Re: [users@httpd] Multi site SSL problems

[Frank Gingras]

On Fri, May 10, 2024 at 5:53 PM Tatsuki Makino 
wrote:

> Hello.
>
> By the way, do you have the setting enabled to use the Host header used to
> switch NameVirtualHost during TLS negotiation?
> I don't know how to do that since the Japanese documentation is rarely
> updated :)
> Were those things implemented?
>
> Regards.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
Tatsuki,

You're thinking of SNI, and it works out of the box with OpenSSL 0.9.8f or
later, and with NameVirtualHost *:443.

So, again, I highly recommend using *:PORT to define all your vhosts,
unless you know exactly what you are doing.

Re: [users@httpd] Multi site SSL problems

[Frank Gingras]

On Fri, May 10, 2024 at 4:10 PM John  wrote:

> On Fri, 2024-05-10 at 15:48 -0400, Sean Conner wrote:
> > It was thus said that the Great Chris me once stated:
> > > I set up each entry with  but when I do that, the
> > > second site will complain that the cert is for site1. So if I go to
> > > site2.com, I get a browser error that the cert is for site1. It will
> show
> > > me the content for site1.
> >
> >   On my development server, I have the following:
> >
> > 
> >   ServerName  playground.roswell.area51
> >   SSLEngine   on
> >   SSLCertificateFile  /home/spc/web/playground/cert.pem
> >   SSLCertificateKeyFile   /home/spc/web/playground/key.pem
> >   ...
> > 
> >
> > 
> >   ServerName  wiki.roswell.area51
> >   SSLEngine   on
> >   SSLCertificateFile  /home/spc/web/wiki/cert.pem
> >   SSLCertificateKeyFile   /home/spc/web/wiki/key.pem
> >   ...
> > 
> >
> > > I am not sure how to do this part:
> > > Do not use the 2.2 authz directives (Allow/Deny/Order) and use Require
> instead
> > > I am running Apache 2.2, does it still apply?
> > > It does not look like mod_access_compat is listed under mods-enabled
> >
> >   That I don't remember as I've been running Apache 2.4 for a couple of
> > years now.
> >
> >   -spc
> >
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> > For additional commands, e-mail: users-h...@httpd.apache.org
> >
> Typo in the 2nd virtual host "1932.168.1.10:"  probably should be
> "192.168.1.10"
>
> John
> ==
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
Show the apachectl -S output, and each vhost.  Make sure that every single
:443 vhost has SSLEngine on and SSLCertificateFile set.

Re: [users@httpd] Multi site SSL problems

[Frank Gingras]

On Thu, May 9, 2024 at 6:54 PM Chris me  wrote:

> Hi, I am having an issue trying to get multiple sites with their own SSL
> cert. I purchased AlphaSSL certs for them.
>
> The strange thing, the first cert works, the second gives me an
> ERR_SSL_PROTOCOL_ERROR, but only on some systems.
>
>
>
> This is what I am using now:
>
>
>
> (
>
> Site1 is fine, Site2 gives me the error.
>
>
>
> I originally tried with NameVirtualHost *.443
>
> And then 
>
> But when I go to site2, it complains that the cert is invalid because it
> is using the cert from site1?
>
> )
>
>
>
>
>
> 
>
> NameVirtualHost 192.99.9.188:443
>
>
>
> 
>
> ServerName www.site1.com
>
> ServerAdmin webmas...@site1.com
>
> DocumentRoot /home/httpd/sites/site1
>
> 
>
>
>
> Order allow,deny
>
> Allow from all
>
> 
>
>
>
> SSLEngine on
>
> SSLProtocol all -SSLv2 -SSLv3
>
> SSLCertificateFile/etc/ssl/site1.ca/server.crt
>
> SSLCertificateKeyFile /etc/ssl/site1.ca/server.key
>
> SSLCertificateChainFile /etc/ssl/site1.ca/bundle.crt
>
> 
>
>
>
> 
>
> ServerName www.site2.com
>
> ServerAdmin webmas...@site2.com
>
> DocumentRoot /home/httpd/sites/site2
>
> 
>
>
>
> Order allow,deny
>
> Allow from all
>
> 
>
>
>
> SSLEngine on
>
> SSLProtocol all -SSLv2 -SSLv3
>
> SSLCertificateFile/etc/ssl/site2.ca/server.crt
>
> SSLCertificateKeyFile /etc/ssl/site2.ca/server.key
>
> SSLCertificateChainFile /etc/ssl/site2.ca/bundle.crt
>
> 
>
> 
>

So many red flags here:

- Always use *:PORT when defining a vhost, unless you know exactly what you
are doing
- Set the ServerName directive in every single vhost
- Do not use the 2.2 authz directives (Allow/Deny/Order) and use Require
instead
- Unload the mod_access_compat module when apachectl configtest passes

Lastly, show the output from apachectl -S when the fixes are applied

Re: [users@httpd] Stripping query string except from specific URL

[Frank Gingras]

On Sun, Apr 28, 2024 at 4:05 PM Dave Wreski
 wrote:

> Hi,
>
> I'm really quite stuck and hoped you could help.
>
> My apologies - the output was from wget, as that's what I typically use.
>>
>> $ curl 'https://guardiandigital.com/resources/blog?start=48'
>> 
>> 
>> 301 Moved Permanently
>> 
>> Moved Permanently
>> The document has moved https://guardiandigital.com/index.php;
>> >here.
>> 
>>
>>
>>
> The next step is to find out where the 301 is coming from - your rules
> will generate a 302.
>
> That may have been the result of me trying many different things and
> getting a bit confused (again). Here's what I know - when I insert the
> following code into my virtual host config, it strips the query string off
> the pages that don't involve /resources/blog, but redirects to a 404 when
> attempting to access a page involving "/resources/blog" and the "?start="
> query string.
>
> RewriteCond %{REQUEST_URI} !/resources/blog
> RewriteCond %{QUERY_STRING} ^start=\d+$
> RewriteRule (.*)   /$1?[L,R=301,QSD]
>
> [Sun Apr 28 15:40:02.614893 2024] ... rewrite 'resources/blog' ->
> 'index.php'
> [Sun Apr 28 15:40:02.614921 2024] ... internal redirect with /index.php
> [INTERNAL REDIRECT]
>
> If I don't involve the first RewriteCond, it successfully strips off the
> start= from every URL I tried.
>
> What does "INTERNAL REDIRECT" mean? Is that something done outside of
> apache? Perhaps by joomla? I believe there are other relevant redirects
> after these, but it's very difficult to isolate what's relevant.
>
>
>
The internal redirect is the result of your rewrite rule, without a fully
qualified URL as a target.

Side note: the "rewrite 'resources/blog' -> 'index.php'" line seems to
contradict your RewriteCond logic, so increasing the verbosity of the
logging and looking at the previous lines will help fix that.

Re: [users@httpd] Stripping query string except from specific URL

[Frank Gingras]

On Wed, Apr 24, 2024 at 7:05 PM Dave Wreski
 wrote:

>
> 13 62.111.193.42 - - [24/Apr/2024:15:19:36 -0400] "GET /index.php
>> HTTP/1.1" 200 33921 r:"-" "Wget/1.21.4" X:"SAMEORIGIN" 0/129431
>> 573/35481/33921 H:HTTP/1.1 U:/index.php gd443 s:200
>>
>
> It did exactly what you asked, yes.
>
> Further, I asked you to use curl to see if you get redirected from
> https://guardiandigital.com/index.php to another URL, but you seem to
> have ignored that part of the answer.
>
> My apologies - the output was from wget, as that's what I typically use.
>
> $ curl 'https://guardiandigital.com/resources/blog?start=48'
> 
> 
> 301 Moved Permanently
> 
> Moved Permanently
> The document has moved https://guardiandigital.com/index.php;
> >here.
> 
>
>
>
The next step is to find out where the 301 is coming from - your rules will
generate a 302.

Re: [users@httpd] Stripping query string except from specific URL

[Frank Gingras]

On Wed, Apr 24, 2024 at 4:58 PM Dave Wreski
 wrote:

> Hi,
>
> We have a situation where we need to strip a query string from all URLs
>>> except ones matching a particular pattern. However, when I try the rules
>>> below, it redirects to the homepage for some reason.
>>>
>>> In this example, I'd like to strip off the query string from all URLs
>>> except those involving /resources/blog:
>>>
>>> RewriteCond %{REQUEST_URI} !/resources/blog
>>> RewriteCond %{QUERY_STRING} ^start=
>>> RewriteRule (.*)   https://guardiandigital.com$1[L,QSD]
>>>
>>> What am I missing?
>>>
>>> Thanks,
>>> Dave
>>>
>>>
>>>
>> To remove the query string, see the QSD flag, or append a ? at the end of
>> the target.
>>
>> That's what I'm doing, I think. What am I missing? It just redirects to
>> the homepage somehow.
>>
>> Shouldn't I be able to stack RewriteConds in this way, followed by a
>> RewriteRule?
>>
>> I have no idea what could be wrong.
>>
>
> Test with curl, and see if you get redirected after the fact.
>
> I've enabled trace3 to try and figure this out. But line 8 says
> "discarding query string, no parse from substitution" and I don't know why
> or what really that means.
>
> 1 [Wed Apr 24 15:19:36.440500 2024] [rewrite:trace2] [pid 748062:tid
> 748212] mod_rewrite.c(493): [client 62.111.193.42:0] 62.111.193.42 - - [
> guardiandigital.com/sid#55743f0bbb58][rid#7f9cd4016af0/initial
> ]
> init rewrite engine with requested uri /resources/blog
>
> 2 [Wed Apr 24 15:19:36.445306 2024] [rewrite:trace1] [pid 748062:tid
> 748212] mod_rewrite.c(493): [client 62.111.193.42:0] 62.111.193.42 - - [
> guardiandigital.com/sid#55743f0bbb58][rid#7f9cd4016af0/initial
> ]
> pass through /resources/blog
>
> 3 [Wed Apr 24 15:19:36.449369 2024] [rewrite:trace3] [pid 748062:tid
> 748212] mod_rewrite.c(493): [client 62.111.193.42:0] 62.111.193.42 - - [
> guardiandigital.com/sid#55743f0bbb58][rid#7f9cd4016af0/initial
> ]
> [perdir /home/docroot/] applying pattern '.*' to uri 'resources/blog'
>
> 4 [Wed Apr 24 15:19:36.449413 2024] [rewrite:trace2] [pid 748062:tid
> 748212] mod_rewrite.c(493): [client 62.111.193.42:0] 62.111.193.42 - - [
> guardiandigital.com/sid#55743f0bbb58][rid#7f9cd4016af0/initial
> ]
> [perdir /home/docroot/] rewrite 'resources/blog' -> 'index.php'
>
> 5 [Wed Apr 24 15:19:36.449453 2024] [rewrite:trace1] [pid 748062:tid
> 748212] mod_rewrite.c(493): [client 62.111.193.42:0] 62.111.193.42 - - [
> guardiandigital.com/sid#55743f0bbb58][rid#7f9cd4016af0/initial
> ]
> [perdir /home/docroot/] internal redirect with /index.php [INTERNAL
> REDIRECT]
>
> 6 [Wed Apr 24 15:19:36.449830 2024] [rewrite:trace3] [pid 748062:tid
> 748212] mod_rewrite.c(493): [client 62.111.193.42:0] 62.111.193.42 - - [
> guardiandigital.com/sid#55743f0bbb58][rid#7f9ccc0e6000/initial/redir#1
> ]
> applying pattern '(.*)' to uri '/index.php'
>
> 7 [Wed Apr 24 15:19:36.449848 2024] [rewrite:trace2] [pid 748062:tid
> 748212] mod_rewrite.c(493): [client 62.111.193.42:0] 62.111.193.42 - - [
> guardiandigital.com/sid#55743f0bbb58][rid#7f9ccc0e6000/initial/redir#1
> ]
> rewrite '/index.php' -> 'https://guardiandigital.com/index.php'
>
> 8 [Wed Apr 24 15:19:36.449857 2024] [rewrite:trace2] [pid 748062:tid
> 748212] mod_rewrite.c(493): [client 62.111.193.42:0] 62.111.193.42 - - [
> guardiandigital.com/sid#55743f0bbb58][rid#7f9ccc0e6000/initial/redir#1
> ]
> discarding query string, no parse from substitution
>
> 9 [Wed Apr 24 15:19:36.449864 2024] [rewrite:trace2] [pid 748062:tid
> 748212] mod_rewrite.c(493): [client 62.111.193.42:0] 62.111.193.42 - - [
> guardiandigital.com/sid#55743f0bbb58][rid#7f9ccc0e6000/initial/redir#1
> ]
> explicitly forcing redirect with https://guardiandigital.com/index.php
>
> 10 [Wed Apr 24 15:19:36.449871 2024] [rewrite:trace1] [pid 748062:tid
> 748212] mod_rewrite.c(493): [client 62.111.193.42:0] 62.111.193.42 - - [
> guardiandigital.com/sid#55743f0bbb58][rid#7f9ccc0e6000/initial/redir#1
> ]
> escaping https://guardiandigital.com/index.php for redirect
>
> 11 [Wed Apr 24 15:19:36.449880 2024] [rewrite:trace1] [pid 748062:tid
> 748212] mod_rewrite.c(493): [client 62.111.193.42:0] 62.111.193.42 - - [
> 

Re: [users@httpd] Stripping query string except from specific URL

[Frank Gingras]

On Wed, Apr 24, 2024 at 12:43 PM Dave Wreski
 wrote:

> Hi,
>
> We have a situation where we need to strip a query string from all URLs
>> except ones matching a particular pattern. However, when I try the rules
>> below, it redirects to the homepage for some reason.
>>
>> In this example, I'd like to strip off the query string from all URLs
>> except those involving /resources/blog:
>>
>> RewriteCond %{REQUEST_URI} !/resources/blog
>> RewriteCond %{QUERY_STRING} ^start=
>> RewriteRule (.*)   https://guardiandigital.com$1[L,QSD]
>>
>> What am I missing?
>>
>> Thanks,
>> Dave
>>
>>
>>
> To remove the query string, see the QSD flag, or append a ? at the end of
> the target.
>
> That's what I'm doing, I think. What am I missing? It just redirects to
> the homepage somehow.
>
> Shouldn't I be able to stack RewriteConds in this way, followed by a
> RewriteRule?
>
> I have no idea what could be wrong.
>
>
>
Test with curl, and see if you get redirected after the fact.

Re: [users@httpd] Stripping query string except from specific URL

[Frank Gingras]

On Fri, Apr 19, 2024 at 11:16 AM Dave Wreski
 wrote:

> Hi,
>
> We have a situation where we need to strip a query string from all URLs
> except ones matching a particular pattern. However, when I try the rules
> below, it redirects to the homepage for some reason.
>
> In this example, I'd like to strip off the query string from all URLs
> except those involving /resources/blog:
>
> RewriteCond %{REQUEST_URI} !/resources/blog
> RewriteCond %{QUERY_STRING} ^start=
> RewriteRule (.*)   https://guardiandigital.com$1[L,QSD]
>
> What am I missing?
>
> Thanks,
> Dave
>
>
>
To remove the query string, see the QSD flag, or append a ? at the end of
the target.

Re: [users@httpd] MTLS Setup issue - Apache HTTP Server and Weblogic

[Frank Gingras]

On Thu, Apr 18, 2024 at 3:22 AM Daiya, Devendra singh
 wrote:

> Hi Team,
>
>
>
> Need help in setting up MTLS between Apache HTTP server and Weblogic
> server (App Server).
>
>
>
> I have gone through few links but those are not working. Post following
> suggested steps I was able to start Apache HTTP server but Application is
> not working. Getting below messages in the Error while accessing the
> application.
>
>
>
> *Could anyone please look at it and share some suggestion on how we should
> setup MTLS b/w Web and App server. Please let me know if any additional
> info needed.*
>
>
>
> *Error message: -*
>
>
>
> "message" : "AH02645: Server name not provided via TLS extension (using
> default/first virtual host)" , "referer" : },
>
> "message" : "AH02008: SSL library error 1 in handshake (server
> hostname:port)" , "referer" : }
>
> "message" : "SSL Library Error: error:1417C0C7:SSL
> routines:tls_process_client_certificate:peer did not return a certificate
> -- No CAs known to server for verification?" , "referer" : }
>
> "message" : "AH01998: Connection closed to child 138 with abortive
> shutdown (server hostname:port , "referer" : }
>
> "message" : "AH01964: Connection to child 24 established (server
> hostname:port)" , "referer" : }
>
> "message" : "AH02645: Server name not provided via TLS extension (using
> default/first virtual host)" , "referer" : }
>
> "message" : "AH02008: SSL library error 1 in handshake (server
> hostname:port)" , "referer" : }
>
> "message" : "SSL Library Error: error:1417C0C7:SSL
> routines:tls_process_client_certificate:peer did not return a certificate
> -- No CAs known to server for verification?" , "referer" : }
>
>
>
> *SSL.conf file has below directives set.*
>
>
>
> SSLEngine on
>
> ProxyRequests Off
>
> RewriteEngine on
>
> SSLProxyEngine on
>
> SSLProxyVerify on
>
> SSLProxyCheckPeerCN off
>
> SSLProxyCheckPeerName off
>
> SSLProxyCheckPeerExpire off
>
> SSLVerifyCLient require
>
> SSLVerifyDepth 10
>
> SSLProxyVerifyDepth 10
>
>
>
> SSLOptions +ExportCertData
>
>
>
> SSLProxyMachineCertificateFile "/apps/certs/Appcert.pem"
>
> SSLProxyCACertificateFile "/apps/certs/trustedca.pem"
>
>
>
> SSLCertificateFile "/path/to/hostname.crt"
>
> SSLCertificateKeyFile "/path/to/hostname.key"
>
> SSLCertificateChainFile "/path/to/hostname.crt"
>
> SSLCACertificateFile "/path/to/trustedca.pem"
>
>
>
>
>
> Thanks.
>
>
>
> *Regards,*
>
> *Devendra*
>

Rough guess:

 http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost

Otherwise, we would need to see the full vhost.

Might be worth running apachectl -S to make sure you don't have
misconfigured / overlapping vhosts, as well.

Re: [users@httpd] openssl comand(s) for https mode on apache 2.4 on windows.

[Frank Gingras]

On Tue, Apr 16, 2024 at 11:11 AM Marc  wrote:

> >
> >
> >   But should your development be not protocol independent? If your
> > code works on http it should also work on https. I am getting sick of
> > these wordpress idiots where they still have hardcoded links everywhere
> > and I can't even convert a website from http to https.
> >
> >
> >
> > Are you saying that I am a wordpress idiot?
> >
>
> No :) Development/management team of wordpress are idiots. They are still
> advising people incorrectly to upgrade eg while distributions are
> backporting security stuff. A developer should just do developing. A
> dentist is also not telling an ophthalmologist what to do. Why do you care
> if you are using http or https? Unless you are developing something
> specific to the https protocol (eg. sni) forget about it.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org


Marc, let's try to be friendly towards users and adopt a more neutral
tone.  New users have questions, and it's normal. Calling folks "idiots"
isn't helping here.

Thanks.

Re: [users@httpd] Cannot Delete a WordPress Database. Trying to Install a Second Database.

[Frank Gingras]

On Mon, Mar 18, 2024 at 12:34 AM  wrote:

> I'll start off by saying I know nothing about servers and the technical
> details of WordPress.
>
>
>
> I had installed WordPress to one of my local hard drives so I can design
> two separate websites and test them both offline. However, when I try to
> connect, the browser displays a page that states there is an error and it
> cannot connect to the database.
>
>
>
> I have not yet designed anything or otherwise created any content. Also,
> since I’m going to design two sites that will have different domain names,
> I decided, that I should have two separate WordPress installations on my
> one server (hard drive). But that was after I had already installed one set
> of the basic WordPress files (but no content yet for the site).
>
>
>
> Given the errors and the fact that I hadn’t created any content, I decided
> it would be better to just uninstall all the WordPress files, then
> reinstall them from scratch. But now, the phpMyAdmin app (via XAMPP) will
> not allow me to drop (delete) the WordPress database. Please see the
> attached screenshot.
>
>
>
> What should I do to 1. remove all traces of WordPress, then 2. install two
> separate copies of the WordPress package (in different folders) on my one
> hard drive?
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>

You are asking the wrong mailing list - neither Wordpress or Phpmyadmin are
supported here.  I would suggest finding the appropriate mailing list for
either, and even trying on the libera.chat IRC network.

Re: [users@httpd] Apache Keeps Crashing in XAMPP.

[Frank Gingras]

On Tue, Mar 5, 2024 at 11:04 PM  wrote:

> Hello.
>
>
>
> I’ve been trying to install WordPress on an external drive on my local
> computer so I can build and test a website locally.
>
>
>
> But I continue to have issues with Apache, which I’m trying to use via the
> XAMPP Control Panel.
>
>
>
> It was advised that I restart XAMPP with the boxes under Service left
> unchecked for both Apache and MySQL, which I did.
>
>
>
> MySQL has started successfully. But Apache still will not start. In the
> log, the error reads...
>
>
>
> 6:09:53 PM [Apache] Error: Apache shutdown unexpectedly.
>
> 6:09:53 PM [Apache] This may be due to a blocked port, missing
> dependencies,
>
> 6:09:53 PM [Apache] improper privileges, a crash, or a shutdown by
> another method.
>
> 6:09:53 PM [Apache] Press the Logs button to view error logs and check
>
> 6:09:53 PM [Apache] the Windows Event Viewer for more clues
>
> 6:09:53 PM [Apache] If you need more help, copy and post this
>
> 6:09:53 PM [Apache] entire log window on the forums
>
>
>
> I thought I changed the port already. So, I guess something else is
> causing Apache to crash. But, what, exactly? I'm not really sure which log
> to check.
>
>
>
> Help, please.
>
>
>

Let's start, again, with the instructions provided to you by that snippet?

Re: [users@httpd] Apache Not Starting via XAMPP.

[Frank Gingras]

On Sun, Mar 3, 2024 at 6:43 PM  wrote:

> Here's an update:
>
> I restarted the XAMPP Control Panel with the boxes under Service left
> unchecked for both Apache and MySQL.
>
> MySQL has started successfully. I'm still having issues starting Apache,
> but now the error is different. It reads...
>
> 6:09:53 PM [Apache] Error: Apache shutdown unexpectedly.
> 6:09:53 PM [Apache] This may be due to a blocked port, missing
> dependencies,
> 6:09:53 PM [Apache] improper privileges, a crash, or a shutdown by
> another method.
> 6:09:53 PM [Apache] Press the Logs button to view error logs and check
> 6:09:53 PM [Apache] the Windows Event Viewer for more clues
> 6:09:53 PM [Apache] If you need more help, copy and post this
> 6:09:53 PM [Apache] entire log window on the forums
>
> I thought I changed the port already. So, I guess something else is
> causing Apache to crash. But, what, exactly? I'm not really sure which log
> to check.
>
> Help, please.
>
> > -Original Message-
> > From: Frank Gingras 
> > Sent: Saturday, March 2, 2024 8:54 PM
> > To: users@httpd.apache.org
> > Subject: Re: [users@httpd] Apache Not Starting via XAMPP.
> >
> > On Fri, Mar 1, 2024 at 8:04 PM  wrote:
> >
> > > Greetings.
> > >
> > > I would like to install WordPress on an external USB drive connected
> > > to my local Windows 11 workstation so I can design and try out new
> > > websites without immediately posting to an online and public hosting
> service.
> > >
> > > To that end, I installed XAMPP on the above-mentioned hard drive and
> > > need to be able to use Apache through the XAMPP control panel.
> > > However, Apache will not start. Every time I try to start Apache the
> > > log in the bottom portion of the XAMPP control panel has a line that
> > > states "Attempting to start Apache service..." and nothing more. And I
> > > can't connect to my localhost using any of my browsers.
> > >
> > > I tried to change, via the Config button, the port associated with
> > > Apache but that didn't work.
> > >
> > > Also, I noticed that, when I open the XAMPP Control Panel (always in
> > > Administrator Mode), the log section in the control panel window
> > > includes, in red,...
> > >
> > > ---
> > > 2:49:58 AM [Apache] Apache Service detected with wrong path
> > > 2:49:58 AM [Apache] Change XAMPP Apache and Control Panel settings or
> > > 2:49:58 AM [Apache] Uninstall/disable the other service manually first
> > > 2:49:58 AM [Apache] Found Path: "C:\Program Files
> > > (x86)\Promise\Pegasus Utility\apache\bin\httpd.exe" -k runservice
> > > 2:49:58 AM [Apache] Expected Path: "i:\xampp\apache\bin\httpd.exe" -k
> > > runservice
> > > ---
> > >
> > > So, Apache was already installed earlier on the startup (C:) drive of
> > > my computer. But, I'm trying to have Apache, MySQL and the rest of the
> > > XAMPP apps reside on my separate (I:) drive, because I want to use
> > > that I: drive to build my new websites offline with WordPress.
> > >
> > > I suppose I could uninstall/remove the copy of Apache that's on the C:
> > > drive. However, given its location in the Promise and Promise Utility
> > > folders, I think my Promise Pegasus RAID drive relies on it. I need my
> > > RAID to be available at all times. Therefore, I don't really want to
> > > tamper with any files related to it, including the copy of Apache on
> that C: drive.
> > >
> > > So, could you please provide suggestions on how can I have a copy of
> > > Apache work via the XAMPP Control Panel on my external drive?
> > >
> > > Thanks.
> > >
> > >
> > > -
> > > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> > > For additional commands, e-mail: users-h...@httpd.apache.org
> > >
> > >
> > Why would a RAID utility need a HTTP server?  In any case, you could
> always re-
> > install it, if needed.
> >
> > Or you could fix the path errors, or use WSL2 to install httpd.
> >
> > --4887a60612b7e251
> > Content-Type: text/html; charset=TF-8"
> > Content-Transfer-Encoding: quoted-printable
> >
> >  > dir="ltr" class="gmail_attr">On Fri, Mar 1, 2024 at 8:04 PM  > href="mailto:webad...@themavo.com;>webad...@themavo.com
> > w

Re: [users@httpd] Apache Not Starting via XAMPP.

[Frank Gingras]

On Fri, Mar 1, 2024 at 8:04 PM  wrote:

> Greetings.
>
> I would like to install WordPress on an external USB drive connected to my
> local Windows 11 workstation so I can design and try out new websites
> without immediately posting to an online and public hosting service.
>
> To that end, I installed XAMPP on the above-mentioned hard drive and need
> to
> be able to use Apache through the XAMPP control panel. However, Apache will
> not start. Every time I try to start Apache the log in the bottom portion
> of
> the XAMPP control panel has a line that states "Attempting to start Apache
> service..." and nothing more. And I can't connect to my localhost using any
> of my browsers.
>
> I tried to change, via the Config button, the port associated with Apache
> but that didn't work.
>
> Also, I noticed that, when I open the XAMPP Control Panel (always in
> Administrator Mode), the log section in the control panel window includes,
> in red,...
>
> ---
> 2:49:58 AM [Apache] Apache Service detected with wrong path
> 2:49:58 AM [Apache] Change XAMPP Apache and Control Panel settings or
> 2:49:58 AM [Apache] Uninstall/disable the other service manually first
> 2:49:58 AM [Apache] Found Path: "C:\Program Files (x86)\Promise\Pegasus
> Utility\apache\bin\httpd.exe" -k runservice
> 2:49:58 AM [Apache] Expected Path: "i:\xampp\apache\bin\httpd.exe" -k
> runservice
> ---
>
> So, Apache was already installed earlier on the startup (C:) drive of my
> computer. But, I'm trying to have Apache, MySQL and the rest of the XAMPP
> apps reside on my separate (I:) drive, because I want to use that I: drive
> to build my new websites offline with WordPress.
>
> I suppose I could uninstall/remove the copy of Apache that's on the C:
> drive. However, given its location in the Promise and Promise Utility
> folders, I think my Promise Pegasus RAID drive relies on it. I need my RAID
> to be available at all times. Therefore, I don't really want to tamper with
> any files related to it, including the copy of Apache on that C: drive.
>
> So, could you please provide suggestions on how can I have a copy of Apache
> work via the XAMPP Control Panel on my external drive?
>
> Thanks.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
Why would a RAID utility need a HTTP server?  In any case, you could always
re-install it, if needed.

Or you could fix the path errors, or use WSL2 to install httpd.

Re: [users@httpd] Limiting redirects with rewriterule/rewritecond

[Frank Gingras]

On Thu, Feb 29, 2024 at 7:18 AM Dave Wreski
 wrote:

>
> In my ongoing effort to reduce the number of redirects for
>> linuxsecurity.com, I could use a bit more help. Currently we have one
>> redirect to strip off any potential trailing slash as well as another that
>> strips out any preceding 'www'.
>>
>> RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
>> RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
>>
>> RewriteCond %{REQUEST_FILENAME} !-d
>> RewriteRule ^(.*)/$ $1 [R=301,L]
>>
>> The rest of our redirects are of the form:
>>
>> RewriteRule ^/about/us /about [L,R=301]
>>
>> Should I be combining each of these to also do the above with something
>> like:
>>
>> RewriteRule ^/about/us/? https://linuxsecurity.com/about [L,R=301]
>>
>> It seems like that would reduce the number of redirects by two, but I'm
>> unsure of what implications that would otherwise have. Maybe if I instead
>> performed the RewriteConds without R=301 and just rewrote the URL itself?
>> I'm not sure how that works.
>>
>> Any ideas greatly appreciated.
>> Thanks,
>> Dave
>>
>>
>>
> Perhaps you can, but be careful about not creating loops, especially if
> using .htaccess files.
>
> Do you mean because of patterns matching itself?
>
>
> Also, is there a specific reason why you're not using Redirect with
> mod_alias instead?
>
> I'm not as familiar with how mod_alias works, but also thought its
> functionality was more limited?
>
> Ideas for how to do the above using mod_alias would be appreciated.
>
> Thanks,
> Dave
>
>
>
>
>
>
The general idea is to use separate vhosts to redirect to https://, or
enforce a canonical hostname, first.

Then, for more specific redirects, use Redirect or RedirectMatch - you can
even specify the return code (301,302,304).

Re: [users@httpd] Limiting redirects with rewriterule/rewritecond

[Frank Gingras]

On Sun, Feb 25, 2024 at 5:29 PM Dave Wreski
 wrote:

> Hi,
>
> In my ongoing effort to reduce the number of redirects for
> linuxsecurity.com, I could use a bit more help. Currently we have one
> redirect to strip off any potential trailing slash as well as another that
> strips out any preceding 'www'.
>
> RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
> RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
>
> RewriteCond %{REQUEST_FILENAME} !-d
> RewriteRule ^(.*)/$ $1 [R=301,L]
>
> The rest of our redirects are of the form:
>
> RewriteRule ^/about/us /about [L,R=301]
>
> Should I be combining each of these to also do the above with something
> like:
>
> RewriteRule ^/about/us/? https://linuxsecurity.com/about [L,R=301]
>
> It seems like that would reduce the number of redirects by two, but I'm
> unsure of what implications that would otherwise have. Maybe if I instead
> performed the RewriteConds without R=301 and just rewrote the URL itself?
> I'm not sure how that works.
>
> Any ideas greatly appreciated.
> Thanks,
> Dave
>
>
>
Perhaps you can, but be careful about not creating loops, especially if
using .htaccess files.

Also, is there a specific reason why you're not using Redirect with
mod_alias instead?

Re: [users@httpd] working with a reverse proxy

[Frank Gingras]

On Tue, Feb 27, 2024 at 5:10 PM Marc  wrote:

>
> >
> > > What would a best practice of 'informing' the proxyhost about that it
> is
> > being proxied and it should send the defaulthost hostname?
> >
> > can try
> > https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypreservehost
>
> Proxy only works when I am having ProxyPreserveHost Off, I can't change
> that.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org


What happens when you use ProxyPreserveHost, exactly?

Re: [users@httpd] Tracing redirects

[Frank Gingras]

On Sat, Feb 24, 2024 at 12:18 PM Alec Burgess  wrote:

> Alec Burgess passed away please remove home from your mailing list
>
> Regards Pattie
> Regards ... Alec
> --
>
>
> On Fri, Nov 24, 2023 at 8:24 PM Will Fatherley 
> wrote:
>
>>
>>
>>> - use a client on the first url, and write the location header to file
>>> or stdout each time your 3xx response comes through
>>>
 … using a script that has access to a set data structure that can store
>> each request url, so as to break before the second request to the first
>> resource :)
>
>
Condolences, but you must do that on your end, see the instructions on:

https://httpd.apache.org/userslist.html

Re: [users@httpd] Forwarding question.

[Frank Gingras]

On Thu, Feb 8, 2024 at 10:53 PM joe a  wrote:

> On 2/5/2024 14:19:24, joe a wrote:
> > On 2/5/2024 13:24:22, Frank Gingras wrote:
> >>
> >>
> >> On Mon, Feb 5, 2024 at 1:20 PM joe a  >> <mailto:joea-li...@j4computers.com>> wrote:
> >>
> >> On 2/5/2024 11:58:55, Frank Gingras wrote:
> >>  >
> >>  >
> >>  > On Mon, Feb 5, 2024 at 11:55 AM joe a <
> joea-li...@j4computers.com
> >> <mailto:joea-li...@j4computers.com>
> >>  > <mailto:joea-li...@j4computers.com
> >> <mailto:joea-li...@j4computers.com>>> wrote:
> >>  >
> >>  > In a case where there is only one available incoming IP, is
> >> there a
> >>  > way,
> >>  > within apache, to host different domains, each on its own
> >> internal
> >>  > server, without requiring the external "calling browser"
> >> being any the
> >>  > wiser?  That is, without requiring the browser to "ask again"
> >> in a
> >>  > different manner?
> >>  >
> >>  > Want to host a low volume (and low cost) family oriented site
> >> (not
> >>  > apache) without having to resort to additional static IP or
> >> move to an
> >>  > off site "hosted" service.
> >>  >
> >>  >
> >>  >
> >>  -
> >>  > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> >> <mailto:users-unsubscr...@httpd.apache.org>
> >>  > <mailto:users-unsubscr...@httpd.apache.org
> >> <mailto:users-unsubscr...@httpd.apache.org>>
> >>  > For additional commands, e-mail: users-h...@httpd.apache.org
> >> <mailto:users-h...@httpd.apache.org>
> >>  > <mailto:users-h...@httpd.apache.org
> >> <mailto:users-h...@httpd.apache.org>>
> >>  >
> >>  >
> >>  > All you need here is name-based vhosts, and reverse proxy to the
> >>  > internal server when needed.
> >>  >
> >>
> >> Since I am not that experienced in apache configuation, I may have
> >> some
> >> simple questions.
> >>
> >> In the modern scheme, should the modules required be specified in
> >> httpd.conf or in loadmodule.conf?   Does it really matter other than
> >> for
> >> consistency?
> >>
> >>
> -
> >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> >> <mailto:users-unsubscr...@httpd.apache.org>
> >> For additional commands, e-mail: users-h...@httpd.apache.org
> >> <mailto:users-h...@httpd.apache.org>
> >>
> >>
> >> The config file name(s) do not matter, as long as you know what you
> >> added and where, and it makes sense for you.
> >>
> >> Make sure additional config files are included with the Include
> >> directive, if you're creating a new file.
> >
> > Woo Hoo!  Even I managed it.  And, as a bonus, the originally served
> > stuff still works.  Well . . . so far.
> >
> > Thanks much.
> >
> >
>
> There are some issues accessing from off premises, that is, when
> requests are entering via the internet facing router.  Like 301 and 400
> errors.
>
> Configuration is like this:
>
> Internet router->
> server-with-apache-redirect-to->server-eith-docker-nginx-reverse-proxy-acme-custom-app.
>
> The domain names are the same on each server.  Currently believe they
> must be for certificate generation and use.
>
> The virtual host on apache is configured thusly:
>
> 
>   ServerName www.my-domain.com
>   ServerAlias www.my-domain.org my-domain.com my-domain.org
>   ProxyPass "/"  "http://www.my-domain.com/;
>   ProxyPassReverse "/"  "http://my-domain.com/;
> 
> 
> # SSLEngine ON
>   ServerName www.my-domain.com
>   ServerAlias www.my-domain.org my-domain.com my-domain.org
>   ProxyPass "/"  "https://www.my-domain.com/;
>   ProxyPassReverse "/"  "https://www.my-domain.com/;
> 
>
> On the apache server the hosts files is used to resolve the host names
> to the target server.
>
> Where have I gone wrong?
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
Why are you using nginx at all in this set up?

Re: [users@httpd] Forwarding question.

[Frank Gingras]

On Mon, Feb 5, 2024 at 1:20 PM joe a  wrote:

> On 2/5/2024 11:58:55, Frank Gingras wrote:
> >
> >
> > On Mon, Feb 5, 2024 at 11:55 AM joe a  > <mailto:joea-li...@j4computers.com>> wrote:
> >
> > In a case where there is only one available incoming IP, is there a
> > way,
> > within apache, to host different domains, each on its own internal
> > server, without requiring the external "calling browser" being any
> the
> > wiser?  That is, without requiring the browser to "ask again" in a
> > different manner?
> >
> > Want to host a low volume (and low cost) family oriented site (not
> > apache) without having to resort to additional static IP or move to
> an
> > off site "hosted" service.
> >
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> > <mailto:users-unsubscr...@httpd.apache.org>
> > For additional commands, e-mail: users-h...@httpd.apache.org
> > <mailto:users-h...@httpd.apache.org>
> >
> >
> > All you need here is name-based vhosts, and reverse proxy to the
> > internal server when needed.
> >
>
> Since I am not that experienced in apache configuation, I may have some
> simple questions.
>
> In the modern scheme, should the modules required be specified in
> httpd.conf or in loadmodule.conf?   Does it really matter other than for
> consistency?
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
The config file name(s) do not matter, as long as you know what you added
and where, and it makes sense for you.

Make sure additional config files are included with the Include directive,
if you're creating a new file.

Re: [users@httpd] Forwarding question.

[Frank Gingras]

On Mon, Feb 5, 2024 at 11:55 AM joe a  wrote:

> In a case where there is only one available incoming IP, is there a way,
> within apache, to host different domains, each on its own internal
> server, without requiring the external "calling browser" being any the
> wiser?  That is, without requiring the browser to "ask again" in a
> different manner?
>
> Want to host a low volume (and low cost) family oriented site (not
> apache) without having to resort to additional static IP or move to an
> off site "hosted" service.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
All you need here is name-based vhosts, and reverse proxy to the internal
server when needed.

Re: [users@httpd] missing image

[Frank Gingras]

On Wed, Jan 31, 2024 at 2:54 PM Sherrard Burton 
wrote:

>
>
> On 1/31/24 02:26 PM, Adam Weremczuk wrote:
> >
> > I've already tried replacing relative path to the image with absolute
> > but it made no difference.
> >
> > Any ideas?
> >
>
> do you have a live example with the absolute path? the broken ones that
> i looked at all had the relative paths which (understandably) doesn't work.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
This sounds more like an html/content issue, unless httpd is mangling the
request via mod_rewrite or another directive.

In any case, if you get 404 responses, increase the log level and check the
error log first.

Re: [users@httpd] Script behaving differently when run by Apache and when run from a shell by user www-data?

[Frank Gingras]

On Tue, Jan 23, 2024 at 2:12 PM EML  wrote:

>
> Let's take a step back - why are you unmounting from a cgi script?
>
> It's a one-time setup when a user configures a new system. Most of these
> users aren't shell-literate, so they configure by ticking boxes on a web
> page. The system is a VPS, so is actually a VM, which I hope isn't relevant.
>
> Anyway, when configuration completes, all the scripts are deleted and
> Apache runs 'normally'.
>

IMO suexec would be better suited to handle more sensitive operations such
as unmounting.

CGI is not an interactive shell, as you discovered.

Calling a separate script with the suid bit might work too.

Re: [users@httpd] Script behaving differently when run by Apache and when run from a shell by user www-data?

[Frank Gingras]

On Tue, Jan 23, 2024 at 2:02 PM EML  wrote:

> The CGI Howto page contains some basic information on how Apache actually
> runs a program, but is there any more detailed information anywhere?
>
> Specifically, I have a problem where a bash script runs as expected when
> run from an interactive shell by user www-data (this is Ubuntu). However,
> the script behaves differently when run via Apache from a web client. This
> is nothing to do with PATH or envvar differences: when run by Apache, an
> operation to unmount a disk appears to succeed, but actually doesn't
> unmount the disk. When run from the interactive shell, as the same user,
> the operation unmounts the disk.
>
> This is a basic Apache install on Ubuntu 22.04 - no suexec, no chroot,
> plain CGI, etc. I've been running scripts via Apache this way for years,
> but this is the first script which attempts to carry out disk operations.
> All these scripts appear in the sudoers file to allow Apache to carry out
> specific privileged operations.
>
> I asked this question 
> today on StackExchange (https://unix.stackexchange.com/q/767587/212513,
> if the link is scrubbed), with much more detail, but I think that was
> probably the wrong place to ask.
>
>  Thanks.
>

Let's take a step back - why are you unmounting from a cgi script?

Re: [users@httpd] Removing trailing slashes with query strings

[Frank Gingras]

On Thu, Jan 18, 2024 at 7:44 AM Dave Wreski
 wrote:

> Hi,
>
> [Tue Jan 16 08:55:13.289205 2024] [rewrite:trace1] [pid 904886:tid 904938]
 mod_rewrite.c(493): [client 68.111.193.42:0] 68.195.193.42 - - [
 webstage.example.com/sid#560ba7f01a68][rid#7f2b1c0bc210/initial
 ]
 redirect to
 https://webstage.example.com/administrator/sqlantern-joomla/php?cms_settings
 [REDIRECT/301]

>>>
>>> Based on those log entries, the rewrite worked fine.
>>>
>>> Perhaps you're dealing with DirectorySlash here.
>>>
>>> Notice the last line redirected to itself, causing an infinite loop of
>>> redirects.
>>>
>>> I also wanted to add that, given the RewriteCond rule may be working
>>> correctly, how can I change it to accommodate query strings, or this
>>> particular query string?
>>>
>>> Thanks,
>>> Dave
>>>
>>>
>>>
>> If your rules are in .htaccess, the latter file will be parsed over and
>> over until it stops matching, so use the appropriate RewriteCond to break
>> that loop, or better yet, edit your vhost instead.
>>
>> Yes, that's what I'm asking for help to do :-) This rewritecond is
>> included in my vhost config using an Include statement.
>>
>> Thanks,
>> Dave
>>
>
> What context is the include directive placed in?
>
> It's in the VirtualHost directly, not in a Directory.
>
>
>
>
>
>
The following RewriteCond won't work in the vhost context:

RewriteCond %{REQUEST_FILENAME} !-d

You need to use:

RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-d

Re: [users@httpd] Removing trailing slashes with query strings

[Frank Gingras]

On Wed, Jan 17, 2024 at 9:21 AM Dave Wreski
 wrote:

> Hi,
>
> [Tue Jan 16 08:55:13.289205 2024] [rewrite:trace1] [pid 904886:tid 904938]
>>> mod_rewrite.c(493): [client 68.111.193.42:0] 68.195.193.42 - - [
>>> webstage.example.com/sid#560ba7f01a68][rid#7f2b1c0bc210/initial
>>> ]
>>> redirect to
>>> https://webstage.example.com/administrator/sqlantern-joomla/php?cms_settings
>>> [REDIRECT/301]
>>>
>>
>> Based on those log entries, the rewrite worked fine.
>>
>> Perhaps you're dealing with DirectorySlash here.
>>
>> Notice the last line redirected to itself, causing an infinite loop of
>> redirects.
>>
>> I also wanted to add that, given the RewriteCond rule may be working
>> correctly, how can I change it to accommodate query strings, or this
>> particular query string?
>>
>> Thanks,
>> Dave
>>
>>
>>
> If your rules are in .htaccess, the latter file will be parsed over and
> over until it stops matching, so use the appropriate RewriteCond to break
> that loop, or better yet, edit your vhost instead.
>
> Yes, that's what I'm asking for help to do :-) This rewritecond is
> included in my vhost config using an Include statement.
>
> Thanks,
> Dave
>

What context is the include directive placed in?

Re: [users@httpd] Removing trailing slashes with query strings

[Frank Gingras]

On Tue, Jan 16, 2024 at 3:33 PM Dave Wreski
 wrote:

> Hi,
> On 1/16/24 3:03 PM, Dave Wreski wrote:
>
>
> [Tue Jan 16 08:55:13.289205 2024] [rewrite:trace1] [pid 904886:tid 904938]
>> mod_rewrite.c(493): [client 68.111.193.42:0] 68.195.193.42 - - [
>> webstage.example.com/sid#560ba7f01a68][rid#7f2b1c0bc210/initial
>> ]
>> redirect to
>> https://webstage.example.com/administrator/sqlantern-joomla/php?cms_settings
>> [REDIRECT/301]
>>
>
> Based on those log entries, the rewrite worked fine.
>
> Perhaps you're dealing with DirectorySlash here.
>
> Notice the last line redirected to itself, causing an infinite loop of
> redirects.
>
> I also wanted to add that, given the RewriteCond rule may be working
> correctly, how can I change it to accommodate query strings, or this
> particular query string?
>
> Thanks,
> Dave
>
>
>
If your rules are in .htaccess, the latter file will be parsed over and
over until it stops matching, so use the appropriate RewriteCond to break
that loop, or better yet, edit your vhost instead.

DirectorySlash off won't help you if the user decides to add the "/" to the
URI and you want to remove it, for some reason. It will also break other
things.

Re: [users@httpd] Removing trailing slashes with query strings

[Frank Gingras]

On Tue, Jan 16, 2024 at 9:30 AM Dave Wreski
 wrote:

> Hi,
>
> I have the following rule that works well to remove trailing slashes from
>> URLs:
>>
>> RewriteCond %{REQUEST_FILENAME} !-d
>> RewriteRule ^(.*)/$ $1 [R=301,L]
>>
>> This is done to prevent the non-slash URL from being treated as duplicate
>> content with the URL with a slash.
>>
>> The problem is that there are exceptions, such as when we want to add
>> query strings to the end of a URL:
>>
>> https://example.com/administrator/path/?cms_settings
>>
>> I've also tried a variation, like:
>>
>> https://example.com/administrator/path?cms_settings
>>
>> but somehow the slash is replaced back into the URL and I don't know
>> where it comes from.
>>
>> Adding index.php to the path works properly because it's then not a
>> directory:
>>
>> https://example.com/administrator/path/index.php?cms_settings
>>
>> Any ideas greatly appreciated.
>>
>> Thanks,
>> Dave
>>
>>
>>
> What does the rewrite log say, exactly?
>
> There's a tremendous amount of noise at trace5 (although probably only
> trace4 was apparently really necessary), and I've had trouble generally
> identifying the entries related to this specific rule, but here are a few
> entries I think represent what's happening.
>
>
> https://webstage.example.com/administrator/sqlantern-joomla/php/?cms_settings
> [Tue Jan 16 08:55:13.289102 2024] [rewrite:trace3] [pid 904886:tid 904938]
> mod_rewrite.c(493): [client 68.111.193.42:0] 68.195.193.42 - - [
> webstage.example.com/sid#560ba7f01a68][rid#7f2b1c0bc210/initial
> ]
> applying pattern '^(.*)/$' to uri '/administrator/sqlantern-joomla/php/'
>
> [Tue Jan 16 08:55:13.289129 2024] [rewrite:trace4] [pid 904886:tid 904938]
> mod_rewrite.c(493): [client 68.195.193.42:0] 68.111.193.42 - - [
> webstage.example.com/sid#560ba7f01a68][rid#7f2b1c0bc210/initial
> ]
> RewriteCond: input='/administrator/sqlantern-joomla/php/' pattern='!-d' =>
> matched
>
> [Tue Jan 16 08:55:13.289143 2024] [rewrite:trace2] [pid 904886:tid 904938]
> mod_rewrite.c(493): [client 68.111.193.42:0] 68.195.193.42 - - [
> webstage.example.com/sid#560ba7f01a68][rid#7f2b1c0bc210/initial
> ]
> rewrite '/administrator/sqlantern-joomla/php/' ->
> '/administrator/sqlantern-joomla/php'
>
> [Tue Jan 16 08:55:13.289156 2024] [rewrite:trace2] [pid 904886:tid 904938]
> mod_rewrite.c(493): [client 68.111.193.42:0] 68.195.193.42 - - [
> webstage.example.com/sid#560ba7f01a68][rid#7f2b1c0bc210/initial
> ]
> explicitly forcing redirect with
> https://webstage.example.com/administrator/sqlantern-joomla/php
>
> [Tue Jan 16 08:55:13.289181 2024] [rewrite:trace1] [pid 904886:tid 904938]
> mod_rewrite.c(493): [client 68.111.193.42:0] 68.195.193.42 - - [
> webstage.example.com/sid#560ba7f01a68][rid#7f2b1c0bc210/initial
> ]
> escaping https://webstage.example.com/administrator/sqlantern-joomla/php
> for redirect
>
> [Tue Jan 16 08:55:13.289195 2024] [rewrite:trace1] [pid 904886:tid 904938]
> mod_rewrite.c(493): [client 68.111.193.42:0] 68.195.193.42 - - [
> webstage.example.com/sid#560ba7f01a68][rid#7f2b1c0bc210/initial
> ]
> copying cms_settings to query string for redirect
>
> [Tue Jan 16 08:55:13.289205 2024] [rewrite:trace1] [pid 904886:tid 904938]
> mod_rewrite.c(493): [client 68.111.193.42:0] 68.195.193.42 - - [
> webstage.example.com/sid#560ba7f01a68][rid#7f2b1c0bc210/initial
> ]
> redirect to
> https://webstage.example.com/administrator/sqlantern-joomla/php?cms_settings
> [REDIRECT/301]
>
> Thanks,
> Dave
>
>
>
Based on those log entries, the rewrite worked fine.

Perhaps you're dealing with DirectorySlash here.

Re: [users@httpd] Removing trailing slashes with query strings

[Frank Gingras]

On Mon, Jan 15, 2024 at 10:16 PM Dave Wreski
 wrote:

> Hi,
>
> I have the following rule that works well to remove trailing slashes from
> URLs:
>
> RewriteCond %{REQUEST_FILENAME} !-d
> RewriteRule ^(.*)/$ $1 [R=301,L]
>
> This is done to prevent the non-slash URL from being treated as duplicate
> content with the URL with a slash.
>
> The problem is that there are exceptions, such as when we want to add
> query strings to the end of a URL:
>
> https://example.com/administrator/path/?cms_settings
>
> I've also tried a variation, like:
>
> https://example.com/administrator/path?cms_settings
>
> but somehow the slash is replaced back into the URL and I don't know where
> it comes from.
>
> Adding index.php to the path works properly because it's then not a
> directory:
>
> https://example.com/administrator/path/index.php?cms_settings
>
> Any ideas greatly appreciated.
>
> Thanks,
> Dave
>
>
>
What does the rewrite log say, exactly?

Re: [users@httpd] Rewrite query string?

[Frank Gingras]

On Thu, Jan 4, 2024 at 5:03 PM Will Fatherley  wrote:

>
> https://example.com/search?searchword=CVE-2021-4014=
>>
>> I've tried the following RewriteCond/RewriteRule in various forms, but not 
>> sure what I'm doing wrong.
>>
>> RewriteCond %{QUERY_STRING} ^searchword=(.*)
>> RewriteRule ^   q=$1 [NC,L]
>>
>> Ideas for what I'm doing wrong would be greatly appreciated.
>>
>> Is the query parameter case sensitive? That’d be important for
> RewriteCond to know. Also, isn’t that the “starts with” operator, ^? What
> if the parameter comes second? A bit verbose, but:
>
>  ^.*searchword=(\w{1})[&]{0,1}.*$
>

You don't want to use ^.* - just use the substring match behaviour by
removing ^.* if you want to match searchword anywhere in the value.

Re: [users@httpd] Rewrite query string?

[Frank Gingras]

On Thu, Jan 4, 2024 at 2:53 PM Dave Wreski
 wrote:

> Hi,
>
> I'm trying to replace "searchword" with just "search" in the following URL:
>
> https://example.com/search?searchword=CVE-2021-4014=
>
> I've tried the following RewriteCond/RewriteRule in various forms, but not
> sure what I'm doing wrong.
>
> RewriteCond %{QUERY_STRING} ^searchword=(.*)
> RewriteRule ^   q=$1 [NC,L]
>
> Ideas for what I'm doing wrong would be greatly appreciated.
>
> Thanks,
> Dave
>
>
>
Captured values via a RewriteCond are referenced with %1 and not $1.

Either way, I recommend using the rewrite log to see what is actually
happening.

Re: [users@httpd] Problems with "VirtualHost"

[Frank Gingras]

On Mon, Dec 18, 2023 at 2:51 AM Gestió Servidors
 wrote:

> Hi,
>
>
>
> I define both vhost with : because each “hostname” links
> to different hosts. Machines A and B are differents and they are serving
> its sites, so in Apache I must declare (I think…) each host because I need
> to differentiate them. If I use *:, how are I differentiating both
> hosts if they are different?
>
>
>
> Output of “apachectl -S”:
>
>- in my running R (CentOS), where redirection works:
>
> VirtualHost configuration:
>
> my_ip_address:80 is a NameVirtualHost
>
>  default server A.mydomain (/etc/httpd/conf.d/000-default.conf:1)
>
>  port 80 namevhost A.mydomain
> (/etc/httpd/conf.d/000-default.conf:1)
>
>  alias A
>
>  alias A.mydomain.v2
>
>  port 80 namevhost B.mydomain
> (/etc/httpd/conf.d/000-default.conf:101)
>
>  alias B
>
>  alias B.mydomain.v2
>
> ServerRoot: "/etc/httpd"
>
> Main DocumentRoot: "/var/www/html"
>
> Main ErrorLog: "/etc/httpd/logs/error_log"
>
> Mutex mpm-accept: using_defaults
>
> Mutex authdigest-opaque: using_defaults
>
> Mutex proxy-balancer-shm: using_defaults
>
> Mutex rewrite-map: using_defaults
>
> Mutex authdigest-client: using_defaults
>
> Mutex proxy: using_defaults
>
> Mutex authn-socache: using_defaults
>
> Mutex default: dir="/run/httpd/" mechanism=default
>
> PidFile: "/run/httpd/httpd.pid"
>
> Define: _RH_HAS_HTTPPROTOCOLOPTIONS
>
> Define: DUMP_VHOSTS
>
> Define: DUMP_RUN_CFG
>
> User: name="apache" id=48
>
> Group: name="apache" id=48
>
>- in my new R (Rocky-8.9), where redirection doesn’t work:
>
> VirtualHost configuration:
>
> 192.168.1.2:80 A.mydomain (/etc/httpd/conf.d/000-default.conf:1)
>
> 192.168.1.5:80 B.mydomain (/etc/httpd/conf.d/000-default.conf:101)
>
> ServerRoot: "/etc/httpd"
>
> Main DocumentRoot: "/var/www/html"
>
> Main ErrorLog: "/etc/httpd/logs/error_log"
>
> Mutex authdigest-opaque: using_defaults
>
> Mutex watchdog-callback: using_defaults
>
> Mutex proxy-balancer-shm: using_defaults
>
> Mutex rewrite-map: using_defaults
>
> Mutex authdigest-client: using_defaults
>
> Mutex lua-ivm-shm: using_defaults
>
> Mutex proxy: using_defaults
>
> Mutex authn-socache: using_defaults
>
> Mutex default: dir="/etc/httpd/run/" mechanism=default
>
> Mutex cache-socache: using_defaults
>
> PidFile: "/etc/httpd/run/httpd.pid"
>
> Define: DUMP_VHOSTS
>
> Define: DUMP_RUN_CFG
>
> User: name="apache" id=48
>
> Group: name="apache" id=48
>
>
>
> Thanks a lot!
>
>
>
> *De:* Frank Gingras 
> *Enviat:* divendres, 15 de desembre de 2023 15:49
> *Per a:* users@httpd.apache.org
> *Tema:* Re: [users@httpd] Problems with "VirtualHost"
>
>
>
>
>
>
>
> On Fri, Dec 15, 2023 at 2:57 AM Gestió Servidors <
> sysadmin.c...@uab.cat.invalid> wrote:
>
> Hello,
>
>
>
> I have a small Apache where I run a redirection to two private hosts. My
> machine (R, router) is connected to Interned and to a private LAN
> (192.168.x.x/16). Behind “R”, there are two machines (A and B) that are
> serving two websites. R has an DNS alias with two public DNS names for A
> and B (because some years ago, A and B were machines with public IP
> addresses). Now, I want to change R and configure a new R machine (newest
> distribution). However, in new R, redirect doesn’t run and I can’t get
> browing from Internet to A and B websites. I copypaste here all information:
>
>
>
>- R:
>
>
>- CentOS-7.9.2009
>   - Apache: 2.4.6-99.el7.centos.1
>
>
>- new R:
>
>
>- Rocky Linux 8.9
>   - Apache: 2.4.37-62.module+el8.9.0+1436+2b7d5021
>
>
>
> My configuration file where I have configured “VirtualHost” is the same in
> both servers:
>
>
>
> 
>
> ServerAdmin foo@boo 
>
> ServerName A.mydomain
>
> ServerAlias A A.mydomain
>
> LogLevel info
>
> ErrorLog /var/log/httpd/virtualhost-A.log
>
> ProxyPass / http://192.168.1.2/
>
> ProxyPassReverse / http://192.168.1.2/
>
> 
>
> 
>
> Require ip my_network
>
> 
>
> 
>
>
>
> 
>
> Options FollowSymLinks
>
>  

Re: [users@httpd] Problems with "VirtualHost"

[Frank Gingras]

On Fri, Dec 15, 2023 at 2:57 AM Gestió Servidors
 wrote:

> Hello,
>
>
>
> I have a small Apache where I run a redirection to two private hosts. My
> machine (R, router) is connected to Interned and to a private LAN
> (192.168.x.x/16). Behind “R”, there are two machines (A and B) that are
> serving two websites. R has an DNS alias with two public DNS names for A
> and B (because some years ago, A and B were machines with public IP
> addresses). Now, I want to change R and configure a new R machine (newest
> distribution). However, in new R, redirect doesn’t run and I can’t get
> browing from Internet to A and B websites. I copypaste here all information:
>
>
>
>- R:
>   - CentOS-7.9.2009
>   - Apache: 2.4.6-99.el7.centos.1
>- new R:
>   - Rocky Linux 8.9
>   - Apache: 2.4.37-62.module+el8.9.0+1436+2b7d5021
>
>
>
> My configuration file where I have configured “VirtualHost” is the same in
> both servers:
>
>
>
> 
>
> ServerAdmin foo@boo 
>
> ServerName A.mydomain
>
> ServerAlias A A.mydomain
>
> LogLevel info
>
> ErrorLog /var/log/httpd/virtualhost-A.log
>
> ProxyPass / http://192.168.1.2/
>
> ProxyPassReverse / http://192.168.1.2/
>
> 
>
> 
>
> Require ip my_network
>
> 
>
> 
>
>
>
> 
>
> Options FollowSymLinks
>
> AllowOverride None
>
> 
>
> 
>
> Options Indexes FollowSymLinks MultiViews
>
> AllowOverride all
>
> 
>
> Require ip my_network
>
> 
>
> 
>
> 
>
>
>
> 
>
> ServerAdmin foo@boo 
>
> ServerName B.mydomain
>
> ServerAlias B B.mydomain
>
> LogLevel info
>
> ErrorLog /var/log/httpd/virtualhost-B.log
>
> ProxyPass / http://192.168.1.5/
>
> ProxyPassReverse / http://192.168.1.5/
>
> 
>
> 
>
> Require ip my_network
>
> 
>
> 
>
>
>
> 
>
> Options FollowSymLinks
>
> AllowOverride None
>
> 
>
> 
>
> Options Indexes FollowSymLinks MultiViews
>
> AllowOverride all
>
> 
>
> Require ip my_domain
>
> 
>
> 
>
> 
>
>
>
> With this file, in server R, redirection runs perfectly and when I browse
> http://A/mysiteA, R redirect connection to private machine A (the same
> when I browse to http://B/mysiteB). However, in new R, when I browse to
> http://A/mysiteA (or http://B/mysiteB), there are no redirection and I
> can see at logs this message: File does not exist: /var/www/html/mysiteA
> (or  File does not exist: /var/www/html/mysiteB).
>
>
>
> Where is the problem?
>
>
>
> Thanks!
>
>
>

You don't want to define a vhost as :, unless you know
exactly what you are doing.  When unsure, always use *:.

Show the output from apachectl -S or httpd -S after you applied the fixes.

Re: [users@httpd] Removing trailing slashes?

[Frank Gingras]

On Thu, Dec 14, 2023 at 10:21 AM Dave Wreski
 wrote:

> Hi,
>
> I would stop using .htaccess files, first, and merge all rewrite rules in
> the relevant vhost / Directory block.  Then, I would use the rewrite log to
> see what is really happening.
>
> Using multiple .htaccess files is a recipe to lose all your hair.
>
> These are Included in the directory block. My apologies for not making
> that more clear.
>
>Include /etc/httpd/conf.d/domain-htaccess.htaccess
>
> This is a site with content going back to 1996, so a lot has changed in
> that time, including a conversion to SEF URLs that we're currently
> redirecting.
>
> I've also posted here separately about trying to figure out how to trace
> rewrites using LogLevel and trace, but it is very difficult to follow.
>
> Thanks,
> Dave
>
>
>
>
>
>
Create a paste link with the updated and complete set of rules, as well as
the relevant rewrite log entries with verbosity 5.

Re: [users@httpd] Removing trailing slashes?

[Frank Gingras]

On Thu, Dec 14, 2023 at 8:52 AM Dave Wreski
 wrote:

> Hi,
>
> I have a FAQ, but need some additional info I haven't been able to find.
>> I'm trying to process links Google has indicated are 404s that never really
>> ever existed on our site.
>>
>> I have an htaccess file I'm Including with my main apache config that
>> only contains RewriteConds. This file is processed before any of the other
>> htaccess files that contain standard RewriteRules. This is what I'm using
>> to strip off any trailing slashes in URLs:
>>
>> RewriteCond %{REQUEST_FILENAME} !-d
>> RewriteRule ^(.*)/$ /$1 [R=301,L]
>>
>> I just want to confirm that this means none of the RewriteRules that
>> follow should contain a trailing slash or they will not match, correct?
>>
>> Some of my existing RewriteRules that were created before I realized I
>> should be stripping off the trailing slash actually contain a trailing
>> slash.
>>
>> Perhaps I should instead be using '/?' instead of just '/' at the end of
>> URLs?
>>
>> Thanks,
>> Dave
>>
>>
>>
> If the following rules look for a trailing slash and you remove it prior,
> in theory it won't match.  However, remember that .htaccess files will be
> parsed over and over until it stops matching, so you are likely to create a
> rewrite loop.
>
> Oh, good info. I didn't realize that.
>
> What is the rationale for removing trailing slashes here?
>
> Because apparently Google considers it duplicated content when it sees one
> version with a slash and one version without. Here's a few articles that
> discuss the issues.
>
> https://authenticdigital.nz/blog/trailing-slashes-and-seo/
> https://ahrefs.com/blog/trailing-slash/
>
> https://stackoverflow.com/questions/5948659/when-should-i-use-a-trailing-slash-in-my-url
>
> Also, I learned my RewriteCond above to strip off the trailing slash
> doesn't work with URLs involving query strings.
>
> RewriteCond %{REQUEST_FILENAME} !-d
> RewriteRule ^(.*)/$ /$1 [R=301,L]
>
> I believe it also has the potential to add a duplicate slash in the
> beginning if $1 already has a slash in it, but using just $1 alone doesn't
> fix the problem with losing query strings. Even ahrefs uses the above
> example in their blog post without considering query strings or the
> potential for creating duplicate slashes.
>
> Ideas greatly appreciated.
>
> Thanks,
> Dave
>
>
>
>
I would stop using .htaccess files, first, and merge all rewrite rules in
the relevant vhost / Directory block.  Then, I would use the rewrite log to
see what is really happening.

Using multiple .htaccess files is a recipe to lose all your hair.

Re: [users@httpd] Removing trailing slashes?

[Frank Gingras]

On Wed, Dec 13, 2023 at 7:13 PM Dave Wreski
 wrote:

> Hi,
>
> I have a FAQ, but need some additional info I haven't been able to find.
> I'm trying to process links Google has indicated are 404s that never really
> ever existed on our site.
>
> I have an htaccess file I'm Including with my main apache config that only
> contains RewriteConds. This file is processed before any of the other
> htaccess files that contain standard RewriteRules. This is what I'm using
> to strip off any trailing slashes in URLs:
>
> RewriteCond %{REQUEST_FILENAME} !-d
> RewriteRule ^(.*)/$ /$1 [R=301,L]
>
> I just want to confirm that this means none of the RewriteRules that
> follow should contain a trailing slash or they will not match, correct?
>
> Some of my existing RewriteRules that were created before I realized I
> should be stripping off the trailing slash actually contain a trailing
> slash.
>
> Perhaps I should instead be using '/?' instead of just '/' at the end of
> URLs?
>
> Thanks,
> Dave
>
>
>
If the following rules look for a trailing slash and you remove it prior,
in theory it won't match.  However, remember that .htaccess files will be
parsed over and over until it stops matching, so you are likely to create a
rewrite loop.

What is the rationale for removing trailing slashes here?

Re: [users@httpd] RE: [External][users@httpd] Building 32-bit Apache-httpd

[Frank Gingras]

On Tue, Nov 28, 2023 at 12:11 PM Daga, Navin (Navin) 
wrote:

> On Tue, Nov 28, 2023 at 9:19 AM Will Fatherley 
> wrote:
>
>
>
> >> Any help on this? How to build 32-bit Apache httpd on a 64-bit server?
>
> I am unsure of recommended workarounds as I usually have my package
> manager build httpd directly from that OSs package index. That said, a
> container or VM might be a possibility.
>
>
>
> Does your distribution not provide 32 bit packages?
>
> >> No, Rocky Linux does not have a 32-bit package.
>

Might be worth looking at the srpm for CentOS 7 or earlier, there was a 32
bit ISO.

Re: [users@httpd] RE: [External][users@httpd] Building 32-bit Apache-httpd

[Frank Gingras]

On Tue, Nov 28, 2023 at 9:19 AM Will Fatherley 
wrote:

>
>
>> >> Any help on this? How to build 32-bit Apache httpd on a 64-bit server?
>>
> I am unsure of recommended workarounds as I usually have my package
> manager build httpd directly from that OSs package index. That said, a
> container or VM might be a possibility.


Does your distribution not provide 32 bit packages?

Re: [users@httpd] Still have messed up TLS

[Frank Gingras]

On Mon, Nov 27, 2023 at 2:47 PM John  wrote:

> On Sun, 2023-11-26 at 18:06 -0500, Paul wrote:
> > On 2023-11-26 16:12, John wrote:
> > > After a week of chasing this around I have managed to change the
> problem several times but I'm
> > > still
> > > unable to get Apache started.  I **think** there is something
> unrelated to the error that I'm
> > > seeing
> > > that may have been included in the default config but before I go down
> that rabbit hole I
> > > realize
> > > that I am making a number of assumptions because I don't know how to
> check, so if everyone would
> > > please bear with me, and my apologies in advance:
> > >
> > > Here are the relevant parts of the full configuration:
> > >
> > > /usr/sbin/httpd -M
> >
> > I think you said you were using "Rocky Linux" associated with RHEL which
> > may use /usr/sbin/httpd rather than /usr/share/apache2 (debian).  If
> > "Rocky" is a spin-off (I have no knowledge of it) perhaps they have a
> > "users list" that could help you?
> >
> > In any case what is the output of 'apachectl -S' (or perhaps 'httpd
> > -S')?  Is it only your TLS that is problematic, or are there other
> > underlying glitches?  You write "httpd.service: Main process exited,
> > code=exited, status=1/FAILURE" and this looks to me that it could
> > preceed any TLS certs.
> >
> > Also, your "SSLCACertificateFile" probably has to be used carefully.  It
> > "can be used alternatively and/or additionally to "SSLCACertificatePath"
> > and should only be used if "SSLCADNRequestPath or SSLCADNRequestFile"
> > are missing. See .
> > Yours appear to be missing from what you write (please delete all rem'ed
> > out lines, it's rather boring) - are you sure this is what you want?
> >
> > Good luck -- Paul
> > >
> > > ***89 deleted module lines here**
> > > ssl_module (shared)
> > > systemd_module (shared)
> > >
> > > the full config file for the ONLY https virtual server
> > > --
> > > # SSL Support for Coax Publications ONLY!
> > > 
> > > ServerName www.coaxpublications.ca
> > > #   ServerAlias t.coaxpublications.ca
> > > DocumentRoot /usr/httpd/coax
> > > Options -MultiViews
> > > H2Direct on
> > > ProxyPassMatch "^/.*\.php(/.*)?$" fcgi://
> 127.0.0.1:9002/usr/httpd/coax
> > > SSLEngine on
> > > #   SSLCipherSuite HIGH: !ADH: !SSLv2: !SSLv3: !TLSv1: !RC4: !PSK: !MD5
> > > SSLCipherSuite TLSv1.3
> > > SSLCertificateFile
> /etc/httpd/conf/sslcert/www.coaxpublications.ca.pem
> > > SSLCertificateKeyFile
> /etc/httpd/conf/sslcert/www.coaxpublications.ca.key
> > > SSLCACertificateFile /etc/httpd/conf/sslcert/intermediate.crt
> > > SSLHonorCipherOrder on
> > > Header always set Strict-Transport-Security
> "max-age-63072000;includeSubDomains"
> > > 
> > >
> > > # Redirect if logon is to coaxpublications without the 'www'
> > > 
> > > ServerName coaxpublications.ca
> > > Redirect permanent / https://www.coaxpublications.ca
> > > 
> > > --
> > >
> > > the systemctl status on attempting to start:
> > > --
> > > # systemctl status httpd
> > > × httpd.service - The Apache HTTP Server
> > >   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled;
> preset: disabled)
> > >  Drop-In: /usr/lib/systemd/system/httpd.service.d
> > >   └─php-fpm.conf
> > >   Active: failed (Result: exit-code) since Sun 2023-11-26 15:14:50
> EST; 25min ago
> > > Duration: 1d 22h 32min 36.626s
> > > Docs: man:httpd.service(8)
> > >  Process: 56733 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND
> (code=exited,
> > > status=1/FAILURE)
> > > Main PID: 56733 (code=exited, status=1/FAILURE)
> > >   Status: "Reading configuration..."
> > >  CPU: 25ms
> > >
> > > Nov 26 15:14:50 prod02 systemd[1]: Starting The Apache HTTP Server...
> > > Nov 26 15:14:50 prod02 systemd[1]: httpd.service: Main process exited,
> code=exited,
> > > status=1/FAILURE
> > > Nov 26 15:14:50 prod02 systemd[1]: httpd.service: Failed with result
> 'exit-code'.
> > > Nov 26 15:14:50 prod02 systemd[1]: Failed to start The Apache HTTP
> Server.
> > > --
> > >
> > > our production TLS certificate.  The one on the problem server is a
> .pem version of the same
> > > thing
> > > because it will eventually replace this server.  What I don't know is
> how to confirm that the
> > > .pem
> > > cert is identical to this one.
> > >
> > > --
> > > 
> > > 
> > > 
> > > 
> > >  
> > >  
> > >  
> > >  
> > >  
> > >   src="chrome://global/content/certviewer/certviewer.mjs">
> > >   src="chrome://global/content/certviewer/components/certificate-
> > > section.mjs">
> > >   src="chrome://global/content/certviewer/components/about-certificate-
> > > section.mjs">
> > >   href="chrome://global/skin/in-content/common.css">
> > >   href="chrome://global/content/certviewer/certviewer.css">
> > >   > > args="{firstCertName:www.coaxpublications.ca}"
> 

Re: [users@httpd] Still have messed up TLS

[Frank Gingras]

On Sun, Nov 26, 2023 at 4:13 PM John  wrote:

> After a week of chasing this around I have managed to change the problem
> several times but I'm still
> unable to get Apache started.  I **think** there is something unrelated to
> the error that I'm seeing
> that may have been included in the default config but before I go down
> that rabbit hole I realize
> that I am making a number of assumptions because I don't know how to
> check, so if everyone would
> please bear with me, and my apologies in advance:
>
> Here are the relevant parts of the full configuration:
>
> /usr/sbin/httpd -M
>
> ***89 deleted module lines here**
> ssl_module (shared)
> systemd_module (shared)
>
> the full config file for the ONLY https virtual server
> --
> # SSL Support for Coax Publications ONLY!
> 
>ServerName www.coaxpublications.ca
> #   ServerAlias t.coaxpublications.ca
>DocumentRoot /usr/httpd/coax
>Options -MultiViews
>H2Direct on
>ProxyPassMatch "^/.*\.php(/.*)?$" fcgi://127.0.0.1:9002/usr/httpd/coax
>SSLEngine on
> #   SSLCipherSuite HIGH: !ADH: !SSLv2: !SSLv3: !TLSv1: !RC4: !PSK: !MD5
>SSLCipherSuite TLSv1.3
>SSLCertificateFile /etc/httpd/conf/sslcert/www.coaxpublications.ca.pem
>SSLCertificateKeyFile
> /etc/httpd/conf/sslcert/www.coaxpublications.ca.key
>SSLCACertificateFile /etc/httpd/conf/sslcert/intermediate.crt
>SSLHonorCipherOrder on
>Header always set Strict-Transport-Security
> "max-age-63072000;includeSubDomains"
> 
>
> # Redirect if logon is to coaxpublications without the 'www'
> 
>ServerName coaxpublications.ca
>Redirect permanent / https://www.coaxpublications.ca
> 
> --
>
> the systemctl status on attempting to start:
> --
> # systemctl status httpd
> × httpd.service - The Apache HTTP Server
>  Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled;
> preset: disabled)
> Drop-In: /usr/lib/systemd/system/httpd.service.d
>  └─php-fpm.conf
>  Active: failed (Result: exit-code) since Sun 2023-11-26 15:14:50 EST;
> 25min ago
>Duration: 1d 22h 32min 36.626s
>Docs: man:httpd.service(8)
> Process: 56733 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND
> (code=exited, status=1/FAILURE)
>Main PID: 56733 (code=exited, status=1/FAILURE)
>  Status: "Reading configuration..."
> CPU: 25ms
>
> Nov 26 15:14:50 prod02 systemd[1]: Starting The Apache HTTP Server...
> Nov 26 15:14:50 prod02 systemd[1]: httpd.service: Main process exited,
> code=exited, status=1/FAILURE
> Nov 26 15:14:50 prod02 systemd[1]: httpd.service: Failed with result
> 'exit-code'.
> Nov 26 15:14:50 prod02 systemd[1]: Failed to start The Apache HTTP Server.
> --
>
> our production TLS certificate.  The one on the problem server is a .pem
> version of the same thing
> because it will eventually replace this server.  What I don't know is how
> to confirm that the .pem
> cert is identical to this one.
>
> --
> 
> 
> 
> 
> 
> 
> 
> 
> 
>  src="chrome://global/content/certviewer/certviewer.mjs">
>  src="chrome://global/content/certviewer/components/certificate-
> section.mjs">
>  src="chrome://global/content/certviewer/components/about-certificate-
> section.mjs">
>  href="chrome://global/skin/in-content/common.css">
>  href="chrome://global/content/certviewer/certviewer.css">
>  args="{firstCertName:www.coaxpublications.ca}"
> data-l10n-id="certificate-
> viewer-tab-title">Certificate for www.coaxpublications.ca
>   
>   
> 
>href="chrome://global/content/certviewer/components/certificate-
> section.css">
>   
> 
>
> 
>   
> 
>
>  
>
> 
>href="chrome://global/skin/in-content/common.css">
>href="chrome://global/content/certviewer/components/info-item.css">
>   
>   
> 
>
> 
>href="chrome://global/content/certviewer/components/info-group.css">
>   
>  data-l10n-
> id="certificate-viewer-critical-extension">
> 
>   
>   
> 
>
> 
>href="chrome://global/content/certviewer/components/error-section.css">
>   
>   
> 
>
> 
>href="chrome://global/content/certviewer/components/certificate-
> section.css">
>   
> 
>
> 
>href="chrome://global/content/certviewer/components/about-certificate-
> section.css">
> 
>
> 
>href="chrome://global/content/certviewer/components/list-item.css">
>   
>   
> 
>
>
> 
> --
>
> the error log for mod_ssl
>
> --
> Sun Nov 26 15:14:50.745976 2023] [ssl:warn] [pid 56733:tid 56733] AH01909:
> www.iliffe.ca:443:0
> server certificate does NOT include an ID which matches the server name
> --
> Now here is where I get really confused: there is NO config file for
> virtual server iliffe.ca that
> makes it an HTTPS server.  It is simply our test server and runs as http
> on port 80.  The only
> possible reason that I can think of why this should have been 

Re: [users@httpd] Connection TLS Error

[Frank Gingras]

On Sun, Nov 19, 2023 at 3:25 PM John  wrote:

> On Sun, 2023-11-19 at 15:17 -0500, Eric Covener wrote:
> > On Sun, Nov 19, 2023 at 3:15 PM John  wrote:
> > >
> > > On Sun, 2023-11-19 at 14:35 -0500, Eric Covener wrote:
> > > > On Sun, Nov 19, 2023 at 2:31 PM John  wrote:
> > > > >
> > > > > When I try to connect to Apache (2.4.53) using TLS 1.3 I get a
> browser error:
> > > > > Error code: SSL_ERROR_RX_RECORD_TOO_LONG(Firefox)
> > > >
> > > > What does your SSL-enabled virtualhost look like
> > >
> > > Here is the example.conf include file; ssl.conf follows
> > >
> > > # SSL Support for example.ca ONLY!
> > > 
> > >ServerName www.example.ca
> > > ServerAlias t.example.ca
> > >DocumentRoot /usr/httpd/example
> > >Options -MultiViews
> > >H2Direct on
> > >ProxyPassMatch "^/.*\.php(/.*)?$" fcgi://
> 127.0.0.1:9002/usr/httpd/example
> > > #   SSLEngine on
> >
> > ^^^ Pretty suspicious?
> >
>
>
> SSLEngine being commented out?  It is already turned on in ssl.conf and
> one of the problems that I
> already had to fix was duplicate entries between conf file sections.
> > -
> > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> > For additional commands, e-mail: users-h...@httpd.apache.org
> >
>
>

>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
You can't inherit SSLEngine on like that - you must either set it in the
vhost context, or include a file that sets it.  I don't see an include
directive in your vhost, either.

Re: [users@httpd] Tightening security on my webserver

[Frank Gingras]

You could look at the AcceptPathInfo directive in the meantime as well.

On Tue, Nov 14, 2023 at 4:04 PM Frank Gingras  wrote:

> The URI path part of pathinfo is not "ignored", nor "considered" by the
> web server. It is simply passed to the php application. If your application
> chooses to include it in the response, then the application must be
> corrected.
>
> On Tue, Nov 14, 2023 at 3:57 PM Murray Collingwood <
> mur...@focus-computing.com.au> wrote:
>
>> Hi Frank
>>
>> Yes, and I can do this, but I'm really surprised that this extra content
>> is even being reflected back to the web user.  My assumption was if I
>> ignore anything beyond my "appwaz.php" it will be ignored by the web
>> server so why is this text being reflected back as part of the
>> response???  Is it something I'm doing in my php script? (I don't think so).
>>
>> Cheers
>> Murray
>>
>>
>>
>> On Wed, 15 Nov 2023 at 09:47, Frank Gingras  wrote:
>>
>>> Since you're using appwaz.php to serve your content and parsing the
>>> pathinfo, it falls back on your php application to discard values that are
>>> malicious or incorrect.
>>>
>>> On Tue, Nov 14, 2023 at 3:37 PM Murray Collingwood <
>>> mur...@focus-computing.com.au> wrote:
>>>
>>>> Good question @Frank, and yes it is.
>>>>
>>>> Cheers
>>>> Murray
>>>>
>>>>
>>>>
>>>> On Wed, 15 Nov 2023 at 07:36, Frank Gingras  wrote:
>>>>
>>>>> To be clear, is sobs.com.au your domain name?
>>>>>
>>>>> On Tue, Nov 14, 2023 at 1:26 PM Murray Collingwood <
>>>>> mur...@focus-computing.com.au> wrote:
>>>>>
>>>>>> Hi folks
>>>>>>
>>>>>> First time poster.  I recently became aware that hackers were able to
>>>>>> include scripts in my URLs that would run (when reflected back to the
>>>>>> client web browser).
>>>>>>
>>>>>> Is there a simple configuration in Apache that allows me to apply
>>>>>> strict rules to the URLs that would stop this happening?
>>>>>>
>>>>>> Alternatively, is there something I have opened / allowed that
>>>>>> enables this?
>>>>>>
>>>>>> For example:
>>>>>> https://sobs.com.au/ui/appwaz.php/jiwzk%22onload%3d%22alert(1)%22tyysj
>>>>>>
>>>>>>
>>>>>> Hope you can help.
>>>>>>
>>>>>> Cheers
>>>>>> Murray
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Murray Collingwood
>>>>>> Focus Computing
>>>>>>
>>>>>> Australia ph 07 3175 0575
>>>>>> New Zealand ph 03 928 1699
>>>>>>
>>>>>> http://www.focus-computing.com.au
>>>>>>
>>>>>>
>>>>
>>>> --
>>>> Murray Collingwood
>>>> Focus Computing
>>>>
>>>> Australia ph 07 3175 0575
>>>> New Zealand ph 03 928 1699
>>>>
>>>> http://www.focus-computing.com.au
>>>>
>>>
>>
>> --
>> Murray Collingwood
>> Focus Computing
>>
>> Australia ph 07 3175 0575
>> New Zealand ph 03 928 1699
>>
>> http://www.focus-computing.com.au
>>
>

Re: [users@httpd] Tightening security on my webserver

[Frank Gingras]

The URI path part of pathinfo is not "ignored", nor "considered" by the web
server. It is simply passed to the php application. If your application
chooses to include it in the response, then the application must be
corrected.

On Tue, Nov 14, 2023 at 3:57 PM Murray Collingwood <
mur...@focus-computing.com.au> wrote:

> Hi Frank
>
> Yes, and I can do this, but I'm really surprised that this extra content
> is even being reflected back to the web user.  My assumption was if I
> ignore anything beyond my "appwaz.php" it will be ignored by the web
> server so why is this text being reflected back as part of the
> response???  Is it something I'm doing in my php script? (I don't think so).
>
> Cheers
> Murray
>
>
>
> On Wed, 15 Nov 2023 at 09:47, Frank Gingras  wrote:
>
>> Since you're using appwaz.php to serve your content and parsing the
>> pathinfo, it falls back on your php application to discard values that are
>> malicious or incorrect.
>>
>> On Tue, Nov 14, 2023 at 3:37 PM Murray Collingwood <
>> mur...@focus-computing.com.au> wrote:
>>
>>> Good question @Frank, and yes it is.
>>>
>>> Cheers
>>> Murray
>>>
>>>
>>>
>>> On Wed, 15 Nov 2023 at 07:36, Frank Gingras  wrote:
>>>
>>>> To be clear, is sobs.com.au your domain name?
>>>>
>>>> On Tue, Nov 14, 2023 at 1:26 PM Murray Collingwood <
>>>> mur...@focus-computing.com.au> wrote:
>>>>
>>>>> Hi folks
>>>>>
>>>>> First time poster.  I recently became aware that hackers were able to
>>>>> include scripts in my URLs that would run (when reflected back to the
>>>>> client web browser).
>>>>>
>>>>> Is there a simple configuration in Apache that allows me to apply
>>>>> strict rules to the URLs that would stop this happening?
>>>>>
>>>>> Alternatively, is there something I have opened / allowed that enables
>>>>> this?
>>>>>
>>>>> For example:
>>>>> https://sobs.com.au/ui/appwaz.php/jiwzk%22onload%3d%22alert(1)%22tyysj
>>>>>
>>>>>
>>>>> Hope you can help.
>>>>>
>>>>> Cheers
>>>>> Murray
>>>>>
>>>>>
>>>>> --
>>>>> Murray Collingwood
>>>>> Focus Computing
>>>>>
>>>>> Australia ph 07 3175 0575
>>>>> New Zealand ph 03 928 1699
>>>>>
>>>>> http://www.focus-computing.com.au
>>>>>
>>>>>
>>>
>>> --
>>> Murray Collingwood
>>> Focus Computing
>>>
>>> Australia ph 07 3175 0575
>>> New Zealand ph 03 928 1699
>>>
>>> http://www.focus-computing.com.au
>>>
>>
>
> --
> Murray Collingwood
> Focus Computing
>
> Australia ph 07 3175 0575
> New Zealand ph 03 928 1699
>
> http://www.focus-computing.com.au
>

Re: [users@httpd] Tightening security on my webserver

[Frank Gingras]

Since you're using appwaz.php to serve your content and parsing the
pathinfo, it falls back on your php application to discard values that are
malicious or incorrect.

On Tue, Nov 14, 2023 at 3:37 PM Murray Collingwood <
mur...@focus-computing.com.au> wrote:

> Good question @Frank, and yes it is.
>
> Cheers
> Murray
>
>
>
> On Wed, 15 Nov 2023 at 07:36, Frank Gingras  wrote:
>
>> To be clear, is sobs.com.au your domain name?
>>
>> On Tue, Nov 14, 2023 at 1:26 PM Murray Collingwood <
>> mur...@focus-computing.com.au> wrote:
>>
>>> Hi folks
>>>
>>> First time poster.  I recently became aware that hackers were able to
>>> include scripts in my URLs that would run (when reflected back to the
>>> client web browser).
>>>
>>> Is there a simple configuration in Apache that allows me to apply strict
>>> rules to the URLs that would stop this happening?
>>>
>>> Alternatively, is there something I have opened / allowed that enables
>>> this?
>>>
>>> For example:
>>> https://sobs.com.au/ui/appwaz.php/jiwzk%22onload%3d%22alert(1)%22tyysj
>>>
>>>
>>> Hope you can help.
>>>
>>> Cheers
>>> Murray
>>>
>>>
>>> --
>>> Murray Collingwood
>>> Focus Computing
>>>
>>> Australia ph 07 3175 0575
>>> New Zealand ph 03 928 1699
>>>
>>> http://www.focus-computing.com.au
>>>
>>>
>
> --
> Murray Collingwood
> Focus Computing
>
> Australia ph 07 3175 0575
> New Zealand ph 03 928 1699
>
> http://www.focus-computing.com.au
>

Re: [users@httpd] Tightening security on my webserver

[Frank Gingras]

To be clear, is sobs.com.au your domain name?

On Tue, Nov 14, 2023 at 1:26 PM Murray Collingwood <
mur...@focus-computing.com.au> wrote:

> Hi folks
>
> First time poster.  I recently became aware that hackers were able to
> include scripts in my URLs that would run (when reflected back to the
> client web browser).
>
> Is there a simple configuration in Apache that allows me to apply strict
> rules to the URLs that would stop this happening?
>
> Alternatively, is there something I have opened / allowed that enables
> this?
>
> For example:
> https://sobs.com.au/ui/appwaz.php/jiwzk%22onload%3d%22alert(1)%22tyysj
>
>
> Hope you can help.
>
> Cheers
> Murray
>
>
> --
> Murray Collingwood
> Focus Computing
>
> Australia ph 07 3175 0575
> New Zealand ph 03 928 1699
>
> http://www.focus-computing.com.au
>
>

Re: [users@httpd] Ubuntu/Apache2/laravel - test project setup in subdirs

[Frank Gingras]

On Sun, Nov 12, 2023 at 6:47 PM bruce  wrote:

> Hi.
>
> Setting up a test laravel app to run as a subdir:
>  ie   /var/www/html/wave/wave/public   (index.php)
>
> the idea is to have the url
>   http://1.2.3.4/wave  (is this possible? or dies it need to be
>   http://1.2.3.4/wave/index.php  in the url ??
>
> I'd also like the base url to be
>http://1.2.3.4   --- to have a default page
>
> Having the test laravel apps in subdirs gives the project multiple test
> apps.
>
> I'd like the urls to be similar to
>  http//1.2.3.4/app1
>  http//1.2.3.4/app2..
>
> which means changes to the
>/etc/apache2/mods-available/alias.conf file
>
>   and the
>   /etc/apache2/sites-available/wave1.confwave2.conf... for the
> VirtHost setup
>
> As far as I can tell.. I think the basic "laravel" app displays sort of
> ok..
>  at least from the top url...
>
> However, the current test setup gives errs from the subdir.. which
> implies something amiss.
>
> So, I'm posting here, hoping that someone has set something up similar
> to what I'm going through.
>
> I'm more than willing to give complete access to the test digital
> ocean Ubuntu droplet/instance to check out this issue.
>
> thanks
>
> the test url  --- http:  //  161.35.5.174   http:  //
> 161.35.5.174/  wave
>
> I realize this is more for laravel...  but I'm throwing this out on a
> prayer!!
>
> thanks! again
>
> ps..
>
> the basic dirr tree
> /var/www/html/wave/wave/public/index.php
>
> so the 2nd would be
> /var/www/htmlwave2/wave/public/index.php
> (at least I think it would be this...)
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
Again, all you need is the Alias directive, and you didn't show the errors
you encountered.

And you created a new thread, yet again.

Re: [users@httpd] ubuntu apache2

[Frank Gingras]

On Sat, Nov 11, 2023 at 10:37 PM bruce  wrote:

> Weird
>
> Seems the "DocumentRoot" as displayed in
> apachectl -S
> AH00558: apache2: Could not reliably determine the server's fully
> qualified domain name, using 127.0.1.1. Set the 'ServerName' directive
> globally to suppress this message
> VirtualHost configuration:
> *:80   161.35.5.174
> (/etc/apache2/sites-enabled/wave.conf:1)
> ServerRoot: "/etc/apache2"
> Main DocumentRoot: "/var/www/html"  <<<<<
>
> never gets changed regardless of what I do with "wave.conf" in the
> /etc/apache2/sites-available/wave.conf
>
> Researching the 'net.. seems others have experienced the same issue...
>
> just weird..
>
>
>
>
> On Sat, Nov 11, 2023 at 9:43 PM Frank Gingras  wrote:
> >
> >
> >
> > On Sat, Nov 11, 2023 at 9:25 PM bruce  wrote:
> >>
> >> I wasnt sure if servername is optional, or used. Since I have no
> >> domain/server, I'm assuming I can the use the test ipAddress..
> >>
> >> still testing!
> >>
> >> thanks
> >>
> >> On Sat, Nov 11, 2023 at 8:46 PM Frank Gingras 
> wrote:
> >> >
> >> >
> >> >
> >> > On Sat, Nov 11, 2023 at 8:41 PM bruce  wrote:
> >> >>
> >> >> arrggg..
> >> >>
> >> >> Ok. something's going on that I'm missing..
> >> >>
> >> >> I changed the wave.conf in the /etc/apache/sites-available
> >> >> /etc/apache2/sites-enabled
> >> >>
> >> >> I actually renamed the file to wave.conf1
> >> >> I did the a2dissites *.conf as well as stopped/restarted apache2
> >> >>
> >> >> I then did
> >> >>  apachectl -S
> >> >> AH00558: apache2: Could not reliably determine the server's fully
> >> >> qualified domain name, using 127.0.1.1. Set the 'ServerName'
> directive
> >> >> globally to suppress this message
> >> >> VirtualHost configuration:
> >> >> *:80   127.0.1.1
> (/etc/apache2/sites-enabled/wave.conf:1)
> >> >> ServerRoot: "/etc/apache2"
> >> >> Main DocumentRoot: "/var/www/html"   <<<<<<<< what the heck!!!
> >> >> Main ErrorLog: "/var/log/apache2/error.log"
> >> >> Mutex mpm-accept: using_defaults
> >> >> Mutex watchdog-callback: using_defaults
> >> >> Mutex rewrite-map: using_defaults
> >> >> Mutex default: dir="/var/run/apache2/" mechanism=default
> >> >> PidFile: "/var/run/apache2/apache2.pid"
> >> >> Define: DUMP_VHOSTS
> >> >> Define: DUMP_RUN_CFG
> >> >> User: name="www-data" id=33
> >> >> Group: name="www-data" id=33
> >> >>
> >> >> Main DocumentRoot: "/var/www/html"   <<<<<<<< what the heck!!!
> >> >> and I get this as the default... where/why is this set?
> >> >>
> >> >> did a "find" and only saw it in the /etc/apache/* files I had
> >> >> renamed.. there are no *.conf for the testing... (for now..)
> >> >>
> >> >> any thoughts/ideas!
> >> >>
> >> >>
> >> >> thanks
> >> >>
> >> >> On Sat, Nov 11, 2023 at 6:24 PM Frank Gingras 
> wrote:
> >> >> >
> >> >> >
> >> >> >
> >> >> > On Sat, Nov 11, 2023 at 6:20 PM bruce  wrote:
> >> >> >>
> >> >> >> Thanks..
> >> >> >>
> >> >> >> Tried again. Same results. As far as 2.2 directives vs 2.4..
> could you clarify?
> >> >> >>
> >> >> >> Pretty sure this is simple.. but can't see what's missing...
> >> >> >>
> >> >> >> thanks
> >> >> >>
> >> >> >> On Sat, Nov 11, 2023 at 6:05 PM Frank Gingras 
> wrote:
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > On Sat, Nov 11, 2023 at 5:46 PM bruce 
> wrote:
> >> >> >> >>
> >> >> >> >> Hi Frank!!
> >> >> >> >>
> >> >> >> >> thanks for the reply.
> >> >> >> 

Re: [users@httpd] ubuntu apache2

[Frank Gingras]

On Sat, Nov 11, 2023 at 9:25 PM bruce  wrote:

> I wasnt sure if servername is optional, or used. Since I have no
> domain/server, I'm assuming I can the use the test ipAddress..
>
> still testing!
>
> thanks
>
> On Sat, Nov 11, 2023 at 8:46 PM Frank Gingras  wrote:
> >
> >
> >
> > On Sat, Nov 11, 2023 at 8:41 PM bruce  wrote:
> >>
> >> arrggg..
> >>
> >> Ok. something's going on that I'm missing..
> >>
> >> I changed the wave.conf in the /etc/apache/sites-available
> >> /etc/apache2/sites-enabled
> >>
> >> I actually renamed the file to wave.conf1
> >> I did the a2dissites *.conf as well as stopped/restarted apache2
> >>
> >> I then did
> >>  apachectl -S
> >> AH00558: apache2: Could not reliably determine the server's fully
> >> qualified domain name, using 127.0.1.1. Set the 'ServerName' directive
> >> globally to suppress this message
> >> VirtualHost configuration:
> >> *:80   127.0.1.1
> (/etc/apache2/sites-enabled/wave.conf:1)
> >> ServerRoot: "/etc/apache2"
> >> Main DocumentRoot: "/var/www/html"   <<<<<<<< what the heck!!!
> >> Main ErrorLog: "/var/log/apache2/error.log"
> >> Mutex mpm-accept: using_defaults
> >> Mutex watchdog-callback: using_defaults
> >> Mutex rewrite-map: using_defaults
> >> Mutex default: dir="/var/run/apache2/" mechanism=default
> >> PidFile: "/var/run/apache2/apache2.pid"
> >> Define: DUMP_VHOSTS
> >> Define: DUMP_RUN_CFG
> >> User: name="www-data" id=33
> >> Group: name="www-data" id=33
> >>
> >> Main DocumentRoot: "/var/www/html"   <<<<<<<< what the heck!!!
> >> and I get this as the default... where/why is this set?
> >>
> >> did a "find" and only saw it in the /etc/apache/* files I had
> >> renamed.. there are no *.conf for the testing... (for now..)
> >>
> >> any thoughts/ideas!
> >>
> >>
> >> thanks
> >>
> >> On Sat, Nov 11, 2023 at 6:24 PM Frank Gingras 
> wrote:
> >> >
> >> >
> >> >
> >> > On Sat, Nov 11, 2023 at 6:20 PM bruce  wrote:
> >> >>
> >> >> Thanks..
> >> >>
> >> >> Tried again. Same results. As far as 2.2 directives vs 2.4.. could
> you clarify?
> >> >>
> >> >> Pretty sure this is simple.. but can't see what's missing...
> >> >>
> >> >> thanks
> >> >>
> >> >> On Sat, Nov 11, 2023 at 6:05 PM Frank Gingras 
> wrote:
> >> >> >
> >> >> >
> >> >> >
> >> >> > On Sat, Nov 11, 2023 at 5:46 PM bruce  wrote:
> >> >> >>
> >> >> >> Hi Frank!!
> >> >> >>
> >> >> >> thanks for the reply.
> >> >> >>
> >> >> >> If you don't mind.. here's my setup
> >> >> >> ubuntu -- apache2
> >> >> >>
> >> >> >>
> >> >> >> /etc/apache2/mods-available/alias.conf
> >> >> >> --
> >> >> >> Alias /icons/ "/usr/share/apache2/icons/"
> >> >> >> #Alias /wave/ "/var/www/html/wave"
> >> >> >> Alias /wave/ "/var/www/html/wave/wave/public"
> >> >> >>
> >> >> >> 
> >> >> >> Options FollowSymlinks
> >> >> >> AllowOverride None
> >> >> >> Require all granted
> >> >> >> 
> >> >> >>
> >> >> >> ---
> >> >> >> ls -al /var/www/html/wave/wave/public
> >> >> >>  www-data:www-data  (775)
> >> >> >>
> >> >> >> ls -al /var/www/html/wave/wave/storage
> >> >> >>  www-data:www-data  (775)
> >> >> >>
> >> >> >>
> >> >> >> /etc/apache2/sites-available/wave
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >> ls -al /etc/apache2/sites-available
> >> >> >> -rw-r--r-- 1 root root  516 Nov  2 

Re: [users@httpd] ubuntu apache2

[Frank Gingras]

On Sat, Nov 11, 2023 at 8:41 PM bruce  wrote:

> arrggg..
>
> Ok. something's going on that I'm missing..
>
> I changed the wave.conf in the /etc/apache/sites-available
> /etc/apache2/sites-enabled
>
> I actually renamed the file to wave.conf1
> I did the a2dissites *.conf as well as stopped/restarted apache2
>
> I then did
>  apachectl -S
> AH00558: apache2: Could not reliably determine the server's fully
> qualified domain name, using 127.0.1.1. Set the 'ServerName' directive
> globally to suppress this message
> VirtualHost configuration:
> *:80   127.0.1.1 (/etc/apache2/sites-enabled/wave.conf:1)
> ServerRoot: "/etc/apache2"
> Main DocumentRoot: "/var/www/html"   <<<<<<<< what the heck!!!
> Main ErrorLog: "/var/log/apache2/error.log"
> Mutex mpm-accept: using_defaults
> Mutex watchdog-callback: using_defaults
> Mutex rewrite-map: using_defaults
> Mutex default: dir="/var/run/apache2/" mechanism=default
> PidFile: "/var/run/apache2/apache2.pid"
> Define: DUMP_VHOSTS
> Define: DUMP_RUN_CFG
> User: name="www-data" id=33
> Group: name="www-data" id=33
>
> Main DocumentRoot: "/var/www/html"   <<<<<<<< what the heck!!!
> and I get this as the default... where/why is this set?
>
> did a "find" and only saw it in the /etc/apache/* files I had
> renamed.. there are no *.conf for the testing... (for now..)
>
> any thoughts/ideas!
>
>
> thanks
>
> On Sat, Nov 11, 2023 at 6:24 PM Frank Gingras  wrote:
> >
> >
> >
> > On Sat, Nov 11, 2023 at 6:20 PM bruce  wrote:
> >>
> >> Thanks..
> >>
> >> Tried again. Same results. As far as 2.2 directives vs 2.4.. could you
> clarify?
> >>
> >> Pretty sure this is simple.. but can't see what's missing...
> >>
> >> thanks
> >>
> >> On Sat, Nov 11, 2023 at 6:05 PM Frank Gingras 
> wrote:
> >> >
> >> >
> >> >
> >> > On Sat, Nov 11, 2023 at 5:46 PM bruce  wrote:
> >> >>
> >> >> Hi Frank!!
> >> >>
> >> >> thanks for the reply.
> >> >>
> >> >> If you don't mind.. here's my setup
> >> >> ubuntu -- apache2
> >> >>
> >> >>
> >> >> /etc/apache2/mods-available/alias.conf
> >> >> --
> >> >> Alias /icons/ "/usr/share/apache2/icons/"
> >> >> #Alias /wave/ "/var/www/html/wave"
> >> >> Alias /wave/ "/var/www/html/wave/wave/public"
> >> >>
> >> >> 
> >> >> Options FollowSymlinks
> >> >> AllowOverride None
> >> >> Require all granted
> >> >> 
> >> >>
> >> >> ---
> >> >> ls -al /var/www/html/wave/wave/public
> >> >>  www-data:www-data  (775)
> >> >>
> >> >> ls -al /var/www/html/wave/wave/storage
> >> >>  www-data:www-data  (775)
> >> >>
> >> >>
> >> >> /etc/apache2/sites-available/wave
> >> >>
> >> >>
> >> >>
> >> >> ls -al /etc/apache2/sites-available
> >> >> -rw-r--r-- 1 root root  516 Nov  2 19:11 wave.conf
> >> >>
> >> >> cat /etc/apache2/sites-available/wave.conf
> >> >> 
> >> >> ServerAdmin ad...@example.com
> >> >> ServerName  temp
> >> >> ServerAlias temp
> >> >>  DocumentRoot   /var/www/html/wave/wave/public
> >> >>
> >> >> 
> >> >> Options Indexes FollowSymLinks MultiViews
> >> >> AllowOverride All
> >> >> Order allow,deny
> >> >> allow from all
> >> >> Require all granted
> >> >> 
> >> >>
> >> >> LogLevel debug
> >> >> ErrorLog ${APACHE_LOG_DIR}/error.log
> >> >> CustomLog ${APACHE_LOG_DIR}/access.log combined
> >> >> 
> >> >>
> >> >>
> 
> >> >>
> >> >> and then simply run
> >> >> a2ensite wave.conf
&

Re: [users@httpd] Unicode Chars not working

[Frank Gingras]

On Sat, Nov 11, 2023 at 8:31 PM phunction  wrote:

> Seeing how it's an exact copy from the other server and the other server
> is fine I would think that's more of a Apache configuration isn't it?
>
> The content itself does not specify a character set.
>
>
>
> Sent from my Galaxy
>
>
>  Original message 
> From: Frank Gingras 
> Date: 2023-11-11 4:02 p.m. (GMT-08:00)
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Unicode Chars not working
>
>
>
> On Sat, Nov 11, 2023 at 6:49 PM Chris me  wrote:
>
>> Hi,
>>
>> I am moving my site from one server to another, both are apache 2. The
>> files where tarred and zipped on one linux server and copied to another
>> linux server.
>>
>>
>>
>> On the new server, any pages with a Unicode character is getting served
>> with the black diamond and question mark.
>>
>>
>>
>> I enabled AddDefaultCharset UTF-8 on the new server it does not make a
>> difference.
>>
>>
>>
>> What else do I need to change?
>>
>
> Are you sure your content is not producing html header with the wrong
> charset? I would inspect it.
>

Try to inspect the response headers with your browser (F12) next.

Re: [users@httpd] Unicode Chars not working

[Frank Gingras]

On Sat, Nov 11, 2023 at 6:49 PM Chris me  wrote:

> Hi,
>
> I am moving my site from one server to another, both are apache 2. The
> files where tarred and zipped on one linux server and copied to another
> linux server.
>
>
>
> On the new server, any pages with a Unicode character is getting served
> with the black diamond and question mark.
>
>
>
> I enabled AddDefaultCharset UTF-8 on the new server it does not make a
> difference.
>
>
>
> What else do I need to change?
>

Are you sure your content is not producing html header with the wrong
charset? I would inspect it.

Re: [users@httpd] ubuntu apache2

[Frank Gingras]

On Sat, Nov 11, 2023 at 6:20 PM bruce  wrote:

> Thanks..
>
> Tried again. Same results. As far as 2.2 directives vs 2.4.. could you
> clarify?
>
> Pretty sure this is simple.. but can't see what's missing...
>
> thanks
>
> On Sat, Nov 11, 2023 at 6:05 PM Frank Gingras  wrote:
> >
> >
> >
> > On Sat, Nov 11, 2023 at 5:46 PM bruce  wrote:
> >>
> >> Hi Frank!!
> >>
> >> thanks for the reply.
> >>
> >> If you don't mind.. here's my setup
> >> ubuntu -- apache2
> >>
> >>
> >> /etc/apache2/mods-available/alias.conf
> >> --
> >> Alias /icons/ "/usr/share/apache2/icons/"
> >> #Alias /wave/ "/var/www/html/wave"
> >> Alias /wave/ "/var/www/html/wave/wave/public"
> >>
> >> 
> >> Options FollowSymlinks
> >> AllowOverride None
> >> Require all granted
> >> 
> >>
> >> ---
> >> ls -al /var/www/html/wave/wave/public
> >>  www-data:www-data  (775)
> >>
> >> ls -al /var/www/html/wave/wave/storage
> >>  www-data:www-data  (775)
> >>
> >>
> >> /etc/apache2/sites-available/wave
> >>
> >>
> >>
> >> ls -al /etc/apache2/sites-available
> >> -rw-r--r-- 1 root root  516 Nov  2 19:11 wave.conf
> >>
> >> cat /etc/apache2/sites-available/wave.conf
> >> 
> >> ServerAdmin ad...@example.com
> >> ServerName  temp
> >> ServerAlias temp
> >>  DocumentRoot   /var/www/html/wave/wave/public
> >>
> >> 
> >> Options Indexes FollowSymLinks MultiViews
> >> AllowOverride All
> >> Order allow,deny
> >> allow from all
> >> Require all granted
> >> 
> >>
> >> LogLevel debug
> >> ErrorLog ${APACHE_LOG_DIR}/error.log
> >> CustomLog ${APACHE_LOG_DIR}/access.log combined
> >> 
> >>
> >>
> 
> >>
> >> and then simply run
> >> a2ensite wave.conf
> >> service apache2 reload
> >> systemctl restart apache2
> >>
> >> to restart apache...
> >>
> >> and the test site
> >>  http://161.35.5.174/wave
> >>
> >> should appear??
> >>
> >> Is there anything else you see that I need to implement?
> >>
> >> thanks
> >>
> >>
> >> On Sat, Nov 11, 2023 at 5:24 PM Frank Gingras 
> wrote:
> >> >
> >> >
> >> >
> >> > On Sat, Nov 11, 2023 at 5:16 PM bruce  wrote:
> >> >>
> >> >> Hi.
> >> >>
> >> >> Trying to set up a test http://1.2.3.4/foo
> >> >>
> >> >> where I have a laravel/php setup
> >> >>  /var/www/html/foo/foo/public <<<
> >> >>
> >> >> As far as I can tell, there should be an "alias.conf" -- foo.conf in
> the
> >> >> /etc/apache2/conf-availables/alias.conf
> >> >> /etc/apache2/sites-available/foo
> >> >>
> >> >> and the base httpd.conf
> >> >>
> >> >> I think there needs to be "rewrite" in there somewhere as well.
> >> >>
> >> >> Anyone have a solid example of how this should be put together, the
> >> >> steps required.
> >> >>
> >> >> I seem to be getting an index list.
> >> >>
> >> >>
> >> >> At the same time, once this works, I'm going to also "test/try" to
> get
> >> >> a javascript app running that can be viewed/displayed from the same
> >> >> test server.
> >> >>
> >> >> The test server is a digitalocean ubuntu, easily accessible if you
> >> >> want to look at the dir/tree/files.
> >> >>
> >> >> thanks
> >> >>
> >> >> -
> >> >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> >> >> For additional commands, e-mail: users-h...@httpd.apache.org
> >> >>
> >> >
> >> > All you need is Alias /foo /var/www/html/foo/foo/public in your
> vhost. Why do you think you need to use mod_rewrite, as well?
> >> >
> >> > Finally, you'll need to configure httpd to parse php content, see:
> >> >
> >> > https://cwiki.apache.org/confluence/display/HTTPD/PHP-FPM
> >> >
> >> >
> >>
> >> -
> >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> >> For additional commands, e-mail: users-h...@httpd.apache.org
> >>
> >
> > This isn't really a ubuntu-centric mailing list, to be fair.
> >
> > I would recommend you run apachectl -S to verify that:
> >
> > 1) Your vhosts are properly defined
> > 2) Then examine the configuration of each vhost
> >
> > I would also certainly not use 2.2 authz directives, so I would stop
> reading whatever site or howto recommended that.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
The Order/Allow/Deny directives should not be used any more, and you should
unload the mod_access_compat module as well.

As for seeing the directory listing, you are probably missing the
DirectoryIndex directive.

Re: [users@httpd] ubuntu apache2

[Frank Gingras]

On Sat, Nov 11, 2023 at 5:46 PM bruce  wrote:

> Hi Frank!!
>
> thanks for the reply.
>
> If you don't mind.. here's my setup
> ubuntu -- apache2
>
>
> /etc/apache2/mods-available/alias.conf
> --
> Alias /icons/ "/usr/share/apache2/icons/"
> #Alias /wave/ "/var/www/html/wave"
> Alias /wave/ "/var/www/html/wave/wave/public"
>
> 
> Options FollowSymlinks
> AllowOverride None
> Require all granted
> 
>
> ---
> ls -al /var/www/html/wave/wave/public
>  www-data:www-data  (775)
>
> ls -al /var/www/html/wave/wave/storage
>  www-data:www-data  (775)
>
>
> /etc/apache2/sites-available/wave
>
>
>
> ls -al /etc/apache2/sites-available
> -rw-r--r-- 1 root root  516 Nov  2 19:11 wave.conf
>
> cat /etc/apache2/sites-available/wave.conf
> 
> ServerAdmin ad...@example.com
> ServerName  temp
> ServerAlias temp
>  DocumentRoot   /var/www/html/wave/wave/public
>
> 
> Options Indexes FollowSymLinks MultiViews
> AllowOverride All
> Order allow,deny
> allow from all
> Require all granted
> 
>
> LogLevel debug
> ErrorLog ${APACHE_LOG_DIR}/error.log
> CustomLog ${APACHE_LOG_DIR}/access.log combined
> 
>
>
> 
>
> and then simply run
> a2ensite wave.conf
> service apache2 reload
> systemctl restart apache2
>
> to restart apache...
>
> and the test site
>  http://161.35.5.174/wave
>
> should appear??
>
> Is there anything else you see that I need to implement?
>
> thanks
>
>
> On Sat, Nov 11, 2023 at 5:24 PM Frank Gingras  wrote:
> >
> >
> >
> > On Sat, Nov 11, 2023 at 5:16 PM bruce  wrote:
> >>
> >> Hi.
> >>
> >> Trying to set up a test http://1.2.3.4/foo
> >>
> >> where I have a laravel/php setup
> >>  /var/www/html/foo/foo/public <<<
> >>
> >> As far as I can tell, there should be an "alias.conf" -- foo.conf in the
> >> /etc/apache2/conf-availables/alias.conf
> >> /etc/apache2/sites-available/foo
> >>
> >> and the base httpd.conf
> >>
> >> I think there needs to be "rewrite" in there somewhere as well.
> >>
> >> Anyone have a solid example of how this should be put together, the
> >> steps required.
> >>
> >> I seem to be getting an index list.
> >>
> >>
> >> At the same time, once this works, I'm going to also "test/try" to get
> >> a javascript app running that can be viewed/displayed from the same
> >> test server.
> >>
> >> The test server is a digitalocean ubuntu, easily accessible if you
> >> want to look at the dir/tree/files.
> >>
> >> thanks
> >>
> >> -
> >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> >> For additional commands, e-mail: users-h...@httpd.apache.org
> >>
> >
> > All you need is Alias /foo /var/www/html/foo/foo/public in your vhost.
> Why do you think you need to use mod_rewrite, as well?
> >
> > Finally, you'll need to configure httpd to parse php content, see:
> >
> > https://cwiki.apache.org/confluence/display/HTTPD/PHP-FPM
> >
> >
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
This isn't really a ubuntu-centric mailing list, to be fair.

I would recommend you run apachectl -S to verify that:

1) Your vhosts are properly defined
2) Then examine the configuration of each vhost

I would also certainly not use 2.2 authz directives, so I would stop
reading whatever site or howto recommended that.

Re: [users@httpd] ubuntu apache2

[Frank Gingras]

On Sat, Nov 11, 2023 at 5:16 PM bruce  wrote:

> Hi.
>
> Trying to set up a test http://1.2.3.4/foo
>
> where I have a laravel/php setup
>  /var/www/html/foo/foo/public <<<
>
> As far as I can tell, there should be an "alias.conf" -- foo.conf in the
> /etc/apache2/conf-availables/alias.conf
> /etc/apache2/sites-available/foo
>
> and the base httpd.conf
>
> I think there needs to be "rewrite" in there somewhere as well.
>
> Anyone have a solid example of how this should be put together, the
> steps required.
>
> I seem to be getting an index list.
>
>
> At the same time, once this works, I'm going to also "test/try" to get
> a javascript app running that can be viewed/displayed from the same
> test server.
>
> The test server is a digitalocean ubuntu, easily accessible if you
> want to look at the dir/tree/files.
>
> thanks
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
All you need is Alias /foo /var/www/html/foo/foo/public in your vhost. Why
do you think you need to use mod_rewrite, as well?

Finally, you'll need to configure httpd to parse php content, see:

https://cwiki.apache.org/confluence/display/HTTPD/PHP-FPM

Re: [users@httpd] Weird issue with "H2Push" combined with FilesMatch

[Frank Gingras]

On Tue, Oct 24, 2023 at 2:02 PM Paul  wrote:

> On 2023-10-24 13:17, Jose Stefan wrote:
>
> Please don't top-post
>
> > No, not that I am aware off. The push is only triggered by the
> > "H2PushResource" directive shown. Which I tried to showcase with the
> > 3^rd  test.
> >
> > Within fileA.php and fileB.php the stylesheet is loaded with this line:
> > 
> >
> > A tag within the html content, and not a header.
> >
> > To perform my tests I'm mostly using the command line:
> > nghttp -vn URL
>
>^^
> What version of Apache / httpd? What server system / version?  I
> personally had never heard of Nghttp, and their website appears to have
> last been updated in 2015. ()
>
>
> >
> > But to remove PHP from the equation. I've now peformed the following
> test.
> >
> >  1. saved the generated content as a static fileA.html
> >  2. changed to this line: 
> >
> > And after the test I still get the push.
> >
> > --Jose Stefan
> >
> > 
> > *From:* Paul 
> > *Sent:* Tuesday, October 24, 2023 12:55 PM
> > *To:* users@httpd.apache.org 
> > *Subject:* Re: [users@httpd] Weird issue with "H2Push" combined with
> > FilesMatch
> > On 2023-10-24 11:31, Jose Stefan wrote:
> >> Hello,
> >>
> >> I have a weird issue while using "H2Push". I'm turning it off, but
> >> depending where it's nested it doesn't work as expected. Subset of
> >> config shown at the end. I'm using version: 2.4.52-1ubuntu4.6 on Ubuntu
> >> 22.04 LTS.
> >>
> >> With the code as presented, it still triggers a push for "fileC.css". I
> >> expect NO push to happen as it is turned off before
> >> the"H2PushResource..." line.
> >
> > Quick question, not a solution.  Does you php (or other static
> > environment) have any 'rel=preload'?
> >>
> >> Here's where I'm confused. I've performed the following individual
> tests:
> >>
> >>   * If I use the "H2Push off" outside of the FilesMatch (and comment the
> >> one inside), The push doesn't happen.
> >>   *
> >> If I use both "H2Push off" and "H2PushResource..." outside of the
> >> FilesMatch (and comment the ones inside), The push doesn't happen.
> >>   * If I comment out the "H2PushResource..." inside the FilesMatch, the
> >> push doesn't happen. Therefore, I know the config is hitting that
> part.
> >>
> >> It's only when both lines are inside the FilesMatch that I don't get
> the
> >> expected results. Yet the context for h2push reads:
> >> Context: server config, virtual host, directory, .htaccess
> >>
> >> The plan, eventually, is to enable just the early hints and not the
> >> push. But I haven't even gotten to testing that part yet. My version of
> >> httpd doesn't support "H2EarlyHint".
> >>
> >> Subset of the config:
> >> --
> >> H2Push on
> >> ...
> >> 
> >> 
> >> ...
> >> 
> >> #H2EarlyHints on
> >> #H2Push off
> >> #H2PushResource /fileC.css
> >> 
> >> H2Push off
> >> H2PushResource /fileC.css
> >> #H2EarlyHint ... Available in version 2.4.58 and
> >> later.
> >> 
> >> 
> >> ...
> >> 
> >> ...
> >>
> >
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> > For additional commands, e-mail: users-h...@httpd.apache.org
> >
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
Keep in mind that nghttp2 is a build requirement for HTTP/2, which was
outlined in the threads pertaining to CVE 2033-44487. Testing with that
tool should be fine.

Re: [users@httpd] Unable to build Apache httpd

[Frank Gingras]

Perhaps the libtool version is older/different - what happens when you
remove the space?

On Fri, Oct 20, 2023 at 12:19 PM Daga, Navin (Navin) 
wrote:

> I'm trying to build Apache httpd RPM from the source tarball as mentioned
> in https://httpd.apache.org/docs/2.4/install.html
>
>
>
> However, it always fails with the error "libtool:   error: require no
> space between '-L' and '-R'"
>
>
>
> Complete Error :
>
> /usr/lib64/apr-1/build/libtool --silent --mode=link gcc   -o
> htpasswd  htpasswd.lo passwd_common.lo   -L -R -laprutil-1 -ldb-5.3
> -lexpat
>
> /usr/lib64/libapr-1.la -lpthread -lcrypt
>
> libtool:   error: require no space between '-L' and '-R'
>
> make[2]: *** [Makefile:48: htpasswd] Error 1
>
> make[2]: Leaving directory '/httpd-2.4.58/support'
>
> make[1]: *** [/httpd-2.4.58/build/rules.mk:75: all-recursive] Error 1
>
> make[1]: Leaving directory '/httpd-2.4.58/support'
>
> make: *** [/httpd-2.4.58/build/rules.mk:75: all-recursive] Error 1
>
>
>
> Tried Building older version and get the same error and did not find
> anything when searching for similar errors.
>
>
>
> Any help on what this could be?
>
>
>
> Thanks
>

Re: [users@httpd] CVE-2033-44487

[Frank Gingras]

Yes, you need to upgrade to 2.4.58, and make sure your system has nghttp2
.57 installed.

On Thu, Oct 19, 2023 at 7:31 PM Brian Southern 
wrote:

> Has anyone been able to definitively determine if Apache HTTP 2.4.53 is
> vulnerable to CVE-2023-44487?  I've found forums where users and apparent
> sysadmins indicate it may be, however the only reference to this CVE I've
> been able to locate on Apache.org is as a comment made within another CVE
> vulnerability fix report.
>
> thank you.
>

Re: [users@httpd] basic question ---

[Frank Gingras]

Can you keep the replies on-list?

Multiviews is just the simplest approach, and there is no such thing as
"everyone does X". It depends.

You can certainly solve a problem in the most convoluted way possible, but
it doesn't mean that it's the correct way.

On Mon, Oct 16, 2023 at 5:22 PM Tatsuki Makino 
wrote:

> Hello.
>
> Frank Gingras wrote on 2023/10/17 02:22:
> > That's just multiviews.
>
> For that matter, do everyone else do multiviews?
> What if we simply name the file b, and then do the following?
>
> 
>  
>   SetHandler php-script
>  
>  
>   # If it works via CGI as well.
>   SetHandler cgi-script
>  
> 
>
> Regards.
>
>

Re: [users@httpd] basic question ---

[Frank Gingras]

That's just multiviews.

On Mon, Oct 16, 2023 at 12:49 PM bruce  wrote:

> Hi Frank.
>
> Thanks for the reply.
>
> Not converting.
>
> But I've seen example open source demo/apps
>  where the app/url
>http://www.foo.com/a
>http://www.foo.com/b
>  are valid...
>
> and when I inspect the dir, I get
>  a.php   - b.php...
>
> So I'm assuming that there's something happening in the  httpd.conf that's
>  "hiding"/handling the ".php" extension.
>
>
> So, trying to understand, so I can do my own personal test.
>
> thanks
>
> On Mon, Oct 16, 2023 at 12:25 PM Frank Gingras  wrote:
> >
> > You should use multviews, so that if you request /a, it will expand to
> a.php.
> >
> > Converting a.php to b.php makes no sense; why would you request another
> script in that case?
> >
> > You should also look at the FallbackResource directive, and use pathinfo
> to handle URI parameters, instead of the query string.
> >
> > On Mon, Oct 16, 2023 at 12:19 PM bruce  wrote:
> >>
> >> running apache2
> >> old copy of centos
> >>
> >> trying to understand how to test a few things.
> >>
> >> I can have
> >>  http://www.abc.com/a.php
> >>
> >> a.php can fire off a page to "b.php"
> >>
> >> I'm trying to figure out what to do in the httpd.conf file to
> >>  "ignore/hide" the .php
> >>
> >> so the displayed url would be
> >>  http://www.abc.com/b
> >> or
> >>  http://www.abc.com/b?qq=1=2.
> >>
> >> any pointers would be helpful!
> >>
> >> oh, the test is a subdir off the main /var/www/html/testapp <<
> >>
> >> thanks
> >>
> >> -
> >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> >> For additional commands, e-mail: users-h...@httpd.apache.org
> >>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] basic question ---

[Frank Gingras]

You should use multviews, so that if you request /a, it will expand to
a.php.

Converting a.php to b.php makes no sense; why would you request another
script in that case?

You should also look at the FallbackResource directive, and use pathinfo to
handle URI parameters, instead of the query string.

On Mon, Oct 16, 2023 at 12:19 PM bruce  wrote:

> running apache2
> old copy of centos
>
> trying to understand how to test a few things.
>
> I can have
>  http://www.abc.com/a.php
>
> a.php can fire off a page to "b.php"
>
> I'm trying to figure out what to do in the httpd.conf file to
>  "ignore/hide" the .php
>
> so the displayed url would be
>  http://www.abc.com/b
> or
>  http://www.abc.com/b?qq=1=2.
>
> any pointers would be helpful!
>
> oh, the test is a subdir off the main /var/www/html/testapp <<
>
> thanks
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] preciso de ajuda

[Frank Gingras]

I'll answer in English for the benefit of the list (you can use google
translate).

For windows, the recommended installers are from the apache lounge site:

https://www.apachelounge.com/

Alternatively, you can install xampp, but that should not be run in
production.

On Sun, Oct 15, 2023 at 6:17 PM Endel Naiva 
wrote:

> preciso saber como RODAR CORRETAMENTE : INSTALAR , CONFIGURAR E SUBIR o
> Apache 2.4 ou a mais nova versão em meu computador
> com o WINDOWS 10 PRO
>
> Endel
>

Re: [users@httpd] proxying SSL -> SSL

[Frank Gingras]

First, do not define vhosts as :PORT, but rather either *:443 or
IP:443.

Secondly, to proxy from TLS to TLS, you need both SSLEngine on and
SSLProxyEngine on.

Avoid proxying from a  block, unless strictly necessary. Use the
vhost context. You can use the Location block to set headers instead.

Lastly, your TLS vhost requires SSLCertificateFile and
SSLCertificateKeyFile.

On Wed, Oct 4, 2023 at 7:38 AM lejeczek  wrote:

>
>
> On 04/10/2023 10:40, lejeczek wrote:
>
> Hi guys.
>
> I've sroogled & have found people suggesting working examples, I thought I
> had some notes but now I'm thinking I read that it should not work..
> so I'm not sure what to think of this seemingly setup:
>
> 
>   ServerAdmin web...@lemko.xyz
>   ServerName siem.mine.priv
>
>   ErrorLog /var/log/httpd/siem.mine.priv-error_log
>   CustomLog /var/log/httpd/siem.mine.priv-access_log common
>
>   SSLProxyEngine on
>   #SSLEngine on
>   #SSLProxyVerify none
>   #SSLProxyCheckPeerCN off
>   SSLCertificateFile  /etc/pki/tls/certs/siem.mine.priv.crt
>   SSLCertificateKeyFile   /etc/pki/tls/private/siem.mine.priv.key
>   #SSLProxyCACertificateFile /etc/wazuh-indexer/certs/root-ca.pem
>   #SSLProxyMachineCertificateFile /etc/wazuh-indexer/certs/admin.pem
>
>   RequestHeader set X-Forwarded-Proto “https”
>   RequestHeader set X-Forwarded-Port “443”
>
>   ProxyRequests Off
>   #ProxyPreserveHost on
>   #ProxyPass /  https://127.0.0.1:8443/
>   #ProxyPassReverse  /  https://127.0.0.1:8443/
>
>   
> # preserve Host header to avoid cross-origin problems
> ProxyPreserveHost on
> # proxy to
> ProxyPass https://127.0.0.1:8443/
> ProxyPassReverse  https://127.0.0.1:8443/
>   
>
> 
>
> As you can see I've fiddle whit all those options in different
> combinations but nothing works for me.
> Would you know how to fix or... perhaps you have Apache rev-proxying to
> Wazuh?
>
> errors in log:
> 
> [Wed Oct 04 10:34:54.179364 2023] [proxy:error] [pid 1069029:tid 1069198]
> (20014)Internal error (specific information not available): [client
> 10.3.9.144:46858] AH01084: pass request body failed to 127.0.0.1:8443
> (127.0.0.1)
> [Wed Oct 04 10:34:54.179394 2023] [proxy:error] [pid 1069029:tid 1069198]
> [client 10.3.9.144:46858] AH00898: Error during SSL Handshake with remote
> server returned by /
> [Wed Oct 04 10:34:54.179397 2023] [proxy_http:error] [pid 1069029:tid
> 1069198] [client 10.3.9.144:46858] AH01097: pass request body failed to
> 127.0.0.1:8443 (127.0.0.1) from 10.3.9.144 ()
>
> many thanks, L.
>
> ought... sometimes systemctl's _reload_ will not do but "full" restart will
>

Re: [users@httpd] Is it true that Nginx is faster, more secure and better than Apache?

[Frank Gingras]

There might be some online, however, due to the different architectures,
they are not likely to be terribly useful. Do avoid the ones that bash
needlessly either product.

On Sat, Sep 30, 2023 at 3:09 AM Jason Long 
wrote:

> Hello,
> Thank you so much for your info.
> Why are they trollish? I am curious to learn more.
> Is there a fair comparison between Apache and Nginx?
>
>
>
> On Saturday, September 30, 2023 at 10:35:12 AM GMT+3:30, Frank Gingras <
> thu...@apache.org> wrote:
>
>
>
>
>
> Additionally, your recent string of questions to this mailing list come
> off as a bit trollish.
>
> On Sat, Sep 30, 2023 at 3:04 AM Frank Gingras  wrote:
> > If any of the mod_php extensions are not thread-safe, you will need to
> use the prefork mpm, which will indeed bloat every httpd worker. This is
> not the ideal nor recommended configuration.
> >
> > Instead, use the event mpm and proxy_fcgi to pass the request to php-fpm.
> >
> > Alternatively, you can recompile php to be thread-safe and use event mpm
> with mod_php, which will give you a small execution speed advantage.
> >
> > The statement you posted is more or less FUD which leaves out very
> important details.
> >
> > On Sat, Sep 30, 2023 at 2:56 AM Jason Long 
> wrote:
> >> Hello,
> >> Is the following sentence correct?
> >> "The way Apache loads PHP in its standard setup (with mod_php) compared
> to Nginx alone puts it at a disadvantage. You will see performance gains,
> particularly in memory usage, just by switching to Nginx, given you're
> using a PHP-driven application."
> >>
> >> Thank you.
> >>
> >> -
> >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> >> For additional commands, e-mail: users-h...@httpd.apache.org
> >>
> >>
> >
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] Is it true that Nginx is faster, more secure and better than Apache?

[Frank Gingras]

Additionally, your recent string of questions to this mailing list come off
as a bit trollish.

On Sat, Sep 30, 2023 at 3:04 AM Frank Gingras  wrote:

> If any of the mod_php extensions are not thread-safe, you will need to use
> the prefork mpm, which will indeed bloat every httpd worker. This is not
> the ideal nor recommended configuration.
>
> Instead, use the event mpm and proxy_fcgi to pass the request to php-fpm.
>
> Alternatively, you can recompile php to be thread-safe and use event mpm
> with mod_php, which will give you a small execution speed advantage.
>
> The statement you posted is more or less FUD which leaves out very
> important details.
>
> On Sat, Sep 30, 2023 at 2:56 AM Jason Long 
> wrote:
>
>> Hello,
>> Is the following sentence correct?
>> "The way Apache loads PHP in its standard setup (with mod_php) compared
>> to Nginx alone puts it at a disadvantage. You will see performance gains,
>> particularly in memory usage, just by switching to Nginx, given you're
>> using a PHP-driven application."
>>
>> Thank you.
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>>
>>

Re: [users@httpd] Is it true that Nginx is faster, more secure and better than Apache?

[Frank Gingras]

If any of the mod_php extensions are not thread-safe, you will need to use
the prefork mpm, which will indeed bloat every httpd worker. This is not
the ideal nor recommended configuration.

Instead, use the event mpm and proxy_fcgi to pass the request to php-fpm.

Alternatively, you can recompile php to be thread-safe and use event mpm
with mod_php, which will give you a small execution speed advantage.

The statement you posted is more or less FUD which leaves out very
important details.

On Sat, Sep 30, 2023 at 2:56 AM Jason Long 
wrote:

> Hello,
> Is the following sentence correct?
> "The way Apache loads PHP in its standard setup (with mod_php) compared to
> Nginx alone puts it at a disadvantage. You will see performance gains,
> particularly in memory usage, just by switching to Nginx, given you're
> using a PHP-driven application."
>
> Thank you.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] ? Apache support for IPv6

[Frank Gingras]

You will need to ask the mailing lists for the projects in question. They
are likely compatible, but don't assume.

On Thu, Sep 28, 2023 at 4:23 PM Cox, Kim A-CTR (FAA)
 wrote:

> Thank you, Frank.  So the Apache related software versions I listed(being
> older than the current release) are fully supported on IPv6?
>
>
>
> *From:* Frank Gingras 
> *Sent:* Thursday, September 28, 2023 4:16 PM
> *To:* users@httpd.apache.org
> *Subject:* Re: [users@httpd] ? Apache support for IPv6
>
>
>
> This mailing list is really for the Apache HTTPd product; IPv6 has been
> fully supported on it for a long time now.
>
>
>
> On Thu, Sep 28, 2023 at 3:10 PM Cox, Kim A-CTR (FAA) <
> kim.a-ctr@faa.gov.invalid> wrote:
>
> Apache mail list members:  I’ve searched the archives and doc for Apache
> support for IPv6  on RedHat Linux 8.x without success.  Can anyone comment
> on support for the following Apache apps, or point me to where to find a
> compatibility matrix for the Apache products and IPv6 please?   Thanks in
> advance.
>
> These are he Apache Apps currently running on RedHat Linux 8.x and IPv4,
> I need to know if I move to IPv6 that that Apache will still run.
>
>
>
> ApacheCamel 2.25.2, ApacheCommonsBeanUtils 1.9.4, ApacheCommonsCLI 1.3,
>
> ApacheCommonsCodec  1.11,ApacheCommonsCollections 3.2.2,
> ApacheCommonsCompress 1.2,
>
> ApacheCommonsConfiguration   1.1, ApacheCommonsCSV 1.5,ApacheCommonsCXF
> 3.2.5
>
> ApacheCommonsDbcp1.4, ApacheCommonsIO 2.6, ApacheCommonsLang 2.6,
>
> ApacheCommonsLang 3.3.7, ApacheCommonsLogging1.2, ApacheCommonsNet 3.3
>
> ApacheCommonsPool 1.6.0, ApacheCommonsPool2 2.6.0, ApacheDirectoryLDAPAPI
> 1.0.0-RC1
>
> ApacheHttpComponentsHttpClient 4.3.6, ApacheMina 2.0.13, ApacheShiro-Core
> 1.3.2
>
> ApacheThrift 0.10.0, ApacheVelocity 1.7, ApacheWSS4j   2.1.4,
> ApacheXMLBeans 2.6.0
>
> ApacheXMLSchema 2.2.3, ApacheXMLSecurity(XMLSec)   2.0.6
>
>
>
>

Re: [users@httpd] ? Apache support for IPv6

[Frank Gingras]

This mailing list is really for the Apache HTTPd product; IPv6 has been
fully supported on it for a long time now.

On Thu, Sep 28, 2023 at 3:10 PM Cox, Kim A-CTR (FAA)
 wrote:

> Apache mail list members:  I’ve searched the archives and doc for Apache
> support for IPv6  on RedHat Linux 8.x without success.  Can anyone comment
> on support for the following Apache apps, or point me to where to find a
> compatibility matrix for the Apache products and IPv6 please?   Thanks in
> advance.
>
> These are he Apache Apps currently running on RedHat Linux 8.x and IPv4,
> I need to know if I move to IPv6 that that Apache will still run.
>
>
>
> ApacheCamel 2.25.2, ApacheCommonsBeanUtils 1.9.4, ApacheCommonsCLI 1.3,
>
> ApacheCommonsCodec  1.11,ApacheCommonsCollections 3.2.2,
> ApacheCommonsCompress 1.2,
>
> ApacheCommonsConfiguration   1.1, ApacheCommonsCSV 1.5,ApacheCommonsCXF
> 3.2.5
>
> ApacheCommonsDbcp1.4, ApacheCommonsIO 2.6, ApacheCommonsLang 2.6,
>
> ApacheCommonsLang 3.3.7, ApacheCommonsLogging1.2, ApacheCommonsNet 3.3
>
> ApacheCommonsPool 1.6.0, ApacheCommonsPool2 2.6.0, ApacheDirectoryLDAPAPI
> 1.0.0-RC1
>
> ApacheHttpComponentsHttpClient 4.3.6, ApacheMina 2.0.13, ApacheShiro-Core
> 1.3.2
>
> ApacheThrift 0.10.0, ApacheVelocity 1.7, ApacheWSS4j   2.1.4,
> ApacheXMLBeans 2.6.0
>
> ApacheXMLSchema 2.2.3, ApacheXMLSecurity(XMLSec)   2.0.6
>
>
>

Re: [users@httpd] Apache web server httpd in Netgear Wireless Router WNR3500L

[Frank Gingras]

You should ask the Netgear / busybox folks instead of this mailing list.

Especially the former as they ship your product.

On Wed., Sep. 27, 2023, 6:45 a.m. Turritopsis Dohrnii Teo En Ming, <
tdtemc...@gmail.com> wrote:

> Subject: Apache web server httpd in Netgear Wireless Router WNR3500L
>
> Good day from Singapore,
>
> Release version : Netgear Wireless Router WNR3500L
> U12H13699/V1.0.2.35/32.1.9_TR069_0528
> Time : May 29 2010 10:31:41
> CFE version : v1.0.36
>
> We were trying to login to the Netgear wireless router but the web UI
> was not available. Then we managed to telnet (TCP port 23) into the
> Netgear wireless router.
> The operating system is BusyBox. I am sorry I did not note down the
> version of BusyBox. BusyBox is a stripped-down version of the Linux
> operating system. When I run the Linux command "httpd", the Apache web
> server started and we managed to login to the web UI already.
>
> But when we need to reboot the Netgear wireless router, where are the
> Apache web server httpd autostart scripts? Do we have to manually
> execute the httpd command every time we reboot the Netgear wireless
> router?
>
> Why was httpd not running when we tried to login to the web UI? Did
> somebody kill the httpd process or deleted the httpd autostart
> scripts?
>
> Please advise.
>
> Thank you.
>
> Regards,
>
> Mr. Turritopsis Dohrnii Teo En Ming
> Targeted Individual in Singapore
> Blogs:
> https://tdtemcerts.blogspot.com
> https://tdtemcerts.wordpress.com
> GIMP also stands for Government-Induced Medical Problems.
>
> I have configured, setup and deployed 22 Fortigate firewall appliances
> for 20 companies/organizations in Singapore so far as of 27 Sep 2023
> Wed.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] Apache on the different platforms

[Frank Gingras]

Greg,

The question was aimed at the original poster.

On Sun, Sep 24, 2023 at 8:40 PM Gregory Kuzmicki 
wrote:

> 8:38 PM EDT (Sunday)
>
> Jason:
> A dynamic link library on windows(. dll) is like a shared library(. so)
> on linux
> -Greg
>
> Frank:
>
> For me personally, what I am working on is PCI compliant payment
> processing. I am trying to process Visa, MasterCard, AMEX, in compliance
> with PCI standards for a series of *NAS VENDING MACHINES* -- I am the lead
> R/owner in my team; I have research assts. and several volunteers.
> Similarly, I am trying to create bank accounts/retirement accounts for my
> employees and manage their company spend budget with a terminal card /
> debit card / or other payment card. Ideally we would like to keep iterating
> on a system such that we can move beyond the "expiration date"
> feature/security tool and issue a card that expires naturally with its user.
>
>
> -Greg
>
> On Sunday, September 24, 2023, Frank Gingras  wrote:
>
>> This sounds like a homework question... what problem are you trying to
>> solve, exactly?
>>
>> On Sun, Sep 24, 2023 at 2:16 PM Jason Long 
>> wrote:
>>
>>> Hello,
>>> Thank you so much for your reply.
>>> Which libraries are common between the Linux and Windows operating
>>> systems?
>>>
>>>
>>> On Sun, Sep 24, 2023 at 9:29 PM, Frank Gingras
>>>  wrote:
>>> It depends on the vulnerability, and if some library is the culprit, and
>>> if that library is present on that operating system.
>>>
>>> On Sun, Sep 24, 2023 at 1:56 PM Jason Long 
>>> wrote:
>>>
>>> Hello,
>>> If a vulnerability is found in the Apache web server, then does that
>>> vulnerability work both in Apache under Linux and Windows operating systems?
>>>
>>>
>>> Thank you.
>>>
>>>
>
> --
> Sent from my iPhone
>

Re: [users@httpd] Apache on the different platforms

[Frank Gingras]

This sounds like a homework question... what problem are you trying to
solve, exactly?

On Sun, Sep 24, 2023 at 2:16 PM Jason Long 
wrote:

> Hello,
> Thank you so much for your reply.
> Which libraries are common between the Linux and Windows operating systems?
>
>
> On Sun, Sep 24, 2023 at 9:29 PM, Frank Gingras
>  wrote:
> It depends on the vulnerability, and if some library is the culprit, and
> if that library is present on that operating system.
>
> On Sun, Sep 24, 2023 at 1:56 PM Jason Long 
> wrote:
>
> Hello,
> If a vulnerability is found in the Apache web server, then does that
> vulnerability work both in Apache under Linux and Windows operating systems?
>
>
> Thank you.
>
>

Re: [users@httpd] Apache on the different platforms

[Frank Gingras]

It depends on the vulnerability, and if some library is the culprit, and if
that library is present on that operating system.

On Sun, Sep 24, 2023 at 1:56 PM Jason Long 
wrote:

> Hello,
> If a vulnerability is found in the Apache web server, then does that
> vulnerability work both in Apache under Linux and Windows operating systems?
>
>
> Thank you.
>
>

Re: [users@httpd] Inquiry about apache httpd compile option

[Frank Gingras]

Take a look at the ldd output instead.

On Mon., Sep. 18, 2023, 6:40 a.m. (대학원생) 양성현 (컴퓨터공학과), 
wrote:

> I appreciate you for your response.
>
> I think some different build commands can make different binary files.
>
> For example, I think that command "./configure" and command "./configure
> --enable-so --enable-ssl" can make each binary file which has different
> functionality.
>
> However, when I see these binary files' bitcode files(e.g., httpd.bc), I
> can not find their difference.
>
> So, I want to know whether apache httpd always supports same binary
> file(named httpd) regardless of compile options and whether configuration
> options of apache httpd are always determined by configuration files(e.g.,
> httpd.conf).
> --
> *보낸 사람:* Frank Gingras 
> *보낸 날짜:* 2023년 9월 16일 토요일 오전 3:20
> *받는 사람:* users@httpd.apache.org 
> *제목:* Re: [users@httpd] Inquiry about apache httpd compile option
>
> What is the problem you are trying to solve here with those compile
> options?
>
> On Sun, Sep 10, 2023 at 5:28 AM (대학원생) 양성현 (컴퓨터공학과) 
> wrote:
>
> Hello,
>
> First of all, thank you for reading this mail.
>
> I send an email to this address to ask three questions about apache httpd
> compilation.
>
> First, I am curious whether it is possible to know the compile option by
> only using httpd binary file.
> I tried to compare the compile options between Bitnami and Drupal which
> are the containers using apache httpd server.
> I could find the compile option of Bitnami from config.nice file in
> Bitnami's container.
> However, I could not see any information of Drupal's compile option in
> Drupal's container.
>
> So, I am curious whether it is possible to find the compile option of
> apache httpd by only using httpd binary file or apache2 binary file.
>
>
> Second, does configure option(e.g., --enable-ssl --enable-so) which is
> used to build the apache httpd affect the httpd binary file?
> I think that if the configure option is different, the httpd binary file
> is also different.
> However, when I compiled the httpd program with two options (one command
> is "./configure" and the other is "./configure --enable-ssl --enable-so")
> and llvm, I could get the same bitcode files from two different options.
>
> So, I am curious whether the configure option affects building apache
> httpd. If it does not affect, I also want to know whether apache httpd only
> uses same httpd binary file and supports some functions by only using
> configuration file (e.g, httpd.conf).
>
>
> Lastly, may I know the compile option of httpd or apache2 which they can
> be installed using commands (e.g, apt install apache2)?
>
>
> I am not sure whether asking these questions to this mail is right. If it
> is not right, may I know where should I ask about these questions?
>
>
> I appreciate you for reading this email.
>
> I look forward to hearing from you.
>
> Sincerely,
>
>

Re: [users@httpd] How do I choose the best settings for the Apache Server?

[Frank Gingras]

You will need to ask the cpanel community in that case.

On Sun, Sep 17, 2023 at 2:19 AM Jason Long 
wrote:

> Hello,
> In the Apache configuration file, there is the following text:
>
> DO NOT EDIT. AUTOMATICALLY GENERATED.  USE INCLUDE FILES IF YOU NEED TO
> MAKE A CHANGE
> ...
> #/etc/apache2/conf.d/includes/pre_main_global.conf
> #/etc/apache2/conf.d/includes/pre_virtualhost_global.conf
> #/etc/apache2/conf.d/includes/post_virtualhost_global.conf
> ...
>
> So because of cPanel, any changes I make are lost. In which of the above
> files should I apply the changes?
>
>
>
>
> On Saturday, September 16, 2023 at 02:15:06 AM GMT+3:30, Frank Gingras <
> thu...@apache.org> wrote:
>
>
>
>
>
> You can only load one mpm module at a time. Run apachectl -M to see the
> loaded mpm.
>
> On Fri, Sep 15, 2023 at 6:19 PM Jason Long 
> wrote:
> > Hello,
> > What happens if I use both modules at the same time?
> >
> >
> >
> >>
> >>
> >> On Fri, Sep 15, 2023 at 3:08 PM, Daniel Ferradal
> >>  wrote:
> >>
> >>
> >>
> >>
> >>
> >> El vie, 15 sept 2023 a las 13:36, Daniel Ferradal (<
> dferra...@apache.org>) escribió:
> >>>
> >>> When I probably recommended  MaxSpareThreads == to MaxRequestWorkers
> was due to Apache httpd with third party modules not restarting gracefully,
> that along to MaxConnectionsPerChild 0 would prevent HTTPD from trying to
> restart them.
> >>>
> >> I meant httpd server child processes not restarting gracefully
> >>
> >>
> >> --
> >> Daniel Ferradal
> >> HTTPD Project
> >> #httpd help at Libera.Chat
> >>
> >>
> >>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] How do I choose the best settings for the Apache Server?

[Frank Gingras]

You can only load one mpm module at a time. Run apachectl -M to see the
loaded mpm.

On Fri, Sep 15, 2023 at 6:19 PM Jason Long 
wrote:

> Hello,
> What happens if I use both modules at the same time?
>
>
> On Fri, Sep 15, 2023 at 3:08 PM, Daniel Ferradal
>  wrote:
>
>
> El vie, 15 sept 2023 a las 13:36, Daniel Ferradal ()
> escribió:
>
>
> When I probably recommended  MaxSpareThreads == to MaxRequestWorkers was
> due to Apache httpd with third party modules not restarting gracefully,
> that along to MaxConnectionsPerChild 0 would prevent HTTPD from trying to
> restart them.
>
> I meant httpd server child processes not restarting gracefully
>
>
> --
> Daniel Ferradal
> HTTPD Project
> #httpd help at Libera.Chat
>
>

Re: [users@httpd] Apache Perms for Django

[Frank Gingras]

I would take a look at:

https://cwiki.apache.org/confluence/display/httpd/13PermissionDenied

On Mon, Sep 4, 2023 at 2:01 AM Ahmad Bilal 
wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> I am in the final stage of Django deployment on Apache+mod_wsgi
> however I keep getting `403 Forbidden` error when I go to `127.0.0.1`
> my apache log says this:
>
> [core:error] [pid 7092:tid 7264] (13)Permission denied: [client
> 127.0.0.1:57598] AH00035: access to / denied (filesystem path
> '/home/djangouser/djangoprojects') because search permissions are missing
> on a component of the path
>
> I have already given 755 permission on each folder and 644 permissions to
> files
> 11:27
> I made the wsgi.py file as 755 as well
> Someone mentioned that maybe Apache is not being able to access the file
> mod_wsgi is running in daemon mode .. as djangouser (second
> non-priviledged linux user)
> just following the documentation.. on both Django and Apache+mod_wsgi
> This is my custom apache config file
> https://paste.pythondiscord.com/55JQ (edited)
> 11:28
> somebody told me.. that Apache should be made group owner of the top-most
> folder.. But I am not sure if that is a good idea
>
>
> Sent with Proton Mail secure email.
> -BEGIN PGP SIGNATURE-
> Version: ProtonMail
>
> wsBzBAEBCAAnBYJk9XJ5CZD3irc5ItUgGhYhBDkFTpuTInATMeXMGveKtzki
> 1SAaAACk/gf/QaUTDvWw30t5kLrNZ7PcwDQqQT0s7rLLuUqsC3VGhmLAyqy6
> N7poU0xfhyuMC57KtTDA7R9zUIzCtnV5ZLfgLXT6Y37NS8DuRlyWQVkkQka5
> 90OBvOxRLcM97Ztinvv4pUoGqqS8h5lUb/GifezJv/3S2sDH6gOXnNPd7BIA
> kjnZJzmF7tEewWPu37jVM1Qh6YHOJ1UfnAtzyE9nt+h9IufsP80OQyam2R4a
> fLfvqAep6k5mpG2rs2wijl3F8R7rS3B8JDaQ8jHlO9vBELJzE5eIDr9oP13Z
> oLn9BNhNbBpM+4HmpAUnyxhhH32VRCvLbeAELRsDVlXCENJBhPwF+g==
> =J/3D
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Inquiry about apache httpd compile option

[Frank Gingras]

What is the problem you are trying to solve here with those compile options?

On Sun, Sep 10, 2023 at 5:28 AM (대학원생) 양성현 (컴퓨터공학과) 
wrote:

> Hello,
>
> First of all, thank you for reading this mail.
>
> I send an email to this address to ask three questions about apache httpd
> compilation.
>
> First, I am curious whether it is possible to know the compile option by
> only using httpd binary file.
> I tried to compare the compile options between Bitnami and Drupal which
> are the containers using apache httpd server.
> I could find the compile option of Bitnami from config.nice file in
> Bitnami's container.
> However, I could not see any information of Drupal's compile option in
> Drupal's container.
>
> So, I am curious whether it is possible to find the compile option of
> apache httpd by only using httpd binary file or apache2 binary file.
>
>
> Second, does configure option(e.g., --enable-ssl --enable-so) which is
> used to build the apache httpd affect the httpd binary file?
> I think that if the configure option is different, the httpd binary file
> is also different.
> However, when I compiled the httpd program with two options (one command
> is "./configure" and the other is "./configure --enable-ssl --enable-so")
> and llvm, I could get the same bitcode files from two different options.
>
> So, I am curious whether the configure option affects building apache
> httpd. If it does not affect, I also want to know whether apache httpd only
> uses same httpd binary file and supports some functions by only using
> configuration file (e.g, httpd.conf).
>
>
> Lastly, may I know the compile option of httpd or apache2 which they can
> be installed using commands (e.g, apt install apache2)?
>
>
> I am not sure whether asking these questions to this mail is right. If it
> is not right, may I know where should I ask about these questions?
>
>
> I appreciate you for reading this email.
>
> I look forward to hearing from you.
>
> Sincerely,
>
>

Re: [users@httpd] realtime protection against cloud scans

[Frank Gingras]

Does the traffic from those cloud ranges have any significant impact on
your server performance?

On Tue, Sep 12, 2023 at 10:33 AM Marc  wrote:

>
> Anyone having a suggestion on how to block cloud crawlers/bots? Obviously
> I would like search engine bots to have access, but all the other crap I
> want to lose. Only 'real users'.
>
> What is best practice for this? Just getting amazon, googleusercontent,
> digitalocean, azure ip ranges and put them in something like ipset or are
> there currently better ways of doing this?
>
>
>

Re: [users@httpd] where to change this "internal server error message"

[Frank Gingras]

So we're likely dealing with mod_security overriding the response. I
haven't tinkered with that module in some time to give you a definitive
answer.

On Fri, Sep 15, 2023 at 11:49 AM Marc  wrote:

> >
> > What is returning the 500 response here? Is php/python/perl involved?
>
> No, I think this mod_security is generating this
>
> > As for the scrapers, you are absolutely wasting your time customizing the
> > response. I would just return a 403, actually.
>
> I think you might be right. I did not expect to waste so much time on
> trying to just send an 'empty' body.
>
> >
> >
> >   > See the ErrorDocument directive.
> >
> >   It does not seem to work. It looks like this config is skipped and
> > the error is loaded directly from the httpd binary.
> >
> >   ErrorDocument 500 /406.html
> >
> >   > Now, why is that response not suitable? And why would you respond
> > with a
> >   > 200 for a blocked user agent?
> >
> >   I think it is better to return to scrapers 200 and empty content,
> > instead of notifying them so they can reconfigure their systems.
> >
> >   >
> >   >
> >   >   Where/how can I change this message?
> >   >
> >   >   The server encountered an internal error or
> >   >   misconfiguration and was unable to complete
> >   >   your request.
> >   >   Please contact the server administrator at
> >   >xxx to inform them of the time this error occurred,
> >   >and the actions you performed just before this error.
> >   >   More information about this error may be available
> >   >   in the server error log.
> >   >   
> >   >
> >   >   or as a work-a-round, how can refuse access with
> modsecurity
> > and just
> >   > generate a 200 blank page response.
> >   >
> >   >   SecRule REQUEST_HEADERS:User-Agent "blockthisua"
> >   > "id:'13006',phase:2,log,deny,status:200"
> >   >
> >
> >
>
>

Re: [users@httpd] where to change this "internal server error message"

[Frank Gingras]

What is returning the 500 response here? Is php/python/perl involved?

As for the scrapers, you are absolutely wasting your time customizing the
response. I would just return a 403, actually.

On Fri, Sep 15, 2023 at 11:37 AM Marc  wrote:

>
> > See the ErrorDocument directive.
>
> It does not seem to work. It looks like this config is skipped and the
> error is loaded directly from the httpd binary.
>
> ErrorDocument 500 /406.html
>
> > Now, why is that response not suitable? And why would you respond with a
> > 200 for a blocked user agent?
>
> I think it is better to return to scrapers 200 and empty content, instead
> of notifying them so they can reconfigure their systems.
>
> >
> >
> >   Where/how can I change this message?
> >
> >   The server encountered an internal error or
> >   misconfiguration and was unable to complete
> >   your request.
> >   Please contact the server administrator at
> >xxx to inform them of the time this error occurred,
> >and the actions you performed just before this error.
> >   More information about this error may be available
> >   in the server error log.
> >   
> >
> >   or as a work-a-round, how can refuse access with modsecurity and
> just
> > generate a 200 blank page response.
> >
> >   SecRule REQUEST_HEADERS:User-Agent "blockthisua"
> > "id:'13006',phase:2,log,deny,status:200"
> >
>
>

Re: [users@httpd] where to change this "internal server error message"

[Frank Gingras]

See the ErrorDocument directive.

Now, why is that response not suitable? And why would you respond with a
200 for a blocked user agent?

On Fri, Sep 15, 2023 at 11:26 AM Marc  wrote:

> Where/how can I change this message?
>
> The server encountered an internal error or
> misconfiguration and was unable to complete
> your request.
> Please contact the server administrator at
>  xxx to inform them of the time this error occurred,
>  and the actions you performed just before this error.
> More information about this error may be available
> in the server error log.
> 
>
> or as a work-a-round, how can refuse access with modsecurity and just
> generate a 200 blank page response.
>
> SecRule REQUEST_HEADERS:User-Agent "blockthisua"
> "id:'13006',phase:2,log,deny,status:200"
>

Re: [users@httpd] How do I choose the best settings for the Apache Server?

[Frank Gingras]

There are no "best" values, either way; it depends on your traffic pattern.

Use mod_status with ExtendedStatus on, and monitor /server-status to check
how many idle workers you have, over time.

On Thu, Sep 14, 2023 at 5:45 PM Stormy  wrote:

> On 2023-09-14 16:01, Jason Long wrote:
> > Hello,
> > Thanks again.
> > How about the other parameters? For example, how can I estimate the best
> > value for "MaxRequestsPerChild", "ThreadsPerChild" and etc.?
>
> What is wrong with the default values? Why do you want to "estimate"?
> Have you tried different values? If so, what was the upside/downside of
> your trials? Logs? Stats?
>
> You say somewhere below that your server "uses WordPress, so it also has
> PHP and MySQL."  Fine, these are services (memory and CPU cycles)
> outside the scope of Apache/httpd which just "serves" what it is given
> to "serve."
>
> As an example, I have just rewritten a quite big (474 Gb) WP website in
> html5 with minimal php and js. Result: client output identical, Apache
> throughput just over 90% lower. YMMV
>
> Good luck,
> Paul
> >
> >
> > On Thu, Sep 14, 2023 at 10:27 PM, Frank Gingras
> >  wrote:
> > Just comment out the LoadModule line for prefork, and uncomment the
> > line for event.
> >
> > There is no "template"; you just need to tweak event to spawn more
> > workers if needed, but the default settings should be fine for small
> > volumes.
> >
> > The prefork mpm should really be avoided at this point, as it spawns
> > a separate process for every single HTTP request.
> >
> > On Thu, Sep 14, 2023 at 2:47 PM Jason Long
> >  wrote:
> >
> > Hello,
> > Thanks again.
> > So, I must remove the "mpm_prefork_module" section. Am I right?
> >
> > Can you show me an Apache configuration template for use with
> > Wordpress?
> >
> > When I must use "mpm_prefork_module"?
> >
> >
> > On Thu, Sep 14, 2023 at 4:24 PM, Frank Gingras
> > mailto:thu...@apache.org>> wrote:
> > 500MB of RAM for the httpd processes, yes. The rest of the
> > RAM will go towards php and MySQL.
> >
> > Since wordpress is involved, you'll want to use the event
> > mpm (nor prefork, nor event), proxy_fcgi and php-fpm. See:
> >
> > https://cwiki.apache.org/confluence/display/HTTPD/PHP-FPM
> > <https://cwiki.apache.org/confluence/display/HTTPD/PHP-FPM>
> >
> >
> >
> > On Thu, Sep 14, 2023 at 6:21 AM Jason Long
> > mailto:hack3r...@yahoo.com>> wrote:
> >
> > Hello,
> > Thank you so much for your reply.
> > Can you tell me more about "It should run well under
> > 500MB even with thousands of workers."? Do you mean 500
> > MB memory?
> >
> > My server uses WordPress, so it also has PHP and MySQL.
> > What parameters should I change?
> >
> > What is the formula for calculating "mpm_prefork_module"
> > and "mpm_worker_module"
> > parameters?
> >
> >
> >
> > On Wed, Sep 13, 2023 at 5:00 PM, Francois Gingras
> >  > <mailto:francois.ging...@gmail.com>> wrote:
> > You'll want to make sure you're using the event mpm,
> > in any case. It should run well under 500MB even
> > with thousands of workers.
> >
> > If php or another dynamic language is involved, then
> > the answer will depend on what you use. You should
> > also consider if other services use RAM, such as a
> > rdbms.
> >
> >
> > On Wed, Sep 13, 2023 at 8:52 AM Jason Long
> >  wrote:
> >
> > Hello,
> > My server has 6 GB RAM and 4 virtual CPUs. I
> > want to know How can I change the following
> > settings for better performance?
> >
> >
> > Timeout 45
> > KeepAlive On
> >   

Re: [users@httpd] How do I choose the best settings for the Apache Server?

[Frank Gingras]

Just comment out the LoadModule line for prefork, and uncomment the line
for event.

There is no "template"; you just need to tweak event to spawn more workers
if needed, but the default settings should be fine for small volumes.

The prefork mpm should really be avoided at this point, as it spawns a
separate process for every single HTTP request.

On Thu, Sep 14, 2023 at 2:47 PM Jason Long 
wrote:

> Hello,
> Thanks again.
> So, I must remove the "mpm_prefork_module" section. Am I right?
>
> Can you show me an Apache configuration template for use with Wordpress?
>
> When I must use "mpm_prefork_module"?
>
>
> On Thu, Sep 14, 2023 at 4:24 PM, Frank Gingras
>  wrote:
> 500MB of RAM for the httpd processes, yes. The rest of the RAM will go
> towards php and MySQL.
>
> Since wordpress is involved, you'll want to use the event mpm (nor
> prefork, nor event), proxy_fcgi and php-fpm. See:
>
> https://cwiki.apache.org/confluence/display/HTTPD/PHP-FPM
>
>
>
> On Thu, Sep 14, 2023 at 6:21 AM Jason Long  wrote:
>
> Hello,
> Thank you so much for your reply.
> Can you tell me more about "It should run well under 500MB even with
> thousands of workers."? Do you mean 500 MB memory?
>
> My server uses WordPress, so it also has PHP and MySQL. What parameters
> should I change?
>
> What is the formula for calculating "mpm_prefork_module" and
> "mpm_worker_module"
> parameters?
>
>
>
> On Wed, Sep 13, 2023 at 5:00 PM, Francois Gingras
>  wrote:
> You'll want to make sure you're using the event mpm, in any case. It
> should run well under 500MB even with thousands of workers.
>
> If php or another dynamic language is involved, then the answer will
> depend on what you use. You should also consider if other services use RAM,
> such as a rdbms.
>
>
> On Wed, Sep 13, 2023 at 8:52 AM Jason Long 
> wrote:
>
> Hello,
> My server has 6 GB RAM and 4 virtual CPUs. I want to know How can I change
> the following settings for better performance?
>
>
> Timeout 45
> KeepAlive On
> MaxKeepAliveRequests 100
> KeepAliveTimeout 15
>
> 
> StartServers 3
> MinSpareServers 3
> MaxSpareServers3
> ServerLimit   50
> MaxClients50
> MaxRequestsPerChild  1000
> 
>
> 
> StartServers  3
> MaxClients50
> MinSpareThreads 3
> MaxSpareThreads3
> ThreadsPerChild   25
> MaxRequestsPerChild  1000
> 
>
>
> I'm thankful if anyone can guide me to choose the above settings according
> to my server hardware specifications. If you know of other settings, please
> share.
>
>
> Thank you.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] Does Apache HTTPD support .PFX format

[Frank Gingras]

httpd will generally support what openssl supports on linux; when using
windows, it would depend on how it was compiled.

That being said, you can try with SSLCertificateFile and
SSLPassPhraseDialog and report back.

On Wed, Sep 13, 2023 at 3:14 PM Santosh Kondapuram
 wrote:

> Hi,
>
>
>
> We are running Apache HTTPD 2.4.x web server on top of WebLogic
>
> application server to proxy the requests.
>
> In general we extract SSL certificate and Private key out of a .PFX file
>
> and configure the server parameters accordingly.
>
> So instead of extracting the files is it possible to configure the .pfx
>
> itself in Apache httpd server which is password protected.
>
> P.S. I am running Apache on a Windows machine.
>
>
>
>
>
> Regards,
> Santosh.
>
>
>
>
>
>
>
> This e-mail message and any files transmitted with it may contain
> confidential and proprietary information and are intended solely for the
> use of the individual or entity to which they are addressed. Any
> unauthorized review, use, disclosure or distribution is strictly
> prohibited. If you have received this e-mail in error please notify the
> sender by reply email and destroy all copies of the original message. Thank
> you for your cooperation.
>

Re: [users@httpd] Enable two way SSL on Apache httpd web server.

[Frank Gingras]

Pattie,

You will need to unsubscribe, then:

To unsubscribe, send a message to *users-unsubscr...@httpd.apache.org
* (or, if you are subscribed to the
digest version of the list, send to *users-digest-unsubscr...@httpd.apache.org
* ). You must send the
unsubscribe message from the same email address that you used to subscribe
to the list.


On Fri, Aug 18, 2023 at 4:51 PM Alec Burgess  wrote:

> Alec passed away May 24th. please delete all future emails
>
> Sincerely Pattie Burgess
> Regards ... Alec
> --
>
>
> On Fri, Aug 18, 2023 at 6:08 AM Daniel Ferradal 
> wrote:
>
>>
>> El vie, 18 ago 2023 a las 3:24, Kaushal Shriyan (<
>> kaushalshri...@gmail.com>) escribió:
>>
>>> Hi,
>>>
>>> I am running Apache httpd version: Apache/2.4.57 on CentOS Linux
>>> release 7.9.2009 (Core). Is there a way to enable two way SSL on Apache web
>>> server?
>>>
>>> # httpd -v
>>> Server version: Apache/2.4.57 (IUS)
>>> Server built:   Apr  7 2023 14:49:47
>>> # cat /etc/redhat-release
>>> CentOS Linux release 7.9.2009 (Core)
>>> #
>>>
>>> Please guide me. Thanks in Advance.
>>>
>>> Best Regards,
>>>
>>> Kaushal
>>>
>>
>> Hello,
>>
>> It is quite simple.
>>
>> You just need basically two directives:
>>
>> SSLVerifyClient require
>> and
>> SSLCACertificateFile /path/to/list-of-cas.crt
>>
>> In this second directives you just need to add the root CA/s of the CA
>> that signs your client certificates.
>>
>>
>> --
>> Daniel Ferradal
>> HTTPD Project
>> #httpd help at Libera.Chat
>>
>

Re: [users@httpd] How can I force a server name header?

[Frank Gingras]

http://ip/ will always land on the default (first) vhost unless you have
another vhost with ServerName IP set. Just set up an arbitrary hostname to
resolve to 192.168.1.7, then use http://dummyhostname/. Make sure to define
a vhost with that ServerName set as well.

I would encourage you to look at the name-based vhosts docs, too.

On Tue, Aug 1, 2023 at 9:08 PM John Iliffe  wrote:

> I'm trying to test a new server located at internal IP 192.168.1.5.  The
> production server lives at IP 192.168.1.7 on the same network.
>
> How can I force the browser to connect to the correct server?  If I try
> "http://192.168.1.5; the redirect on the first (alphabetically) virtual
> server redirects to the production server.
>
> What I need to be able to do is combine the virtual server id with the
> network address so I connect to the same name but on the machine I'm
> testing.  I think this is the "ServerName" header but I don't know where
> I can enter this on Firefox.
>
> Anybody have any experience with this problem?
>
> Thanks in advance.
>
> John
> ==
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] Cannot authenticate (after six years)

[Frank Gingras]

Andrew,

You're missing the point - if you chmod /home/user to 755, *everyone* on
your system can navigate to your home directory and potentially read
sensitive files.

If this is not a multi-user system, the issue is not as severe; it's still
a bad idea, nonetheless. A better approach is to move the content out of
/home/user and just create a symlink to the content or bash alias if you
want more convenience.

On Mon, Jul 31, 2023 at 4:53 AM Andrew Hoff 
wrote:

> Dear Frank,
>
> chmod 755; I remembered immediately and did that first. I do everything
> via symlinks and/or perl 5/7 scripts, e.g. a perl script lists directory
> contents in index.html.  As I said everything works.
>
> Apache is a great product and the inbuilt perl interpreter is pretty good.
> I have learnt my lesson and will now use semanage to effectively document
> custom settings.
>
> Regards,
>
> --
>
> Andrew Hoff
> 6/10 Middle Road
> Maribyrnong 3032
> Victoria
> Tel: 0393185581 (Please leave a message.)
> Mob: 0400966178
> Email: andrew.h...@bigpond.com
>
>
> On Sun, 2023-07-30 at 09:20 -0400, Frank Gingras wrote:
>
> Data in home directories is indeed a problem for shared systems, since you
> have to chmod the /home/user directory.
>
> On Sun, Jul 30, 2023 at 8:53 AM Andrew Hoff
>  wrote:
>
> Hello,
>
> I have resolved ALL issues. Nearly all problems were related to selinux.
> It is lucky I made some notes.
>
> Data in home directories is not a problem. It was just selinux.
>
> Regards,
>
>

Re: [users@httpd] Cannot authenticate (after six years)

[Frank Gingras]

Data in home directories is indeed a problem for shared systems, since you
have to chmod the /home/user directory.

On Sun, Jul 30, 2023 at 8:53 AM Andrew Hoff 
wrote:

> Hello,
>
> I have resolved ALL issues. Nearly all problems were related to selinux.
> It is lucky I made some notes.
>
> Data in home directories is not a problem. It was just selinux.
>
> Regards,
>
> --
>
> Andrew Hoff
> 6/10 Middle Road
> Maribyrnong 3032
> Victoria
> Tel: 0393185581 (Please leave a message.)
> Mob: 0400966178
> Email: andrew.h...@bigpond.com
>
>
> On Fri, 2023-07-28 at 13:00 -0400, Frank Gingras wrote:
>
> You need to run namei -mo /home/hoff/public_html/index.html and fix the
> permissions. httpd needs traversal capability from /.
>
> Also, consider moving your content out of /home
>
> On Fri, Jul 28, 2023 at 12:40 PM jean-frederic clere 
> wrote:
>
> On 7/20/23 15:07, Andrew Hoff wrote:
> > Hello,
> >
> > Strange problem. Everything was going great for at least six years then
> > all of a sudden authentication using port 80 failed. Authentication
> > using port 443 works fine.
>
> Probably something is defined in the 443 VirtualHost and not in 80 one..
>
> SElinux would block both port and not only 80, but that is worth
> checking.  Check if enable, if yes put a permissive mode and retry.
>
> > I first noticed the problem because apache no longer creates the
> > REMOTE_USER env variable. _I want authentication using port 80, i.e.
> > plain vanilla http._
> >
> > httpd.conf attached. See line 169. (httpd service is running.)
> > If I enter the following url it should bring up a login box:
> > http://172.18.0.20/~hoff <http://172.18.0.20/~hoff> (It no longer does.)
> > Error_log: [Thu Jul 20 21:39:57.913337 2023] [core:error] [pid 3460:tid
> > 3522] (13)Permission denied: [client 172.18.0.97:54422] AH00035: access
> > to /~hoff/index.html denied (filesystem path
> > '/home/hoff/public_html/index.html') because search permissions are
> > missing on a component of the path
> >
> > I rebuilt the server and am using fedora 38 fully updated. Problem still
> > persists.
> >
> > FYI only (netstat -nap | grep httpd):
> > tcp 0 0 172.18.0.20:80 0.0.0.0:* LISTEN 3456/httpd
> > tcp 0 0 172.18.0.20:443 0.0.0.0:* LISTEN 3456/httpd
> > tcp6 0 0 fec0::ac12:14:443 :::* LISTEN 3456/httpd
> > tcp6 0 0 fec0::ac12:14:80 :::* LISTEN 3456/httpd
> >
> > Regards,
> >
> > --
> >
> > Andrew Hoff
> > 6/10 Middle Road
> > Maribyrnong 3032
> > Victoria, AU
> > Tel: 0393185581 (Please leave a message.)
> > Mob: 0400966178
> > Email: andrew.h...@bigpond.com
> >
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> > For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] Cannot authenticate (after six years)

[Frank Gingras]

You need to run namei -mo /home/hoff/public_html/index.html and fix the
permissions. httpd needs traversal capability from /.

Also, consider moving your content out of /home

On Fri, Jul 28, 2023 at 12:40 PM jean-frederic clere 
wrote:

> On 7/20/23 15:07, Andrew Hoff wrote:
> > Hello,
> >
> > Strange problem. Everything was going great for at least six years then
> > all of a sudden authentication using port 80 failed. Authentication
> > using port 443 works fine.
>
> Probably something is defined in the 443 VirtualHost and not in 80 one..
>
> SElinux would block both port and not only 80, but that is worth
> checking.  Check if enable, if yes put a permissive mode and retry.
>
> > I first noticed the problem because apache no longer creates the
> > REMOTE_USER env variable. _I want authentication using port 80, i.e.
> > plain vanilla http._
> >
> > httpd.conf attached. See line 169. (httpd service is running.)
> > If I enter the following url it should bring up a login box:
> > http://172.18.0.20/~hoff  (It no longer does.)
> > Error_log: [Thu Jul 20 21:39:57.913337 2023] [core:error] [pid 3460:tid
> > 3522] (13)Permission denied: [client 172.18.0.97:54422] AH00035: access
> > to /~hoff/index.html denied (filesystem path
> > '/home/hoff/public_html/index.html') because search permissions are
> > missing on a component of the path
> >
> > I rebuilt the server and am using fedora 38 fully updated. Problem still
> > persists.
> >
> > FYI only (netstat -nap | grep httpd):
> > tcp 0 0 172.18.0.20:80 0.0.0.0:* LISTEN 3456/httpd
> > tcp 0 0 172.18.0.20:443 0.0.0.0:* LISTEN 3456/httpd
> > tcp6 0 0 fec0::ac12:14:443 :::* LISTEN 3456/httpd
> > tcp6 0 0 fec0::ac12:14:80 :::* LISTEN 3456/httpd
> >
> > Regards,
> >
> > --
> >
> > Andrew Hoff
> > 6/10 Middle Road
> > Maribyrnong 3032
> > Victoria, AU
> > Tel: 0393185581 (Please leave a message.)
> > Mob: 0400966178
> > Email: andrew.h...@bigpond.com
> >
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> > For additional commands, e-mail: users-h...@httpd.apache.org
>
> --
> Cheers
>
> Jean-Frederic
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] RedirectMatch and rewrite rules not working

[Frank Gingras]

Step one is to increase the log level to find the source of the 404 errors.

Then, you can use the rewrite log to debug further.

On Wed, Jul 19, 2023 at 5:36 PM Darryl Baker 
wrote:

> Ever have one of those days where after staring at the configuration for
> hours you don’t see what you are doing wrong?
>
> I am having that kind of day. I browse to the URLs
> https://evumail8prd01.ci.northwestern.edu/activate and
> https://evumail8prd01.ci.northwestern.edu/manage and all I get is a 404
> error. Nothing usable in the logs. I know I am missing something simple but
> the issue is escaping me. The configuration is stolen from the existing
> RHEL 6 & Apache 2.2 instance combined with the Mozilla template from
> https://ssl-config.mozilla.org/#server=apache=2.4.41=modern=1.1.1k=false=5.7
> now on RHEL 8 & Apache 2.4
>
>
>
> Please help!
>
>
>
> My configuration:
>
>
>
> # generated 2023-06-08, Mozilla Guideline v5.7, Apache 2.4.41, OpenSSL
> 1.1.1k, modern configuration
>
> #
> https://ssl-config.mozilla.org/#server=apache=2.4.41=modern=1.1.1k=5.7
>
>
>
> # modern configuration
>
> SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.2
>
> SSLHonorCipherOrder off
>
> SSLSessionTickets   off
>
>
>
> SSLUseStapling Off
>
> SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
>
>
>
> # this configuration requires mod_ssl, mod_socache_shmcb, mod_rewrite, and
> mod_headers
>
> 
>
> RewriteEngine On
>
> RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
>
> RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
>
> 
>
>
>
> 
>
> ServerName evumail8prd01.ci.northwestern.edu
>
> ServerName evumail.northwestern.edu
>
> ServerName umail.northwestern.edu
>
>
>
> DocumentRoot /var/www/html
>
> ScriptAlias /cgi-bin  /var/www/cgi-bi
>
>
>
> RewriteEngine on
>
>
>
> #   RewriteRule ^/activate  /umail3/netid.php?r=a   [R]
>
> #   RewriteRule ^/manage/umail3/netid.php?r=m   [R]
>
> LogLevel alert rewrite:trace6
>
> RedirectMatch permanent ^/activate$ "
> https://evumail8prd01.ci.northwestern.edu/umail3/netid.php?r=a;
>
> RedirectMatch permanent ^/manage$   "
> https://evumail8prd01.ci.northwestern.edu/umail3/netid.php?r=m;
>
>
>
> 
>
> Options -Indexes
>
> 
>
>
>
> 
>
> SSLOptions +StdEnvVars
>
> Options -Indexes
>
> 
>
>
>
> DirectorySlash On
>
>
>
> 
>
> SSLOptions +StdEnvVars
>
> 
>
>
>
> # Qualys
>
> Header always append X-Frame-Options SAMEORIGIN
>
>
>
> # Tenable
>
> Header always edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
>
>
>
> # enable HTTP/2, if available
>
> Protocols h2 http/1.1
>
>
>
> # HTTP Strict Transport Security (mod_headers is required) (63072000
> seconds)
>
> Header always set Strict-Transport-Security "max-age=63072000"
>
>
>
> ErrorLog logs/ssl_error_log
>
> #LogLevel debug
>
>
>
> CustomLog logs/ssl_agent_log agent
>
> CustomLog logs/ssl_referer_log referer
>
>
>
> TransferLog logs/ssl_access_log
>
>
>
> CustomLog logs/ssl_request_log \
>
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
>
>
> SSLEngine on
>
> SSLCertificateFile
> /etc/httpd/certs/evumail8prd01_ci_northwestern_edu_cert.cer
>
> SSLCertificateKeyFile
> /etc/httpd/certs/evumail8prd01_ci_northwestern_edu.key
>
>
>
> 
>
>
>
> 
>
> ServerName u.northwestern.edu
>
> ServerAlias www.u.northwestern.edu
>
> Redirect / https://mail.google.com/a/u.northwestern.edu/
>
> 
>
>
>
> 
>
> ServerName u.northwestern.edu
>
> ServerAlias www.u.northwestern.edu
>
> Redirect / https://mail.google.com/a/u.northwestern.edu/
>
> 
>
>
>
>
>
>
>
> *Darryl Baker, *GSEC, GCLD  (he/him/his)
>
> Sr. System Administratorhttps://evumail8prd01.ci.northwestern.edu/activate
>
> Distributed Application Platform Services
>
> *Northwestern University*
>
> 4th Floor
>
> 2020 Ridge Avenue
>
> Evanston, IL  60208-0801
>
> *darryl.ba...@northwestern.edu *
>
> (847) 467-6674 <+18474676674>
>

Re: [users@httpd] Need help with correlating HTTP request with a database call

[Frank Gingras]

httpd is not privy to the database layer of your application; you will need
to focus on isolating the correlation conditions first, i.e. the request
uri path, the date/time of the request, the HTTP method (GET, POST).

On Tue, Jul 4, 2023 at 1:52 PM Sudesh Gowda J 
wrote:

> Hello everyone,
> I'm currently working on a project where Apache server is being used with
> a database. I need to find out which HTTP request maps to which database
> call without modifying the server code(eg., Logs). I read the documentation
> regarding logging and the parameters don't seem to be of any help in this
> case. So is there any other way in which we can do this
>
> Thank you
>
>
>

Re: [users@httpd] Apache httpd with Node.js backend server.

[Frank Gingras]

This isn't how ProxyPassReverse is to be used, see:

https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassreverse

On Tue, Jul 4, 2023 at 1:21 PM Kaushal Shriyan 
wrote:

> Hi,
>
> I have added the below ProxyPassMatch and ProxyPassReverse in
> /etc/httpd/conf.d/phpnodejs.conf after referring to
> https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch
>
> ProxyPassMatch"/demo(.*)" "http://localhost:8000/$1
> "
> ProxyPassReverse  "/demo(.*)" "http://localhost:8000/$1
> "
>
> *#cat /etc/httpd/conf.d/phpnodejs.conf*
> 
> ServerName phpnodejs.mydomain.com
> Redirect / https://phpnodejs.mydomain.com/
>  
> 
> DocumentRoot /var/www/html/phpcode/cardium-version-1/web
> DirectoryIndex index.php
> ServerName phpnodejs.mydomain.com
> Header add Access-Control-Allow-Origin "*"
> SSLEngine on
> SSLCertificateFile /etc/letsencrypt/live/
> phpnodejs.mydomain.com/cert.pem
> SSLCertificateKeyFile /etc/letsencrypt/live/
> phpnodejs.mydomain.com/privkey.pem
> SSLCertificateChainFile /etc/letsencrypt/live/
> phpnodejs.mydomain.com/chain.pem
> Header always set Strict-Transport-Security "max-age=63072000;
> includeSubDomains"
> ProxyPass /index.php !
> ProxyPassMatch"/demo(.*)" "http://localhost:8000/$1
> "
> ProxyPassReverse  "/demo(.*)" "http://localhost:8000/$1
> "
>
> 
> DirectoryIndex index.html index.php
> Options FollowSymLinks
> AllowOverride All
> Require valid-user
> AuthType Basic
> AuthName "Restricted Content"
> AuthUserFile /var/www/html/phpcode/cardium-version-1/web/.htpasswd
> 
> 
>
> When I hit https://phpnodejs.mydomain.com the html and php code it works
> perfectly along with loading the resources like js, css and html pages.
> Whereas when I hit https://phpnodejs.mydomain.com/demo (/demo) which is
> the node.js backend listening on port 8000, I see the below logs in
> /var/log/httpd/ssl_access_log
>
> /demo is the node.js backend service listening on port 8000.
>
> 172.16.16.45 - - [04/Jul/2023:22:35:05 +0530] "GET
> /demo/element/index.html HTTP/1.1" 304 -
> 172.16.16.45 - - [04/Jul/2023:22:35:05 +0530] "GET /demo/element/vendor.js
> HTTP/1.1" 304 -
> 172.16.16.45 - - [04/Jul/2023:22:35:05 +0530] "GET
> /demo/element/demo/apic-build.js HTTP/1.1" 304 -
> 172.16.16.45 - drupaladmin [04/Jul/2023:22:35:05 +0530] "GET
> /__es-dev-server__/message-channel HTTP/1.1" 404 25657
>
> More details here -> http://sprunge.us/6DFmPx
>
> # apachectl -S
> VirtualHost configuration:
> *:443  phpnodejs.mydomain.com
> (/etc/httpd/conf.d/phpnodejs.conf:5)
> *:80   is a NameVirtualHost
>  default server phpnodejs.mydomain.com
> (/etc/httpd/conf.d/phpnodejs.conf:1)
>  port 80 namevhost phpnodejs.mydomain.com
> (/etc/httpd/conf.d/phpnodejs.conf:1)
>  port 80 namevhost phpnodejs.mydomain.com
> (/etc/httpd/conf.d/phpnodejs.conf:1)
> ServerRoot: "/etc/httpd"
> Main DocumentRoot: "/var/www/html"
> Main ErrorLog: "/etc/httpd/logs/ssl_error_log"
> Mutex authdigest-opaque: using_defaults
> Mutex watchdog-callback: using_defaults
> Mutex proxy-balancer-shm: using_defaults
> Mutex rewrite-map: using_defaults
> Mutex ssl-stapling-refresh: using_defaults
> Mutex authdigest-client: using_defaults
> Mutex lua-ivm-shm: using_defaults
> Mutex ssl-stapling: using_defaults
> Mutex proxy: using_defaults
> Mutex authn-socache: using_defaults
> Mutex ssl-cache: using_defaults
> Mutex default: dir="/run/httpd/" mechanism=default
> Mutex mpm-accept: using_defaults
> Mutex cache-socache: using_defaults
> PidFile: "/run/httpd/httpd.pid"
> Define: DUMP_VHOSTS
> Define: DUMP_RUN_CFG
> User: name="apache" id=48
> Group: name="apache" id=48
> #
>
> Please guide me. Thanks in advance.
>
> Best Regards,
>
> Kaushal
>
> On Mon, Jul 3, 2023 at 10:54 PM Kaushal Shriyan 
> wrote:
>
>>
>>
>> On Mon, Jul 3, 2023 at 10:44 PM Richard <
>> lists-apa...@listmail.innovate.net> wrote:
>>
>>>
>>>
>>> > Date: Monday, July 03, 2023 22:22:04 +0530
>>> > From: Kaushal Shriyan 
>>> >
>>> > On Mon, Jul 3, 2023 at 10:10 PM Richard wrote:
>>> >
>>> >>
>>> >> > Date: Monday, July 03, 2023 20:35:36 +0530
>>> >> > From: Kaushal Shriyan 
>>> >> >
>>> >> > I have initiated a new thread to discuss the new issue. I am
>>> >> > running node.js application on port 8000 and Apache HTTP server
>>> >> > on CentOS Linux release 7.9.2009 (Core)
>>> >> >
>>> >> ># node --version
>>> >> > *v16.20.0*
>>> >> ># httpd -v
>>> >> > Server version: *Apache/2.4.57 (IUS)*
>>> >> > Server built:   Apr  7 2023 14:49:47
>>> >> >#
>>> >> >
>>> >> > *#cat /etc/httpd/conf.d/phpnodejs.conf*
>>> >> > 
>>> >> > ServerName phpnodejs.mydomain.com
>>> >> > Redirect / https://phpnodejs.mydomain.com/
>>> >> >  
>>> >> > 
>>> >> > DocumentRoot /var/www/html/phpcode/cardium-version-1/web

Re: [users@httpd] node.js application listening on port 8000 enabled with SSL certificate returns ERR_SSL_PROTOCOL_ERROR on browser.

[Frank Gingras]

I would read this page:

https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch

On Sun, Jul 2, 2023 at 1:03 PM Kaushal Shriyan 
wrote:

> Hi Frank,
>
> Thanks for the quick response. I will appreciate it if you can help me
> understand by considering the below directive. I am not sure about placing
> $1 to the target. Any examples which will be easy to understand?
>
> ProxyPass /index.html !
> ProxyPassMatch ^/(.+) http://localhost:3000/
>
> Please suggest further and guide me. Thanks in advance.
>
> Best Regards,
>
> Kaushal
>
> On Sun, Jul 2, 2023 at 9:31 PM Frank Gingras  wrote:
>
>> Try adding $1 to the target to use the captured value.
>>
>> Also, depending on the response from the backend, you may need a
>> ProxyPassReverse directive.
>>
>> On Sun, Jul 2, 2023 at 11:41 AM Kaushal Shriyan 
>> wrote:
>>
>>> Hi Frank,
>>>
>>> When I set the below in /etc/httpd/conf.d/phpnodejs.conf. When I hit
>>> https://phpnodejs.mydomain.com which is the html content, the images
>>> are broken and unable to load javascript, CSS etc...
>>>
>>> ProxyPass /index.html !
>>> ProxyPassMatch ^/(.+) http://localhost:3000/
>>>
>>> #cat /etc/httpd/conf.d/phpnodejs.conf
>>> 
>>> ServerName phpnodejs.mydomain.com
>>> Redirect / https://phpnodejs.mydomain.com/
>>>  
>>> 
>>> DocumentRoot /var/www/html/htmlcode
>>> DirectoryIndex index.html
>>> ServerName phpnodejs.mydomain.com
>>> Header add Access-Control-Allow-Origin "*"
>>> LogLevel debug
>>> SSLEngine on
>>> SSLCertificateFile /etc/letsencrypt/live/
>>> phpnodejs.mydomain.com/cert.pem
>>> SSLCertificateKeyFile /etc/letsencrypt/live/
>>> phpnodejs.mydomain.com/privkey.pem
>>> SSLCertificateChainFile /etc/letsencrypt/live/
>>> phpnodejs.mydomain.com/chain.pem
>>> Header always set Strict-Transport-Security "max-age=63072000;
>>> includeSubDomains"
>>> ProxyPass /index.html !
>>> ProxyPassMatch ^/(.+) http://localhost:3000/
>>> 
>>>
>>> Please guide me. Thanks in advance.
>>>
>>> Best Regards,
>>>
>>> Kaushal
>>>
>>>
>>> On Sun, Jul 2, 2023 at 8:57 PM Frank Gingras  wrote:
>>>
>>>> ^/(.+) will already match /demo, why are you changing the expression?
>>>>
>>>> On Sun, Jul 2, 2023 at 10:42 AM Kaushal Shriyan <
>>>> kaushalshri...@gmail.com> wrote:
>>>>
>>>>> Hi Frank,
>>>>>
>>>>> Thanks a lot. It worked perfectly. I have a follow up question for
>>>>> /demo path (as part of node.js code so /demo has all nodejs code) just as
>>>>> an improvement . I modified the ProxyPassMatch directive as per the below
>>>>> example and it returned http 404.
>>>>>
>>>>> ProxyPassMatch ^/demo(.+) http://localhost:3000/
>>>>>
>>>>> Am I missing anything? Apologies for bugging you.
>>>>>
>>>>> Please guide me. Thanks in advance.
>>>>>
>>>>> Best Regards,
>>>>>
>>>>> Kaushal
>>>>>
>>>>>
>>>>> On Sun, Jul 2, 2023 at 8:00 AM Frank Gingras 
>>>>> wrote:
>>>>>
>>>>>> This thread is getting very tiresome. So, let's summarize:
>>>>>>
>>>>>> - You want to request /, serve index.html
>>>>>> - For all other requests, proxy internally
>>>>>>
>>>>>> As such, keep the ProxyPass /index.html ! for clarity and change your
>>>>>> existing ProxyPass directive to:
>>>>>>
>>>>>> ProxyPassMatch ^/(.+) http://localhost:3000/
>>>>>>
>>>>>> In short, this means that requesting / will not match, and requesting
>>>>>> /foo will proxy.
>>>>>>
>>>>>> On Sat, Jul 1, 2023 at 9:22 PM Kaushal Shriyan <
>>>>>> kaushalshri...@gmail.com> wrote:
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Sun, Jul 2, 2023 at 6:20 AM Kaushal Shriyan <
>>>>>>> kaushalshri...@gmail.com> wrote:
>>>>>>>
>&

Re: [users@httpd] node.js application listening on port 8000 enabled with SSL certificate returns ERR_SSL_PROTOCOL_ERROR on browser.

[Frank Gingras]

Try adding $1 to the target to use the captured value.

Also, depending on the response from the backend, you may need a
ProxyPassReverse directive.

On Sun, Jul 2, 2023 at 11:41 AM Kaushal Shriyan 
wrote:

> Hi Frank,
>
> When I set the below in /etc/httpd/conf.d/phpnodejs.conf. When I hit
> https://phpnodejs.mydomain.com which is the html content, the images are
> broken and unable to load javascript, CSS etc...
>
> ProxyPass /index.html !
> ProxyPassMatch ^/(.+) http://localhost:3000/
>
> #cat /etc/httpd/conf.d/phpnodejs.conf
> 
> ServerName phpnodejs.mydomain.com
> Redirect / https://phpnodejs.mydomain.com/
>  
> 
> DocumentRoot /var/www/html/htmlcode
> DirectoryIndex index.html
> ServerName phpnodejs.mydomain.com
> Header add Access-Control-Allow-Origin "*"
> LogLevel debug
> SSLEngine on
> SSLCertificateFile /etc/letsencrypt/live/
> phpnodejs.mydomain.com/cert.pem
> SSLCertificateKeyFile /etc/letsencrypt/live/
> phpnodejs.mydomain.com/privkey.pem
> SSLCertificateChainFile /etc/letsencrypt/live/
> phpnodejs.mydomain.com/chain.pem
> Header always set Strict-Transport-Security "max-age=63072000;
> includeSubDomains"
> ProxyPass /index.html !
> ProxyPassMatch ^/(.+) http://localhost:3000/
> 
>
> Please guide me. Thanks in advance.
>
> Best Regards,
>
> Kaushal
>
>
> On Sun, Jul 2, 2023 at 8:57 PM Frank Gingras  wrote:
>
>> ^/(.+) will already match /demo, why are you changing the expression?
>>
>> On Sun, Jul 2, 2023 at 10:42 AM Kaushal Shriyan 
>> wrote:
>>
>>> Hi Frank,
>>>
>>> Thanks a lot. It worked perfectly. I have a follow up question for /demo
>>> path (as part of node.js code so /demo has all nodejs code) just as an
>>> improvement . I modified the ProxyPassMatch directive as per the below
>>> example and it returned http 404.
>>>
>>> ProxyPassMatch ^/demo(.+) http://localhost:3000/
>>>
>>> Am I missing anything? Apologies for bugging you.
>>>
>>> Please guide me. Thanks in advance.
>>>
>>> Best Regards,
>>>
>>> Kaushal
>>>
>>>
>>> On Sun, Jul 2, 2023 at 8:00 AM Frank Gingras  wrote:
>>>
>>>> This thread is getting very tiresome. So, let's summarize:
>>>>
>>>> - You want to request /, serve index.html
>>>> - For all other requests, proxy internally
>>>>
>>>> As such, keep the ProxyPass /index.html ! for clarity and change your
>>>> existing ProxyPass directive to:
>>>>
>>>> ProxyPassMatch ^/(.+) http://localhost:3000/
>>>>
>>>> In short, this means that requesting / will not match, and requesting
>>>> /foo will proxy.
>>>>
>>>> On Sat, Jul 1, 2023 at 9:22 PM Kaushal Shriyan <
>>>> kaushalshri...@gmail.com> wrote:
>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Sun, Jul 2, 2023 at 6:20 AM Kaushal Shriyan <
>>>>> kaushalshri...@gmail.com> wrote:
>>>>>
>>>>>>
>>>>>>
>>>>>> On Sun, Jul 2, 2023 at 6:14 AM Kaushal Shriyan <
>>>>>> kaushalshri...@gmail.com> wrote:
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Sat, Jul 1, 2023 at 7:50 AM Kaushal Shriyan <
>>>>>>> kaushalshri...@gmail.com> wrote:
>>>>>>>
>>>>>>>> Hi Frank,
>>>>>>>>
>>>>>>>> Thanks for the email response and much appreciated. I added the
>>>>>>>> ProxyPass /index.html !  directive in /etc/httpd/conf.d/phpnodejs.conf
>>>>>>>>
>>>>>>>> #cat /etc/httpd/conf.d/phpnodejs.conf
>>>>>>>> 
>>>>>>>> ServerName phpnodejs.mydomain.com
>>>>>>>> Redirect / https://phpnodejs.mydomain.com/
>>>>>>>>  
>>>>>>>> 
>>>>>>>> DocumentRoot /var/www/html/htmlcode
>>>>>>>> ServerName phpnodejs.mydomain.com
>>>>>>>> Header add Access-Control-Allow-Origin "*"
>>>>>>>> SSLEngine on
>>>>>>>> SSLCertificateFile /etc/letsencrypt/live/
>>>>>>>> phpnodejs.mydomai

Re: [users@httpd] node.js application listening on port 8000 enabled with SSL certificate returns ERR_SSL_PROTOCOL_ERROR on browser.

[Frank Gingras]

^/(.+) will already match /demo, why are you changing the expression?

On Sun, Jul 2, 2023 at 10:42 AM Kaushal Shriyan 
wrote:

> Hi Frank,
>
> Thanks a lot. It worked perfectly. I have a follow up question for /demo
> path (as part of node.js code so /demo has all nodejs code) just as an
> improvement . I modified the ProxyPassMatch directive as per the below
> example and it returned http 404.
>
> ProxyPassMatch ^/demo(.+) http://localhost:3000/
>
> Am I missing anything? Apologies for bugging you.
>
> Please guide me. Thanks in advance.
>
> Best Regards,
>
> Kaushal
>
>
> On Sun, Jul 2, 2023 at 8:00 AM Frank Gingras  wrote:
>
>> This thread is getting very tiresome. So, let's summarize:
>>
>> - You want to request /, serve index.html
>> - For all other requests, proxy internally
>>
>> As such, keep the ProxyPass /index.html ! for clarity and change your
>> existing ProxyPass directive to:
>>
>> ProxyPassMatch ^/(.+) http://localhost:3000/
>>
>> In short, this means that requesting / will not match, and requesting
>> /foo will proxy.
>>
>> On Sat, Jul 1, 2023 at 9:22 PM Kaushal Shriyan 
>> wrote:
>>
>>>
>>>
>>>
>>>
>>> On Sun, Jul 2, 2023 at 6:20 AM Kaushal Shriyan 
>>> wrote:
>>>
>>>>
>>>>
>>>> On Sun, Jul 2, 2023 at 6:14 AM Kaushal Shriyan <
>>>> kaushalshri...@gmail.com> wrote:
>>>>
>>>>>
>>>>>
>>>>> On Sat, Jul 1, 2023 at 7:50 AM Kaushal Shriyan <
>>>>> kaushalshri...@gmail.com> wrote:
>>>>>
>>>>>> Hi Frank,
>>>>>>
>>>>>> Thanks for the email response and much appreciated. I added the
>>>>>> ProxyPass /index.html !  directive in /etc/httpd/conf.d/phpnodejs.conf
>>>>>>
>>>>>> #cat /etc/httpd/conf.d/phpnodejs.conf
>>>>>> 
>>>>>> ServerName phpnodejs.mydomain.com
>>>>>> Redirect / https://phpnodejs.mydomain.com/
>>>>>>  
>>>>>> 
>>>>>> DocumentRoot /var/www/html/htmlcode
>>>>>> ServerName phpnodejs.mydomain.com
>>>>>> Header add Access-Control-Allow-Origin "*"
>>>>>> SSLEngine on
>>>>>> SSLCertificateFile /etc/letsencrypt/live/
>>>>>> phpnodejs.mydomain.com/cert.pem
>>>>>> SSLCertificateKeyFile /etc/letsencrypt/live/
>>>>>> phpnodejs.mydomain.com/privkey.pem
>>>>>> SSLCertificateChainFile /etc/letsencrypt/live/
>>>>>> phpnodejs.mydomain.com/chain.pem
>>>>>> Header always set Strict-Transport-Security
>>>>>> "max-age=63072000; includeSubDomains"
>>>>>> ProxyPass /index.html !
>>>>>> ProxyPass / http://localhost:3000/
>>>>>> 
>>>>>>
>>>>>> # apachectl configtest
>>>>>> Syntax OK
>>>>>> #apachectl -S
>>>>>> VirtualHost configuration:
>>>>>> *:80   phpnodejs.mydomain.com
>>>>>> (/etc/httpd/conf.d/phpnodejs.conf:1)
>>>>>> *:443  phpnodejs.mydomain.com
>>>>>> (/etc/httpd/conf.d/phpnodejs.conf:5)
>>>>>> ServerRoot: "/etc/httpd"
>>>>>> Main DocumentRoot: "/var/www/html"
>>>>>> Main ErrorLog: "/etc/httpd/logs/error_log"
>>>>>> Mutex mpm-accept: using_defaults
>>>>>> Mutex cache-socache: using_defaults
>>>>>> Mutex authdigest-opaque: using_defaults
>>>>>> Mutex watchdog-callback: using_defaults
>>>>>> Mutex proxy-balancer-shm: using_defaults
>>>>>> Mutex rewrite-map: using_defaults
>>>>>> Mutex ssl-stapling-refresh: using_defaults
>>>>>> Mutex authdigest-client: using_defaults
>>>>>> Mutex lua-ivm-shm: using_defaults
>>>>>> Mutex ssl-stapling: using_defaults
>>>>>> Mutex proxy: using_defaults
>>>>>> Mutex authn-socache: using_defaults
>>>>>> Mutex ssl-cache: using_defaults
>>>>>> Mutex default: dir="/run/httpd/" mechanism=default
>>>>>> PidFile: "/run/httpd/httpd.pid"
>>>>>> Define: DUMP_VHOSTS
>>>

Re: [users@httpd] node.js application listening on port 8000 enabled with SSL certificate returns ERR_SSL_PROTOCOL_ERROR on browser.

[Frank Gingras]

This thread is getting very tiresome. So, let's summarize:

- You want to request /, serve index.html
- For all other requests, proxy internally

As such, keep the ProxyPass /index.html ! for clarity and change your
existing ProxyPass directive to:

ProxyPassMatch ^/(.+) http://localhost:3000/

In short, this means that requesting / will not match, and requesting /foo
will proxy.

On Sat, Jul 1, 2023 at 9:22 PM Kaushal Shriyan 
wrote:

>
>
>
>
> On Sun, Jul 2, 2023 at 6:20 AM Kaushal Shriyan 
> wrote:
>
>>
>>
>> On Sun, Jul 2, 2023 at 6:14 AM Kaushal Shriyan 
>> wrote:
>>
>>>
>>>
>>> On Sat, Jul 1, 2023 at 7:50 AM Kaushal Shriyan 
>>> wrote:
>>>
 Hi Frank,

 Thanks for the email response and much appreciated. I added the
 ProxyPass /index.html !  directive in /etc/httpd/conf.d/phpnodejs.conf

 #cat /etc/httpd/conf.d/phpnodejs.conf
 
 ServerName phpnodejs.mydomain.com
 Redirect / https://phpnodejs.mydomain.com/
  
 
 DocumentRoot /var/www/html/htmlcode
 ServerName phpnodejs.mydomain.com
 Header add Access-Control-Allow-Origin "*"
 SSLEngine on
 SSLCertificateFile /etc/letsencrypt/live/
 phpnodejs.mydomain.com/cert.pem
 SSLCertificateKeyFile /etc/letsencrypt/live/
 phpnodejs.mydomain.com/privkey.pem
 SSLCertificateChainFile /etc/letsencrypt/live/
 phpnodejs.mydomain.com/chain.pem
 Header always set Strict-Transport-Security "max-age=63072000;
 includeSubDomains"
 ProxyPass /index.html !
 ProxyPass / http://localhost:3000/
 

 # apachectl configtest
 Syntax OK
 #apachectl -S
 VirtualHost configuration:
 *:80   phpnodejs.mydomain.com
 (/etc/httpd/conf.d/phpnodejs.conf:1)
 *:443  phpnodejs.mydomain.com
 (/etc/httpd/conf.d/phpnodejs.conf:5)
 ServerRoot: "/etc/httpd"
 Main DocumentRoot: "/var/www/html"
 Main ErrorLog: "/etc/httpd/logs/error_log"
 Mutex mpm-accept: using_defaults
 Mutex cache-socache: using_defaults
 Mutex authdigest-opaque: using_defaults
 Mutex watchdog-callback: using_defaults
 Mutex proxy-balancer-shm: using_defaults
 Mutex rewrite-map: using_defaults
 Mutex ssl-stapling-refresh: using_defaults
 Mutex authdigest-client: using_defaults
 Mutex lua-ivm-shm: using_defaults
 Mutex ssl-stapling: using_defaults
 Mutex proxy: using_defaults
 Mutex authn-socache: using_defaults
 Mutex ssl-cache: using_defaults
 Mutex default: dir="/run/httpd/" mechanism=default
 PidFile: "/run/httpd/httpd.pid"
 Define: DUMP_VHOSTS
 Define: DUMP_RUN_CFG
 User: name="apache" id=48
 Group: name="apache" id=48
 #

 when I hit https://phpnodejs.mydomain.com/ it still points to the
 nodejs server.js file located in /var/www/html/nodejssl. For testing
 purposes, I stopped the node js code to execute. I get the below message on
 the browser which is expected behaviour.

 [image: image.png]

 I am still unable to render the index.html file from the document root
 in /var/www/html/htmlcode which I created a new folder for testing
 purposes.

 Please suggest and guide me. Thanks in advance.

 Best Regards,

 Kaushal

>>>
>>> Hi,
>>>
>>> I have referred to https://httpd.apache.org/docs/2.4/mod/mod_dir.html
>>> by adding DirectoryIndex index.html directive in 443 virtualhost. The issue
>>> still persists.
>>>
>>> #cat /etc/httpd/conf.d/phpnodejs.conf
>>> 
>>> ServerName phpnodejs.mydomain.com
>>> Redirect / https://phpnodejs.mydomain.com/
>>>  
>>> 
>>> DocumentRoot /var/www/html/htmlcode
>>> DirectoryIndex index.html
>>> ServerName phpnodejs.mydomain.com
>>> Header add Access-Control-Allow-Origin "*"
>>> SSLEngine on
>>> SSLCertificateFile /etc/letsencrypt/live/
>>> phpnodejs.mydomain.com/cert.pem
>>> SSLCertificateKeyFile /etc/letsencrypt/live/
>>> phpnodejs.mydomain.com/privkey.pem
>>> SSLCertificateChainFile /etc/letsencrypt/live/
>>> phpnodejs.mydomain.com/chain.pem
>>> Header always set Strict-Transport-Security "max-age=63072000;
>>> includeSubDomains"
>>> ProxyPass /index.html !
>>> ProxyPass / http://localhost:3000/
>>> 
>>>
>>> Please suggest further and guide me. Thanks in advance.
>>>
>>> Best Regards,
>>>
>>> Kaushal
>>>
>>
>>
>> Further to the earlier email, I am sharing the log files.
>>
>> #cd /var/log/httpd/
>> #pwd
>> /var/log/httpd
>> # cat access_log
>> 172.16.16.45 - - [02/Jul/2023:06:17:19 +0530] "GET / HTTP/1.1" 200 11 "-"
>> "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101
>> Firefox/114.0"
>> 172.16.16.45 - - [02/Jul/2023:06:17:58 +0530] "GET /nodejssl/server.js
>> HTTP/1.1" 200 11 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15;
>> rv:109.0) Gecko/20100101 Firefox/114.0"

Re: [users@httpd] node.js application listening on port 8000 enabled with SSL certificate returns ERR_SSL_PROTOCOL_ERROR on browser.

[Frank Gingras]

To exclude index.html from your proxying, use ProxyPass /index.html !
before the existing ProxyPass directive.

On Fri, Jun 30, 2023 at 1:24 PM Kaushal Shriyan 
wrote:

> Hi,
>
> I have set up a new server with the below details. I am running node.js
> application on port 3000 and Apache HTTP server on CentOS Linux release
> 7.9.2009 (Core)
>
> # node --version
> *v16.20.0*
> # httpd -v
> Server version: *Apache/2.4.57 (IUS)*
> Server built:   Apr  7 2023 14:49:47
> #
>
> *Nodejs code document root -> /var/www/html/nodejssl (Node Port 3000)*
> # pwd
> /var/www/html/nodejssl
> # ls -l
> -rw-r--r-- 1 root root 336 Jun 27 09:43 server.js
> #
> *cat server.js*
> const http = require('http');
>
> const hostname = '0.0.0.0';
> const port = 3000;
>
> const server = http.createServer((req, res) => {
>   res.statusCode = 200;
>   res.setHeader('Content-Type', 'text/plain');
>   res.end('Hello World');
> });
>
> server.listen(port, hostname, () => {
>   console.log(`Server running at http://${hostname}:${port}/`);
> });
>
>
> *Website php code document root -> /var/www/html/phpcode (Port 443)*
>
> #pwd
> /var/www/html/phpcode/
> # ls -l
> -rw-r--r-- 1 root root 336 Jun 27 09:43 index.html
> #
> #cat index.html
> 
> 
>
> 
> 
> Hello!
> 
>
> 
> Hello World!
> This is a simple paragraph.
> 
>
> 
>
> #cat /etc/httpd/conf.d/phpnodejs.conf
> 
> ServerName phpnodejs.mydomain.com
> Redirect / https://phpnodejs.mydomain.com/
>  
> 
> DocumentRoot /var/www/html/phpcode
> ServerName phpnodejs.mydomain.com
> Header add Access-Control-Allow-Origin "*"
> SSLEngine on
> SSLCertificateFile /etc/letsencrypt/live/
> phpnodejs.mydomain.com/cert.pem
> SSLCertificateKeyFile /etc/letsencrypt/live/
> phpnodejs.mydomain.com/privkey.pem
> SSLCertificateChainFile /etc/letsencrypt/live/
> phpnodejs.mydomain.com/chain.pem
> Header always set Strict-Transport-Security "max-age=63072000;
> includeSubDomains"
> ProxyPass / http://localhost:3000/
> 
>
> When i hit https://phpnodejs.mydomain.com/nodejssl/server.js I see "Hello
> World" which works as expected but when i hit
> https://phpnodejs.mydomain.com/ I do not see the html code index.html
> file content. Is there a way to render both index.html and node.js
> server.js file? For example when i hit https://phpnodejs.mydomain.com/ it
> renders index.html file content and when i hit
> https://phpnodejs.mydomain.com/nodejssl/server.js it renders node.js
> server.js file content.
>
> Please suggest and guide me. Thanks in advance.
>
> Best Regards,
>
> Kaushal
>
> On Sun, Jun 25, 2023 at 10:13 PM Frank Gingras  wrote:
>
>> None of those entries point to your 404 error.
>>
>> Make sure that you are reaching the proper vhost (with the scheme and
>> hostname) by running apachectl -S.
>>
>> There is just far too much noise in the backlog of this thread to make
>> sense of it so far.
>>
>> On Sun, Jun 25, 2023 at 11:46 AM Richard <
>> lists-apa...@listmail.innovate.net> wrote:
>>
>>>
>>>
>>>
>>> > Date: Sunday, June 25, 2023 16:09:23 +0530
>>> > From: Kaushal Shriyan 
>>> >
>>> > I have modified the nodejsbackendssl.conf file located
>>> > in /etc/httpd/conf.d/ to the below configuration.
>>> >
>>> > *#cat  /etc/httpd/conf.d/nodejsbackendssl.conf*
>>> > 
>>> > ServerName nodejs.mydomain.com
>>> > ProxyPass / http://localhost:8000/
>>> > LogLevel debug
>>> > ErrorLog /var/log/httpd/nodejssslerror.log
>>> > CustomLog /var/log/httpd/nodejssslaccess.log combined
>>> > 
>>> >
>>> > Below are the logs in /var/log/httpd/nodejssslerror.log
>>> >
>>> > [Sun Jun 25 16:04:40.289171 2023] [proxy:debug] [pid 6223:tid 6223]
>>> >> proxy_util.c(2155): AH00925: initializing worker
>>> >> http://localhost:8000/ shared
>>>
>>> If you are still getting errors (e.g., 404s) on the front-end please
>>> provide the relevant lines from the front-end server's error_log. The
>>> proxy's corresponding log entries may be of value, but without the
>>> detail from the front-end it's hard to tell.
>>>
>>>
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>>> For additional commands, e-mail: users-h...@httpd.apache.org
>>>
>>>

Re: [users@httpd] node.js application listening on port 8000 enabled with SSL certificate returns ERR_SSL_PROTOCOL_ERROR on browser.

[Frank Gingras]

None of those entries point to your 404 error.

Make sure that you are reaching the proper vhost (with the scheme and
hostname) by running apachectl -S.

There is just far too much noise in the backlog of this thread to make
sense of it so far.

On Sun, Jun 25, 2023 at 11:46 AM Richard 
wrote:

>
>
>
> > Date: Sunday, June 25, 2023 16:09:23 +0530
> > From: Kaushal Shriyan 
> >
> > I have modified the nodejsbackendssl.conf file located
> > in /etc/httpd/conf.d/ to the below configuration.
> >
> > *#cat  /etc/httpd/conf.d/nodejsbackendssl.conf*
> > 
> > ServerName nodejs.mydomain.com
> > ProxyPass / http://localhost:8000/
> > LogLevel debug
> > ErrorLog /var/log/httpd/nodejssslerror.log
> > CustomLog /var/log/httpd/nodejssslaccess.log combined
> > 
> >
> > Below are the logs in /var/log/httpd/nodejssslerror.log
> >
> > [Sun Jun 25 16:04:40.289171 2023] [proxy:debug] [pid 6223:tid 6223]
> >> proxy_util.c(2155): AH00925: initializing worker
> >> http://localhost:8000/ shared
>
> If you are still getting errors (e.g., 404s) on the front-end please
> provide the relevant lines from the front-end server's error_log. The
> proxy's corresponding log entries may be of value, but without the
> detail from the front-end it's hard to tell.
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] node.js application listening on port 8000 enabled with SSL certificate returns ERR_SSL_PROTOCOL_ERROR on browser.

[Frank Gingras]

Why did you define a vhost without a ServerName directive?

Also, those access log entries are quite useless, other than the requested
path. Increase the log level, and find the error log entries instead.

On Sun, Jun 25, 2023 at 2:54 AM Kaushal Shriyan 
wrote:

>
>
> On Sun, Jun 25, 2023 at 10:40 AM Frank Gingras  wrote:
>
>> If you proxy all requests to another host, you do not need a
>> DocumentRoot, no. Also, do avoid using a  block to proxy
>> requests, and instead just use ProxyPass / http://localhost:8000/
>>
>>
> Hi Frank,
>
> Thanks for the email response. I am still encountering 404 as per the
> below http access log.
>
> 172.16.16.45 - drupaladmin [25/Jun/2023:12:17:40 +0530] "GET
> /demo/element/index.html HTTP/1.1" 404 25644 "-" "Mozilla/5.0 (Macintosh;
> Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/
> 114.0.0.0 Safari/537.36"
> 172.16.16.45 - drupaladmin [25/Jun/2023:12:18:15 +0530] "GET
> /demo/element/index.html HTTP/1.1" 404 25644 "-" "Mozilla/5.0 (Macintosh;
> Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/
> 114.0.0.0 Safari/537.36"
>
> *cat  /etc/httpd/conf.d/nodejsbackendssl.conf*
> 
> ProxyPass / http://localhost:8000/
> 
> #
>
> Please suggest and guide me. Thanks in advance.
>
> Best Regards,
>
> Kaushal
>
>
>
>
>
>> On Sun, Jun 25, 2023 at 12:44 AM Kaushal Shriyan <
>> kaushalshri...@gmail.com> wrote:
>>
>>>
>>>
>>> On Sun, Jun 25, 2023 at 7:44 AM Kaushal Shriyan <
>>> kaushalshri...@gmail.com> wrote:
>>>
>>>>
>>>> On Thu, Jun 22, 2023 at 5:42 AM Richard <
>>>> lists-apa...@listmail.innovate.net> wrote:
>>>>
>>>>>
>>>>>
>>>>> > Date: Wednesday, June 21, 2023 20:14:40 +
>>>>> > From: Richard
>>>>> >
>>>>> >
>>>>> >> Date: Thursday, June 22, 2023 00:13:34 +0530
>>>>> >> From: Kaushal Shriyan 
>>>>> >>
>>>>> >> When i hit https://nodejs.mydomain.com/demo/index.html I see the
>>>>> >> below in both httpd error and access logs
>>>>> >>
>>>>> >># pwd
>>>>> >> /var/log/httpd
>>>>> >># cat error_log
>>>>> >> [Thu Jun 22 00:06:34.161122 2023] [suexec:notice] [pid 16995:tid
>>>>> >> 16995] AH01232: suEXEC mechanism enabled (wrapper:
>>>>> >> /usr/sbin/suexec) [Thu Jun 22 00:06:34.196360 2023] [http2:warn]
>>>>> >> [pid 16995:tid 16995] AH10034: The mpm module (prefork.c) is not
>>>>> >> supported by mod_http2. The mpm determines how things are
>>>>> >> processed in your server. HTTP/2 has more demands in this regard
>>>>> >> and the currently selected mpm will just not do. This is an
>>>>> >> advisory warning. Your server will continue to work, but the
>>>>> >> HTTP/2 protocol will be inactive.
>>>>> >> [Thu Jun 22 00:06:34.197101 2023] [lbmethod_heartbeat:notice] [pid
>>>>> >> 16995:tid 16995] AH02282: No slotmem from mod_heartmonitor
>>>>> >> [Thu Jun 22 00:06:34.243545 2023] [mpm_prefork:notice] [pid
>>>>> >> 16995:tid 16995] AH00163: Apache/2.4.57 (IUS) OpenSSL/1.0.2k-fips
>>>>> >> PHP/8.1.20 configured -- resuming normal operations
>>>>> >> [Thu Jun 22 00:06:34.243596 2023] [core:notice] [pid 16995:tid
>>>>> >> 16995] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
>>>>> >>
>>>>> >>
>>>>> >># cat access_log
>>>>> >> 172.16.16.45 - drupaladmin [22/Jun/2023:00:06:45 +0530] "GET
>>>>> >> /demo/index.html HTTP/1.1" 404 25644 "-" "Mozilla/5.0 (Macintosh;
>>>>> >> Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko)
>>>>> >> Chrome/114.0.0.0 Safari/537.36"
>>>>> >> 172.16.16.45 - drupaladmin [22/Jun/2023:00:06:45 +0530] "GET
>>>>> >> /demo/index.html HTTP/1.1" 404 25644 "-" "Mozilla/5.0 (Macintosh;
>>>>> >> Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko)
>>>>> >> Chrome/114.0.0.0 Safari/537.36"
>>>>> >
>>>>> > Leaving aside other potential issues, t

Re: [users@httpd] node.js application listening on port 8000 enabled with SSL certificate returns ERR_SSL_PROTOCOL_ERROR on browser.

[Frank Gingras]

If you proxy all requests to another host, you do not need a DocumentRoot,
no. Also, do avoid using a  block to proxy requests, and instead
just use ProxyPass / http://localhost:8000/

On Sun, Jun 25, 2023 at 12:44 AM Kaushal Shriyan 
wrote:

>
>
> On Sun, Jun 25, 2023 at 7:44 AM Kaushal Shriyan 
> wrote:
>
>>
>> On Thu, Jun 22, 2023 at 5:42 AM Richard <
>> lists-apa...@listmail.innovate.net> wrote:
>>
>>>
>>>
>>> > Date: Wednesday, June 21, 2023 20:14:40 +
>>> > From: Richard
>>> >
>>> >
>>> >> Date: Thursday, June 22, 2023 00:13:34 +0530
>>> >> From: Kaushal Shriyan 
>>> >>
>>> >> When i hit https://nodejs.mydomain.com/demo/index.html I see the
>>> >> below in both httpd error and access logs
>>> >>
>>> >># pwd
>>> >> /var/log/httpd
>>> >># cat error_log
>>> >> [Thu Jun 22 00:06:34.161122 2023] [suexec:notice] [pid 16995:tid
>>> >> 16995] AH01232: suEXEC mechanism enabled (wrapper:
>>> >> /usr/sbin/suexec) [Thu Jun 22 00:06:34.196360 2023] [http2:warn]
>>> >> [pid 16995:tid 16995] AH10034: The mpm module (prefork.c) is not
>>> >> supported by mod_http2. The mpm determines how things are
>>> >> processed in your server. HTTP/2 has more demands in this regard
>>> >> and the currently selected mpm will just not do. This is an
>>> >> advisory warning. Your server will continue to work, but the
>>> >> HTTP/2 protocol will be inactive.
>>> >> [Thu Jun 22 00:06:34.197101 2023] [lbmethod_heartbeat:notice] [pid
>>> >> 16995:tid 16995] AH02282: No slotmem from mod_heartmonitor
>>> >> [Thu Jun 22 00:06:34.243545 2023] [mpm_prefork:notice] [pid
>>> >> 16995:tid 16995] AH00163: Apache/2.4.57 (IUS) OpenSSL/1.0.2k-fips
>>> >> PHP/8.1.20 configured -- resuming normal operations
>>> >> [Thu Jun 22 00:06:34.243596 2023] [core:notice] [pid 16995:tid
>>> >> 16995] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
>>> >>
>>> >>
>>> >># cat access_log
>>> >> 172.16.16.45 - drupaladmin [22/Jun/2023:00:06:45 +0530] "GET
>>> >> /demo/index.html HTTP/1.1" 404 25644 "-" "Mozilla/5.0 (Macintosh;
>>> >> Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko)
>>> >> Chrome/114.0.0.0 Safari/537.36"
>>> >> 172.16.16.45 - drupaladmin [22/Jun/2023:00:06:45 +0530] "GET
>>> >> /demo/index.html HTTP/1.1" 404 25644 "-" "Mozilla/5.0 (Macintosh;
>>> >> Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko)
>>> >> Chrome/114.0.0.0 Safari/537.36"
>>> >
>>> > Leaving aside other potential issues, the timestamps on your
>>> > error_log entries are from:
>>> >
>>> > Jun 22 00:06:34
>>> >
>>> > while the ones with the 404 in your access_log are from:
>>> >
>>> > 22/Jun/2023:00:06:45
>>> >
>>> > ~10 minutes later. I.e., they do not appear to be for the same
>>> > event.
>>> >
>>> > The error_log entries look like server startup error messages,
>>> > rather than ones related to a browser request. Also, given the
>>> > timestamp formats, I'm suspecting that they aren't even from the
>>> > same apache server/machine instance.
>>> >
>>> > Look at the entries in the error_log that are specific to the
>>> > access_log 404 errors. That will give you more detail from that side
>>> > of things.
>>> >
>>>
>>> correction ...
>>>
>>>  > ~10 minutes later. I.e., they do not appear to be for the
>>>  > same event.
>>>
>>> should be:
>>>
>>>  > ~10 seconds later ...
>>>
>>> regardless, the error_log entries aren't for the access_log 404
>>> requests/events.
>>>
>>>
>>>
>>>
>>>
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>>> For additional commands, e-mail: users-h...@httpd.apache.org
>>>
>>>
>> Hi,
>>
>> OS :- CentOS Linux release 7.9.2009 (Core)
>> # node --version
>> *v16.20.0*
>> # httpd -v
>> Server version: *Apache/2.4.57 (IUS)*
>> Server built:   Apr  7 2023 14:49:47
>> #
>> #cd /etc/httpd/conf.d/
>> #cat httpdfrontend.conf
>> 
>> ServerName nodejs.mydomain.com
>> Redirect / https://nodejs.mydomain.com/
>>  
>> 
>> DocumentRoot /var/www/html/web
>> ServerName nodejs.mydomain.com
>> Header add Access-Control-Allow-Origin "*"
>> SSLEngine on
>> SSLCertificateFile /etc/letsencrypt/live/
>> nodejs.mydomain.com/cert.pem
>> SSLCertificateKeyFile /etc/letsencrypt/live/
>> nodejs.mydomain.com/privkey.pem
>> SSLCertificateChainFile /etc/letsencrypt/live/
>> nodejs.mydomain.com/chain.pem
>> Header always set Strict-Transport-Security "max-age=63072000;
>> includeSubDomains"
>>
>> 
>> DirectoryIndex index.html index.php
>> Options FollowSymLinks
>> AllowOverride All
>> Require valid-user
>> AuthType Basic
>> AuthName "Restricted Content"
>> AuthUserFile /var/www/html/web/.htpasswd
>> 
>> 
>>
>> #cd /etc/httpd/conf.d/
>> # cat nodejsbackendssl.conf
>> 
>> 
>> ProxyPass http://localhost:8000/
>> 
>> 
>>
>> # netstat -anp | grep 8000
>> tcp6   0  0 :::8000 :::*
>>  LISTEN  23679/node
>> tcp6   0  0 192.168.0.116:8000

Re: [users@httpd] Apache service reported path is invalid

[Frank Gingras]

Greg,

Case sensitivity for paths isn't a concern on windows.

On Fri, Jun 9, 2023 at 8:33 PM Gregory Kuzmicki 
wrote:

> 6/9/2023
> 8:05 PM EST
>
> Ravi:
>
> I was taking another look at your issue. I noticed a "case difference" and
> I am curious to know if this causing your issue.
>
> Please note that in your email dated 6/6/2023 5:33 AM the screenshot of
> your log states:
>
> --
> The Apache service named reported the following error:
>
> Ah00526: Syntax error on the line 406 of c:/Apache24/conf/httpd.conf
>
>
> The Apache service named reported the following error:
>
>  path
> is invalid
> --
>
> Please note that in your config file, you have an alias pointing to:
>
> Alias /processing_root_folder "F:/Comtrack_Processing_Root"
>
> Alias /processing_root_folder1
> "10.12.30.50\COMTRACK01\Comtrack_Processing_Root">
>
>
>
> ___
> Please note:
> "Comtrack_processing_root"
> "Comtrack_Processing_Root"
>
> as the case difference aforementioned.
> ___
>
> I am uncertain is this is causing your issue, but it worth noting.
> Furthermore, your log says line 406 of httpd.conf but as I see from the
> image there is only a section of the log. Did you send an attachment of the
> full httpd.conf file and an attachment of an image section of httpd.conf?
>
> Specifically, what does line 406 say? I can only see the image attached; I
> cannot open the httpd.conf file on this device so I don't know if it is the
> full configuration file or a redacted version.
>
>
>
>
> Main points:
> (1) note the "case difference"
> (2) what does line 406 read? re: syntax error
>
>
>
>
>
> Greg
>
>
> https://www.linkedin.com/colorsorted
>
>
>
>
>
>
>
>
> On Friday, June 9, 2023, Tatsuki Makino 
> wrote:
>
>> Hello.
>>
>> Do I have to keep attaching png named jpg here? :)
>> According to that png or jpeg or whatever it is, it still has .
>>
>> That means the following pattern will pass, right?
>>
>> D:\path\to\dir
>> D:/path/to/dir
>> \\hostname_or_ipaddress\path\to\dir
>> //hostname_or_ipaddress/path/to/dir
>>
>> Regards.
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>>
>
> On Friday, June 9, 2023, Tatsuki Makino 
> wrote:
>
>> Hello.
>>
>> Do I have to keep attaching png named jpg here? :)
>> According to that png or jpeg or whatever it is, it still has .
>>
>> That means the following pattern will pass, right?
>>
>> D:\path\to\dir
>> D:/path/to/dir
>> \\hostname_or_ipaddress\path\to\dir
>> //hostname_or_ipaddress/path/to/dir
>>
>> Regards.
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>>
>>
>
> --
> Sent from my iPhone
>