Re: [users@httpd] Directory matching when Location should match
hello Andy, one possible solution to your problem will be an additional VirtualHost on port 80 for server-status. Christian -- asknet AG * Vincenz-Priessnitz-Str. 3 * D-76131 Karlsruhe fon: +49 721 96458 6445 * fax: +49 721 96458 9445 * web: http://www.asknet.com executive board: Tobias Kaulfuss (CEO), Ute Imhof (COO) chairman of the supervisory board: Dr. Joachim Bernecker * HRB 108713 Mannheim On Thu, Jul 23, 2015 at 03:45:06PM +0200, Andreas Ley wrote: Hello! I have a configuration (apache 2.2, soon 2.4) which basically is VirtualHost 10.1.2.3:80 DocumentRoot /var/www Location /server-status SetHandler server-status /Location Directory /var/www/ RewriteEngine On RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} /Directory /VirtualHost (of course there is another VirtualHost on port 443) I want to redirect all requests for _filesystem_ objects to a secure connection, but the non-filesystem object served via a handler should be available unencrypted. (FYI: I use the server-status for health check by a loadbalancer, but the documents are protected by shibboleth) However, also requests for /server-status get redirected :( Documentation says Enclose a group of directives that apply only to the named file-system directory, sub-directories, and their contents. Cleary /server-status is not within /var/www ... My naive imagination would be that apache performs a url-to-filesystem- path conversion, and only if the outcome really is a directory or a file, then applies the corresponding directives. Either this is not the case, or I'm missing something completly :( There is a hidden hint in the docs for RewriteCond: REQUEST_FILENAME The full local filesystem path to the file or script matching the request, if this has already been determined by the server at the time REQUEST_FILENAME is referenced. Otherwise, such as when used in virtual host context, the same value as REQUEST_URI. Depending on the value of AcceptPathInfo, the server may have only used some leading components of the REQUEST_URI to map the request to a file. After reading this, I tried RewriteCond %{LA-U:REQUEST_FILENAME} /var/www/.* with no effect :( Is there anybody familiar enough with how apache's working to explain what's happening here? Or better yet, does somebody have any idea how to accomplish what I'm seeking to do, i.e. redirecting all filesystem objects while leaving alone all virtual URLs? TIA, Andy -- Andreas Ley, SCC, Karlsruhe Institute of Technology (KIT), D-76128 Karlsruhe E-Mail: andreas@kit.edu, Telephone: +49 721 608 46341, Fax: +49 721 32550 From the home of the imaginary deadlines: It will take 2i weeks to do that project. -- Michael Sinz - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] SSL Session Id lost?
Hi I have tried to put SSLSessionTickets off to httpd.conf and httpd-ssl.conf but the result is still the same. Regards, Alex. El dj., 23 jul. 2015 a les 23:03, Yann Ylavic (ylavic@gmail.com) va escriure: On Thu, Jul 23, 2015 at 3:50 PM, Alex Soto asot...@gmail.com wrote: It seems that everything is configured correctly since sometimes works. Have you ever found something similar or knows what it can be happening? Do you think that maybe the problem is on client (browser) side? We say that there is something in Apache Httpd since I have modified what was printed in access_log file to print the ssl session id as second parameter. And I get next: (LogFormat %H %{SSL_SESSION_ID}e %h %l %u %t \%r\ %s %b) HTTP/1.1 - 172.17.42.1 - - [09/Jul/2015:09:15:06 +] GET /hello/hello HTTP/1.1 200 89 This is because the SSL_SESSION_ID is not always available on the TLS side, when session tickets are used at first. It's up to the client to generate (or not) a session ID, which is only available on the first session resumption. https://tools.ietf.org/html/rfc5077#section-3.4 for the details. You may configure SSLSessionTickets off to disable session tickets management in TLS (using session IDs only). Regards, Yann. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] SSL Session Id lost?
Ok finally it was the combination of the flag you mention with other flags. Now everything works, thank you so much. Alex. El dv., 24 jul. 2015 a les 9:51, Alex Soto (asot...@gmail.com) va escriure: Hi I have tried to put SSLSessionTickets off to httpd.conf and httpd-ssl.conf but the result is still the same. Regards, Alex. El dj., 23 jul. 2015 a les 23:03, Yann Ylavic (ylavic@gmail.com) va escriure: On Thu, Jul 23, 2015 at 3:50 PM, Alex Soto asot...@gmail.com wrote: It seems that everything is configured correctly since sometimes works. Have you ever found something similar or knows what it can be happening? Do you think that maybe the problem is on client (browser) side? We say that there is something in Apache Httpd since I have modified what was printed in access_log file to print the ssl session id as second parameter. And I get next: (LogFormat %H %{SSL_SESSION_ID}e %h %l %u %t \%r\ %s %b) HTTP/1.1 - 172.17.42.1 - - [09/Jul/2015:09:15:06 +] GET /hello/hello HTTP/1.1 200 89 This is because the SSL_SESSION_ID is not always available on the TLS side, when session tickets are used at first. It's up to the client to generate (or not) a session ID, which is only available on the first session resumption. https://tools.ietf.org/html/rfc5077#section-3.4 for the details. You may configure SSLSessionTickets off to disable session tickets management in TLS (using session IDs only). Regards, Yann. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Re: Request Entity Too Large
Hi Yehuda, Am I looking at catalina.out for the 413 error, or some other log on the Tomcat server? Thanks, Larry Cohen On Thu, Jul 23, 2015 at 5:04 PM, Cohen, Laurence lco...@novetta.com wrote: Hi everyone, We are suddenly having the following problem on several of our servers, and I have not been able to find a solution on the internet that has resolved it. Our configuration is the following. Apache httpd 2.2.3 running on RHEL5 Tomcat 7, also running on RHEL5 When we try to upload a file bigger than a few megabytes, we get the following error: The requested resource /dse/submissions/100103040/add_file does not allow request data with POST requests, or the amount of data provided in the request exceeds the capacity limit I've tried to figure out what the maximum size file is, but the problem will occur on a file, and then we try the same file a few minutes later and it works. I tried setting LimitRequestBody to 0, which I believe is the default anyway, but it had no effect either way. If anyone has any ideas, please let me know. Thanks, Larry Cohen -- [image: www.novetta.com] Larry Cohen System Administrator 12021 Sunset Hills Road, Suite 400 Reston, VA 20190 Email lco...@novetta.com Office 703-885-1064
Re: [users@httpd] Re: Request Entity Too Large
I am not familiar enough with Tomcat to say for sure. It might also depend on your application. - Y On Fri, Jul 24, 2015 at 10:55 AM, Cohen, Laurence lco...@novetta.com wrote: Hi Yehuda, Am I looking at catalina.out for the 413 error, or some other log on the Tomcat server? Thanks, Larry Cohen On Thu, Jul 23, 2015 at 5:04 PM, Cohen, Laurence lco...@novetta.com wrote: Hi everyone, We are suddenly having the following problem on several of our servers, and I have not been able to find a solution on the internet that has resolved it. Our configuration is the following. Apache httpd 2.2.3 running on RHEL5 Tomcat 7, also running on RHEL5 When we try to upload a file bigger than a few megabytes, we get the following error: The requested resource /dse/submissions/100103040/add_file does not allow request data with POST requests, or the amount of data provided in the request exceeds the capacity limit I've tried to figure out what the maximum size file is, but the problem will occur on a file, and then we try the same file a few minutes later and it works. I tried setting LimitRequestBody to 0, which I believe is the default anyway, but it had no effect either way. If anyone has any ideas, please let me know. Thanks, Larry Cohen -- [image: www.novetta.com] Larry Cohen System Administrator 12021 Sunset Hills Road, Suite 400 Reston, VA 20190 Email lco...@novetta.com Office 703-885-1064
[users@httpd] Re: Request Entity Too Large
It seems that the problem I'm having started when we went to mod_nss from mod_ssl. In ssl.conf we were able to set the sslrenegbuffersize to a high number. I can't seem to find an equivalent to the parameter that will work in any of our conf files. The httpd.conf is including rewrite.conf and nss.conf, but if I put the sslrenegbuffersize in any of these files and restart httpd, it doesn't start up. Would anyone know what the equivalent parameter is in nss.conf, or the other conf files that we are using? Thanks, Larry Cohen On Thu, Jul 23, 2015 at 5:04 PM, Cohen, Laurence lco...@novetta.com wrote: Hi everyone, We are suddenly having the following problem on several of our servers, and I have not been able to find a solution on the internet that has resolved it. Our configuration is the following. Apache httpd 2.2.3 running on RHEL5 Tomcat 7, also running on RHEL5 When we try to upload a file bigger than a few megabytes, we get the following error: The requested resource /dse/submissions/100103040/add_file does not allow request data with POST requests, or the amount of data provided in the request exceeds the capacity limit I've tried to figure out what the maximum size file is, but the problem will occur on a file, and then we try the same file a few minutes later and it works. I tried setting LimitRequestBody to 0, which I believe is the default anyway, but it had no effect either way. If anyone has any ideas, please let me know. Thanks, Larry Cohen -- [image: www.novetta.com] Larry Cohen System Administrator 12021 Sunset Hills Road, Suite 400 Reston, VA 20190 Email lco...@novetta.com Office 703-885-1064
Re: [users@httpd] Apache Performance Question
Thank you so much Philip, another question. I see MaxClients in 2 files: extra\httpd-mpm.conf and original\extra\httpd-mpm.conf I assume I should change the one in extra directory or? Also, I see in both of these files, 3 areas: prefork MPM (set to 150), worker MPM (set to 150), and BeOS MPM (set to 50). I assume I use the worker MPM or? And what should I set it to In regards to ServerLimit, I see it in none of Apache 2.2 config files. Where do I find this? Much appreciated On Thu, Jul 23, 2015 at 5:14 AM, Philip Wigg p...@philipwigg.co.uk wrote: Hi, There is a limit on the number of concurrent connections that Apache will serve. See if you can find the 'LogLevel' directive in your configuration and then set it to 'info'. Apache will then print warnings in your error log if you're reaching those limits. http://httpd.apache.org/docs/2.2/mod/core.html#loglevel You can also use the /server-status page to check this:- http://httpd.apache.org/docs/2.2/mod/mod_status.html or for a rough point-in-time estimate you can simply use 'netstat' to see how many established connections you have to your HTTP port (probably port 80). The command:- netstat -tan | grep ':80' | grep EST | wc -l is quite possibly what you need depending on your OS and Apache version which will count the established connections to port 80 on Linux. If you do need to increase the number of concurrent connections, you will probably need to raise MaxClients and ServerLimit. See - http://httpd.apache.org/docs/2.2/mod/mpm_common.html#maxclients Hope that helps. Phil. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org -- Dino Buljubasic Cell: (604) 441-3560
Re: [users@httpd] Re: Request Entity Too Large
Thanks Yehuda. On Fri, Jul 24, 2015 at 2:55 PM, Yehuda Katz yeh...@ymkatz.net wrote: If you are sure the problem is with nss, you will probably get more help on their mailing list: https://www.redhat.com/mailman/listinfo/mod_nss-list - Y On Fri, Jul 24, 2015 at 1:22 PM, Cohen, Laurence lco...@novetta.com wrote: It seems that the problem I'm having started when we went to mod_nss from mod_ssl. In ssl.conf we were able to set the sslrenegbuffersize to a high number. I can't seem to find an equivalent to the parameter that will work in any of our conf files. The httpd.conf is including rewrite.conf and nss.conf, but if I put the sslrenegbuffersize in any of these files and restart httpd, it doesn't start up. Would anyone know what the equivalent parameter is in nss.conf, or the other conf files that we are using? Thanks, Larry Cohen On Thu, Jul 23, 2015 at 5:04 PM, Cohen, Laurence lco...@novetta.com wrote: Hi everyone, We are suddenly having the following problem on several of our servers, and I have not been able to find a solution on the internet that has resolved it. Our configuration is the following. Apache httpd 2.2.3 running on RHEL5 Tomcat 7, also running on RHEL5 When we try to upload a file bigger than a few megabytes, we get the following error: The requested resource /dse/submissions/100103040/add_file does not allow request data with POST requests, or the amount of data provided in the request exceeds the capacity limit I've tried to figure out what the maximum size file is, but the problem will occur on a file, and then we try the same file a few minutes later and it works. I tried setting LimitRequestBody to 0, which I believe is the default anyway, but it had no effect either way. If anyone has any ideas, please let me know. Thanks, Larry Cohen -- [image: www.novetta.com] Larry Cohen System Administrator 12021 Sunset Hills Road, Suite 400 Reston, VA 20190 Email lco...@novetta.com Office 703-885-1064 -- [image: www.novetta.com] Larry Cohen System Administrator 12021 Sunset Hills Road, Suite 400 Reston, VA 20190 Email lco...@novetta.com Office 703-885-1064
Re: [users@httpd] Re: Request Entity Too Large
If you are sure the problem is with nss, you will probably get more help on their mailing list: https://www.redhat.com/mailman/listinfo/mod_nss-list - Y On Fri, Jul 24, 2015 at 1:22 PM, Cohen, Laurence lco...@novetta.com wrote: It seems that the problem I'm having started when we went to mod_nss from mod_ssl. In ssl.conf we were able to set the sslrenegbuffersize to a high number. I can't seem to find an equivalent to the parameter that will work in any of our conf files. The httpd.conf is including rewrite.conf and nss.conf, but if I put the sslrenegbuffersize in any of these files and restart httpd, it doesn't start up. Would anyone know what the equivalent parameter is in nss.conf, or the other conf files that we are using? Thanks, Larry Cohen On Thu, Jul 23, 2015 at 5:04 PM, Cohen, Laurence lco...@novetta.com wrote: Hi everyone, We are suddenly having the following problem on several of our servers, and I have not been able to find a solution on the internet that has resolved it. Our configuration is the following. Apache httpd 2.2.3 running on RHEL5 Tomcat 7, also running on RHEL5 When we try to upload a file bigger than a few megabytes, we get the following error: The requested resource /dse/submissions/100103040/add_file does not allow request data with POST requests, or the amount of data provided in the request exceeds the capacity limit I've tried to figure out what the maximum size file is, but the problem will occur on a file, and then we try the same file a few minutes later and it works. I tried setting LimitRequestBody to 0, which I believe is the default anyway, but it had no effect either way. If anyone has any ideas, please let me know. Thanks, Larry Cohen -- [image: www.novetta.com] Larry Cohen System Administrator 12021 Sunset Hills Road, Suite 400 Reston, VA 20190 Email lco...@novetta.com Office 703-885-1064
Re: [users@httpd] Fwd: SSI directives not working on page used in ErrorDocument directive
So I assumed that even though my ErrorDocument was defined outside of the directory where I have SSI parsing enabled it woudl be alright since it references a file that is stored i that directory. This does not seem to be the case though as when I added AddOutputFilter INCLUDES .html before the ErrorDocument definition it now functions. Thanks for the suggestions. On Thu, Jul 23, 2015 at 10:36 PM, Yehuda Katz yeh...@ymkatz.net wrote: What mechanism are you using to have SSI work on .html pages? I have no problem getting SSI to work when my page extension is .shtml: This is my very simple test which works perfectly: .htaccess: Options +Includes ErrorDocument 404 /error.shtml error.shtml: Last modified: !--#echo var=LAST_MODIFIED -- Produces: Last modified: Thursday, 23-Jul-2015 23:34:55 Eastern Daylight Time Does it work for you if you use .shtml? - Y On Thu, Jul 23, 2015 at 4:06 PM, eigenbra...@gmail.com wrote: Forgot to include my question, Is there some additional step you have to take to get SSI to function on an ErrorDocument page? Thanks - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org