hc-profi/] rewrite 'favicon.ico' -> '/index.php'
- (2) [perdir /srv/www/vhosts/hc-profi/] trying to replace prefix
/srv/www/vhosts/hc-profi/ with /
- (1) [perdir /srv/www/vhosts/hc-profi/] internal redirect with /index.php
[INTERNAL REDIRECT]
- (2) init rewrite engine with requested uri /index.php
- (1) pass through /index.php
- (3) [perdir /srv/www/vhosts/hc-profi/] strip per-dir prefix:
/srv/www/vhosts/hc-profi/index.php -> index.php
- (3) [perdir /srv/www/vhosts/hc-profi/] applying pattern '^test_.*$' to uri
'index.php'
- (3) [perdir /srv/www/vhosts/hc-profi/] strip per-dir prefix:
/srv/www/vhosts/hc-profi/index.php -> index.php
- (3) [perdir /srv/www/vhosts/hc-profi/] applying pattern '^index\.php$' to uri
'index.php'
- (1) [perdir /srv/www/vhosts/hc-profi/] pass through
/srv/www/vhosts/hc-profi/index.php
- }}}
-
- In this example, 'favicon.ico' is rewritten to /index.php, then the
'^test_.*$' pattern is applied to the sub-request.
-
- Lastly, the same sub-request has the '^index\.php$' pattern applied to. In
this case, the result was a non-match, and the rule is skipped.
-
-
To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org
For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "ContributorsGroup" by thumbs
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "ContributorsGroup" page has been changed by thumbs: https://wiki.apache.org/httpd/ContributorsGroup?action=diff&rev1=15&rev2=16 * DanielGruno * DRuggeri * EricCovener - * ezra-s * gknauf * Greg Martin * GuillermoGrandes - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "Applications" by wrowe
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "Applications" page has been changed by wrowe: https://wiki.apache.org/httpd/Applications?action=diff&rev1=2&rev2=3 https://access.redhat.com/articles/3013361 https://bugzilla.redhat.com/show_bug.cgi?id=1442477 + JBoss mod_cluster invalid IPv6 Host: header addressing (Missing square bracket delimiters); + https://issues.jboss.org/browse/JBCS-345?_sscc=t + + Multiple examples, principally on Windows - underscore within Host: header server names not permitted (example); + https://alvinbunk.wordpress.com/2017/08/16/client-sent-http1-1-request-without-hostname/ + - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "Applications" by wrowe
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "Applications" page has been changed by wrowe: https://wiki.apache.org/httpd/Applications?action=diff&rev1=1&rev2=2 - === Applications Quirks + === Applications Quirks === - These HTTP protocol back-end applications or front-end clients are known to be incompatibile with Apache HTTP Server's protocol implementation of HTTP/1.1 or h2; + The following HTTP protocol back-end applications or front-end user agents are known to be incompatible with Apache HTTP Server's protocol implementation of HTTP/1.1 or h2, in many cases the configuration option HttpProtocolOptions Unsafe will work around these defective applications, at a cost of enabling malicious cache poisoning behavior for all content on the configured server. Until neatly formatted, it is simply a list of the bug reports. Editorial assistance is welcome; - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "Applications" by wrowe
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "Applications" page has been changed by wrowe: https://wiki.apache.org/httpd/Applications New page: === Applications Quirks These HTTP protocol back-end applications or front-end clients are known to be incompatibile with Apache HTTP Server's protocol implementation of HTTP/1.1 or h2; Until neatly formatted, it is simply a list of the bug reports. Editorial assistance is welcome; Trailing whitespace after HTTP/1.1 token in HTTP request line; https://unix.stackexchange.com/questions/340013/why-am-i-getting-400-bad-request Invalid whitespace in X-RHN-Auth-User-Id header of RedHat Satellite 5/Spacewalk prior to version 2.7; https://access.redhat.com/articles/3013361 https://bugzilla.redhat.com/show_bug.cgi?id=1442477 - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "FrontPage" by wrowe
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "FrontPage" page has been changed by wrowe: https://wiki.apache.org/httpd/FrontPage?action=diff&rev1=87&rev2=88 * [[Info]] - Useful information and documentation * [[Developer]] - Information on the internals and module development * [[Logs|Log messages]] - Detailed explanations, and their solutions + * [[Applications|Application quirks]] - Known incompatibilities between httpd and backend apps or user agents. * [[Platform|Platform quirks]] - Build/install/run hints and workarounds for specific OS's * [[Compatibility]] - Interaction between httpd, browsers and other user-agents, and other servers * [[Recipes]] - Configuration examples, and their results - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "AdminGroup" by thumbs
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "AdminGroup" page has been changed by thumbs: https://wiki.apache.org/httpd/AdminGroup?action=diff&rev1=2&rev2=3 * GavinMcDonald * thumbs * DanielGruno + * DanielFerradal * pctony - - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "ContributorsGroup" by thumbs
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "ContributorsGroup" page has been changed by thumbs: https://wiki.apache.org/httpd/ContributorsGroup?action=diff&rev1=14&rev2=15 NOTE: This list is not publicly viewable. * AdminGroup + * DanielFerradal * DanielGruno * DRuggeri * EricCovener - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "ContributorsGroup" by thumbs
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "ContributorsGroup" page has been changed by thumbs: https://wiki.apache.org/httpd/ContributorsGroup?action=diff&rev1=13&rev2=14 * DanielGruno * DRuggeri * EricCovener + * ezra-s * gknauf * Greg Martin * GuillermoGrandes @@ -38, +39 @@ * TomasPospisek * wrowe - - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "RedirectSSL" by thumbs
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change
notification.
The "RedirectSSL" page has been changed by thumbs:
https://wiki.apache.org/httpd/RedirectSSL?action=diff&rev1=30&rev2=31
Comment:
Remove permanent redirects from the recipe, and offer it as a final solution
once it is tested. Convert the .htaccess code into a section.
ServerName mysite.example.com
DocumentRoot /usr/local/apache2/htdocs
-Redirect permanent /secure https://mysite.example.com/secure
+Redirect /secure https://mysite.example.com/secure
@@ -34, +34 @@
NameVirtualHost *:80
ServerName www.example.com
-Redirect permanent / https://secure.example.com/
+Redirect / https://secure.example.com/
@@ -45, +45 @@
}}}
+ '''Note:''' Once the configuration is working as intended, a permanent
redirection can be considered. This avoids caching issues by most browsers
while testing. The directive would then become:
+ {{{
+Redirect permanent / https://secure.example.com/
+ }}}
+
+ == Using .htaccess files and redirect ==
- '''Note:''' redirect can also be used inside .htaccess files or to address
particular URLs, as in:
+ Redirect can also be used inside .htaccess files or to address particular
URLs, as in:
+
Example:
{{{
-Redirect permanent /login https://mysite.example.com/login
+Redirect /login https://mysite.example.com/login
}}}
-
To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org
For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "RedirectSSL" by thumbs
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change
notification.
The "RedirectSSL" page has been changed by thumbs:
https://wiki.apache.org/httpd/RedirectSSL?action=diff&rev1=29&rev2=30
Comment:
Converted the directive into a clickable link for 2.2
== Using virtual hosts (using redirect) ==
When using SSL, you will frequently have at least two virtual hosts: one on
port 80 to serve ordinary requests, and one on port 443 to serve SSL. If you
wish to redirect users from the non-secure site to the SSL site, you can use an
ordinary
[[http://httpd.apache.org/docs/trunk/mod/mod_alias.html#redirect|Redirect]]
directive inside the non-secure VirtualHost:
- '''Note:''' The NameVirtualHost directive only applies to the 2.2.x releases
of httpd.
+ '''Note:''' The
[[http://httpd.apache.org/docs/2.2/mod/core.html#namevirtualhost|NameVirtualHost]]
directive only applies to the 2.2.x releases of httpd.
{{{
NameVirtualHost *:80
-
To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org
For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "RedirectSSL" by thumbs
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change
notification.
The "RedirectSSL" page has been changed by thumbs:
https://wiki.apache.org/httpd/RedirectSSL?action=diff&rev1=28&rev2=29
== Using virtual hosts (using redirect) ==
When using SSL, you will frequently have at least two virtual hosts: one on
port 80 to serve ordinary requests, and one on port 443 to serve SSL. If you
wish to redirect users from the non-secure site to the SSL site, you can use an
ordinary
[[http://httpd.apache.org/docs/trunk/mod/mod_alias.html#redirect|Redirect]]
directive inside the non-secure VirtualHost:
+
+ '''Note:''' The NameVirtualHost directive only applies to the 2.2.x releases
of httpd.
{{{
NameVirtualHost *:80
-
To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org
For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "PHP-FPM" by thumbs
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "PHP-FPM" page has been changed by thumbs: https://wiki.apache.org/httpd/PHP-FPM?action=diff&rev1=12&rev2=13 Comment: Added a check for -f with ` - `` - - `# Pick one of the following approaches` + `# Pick one of the following approaches` - `# Use the standard TCP socket` + `# Use the standard TCP socket` - `#SetHandler "proxy:fcgi://localhost/:9000"` + `#SetHandler "proxy:fcgi://localhost/:9000"` - `# If your version of httpd is 2.4.9 or newer (or has the back-ported feature), you can use the unix domain socket` + `# If your version of httpd is 2.4.9 or newer (or has the back-ported feature), you can use the unix domain socket` - `#SetHandler "proxy:unix:/path/to/app.sock|fcgi://localhost/:9000"` + `#SetHandler "proxy:unix:/path/to/app.sock|fcgi://localhost/:9000"` - - `` `` - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "LogBasicauthenticationusername" by thumbs
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change
notification.
The "LogBasicauthenticationusername" page has been changed by thumbs:
https://wiki.apache.org/httpd/LogBasicauthenticationusername
New page:
= Log basic authentication username all the time =
Using Anonymous basic auth with mod_auth_anon requires an Authorization header,
else a 401 response will be generated.
The solution is to revert to basic HTTP auth, and using that recipe to
manipulate the authorization header, and ultimately define a new request header
that can be logged.
{{{
# Detaint
# RequestHeader unset X-User
# copy incoming header
RequestHeader set X-User "expr=%{HTTP:Authorization}"
# Grab the base 64 part
RequestHeader edit X-User "^Basic (.*)$" $1
# decode it
RequestHeader set X-User "expr=%{unbase64:%{HTTP:X-User}}"
# split on :
RequestHeader edit X-User "(.*):.*$" $1
CustomLog logs/test.log "%{X-User}i"
}}}
-
To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org
For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "php-fcgid" by thumbs
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "php-fcgid" page has been changed by thumbs: https://wiki.apache.org/httpd/php-fcgid?action=diff&rev1=8&rev2=9 Comment: Removed confusing distro-specific segment, and clarified some sentences. == Why ? == * Because mod_php forces you to load prefork MPM, which is inefficient. * Because mod_php will be loaded into httpd's memory even when serving static pages - * Most distributions shipping in 2013 provide precompiled packages that let you run php with fcgid. This is just a matter of configuration. + * Most distributions shipping in 2013 provide pre-compiled packages that let you run php with fcgid. This is just a matter of configuration. * mod_fcgid is an official Apache module, available at [[http://httpd.apache.org/mod_fcgid/]] == Benefits == @@ -18, +18 @@ Follow '''ALL''' steps, or something will be missing in the end. + 1. Unload mod_php by commenting out the [[http://httpd.apache.org/docs/current/mod/mod_so.html#loadmodule|LoadModule]] directive from your configuration. + 2. Load the mod_fcgid module with the [[http://httpd.apache.org/docs/current/mod/mod_so.html#loadmodule|LoadModule]] directive. + 3. Install PHP as CGI using your package manager. - 1. Get rid of mod_php. You need to comment out the "LoadModule php5_module" from your configuration. - ''On debian, just run "apt-get remove libapache2-mod-php5"'' - 2.#2 Install mod_fcgid - '' On debian, "apt-get install libapache2-mod-fcgid"'' - 3.#3 Install PHP as CGI - ''On debian, "apt-get install php5-cgi"'' - 4.#4 Write a small wrapper, such as this : /usr/local/bin/php-wrapper + 4. Write a small wrapper, such as this : /usr/local/bin/php-wrapper #!/bin/sh @@ -42, +39 @@ exec /usr/lib/cgi-bin/php5 + Make sure it is readable and executable by the apache user/group. 5.#5 Configuration - httpd.conf - LoadModule fcgid_module /usr/lib/apache2/modules/mod_fcgid.so + LoadModule fcgid_module /mod_fcgid.so AddHandler fcgid-script .php FcgidWrapper /usr/local/bin/php-wrapper .php + 6.#6 Replace prefork MPM with a threaded MPM, such as '''worker'''. On 2.4, you can now change the active mpm by loading the appropriate module. - - 6.#6 Replace prefork MPM with a threaded MPM, such as '''worker'''. - ''On debian, just run "apt-get install apache2-mpm-worker"'' == FAQ / It doesn't work == - Don't panic. Check apache error log. + Don't panic. Check apache httpd error log. === PHP files are downloaded, not interpreted === If you have a handler already set for PHP, it may be conflicting. - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "ScratchPad" by DanielGruno
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "ScratchPad" page has been changed by DanielGruno: https://moin-vm.apache.org/httpd/ScratchPad?action=diff&rev1=21&rev2=22 Comment: moof Recipes for implementing a [[MaintenancePage]] - testing 1234 - - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "Compatibility" by wrowe
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "Compatibility" page has been changed by wrowe: https://wiki.apache.org/httpd/Compatibility?action=diff&rev1=2&rev2=3 This wiki content attempts to catalog known compatibility questions between common HTTP servers, browsers, other user-agents, and other proxy agents such as firewalls or load balancers. Note that Apache HTTP Server acts as both a server, and as a proxy server, also as a user-agent communicating with a back-end server. The implementation of the specs listed below may vary between these two roles. == Applicable Specifications == - Apache HTTP Server implements a number of specifications, each of which poses interoperability challenges for any implementor. Different implementations may; + Apache HTTP Server implements a number of specifications, each of which poses interoperability challenges for any implementer. Different implementations may; * Apply a different interpretation of the same reading when the specification is unclear * Choose to be permissive where multiple readings are possible, or to strictly conform when the plain reading is clear * Deviate from the specification in error, for their own purpose, or to accommodate another implementation Apache HTTP Server since inception has erred on the side of being lenient in accepting questionable input, and strict in emitting responses from the server, which helped to fuel the adoption of the HTTP protocol. In response to a number of attack vectors which rely on the differences in accepting and interpreting questionable input, the server is evolving to more strictly require that input conform to the relevant specifications. - The current version of HTTP implements the following specifications (this list not exhaustive); + The current version of HTTP implements the following specifications, with specific wiki pages dedicated to each topic (this list not exhaustive); - || '''Spec''' || '''Title''' || '''Comments''' || + || '''Spec''' || '''Comments''' || '''Title''' || - || [[https://tools.ietf.org/html/rfc7230|RFC 7230]] || Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing || || + || [[https://tools.ietf.org/html/rfc7230|RFC 7230]] || [[RFC7230Notes|RFC 7230 Notes]] || Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing || - || [[https://tools.ietf.org/html/rfc7231|RFC 7231]] || Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content || || + || [[https://tools.ietf.org/html/rfc7231|RFC 7231]] || [[RFC7231Notes|RFC 7231 Notes]] || Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content || - || [[https://tools.ietf.org/html/rfc7232|RFC 7231]] || Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests || || + || [[https://tools.ietf.org/html/rfc7232|RFC 7232]] || [[RFC7232Notes|RFC 7232 Notes]] || Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests || - || [[https://tools.ietf.org/html/rfc7233|RFC 7231]] || Hypertext Transfer Protocol (HTTP/1.1): Range Requests || || + || [[https://tools.ietf.org/html/rfc7233|RFC 7233]] || [[RFC7233Notes|RFC 7233 Notes]] || Hypertext Transfer Protocol (HTTP/1.1): Range Requests || - || [[https://tools.ietf.org/html/rfc7234|RFC 7231]] || Hypertext Transfer Protocol (HTTP/1.1): Caching || || + || [[https://tools.ietf.org/html/rfc7234|RFC 7234]] || [[RFC7234Notes|RFC 7234 Notes]] || Hypertext Transfer Protocol (HTTP/1.1): Caching || - || [[https://tools.ietf.org/html/rfc7235|RFC 7231]] || Hypertext Transfer Protocol (HTTP/1.1): Authentication || || + || [[https://tools.ietf.org/html/rfc7235|RFC 7235]] || [[RFC7235Notes|RFC 7235 Notes]] || Hypertext Transfer Protocol (HTTP/1.1): Authentication || - || [[https://tools.ietf.org/html/rfc3986|RFC 3986]] || URI Generic Syntax || By reference of RFC 7230 || + || [[https://tools.ietf.org/html/rfc3986|RFC 3986]] || [[RFC3986Notes|RFC 3986 Notes]] || URI Generic Syntax [By reference in RFC 7230] || == Interoperability Issues == + See specific Notes above for issues related to each specification. General Issues between specific clients and back-end servers are called out below. == Specific Client Issues (httpd as a Server) == - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Trivial Update of "Compatibility" by wrowe
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "Compatibility" page has been changed by wrowe: https://wiki.apache.org/httpd/Compatibility?action=diff&rev1=1&rev2=2 Comment: Reorder, group for expected and unexpected issues + = Apache HTTP Server Compatibility = + This wiki content attempts to catalog known compatibility questions between common HTTP servers, browsers, other user-agents, and other proxy agents such as firewalls or load balancers. Note that Apache HTTP Server acts as both a server, and as a proxy server, also as a user-agent communicating with a back-end server. The implementation of the specs listed below may vary between these two roles. + + == Applicable Specifications == Apache HTTP Server implements a number of specifications, each of which poses interoperability challenges for any implementor. Different implementations may; * Apply a different interpretation of the same reading when the specification is unclear * Choose to be permissive where multiple readings are possible, or to strictly conform when the plain reading is clear * Deviate from the specification in error, for their own purpose, or to accommodate another implementation Apache HTTP Server since inception has erred on the side of being lenient in accepting questionable input, and strict in emitting responses from the server, which helped to fuel the adoption of the HTTP protocol. In response to a number of attack vectors which rely on the differences in accepting and interpreting questionable input, the server is evolving to more strictly require that input conform to the relevant specifications. - - This wiki content attempts to catalog known compatibility questions between common HTTP servers, browsers, other user-agents, and other proxy agents such as firewalls or load balancers. Note that Apache HTTP Server acts as both a server, and as a proxy server, also as a user-agent communicating with a back-end server. The implementation of the specs listed below may vary between these two roles. The current version of HTTP implements the following specifications (this list not exhaustive); || '''Spec''' || '''Title''' || '''Comments''' || @@ -19, +21 @@ || [[https://tools.ietf.org/html/rfc7235|RFC 7231]] || Hypertext Transfer Protocol (HTTP/1.1): Authentication || || || [[https://tools.ietf.org/html/rfc3986|RFC 3986]] || URI Generic Syntax || By reference of RFC 7230 || + == Interoperability Issues == + + == Specific Client Issues (httpd as a Server) == + + == Specific Server Issues (httpd as a User-Agent) == + - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "Compatibility" by wrowe
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "Compatibility" page has been changed by wrowe: https://wiki.apache.org/httpd/Compatibility Comment: Only the beginning of a long process, additional editors welcomed... New page: Apache HTTP Server implements a number of specifications, each of which poses interoperability challenges for any implementor. Different implementations may; * Apply a different interpretation of the same reading when the specification is unclear * Choose to be permissive where multiple readings are possible, or to strictly conform when the plain reading is clear * Deviate from the specification in error, for their own purpose, or to accommodate another implementation Apache HTTP Server since inception has erred on the side of being lenient in accepting questionable input, and strict in emitting responses from the server, which helped to fuel the adoption of the HTTP protocol. In response to a number of attack vectors which rely on the differences in accepting and interpreting questionable input, the server is evolving to more strictly require that input conform to the relevant specifications. This wiki content attempts to catalog known compatibility questions between common HTTP servers, browsers, other user-agents, and other proxy agents such as firewalls or load balancers. Note that Apache HTTP Server acts as both a server, and as a proxy server, also as a user-agent communicating with a back-end server. The implementation of the specs listed below may vary between these two roles. The current version of HTTP implements the following specifications (this list not exhaustive); || '''Spec''' || '''Title''' || '''Comments''' || || [[https://tools.ietf.org/html/rfc7230|RFC 7230]] || Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing || || || [[https://tools.ietf.org/html/rfc7231|RFC 7231]] || Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content || || || [[https://tools.ietf.org/html/rfc7232|RFC 7231]] || Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests || || || [[https://tools.ietf.org/html/rfc7233|RFC 7231]] || Hypertext Transfer Protocol (HTTP/1.1): Range Requests || || || [[https://tools.ietf.org/html/rfc7234|RFC 7231]] || Hypertext Transfer Protocol (HTTP/1.1): Caching || || || [[https://tools.ietf.org/html/rfc7235|RFC 7231]] || Hypertext Transfer Protocol (HTTP/1.1): Authentication || || || [[https://tools.ietf.org/html/rfc3986|RFC 3986]] || URI Generic Syntax || By reference of RFC 7230 || - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "FrontPage" by wrowe
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "FrontPage" page has been changed by wrowe: https://wiki.apache.org/httpd/FrontPage?action=diff&rev1=86&rev2=87 * [[Developer]] - Information on the internals and module development * [[Logs|Log messages]] - Detailed explanations, and their solutions * [[Platform|Platform quirks]] - Build/install/run hints and workarounds for specific OS's + * [[Compatibility]] - Interaction between httpd, browsers and other user-agents, and other servers * [[Recipes]] - Configuration examples, and their results * [[Rewrite]] - Various guides for mod_rewrite * [[ScratchPad|Scratch pad]] - For new documentation - Howto's, document enhancements, etc. - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "Minimal_Config" by thumbs
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change
notification.
The "Minimal_Config" page has been changed by thumbs:
https://wiki.apache.org/httpd/Minimal_Config?action=diff&rev1=5&rev2=6
Comment:
Added the windows section (2.4). Thanks Akee!
Configurations presume you have your Apache web server, including
configuration, modules and documents to serve, installed in /usr/httpd/. For
common locations for these things in many distributions look at this page
http://wiki.apache.org/httpd/DistrosDefaultLayout. Configurations also presume
all possible modules are compiled as dynamically loadable as opposed to static.
- The following configuration is compatible with version 2.4 of the Apache HTTP
server with the default MPM (event) compiled as a shared module. This
configuration will need to be modified slightly for windows installs.
+ The following configuration is compatible with version 2.4 of the Apache HTTP
server with the default MPM (event) compiled as a shared module.
{{{
# Apache httpd v2.4 minimal configuration
@@ -104, +104 @@
}}}
+ The following configuration is compatible with version 2.4 of the Apache HTTP
server on Microsoft windows.
+
+ {{{
+ ServerRoot "C:/Program Files/Apache httpd 2.4"
+
+ # Minimum modules needed
+ LoadModule log_config_module modules/mod_log_config.so
+ LoadModule mime_module modules/mod_mime.so
+ LoadModule dir_module modules/mod_dir.so
+ LoadModule authz_core_module modules/mod_authz_core.so
+
+ TypesConfig conf/mime.types
+
+ PidFile logs/httpd.pid
+
+ # Port to Listen on
+ Listen *:8080
+
+ # In a basic setup httpd can only serve files from its document root
+ DocumentRoot "C:/Program Files/Apache httpd 2.4"
+
+ # Default file to serve
+ DirectoryIndex index.html
+
+ # Errors go to their own log
+ ErrorLog logs/error_log
+
+ # Access log
+ LogFormat "%h %l %u %t \"%r\" %>s %b" common
+ CustomLog logs/access_log common
+
+ # Never change this block
+
+ AllowOverride None
+ Require all denied
+
+
+ # Allow documents to be served from the DocumentRoot
+
+ Options Indexes FollowSymLinks
+ AllowOverride None
+ Require all granted
+
+ }}}
+
-
To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org
For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "PHP-FPM" by RichBowen
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "PHP-FPM" page has been changed by RichBowen: https://wiki.apache.org/httpd/PHP-FPM?action=diff&rev1=10&rev2=11 If apache and php-fpm run as the same user (not necessary or recommended) and nproc is too small, apache will not startup with the following message `(11)Resource temporarily unavailable: AH02162: setuid: unable to change to uid: 600` + Warning: when you ProxyPass a request to another server (in this case, the php-fpm daemon), authentication restrictions, and other configurations placed in a Directory block or .htaccess file, may be bypassed. + === Caveats === One might be tempted to point out that a greedy '''[[http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch|ProxyPassMatch]]''' directive might allow some malicious content uploaded by a HTTP client to be served. - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "Face2Face" by thumbs
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "Face2Face" page has been changed by thumbs: https://wiki.apache.org/httpd/Face2Face?action=diff&rev1=35&rev2=36 Comment: Because of the recent PDF attachment spam, I've removed the override. Will discuss access control on the ML. - #acl All:read,write == Developers / Users == [[http://www.apachecon.com/|ApacheCon]] is the official face to face meeting of httpd (and other Apache project) developers. While all the technical decisions defer to the mailing lists, excluding no one, it is still often helpful to the project to enjoy face to face high speed bandwidth and sharing of ideas. At the Hackathon, developers sit down to help one another and the project through the more complex puzzles. At the Sessions, users can learn from the official committers and other learned experts about specific features or solutions for httpd. The Trainings are more costly but more comprehensive classroom experiences. And at the occasional BOF (Birds of a Feather), developers and users come together to confront the challenges they face on a daily basis. - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] New attachment added to page Face2Face
Dear Wiki user, You have subscribed to a wiki page "Face2Face" for change notification. An attachment has been added to that page by hamidansaies. Following detailed information is available: Attachment name: ((844-307-5701@Skype customer phone number (((844-307-5701 - Copy (4).pdf Attachment size: 39400 Attachment link: https://wiki.apache.org/httpd/Face2Face?action=AttachFile&do=get&target=%28%28844-307-5701%40Skype+customer+phone+number+%28%28%28844-307-5701%29%29%29%29%29%29%29%29+-+Copy+%284%29.pdf Page link: https://wiki.apache.org/httpd/Face2Face - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] New attachment added to page Face2Face
Dear Wiki user, You have subscribed to a wiki page "Face2Face" for change notification. An attachment has been added to that page by hamidansaies. Following detailed information is available: Attachment name: Skype ((844-307-5701))) tech support phone number .&&&.skype customer phone number.pdf Attachment size: 39400 Attachment link: https://wiki.apache.org/httpd/Face2Face?action=AttachFile&do=get&target=Skype+%28%28844-307-5701%29%29%29%29%29%29%29%29%29%29%29%29%29%29%29+tech+support+phone+number+.%26%26%26.skype+customer+phone+number.pdf Page link: https://wiki.apache.org/httpd/Face2Face - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "MaintenancePage" by SeanTimmins
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change
notification.
The "MaintenancePage" page has been changed by SeanTimmins:
https://wiki.apache.org/httpd/MaintenancePage?action=diff&rev1=3&rev2=4
== Touch a File Method ==
- This recipe is good because it can be simply programmed in a shell script or
similar. Maintenance is enabled by 'touching' a single file on the file system
and disabled by removing that file. In this example a generic piece of Apache
configuration allows either individual virtual hosts to be put into maintenance
mode, or the whole server. In practice, especially with a large number of
virtual host, the maintenance configuration could be split out into an
[[https://httpd.apache.org/docs/current/mod/core.html#include|Include]] file,
or moved to the global
[[http://httpd.apache.org/docs/current/mod/directive-dict.html#Context|context]],
although in this case you may need to set {{{RewriteOptions InheritBefore}}}
in each virtual host.
+ This recipe is good because it can be simply programmed in a shell script or
similar. Maintenance is enabled by 'touching' a single file on the file system
and disabled by removing that file. In this example a generic piece of Apache
configuration allows either individual virtual hosts to be put into maintenance
mode, or the whole server. In practice, especially with a large number of
virtual host, the maintenance configuration could be split out into an
[[https://httpd.apache.org/docs/current/mod/core.html#include|Include]] file,
or moved to the global
[[https://httpd.apache.org/docs/current/mod/directive-dict.html#Context|context]],
although in this case you may need to set {{{RewriteOptions InheritBefore}}}
in each virtual host.
What is not included below is the
[[https://httpd.apache.org/docs/current/mod/core.html#directory|Directory]]
configuration to enable the serving of the URI {{{/maintenance/index.html}}}
itself as a page.
@@ -61, +61 @@
== IfDefine Method ==
- This recipe requires that you modify {{{apachectl}}} to cope with
'enabling/disabling' maintenance. The upside is that there are no file system
checks, the downside is that it requires a full stop/start since you cannot
pass a name that is interpreted by
[[https://httpd.apache.org/docs/2.2/mod/core.html#ifdefine|IfDefine]] with a
restart.
+ This recipe requires that you modify {{{apachectl}}} to cope with
'enabling/disabling' maintenance. The upside is that there are no file system
checks, the downside is that it requires a full stop/start since you cannot
pass a name that is interpreted by
[[https://httpd.apache.org/docs/current/mod/core.html#ifdefine|IfDefine]] with
a restart.
{{{
@@ -109, +109 @@
;;
}}}
+ == Maintenance with Exceptions ==
+ Sometimes it is advantageous to configure the server so that a few or even
many IP address may bypass the maintenance page. Using the first example above
as a template, we can create a
[[https://httpd.apache.org/docs/current/rewrite/rewritemap.html|RewriteMap]]
that allows individual IP addresses or even IP ranges to ignore the maintenance
setting. This recipe can easily be extended to allows class A or B ranges as
well.
+
+ {{{
+
+ ServerName myfirstdomain.com
+ DocumentRoot "/var/www/htdocs"
+
+ UseCanonicalName On
+ ErrorDocument 503 /maintenance/index.html
+ RewriteEngine on
+ RewriteMap exceptions /var/www/maintenance/exceptions.map
+
+ # Allow Individual IP addresses past maintenance page
+ RewriteCond ${exceptions:%{REMOTE_ADDR}} =OK
+ RewriteRule ^ - [L]
+
+ # Allow Class C ranges past maintenance page
+ RewriteCond %{REMOTE_ADDR} ^(\d+)\.(\d+)\.(\d+)\.
+ RewriteCond ${exceptions:%1.%2.%3} =OK
+ RewriteRule ^ - [L]
+
+ # Redirect all request to a 503 return code when in maintenance mode
+ RewriteCond /var/www/maintenance/ALL -f [OR]
+ RewriteCond /var/www/maintenance/%{SERVER_NAME} -f
+ RewriteCond %{REQUEST_URI} !=/maintenance/index.html
+ RewriteRule ^ - [R=503,L]
+
+ # Redirect away from the maintenance page if not in maintenance mode
+ RewriteCond /var/www/maintenance/ALL !-f
+ RewriteCond /var/www/maintenance/%{SERVER_NAME} !-f
+ RewriteRule ^/maintenance/index.html$ / [R,L]
+
+ }}}
+
+ Sample {{{exceptions.map}}} file
+
+ {{{
+ # Allow a single IP address through
+ 192.168.0.1 OK
+ # Allow a whole Class C through
+ 172.20.0 OK
+ }}}
+
-
To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org
For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "MaintenancePage" by SeanTimmins
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change
notification.
The "MaintenancePage" page has been changed by SeanTimmins:
https://wiki.apache.org/httpd/MaintenancePage?action=diff&rev1=2&rev2=3
= Recipes for Implementing a Maintenance Page =
- It is relatively common for Apache httpd users to wish to serve a standard
page while underlying software deployments are occurring or even if the site is
down temporarily for whatever reason. Below are details some of the methods by
which this can be achieved. All recipes share in common that you redirect to a
page served with a 503 return code to prevent search engines indexing the
maintenance page.
+ It is relatively common for Apache httpd users to wish to serve a standard
page while underlying software deployments are occurring, or even if the site
is down temporarily. Below are details on some of the methods by which this can
be achieved. All recipes share in common the idea that you redirect to a page
served with a 503 return code to prevent search engines indexing the
maintenance page.
== Touch a File Method ==
- This recipe is good in that it can almost trivially be programmed in a shell
script or similar. Maintenance is enabled by 'touching' a single file on the
file system and disabled by removing that file. In this example a generic piece
of Apache configuration allows either individual virtual hosts to be put into
maintenance mode, or the whole servers. In practice, especially with a large
number of virtual host, the maintenance configuration could be split out into
an [[https://httpd.apache.org/docs/current/mod/core.html#include|Include]] file.
+ This recipe is good because it can be simply programmed in a shell script or
similar. Maintenance is enabled by 'touching' a single file on the file system
and disabled by removing that file. In this example a generic piece of Apache
configuration allows either individual virtual hosts to be put into maintenance
mode, or the whole server. In practice, especially with a large number of
virtual host, the maintenance configuration could be split out into an
[[https://httpd.apache.org/docs/current/mod/core.html#include|Include]] file,
or moved to the global
[[http://httpd.apache.org/docs/current/mod/directive-dict.html#Context|context]],
although in this case you may need to set {{{RewriteOptions InheritBefore}}}
in each virtual host.
- What is not included below is the configuration to enable the serving of the
URI {{{/maintenance/index.html}}} itself as a page.
+ What is not included below is the
[[https://httpd.apache.org/docs/current/mod/core.html#directory|Directory]]
configuration to enable the serving of the URI {{{/maintenance/index.html}}}
itself as a page.
+
+ Also please note, if a virtual host is accessed using any
[[https://httpd.apache.org/docs/current/mod/core.html#serveralias|ServerAlias]]
then you need to add {{{UseCanonicalName On}}} to the configuration, otherwise
only people using the actual
[[https://httpd.apache.org/docs/current/mod/core.html#servername|ServerName]]
for a particular virtual host will get the maintenance page. If, for whatever
reason, you cannot use this directive, then an appropriate filename can be
substituted for {{{%{SERVER_NAME in the relevant
[[https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritecond|RewriteCond]]
in each virtual host.
{{{
@@ -48, +50 @@
}}}
- The downside to this recipe is that it incurs file system checks for all
requests hitting your web server, so careful testing is required.
+ The downside to this recipe is that it incurs file system checks for all
requests hitting your web server, so careful performance testing is required.
With this configuration you may then perform the following operations.
+
+ {{{
+ # Enable maintenance mode for all virtual hosts
+ touch /var/www/maintenance/ALL
+ # Enable maintenance mode for a single virtual host
+ touch /var/www/maintenance/myseconddomain.com
+ }}}
== IfDefine Method ==
- This recipe requires that you modify apachectl to cope with
'enabling/disabling' maintenance. The downside is that it requires a full
stop/start since you cannot pass a directive that is interpreted by
[[https://httpd.apache.org/docs/2.2/mod/core.html#ifdefine|IfDefine]] with a
restart.
+ This recipe requires that you modify {{{apachectl}}} to cope with
'enabling/disabling' maintenance. The upside is that there are no file system
checks, the downside is that it requires a full stop/start since you cannot
pass a name that is interpreted by
[[https://httpd.apache.org/docs/2.2/mod/core.html#ifdefine|IfDefine]] with a
restart.
{{{
@@ -94, +103 @@
{{{
maintenance)
- $HTTPD -k stop
+ $HTTPD -k graceful-stop
sleep 3
$HTTPD -D Maintenance -k start
;;
-
To unsubscribe, e-mail: doc
[Httpd Wiki] Trivial Update of "MaintenancePage" by SeanTimmins
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change
notification.
The "MaintenancePage" page has been changed by SeanTimmins:
https://wiki.apache.org/httpd/MaintenancePage?action=diff&rev1=1&rev2=2
}}}
- And then the following addition to the {{{case}}} statement:
+ And then the following addition to the {{{case}}} statement in apachectl.
{{{
maintenance)
$HTTPD -k stop
+ sleep 3
$HTTPD -D Maintenance -k start
;;
}}}
-
To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org
For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "MaintenancePage" by SeanTimmins
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change
notification.
The "MaintenancePage" page has been changed by SeanTimmins:
https://wiki.apache.org/httpd/MaintenancePage
New page:
= Recipes for Implementing a Maintenance Page =
It is relatively common for Apache httpd users to wish to serve a standard page
while underlying software deployments are occurring or even if the site is down
temporarily for whatever reason. Below are details some of the methods by which
this can be achieved. All recipes share in common that you redirect to a page
served with a 503 return code to prevent search engines indexing the
maintenance page.
== Touch a File Method ==
This recipe is good in that it can almost trivially be programmed in a shell
script or similar. Maintenance is enabled by 'touching' a single file on the
file system and disabled by removing that file. In this example a generic piece
of Apache configuration allows either individual virtual hosts to be put into
maintenance mode, or the whole servers. In practice, especially with a large
number of virtual host, the maintenance configuration could be split out into
an [[https://httpd.apache.org/docs/current/mod/core.html#include|Include]] file.
What is not included below is the configuration to enable the serving of the
URI {{{/maintenance/index.html}}} itself as a page.
{{{
ServerName myfirstdomain.com
DocumentRoot "/var/www/myfirstdomain/htdocs"
# Redirect all request to a 503 return code when in maintenance mode
ErrorDocument 503 /maintenance/index.html
RewriteEngine on
RewriteCond /var/www/maintenance/ALL -f [OR]
RewriteCond /var/www/maintenance/%{SERVER_NAME} -f
RewriteCond %{REQUEST_URI} !=/maintenance/index.html
RewriteRule ^ - [R=503,L]
# Redirect away from the maintenance page if not in maintenance mode
RewriteCond /var/www/maintenance/ALL !-f
RewriteCond /var/www/maintenance/%{SERVER_NAME} !-f
RewriteRule ^/maintenance/index.html$ / [R,L]
ServerName myseconddomain.com
DocumentRoot "/var/www/myseconddomain/htdocs"
# Redirect all request to a 503 return code when in maintenance mode
ErrorDocument 503 /maintenance/index.html
RewriteEngine on
RewriteCond /var/www/maintenance/ALL -f [OR]
RewriteCond /var/www/maintenance/%{SERVER_NAME} -f
RewriteCond %{REQUEST_URI} !=/maintenance/index.html
RewriteRule ^ - [R=503,L]
# Redirect away from the maintenance page if not in maintenance mode
RewriteCond /var/www/maintenance/ALL !-f
RewriteCond /var/www/maintenance/%{SERVER_NAME} !-f
RewriteRule ^/maintenance/index.html$ / [R,L]
}}}
The downside to this recipe is that it incurs file system checks for all
requests hitting your web server, so careful testing is required.
== IfDefine Method ==
This recipe requires that you modify apachectl to cope with
'enabling/disabling' maintenance. The downside is that it requires a full
stop/start since you cannot pass a directive that is interpreted by
[[https://httpd.apache.org/docs/2.2/mod/core.html#ifdefine|IfDefine]] with a
restart.
{{{
ServerName myfirstdomain.com
DocumentRoot "/var/www/myfirstdomain/htdocs"
ErrorDocument 503 /maintenance/index.html
RewriteEngine on
RewriteCond %{REQUEST_URI} !=/maintenance/index.html
RewriteRule ^ - [R=503,L]
RewriteEngine on
RewriteRule ^/maintenance/index.html$ / [R,L]
ServerName myseconddomain.com
DocumentRoot "/var/www/myseconddomain/htdocs"
ErrorDocument 503 /maintenance/index.html
RewriteEngine on
RewriteCond %{REQUEST_URI} !=/maintenance/index.html
RewriteRule ^ - [R=503,L]
RewriteEngine on
RewriteRule ^/maintenance/index.html$ / [R,L]
}}}
And then the following addition to the {{{case}}} statement:
{{{
maintenance)
$HTTPD -k stop
$HTTPD -D Maintenance -k start
;;
}}}
-
To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org
For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "ScratchPad" by SeanTimmins
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "ScratchPad" page has been changed by SeanTimmins: https://wiki.apache.org/httpd/ScratchPad?action=diff&rev1=9&rev2=10 Page about a proposed script to scan Apache httpd configuration files, search for directives and output certain information about them [[ScanHTTPDConf]] + Recipes for implementing a [[MaintenancePage]] + - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "PHP-FPM" by thumbs
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "PHP-FPM" page has been changed by thumbs: https://wiki.apache.org/httpd/PHP-FPM?action=diff&rev1=9&rev2=10 Comment: Shorten the simple examples section name `` - === This is too much text / I'm falling asleep reading this / Just tell me how to do it already === + === For the impatient === Very simple example - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "PHP-FPM" by thumbs
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "PHP-FPM" page has been changed by thumbs: https://wiki.apache.org/httpd/PHP-FPM?action=diff&rev1=8&rev2=9 Comment: Clarify the simple recipes towards the end and fix links to non-existent wiki pages `` - === Example === + === This is too much text / I'm falling asleep reading this / Just tell me how to do it already === - Say you want to be able to conjure up the standard php info page listing all compiled-in and loaded extensions, and all runtime configuration options and script info. + Very simple example - We first create a file, info.php, by running the following: + If you're interested into the proof of concept and want to leave the tweaking for later, you can use the following recipe. It'll conjure up the standard php info page listing all compiled-in and loaded extensions, and all runtime configuration options and script info. - `echo "" > /var/www/info.php` + First, create a file, /var/www/info.php containing: - NOTE: you may need to do this as `root`, depending on the permissions set on /var/www. I assume /var/www is the documentroot of an existing vhost; this is the case on most major distributions. + `` + + The assumption is that /var/www is the '''[[http://httpd.apache.org/docs/current/mod/core.html#documentroot|DocumentRoot]]''' of an existing vhost. Inside this vhost, add the following line: `ProxyPassMatch ^/info$ fcgi://127.0.0.1:9000/var/www/info.php` - Reload apache with `apachectl graceful` and you can now call up the phpinfo page using http://your-vhost/info + Reload apache with `apachectl graceful` and you can now call up the phpinfo page using `http://example.com/info` This is a very simple example, mapping one unique URL to a single PHP file. + A more flexible example + - In case you want to proxy '''all''' `.php` files in your vhost to the fcgi server using their real php file locations, you can use a more flexible match: + To proxy '''all''' `.php` files in your vhost to the fcgi server using their real php file locations, you can use a more flexible match: `ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/var/www/$1` - Again, assuming `/var/www` is the documentroot of the vhost in question. + Again, assuming `/var/www` is the '''[[http://httpd.apache.org/docs/current/mod/core.html#documentroot|DocumentRoot]]''' of the vhost in question. - __Don't forget to restart apache after making any changes to a vhost or other configuration file. You can use apachectl restart or apachectl graceful.__ + Reload apache with `apachectl graceful` and you can now call up the phpinfo page using `http://example.com/yourscript.php` === Performance and Pitfalls === @@ -190, +194 @@ === Caveats === - One might be tempted to point out that a greedy ProxyPassMatch directive might allow some malicious content uploaded by a HTTP client to be served. + One might be tempted to point out that a greedy '''[[http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch|ProxyPassMatch]]''' directive might allow some malicious content uploaded by a HTTP client to be served. This is by no means a comprehensive security document, but instead will point out a possible injection vector that could be generated from the directives in this document. @@ -200, +204 @@ Would lead php-fpm to process that file (/uploads/malicious.jpg), and without certain sanity check, possibly lead to a compromised server. - This, of course, is not recommended. Content uploaded using php should be saved safely outside the DocumentRoot, and the pathinfo should be scrutinized. + This, of course, is not recommended. Content uploaded using php should be saved safely outside the '''[[http://httpd.apache.org/docs/current/mod/core.html#documentroot|DocumentRoot]]''', and the pathinfo should be scrutinized. Additionally, php-fpm should check if the script being invoked is allowed. - If such restrictions cannot be implemented easily, then checks could be performed prior to proxying with a RewriteCond or FallbackResource to ensure that the URI is not altered by the HTTP client. + If such restrictions cannot be implemented easily, then checks could be performed prior to proxying with a '''[[http://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritecond|RewriteCond]]''' or '''[[http://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource|FallbackResource]]''' to ensure that the URI is not altered by the HTTP client. - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "PHP-FPM" by thumbs
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "PHP-FPM" page has been changed by thumbs: https://wiki.apache.org/httpd/PHP-FPM?action=diff&rev1=7&rev2=8 Comment: Added table of contents and recipe for the handler approach to check for the existence of files first + <> + = High-performance PHP on apache httpd 2.4.x using mod_proxy_fcgi and php-fpm. = With the release of apache httpd 2.4 upon an unsuspecting populace, we have gained some very neat functionality regarding apache and php: the ability to run PHP as a fastCGI process server, and address that fastCGI server ''directly from within apache'', via a dedicated proxy module (mod_proxy_fcgi.) @@ -111, +113 @@ ''Note that with this approach, the captured request URI ($1) is not passed after the path'' + === Proxy via handler === + + With this approach, you can check for the existence of the resource prior to proxying to the php-fpm backend. + + `# Defining a worker will improve performance` + + `# And in this case, re-use the worker (dependent on support from the fcgi application)` + + `# If you have enough idle workers, this would only improve the performance marginally` + + `` + + `` + + + `` + + `# Pick one of the following approaches` + + `# Use the standard TCP socket` + + `#SetHandler "proxy:fcgi://localhost/:9000"` + + `# If your version of httpd is 2.4.9 or newer (or has the back-ported feature), you can use the unix domain socket` + + `#SetHandler "proxy:unix:/path/to/app.sock|fcgi://localhost/:9000"` + + `` + + === Example === Say you want to be able to conjure up the standard php info page listing all compiled-in and loaded extensions, and all runtime configuration options and script info. @@ -139, +171 @@ === Performance and Pitfalls === - mod_proxy_fcgi now supports network sockets since 2.4.9 ( [[https://issues.apache.org/bugzilla/show_bug.cgi?id=54101|Unix socket support for mod_proxy_fcgi]] ) + mod_proxy_fcgi now supports unix domain sockets since 2.4.9 ( [[https://issues.apache.org/bugzilla/show_bug.cgi?id=54101|Unix domain socket support for mod_proxy_fcgi]] ) It is easy to overwhelm your system's available sockets, pass over ulimits, etc. Some tips to avoid this: - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "Minimal_Config" by SeanTimmins
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change
notification.
The "Minimal_Config" page has been changed by SeanTimmins:
https://wiki.apache.org/httpd/Minimal_Config?action=diff&rev1=4&rev2=5
Comment:
mime.type to conf directory and use modules instead of lib. Also added access
log
{{{
# Apache httpd v2.4 minimal configuration
+ # This can be reduced further if you remove the accees log and mod_log_config
ServerRoot "/usr/httpd"
# Minimum modules needed
- LoadModule mpm_event_module lib/mod_mpm_event.so
+ LoadModule mpm_event_module modules/mod_mpm_event.so
+ LoadModule log_config_module modules/mod_log_config.so
- LoadModule mime_module lib/mod_mime.so
+ LoadModule mime_module modules/mod_mime.so
- LoadModule dir_module lib/mod_dir.so
+ LoadModule dir_module modules/mod_dir.so
- LoadModule authz_core_module lib/mod_authz_core.so
+ LoadModule authz_core_module modules/mod_authz_core.so
- LoadModule unixd_module lib/mod_unixd.so
+ LoadModule unixd_module modules/mod_unixd.so
- TypesConfig /usr/httpd/etc/mime.types
+ TypesConfig conf/mime.types
PidFile logs/httpd.pid
@@ -29, +31 @@
# Port to Listen on
Listen *:8080
+ # In a basic setup httpd can only serve files from its document root
DocumentRoot "/usr/httpd/htdocs"
+
+ # Default file to serve
DirectoryIndex index.html
- ErrorLog syslog
+
+ # Errors go to their own log
+ ErrorLog logs/error_log
+
+ # Access log
+ LogFormat "%h %l %u %t \"%r\" %>s %b" common
+ CustomLog logs/access_log common
# Never change this block
@@ -49, +60 @@
{{{
# Apache httpd v2.2 minimal configuration
+ # This can be reduced further if you remove the access log and mod_log_config
ServerRoot "/usr/httpd"
# Minimum modules needed
+ LoadModule log_config_module modules/mod_log_config.so
- LoadModule dir_module lib/httpd/mod_dir.so
+ LoadModule dir_module modules/mod_dir.so
- LoadModule mime_module lib/httpd/mod_mime.so
+ LoadModule mime_module modules/mod_mime.so
- LoadModule authz_host_module lib/httpd/mod_authz_host.so
+ LoadModule authz_host_module modules/mod_authz_host.so
- TypesConfig /usr/httpd/etc/mime.types
+ TypesConfig conf/mime.types
PidFile logs/httpd.pid
@@ -66, +79 @@
# Port to Listen on
Listen *:8080
+ # In a basic setup httpd can only serve files from its document root
DocumentRoot "/usr/httpd/htdocs"
+
+ # Default file to serve
DirectoryIndex index.html
- ErrorLog syslog
+
+ # Errors go to their own log
+ ErrorLog logs/error_log
+
+ # Access log
+ LogFormat "%h %l %u %t \"%r\" %>s %b" common
+ CustomLog logs/access_log common
# Never change this block
-
To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org
For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "Minimal_Config" by SeanTimmins
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change
notification.
The "Minimal_Config" page has been changed by SeanTimmins:
https://wiki.apache.org/httpd/Minimal_Config?action=diff&rev1=3&rev2=4
Comment:
Updated and added comments
They are meant to be used as a starting point when one either wants to clean
up an old instance which segfaults or suffers from other recurring issues, or
to achieve the minimum footprint on a system with limited resources.
+ Configurations presume you have your Apache web server, including
configuration, modules and documents to serve, installed in /usr/httpd/. For
common locations for these things in many distributions look at this page
http://wiki.apache.org/httpd/DistrosDefaultLayout. Configurations also presume
all possible modules are compiled as dynamically loadable as opposed to static.
+
- The following configuration is compatible with version 2.4 of the apache HTTP
server with the default MPM (event) compiled as a shared module. This
configuration will need to be modified slightly for windows installs.
+ The following configuration is compatible with version 2.4 of the Apache HTTP
server with the default MPM (event) compiled as a shared module. This
configuration will need to be modified slightly for windows installs.
{{{
+ # Apache httpd v2.4 minimal configuration
- ServerRoot "/usr/pkg"
+ ServerRoot "/usr/httpd"
+ # Minimum modules needed
LoadModule mpm_event_module lib/mod_mpm_event.so
LoadModule mime_module lib/mod_mime.so
LoadModule dir_module lib/mod_dir.so
LoadModule authz_core_module lib/mod_authz_core.so
LoadModule unixd_module lib/mod_unixd.so
- TypesConfig /usr/pkg/etc/httpd/mime.types
+ TypesConfig /usr/httpd/etc/mime.types
- PidFile /tmp/mini-httpd.pid
+ PidFile logs/httpd.pid
+ # Comment this out if running httpd as a non root user
User nobody
+ # Port to Listen on
- Listen 0.0.0.0:8080
+ Listen *:8080
- DocumentRoot "/usr/local/htdocs"
+ DocumentRoot "/usr/httpd/htdocs"
DirectoryIndex index.html
ErrorLog syslog
+ # Never change this block
AllowOverride None
Require all denied
+ # Allow documents to be served from the DocumentRoot
-
+
Require all granted
}}}
- The following configuration is compatible with version 2.2 of the apache HTTP
server.
+ The following configuration is compatible with version 2.2 of the Apache HTTP
server.
{{{
+ # Apache httpd v2.2 minimal configuration
- ServerRoot "/usr/pkg"
+ ServerRoot "/usr/httpd"
+ # Minimum modules needed
LoadModule dir_module lib/httpd/mod_dir.so
LoadModule mime_module lib/httpd/mod_mime.so
LoadModule authz_host_module lib/httpd/mod_authz_host.so
- TypesConfig /usr/pkg/etc/httpd/mime.types
+ TypesConfig /usr/httpd/etc/mime.types
- PidFile /tmp/mini-httpd.pid
+ PidFile logs/httpd.pid
+ # Comment this out if running httpd as a non root user
User nobody
+ # Port to Listen on
- Listen 0.0.0.0:8080
+ Listen *:8080
- DocumentRoot "/usr/local/htdocs"
+ DocumentRoot "/usr/httpd/htdocs"
DirectoryIndex index.html
ErrorLog syslog
+ # Never change this block
AllowOverride None
Deny from all
+ # Allow documents to be served from the DocumentRoot
-
+
Allow from all
}}}
-
To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org
For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "NameBasedSSLVHostsWithSNI" by EricCovener
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "NameBasedSSLVHostsWithSNI" page has been changed by EricCovener: https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI?action=diff&rev1=13&rev2=14 to allow non SNI clients to access a name-based virtual host. The first (default) vhost for SSL name-based virtual hosts - '''must''' include TLSv1 as a permitted protocol, + '''must''' include at least one TLSv1.0-or-later permitted protocol, otherwise Apache will not accept the SNI information from the client and it will be as if the client did not support SNI at all. - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "Face2Face" by 23.117.14.203
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "Face2Face" page has been changed by 23.117.14.203: https://wiki.apache.org/httpd/Face2Face?action=diff&rev1=34&rev2=35 ||'''Who''' ||'''When''' ||'''What''' || '''How'''|| || Eric Covener || End of day Sunday through Friday || dinner/drinks/hacking || sync up w/ covener AT gmail.com || || Jim Riggs || Monday afternoon through Friday || dinner/drinks/hacking || sync up w/ jim AT riggs DOT me || + || Daniel Ruggeri || Tuesday afternoon through Saturday morning || dinner/drinks/hacking/community/whatever || DRuggeri primary net|| || your-name-here || || || || == Users / Meetups == - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "Face2Face" by JimRiggs
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "Face2Face" page has been changed by JimRiggs: https://wiki.apache.org/httpd/Face2Face?action=diff&rev1=33&rev2=34 Expected Conference / Meetup attendees interested in HTTPD: ||'''Who''' ||'''When''' ||'''What''' || '''How'''|| || Eric Covener || End of day Sunday through Friday || dinner/drinks/hacking || sync up w/ covener AT gmail.com || + || Jim Riggs || Monday afternoon through Friday || dinner/drinks/hacking || sync up w/ jim AT riggs DOT me || || your-name-here || || || || == Users / Meetups == - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Trivial Update of "Face2Face" by 24.163.50.115
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "Face2Face" page has been changed by 24.163.50.115: https://wiki.apache.org/httpd/Face2Face?action=diff&rev1=32&rev2=33 Expected Conference / Meetup attendees interested in HTTPD: ||'''Who''' ||'''When''' ||'''What''' || '''How'''|| - || Eric Covener || Sunday evening (or anytime) || dinner/drinks/hacking || sync up w/ covener AT gmail.com || + || Eric Covener || End of day Sunday through Friday || dinner/drinks/hacking || sync up w/ covener AT gmail.com || || your-name-here || || || || == Users / Meetups == - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "Face2Face" by 24.163.50.115
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "Face2Face" page has been changed by 24.163.50.115: https://wiki.apache.org/httpd/Face2Face?action=diff&rev1=31&rev2=32 == Developers / Users == [[http://www.apachecon.com/|ApacheCon]] is the official face to face meeting of httpd (and other Apache project) developers. While all the technical decisions defer to the mailing lists, excluding no one, it is still often helpful to the project to enjoy face to face high speed bandwidth and sharing of ideas. At the Hackathon, developers sit down to help one another and the project through the more complex puzzles. At the Sessions, users can learn from the official committers and other learned experts about specific features or solutions for httpd. The Trainings are more costly but more comprehensive classroom experiences. And at the occasional BOF (Birds of a Feather), developers and users come together to confront the challenges they face on a daily basis. - ApacheCon North America 2015 at the Hyatt Austin in Austin, TX + ApacheCon North America 2016 at the Hyatt Regency in Vancouver Expected Conference / Meetup attendees interested in HTTPD: ||'''Who''' ||'''When''' ||'''What''' || '''How'''|| - || Jim Riggs || Sunday evening (or anytime) || dinner/drinks/hacking || jim AT riggs DOT me || || Eric Covener || Sunday evening (or anytime) || dinner/drinks/hacking || sync up w/ covener AT gmail.com || - || Jeff Trawick || depends on when my slides are ready :) || dinner/drinks/hacking || trawick AT gmail.com || || your-name-here || || || || == Users / Meetups == - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Trivial Update of "GillisJdeNijs" by GillisJdeNijs
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "GillisJdeNijs" page has been changed by GillisJdeNijs: https://wiki.apache.org/httpd/GillisJdeNijs?action=diff&rev1=19&rev2=20 - == GillisJdeNijs == + == Gillis J. de Nijs == + Email: gillis jink net By [[RichBowen|DrBacchus]]: - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Trivial Update of "GillisJdeNijs" by GillisJdeNijs
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "GillisJdeNijs" page has been changed by GillisJdeNijs: https://wiki.apache.org/httpd/GillisJdeNijs?action=diff&rev1=19&rev2=20 - == GillisJdeNijs == + == Gillis J. de Nijs == + Email: gillis jink net By [[RichBowen|DrBacchus]]: - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "ContributorsGroup" by thumbs
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "ContributorsGroup" page has been changed by thumbs: https://wiki.apache.org/httpd/ContributorsGroup?action=diff&rev1=12&rev2=13 * DanielGruno * DRuggeri * EricCovener + * GillisJdeNijs * gknauf * Greg Martin * GuillermoGrandes - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "ClientDeniedByServerConfiguration" by thumbs
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change
notification.
The "ClientDeniedByServerConfiguration" page has been changed by thumbs:
https://wiki.apache.org/httpd/ClientDeniedByServerConfiguration?action=diff&rev1=15&rev2=16
Comment:
Complete rewrite of this recipe for clarity, and added new possible causes.
+ = Client denied by server configuration =
+ This error means that the access to the directory on the file system was
denied by an Apache configuration.
+
- = apache HTTP server 2.4 notes =
+ == Apache HTTP server 2.4 notes ==
The 2.4 release introduced significant changes to the authorization and
authentication process. Users of that release are encouraged to read
[[http://httpd.apache.org/docs/2.4/upgrading.html|this link]] to migrate their
older config files.
- Using 2.4 and 2.2 authorization directives (enabled by
[[http://httpd.apache.org/docs/2.4/mod/mod_access_compat.html|mod_access_compat]])
in the same server instance is strongly discouraged because it can cause
unexpected 'Client Denied by Server Configuration' errors that may be
troublesome to resolve. When using 2.4, please migrate all
[[http://httpd.apache.org/docs/2.4/mod/mod_access_compat.html|Allow, Deny,
Order and Satisfy]] directives to the 2.4 equivalent using the information in
the link above and then comment out the
[[http://httpd.apache.org/docs/2.4/mod/mod_so.html#loadmodule|LoadModule]] line
for mod_access_compat.
+ == Before you start ==
+ Before attempting to alter any existing config file, please take note of the
full file system path for which access is being denied, and the IP or hostname
of the client:
- = Client denied by server configuration =
- This error means that the access to the directory on the hard disk was denied
by an Apache configuration. It could be that access was denied due to an
explicit
[[http://httpd.apache.org/docs/2.2/en/mod/mod_authz_host.html#deny|deny]]
directive or due to an attempt to access a folder that is outside of the
DocumentRoot.
- It can also happen when you are proxying and there's no access configured for
the proxied location. And it is the default response to a PUT request.
-
- These are some reasons for this entry to be recorded in your !ErrorLog:
-
- * The default Apache config includes {{{Deny from all}}} in the
block the !DocumentRoot - this must be changed to allow access!
- * If you change the !DocumentRoot, you will need to change the
block referring the old root, to the refer to the new root
- * You need a block for every folder outside of your
!DocumentRoot, i.e. your cgi-bin folder.
- * You need a or block for every Alias.
- * You need a or block for your proxy
-
- To fix this problem, look at the line in your !ErrorLog, to find out which
folder it is trying to access. <> If a block already exists
for that folder, make sure it is set to allow access as necessary. If not, add
a block to your Apache configuration file, allowing access as
required. See the example below for folder /usr/local/awstats/htdocs.
{{{
-
+
+ [] [error] [client ::1] client denied by server configuration:
/var/www/example.com/
+
+ }}}
+
+ Using the correct path in the
[[http://httpd.apache.org/docs/current/mod/core.html#directory|directory]]
block for the following examples is essential to solving this problem. In this
case, a client from the local machine (::1) is being denied access to
/var/www/example.com .
+
+ == Troubleshooting ==
+
+ The possible causes are:
+
+ * Access was denied due to an explicit
[[http://httpd.apache.org/docs/2.2/en/mod/mod_authz_host.html#deny|deny (2.2)]]
directive or
[[http://httpd.apache.org/docs/current/mod/mod_authz_core.html#require|require
(2.4)]] directive in a
[[http://httpd.apache.org/docs/current/mod/core.html#directory|directory]]
block or .htaccess file.
+
+ {{{
+
+ DocumentRoot /var/www/example.com
+
+ }}}
+
+ 2.2:
+
+ {{{
+
+
+ Order deny,allow
+ Deny from all
+
+
+ }}}
+
+ 2.4:
+
+ {{{
+
+
+ Require all denied
+
+
+ }}}
+
+ In the above examples, using the following configuration will resolve the
issue:
+
+ 2.2:
+
+ {{{
+
+
Order allow,deny
Allow from all
+
}}}
- This directory block will allow Apache to serve files from this location, in
response to an incoming request. This assumes either you have an Alias set up
somewhere for serving content from this directory or, less likely, that your
!DocumentRoot is /usr/local or /usr/local/awstats.
+
+ 2.4:
{{{
+
+
+ Require all granted
+
+
+ }}}
+
+ * An attempt to access a directory outside of the DocumentRoot defined by an
[[http://httpd.apache.org/docs/current/mod/mod_alias.html#alias|alias]] without
a corresponding
[[http://httpd.apache.org/docs/current/mod/core.html#directory|directory]]
block.
+
+ {{{
+
+ DocumentRoot /var/www/example.com
+
+ Alias /foo /var/www/foo
+
+ }}}
+
+ Solution (2.2):
+
+ {{{
+
+
+
[Httpd Wiki] Update of "WindowsTrunkCompilation" by wrowe
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change
notification.
The "WindowsTrunkCompilation" page has been changed by wrowe:
https://wiki.apache.org/httpd/WindowsTrunkCompilation?action=diff&rev1=2&rev2=3
The advantage is that PCRE can generate traditional nmake files, and can also
assemble Visual Studio project and solution files for a number of different
versions of that product, as well as Eclipse and other IDE's (type the 'cmake
--help' command for supported build environments).
- Here are the required elements to build the "bleeding edge" of all components
- certainly somewhere to start for development, but not for the faint of heart,
and not to be trusted for most "real" server deployments.
+ Here are the required elements to build the "bleeding edge" of the minimal
components required by any httpd build. This is somewhere to start for
development, but is not for the faint of heart, and is not to be trusted for
most "real" server deployments.
+
+ The illustration below omits openssl, nghttp2, iconv. The libxml2 (which
could replace expat entirely) is not so easily built, just yet.
{{{
Rem
-
To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org
For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "WindowsTrunkCompilation" by wrowe
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change
notification.
The "WindowsTrunkCompilation" page has been changed by wrowe:
https://wiki.apache.org/httpd/WindowsTrunkCompilation?action=diff&rev1=1&rev2=2
The Apache HTTP Project has been shifting toward CMAKE as a build strategy,
as have many of the OSS projects it depends on.
- The advantage is that PCRE can generate traditional nmake files, and can also
assemble Visual Studio project and solution files for a number of different
versions of that product, as well as Eclipse and others (type the 'cmake'
command alone for hints).
+ The advantage is that PCRE can generate traditional nmake files, and can also
assemble Visual Studio project and solution files for a number of different
versions of that product, as well as Eclipse and other IDE's (type the 'cmake
--help' command for supported build environments).
- Here are the required elements to build the "bleeding edge" of all components
- certainly somewhere to start for development but not for the faint of heart
or for actual server deployments.
+ Here are the required elements to build the "bleeding edge" of all components
- certainly somewhere to start for development, but not for the faint of heart,
and not to be trusted for most "real" server deployments.
{{{
Rem
-
To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org
For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "WindowsTrunkCompilation" by wrowe
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change
notification.
The "WindowsTrunkCompilation" page has been changed by wrowe:
https://wiki.apache.org/httpd/WindowsTrunkCompilation
New page:
Building httpd from trunk was traditionally very challenging, since the build
schema was for Visual Studio '98. While this product has been long unsupported
and unavailable now, it was the only option that could be converted to (most)
modern Visual Studio versions and the last version which could also exported to
nmake Makefiles.
The Apache HTTP Project has been shifting toward CMAKE as a build strategy, as
have many of the OSS projects it depends on.
The advantage is that PCRE can generate traditional nmake files, and can also
assemble Visual Studio project and solution files for a number of different
versions of that product, as well as Eclipse and others (type the 'cmake'
command alone for hints).
Here are the required elements to build the "bleeding edge" of all components -
certainly somewhere to start for development but not for the faint of heart or
for actual server deployments.
{{{
Rem
Rem Illustration of building httpd and dependencies
Rem
set INSTPATH=c:\dev\apache-2.x
set CMAKE_LIBRARY_PREFIX=%INSTPATH%\lib
set CMAKE_INCLUDE_PREFIX=%INSTPATH%\include
Rem An alternative using Studio solution/projects, needs install help
Rem SET CMAKEOPTS=-G "Visual Studio 14 2015 Win64"^
Rem -DCMAKE_BUILD_TYPE=Release^
Rem -DCMAKE_COLOR_MAKEFILE=OFF^
Rem -DCMAKE_INSTALL_PREFIX=%INSTPATH%
Rem SET BUILDCMD=devenv expat.sln /Build "Release|x64"
Rem An alternative with simple nmake Makefile...
SET CMAKEOPTS=-G "NMake Makefiles"^
-DCMAKE_BUILD_TYPE=Release^
-DCMAKE_COLOR_MAKEFILE=OFF^
-DCMAKE_INSTALL_PREFIX=%INSTPATH%
SET BUILDCMD=nmake -f Makefile && nmake -f Makefile install
set ZLIBDIR=zlib-1.2.8
set EXPATDIR=expat-2.1.0
Rem set LIBXML2DIR=libxml2-2.9.3
set APRDIR=apr-2.0
set PCREDIR=pcre-8.38
set HTTPDDIR=httpd-2.x
if not exist %ZLIBDIR%^
git clone https://github.com/madler/zlib.git %ZLIBDIR%
Rem This does not work, blame sourceforge or offer a fix?
if not exist %EXPATDIR%^
https://sourceforge.net/settings/mirror_choices?projectname=expat&filename=expat/2.1.0/expat-2.1.0.tar.gz
&& tar -xzvf expat-2.1.0.tar.gz
Rem if not exist %LIBXML2DIR%^
Rem wget http://xmlsoft.org/sources/libxml2-sources-2.9.3.tar.gz &^
Rem gzip -dc < libxml2-sources-2.9.3.tar.gz | tar -xvf -
Rem This requires wget/unzip - unpack it by hand if needed
if not exist %PCREDIR%^
wget --passive-ftp
ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.38.zip && unzip
pcre-8.38.zip
if not exist %APRDIR%^
git clone https://github.com/apache/apr.git %APRDIR%
if not exist %HTTPDDIR%^
git clone https://github.com/apache/httpd.git %HTTPDDIR%
mkdir zlib-build
cd zlib-build
cmake %CMAKEOPTS% -DAMD64=OFF -DASM686=OFF ..\%ZLIBDIR%
Rem -DAMD64=ON aught to work; but it does not
%BUILDCMD%
cd ..
mkdir expat-build
cd expat-build
cmake %CMAKEOPTS% ..\%EXPATDIR%
%BUILDCMD%
cd ..
Rem cd %LIBXML2DIR%\win32
Rem cscript configure.js zlib=1 prefix=%INSTPATH% sodir=%INSTPATH%\bin
include=%INSTPATH%\include lib=%INSTPATH%\lib
Rem nmake -f makefile.msvc
Rem cd ..\..
mkdir pcre-build
cd pcre-build
cmake %CMAKEOPTS% -DBUILD_SHARED_LIBS=ON ..\%PCREDIR%
Rem Other valid options; -DPCRE_BUILD_PCRECPP=OFF -DPCRE_BUILD_PCREGREP=OFF
Rem since httpd itself does not use these features
%BUILDCMD%
cd ..
mkdir apr-build
cd apr-build
cmake %CMAKEOPTS% ..\%APRDIR%
%BUILDCMD%
cd ..
Rem Some private files of apr on Windows are used by httpd, pick these up;
mkdir %INSTPATH%\include\arch\win32
copy %APRDIR%\include\arch\win32\*.h %INSTPATH%\include\arch\win32
mkdir httpd-build
cd httpd-build
cmake %CMAKEOPTS% ..\%HTTPDDIR%
%BUILDCMD%
cd ..
}}}
-
To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org
For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "Developer" by wrowe
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "Developer" page has been changed by wrowe: https://wiki.apache.org/httpd/Developer?action=diff&rev1=10&rev2=11 ||ReInflating ||Dealing with deflated response entities || ||Win32SourceConversion ||A short guide on how to convert the unix source for usage on windows || ||Win64Compilation||Easy steps on how to compile HTTPd on Windows AMD64|| + ||WindowsTrunkCompilation||How to build httpd on Windows from svn or git trunk (2.next or 3.0)|| ||[[ModuleConfigHelperAPI]] ||A list of functions and their usefulness for creating configuration directives for Apache modules || ||[[ModulesBook]] || Prospective new edition of the Modules Book updated for HTTPD 2.4 || - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "FAQ" by thumbs
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change
notification.
The "FAQ" page has been changed by thumbs:
https://wiki.apache.org/httpd/FAQ?action=diff&rev1=36&rev2=37
Comment:
Fix broken URL for the canonical hostname remapping.
There are two techniques to implement canonical hostnames:
=== Use mod_rewrite as described in the "Canonical Hostnames" section of the
URL Rewriting Guide. ===
- See
http://httpd.apache.org/docs/current/rewrite/rewrite_guide.html#canonicalurl.
+ See http://httpd.apache.org/docs/current/rewrite/remapping.html#canonicalhost
.
=== Use name-based virtual hosting: ===
. {{{
-
To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org
For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "ClientDeniedByServerConfiguration" by SeanTimmins
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "ClientDeniedByServerConfiguration" page has been changed by SeanTimmins: https://wiki.apache.org/httpd/ClientDeniedByServerConfiguration?action=diff&rev1=14&rev2=15 = apache HTTP server 2.4 notes = The 2.4 release introduced significant changes to the authorization and authentication process. Users of that release are encouraged to read [[http://httpd.apache.org/docs/2.4/upgrading.html|this link]] to migrate their older config files. + + Using 2.4 and 2.2 authorization directives (enabled by [[http://httpd.apache.org/docs/2.4/mod/mod_access_compat.html|mod_access_compat]]) in the same server instance is strongly discouraged because it can cause unexpected 'Client Denied by Server Configuration' errors that may be troublesome to resolve. When using 2.4, please migrate all [[http://httpd.apache.org/docs/2.4/mod/mod_access_compat.html|Allow, Deny, Order and Satisfy]] directives to the 2.4 equivalent using the information in the link above and then comment out the [[http://httpd.apache.org/docs/2.4/mod/mod_so.html#loadmodule|LoadModule]] line for mod_access_compat. = Client denied by server configuration = This error means that the access to the directory on the hard disk was denied by an Apache configuration. It could be that access was denied due to an explicit [[http://httpd.apache.org/docs/2.2/en/mod/mod_authz_host.html#deny|deny]] directive or due to an attempt to access a folder that is outside of the DocumentRoot. - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "Rewrite" by RichBowen
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "Rewrite" page has been changed by RichBowen: https://wiki.apache.org/httpd/Rewrite?action=diff&rev1=32&rev2=33 * [[RewriteLooping|Avoiding loops]] * [[RewriteHtaccessIgnored|Help, my rewrites in htaccess are getting ignored!]] * [[RewriteStatsBroken|3rd party app disables /stats]] +* [[RewriteLog|Rewrite Logging]] - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Trivial Update of "Face2Face" by RainerJung
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "Face2Face" page has been changed by RainerJung: https://wiki.apache.org/httpd/Face2Face?action=diff&rev1=30&rev2=31 Comment: Trivial change to check performance of wiki. || your-name-here || || || || == Users / Meetups == - Apache is "supported" by a community of peer users. You get back what you offer up. If you are friendly in seeking help, you will find help, and you are expected to offer some back in the future. Below + Apache is "supported" by a community of peer users. You get back what you offer up. If you are friendly in seeking help, you will find help, and you are expected to offer some back in the future. - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Trivial Update of "AIXPlatform" by EricCovener
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "AIXPlatform" page has been changed by EricCovener: https://wiki.apache.org/httpd/AIXPlatform?action=diff&rev1=18&rev2=19 Comment: test change == creating an installp package == The latest version 2.2 and 2.4 distributions include a directory ./build/aix with scripts that will create an installp package. This approach expects you to also download and package the APR and APR-UTIL packages in advance. Unfortunately, the build/aix scripts are not yet included in the APR downloads. They are available at http://dl.aixtools.net/httpd/apr-buildaix-1.5.x.tar and http://dl.aixtools.net/httpd/apr-util-buildaix-1.5.x.tar - Also needed : patches to the APR and APR-UTIL config.layout : http://dl.aixtools.net/httpd/apr-config.layout.patch and http://dl.aixtools.net/httpd/apr-util-config.layout.patch + Also needed : patches to the APR and APR-UTIL config.layout: http://dl.aixtools.net/httpd/apr-config.layout.patch and http://dl.aixtools.net/httpd/apr-util-config.layout.patch === Preparations === Preparations: see ''prerequisites'' below as well. One goal of these scripts is to prevent the need for mixing RPM's from other sources (e.g., perlz and/or AIX Toolbox). Mixing libraries will sometimes break things when updates are applied. In short, as much as possible - "generic" BOS AIX is used. To prevent filename collisions /opt/freeware and /usr/local are not used. Likewise, /usr/lib is not intended as a target directory. (Note: the build/aix scripts check for the existence of zlib include files and setup links in when they are missing in the places where ./configure expects them (e.g., /usr/include) - so that you do not need to install a so-called development RPM. These files are available - just not where configure looks). - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "OCSPStapling" by JeffTrawick
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "OCSPStapling" page has been changed by JeffTrawick: https://wiki.apache.org/httpd/OCSPStapling?action=diff&rev1=4&rev2=5 Comment: mention a scalability/performance fix in 2.4.13 Note: Some distributors of httpd, including Linux vendors, use a particular httpd 2.4.x version for the life of the related product, and choose to selectively apply fixes to that codebase without fully upgrading httpd to a new version. Any stapling-related fixes which vendors have backported to an older 2.4.x version are not reflected in the following table. || '''First open source release with fix''' || '''Considerations''' || '''Description''' || + || 2.4.13 || This helps performance in a multiple-certificate configuration (e.g., multiple SSL virtual host) when there are many certificates or slow responders. || Handshakes are blocked/stalled unnecessarily when the OCSP response for a different certificate is being refreshed from the OCSP responder. || || 2.4.11 || If you don’t have the crash, you don’t care about this bug. || PR 54357 – crash at startup or restart with stapling enabled in some configurations || || 2.4.10 || The fix only affects certificates with no responder (rare). || Better handling for certificates with no responder || - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "PHP-FPM" by thumbs
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "PHP-FPM" page has been changed by thumbs: https://wiki.apache.org/httpd/PHP-FPM?action=diff&rev1=6&rev2=7 Comment: Added another directory index value to allow serving content from any request uri. Edit the configuration for a vhost of your choice, and add the following line to it: `ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/path/to/your/documentroot/$1`<> - `DirectoryIndex /index.php` + `DirectoryIndex /index.php index.php` Look confusing ? Let's run through it: @@ -99, +99 @@ php-fpm just interprets the php files passed to it; it is not a web server, nor does it understand your web servers' namespace, virtualhost layout, or aliases.<> IMPORTANT! __Read the above again__ $1:: expands to the entire request-URI from the original request, minus the leading slash (because we already added that above.)<> - DirectoryIndex /index.php:: a request for / will need to be mapped to a resource on the fcgi backend. Failure to address this may cause a blank response, commonly known as a WSOD (White Screen of Death), especially if only a request URI containing the php extension is proxied, such as this example. The processing chain will first map a request for / to /index.php, then proxy to the PHP-FPM backend correctly. + DirectoryIndex /index.php index.php:: a request for / will need to be mapped to a resource on the fcgi backend. Failure to address this may cause a blank response, commonly known as a WSOD (White Screen of Death), especially if only a request URI containing the php extension is proxied, such as this example. The processing chain will first map a request for / to /index.php or any other index.php file relative to the current request uri, then proxy to the PHP-FPM backend correctly. === unix domain socket (UDS) approach === - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "FileSystemPermissions" by RichBowen
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change
notification.
The "FileSystemPermissions" page has been changed by RichBowen:
https://wiki.apache.org/httpd/FileSystemPermissions?action=diff&rev1=2&rev2=3
# find /var/www/html -type d -exec chmod 750 {} \;
}}}
- What we've done here is to set all files to 640, or rw-r- and directories
to rwxr-x---.
+ What we've done here is to set all files to 640, or {{{rw-r-}}} and
directories to {{{rwxr-x---}}}.
Because the group "web-content" is applied to all the files and directories,
httpd can read these files, but cannot write to them.
-
To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org
For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "FileSystemPermissions" by RichBowen
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change
notification.
The "FileSystemPermissions" page has been changed by RichBowen:
https://wiki.apache.org/httpd/FileSystemPermissions?action=diff&rev1=1&rev2=2
# find /var/www/html -type d -exec chmod 750 {} \;
}}}
- What we've done here is to set all files to 640, or rw-r--r-- and directories
to rwxr-x---.
+ What we've done here is to set all files to 640, or rw-r- and directories
to rwxr-x---.
Because the group "web-content" is applied to all the files and directories,
httpd can read these files, but cannot write to them.
-
To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org
For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "Face2Face" by 45.37.54.3
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "Face2Face" page has been changed by 45.37.54.3: http://wiki.apache.org/httpd/Face2Face?action=diff&rev1=29&rev2=30 ||'''Who''' ||'''When''' ||'''What''' || '''How'''|| || Jim Riggs || Sunday evening (or anytime) || dinner/drinks/hacking || jim AT riggs DOT me || || Eric Covener || Sunday evening (or anytime) || dinner/drinks/hacking || sync up w/ covener AT gmail.com || + || Jeff Trawick || depends on when my slides are ready :) || dinner/drinks/hacking || trawick AT gmail.com || || your-name-here || || || || == Users / Meetups == - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Trivial Update of "Face2Face" by 66.128.242.158
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "Face2Face" page has been changed by 66.128.242.158: http://wiki.apache.org/httpd/Face2Face?action=diff&rev1=28&rev2=29 Expected Conference / Meetup attendees interested in HTTPD: ||'''Who''' ||'''When''' ||'''What''' || '''How'''|| - - /!\ '''Edit conflict - other version:''' || Jim Riggs || Sunday evening (or anytime) || dinner/drinks/hacking || jim AT riggs DOT me || || Eric Covener || Sunday evening (or anytime) || dinner/drinks/hacking || sync up w/ covener AT gmail.com || || your-name-here || || || || - /!\ '''Edit conflict - your version:''' - || Jim Riggs || Sunday evening (or anytime) || dinner/drinks/hacking || jim AT riggs DOT me || - || Eric Covener || Sunday evening (or anytime) || dinner/drinks/hacking || sync up w/ covener AT gmail.com || - || your-name-here || || || || - - /!\ '''End of edit conflict''' - == Users / Meetups == Apache is "supported" by a community of peer users. You get back what you offer up. If you are friendly in seeking help, you will find help, and you are expected to offer some back in the future. Below - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Trivial Update of "Face2Face" by 66.128.242.158
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "Face2Face" page has been changed by 66.128.242.158: http://wiki.apache.org/httpd/Face2Face?action=diff&rev1=28&rev2=29 Expected Conference / Meetup attendees interested in HTTPD: ||'''Who''' ||'''When''' ||'''What''' || '''How'''|| - - /!\ '''Edit conflict - other version:''' || Jim Riggs || Sunday evening (or anytime) || dinner/drinks/hacking || jim AT riggs DOT me || || Eric Covener || Sunday evening (or anytime) || dinner/drinks/hacking || sync up w/ covener AT gmail.com || || your-name-here || || || || - /!\ '''Edit conflict - your version:''' - || Jim Riggs || Sunday evening (or anytime) || dinner/drinks/hacking || jim AT riggs DOT me || - || Eric Covener || Sunday evening (or anytime) || dinner/drinks/hacking || sync up w/ covener AT gmail.com || - || your-name-here || || || || - - /!\ '''End of edit conflict''' - == Users / Meetups == Apache is "supported" by a community of peer users. You get back what you offer up. If you are friendly in seeking help, you will find help, and you are expected to offer some back in the future. Below - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Trivial Update of "Face2Face" by 66.128.242.158
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "Face2Face" page has been changed by 66.128.242.158: http://wiki.apache.org/httpd/Face2Face?action=diff&rev1=28&rev2=29 Expected Conference / Meetup attendees interested in HTTPD: ||'''Who''' ||'''When''' ||'''What''' || '''How'''|| - - /!\ '''Edit conflict - other version:''' || Jim Riggs || Sunday evening (or anytime) || dinner/drinks/hacking || jim AT riggs DOT me || || Eric Covener || Sunday evening (or anytime) || dinner/drinks/hacking || sync up w/ covener AT gmail.com || || your-name-here || || || || - /!\ '''Edit conflict - your version:''' - || Jim Riggs || Sunday evening (or anytime) || dinner/drinks/hacking || jim AT riggs DOT me || - || Eric Covener || Sunday evening (or anytime) || dinner/drinks/hacking || sync up w/ covener AT gmail.com || - || your-name-here || || || || - - /!\ '''End of edit conflict''' - == Users / Meetups == Apache is "supported" by a community of peer users. You get back what you offer up. If you are friendly in seeking help, you will find help, and you are expected to offer some back in the future. Below - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Trivial Update of "Face2Face" by EricCovener
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "Face2Face" page has been changed by EricCovener: https://wiki.apache.org/httpd/Face2Face?action=diff&rev1=25&rev2=26 ApacheCon North America 2015 at the Hyatt Austin in Austin, TX Expected Conference / Meetup attendees interested in HTTPD: - ||'''Who''' ||'''When''' ||'''What''' || + ||'''Who''' ||'''When''' ||'''What''' || '''How'''|| || Jim Riggs || Sunday evening (or anytime) || dinner/drinks/hacking || + || Eric Covener || Sunday evening (or anytime) || dinner/drinks/hacking || sync up w/ covener AT gmail.com || your-name-here || || || == Users / Meetups == - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "Face2Face" by JimRiggs
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "Face2Face" page has been changed by JimRiggs: https://wiki.apache.org/httpd/Face2Face?action=diff&rev1=24&rev2=25 == Developers / Users == [[http://www.apachecon.com/|ApacheCon]] is the official face to face meeting of httpd (and other Apache project) developers. While all the technical decisions defer to the mailing lists, excluding no one, it is still often helpful to the project to enjoy face to face high speed bandwidth and sharing of ideas. At the Hackathon, developers sit down to help one another and the project through the more complex puzzles. At the Sessions, users can learn from the official committers and other learned experts about specific features or solutions for httpd. The Trainings are more costly but more comprehensive classroom experiences. And at the occasional BOF (Birds of a Feather), developers and users come together to confront the challenges they face on a daily basis. - ApacheCon Europe 2014 at the Corinthia Hotel in Budapest, Hungary + ApacheCon North America 2015 at the Hyatt Austin in Austin, TX Expected Conference / Meetup attendees interested in HTTPD: ||'''Who''' ||'''When''' ||'''What''' || + || Jim Riggs || Sunday evening (or anytime) || dinner/drinks/hacking || - - - - - | your-name-here | | | + || your-name-here || || || == Users / Meetups == Apache is "supported" by a community of peer users. You get back what you offer up. If you are friendly in seeking help, you will find help, and you are expected to offer some back in the future. Below - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "ScratchPad" by SeanTimmins
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "ScratchPad" page has been changed by SeanTimmins: https://wiki.apache.org/httpd/ScratchPad?action=diff&rev1=8&rev2=9 apache 2.4 + php-fpm + wordpress [[PHPFPMWordpress]] - Page about a proposed script to scan and output Apache httpd directives and certain information about them [[ScanHTTPDConf]] + Page about a proposed script to scan Apache httpd configuration files, search for directives and output certain information about them [[ScanHTTPDConf]] - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "ScanHTTPDConf" by SeanTimmins
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change
notification.
The "ScanHTTPDConf" page has been changed by SeanTimmins:
https://wiki.apache.org/httpd/ScanHTTPDConf
New page:
= HTTPD Configuration scanner =
"scanconf.pl" is a script that reads the top level Apache HTTPD configuration
file and scans through it parsing all include files found in order to search
the whole server configuration for any given directives. The search is case
insensitive.
The current script can be found here:
http://www.unbeliever.plus.com/apache/scripts/scanconf.pl
All the script needs to run the path to the top level configuration file and
sometimes the server root (if it is not defined in the configuration file
itself), both of which can be supplied via arguments.
== Usage and Arguments ==
The common locations of the top level configuration file are hard coded into
the script. They were taken from [[DistrosDefaultLayout]]. If none of these are
found the file must be specified using the -c flag.
The default output shows the line number the directive was found at and the
file it came from.
The various arguments are.
* -c /path/to/file: specify path to top level configuration file.
* -F: Suppress the printing the file name after each directive.
* -h: Print the help message.
* -L: Suppress the printing of line numbers.
* -s /path/to/server/root: specify server root as some distributions use a
'default'.
* -q: quiet mode, only print the 'directives' lines of output.
* -v: output the full config line rather than just the directive.
== Example Usage ==
The following show some examples of how to use the script. The last one
actually dumps the whole active configuration without comments (possibly useful
for configuration comparison?).
* Show "Include" lines and all configuration files:: scanconf.pl
* Search for a specific directive:: scanconf.pl directory
* Search for multiple directives:: scanconf.pl location directory allow
* Specify the top level httpd config file:: scanconf.pl -c
/etc/httpd/apache2.conf
* Dump all configuration including arguments to all directives:: scanconf.pl
-q -v -F -L All
== Possible Enhancements ==
* Execute {{{apachectl -V}}} to determine a default ServerRoot.
* Tidy up output for the longer directives.
-
To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org
For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "ScratchPad" by SeanTimmins
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "ScratchPad" page has been changed by SeanTimmins: https://wiki.apache.org/httpd/ScratchPad?action=diff&rev1=7&rev2=8 apache 2.4 + php-fpm + wordpress [[PHPFPMWordpress]] + Page about a proposed script to scan and output Apache httpd directives and certain information about them [[ScanHTTPDConf]] + - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "DebuggingSSLProblems" by TomasPospisek
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change
notification.
The "DebuggingSSLProblems" page has been changed by TomasPospisek:
https://wiki.apache.org/httpd/DebuggingSSLProblems?action=diff&rev1=11&rev2=12
Comment:
use clearer certificate file names
* verify a certificate:
{{{
- $ openssl verify -CAfile ca-thawte+sourcepole.crt www.nofloh.ch.crt
+ $ openssl verify -CAfile ca.crt www.mysite.org.crt
}}}
-
To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org
For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "RewriteQueryString" by SeanTimmins
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change
notification.
The "RewriteQueryString" page has been changed by SeanTimmins:
https://wiki.apache.org/httpd/RewriteQueryString?action=diff&rev1=20&rev2=21
RewriteRule /path /path?%1other_val%2
}}}
+ === Remove a Single Key/Value ===
+ To remove a single key/value pair from the query string. This example extends
the above one by matching any value and removes multiple, consecutive '&'
characters.
+
+ {{{
+ RewriteCond %{QUERY_STRING} (.*)(?:^|&)unWantedKey=(?:[^&]*)((?:&|$).*)
+ RewriteCond %1%2 (^|&)([^&].*|$)
+ RewriteRule ^(/path)$ $1?%2
+ }}}
+
=== Making the Query String Part of the Path ===
Take a URL of the form {{{http://example.com/path?var=val}}} and transform it
into {{{http://example.com/path/var/val}}}. Note that this particular example
will work only for a single var=val pair containing only letters, numbers, and
the underscore character.
-
To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org
For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "php" by thumbs
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "php" page has been changed by thumbs: https://wiki.apache.org/httpd/php?action=diff&rev1=9&rev2=10 Comment: Fix wiki syntax errors Please see the [[php-fcgid|following article]] - == Using mod_php as a DSO with a threaded mpm (2.0 and newer) + == Using mod_php as a DSO with a threaded mpm (2.0 and newer) == This approach is identical to the next recipe, with the exception that a threaded mpm such as event or worker can be used. The main requirement is that the php system libraries and DSO must be (re)compiled with the thread-safe flags. @@ -35, +35 @@ == Using mod_php as a DSO (deprecated) == This method is the oldest and slowest possible configuration. It was suitable for version 2.2 and older, and requires the use of the prefork mpm. - === Why you shouldn't use mod_php anymore === + === Why you shouldn't use mod_php with the prefork mpm anymore === * mod_php is loaded into every httpd process all the time. Even when httpd is serving static/non php content, that memory is in use. * mod_php is not thread safe and forces you to stick with the prefork mpm (multi process, no threads), which is the slowest possible configuration - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "php" by thumbs
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "php" page has been changed by thumbs: https://wiki.apache.org/httpd/php?action=diff&rev1=8&rev2=9 Comment: Added a new recipe Please see the [[php-fcgid|following article]] + == Using mod_php as a DSO with a threaded mpm (2.0 and newer) + + This approach is identical to the next recipe, with the exception that a threaded mpm such as event or worker can be used. The main requirement is that the php system libraries and DSO must be (re)compiled with the thread-safe flags. + + If apache httpd 2.0 or older is used, it must be recompiled to change the mpm. For 2.4, loading the appropriate mpm module suffices. + + Special care must be taken to ensure that workers are restarted often enough (MaxConnectionsPerChild > 0) since child processes are still prone to php memory leaks and processes are likely to consume large amounts of RAM and deplete the available system resources. + + This is probably the least used approach of all, due to the headaches of maintaining a thread-safe php library, and since most linux distributions do not ship those packages. == Using mod_php as a DSO (deprecated) == - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "CVE-2011-3192" by thumbs
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change
notification.
The "CVE-2011-3192" page has been changed by thumbs:
https://wiki.apache.org/httpd/CVE-2011-3192?action=diff&rev1=20&rev2=21
- The official version of this document resides at
[http://httpd.apache.org/security/CVE-2011-3192.txt] - this document is for
drafting and discussion of the workarounds and side effects upon
clients[[http://www.mommyliciousmaternity.com/collections/plus-size-maternity-dresses|.]]
+ The official version of this document resides at
[http://httpd.apache.org/security/CVE-2011-3192.txt] - this document is for
drafting and discussion of the workarounds and side effects upon clients.
{{{
Apache HTTPD Security ADVISORY
-
To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org
For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "ContributorsGroup" by thumbs
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "ContributorsGroup" page has been changed by thumbs: https://wiki.apache.org/httpd/ContributorsGroup?action=diff&rev1=11&rev2=12 * PeteHouston * preaction * RainerDuffner - * RobertPattinson * RichBowen * SanderTemme * SeanTimmins - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "ScratchPad" by thumbs
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "ScratchPad" page has been changed by thumbs: https://wiki.apache.org/httpd/ScratchPad?action=diff&rev1=6&rev2=7 = Writing space for new content = - Some troubleshooting [[http://fixithere.net/|tips]] for named based virtual hosts, comments welcome: TroubleshootingVhosts + Some troubleshooting tips for named based virtual hosts, comments welcome: [[TroubleshootingVhosts]] apache 2.4 + php-fpm + wordpress [[PHPFPMWordpress]] - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "ScratchPad" by RobertPattinson
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "ScratchPad" page has been changed by RobertPattinson: https://wiki.apache.org/httpd/ScratchPad?action=diff&rev1=5&rev2=6 = Writing space for new content = - - Some troubleshooting tips for named based virtual hosts, comments welcome: [[TroubleshootingVhosts]] + Some troubleshooting [[http://fixithere.net/|tips]] for named based virtual hosts, comments welcome: TroubleshootingVhosts apache 2.4 + php-fpm + wordpress [[PHPFPMWordpress]] - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "CVE-2011-3192" by RobertPattinson
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change
notification.
The "CVE-2011-3192" page has been changed by RobertPattinson:
https://wiki.apache.org/httpd/CVE-2011-3192?action=diff&rev1=19&rev2=20
- The official version of this document resides at
[http://httpd.apache.org/security/CVE-2011-3192.txt] - this document is for
drafting and discussion of the workarounds and side effects upon clients.
+ The official version of this document resides at
[http://httpd.apache.org/security/CVE-2011-3192.txt] - this document is for
drafting and discussion of the workarounds and side effects upon
clients[[http://www.mommyliciousmaternity.com/collections/plus-size-maternity-dresses|.]]
{{{
Apache HTTPD Security ADVISORY
-
To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org
For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Trivial Update of "AIXPlatform" by EricCovener
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "AIXPlatform" page has been changed by EricCovener: https://wiki.apache.org/httpd/AIXPlatform?action=diff&rev1=17&rev2=18 Comment: ssl freeware hint * If you're building with SSL: * install pkg-config from perzl or toolbox * install openssl and openssl-devel from perzl or toolbox + * If using third-party openssl packages, export LD_LIBRARY_PATH=/opt/freeware/lib64 before running configure - * XXX: If the link of "ab" fails, edit ab_LDFLAGS in build/config_vars.mk to switch -L/opt/freeware/lib to -L/opt/freeware/lib64. - * XXX: If mod_ssl fails to build. modules/ssl/modules.mk same update as above == Link errors with bundled expat and when using DESTDIR == * If you use a bundled expat, you might find the link of apr-util fails. The following change might help: - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "php" by gryzor
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "php" page has been changed by gryzor: https://wiki.apache.org/httpd/php?action=diff&rev1=7&rev2=8 Please see the [[php-fcgid|following article]] - == Using php as a DSO (deprecated) == + == Using mod_php as a DSO (deprecated) == - This method is the oldest and slowest possible configuration. It is suitable for version 2.2 and older, and requires the use of the prefork mpm. + This method is the oldest and slowest possible configuration. It was suitable for version 2.2 and older, and requires the use of the prefork mpm. + === Why you shouldn't use mod_php anymore === + * mod_php is loaded into every httpd process all the time. Even when httpd is serving static/non php content, that memory is in use. + * mod_php is not thread safe and forces you to stick with the prefork mpm (multi process, no threads), which is the slowest possible configuration + === How to use it anyway === First, the module must be loaded: `LoadModule php5_module lib/httpd/modules/libphp5.so` - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Trivial Update of "Development/mod_proxy_fcgi" by EricCovener
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "Development/mod_proxy_fcgi" page has been changed by EricCovener: https://wiki.apache.org/httpd/Development/mod_proxy_fcgi?action=diff&rev1=7&rev2=8 Comment: note some trunk changes * 56855 (backport CGIPassAuth) * 57198 (backport 304 fix) + * 57378 (connection reuse) + * x (balancer SCRIPT_FILENAME fixup) == Documentation == - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Trivial Update of "Development/mod_proxy_fcgi" by EricCovener
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "Development/mod_proxy_fcgi" page has been changed by EricCovener: https://wiki.apache.org/httpd/Development/mod_proxy_fcgi?action=diff&rev1=6&rev2=7 Comment: add pr || [[https://issues.apache.org/bugzilla/show_bug.cgi?id=56188|56188]] || High || Moderate || Low || send FCGI_ABORT_REQUEST on client disconnect || maybe there is a simple case that could be covered without async processing || || [[https://issues.apache.org/bugzilla/show_bug.cgi?id=55415|55415]] || Low || Moderate || Low || Proxy loop caused by ProxyErrorOverride and ErrorDocument 404 || || || [[https://issues.apache.org/bugzilla/show_bug.cgi?id=57087|57087]] || High || Moderate || Low || spool chunked request body to calculate CONTENT_LENGTH; need to port mod_proxy_http or mod_fcgid body spooling / content length passing || mod_request enhancement? || - || not-yet || Low || Low || Low || connection reuse for TCP and UDS || see r1032345 || + || [[https://issues.apache.org/bugzilla/show_bug.cgi?id=57378|57378]] || Low || Low || Low || connection reuse for TCP and UDS || see r1032345 || == Fixed in trunk but not in 2.4.x == * 56855 (backport CGIPassAuth) - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Trivial Update of "Development/mod_proxy_fcgi" by EricCovener
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "Development/mod_proxy_fcgi" page has been changed by EricCovener: https://wiki.apache.org/httpd/Development/mod_proxy_fcgi?action=diff&rev1=5&rev2=6 Comment: add connection reuse entry || [[https://issues.apache.org/bugzilla/show_bug.cgi?id=56188|56188]] || High || Moderate || Low || send FCGI_ABORT_REQUEST on client disconnect || maybe there is a simple case that could be covered without async processing || || [[https://issues.apache.org/bugzilla/show_bug.cgi?id=55415|55415]] || Low || Moderate || Low || Proxy loop caused by ProxyErrorOverride and ErrorDocument 404 || || || [[https://issues.apache.org/bugzilla/show_bug.cgi?id=57087|57087]] || High || Moderate || Low || spool chunked request body to calculate CONTENT_LENGTH; need to port mod_proxy_http or mod_fcgid body spooling / content length passing || mod_request enhancement? || - + || not-yet || Low || Low || Low || connection reuse for TCP and UDS || see r1032345 || == Fixed in trunk but not in 2.4.x == * 56855 (backport CGIPassAuth) - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "Development/mod_proxy_fcgi" by JeffTrawick
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "Development/mod_proxy_fcgi" page has been changed by JeffTrawick: https://wiki.apache.org/httpd/Development/mod_proxy_fcgi?action=diff&rev1=4&rev2=5 Comment: compile-time debugging needs ap_log_*rdata || [[https://issues.apache.org/bugzilla/show_bug.cgi?id=51517|51517]] || ?? || Moderate || Moderate || SCRIPT_FILENAME, PATH_INFO || || || - || Moderate || Moderate || Moderate || fixes for CGI variables in different configurations (sethandler vs. proxypass); fixup r->filename right before adding CGI vars, maybe directory walk; path info calculation probably needs multiple modes. Maybe expr based? || Related to bug 51517 || || - || Moderate || Moderate || Moderate || provide a convenience/less verbose directive to configure SetHandler plus a backend worker || || - || - || Low || Low || Low || Change compile-time diag stuff to trace8 || || + || - || Low || Low || Low || Change compile-time diag stuff to trace8 || need ap_log_*data() in 2.4.x branch || || - || Low || Low || Low || If the output from the application ends without seeing the headers, mod_proxy_fcgi won't raise an error. (/* XXX what if we haven't seen end of the headers yet? */) || Presumably this requires buggy application or FastCGI protocol implementation || || [[https://issues.apache.org/bugzilla/show_bug.cgi?id=48272|48272]] || Moderate || Low || Low || mod_proxy_fcgi doesn't behave right and should read the complete headers before calling ap_scan_script_header_err_* || Bug is for an old crash that is now fixed, but submitter points out something else that should be investigated || || [[https://issues.apache.org/bugzilla/show_bug.cgi?id=55329|55329]] || Low || Moderate (script portability) || Low || mod_proxy_fcgi does not urldecode PATH_INFO || || - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "Development/mod_proxy_fcgi" by JeffTrawick
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "Development/mod_proxy_fcgi" page has been changed by JeffTrawick: https://wiki.apache.org/httpd/Development/mod_proxy_fcgi?action=diff&rev1=3&rev2=4 Comment: I can't confirm the remaining issue in 48272, but I do see a somewhat related problem. || - || Moderate || Moderate || Moderate || fixes for CGI variables in different configurations (sethandler vs. proxypass); fixup r->filename right before adding CGI vars, maybe directory walk; path info calculation probably needs multiple modes. Maybe expr based? || Related to bug 51517 || || - || Moderate || Moderate || Moderate || provide a convenience/less verbose directive to configure SetHandler plus a backend worker || || || - || Low || Low || Low || Change compile-time diag stuff to trace8 || || + || - || Low || Low || Low || If the output from the application ends without seeing the headers, mod_proxy_fcgi won't raise an error. (/* XXX what if we haven't seen end of the headers yet? */) || Presumably this requires buggy application or FastCGI protocol implementation || || [[https://issues.apache.org/bugzilla/show_bug.cgi?id=48272|48272]] || Moderate || Low || Low || mod_proxy_fcgi doesn't behave right and should read the complete headers before calling ap_scan_script_header_err_* || Bug is for an old crash that is now fixed, but submitter points out something else that should be investigated || || [[https://issues.apache.org/bugzilla/show_bug.cgi?id=55329|55329]] || Low || Moderate (script portability) || Low || mod_proxy_fcgi does not urldecode PATH_INFO || || || [[https://issues.apache.org/bugzilla/show_bug.cgi?id=56188|56188]] || High || Moderate || Low || send FCGI_ABORT_REQUEST on client disconnect || maybe there is a simple case that could be covered without async processing || - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "Development/mod_proxy_fcgi" by JeffTrawick
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "Development/mod_proxy_fcgi" page has been changed by JeffTrawick: https://wiki.apache.org/httpd/Development/mod_proxy_fcgi?action=diff&rev1=2&rev2=3 Comment: One of the issues listed in 48272 is already fixed || - || Moderate || Moderate || Moderate || fixes for CGI variables in different configurations (sethandler vs. proxypass); fixup r->filename right before adding CGI vars, maybe directory walk; path info calculation probably needs multiple modes. Maybe expr based? || Related to bug 51517 || || - || Moderate || Moderate || Moderate || provide a convenience/less verbose directive to configure SetHandler plus a backend worker || || || - || Low || Low || Low || Change compile-time diag stuff to trace8 || || - || [[https://issues.apache.org/bugzilla/show_bug.cgi?id=48272|48272]] || Moderate || Low || Low || 1. ap_scan_script_header_err_core doesn't respect the possible -1 return (TIMEOUT) from getsfunc_BRIGADE in the place where it soaks up the invalid script output. 2. mod_proxy_fcgi doesn't behave right and should read the complete headers before calling ap_scan_script_header_err_* || Bug is for an old crash that is now fixed, but submitter points out something else that should be investigated || + || [[https://issues.apache.org/bugzilla/show_bug.cgi?id=48272|48272]] || Moderate || Low || Low || mod_proxy_fcgi doesn't behave right and should read the complete headers before calling ap_scan_script_header_err_* || Bug is for an old crash that is now fixed, but submitter points out something else that should be investigated || || [[https://issues.apache.org/bugzilla/show_bug.cgi?id=55329|55329]] || Low || Moderate (script portability) || Low || mod_proxy_fcgi does not urldecode PATH_INFO || || || [[https://issues.apache.org/bugzilla/show_bug.cgi?id=56188|56188]] || High || Moderate || Low || send FCGI_ABORT_REQUEST on client disconnect || maybe there is a simple case that could be covered without async processing || || [[https://issues.apache.org/bugzilla/show_bug.cgi?id=55415|55415]] || Low || Moderate || Low || Proxy loop caused by ProxyErrorOverride and ErrorDocument 404 || || - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "Development/mod_proxy_fcgi" by JeffTrawick
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "Development/mod_proxy_fcgi" page has been changed by JeffTrawick: https://wiki.apache.org/httpd/Development/mod_proxy_fcgi?action=diff&rev1=1&rev2=2 - Eric's quick notes: (Jeff will work these into the table) - - * examples need to account for php-fpm (how URLs and or paths are passed) - * fixes for CGI variables in different configurations (sethandler vs. proxypass) -* fixup r->filename right before adding CGI vars, maybe directory walk -* path info calculation probably needs multiple modes. Maybe expr based? - * further doc for worker matching stuff with ProxySet - * provide a convenience/less verbose directive to configure SetHandler - * a backend worker - * doc SetHandler advantages - * change compile-time diag stuff to trace8 - * need to port mod_proxy_http or mod_fcgid body spooling / content length passing - * would be nice to have a non php-fpm fastcgi server to sanity check with so we don't end up with too many php-fpm-isms - * figure out / make sure balancer examples work with php-fpm and/or setHandler - == Bugs and other issues to investigate and fix == - || '''Bugzilla''' || Difficulty to resolve || Severity || Commonality || Description || Notes || + || '''Bugzilla''' || '''Difficulty to resolve''' || '''Severity''' || '''Pervasiveness''' || '''Description''' || '''Notes''' || - || [[https://issues.apache.org/bugzilla/show_bug.cgi?id=48272|48272]] || Low || Low || Low || || Bug is for an old crash that is now fixed, but sf points out something else that should be investigated || + || [[https://issues.apache.org/bugzilla/show_bug.cgi?id=51517|51517]] || ?? || Moderate || Moderate || SCRIPT_FILENAME, PATH_INFO || || + || - || Moderate || Moderate || Moderate || fixes for CGI variables in different configurations (sethandler vs. proxypass); fixup r->filename right before adding CGI vars, maybe directory walk; path info calculation probably needs multiple modes. Maybe expr based? || Related to bug 51517 || + || - || Moderate || Moderate || Moderate || provide a convenience/less verbose directive to configure SetHandler plus a backend worker || || + || - || Low || Low || Low || Change compile-time diag stuff to trace8 || || + || [[https://issues.apache.org/bugzilla/show_bug.cgi?id=48272|48272]] || Moderate || Low || Low || 1. ap_scan_script_header_err_core doesn't respect the possible -1 return (TIMEOUT) from getsfunc_BRIGADE in the place where it soaks up the invalid script output. 2. mod_proxy_fcgi doesn't behave right and should read the complete headers before calling ap_scan_script_header_err_* || Bug is for an old crash that is now fixed, but submitter points out something else that should be investigated || || [[https://issues.apache.org/bugzilla/show_bug.cgi?id=55329|55329]] || Low || Moderate (script portability) || Low || mod_proxy_fcgi does not urldecode PATH_INFO || || || [[https://issues.apache.org/bugzilla/show_bug.cgi?id=56188|56188]] || High || Moderate || Low || send FCGI_ABORT_REQUEST on client disconnect || maybe there is a simple case that could be covered without async processing || || [[https://issues.apache.org/bugzilla/show_bug.cgi?id=55415|55415]] || Low || Moderate || Low || Proxy loop caused by ProxyErrorOverride and ErrorDocument 404 || || - || [[https://issues.apache.org/bugzilla/show_bug.cgi?id=57087|57087]] || High || Moderate || Low || spool chunked request body to calculate CONTENT_LENGTH || mod_request enhancement? || + || [[https://issues.apache.org/bugzilla/show_bug.cgi?id=57087|57087]] || High || Moderate || Low || spool chunked request body to calculate CONTENT_LENGTH; need to port mod_proxy_http or mod_fcgid body spooling / content length passing || mod_request enhancement? || - || [[https://issues.apache.org/bugzilla/show_bug.cgi?id=51517|51517]] || ?? || Moderate || Moderate || SCRIPT_FILENAME, PATH_INFO || || - == Fixed in trunk but not in 2.4.x == * 56855 (backport CGIPassAuth) * 57198 (backport 304 fix) + == Documentation == + + || '''Description''' || '''Notes''' || + || examples need to account for PHP-FPM (how URLs and or paths are passed) || || + || further doc for worker matching stuff with ProxySet || || + || doc SetHandler advantages || || + || figure out / make sure balancer examples work with PHP-FPM and/or SetHandler || || + + == Testbed == + + === General requirements === + + * PHP-FPM coverage + * Non-PHP coverage, including FastCGI programming library coverage (e.g., through Perl or something else that uses the de facto standard library) + * test script(s) should have configurations for running with different FastCGI gateways so we can compare results + * needs client that runs the test + * potentially integrate with httpd test framework later + + === Priorities === + + 1. SCRIPT_FILENAME and [[http://tools.ietf.org/html/rfc387
[Httpd Wiki] Update of "Development/mod_proxy_fcgi" by JeffTrawick
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "Development/mod_proxy_fcgi" page has been changed by JeffTrawick: https://wiki.apache.org/httpd/Development/mod_proxy_fcgi New page: Eric's quick notes: (Jeff will work these into the table) * examples need to account for php-fpm (how URLs and or paths are passed) * fixes for CGI variables in different configurations (sethandler vs. proxypass) * fixup r->filename right before adding CGI vars, maybe directory walk * path info calculation probably needs multiple modes. Maybe expr based? * further doc for worker matching stuff with ProxySet * provide a convenience/less verbose directive to configure SetHandler * a backend worker * doc SetHandler advantages * change compile-time diag stuff to trace8 * need to port mod_proxy_http or mod_fcgid body spooling / content length passing * would be nice to have a non php-fpm fastcgi server to sanity check with so we don't end up with too many php-fpm-isms * figure out / make sure balancer examples work with php-fpm and/or setHandler == Bugs and other issues to investigate and fix == || '''Bugzilla''' || Difficulty to resolve || Severity || Commonality || Description || Notes || || [[https://issues.apache.org/bugzilla/show_bug.cgi?id=48272|48272]] || Low || Low || Low || || Bug is for an old crash that is now fixed, but sf points out something else that should be investigated || || [[https://issues.apache.org/bugzilla/show_bug.cgi?id=55329|55329]] || Low || Moderate (script portability) || Low || mod_proxy_fcgi does not urldecode PATH_INFO || || || [[https://issues.apache.org/bugzilla/show_bug.cgi?id=56188|56188]] || High || Moderate || Low || send FCGI_ABORT_REQUEST on client disconnect || maybe there is a simple case that could be covered without async processing || || [[https://issues.apache.org/bugzilla/show_bug.cgi?id=55415|55415]] || Low || Moderate || Low || Proxy loop caused by ProxyErrorOverride and ErrorDocument 404 || || || [[https://issues.apache.org/bugzilla/show_bug.cgi?id=57087|57087]] || High || Moderate || Low || spool chunked request body to calculate CONTENT_LENGTH || mod_request enhancement? || || [[https://issues.apache.org/bugzilla/show_bug.cgi?id=51517|51517]] || ?? || Moderate || Moderate || SCRIPT_FILENAME, PATH_INFO || || == Fixed in trunk but not in 2.4.x == * 56855 (backport CGIPassAuth) * 57198 (backport 304 fix) - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Trivial Update of "FrontPage" by pctony
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "FrontPage" page has been changed by pctony: https://wiki.apache.org/httpd/FrontPage?action=diff&rev1=87&rev2=88 Comment: 2nd test - = pctony = = Apache HTTP Server Wiki = This is a wiki containing user-contributed recipes, tips, and tricks for the Apache HTTP Server (aka ''Apache Web Server'' or httpd). - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "FrontPage" by pctony
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "FrontPage" page has been changed by pctony: https://wiki.apache.org/httpd/FrontPage?action=diff&rev1=86&rev2=87 Comment: test change on the test wiki host + = pctony = = Apache HTTP Server Wiki = This is a wiki containing user-contributed recipes, tips, and tricks for the Apache HTTP Server (aka ''Apache Web Server'' or httpd). - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "pctony" by pctony
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "pctony" page has been changed by pctony: https://wiki.apache.org/httpd/pctony?action=diff&rev1=18&rev2=19 Comment: Remove my emaila ddress - use this as a performance test following the drop of 800k users == pctony == - Email: <> Read my blog, [[http://blog.pc-tony.com/|here]] - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Trivial Update of "OCSPStapling" by JeffTrawick
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change
notification.
The "OCSPStapling" page has been changed by JeffTrawick:
https://wiki.apache.org/httpd/OCSPStapling?action=diff&rev1=3&rev2=4
Comment:
formatting fix in FreeBSD section
FreeBSD 9 and 10 Port Package “apache24”
- The normal default {{{httpd-ssl.conf}}} file is in the directory
{{{/usr/local/etc/apache24/extra}}}; that contains global SSL settings as well
as settings for the default SSL-enabled virtual host. The default
configuration uses the directory {{/var/run}} for the location of cache and
other run-time files, so the two minimal lines required to enable OCSP Stapling
with this distribution are
+ The normal default {{{httpd-ssl.conf}}} file is in the directory
{{{/usr/local/etc/apache24/extra}}}; that contains global SSL settings as well
as settings for the default SSL-enabled virtual host. The default
configuration uses the directory {{{/var/run}}} for the location of cache and
other run-time files, so the two minimal lines required to enable OCSP Stapling
with this distribution are
{{{
SSLUseStapling On
-
To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org
For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "OCSPStapling" by JeffTrawick
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change
notification.
The "OCSPStapling" page has been changed by JeffTrawick:
https://wiki.apache.org/httpd/OCSPStapling?action=diff&rev1=2&rev2=3
Comment:
mention runtime file path on FreeBSD when using the config in the Port
Collection apache24
FreeBSD 9 and 10 Port Package “apache24”
- The normal default {{{httpd-ssl.conf}}} file is in the directory
{{{/usr/local/etc/apache24/extra}}}; that contains global SSL settings as well
as settings for the default SSL-enabled virtual host.
+ The normal default {{{httpd-ssl.conf}}} file is in the directory
{{{/usr/local/etc/apache24/extra}}}; that contains global SSL settings as well
as settings for the default SSL-enabled virtual host. The default
configuration uses the directory {{/var/run}} for the location of cache and
other run-time files, so the two minimal lines required to enable OCSP Stapling
with this distribution are
+
+ {{{
+ SSLUseStapling On
+ SSLStaplingCache shmcb:/var/run/ssl_stapling(32768)
+ }}}
+
+ These lines can be placed just before the {{{## SSL Virtual Host Context}}}
comment.
Non-default virtual host configurations will likely be stored in the
directory {{{/usr/local/etc/apache24/Includes}}}.
-
To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org
For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Trivial Update of "OCSPStapling" by JeffTrawick
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "OCSPStapling" page has been changed by JeffTrawick: https://wiki.apache.org/httpd/OCSPStapling?action=diff&rev1=1&rev2=2 Comment: formatting Note: Some distributors of httpd, including Linux vendors, use a particular httpd 2.4.x version for the life of the related product, and choose to selectively apply fixes to that codebase without fully upgrading httpd to a new version. Any stapling-related fixes which vendors have backported to an older 2.4.x version are not reflected in the following table. - || '''First open source release with fix''' || '''Considerations''' || Description || + || '''First open source release with fix''' || '''Considerations''' || '''Description''' || || 2.4.11 || If you don’t have the crash, you don’t care about this bug. || PR 54357 – crash at startup or restart with stapling enabled in some configurations || || 2.4.10 || The fix only affects certificates with no responder (rare). || Better handling for certificates with no responder || - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Trivial Update of "Get24" by JeffTrawick
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "Get24" page has been changed by JeffTrawick: https://wiki.apache.org/httpd/Get24?action=diff&rev1=1&rev2=2 Comment: minor wordsmithing The "official" [[http://httpd.apache.org/docs/2.4/new_features_2_4.html|list of reasons to upgrade]] is long but admittedly quite boring. The key takeaways for 2.4 are - * all sorts configuration improvements + * all sorts of configuration improvements * Event MPM as the commonly used processing model on Unix, with drastically reduced thread requirements, even compared with the experimental Event MPM with 2.2 * numerous improvements in support of lean web server configurations which communicate with web applications running out of process - * new SSL features such as support for Elliptic Curve keys, OCSP for client certificates, OCSP Stapling for server certificates + * new SSL features such as support for Elliptic Curve keys, OCSP for validating client certificate status, and OCSP Stapling to allow clients to validate server certificate status You need this stuff! @@ -19, +19 @@ As time goes on, more and more OS distributions are including httpd 2.4. Even when they don't, even versions from several years ago may include a version of OpenSSL new enough to support modern protocols (as well as httpd 2.4). - || '''Distribution/version''' || '''Has httpd 2.4?''' || '''If not, has sufficient OpenSSL?''' || + || '''Distribution/version''' || '''Has httpd 2.4?''' || '''If not: Platform has sufficient OpenSSL?''' || || Debian Wheezy || No (httpd 2.2.22) || Yes || || Fedora 20 || Yes || -- || || FreeBSD Ports for FreeBSD 9 and 10 || Yes || -- || - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "Get24" by JeffTrawick
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "Get24" page has been changed by JeffTrawick: https://wiki.apache.org/httpd/Get24 Comment: initial page New page: = Get 2.4 = What are you waiting for? httpd 2.4 has been the preferred stable release since 2012; httpd 2.2 is still supported, but it first appeared in 2006 and we won't keep updating it forever. Start moving to 2.4 before you have to. The "official" [[http://httpd.apache.org/docs/2.4/new_features_2_4.html|list of reasons to upgrade]] is long but admittedly quite boring. The key takeaways for 2.4 are * all sorts configuration improvements * Event MPM as the commonly used processing model on Unix, with drastically reduced thread requirements, even compared with the experimental Event MPM with 2.2 * numerous improvements in support of lean web server configurations which communicate with web applications running out of process * new SSL features such as support for Elliptic Curve keys, OCSP for client certificates, OCSP Stapling for server certificates You need this stuff! Some of the drag on the uptake of 2.4 has been due to Linux distribution cycles, but there are also plenty of cases where the documented configuration for using third-party software with httpd is some old and heavy mechanism from when you were in high school, and the promoted configuration for nginx is a lean web server setup with segregation between front-end and application. == httpd bundled with the OS == As time goes on, more and more OS distributions are including httpd 2.4. Even when they don't, even versions from several years ago may include a version of OpenSSL new enough to support modern protocols (as well as httpd 2.4). || '''Distribution/version''' || '''Has httpd 2.4?''' || '''If not, has sufficient OpenSSL?''' || || Debian Wheezy || No (httpd 2.2.22) || Yes || || Fedora 20 || Yes || -- || || FreeBSD Ports for FreeBSD 9 and 10 || Yes || -- || || openSUSE 12.3 || No (httpd 2.2.22) || Yes || || openSUSE 13.1, 13.2 || Yes || -- || || RHEL/CentOS 6 || No (httpd 2.2.15) || Yes || || RHEL/CentOS 7 || Yes || -- || || Ubuntu 14 || Yes || -- || || Ubuntu 12 || No (httpd 2.2.?) || Yes || For situations with a sufficient level of OpenSSL bundled, other support libraries such as Expat, PCRE, and zlib are also bundled. You just need to build apr 1.latest, apr-util 1.latest, and httpd 2.4.latest. == Modern ways to configure applications with httpd == Where "Modern" == lean web server proxying application requests to separate processes * [[PHP-FPM|For PHP applications]] * [[http://emptyhammock.com/projects/info/pyweb/|For Python applications]] - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
[Httpd Wiki] Update of "SSL" by JeffTrawick
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification. The "SSL" page has been changed by JeffTrawick: https://wiki.apache.org/httpd/SSL?action=diff&rev1=4&rev2=5 Comment: link to OCSPStapling * [[NameBasedSSLVHosts]] - Name-Based VirtualHosts and SSL * [[NameBasedSSLVHostsWithSNI]] - SSL with Virtual Hosts Using SNI + * [[OCSPStapling]] - Enabling OCSP Stapling * [[RedirectSSL]] - Redirect Request to SSL * [[RewriteSSL]] - Force SSL for a certain URLs * [[RemoveSSLCertPassPhrase]] - Remove SSL Certificate Passphrase - To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
