Re: [users@httpd] Command line method to get virtual hosts and DocumentRoot?
On Thu, Jan 28, 2016 at 05:03:41PM +, Rose, John B wrote: > Is there a command line method to list all the virtual hosts and each > DocumentRoot? Should be pretty simple to construct with Apache::ConfigParser. https://metacpan.org/pod/Apache::ConfigParser Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 pgp4f8m7Q5LZL.pgp Description: PGP signature
Re: [users@httpd] Circumstances when mod_php would run faster than PHP-FPM?
On Tue, Jan 12, 2016 at 06:56:40PM +, Rose, John B wrote: > For event ... > > > StartServers3 > MinSpareThreads 20 > MaxSpareThreads 25 > ServerLimit 16 > ThreadsPerChild 16 > MaxRequestWorkers 256 > MaxConnectionsPerChild 0 > Those numbers don't make a great deal of sense. You have: MaxSpareThreads - MinSpareThreads < ThreadsPerChild So your server can easily get into a flip-flopping state of creating and reaping a process to satisfy these requirements. I suggest you set MinSpareThreads and MaxSpareThreads as integral multiples of ThreadsPerChild and keep them fairly widely spaced. Try StartServers3 MinSpareThreads 16 MaxSpareThreads 48 ServerLimit 16 ThreadsPerChild 16 MaxRequestWorkers 256 MaxConnectionsPerChild 0 This should make things a bit more stable (and easier for the administrator to envisage). That's for the general case of event/worker and unrelated to whether or not you use php-fpm. Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 pgpkgH9zewbjG.pgp Description: PGP signature
Re: [users@httpd] How to force browsers doesn't use cache
On Mon, Nov 16, 2015 at 06:19:37PM -0200, Ronaldo Luiz de Carvalho wrote: > There are a way to setting apache in a way to force the users site browsers > doesn't use their cache? You can use the Header directive to set the appropriate value of the Cache-Control header. http://httpd.apache.org/docs/2.4/mod/mod_headers.html#header http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9 Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 pgpuayrUDzaMK.pgp Description: PGP signature
Re: [users@httpd] Error executing script through Apache
On Fri, Oct 16, 2015 at 02:21:45PM +, David Johnson wrote: > What would be different about being logged in as www at the command line and > calling a script vs. running Apache as www and calling it through the > intranet? The SELinux context will be different. Check the audit log to see if it's being denied. Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 pgpgGHkqq9H1H.pgp Description: PGP signature
Re: [users@httpd] Error executing script through Apache
On Fri, Oct 16, 2015 at 02:37:24PM +, David Johnson wrote: > Please forgive my ignorance, but what can I do now to resolve this? Depending on your current SELinux policy and what precisely it is that you want to allow you could either adjust an appropriate boolean, correct any files/dirs with the wrong contexts or make a policy adjustment. If you have support for this particular application from the vendor you could of course go back to them with the extract from the audit log and ask for their advice. That's probably the best plan. If they just say "Disable SELinux" then ignore their advice :-) Good luck, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 pgpvOENCb0c8H.pgp Description: PGP signature
Re: [users@httpd] Using LogLevel?
If you look carefully at the documentation at http://httpd.apache.org/docs/2.4/mod/core.html#loglevel you will see that it says: Context:server config, virtual host, directory The absense of .htaccess from that list indicates that it cannot be set in the .htaccess file. Set it in the configuration file instead. Pete On Fri, Jun 26, 2015 at 05:07:57PM -0700, James Moe wrote: apache 2.4.10 The mod_rewrite page mentions LogLevel as a useful way to trace problems with ReWritewhatever. So I added LogLevel info rewrite:trace5 to .htaccess and got Internal Server Error. What else is needed to get LogLevel to work? -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpZ5gog7Hdkv.pgp Description: PGP signature
Re: [users@httpd] Apache24 - how to optimize httpd.conf
On Mon, Jun 08, 2015 at 02:35:24PM -0700, Motty Cruz wrote: Should Fix: Optimize images Leverage browser caching Consider Fixing: Eliminate render-blocking JavaScript and CSS in above-the-fold content Minify CSS Minify HTML All of those bar one are content issues and therefore unconnected with your server config. The one you might consider is Leverage browser caching which suggests that you have not set your expiry headers sensibly (or at all). Have a look at the mod_expires documentation at http://httpd.apache.org/docs/2.4/mod/mod_expires.html Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpQklo20nrR0.pgp Description: PGP signature
Re: [users@httpd] exclude website from directory rules
Use a virtual host to override the server-level defaults. http://httpd.apache.org/docs/2.4/vhosts/ HTH, Pete On Tue, Jun 02, 2015 at 12:17:44PM -0400, Tim Dunphy wrote: There is a generic Directory index rule at Apache level like below that is expecting the serving domain to point to any of below files. How can I add filter on this rule for *example-website.com http://example-website.com *so its ignored for specific domain -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgprjocNgc71S.pgp Description: PGP signature
Re: [users@httpd] Safari - Apache error when connecting using safari with beast mitigation
On Thu, Apr 30, 2015 at 09:07:36AM +, Or Lindner wrote: Hi, I am running apache version 2.2.0. [description of problem snipped] There is maybe an apache patch for that problem? Since 2.2.0 there have been over 40 releases of stable branches of apache. These subsequent releases will solve many, many problems. I suggest that you try upgrading apache on the server to something more modern. Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgp8TVn15IZ3B.pgp Description: PGP signature
Re: [users@httpd] Re: mod_proxy and mod_nss - occasional SSL Proxy: I don't have the name of the host we're supposed to connect to so I can't verify that we are connecting to who we think we should b
Hello Jamie, On Tue, Apr 21, 2015 at 11:55:27AM -0400, Jamie Johnson wrote: Sorry to hit this again, but I've made no headway short of setting NSSProxyCheckPeerCN off, is this not reproducible? Is there another list I should be asking this on? As mod_nss is a third-party module it's quite conceivable that nobody on this list uses it. Perhaps you would have more luck posting to the mod_nss list instead? It is at https://www.redhat.com/mailman/listinfo/mod_nss-list HTH, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpKAWg4NMFyY.pgp Description: PGP signature
Re: [users@httpd] AuthBasic Questions: Modify the pop-up message? Change auth cache time?
On Tue, Apr 14, 2015 at 07:14:55AM -0500, Tom Browder wrote: I now have basic authorization (under TLS) working okay, but I would like to influence the user experience a bit via Apache behavior if possible. A few questions if you please: 1. Can I modify the pop-up message? Possibly. You can change the AuthName in the apache config and many browsers will display that to the users. There's no obligation on the browser to do that, however. 2. Can I change the cache behavior of the access? As it is, my Google Chrome keeps the authorization cached for a long time unless I change settings. I would like more control over that server-side. Not without resorting to something really ropey. If you are keen to enable such levels of customisation it is probably time to start looking beyond Basic Auth and consider using server-side sessions and passing tokens either via cookies or in the URLs. Good luck, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpO_JgsDzRAo.pgp Description: PGP signature
Re: [users@httpd] one apache virtual domain won't start
On Wed, Mar 18, 2015 at 08:57:27PM -0700, Dave Stevens wrote: I have a Ubuntu 14.04 box with 8 domains. At first they all worked but yesterday one stopped serving pages, browser says -- Server not found the config looks ok, domain-specific configs are in sites-enabled, there are access errors, all of the type, file not found I don't know where to look with this. Suggestions? No problems with the others. The error Server not found while a little vague suggests that it may be a DNS problem and therefore unrelated to your apache installation. To confirm or deny this you could use a tool such as curl from the command line which will give a clearer, more precise error message than your browser. eg: $ curl http://bazzz.example.com/ curl: (6) Could not resolve host: bazzz.example.com; Name or service not known HTH, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpH9U6eV26GJ.pgp Description: PGP signature
Re: [users@httpd] Looking for a new maintainer for FableTech Server Status for Apache
Hello Morten, Apologies for taking so long to reply. As nobody else has responded AFAICT, Openstrike would be happy to volunteer to maintain this project. We already maintain an Apache module which you can find at http://www.apacheconsultancy.com/modules/mod_access_dnsbl/ and would look to maintain and support ftss in a similar way. Please let me know if you would be happy for us to do so (off-list is fine). Thanks, Pete Houston On Tue, Feb 17, 2015 at 07:37:17PM +0100, Morten Shearman Kirkegaard wrote: Going forward we will not be able to maintain the project, so we are looking for somebody to take over. Perhaps the Apache Software Foundation would be interested in taking over this tiny project? More information about the project: http://fabletech.com/ftss -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpoAcHdlHcaU.pgp Description: PGP signature
Re: [users@httpd] Single web page site settings questions ... i.e. KeepAlive,
On Fri, Dec 12, 2014 at 03:18:57PM +, Rose, John B wrote: For a one page web site The page will have a very large number of visitors in a short time. There will be simple text updates on the page and users will check back frequently to see the updates. Say 100k visitors each minute. For instance an emergency/disaster information/status page. 1. Is there any reason to have KeepAlive set to On ? If so, suggested KeepAliveTimeout? No, unless the page has links to images, stylesheets, js or other static content served by the same machine. But don't do that - host them on another server with a long cache time instead. 2. Any other suggested Apache configuration settings for such a web site? Use event MPM. Only load the modules which you need, which should be almost none for one simple page. Read the docs on performance tuning. 3. Is there some way to cache the page in RAM? Yes, but since you say there will be frequent updates, maybe investigate just having the page on a ramdisk so you get fast reads and writes? 4. What if there is one section on the page that will be updated very frequently in a server side include, jquery, php include, etc, somehow, and we do not want to cache that part, but cached the rest of the page? Yes, but only for javascript or iframes. I can't see how you could accomplish it with SSI or PHP. Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpXcMtPAfrEf.pgp Description: PGP signature
Re: [users@httpd] mod_userdir question
As Carlos's question suggests that he might be quite new to all this, it's probably worth pointing out that for simple, low-volume applications there is no requirement to load any language-specific module into apache. All one needs is mod_cgi (or mod_cgid) to get started and then it's pretty trivial to run scripts in any chosen language supported by the O/S. Of course, Daniel's advice to embed the interpreter through mod_lua (or mod_python, mod_perl, mod_ruby, ...) is sound for larger, single-language applications and there are alternatives like mod_fcgi which can get close to the best of both worlds. But for someone starting out and just looking at a proof of concept it is likely the case that the simplicity of mod_cgi(d) would make the easiest starting point. ObLink: http://httpd.apache.org/docs/2.4/howto/cgi.html Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpXDMqmaCCwL.pgp Description: PGP signature
Re: [users@httpd] Help needed with event MPM configuration
On Tue, Nov 04, 2014 at 03:58:25PM +, Rajalakshmi Iyer wrote: The server has a KeepAliveTimeout of 120 seconds. That is probably the longest KeepAliveTimeout I have seen. Is there some particular reason that you have it so high? In 2.4 the default value is 5 seconds, which ought to be a reasonable value for a large number of cases. Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgp8PA26GcGwK.pgp Description: PGP signature
Re: [users@httpd] Apache Upgrade
On Fri, Oct 17, 2014 at 10:53:03AM +, pratibha.dhank...@wipro.com wrote: Can someone please suggest steps to upgrade Apache 2.2.21 to 2.2.29? It's a little urgent requirement. http://httpd.apache.org/docs/2.2/install.html#upgrading Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpFgu4cBnxbr.pgp Description: PGP signature
Re: [users@httpd] Version check urgent
On Fri, Oct 10, 2014 at 07:10:47AM +, pratibha.dhank...@wipro.com wrote: Currently in our application we have Apache 2.0 version installed on windows server 2003. Could you please let us know if same Apache 2.0 version will support for Windows server2012 or not? If not which version will be supported? Apache 2.0 is not supported on any O/S any more. See the message at the top of http://httpd.apache.org/docs/2.0/ for the official position. The current branch is 2.4.x and the current release is 2.4.10. To pre-empt your next question: see the many, many previous discussions on this list regarding the absence of binary distributions. HTH, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpVmlUveIDiD.pgp Description: PGP signature
Re: [users@httpd] Proposed simple shell-shock protection
On Mon, Sep 29, 2014 at 01:09:19PM -0500, Sharon Zastre wrote: Is it safe to assume that a fix/patch/upgrade will become available to address the shellshock vulnerability? Yes, but not in apache. The vulnerability dubbed shellshock is a flaw in bash and patches and upgrades are already widely available for bash. Upgrade or patch your bash installations now. It is not a flaw in apache. Apache is simply a network-enabled channel through which exploitative payloads may be delivered to unpatched installations of bash (one of many such channels). Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpBQZ1nSOYzD.pgp Description: PGP signature
Re: [users@httpd] enabling htaccess in vhosts
No need for Google, just go straight to the source: http://httpd.apache.org/docs/2.4/howto/htaccess.html Pete On Fri, Sep 05, 2014 at 07:53:07PM -0600, Matthew Smith wrote: How do I do so? I googled but can't figure it out. -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpcaJPLI0kZz.pgp Description: PGP signature
Re: [users@httpd] Apache 2.2:How to enable module: mod_expires.c
On Sat, Aug 09, 2014 at 02:14:36PM +, Mark jensen wrote: and I have found this line in conf file: LoadModule expires module modules/mod_expires.so but ExpireDefault didn't work There's no such directive in Apache 2.2 as ExpireDefault. Perhaps if you tried ExpiresDefault you might have more success. Note that it takes an argument, so using it without one should still result in a syntax error. Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpHN5ADEPL_X.pgp Description: PGP signature
Re: [users@httpd] Use Allow from IP when there is a proxy exist?
On Thu, Aug 07, 2014 at 09:19:10PM +, Mark jensen wrote: How can I make Apache to deal with the client IP not the proxy IP? Use mod_remoteip. Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgp8PAUHGkopd.pgp Description: PGP signature
Re: [users@httpd] Order of application of sites-enabled configs
On Wed, Aug 06, 2014 at 02:20:26AM -0700, M Busche wrote: I notice that the default virtual host configuration file name is 000-default.conf. I presume the convention of starting virtual host configuration file names with a three digit number governs the order in which the configurations are applied. Can someone point me to the apache docs web page that explains this? Yes, it's explained in http://httpd.apache.org/docs/2.4/mod/core.html#include which specifies (among other very useful information), Shell-style (fnmatch()) wildcard characters can be used in the filename or directory parts of the path to include several files at once, in alphabetical order. HTH, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpNwl3lHJDuf.pgp Description: PGP signature
Re: [users@httpd] Confirmation on Vulnerability Status of Apache HTTP V2.0.50 and when bundled with Brocade FOS V7.1.X
On Tue, Jun 24, 2014 at 12:45:19AM -0400, Kee, Siokkwan wrote: We have an issue currently where documentation released from Brocade indicates Apache HTTP V 2.0.50 is listed as non-vulnerable when bundled together with Brocade FOS V7.1.1. As Brocade has listed this as a non-vulnerability, the latest version of the FOS is currently still bundled with Apache HTTP V 2.0.50. Version 2.0.50 has just celebrated its 10th birthday. In server software terms that is incredibly old. There have been 15 point releases within the 2.0 branch since then and the entire 2.0 branch is now retired. I don't see why any software shipped today would be bundled with such an old version of Apache. (Please refer to the attached listed CVE-2012-0053 in Page 15 onwards on the Vulnerability explanation from Brocade.) However, during the routine Vulnerability Assessment scan, the Apache HTTP V 2.0.50 reflects that this is a vulnerable version. The same is reflected in the Apache HTTP website that this version is vulnerable. Would appreciate advise from Apache.Org team on comments listed by Brocade (whether is it possible for Apache HTTP V2.0.50 not to be vulnerable when bundled with Brocade FOS) so that we may be able to move forward. A quick read of the changelog for v2.0.65 reveals: *) SECURITY: CVE-2012-0053 (cve.mitre.org) Fix an issue in error responses that could expose httpOnly cookies when no custom ErrorDocument is specified for status code 400. which seems fairly clear and from which we can infer a simple workaround. But don't do that - just upgrade Apache instead. Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgphYoVeD1B0F.pgp Description: PGP signature
Re: [users@httpd] mod_rewrite RewriteCond
Hello Michael, The obvious question is why are you using mod_rewrite for access control in the first place? There are other, lighter modules whose purpose actually is access control and which will allow you to use CIDR notation etc. I suggest you take a look at mod_authz_host instead. Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpJnVpkw7VdF.pgp Description: PGP signature
Re: [users@httpd] mod_rewrite RewriteCond
You can set up a reverse proxy and include access control like this: LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so ProxyRequests Off VirtualHost 10.0.0.1:80 ServerName reverse-proxy.example.com Location / allow from 1.2.3.4 2.2.3.4 deny from all ProxyPass http://internal.example.com/ ProxyPassReverse http://internal.example.com/ /Location /VirtualHost No need for mod_rewrite and in my opinion the configuration is much clearer to read. The documentation for proxying is at http://httpd.apache.org/docs/2.2/mod/mod_proxy.html and for access control is at http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html (for the general reader, these are the docs for apache 2.2 which is what Michael reports he is using. The equivalent docs for up-to-date versions are under http://httpd.apache.org/docs/2.4/ etc.) HTH, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgp03TdNU8zHP.pgp Description: PGP signature
Re: [users@httpd] MaxClients exceeded error message
On Fri, Jun 27, 2014 at 03:39:42PM +, Rose, John B wrote: What is the impact of not having a ListenBacklogs Directive in your config? This is covered pretty well in the documentation: http://httpd.apache.org/docs/2.4/mod/mpm_common.html#listenbacklog A cursory read of this tells us that the default is 511. HTH, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpaAXFRWo_VA.pgp Description: PGP signature
Re: [users@httpd] Maxservers
On Wed, Jun 18, 2014 at 06:03:39PM +, Jesus Tellez wrote: I have Apache 2.0.59 That's an eight-year-old version of a legacy branch. If you don't have a truly excellent reason for sticking with that, I suggest that you think about upgrading. and configured start servers=8, but on server-status only 4 are shown StartServers only affects the initial process creation. The number of workers at any time after that will be determined by other factors including (but not limited to) MaxSpareServers and MinSpareServers. also I incresead maxclients to 200 in order to use more RAM available to Apache, is that correct ? MaxClients determines the maximum number of simultaneous requests which can be served. If you have enough RAM to serve 200 simultaneous requests and deal with everything else the OS will be doing then that would be reasonable, yes. Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpZkBZN8N5Sg.pgp Description: PGP signature
Re: [users@httpd] AH00169 and AH00163
Thowe are not errors; they are notices. Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpbD5yARvy_l.pgp Description: PGP signature
Re: [users@httpd] similar proxy rules causing warning
On Wed, Apr 23, 2014 at 03:41:54PM -0600, eric tse wrote: Have proxy rules proxyPass /ABC http://domain.com/abc/ proxyPass /AbC http://domain.com/abc/ And get The Apache service named reported the following error: [xxx xxx xx xx:xx:xx 20xx] [info] worker http://domain.com/abc/ already used by another worker . That isn't an error. Rather it is an informational message which you can tell by the [info] field. You could ignore it if you so wished. These rules are to guide people having typos with capital/small letters to route to same servers. Apache 2.2 is complaining though. In which case why not redirect the wrong path to the right path and only proxy that one? eg. Redirect 301 /AbC /ABC ProxyPass /ABC http://domain.com/abc/ HTH, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgp7aftb9G9pt.pgp Description: PGP signature
Re: [users@httpd] https
From the openssl documentation at http://www.openssl.org/docs/apps/req.html is this list of example field values: [ req_distinguished_name ] C = GB ST = Test State or Province L = Test Locality O = Organization Name OU = Organizational Unit Name CN = Common Name emailAddress = test@email.address Note that this is a copy of the req man page which you referred to says. In the case of a server certificate, the Common Name is the FQDN of the server, eg: www.example.com. The company name which you refer to below] should always go in the O field. There's also some really good documentation on the apache site at http://httpd.apache.org/docs/2.4/ssl/ssl_intro.html which I would recommend going through if all this is new to you. HTH, Pete On Fri, Apr 04, 2014 at 06:47:47PM +0700, Andy Canfield wrote: Well, a while turned out to be one day. Stuck again. I found a web page that had some info on it, It shows a command (openssl req) to create a privately signed SSL key. Unfortunately, it doesn't explain that command, but 'man req 1' has more information such as what '-x509' does for me (this has got to be one of the greatest parameter keywords of all time). However, the example include this on the openssl command line: -subj /O=VirtualH/OU=Virtual/CN=127.0.0.1 The man req 1 page says this consists of a subject line with sub-options /O as VirtualH, /OH as Virtual, and CN as 127.0.0.1, and no blanks. But I can find nothing, NOTHING, that explain what the suboptions of the -subj parameter are. What is O? What is OU? What is CN? Is 'VirtualH' a name for the virtual host? Where is that documented, does anyone know? I'd like to get the company name into that certificate somewhere, but don't yet see how. Thank you. -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpXHqp2lp89J.pgp Description: PGP signature
Re: [users@httpd] How to create Custom Http Status code
The HTTP status codes are defined in httpd.h, so you could just edit them there and recompile. However, I advise strongly against using custom HTTP status codes for what should hopefully be obvious reasons. Perhaps this is an XY problem? Pete On Fri, Mar 28, 2014 at 04:38:06PM +0530, Sailaja Gadireddy wrote: We have a requirement to use custom Http status codes instead of using default codes. Could you please let us know how we can implement this in apache.? -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpzRMtEzNwkn.pgp Description: PGP signature
Re: [users@httpd] FancyIndexing IndexOrderDefault
According to the documentation[1] IndexOrderDefault is a separate directive, so your configuration should be on two lines like this: IndexOptions FancyIndexing IndexOrderDefault Descending Name There is actually an example of this, but it is in the comments. Search for JAKA. HTH, Pete [1] http://httpd.apache.org/docs/2.2/mod/mod_autoindex.html#indexorderdefault On Thu, Mar 20, 2014 at 03:12:07PM -0600, Frank Harrell wrote: I've tried the following (one at a time) in a .htaccess file in a test directory. In my test directory, the following is the only item in the .htaccess file. IndexOptions FancyIndexing IndexOrderDefault Descending Name [...] The Apache documentation does not have an example of syntax for this directive so I'm at a loss. -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgptAsjqCkS_B.pgp Description: PGP signature
Re: [users@httpd] setting up fresh instance with SSL; httpd exiting 1 with no log
On Tue, Mar 04, 2014 at 05:24:59PM -0800, john gale wrote: However, now httpd simply exits with status 1 and no output, either on standard out or standard error. In that case your next port of call is the httpd error log. Always consult this for the detail and raise the LogLevel to get ever more verbosity. HTH, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgp89A3S9Kn4R.pgp Description: PGP signature
Re: [users@httpd] Vhosts behind NAT
On Fri, Jan 24, 2014 at 11:07:35AM +0400, mn wrote: Does it possible to configure the apache so it distinguishes name abc.* and cde.* (used by clients externally) and returns different pages (provided two VirtualHosts are configured)? Which Directives are imlpemented in the case? Or, maybe, the example of such httpd.conf? Yes, it is possible. This is called Name-based virtual hosting and you can read all about it in the Apache documentation: http://httpd.apache.org/docs/2.4/vhosts/name-based.html Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpIlgr4jfEaq.pgp Description: PGP signature
Re: [users@httpd] Apache Directory Level access control
On Tue, Jan 21, 2014 at 12:39:27PM -0500, James B. Byrne wrote: Directory /HLL_Operations Require group management staff /Directory Do you really have a directory at the very top level of your O/S filesystem called /HLL_Operations? It seems more likely that this will be in some subdirectory where all your other web content will be (typically under /var/www/html). What is your DocumentRoot? Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpr7zP1B2LNb.pgp Description: PGP signature
Re: [users@httpd] Apache Directory Level access control
On Tue, Jan 21, 2014 at 03:17:35PM -0500, James B. Byrne wrote: On Tue, January 21, 2014 14:58, Pete Houston wrote: On Tue, Jan 21, 2014 at 12:39:27PM -0500, James B. Byrne wrote: Directory /HLL_Operations Require group management staff /Directory Do you really have a directory at the very top level of your O/S filesystem called /HLL_Operations? It seems more likely that this will be in some subdirectory where all your other web content will be (typically under /var/www/html). What is your DocumentRoot? Pete . . . DocumentRoot /var/data/hll_dav/upload In that case your Directory section should be: Directory /var/data/hll_dav/upload/HLL_Operations Require group management staff /Directory See the documentation at http://httpd.apache.org/docs/2.2/mod/core.html#directory for how Directory sections are specified. You must use the absolute path. HTH, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgp6XgNmauhda.pgp Description: PGP signature
Re: [users@httpd] Re: Curious inability to mod_rewrite absolute paths
On Mon, Jan 06, 2014 at 12:45:27AM -0500, Borden Rhodes wrote: I understand from the docs that Alias directives can't be used in .htaccess files. Is this correct? This inability is partly why I kept struggling with RewriteRules - the other was to force myself to practise regexes and advanced configuration. It is correct. However, the Redirect directive is permitted in access files and that too is provided by mod_alias. http://httpd.apache.org/docs/2.4/mod/mod_alias.html#redirect HTH, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpcOnSD1GAjn.pgp Description: PGP signature
Re: [users@httpd] Re: Curious inability to mod_rewrite absolute paths
On Wed, Jan 01, 2014 at 09:55:48PM -0500, Borden Rhodes wrote: I notice in the log that httpd passes the requests for the first two images through RewriteRule in the .htaccess file. However, the call to fetch /images/bowler.jpeg *doesn't* go through the RewriteRule, but instead (line 50 in the log) goes straight through protocol.c and, predictably, fails. This raises three questions: 1) Why is the absolute path *not* being passed through a rewrite rule but the other two requests are? Because the absolute path does not go anywhere near the dummy directory which is where your .htaccess file is, so the .htaccess file never gets read for that request. 2) Can I change this behaviour from an .htaccess file? 3) If so, how? Put your .htaccess file somewhere that it will actually be read for the requests which you want it to affect. BTW, you don't need mod_rewrite for this sort of redirection. mod_alias would do just as well and be more lightweight and less confusing. Your choice, however. All the best, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpllUdoKzYRC.pgp Description: PGP signature
Re: [users@httpd] Memory leak on 2.2.16
Well, two things jump out from your list of modules. Firstly, there's this: mpm_itk_module (static) Does the problem occur if you use prefork instead? Secondly, there's this: cgi_module (shared) cgid_module (shared) Since I'm unfamiliar with mpm_itk, it may not be a problem there but with a core MPM this would be odd. Ordinarily you would choose one or the other, not both. HTH, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgp6nfeNCVKyC.pgp Description: PGP signature
Re: [users@httpd] undefined reference to tls client method
Hello David, On Fri, Nov 01, 2013 at 03:21:35AM -0700, David Benfell wrote: I built openssl from source. I'm trying to get TLS 1.2 working, which the old and crufty openssl on Centos 6.4 doesn't do. Do I need to do something different to get the development libraries in place? Since it is the build of ab which fails to link to client methods, did you correctly build and deploy these with your build of openssl? If so, you may just need to tell the linker where they are. Try a standalone test of a TLSv1.2 client method with openssl to see if you have built these features correctly. If it works, just pass the lib locations on your apache ./configure line (probably using --with-ssl=DIR). OTOH, if it fails, you'll probably have to revisit your build of openssl. HTH, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpBAiDI6gYgO.pgp Description: PGP signature
Re: [users@httpd] Virtual Hosts and SSL Puzzler
On Tue, Oct 22, 2013 at 08:26:57AM -0400, Dennis Putnam wrote: I get a gray globe indicating partial encryption which does not prevent eavesdropping. I have no clue how to debug this or even where to look. Can someone point me in the right direction? Thanks. This is usually indicative of a page served over https which references some elements served over http (ie. unencrypted). These unencrypted elements are usually images, stylesheets, script files, etc. As such it is unrelated to your server configuration and is entirely down to the content. HTH, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpASDvapH3Ar.pgp Description: PGP signature
Re: [users@httpd] Printing Request Details received at Apache
On Mon, Oct 21, 2013 at 01:19:35PM +0530, santosh kumar wrote: What i need is , i want to print the whole request details which is being received at Apache end. It sounds like mod_log_forensic might be what you are after. http://httpd.apache.org/docs/2.4/mod/mod_log_forensic.html Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpxUdSuKA02l.pgp Description: PGP signature
Re: [users@httpd] Help me understand Waiting for Connection
On Fri, Oct 11, 2013 at 10:52:13AM -0500, Jonathan Dart wrote: If I request http://localhost/server-status; every 1 second for 5 seconds, on the last request apache reports that it has 5 active requests all with a Request of /server-status and a Mode of Operation of Waiting for Connection. They are not active requests. They are previous requests which you can tell because the status of the child is Waiting for Connection. If right away I again request http://localhost/server-status; every 1 second for 5 seconds, the output of server-status basically stays the same showing 5 active requests. This makes me think that for the first 5 requests apache started up a new worker to handle each one, and the worker waited for further requests, but for the next 5 requests apache decided that client had enough workers dedicated to it and recycled the existing waiting workers. Almost right. There are already 5 child proceses there waiting for connections right at the start - they just have no previous request to report at that stage. Apache does not create any further child processes during the duration of your test. The apache children are not dedicated to your client during this test - they will serve any inbound request from any client so long as they are in the Waiting for Connection state. Is what I described above expected? Yes. Is the output of /server-status accurately reporting he status of the server? Yes. What configuration does the number of 5 come from? StartServers (in this particular case). Do have a read of the prefork MPM documentation to learn the meaning of each of the directives and how they govern the behaviour of the server over the long term. http://httpd.apache.org/docs/2.2/mod/prefork.html Good luck, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpotoax2FLSK.pgp Description: PGP signature
Re: [users@httpd] Apache in production without squid
If your apache installation is sufficiently well tuned and has enough resources (chiefly RAM) then it should be fine. For a public example, see http://httpd.apache.org/server-status presently indicating over 800 slots. Good luck, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpZly7GGEsf9.pgp Description: PGP signature
Re: [users@httpd] Apache not recording client addresses correctly
On Mon, Sep 30, 2013 at 06:03:37PM -0700, Andrew Daviel wrote: huh! wtf? - if I enable /server-status, the correct address for the client asking for /server-status, is not just logged, but resolved, even though HostnameLookups is off. But other requests still get the 98.32 address. This reverse resolution will almost certainly be because you are restricting access to that location (/server-status) by name rather than by IP address (perhaps inadvertently). It doesn't explain what you are seeing for other locations, unfortunately. Are you using any third-party modules? Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgp9dXuo8pyMw.pgp Description: PGP signature
Re: [users@httpd] Virtual Hosts Possible for SSL ?
On Tue, Oct 01, 2013 at 04:25:05PM +0100, John McIntyre wrote: Am I doomed to failiure, or is what I'm trying to do, actually possible? No, you are almost there. The problem is that for some reason you have an asterisk in your VirtualHost declaration for domain2. Change that the the actual IP address (or hostname since you're using that for the others) and you should be fine. I'd also swap out the asterisk the NameVirtualHost directive too. HTH, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpgdajGgDATe.pgp Description: PGP signature
Re: [users@httpd] Apache2 hidden files folders
On Tue, Sep 24, 2013 at 06:21:23PM +0200, Sós Dániel wrote: IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t The first term there will prohibit display of your dotfiles. Try removing it and use this instead: IndexIgnore *~ *# HEADER* README* RCS CVS *,v *,t Also, be very careful with this: Files .htaccess order allow,deny allow from all /Files That is not recommended. Good luck, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgp3beFYCvLwv.pgp Description: PGP signature
Re: [users@httpd] Apache2 hidden files folders
On Tue, Sep 24, 2013 at 06:39:09PM +0200, Sós Dániel wrote: This not work, not listing dot files: IndexIgnore *~ *# HEADER* README* RCS CVS *,v *,t It works for me in Apache 2.2.24. Which specific version are you running? Are you sure there are no other IndexIgnore directives in your configuration? Note that the documentation states: Multiple IndexIgnore directives add to the list, rather than the replacing the list of ignored files. Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpa1_3F5tdoz.pgp Description: PGP signature
Re: [users@httpd] Queries regarding the feasibility of achieving a use-case with HTTPD
I take that sentence to be referring to the relationship between the client IP address and the session and to have no connection with the session duration. You as the developer can set the cookie in any way you require. All the best, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgp_iQUDQ8Rz1.pgp Description: PGP signature
Re: [users@httpd] Queries regarding the feasibility of achieving a use-case with HTTPD
On Sat, Aug 24, 2013 at 04:44:46PM +0530, Ajay Garg wrote: Is the above workflow possible by merely using HTTPD, or some form of external proxy-software (like squid) is required? Yes, this is possible with just httpd. If it is indeed possible to achieve the above with just HTTPD, I will be grateful if you could let me know how to add redirections, so that any URL goes via the login.php in-between (of course, if the user has already authenticated once, he is taken directly to the URL). Do not use redirections - use the proper authnz mechanisms instead. For a worked example of how to do it correctly see http://home.digithi.de/digithi/dev/mod_auth_cookie_mysql/ Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpXRU50qQKmg.pgp Description: PGP signature
Re: [users@httpd] Domain Name not working on localhost
Most likely your (new) ISP is not set up to route traffic out and then back in again. Instead, on your client set up a hosts file entry with the private IP address of the server on your LAN and you should be fine. Good luck, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpfWkGEb5TKo.pgp Description: PGP signature
Re: [users@httpd] Re: apache service interruption
On Thu, Aug 01, 2013 at 10:49:59PM -0700, Grant wrote: Do you do this only when under DoS attack or all the time? All the time. Won't you potentially prevent legitimate users from making a single connection if they're connecting with a shared IP from a university campus (for example)? Yes. However, if you don't do it you potentially prevent legitimate users from anywhere from making a connection because some greedy user is using up all your server's resources. How is this accomplished with iptables? With connlimit and/or one of the rate-limiting modules. Just to bring it back on topic, the disadvantage of implementing this at the firewall is that it is very broad-brush (unless you use DPI). You will be limiting connections regardless of the target vhost or path or MIME type or whatever. By doing it in apache with mod_limitipconn or similar you can easily apply stricter limits to heavier content, for example. So, IMHO the best plan is to put an absolute limit in the firewall for the worst possible scenario but then tailor the individual limits for vhosts and content types etc. within apache. Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgp0GpUkERS5h.pgp Description: PGP signature
Re: [users@httpd] Re: apache service interruption
On Mon, Jul 29, 2013 at 11:25:26PM -0700, Grant wrote: ModSecurity looks good and I think it works with nginx as well as apache. Is everyone who isn't running OSSEC HIDS or ModSecurity vulnerable to a single client requesting too many pages and interrupting the service? Not everyone, no. There are other alternatives such as mod_limitipconn and mod_reqtimeout to help with such problems as well. Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpHpyNWw3F78.pgp Description: PGP signature
Re: [users@httpd] Logging Base64 decoded info in access_log
On Fri, Jul 26, 2013 at 12:39:37PM -0700, Jignesh Badani wrote: Thanks Pete, yes, post processing the log file nightly is the option I was considering. I am doing it currently on a per request basis. But I was hoping to avoid it if I could do it in real time by calling on B64 decode on the cookie. I do not see the advantage in doing it in real time over post-processing. The docs are pretty clear on this too. http://httpd.apache.org/docs/2.4/logs.html#piped says As with conditional logging, piped logs are a very powerful tool, but they should not be used where a simpler solution like off-line post-processing is available. which is good advice. Piped logs is an option I did not consider even though I am currently using it for logs rotation. Can you suggest how I can achieve what you are proposing w/o loosing out on the log rotation functionality. I have the following in my httpd config: --- CustomLog |/opt/apache/bin/rotatelogs /opt/apache/logs/access_log 86400 combined env=!dontlog #where dontlog are a couple of load balancers IP address I want to keep out of the access logs. --- If you go against the advice in the documentation and decide to do it with piped logs just use something like CustomLog |/path/to/filterprog | /opt/apache/bin/rotatelogs /opt/apache/logs/access_log 86400 combined env=!dontlog And remember the docs also say: Piped log processes are spawned by the parent Apache httpd process, and inherit the userid of that process. This means that piped log programs usually run as root. It is therefore very important to keep the programs simple and secure. Good luck, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpIkpKQsVEqA.pgp Description: PGP signature
Re: [users@httpd] Log Time != Server Time
Yes, it's pretty simple, assuming that you mean that apache should run as UTC (GMT) and the other, non-apache processes on the machine should be unaffected: $ export TZ=GMT $ apachectl stop $ apachectl start Make sure to include this env var in the apache boot script too. OTOH, if you mean you want apache to run as UTC-4 but log as UTC, then that's a different matter altogether (and I'd recommend against it anyway). HTH, Pete On Fri, Jun 21, 2013 at 12:04:05PM -0400, Bradley Andersen wrote: I need requests to be logged using a different time zone than the apache server's time zone. For example, if my timezone happens to be UTC-4, I would like the logs to report requests as UTC, while keeping the apache server time zone set as UTC-4. Is this possible natively (to apache)? -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpVL3UAhGjVY.pgp Description: PGP signature
Re: [users@httpd] default linux apache password
On Thu, Jun 13, 2013 at 01:37:33PM +0200, Rafnews wrote: All files/folder that are under /publi_html should have apache as user/group permissions. This statement is incorrect and is the cause of your problems. The httpd process owner should not be the owner of your users' files, it only requires read access to them in order to serve them. Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgp4uO1vxxyHm.pgp Description: PGP signature
Re: [users@httpd] users file/folder access outside public_html
On Sat, May 25, 2013 at 01:39:51PM +0200, Rafnews wrote: Questions: 1. how can i allow user to have access to folder/files outside public_html ? You could use aliases or a specific handler. 2. how can i secure that user A has access to his own files ONLY ? This is called authorisation and you can read all about how apache does it here: http://httpd.apache.org/docs/2.4/howto/auth.html i searched on internet for some help but i did not find anything really revelent...only theory and no really in details. I am very surprised to hear this. If you cnosider for a moment you will soon realise that every site on the web which allows users to store private content does this. Many of those sites are open source. Start with diaspora, maybe, and go from there. https://github.com/diaspora/diaspora Good luck, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpoEcRy_tfld.pgp Description: PGP signature
Re: [users@httpd] option indexes and rewrite
I would use DirectoryIndex and mod_autoindex for this and certainly would not go anywhere near mod_rewrite. DirectoryIndex c-en.html Options +Indexes I'd humbly suggest however that you try to avoid filenames with leading spaces. As you are new to it, it is also worth pointing out that Apache 2.0 is deprecated in favour of 2.2 or 2.4. HTH, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpSuqZZV71GX.pgp Description: PGP signature
Re: [users@httpd] Re: File renders differently when opened through Apache or direct, why?
On Sat, May 11, 2013 at 01:34:47PM +0200, Bo Berglund wrote: Since the data being transferred to FireFox looks exactly like what is being used when I open the file directly in FireFox, why does FireFox not display it in the same way? When you open the file directly from the filesystem, there is no HTTP header. When accessing the file over HTTP there is a header and it will specify the MIME type, which is set by Apache. This is what mod_mime does. http://httpd.apache.org/docs/2.4/mod/mod_mime.html HTH, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpZxdfQdKyZM.pgp Description: PGP signature
Re: [users@httpd] Rewrite Rule Rewriting root site
On Mon, Apr 15, 2013 at 06:57:13PM -0400, Chris Arnold wrote:
We have a server at http://rootsite.net. We also have another site/app that
runs at http://apps.rootsite.net. We host client applications on our server
using apache so the above site/app needs to be
http://apps.ourclientsdomain.tld. Here is what i have gotten to work in the
site/app virtual host file:
ServerName apps.*
RewriteEngine On
RewriteCond %{HTTP_HOST} ^apps\.
RedirectMatch ^/$ /somealias/
This appears to work, however, it has also taken over our root site. So
http://rootsite.net now takes you to http://rootsite/somealias. How can i
stop this from happening? I assume i have something amiss in the above
rewrite?
Here is a possible solution without mod_rewrite:
VirtualHost 1.2.3.4:80
ServerName rootsite.net
... config specific to this site here ...
/VirtualHost
VirtualHost 1.2.3.4:80
ServerName apps.rootsite.net
ServerAlias apps.*
... config specific to this other site here ...
UseCanonicalName Off
RedirectMatch ^/$ /somealias/
/VirtualHost
In this way the Redirect only applies to the virtual hosts which are
specified and leaves all others untouched. The added bonus is that you
can avoid loading the heavy mod_rewrite at all.
HTH,
Pete
--
Openstrike - improving business through open source
http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107
pgpBe7Xq9Hflx.pgp
Description: PGP signature
Re: [users@httpd] Apache not responding to external requests
On Fri, Apr 19, 2013 at 08:44:48AM -0500, Neil Aggarwal wrote: This is strange. I did a fresh install of CentOS 6.4 on a virtual server and then did a yum install httpd. The apache server responds to local requests but not requests over eth0. I checked the Listen directive in httpd.conf and it is not restricted. 1. As it's a fresh install, check your firewall configuration. If you haven't specifically modified it you will have the default CentOS configuration which won't allow inbound to eth0:80. 2. If the firewall is OK, check whether apache is actually bound to the eth0 address or not. If not, fix that - see the apache error log at startup for reasons why the bind might fail (eg. you accidentally installed squid or something else which grabbed it, maybe?). If apache is bound to the right ip+port and the firewall allows the traffic, then check the apache error log and the system error logs for traces of your request and debug from there. If there is no evidence of your request arriving at the server, try a packet sniffer to see what's happening. Did something change in the default configuration of httpd to stop it from listening on eth0? Not that I'm aware of. Good luck, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpML0pC2md3N.pgp Description: PGP signature
Re: [users@httpd] RewriteRule help
No need to use RewriteRule for that, simply use Redirect. Redirect /products/flash /flash http://httpd.apache.org/docs/2.4/mod/mod_alias.html#redirect Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgp4dt348_YPR.pgp Description: PGP signature
Re: [users@httpd] How to run httpd server on random port on every bootup
Yes, there is. You can use -C to specify the default port. See http://httpd.apache.org/docs/2.4/programs/httpd.html#options and http://httpd.apache.org/docs/2.4/mod/mpm_common.html#listen - just make sure you don't over-ride it in your httpd.conf. However, I cannot think of any use case for this. Would you care to enlighten us? Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgptWgXgBc0qm.pgp Description: PGP signature
Re: [users@httpd] Errorlog for cgi and Perl
On Tue, Mar 19, 2013 at 08:29:56PM -0400, Pierre Forget wrote: If I make a voluntary error in my Perl script, I get in the /httpd/domainname/logs/error_log: [Tue Mar 19 20:19:25.500222 2013] [cgid:error] [pid 17263:tid 2921331520] [client 24.122.245.237:56995] End of script output before headers: testerreur.pl And in the Apache error log (/httpd/usr/local/apache2/logs/error_log), I get the real error message that I need: syntax error at testerreur.pl line 43, near , This suggests that you might be running either worker or event MPM in your new installation as opposed to prefork in your older ones. The threaded MPMs use mod_cgid instead of mod_cgi with the type of side-effect regarding the error logs which you describe. Is that the case? Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgp2LfMwETmA8.pgp Description: PGP signature
Re: [users@httpd] Upgrade Apache from 1.3.22 to the latest version
On Thu, Mar 14, 2013 at 10:27:55AM +0530, vitthal@tatamotors.com wrote: We have Apache version(Oracle HTTP Server Powered by Apache/1.3.22 (Unix) running on 9i E-businees suite(9.2.0). What is the step by step procedure of upgrading it to the latest version. Start by reading this: http://httpd.apache.org/docs/2.0/upgrading.html Then this: http://httpd.apache.org/docs/2.2/upgrading.html and finally this: http://httpd.apache.org/docs/2.4/upgrading.html Clearly this only deals with upgrading apache - other parts of the Oracle subsystem will be a matter for another list. Good luck, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpmAg12vEidR.pgp Description: PGP signature
Re: [users@httpd] AliasMatch and permission problem
On Sat, Feb 16, 2013 at 12:00:15PM +0100, Gergely Buday wrote: I created a 'web' group and put my user and apache into it, and gave 640 for the files and 750 for the dirs. ... $ ls -ld wp-admin/ drwxr-x--- 9 gergoe web 4096 Sep 7 08:54 wp-admin/ What do you suggest to fix this? You will need to make your apache instance run as group web for that to work. In your httpd.conf you should have a line like this: Group web Also, check your various Allow and Deny settings to make sure access to that directory is permissible. If it still fails after that, check the audit log to make sure the directory has the right context. Good luck, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpnZ3mZFbaZj.pgp Description: PGP signature
Re: [users@httpd] AliasMatch and permission problem
On Sat, Feb 16, 2013 at 12:37:12PM +0100, Gergely Buday wrote: Pete Houston wrote: If it still fails after that, check the audit log to make sure the directory has the right context. Oops, could you explain what a context is? This one: http://httpd.apache.org/docs/2.2/mod/directive-dict.html#Context or something else? No, I was meaning the SELinux context. If SELinux is preventing access the details will be in the audit log. If you have just created this tree within your home directory, it probably won't have the context Apache expects and you might either need to change the contexts or set some SELinux booleans to allow them. Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpr1L5UNDwHK.pgp Description: PGP signature
Re: [users@httpd] Disable custom modules for a specific directory in my web server
Hello Chris, Not sure how well it would work for your particular situation, given the embedded nature, but one approach to this may be to run 2 completely separate apache instances. This is often done on servers to distinguish between lightweight and heavy content: eg. have one stripped down apache for serving images and static HTML and another one for heavy dynamic content such as mod_perl. The main downside is that you would need to bind them to either separate IP addresses or separate ports. eg. have your heavy server bound to 127.0.0.1:80 and the lighter, faster one to 127.0.0.1:81. You can even proxy from the lighter to the heavier if it all needs to appear as a single IP/port combo from the outside. They could have completely different configurations or share as much or as little as required. HTH, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgp9QJiEBl4wu.pgp Description: PGP signature
Re: [users@httpd] WebDav setup
On Fri, Jan 18, 2013 at 12:39:36PM +0200, Johan Moraal wrote: Location /usr/local/apache2/htdocs That's not the correct argument for Location. Location takes a web path, not a filesystem path. Eg. if your FQDN is www.foo.com and you wanted a Location section to match http://www.foo.com/bar/ you would need something like Location /bar/ See http://httpd.apache.org/docs/2.4/mod/core.html#location for more info. HTH, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpJ0mnXZJzIe.pgp Description: PGP signature
Re: [users@httpd] forward proxy with SSL Termination
On Fri, Jan 11, 2013 at 11:37:44AM +0200, Chris Datfung wrote: How can I configure Apache to forward proxy requests while terminating SSL connections for inspection and then reencrypt the traffic? That won't be trivial, which is a good thing otherwise https would be pretty pointless from a privacy point of view. If you really do want to do this, then perhaps using something like mitmproxy would be easier? http://mitmproxy.org/ Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpCnxE1KadwS.pgp Description: PGP signature
Re: [users@httpd] Default configuration: who replies with a 403 Forbidden document?
On Thu, Dec 13, 2012 at 11:14:29AM +0100, Daniele Imbrogino wrote: But why the client on 192.168.1.3 receives also a (very basic) HTML page explaining the error, if I don't have any ErrorDocument directive? (and the few present in httpd.conf by default are commented) This is explained in the documentation for ErrorDocument at http://httpd.apache.org/docs/2.4/mod/core.html#errordocument in the paragraph which begins The first option is the default ... HTH, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpQeekXvhJnf.pgp Description: PGP signature
Re: [users@httpd] re-write rule
Your regex in this line: RewriteRule ^stuff$ https://diversity.umn.edu/disability/request/exam[R=301,L] does not match stuff.html so you could change it to ^/stuff\.html$ or similar. Enable the rewrite log if you want to see what the rewrite engine is doing in detail. Good luck, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpx6Enb2Afo3.pgp Description: PGP signature
Re: [users@httpd] ScriptAlias/cgi-bin for apache instance on port 8080
If you look in the error log it should tell you precisely which path it is that has not been found, ie. after all the aliasing and so forth this will tell you precisely where on the filesystem it is looking for the content that is not found. HTH, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgp4CIcL1Mieo.pgp Description: PGP signature
Re: [users@httpd] Is there any way to encrypt/obfuscate apache conf files
Hello Sudip, On Fri, Nov 09, 2012 at 01:51:53PM +0530, Bhattacharya, Sudip wrote: Is there any way to obfuscate/encrypt conf files in Apache? I'm not aware of a direct method. Perhaps mod_macro could be used for obfuscation. I have put my configuration entries in a separate config file, and am including it in the main httpd.conf file. My requirement is to encrypt/obfuscate only my custom conf file. I'm sure you have your reasons for this, but it sounds like asking for trouble. If you just want to stop users reading the file because it contains sensitive info (like database passwords, maybe?) then perhaps just a simple chown root custom.conf chmod 0600 custom.conf would suffice? You would need to be starting apache as root in order to bind to the low port numbers anyway and this means that only your custom file is unreadable by others - httpd.conf could still be read by anyone. HTH, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpJEiYI00Fn5.pgp Description: PGP signature
Re: [users@httpd] Need help with multiple SSL certs + multiple domains
Make sure each set of virtual hosts which requires a different certificate is run on a unique IP+port combination. eg: IP:PortServernameCertificate 10.0.0.1:8000 www.foo.com *.foo.com 10.0.0.1:8000 www2.foo.com *.foo.com 10.0.0.1:8001 www.bar.com *.bar.com 10.0.0.1:8001 www2.bar.com *.bar.com 10.0.0.2:8000 www.baz.com *.baz.com 10.0.0.2:8000 www2.baz.com *.baz.com HTH, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpFMpTGPogj5.pgp Description: PGP signature
Re: [users@httpd] Set multiple DocumentRoot
On Sun, Oct 28, 2012 at 04:04:36PM +1100, jupiter wrote: VirtualHost *:80 ServerName 192.168.1.101 DocumentRoot /tmp /VirtualHost The 8080 works, but 80 got an error of Permission denied: file permissions deny server access: /tmp/index.html. I don't see any permission problems: Apache may be prevented from directly accessing /tmp by another security layer such as SELinux or AppArmor. Having /tmp as a DcoumentRoot is almost never a good idea, so why not make your second DocumentRoot /var/www/html2 for example? Also, you don't need those NameVirtualHost directives because as you stated in the original post you are not using name-based virtual hosting. Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpB7JL2Z6BpJ.pgp Description: PGP signature
Re: [users@httpd] public_html folder in chroot environment
On Fri, Oct 26, 2012 at 10:35:35AM +0530, val john wrote: Seems like apache not getting username second time when using * character That's correct - it is only the first occurrence of an asterisk in the UserDir path which is replaced. Since you are already chrooting individual users into their own chroots (or so it appears) the solution is to put their web space at eg. /mnt/ftphome/chroot/username/var/www/html instead. You will have to ensure that the user has write access to there, of course. HTH, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgp7fUEAbZqJl.pgp Description: PGP signature
Re: [users@httpd] Set multiple DocumentRoot
On Fri, Oct 26, 2012 at 08:02:11PM +1000, jupiter wrote: I need to set DocumentRoot to two directories, one for development and one for testing. But the server has only one IP address, and there is no DNS. Is it possible? If so, please give an example. Use different ports. You can set up two virtual hosts, eg. one on port 80 for testing and one on port 8080 for development. Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpm7s1Kcrdo1.pgp Description: PGP signature
Re: [users@httpd] Locking Down httpd w/virtualhosts
On Tue, Oct 23, 2012 at 12:38:39PM +1000, Nick Edwards wrote: was hoping for a general cgi solution tha works the same, perhaps its there and my google fu is failing me today? Something like sbox? http://stein.cshl.org/software/sbox/ If not, could this be a feature request, it can not be that much of a resource issue as far as I can see since it already does this for php module. maybe --with-suexec-docroot=/var/www could be modified to stop upper level traversals? I am not a programmer so I have idea. I do not see any need to have this in core apache. There is already a DocumentRoot for non-CGI restrictions and if you want to impose similar restrictions on your CGI environment then handling that within the CGI by use of something like sbox seems to be the way to go - no need to burden Apache with that. Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgp7k2XKvfAQY.pgp Description: PGP signature
Re: [users@httpd] apache 2.4.3 and Require instead of Allow from
On Mon, Oct 22, 2012 at 11:44:44PM +0200, Alain Roger wrote: How can i do to restrict this folder/website to 2 ip addresses (e.g. 192.168.1.10 and 192.168.2.50) ? Require ip 192.168.1.10 192.168.2.50 as specified in the documentation at http://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#require Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpt7hiHngujk.pgp Description: PGP signature
Re: [users@httpd] How to conditionally enable mod_deflate?
This sounds like a job for mod_negotiation to me. Any reason not to use that instead? Pete On Fri, Oct 19, 2012 at 09:14:35PM +0530, Bhattacharya, Sudip wrote: I need to conditionally enable mod_deflate for clients who send a particular custom HTTP Request Header. -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpRNtMhlohx0.pgp Description: PGP signature
Re: [users@httpd] Uploading files to Apache Server
On Mon, Sep 24, 2012 at 05:22:11PM +0530, Bhattacharya, Sudip wrote: Also note that the file uploads will be via a JAVA application (not servlet/manual uploads). So whatever is the option, it should enable uploads via a java application. The files to upload will vary from 1mb to 30mb to upto 100mb (rare). Average size would be 5mb. WAN connection would restrict bandwidth to 30-40kbps speed per connection. So the option should be able to sustain a file upload on such a slow WAN connection. That makes it sound like these are data files and not code. If that's the case then why not just have your client side Java execute an HTTP POST request and put a handler script on the server side to receive and process it? Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpRzAMjeUp3f.pgp Description: PGP signature
Re: [users@httpd] can't display or download images on new Apache install
On Wed, Sep 19, 2012 at 11:04:46AM -0400, Rick Lopez wrote: However, if I open the index.html file as a file with Firefox it works fine. I see the following message in the Firefox error console. security error: content at 192.168.1.10 may not load or link to file://usr/local/apache2/images/08063.jpg That would suggest that your HTML file is linking to the filesystem rather than through HTTP. Check that the links in your HTML are correctly formed as http references. I am running this on Red Hat Enterprise 6 with the current Apache version. Presumably you mean the version currently supplied by RedHat for RHEL6, which is 2.2.15? The current Apache version is 2.4.3 (or 2.2.23). Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpRZhmJtagfa.pgp Description: PGP signature
Re: [users@httpd] can't display or download images on new Apache install
On Wed, Sep 19, 2012 at 01:08:32PM -0400, Rick Lopez wrote: Thanks for the reply. To clarify I am running Apache 2.4.3. I also used Kompozer to create the index.html file so I assumed it was creating the correct syntax. Kompozer created this for the embedded jpg file: src=file:///usr/local/apache2/images/DN-SD-99-05859.JPG and this for the tif file I wanted to be able to download via a link: a href=file:///usr/local/apache2/images/DF-ST-89-06284.tif If I understand correctly I need to do something like this? href=http://192.168.1.10/usr/local/apache2/htdcos/images/DN-ST-89-07213.tif I did try that for both the embedded jpg with the same result and the linked tif. I know get a file not found error. You are almost there. The path part of the url should start from the DocumentRoot (likely htdocs) so it should be something like href=http://192.168.1.10/images/DN-ST-89-07213.tif; although you can also use relative links, which is almost always the better idea if the destination is on the same server. Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpsVhitH1hEA.pgp Description: PGP signature
Re: [users@httpd] Apache 3.4.3 or 3.3.1 Pre-Compiled Versions
On Wed, Sep 12, 2012 at 06:07:18AM -0700, Frank Mancini wrote: Does anyone know where I can get a pre-compiled version for both Linux and Solaris of Apache 3.4.3 and 3.3.1? Those versions do not exist (yet). A reasonable guess for the former would be 2.4.3 since that is the current recommended version. I'm not aware of compiled versions of 2.4.3 available to download. Why not compile from source? Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpBCDeGHmA0x.pgp Description: PGP signature
Re: [users@httpd] What verification does Apache do as part of SSLVerifyClient?
On Sun, Sep 09, 2012 at 08:36:30AM -0500, Tom Browder wrote: So the client cert. does contain the private key? Then its password is all that is protecting it? No, the key is normally (but not always) kept separately. Mark, in your experience, what is the best way to distribute client certificates? 1. End user creates private key and CSR. 2. End user sends CSR to the CA (you). 3. The CA (you) examines the CSR and if the CA (you) thinks it is all correct and the client is who they say they are, etc., creates a signed certificate from the CSR and sends it back to the user. By doing this no private key goes over the network and the CA never knows the end user's passphrase. HTH, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgp4jjF3yPPxu.pgp Description: PGP signature
Re: [users@httpd] Can somebody help me to understand the strange GET requests logged in access.log and error.log ?
On Mon, Aug 13, 2012 at 06:07:20PM +0200, Carlo Traversa wrote: but I still see GET requests in the access.log So is there something I did wrong or I didn't understand? The access log will (by default) contain all the requests to the server which are handled by apache, even if that handling is just to deny them. You can configure the logging to include the HTTP status code (maybe you have done so already - without an example of these lines in the log or knowing how you have set up your vhost_combined LogFormat, we cannot know) and then by examining that convince yourself that they are being handled correctly by your configuration. Handy link to logs documentation: http://httpd.apache.org/docs/2.4/logs.html#accesslog HTH, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpNXvhgTwmc7.pgp Description: PGP signature
Re: [users@httpd] Error compiling httpd 2.2.11 with openssl 0.9.8 on rhel 6
On Wed, Jul 25, 2012 at 04:56:48PM -0700, Fleishman.Mark wrote: I compiled openssl 0.9.8x using these options, and it compiled and installed ok: ./config --prefix=/apps/openssl/0.9.8x --openssldir=/apps/openssl/0.9.8x/openssl shared Here are the compile options I am using with httpd 2.2.11: ./configure \ --prefix=/apps/apache/2.2.11_64 \ --enable-so \ --enable-ssl \ -with-ldap \ --enable-mods-shared=all \ --with-ssl=/apps/openssl/1.0.0x/ \ --with-mpm=worker \ $@ Any assistance would be appreciated. Well, it does appear at first glance that you are not configuring apache to use the openssl version you have just compiled. If you change the argument to --with-ssl to be the correct path, that may be all you need. HTH, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgp9EpYuvDSEA.pgp Description: PGP signature
Re: [users@httpd] SSI not working
On Wed, Jul 18, 2012 at 06:00:45PM -0400, Dunkle, Edward (Edward) wrote: Options +IncludesNOEXEC FollowSymLinks Don't do that. If you mix +/- options with non-+/- options you'll have problems. Instead use maybe Options +IncludesNOEXEC +FollowSymLinks HTH, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpYc9vLg68gd.pgp Description: PGP signature
Re: [users@httpd] apache changes status code from 500 to 200
Sounds like you want mod_asis: http://httpd.apache.org/docs/2.4/mod/mod_asis.html Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpjatXwibclp.pgp Description: PGP signature
Re: [users@httpd] apache changes status code from 500 to 200
On Wed, Jul 11, 2012 at 03:21:12PM +0200, Ruud Dozijn wrote: I have put this in my httpd.conf: Location /cgi SetHandler perl-script PerlHandler ModPerl::Registry Options ExecCGI ErrorDocument 400 /handlers/400.h /Location Location /handlers SetHandler send-as-is /Location What I would really like to obtain is that the output of my cgi script (being a complete html document including headers) is not handled by any error handler. Firstly, it turns out that it isn't a CGI script but rather a mod_perl2 registry script - different beast entirely. And given that, I'm surprised that you aren't using PerlOptions +ParseHeaders as suggested in the docs at http://perl.apache.org/docs/2.0/user/intro/start_fast.html#Registry_Scripts Perhaps that will provide the functionality which you require. Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgp19o7Pa0kl1.pgp Description: PGP signature
Re: [users@httpd] chinese character support
On Wed, Jun 20, 2012 at 02:17:53PM -0500, Terry wrote: This is my first experience with a non-english character set so please excuse me if the answers are obvious. We have a Centos 5 box with apache 2.2.3 serving several english websites. We have a request from the customer to serve up a chinese site with a chinese domain as an alias to an english domain. 1. How do I configure apache to handle this? Use ServerName with your English domain and ServerAlias with your Chinese domain using the xn--* format. 2. Any other gotchas from experience? Check your default character set and adjust it in that vhost if required. Your customer will probably want the errordocs in their preferred language as well. Good luck, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpshfnsZ0KxF.pgp Description: PGP signature
Re: [users@httpd] trouble with virtualhost in http/https
You cannot have 2 https sites with different certificates sharing the same IP+port combination. This is a restriction of how https works and is outlined in the documentation here: http://httpd.apache.org/docs/2.4/ssl/ssl_faq.html#vhosts If you ensure that your https vhosts have either different IP addresses or different ports then they can be correctly served. Pete On Sat, May 26, 2012 at 09:43:18PM +0200, Alain Roger wrote: I did as in the documentation: # Ensure that Apache listens on port 80 Listen 80 # Listen for virtual host requests on all IP addresses NameVirtualHost *:80 VirtualHost *:80 DocumentRoot /www/example1 ServerName www.example1.com # Other directives here /VirtualHost VirtualHost *:80 DocumentRoot /www/example2 ServerName www.example2.org # Other directives here /VirtualHost everything in the httpd-vhosts.conf file of xampp... but both website have https...and basically the first defined is the default one...and this is something i can't allow... so how to do to be sure that if user is in http://www.website2..loc and select clicks on link as https...he goes to https://www.website2.loc and not https://www.website1.loc ? -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpmhNzrQx21k.pgp Description: PGP signature
Re: [users@httpd] Denial of Service due to multiplication of httpd running
On Wed, May 23, 2012 at 07:47:37PM -0700, Bill Unruh wrote: But this is clearly a horrible kludge. Is there any way I can figure out what is triggering these versions of httpd to be piling up? Since you've looked at the logs and not found anything there (or at least eliminated what problems you have found), mod_status would be a good next step. If there is some reason why you cannot enable mod_status, then check who is holding the connections open with netstat. Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpLeiMjeF0o6.pgp Description: PGP signature
Re: [users@httpd] Rewrite Role: navigation toolbar trouble
If you can solve it with a symlink in the filesystem then the equivalent in the httpd configuration is to use an Alias. Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpSpcXfWVOSK.pgp Description: PGP signature
Re: [users@httpd] Denial of Service due to multiplication of httpd running
A dozen or so idle processes is perfectly normal for prefork (which you are clearly running, BTW). Only worry about this if there are a consistently high number of idle processes (say 30 or more for a lightly loaded server) in which case you can tune the value of MaxSpareServers to suit. Have a read about the prefork MPM in the documentation: http://httpd.apache.org/docs/2.2/mod/prefork.html If the number of idle processes is consistently higher than MaxSpareServers you have a bug. HTH, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpLmBFr5pO8l.pgp Description: PGP signature
Re: [users@httpd] Redirecting a domain to another using Rewrite rules
On Wed, May 16, 2012 at 07:39:17PM -0400, Desilets, Alain wrote: When I try to go to www.wiki-translation.com, I see the url wiki-translation.wiki4us.com in the browser (which is not what I want... I want to keep the original www.wiki-translation.com url). In that case the approach will depend on whether both requests are handled by the same server. If they are, then a ServerAlias is what you need. If not, a proxy will be required. Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgp6dL4qEv2Wc.pgp Description: PGP signature
Re: [users@httpd] Redirecting a domain to another using Rewrite rules
On Wed, May 16, 2012 at 05:06:24AM -0700, Desilets, Alain wrote: I need to forward a domain www.wiki-translation.com to a different location wiki-translation.wiki4us.com, while preserving the original url. I have been trying to do this for 30 mins now, using Rewrite rules, and nothing works. Why would you use a RewriteRule when you could simply use a Redirect? In case you are not aware of this, it is documented here: http://httpd.apache.org/docs/2.4/mod/mod_alias.html#redirect Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgp3W8ENxSOa6.pgp Description: PGP signature
Re: [users@httpd] Help troubleshooting performance issue, after 1000 total children Apache no longer responds to HTTP requests. Not MaxClients issue?
On Thu, May 03, 2012 at 08:33:58AM -0300, Luis Fernando Alen wrote: Perhaps your prefork settings are the cause of the issue. Look, you have 80 StartServers and 120 MaxSpareServers, and with such settings, apache can spawn 9600 (80*120) children. That's not how prefork works. I think you are confusing prefork with a threaded MPM? Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgp3DvbqK1aCC.pgp Description: PGP signature
