Re: [users@httpd] Apache HTTP Server 2.4 EOL

[Yehuda Katz]

There is no planned EOL for 2.4, but you should always be on the most
recently released version - currently 2.4.59 - or possibly on a version
maintained by your OS distribution to keep up with the latest security
patches.

On Mon, May 13, 2024 at 10:50 PM Ehmann G  wrote:

> i tried searching on Google for the end-of-life support information for
> Apache HTTP Server 2.4 but couldn't find any useful results. I also checked
> the Apache website but didn't find any details on this topic. Does anyone
> have any relevant information?
>

Re: [users@httpd] openssl comand(s) for https mode on apache 2.4 on windows.

[Yehuda Katz]

I have always had issues with OpenSSL on Windows, so I gave up and started
using xca (https://hohnstaedt.de/xca/). I created a root certificate that I
imported into the Windows trust store and I create new certificates for
each website in my dev environment.

- Y

On Tue, Apr 16, 2024 at 9:26 PM General Email <
general.email.12341...@gmail.com> wrote:

>
> This is also not relevant to what I am stating. If you develop, do it
>> regardless of http/https that is convenient for everyone. It will be to
>> your own benefit. If you have to host the application on your own server,
>> so be it. It will be easier with choosing your https solution. You could
>> already be developing it now, and later you can check how to use openssl.
>> Last thing you want, is an application that forces https or http.
>>
>
>
> http is an insecure protocol. I don't want my website to run on http. So,
> I am hardcoding https in links in my website that refer to pages in my
> website.
>
> Now, I know that you will write why not redirect http to https by default.
> The problem with this is that if the website gets migrated to different
> provider and if people forget to redirect http to https in new setup then
> it will become a security problem.
>
> Hardcoding https solves all issues.
>
>
>

Re: [users@httpd] Measurements of htaccess processing penalty

[Yehuda Katz]

The whole point of .htaccess files is that they aren't cached, it gives
users who are not able to control the server the ability to make
configuration changes. If you can control the server process, you should
prut configuration in  sections that are loaded at start time
which are then cached in memory by the server process.

- Y

On Mon, Mar 4, 2024 at 2:34 PM Marc  wrote:

> If you are testing, can you do it again with putting the .htaccess in
> cache? I am just curious :)
>
> https://hoytech.com/vmtouch/
>
> >
> > The HTTPD documentation says "You should avoid using .htaccess files
> > completely if you have access to httpd main server config file. Using
> > .htaccess files slows down your Apache http server. Any directive that
> you
> > can include in a .htaccess file is better set in a Directory block, as it
> > will have the same effect with better performance."
> > I wanted to see if I could measure how much slower it is and boy does it
> > make a difference. (This is actually part of my PhD research into how to
> > better understand configuration management.)
> >
> > I built HTTPD from source with a lot of debugging features (i.e.
> symbols, no
> > compiler optimization), so these specific numbers are only valid in the
> > context of this test, but they are still interesting.
> >
> > I created a file DOCUMENT_ROOT/1.txt containing just the text "1" (Short
> > URL) and a file
> > DOCUMENT_ROOT/1/2/3/4/5/6/7/8/9/10/11/12/13/14/15/16/17/18/19/20/21.txt
> > containing the text "21" (Long URL).
> > I used ab to run get requests, first 10,000, then 100,000, then 100,000
> > again, just to check for variability (and it turns out there isn't any
> > significant variability). I ran ab on the same machine as httpd.
> > I ran the requests first with AllowOverride None, then with AllowOverride
> > All but no .htaccess files, then with AllowOverride All and .htaccess
> files
> > with a mix of "Require all denied" and "Require all granted".
> > I also collected the number of instructions executed by the system using
> > perf.
> >
> > Here is a quick summary of the results:
> >
> > AllowOverride None / Long URL:
> > - 1.367 seconds
> > - 13.637 seconds
> > - 13.607\ seconds
> >
> > AllowOverride None / Short URL:
> > - 1.283 seconds
> > - 12.981 seconds
> > - 12.989 seconds
> >
> > AllowOverride All / Long URL:
> > - 2.002 seconds
> > - 20.015 seconds
> > - 20.032 seconds
> >
> > AllowOverride All / Short URL:
> > - 1.370 seconds
> > - 13.581 seconds
> > - 13.590 seconds
> >
> > AllowOverride All / Long URL with `.htaccess` files:
> > - 3.062 seconds
> > - 31.042 seconds
> > - 31.122 seconds
> >
> > AllowOverride All / Short URL with `.htaccess` files
> > - 1.431 seconds
> > - 14.487 seconds
> > - 14.461 seconds
> >
> >
> > The change in perf counters matched the changes in wall clock time.
> > The only thing surprising about any of these results was the magnitude of
> > the performance effects.
> > I think it is most interesting that for this example of a path 20
> > directories deep, having an extra .htaccess file nested in each directory
> > actually doubled the amount of time it took to process the request.
> >
> > - Y
>

[users@httpd] Measurements of htaccess processing penalty

[Yehuda Katz]

The HTTPD documentation says "You should avoid using .htaccess files
completely if you have access to httpd main server config file. Using
.htaccess files slows down your Apache http server. Any directive that you
can include in a .htaccess file is better set in a Directory block, as it
will have the same effect with better performance."
I wanted to see if I could measure how much slower it is and boy does it
make a difference. (This is actually part of my PhD research into how to
better understand configuration management.)

I built HTTPD from source with a lot of debugging features (i.e. symbols,
no compiler optimization), so these specific numbers are only valid in the
context of this test, but they are still interesting.

I created a file DOCUMENT_ROOT/1.txt containing just the text "1" (Short
URL) and a file
DOCUMENT_ROOT/1/2/3/4/5/6/7/8/9/10/11/12/13/14/15/16/17/18/19/20/21.txt
containing the text "21" (Long URL).
I used ab to run get requests, first 10,000, then 100,000, then 100,000
again, just to check for variability (and it turns out there isn't any
significant variability). I ran ab on the same machine as httpd.
I ran the requests first with AllowOverride None, then with AllowOverride
All but no .htaccess files, then with AllowOverride All and .htaccess files
with a mix of "Require all denied" and "Require all granted".
I also collected the number of instructions executed by the system using
perf.

Here is a quick summary of the results:

AllowOverride None / Long URL:
- 1.367 seconds
- 13.637 seconds
- 13.607\ seconds

AllowOverride None / Short URL:
- 1.283 seconds
- 12.981 seconds
- 12.989 seconds

AllowOverride All / Long URL:
- 2.002 seconds
- 20.015 seconds
- 20.032 seconds

AllowOverride All / Short URL:
- 1.370 seconds
- 13.581 seconds
- 13.590 seconds

AllowOverride All / Long URL with `.htaccess` files:
- 3.062 seconds
- 31.042 seconds
- 31.122 seconds

AllowOverride All / Short URL with `.htaccess` files
- 1.431 seconds
- 14.487 seconds
- 14.461 seconds

The change in perf counters matched the changes in wall clock time.
The only thing surprising about any of these results was the magnitude of
the performance effects.
I think it is most interesting that for this example of a path 20
directories deep, having an extra .htaccess file nested in each directory
actually doubled the amount of time it took to process the request.

- Y

Re: [users@httpd] Nginx to Apache

[Yehuda Katz]

OpenVPN port-share has nothing to do with which HTTP server is running
behind it. You should have a completely working Apache configuration
separate from anything connected to OpenVPN, then you can change the
listening port for HTTPD and have OpenVPN forward traffic to it.

The sites-enabled folder is part of the way some distributions (I think
mainly Debian-based) like to set up HTTPD, but there is nothing special
about it. If you install the Debian/Ubuntu/etc. package on the same OS, you
will probably have /etc/apache2/sites-enabled/default also.

Either way, unless you have absolutely no other choice, don't do this. It
slows down your OpenVPN and HTTPS traffic and it does not provide any
additional security benefits.

- Y

On Sun, Jan 21, 2024 at 12:16 PM Jason Long 
wrote:

> Hello,
> The following article shows how to set up OpenVPN with Nginx:
>
> https://snikt.net/blog/2016/12/01/how-not-to-hide-openvpn-behind-https/ssl/
>
> I want to use Apache for this. Is /etc/nginx/sites-enabled/default
> equivalent to /etc/apache2/httpd.conf?
>
>
> Thank you.
>

Re: [users@httpd] site compromised and httpd log analysis

[Yehuda Katz]

On Wed, Jul 6, 2022 at 9:08 AM KK CHN  wrote:

> On Wed, Jul 6, 2022 at 8:33 AM Yehuda Katz  wrote:
>
>> Your log doesn't start early enough. Someone uploaded a web shell (or
>> found an existing web shell) to your server, possibly using an upload for
>> that doesn't validate the input, then used that shell to run commands on
>> your server.
>>
> Here is another old log  paste
> https://zerobin.net/?a4d9f5b146676594#hkpTU0ljaG5W0GUNVEsaYqvffQilrXavBmbK+V9mzUw=
>
>

I see an entry in that log file mentioning a web shell on June 19:

175.141.226.202 - - [19/Jun/2022:03:35:03 +0530] "GET
/dashboard/upload/wordpdf/origiinal-shellbackdoor-anonymous-bypass-kak827j.php?path=/var/www/html
HTTP/1.1"


You can see the same IP address added a second hidden shell (gel4y - an
open-source hidden shell).


> I would like to know what other details / analysis we need to perform to
> find out how the attacker got access and what time the backdoor was
> installed and through what vulnerability they exploited ?
> I request your tips  to investigate further and to find the root cause of
> this kind of attack and how to prevent it in future..??
>

As I said before, you need to make sure your webserver will not try to
execute files uploaded by users.
Since you mentioned Wordpress: Wordpress is well known for having this
vulnerability because uploads are stored in a public location by default.
Make sure none of your plugins allow file uploads with
unspecified extensions - for example, an upload form for pictures should
check to make sure that what was uploaded is actually a picture before
moving it to the wp-content/uploads directory.
You should also look into blocking execution of PHP and other scripts in
the wp-content/uploads directory (and any other location an untrusted user
may be able to upload to).

- Y

Re: [users@httpd] site compromised and httpd log analysis

[Yehuda Katz]

Your log doesn't start early enough. Someone uploaded a web shell (or found
an existing web shell) to your server, possibly using an upload for that
doesn't validate the input, then used that shell to run commands on your
server.
I would consider your entire server to be compromised at this point since
you have no record of what else the attacker could have done once they had
a shell.

Make sure that you do not allow users to upload files and then execute
those files.

- Y

On Tue, Jul 5, 2022 at 9:53 PM KK CHN  wrote:

> https://pastebin.com/YspPiWif
>
> One of the websites hosted  by a customer on our Cloud infrastructure was
> compromised, and the attackers were able to replace the home page with
> their banner html page.
>
> The log files output I have pasted above.
>
> The site compromised was PHP 7 with MySQL.
>
> From the above log, can someone point out what exactly happened and how
> they are able to deface the home page.
>
> How to prevent these attacks ? What is the root cause of this
> vulnerability  and how the attackers got access ?
>
> Any other logs or command line outputs required to trace back kindly let
> me know what other details  I have to produce ?
>
> Kindly shed your expertise in dealing with these kind of attacks and trace
> the root cause and prevention measures to block this.
>
> Regards,
> Krish
>
>
>

Re: [users@httpd] How to sign up using Apache

[Yehuda Katz]

There is no built-in module that provides user registration - that is
something you would need to implement yourself.

- Y

On Sun, Jul 3, 2022 at 7:29 AM Ahmad Ismail  wrote:

> I can use  `mod_auth_basic` or `mod_auth_digest` for authenticating users.
>
> I can sign in or sign out using mod_auth_form.
>
> How to sign up when using the Apache authentication system?
>
> I guess that module has to write to dbm password files.
>
> Just to be clear, I want to use `mod_authn_socache` to maintain the cache.
>
> Is there any module or mechanism to do this?
>

Re: [users@httpd] Can I serve CLI Applications using Apache

[Yehuda Katz]

You still have a bunch of options. Some possibilities using your own code:

- Your CGI script or binary called by HTTPD is a wrapper which handles the
piping and output capture of the other program.
- Your CGI script or binary uses the available environment variables to
determine where it is running and outputs the appropriate format based on
that.

If you start using other modules, you could look at PHP and the `exec`
function which can easily do what you want.

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.

On Thu, Jun 23, 2022, 1:15 AM Ahmad Ismail  wrote:

> I have already bumped into CGI (after asking the question here).
>
> However, I have some issues with CGI. For example, I have to add HEADERS
> maintaining CRLF etc in the output. However, I want the CLI app to be
> totally independent. I mean, I want to output regular text or json
> without any header. So, what I really want is:
>
> CLI_APP | ADD_UI | ADD_CGI_HEADER
>
> Where CLI_APP gives me pure json. ADD_UI adds HTML, CSS, JS on the json
> output. And ADD_CGI_HEADER adds the extra stuff that is needed to make the
> final response sendable via the server.
>
> Please note that when the user will send a request, it will have to go
> through the total pipeline. Also please note that, I can always call ADD_UI
> at the end of CLI_APP and call ADD_CGI_HEADER at the end of ADD_UI. But
> that way, I am not decoupling. And the later binaries will be dependent on
> the previous ones. This is not something I want. I want to *pipe the
> outputs to get the final response*.
>
> How can I do that? Do I need to extend the apache server in any way (like
> creating any module or something like that).
>
> *Thanks and Best Regards,Ahmad Ismail*
>
>
> On Wed, Jun 22, 2022 at 8:52 PM Eric Covener  wrote:
>
>> you can use CGI to prototype it, and FastCGI later for performance (if
>> it matters)
>>
>> On Wed, Jun 22, 2022 at 10:28 AM Ahmad Ismail 
>> wrote:
>> >
>> > I want to create a CLI app (in this case named CLI_APP), that will
>> > output json and can be accessed via web.
>> >
>> > In Linux terms, it will look like:
>> >
>> > Request | Web_Server | CLI_APP | ADD_UI | Web_Server > Response
>> >
>> > Now, I will run the app like `CLI_APP --output json`. Here, I am
>> > saying that the CLI_APP will output json (for REST API).
>> >
>> > Here, `ADD_UI --output web` will add HTML, CSS, JS etc. to the JSON
>> output.
>> >
>> > Can apache help me send the requests to CLI_APP via STDIN and serve
>> > the final output of `ADD_UI --output web`?
>> >
>> > Thanks and Best Regards,
>> > Ahmad Ismail
>> >
>> > -
>> > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> > For additional commands, e-mail: users-h...@httpd.apache.org
>> >
>>
>>
>> --
>> Eric Covener
>> cove...@gmail.com
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>>
>>

Re: [users@httpd] Apache website conversion from alias to virtualhost

[Yehuda Katz]

You probably need to do exactly what the error message says: You currently
have "-FollowSymlinks" in your options. You can probably just change that
to a + and make sure that it is in the directory configuration for /var/www

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.

On Wed, Jun 8, 2022, 8:50 AM Thomas WILLIAMSON 
wrote:

> Error log:
>
> [Wed Jun 08 14:45:32.634334 2022] [rewrite:error] [pid 29729] [client
>> 10.9.4.140:55414] AH00670: Options FollowSymLinks and
>> SymLinksIfOwnerMatch are both off, so the RewriteRule directive is also
>> forbidden due to its similar ability to circumvent directory restrictions :
>> /var/www/BaseCollDev/public/
>
>
> Any idea?
>
> Thomas
>
>
> --
>
>
> Thomas WILLIAMSON • Technicien Systèmes et réseaux
>
> *Tél.* 05 49 61 25 25 (*interne *: 2235)
>
> *Eaux de Vienne - Siveer* • 55 rue de Bonneuil-Matours • 86000 Poitiers
>
>
> Le mer. 8 juin 2022 à 14:40, Thomas WILLIAMSON <
> t-william...@eauxdevienne.fr> a écrit :
>
>> Hello,
>>
>> Thank you for such a quick response! Modifying this option in file
>> /etc/apache2/default-server.conf within  returns a
>> prohibited access (403 error) page:
>>
>> [image: image.png]
>>
>>
>> --
>>
>>
>> Thomas WILLIAMSON • Technicien Systèmes et réseaux
>>
>> *Tél.* 05 49 61 25 25 (*interne *: 2235)
>>
>> *Eaux de Vienne - Siveer* • 55 rue de Bonneuil-Matours • 86000 Poitiers
>>
>>
>> Le mer. 8 juin 2022 à 14:19, Yehuda Katz  a écrit :
>>
>>> You have "AllowOverride None" in your "". This
>>> means your .htaccess file and therefore your mod_rewrite configuration is
>>> not being read. The simplest option is "AllowOverride All" (you can specify
>>> specific overrides too if you want).
>>>
>>> - Y
>>>
>>> Sent from a device with a very small keyboard and hyperactive
>>> autocorrect.
>>>
>>> On Wed, Jun 8, 2022, 8:12 AM Thomas WILLIAMSON <
>>> t-william...@eauxdevienne.fr> wrote:
>>>
>>>> Hello,
>>>>
>>>> I have to take over an internal Web server that has been configured by
>>>> a colleague who is no longer there. Our developers team asks me to convert
>>>> applications URLs from an *Alias* to a *Virtualhosts* (subdomain
>>>> naming) system. For instance:
>>>>
>>>> https://srv-intra.mydomain.fr/basecolldev
>>>>
>>>>
>>>> should become
>>>>
>>>> https://basecolldev.mydomain.fr
>>>>
>>>>
>>>> My environment specifications:
>>>>
>>>>- Linux OpenSUSE Leap 15.3
>>>>- Server version: Apache/2.4.51 (Linux/SUSE)
>>>>- PHP 7.4.6 (cli) ( NTS )
>>>>
>>>> *Issue description: *I can connect to https://basecolldev.mydomain.fr
>>>> despite some 404 errors showing in access_log file (see at the end of the
>>>> post). I have then a 404 error page when clicking the *login* button
>>>> that redirects to https://basecolldev.mydomain.fr/login. The login
>>>> page is found and displayed properly when I manually modify the URL to
>>>> https://basecolldev.mydomain.fr/index.php/login. This means that
>>>> /index.php is not required for home page connection but is for
>>>> browsing the website. I need to permanently prevent the /index.php
>>>> suffix to show up in URL.
>>>>
>>>> I describe below what I have configured so far and what remains
>>>> unfunctionnal.
>>>>
>>>> I have first created a new vhost file
>>>> /etc/apache2/vhost.d/basecolldev-ssl.conf :
>>>>
>>>> 
>>>>
>>>>
>>>>> DocumentRoot "/var/www/BaseCollDev/public"
>>>>> ServerName basecolldev.mydomain.fr
>>>>> ErrorLog /var/log/apache2/basecolldev-error_log
>>>>> TransferLog /var/log/apache2/basecolldev-access_log
>>>>> LogLevel alert rewrite:trace8
>>>>
>>>>
>>>>> 
>>>>>  #Order allow,deny
>>>>>  #allow from all
>>>>>  #AllowOverride All
>>>>>  Require all granted
>>>>>  Options -Indexes -Includes -ExecCGI -FollowSymlinks
>>>>> 
>>>>
>>>>
>>>>> 
>>>>
>>>>
&g

Re: [users@httpd] Apache website conversion from alias to virtualhost

[Yehuda Katz]

You have "AllowOverride None" in your "". This means
your .htaccess file and therefore your mod_rewrite configuration is not
being read. The simplest option is "AllowOverride All" (you can specify
specific overrides too if you want).

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.

On Wed, Jun 8, 2022, 8:12 AM Thomas WILLIAMSON 
wrote:

> Hello,
>
> I have to take over an internal Web server that has been configured by a
> colleague who is no longer there. Our developers team asks me to convert
> applications URLs from an *Alias* to a *Virtualhosts* (subdomain naming)
> system. For instance:
>
> https://srv-intra.mydomain.fr/basecolldev
>
>
> should become
>
> https://basecolldev.mydomain.fr
>
>
> My environment specifications:
>
>- Linux OpenSUSE Leap 15.3
>- Server version: Apache/2.4.51 (Linux/SUSE)
>- PHP 7.4.6 (cli) ( NTS )
>
> *Issue description: *I can connect to https://basecolldev.mydomain.fr
> despite some 404 errors showing in access_log file (see at the end of the
> post). I have then a 404 error page when clicking the *login* button that
> redirects to https://basecolldev.mydomain.fr/login. The login page is
> found and displayed properly when I manually modify the URL to
> https://basecolldev.mydomain.fr/index.php/login. This means that
> /index.php is not required for home page connection but is for browsing
> the website. I need to permanently prevent the /index.php suffix to show
> up in URL.
>
> I describe below what I have configured so far and what remains
> unfunctionnal.
>
> I have first created a new vhost file
> /etc/apache2/vhost.d/basecolldev-ssl.conf :
>
> 
>
>
>> DocumentRoot "/var/www/BaseCollDev/public"
>> ServerName basecolldev.mydomain.fr
>> ErrorLog /var/log/apache2/basecolldev-error_log
>> TransferLog /var/log/apache2/basecolldev-access_log
>> LogLevel alert rewrite:trace8
>
>
>> 
>>  #Order allow,deny
>>  #allow from all
>>  #AllowOverride All
>>  Require all granted
>>  Options -Indexes -Includes -ExecCGI -FollowSymlinks
>> 
>
>
>> 
>
>
> I have then commented the lines related to the application Directory tag
> in file /etc/apache2/default-server.conf :
>
> DocumentRoot "/var/www"
>
>
>> 
>> Options FollowSymLinks
>> AllowOverride None
>> 
>> Require all granted
>> 
>> 
>> Order allow,deny
>> Allow from all
>> 
>> 
>
>
>> Alias /icons/ "/usr/share/apache2/icons/"
>> Alias /phpmyadmin "/srv/www/htdocs/phpMyAdmin"
>
>
>> 
>> Options Indexes MultiViews
>> AllowOverride None
>> 
>> Require all granted
>> 
>> 
>> Order allow,deny
>> Allow from all
>> 
>> 
>
>
>>
>> #
>> #AllowOverride All
>> #Require all granted
>> #
>
>
>> ScriptAlias /cgi-bin/ "/srv/www/cgi-bin/"
>
>
>> 
>> AllowOverride None
>> Options +ExecCGI -Includes
>> 
>> Require all granted
>> 
>> 
>> Order allow,deny
>> Allow from all
>> 
>> 
>
>
>> 
>> UserDir public_html
>> Include /etc/apache2/mod_userdir.conf
>> 
>
>
>> IncludeOptional /etc/apache2/conf.d/*.conf
>
>
>> IncludeOptional /etc/apache2/conf.d/apache2-manual?conf
>
>
> 
>
> Extract from /var/log/apache2/basecolldev-access_log file relating to a
> connection to the home page:
>
> 10.9.4.140 - - [03/Jun/2022:11:02:31 +0200] "GET / HTTP/1.1" 200 54206
>> 10.9.4.140 - - [03/Jun/2022:11:02:31 +0200] "GET
>> /build/runtime.d94b3b43.js HTTP/1.1" 200 1505
>> 10.9.4.140 - - [03/Jun/2022:11:02:31 +0200] "GET /build/app.13d64c6c.js
>> HTTP/1.1" 200 236
>> 10.9.4.140 - - [03/Jun/2022:11:02:31 +0200] "GET /build/2.9935185b.css
>> HTTP/1.1" 200 64639
>> 10.9.4.140 - - [03/Jun/2022:11:02:31 +0200] "GET /build/app.6cefaab5.css
>> HTTP/1.1" 200 163752
>> 10.9.4.140 - - [03/Jun/2022:11:02:31 +0200] "GET /build/2.28b18d57.js
>> HTTP/1.1" 200 261268
>> 10.9.4.140 - - [03/Jun/2022:11:02:31 +0200] "GET
>> /build/images/logoEdVBlanc.png HTTP/1.1" 200 6579
>> 10.9.4.140 - - [03/Jun/2022:11:02:31 +0200] "GET /_wdt/b07606 HTTP/1.1"
>> 404 1280
>> 10.9.4.140 - - [03/Jun/2022:11:02:31 +0200] "GET
>> /build/fonts/fa-solid-900.e8a427e1.woff2 HTTP/1.1" 200 78196
>> 10.9.4.140 - - [03/Jun/2022:11:02:32 +0200] "GET /favicon.ico HTTP/1.1"
>> 404 1280
>> 10.9.4.140 - - [03/Jun/2022:11:02:32 +0200] "GET /_wdt/b07606 HTTP/1.1"
>> 404 1280
>> 10.9.4.140 - - [03/Jun/2022:11:02:33 +0200] "GET /_wdt/b07606 HTTP/1.1"
>> 404 1280
>> 10.9.4.140 - - [03/Jun/2022:11:02:34 +0200] "GET /_wdt/b07606 HTTP/1.1"
>> 404 1280
>> 10.9.4.140 - - [03/Jun/2022:11:02:35 +0200] "GET /_wdt/b07606 HTTP/1.1"
>> 404 1280
>
>
> Extract from /var/log/apache2/basecolldev-access_log file relating to a
> connection to the login page:
>
> 10.9.4.140 - - [03/Jun/2022:11:03:47 +0200] "GET /login HTTP/1.1" 404 1280
>
>
> I see no logs in /var/log/apache2/basecolldev-error_log file.
>
> I enclose .htaccess files contents if necessary.
>

Re: [users@httpd] Mystifying start failure

[Yehuda Katz]

Then something is probably wrong with the contents of one of your SSL
certificates. Make sure they are formatted correctly.
Check if any virtualhost has a separate error log.

- Y

On Mon, May 30, 2022 at 11:03 AM jnil...@jala.com  wrote:

> The tail end of /var/log/apache2/error_log gives:
>
> [Fri May 27 00:02:10.914649 2022] [ssl:warn] [pid 1562] AH01873: Init:
> Session Cache is not configured [hint: SSLSessionCache]
> [Fri May 27 00:02:10.939405 2022] [:emerg] [pid 1562] AH00020:
> Configuration Failed, exiting
> AH00016: Configuration Failed
> AH00016: Configuration Failed
> AH00016: Configuration Failed
> AH00016: Configuration Failed
> AH00016: Configuration Failed
> AH00016: Configuration Failed
> AH00016: Configuration Failed
> AH00016: Configuration Failed
> AH00016: Configuration Failed
>
> There's nothing for May 30. I have updated ssl certificates recently.
>
> JMN
>
> On 30 May 2022, at 7:01, Yehuda Katz  wrote:
>
> systemd doesn't know to look in the HTTPD log file. What does that log say?
> Likely located in /var/log/apache2/
>
> - Y
>
> On Mon, May 30, 2022 at 9:58 AM jnil...@jala.com  wrote:
>
>> I recently rebooted the server and started apache only to get a failure.
>> Here's the diagnosis; I'm not sure what to make of it.
>>
>>  systemctl status apache2.service
>> *●* apache2.service - The Apache Webserver
>>  Loaded: loaded (/usr/lib/systemd/system/apache2.service; enabled;
>> vendor preset: disabled)
>>  Active: *failed* (Result: exit-code) since Mon 2022-05-30 06:53:28
>> PDT; 23s ago
>> Process: 23499 ExecStart=/usr/sbin/start_apache2 -DSYSTEMD
>> -DFOREGROUND -k start *(code=exited, status=1/*>
>>Main PID: 23499 (code=exited, status=1/FAILURE)
>>  Status: "Reading configuration..."
>>
>> May 30 06:53:28 server systemd[1]: Starting The Apache Webserver...
>> May 30 06:53:28 server systemd[1]: *apache2.service: Main process
>> exited, code=exited, status=1/FAILURE*
>> May 30 06:53:28 server systemd[1]: *apache2.service: Failed with result
>> 'exit-code'.*
>> May 30 06:53:28 server systemd[1]: *Failed to start The Apache
>> Webserver.*
>>
>
>

Re: [users@httpd] Mystifying start failure

[Yehuda Katz]

systemd doesn't know to look in the HTTPD log file. What does that log say?
Likely located in /var/log/apache2/

- Y

On Mon, May 30, 2022 at 9:58 AM jnil...@jala.com  wrote:

> I recently rebooted the server and started apache only to get a failure.
> Here's the diagnosis; I'm not sure what to make of it.
>
>  systemctl status apache2.service
> *●* apache2.service - The Apache Webserver
>  Loaded: loaded (/usr/lib/systemd/system/apache2.service; enabled;
> vendor preset: disabled)
>  Active: *failed* (Result: exit-code) since Mon 2022-05-30 06:53:28
> PDT; 23s ago
> Process: 23499 ExecStart=/usr/sbin/start_apache2 -DSYSTEMD
> -DFOREGROUND -k start *(code=exited, status=1/*>
>Main PID: 23499 (code=exited, status=1/FAILURE)
>  Status: "Reading configuration..."
>
> May 30 06:53:28 server systemd[1]: Starting The Apache Webserver...
> May 30 06:53:28 server systemd[1]: *apache2.service: Main process exited,
> code=exited, status=1/FAILURE*
> May 30 06:53:28 server systemd[1]: *apache2.service: Failed with result
> 'exit-code'.*
> May 30 06:53:28 server systemd[1]: *Failed to start The Apache Webserver.*
>

Re: [users@httpd] Re: Multi-domain with SSL - Virtualhost all need IPs?

[Yehuda Katz]

That is not correct. That causes httpd to try to look up the matching IP
address using DNS. Use only IP addresses or wildcards.

- Y

On Fri, May 20, 2022 at 1:06 PM Bender, Charles
 wrote:

> Your virtual host is defined wrong. Use the names not IP addresses
>
> http://1.1.1.13:443/>>
> Servername example2.com
> 
> SSLEngine on
> SSLCertificateFile /etc/http/certs/example2.crt
> ...
> 
> --
> *From:* frank picabia 
> *Sent:* Friday, May 20, 2022 12:55 PM
> *To:* users@httpd.apache.org 
> *Subject:* Re: [users@httpd] Re: Multi-domain with SSL - Virtualhost all
> need IPs?
>
> I'm trying hard to get the lay of the land logic here, and it isn't
> happening.  I'm bouncing between what I read here,
> and what apache actually does, and it doesn't add up.
>
> In my case we tried to introduce a new domain, let's call it example2.com
> 
> It will have a different set of cert files.  I let it have an IP which
> nothing else shares.
> I'm keenly aware of this IP as I've set it up in DNS as well.
>
> 
> Servername example2.com
> 
> SSLEngine on
> SSLCertificateFile /etc/http/certs/example2.crt
> ...
> 
>
> Every other vhost had a different servername, and they used the
> cert for example1.com
> 
> .  They also had *:443
> Only for example1.com
> 
> do we have multiple aliases on the same IP.
>
> When visiting the example2.com
> 
> site, the web site shows apache has served a certificate for example1.com
> 
>
> I had believed this was because we had used *:443 rather than explicitly
> show the IP
> for all our vhosts.  It seemed the early conversation on SSL/TLS was
> matching a random
> vhost via this use of *:443 and that's how it got the cert for
> example1.com
> 
> Since before this point all vhosts were on example1.com
> 
> the wildcard cert it
> found was always working while we had *:443 in use.
>
> What can we say about how multi-domain SSL works that we can rely on?
> I can find a dozen pages on google search from people who get the wrong
> certificate and they never get an answer.  Some good hard rules on what
> is required would probably help a lot of people over the years.
>
>
>
> On Fri, May 20, 2022 at 11:59 AM Frank Gingras  wrote:
>
> As mentioned, name-based vhosts will work with SNI and *:443 provided that
> you have the correct certificate assigned to each vhost.
>
> In rare cases, you can use IP:443 vhosts if you want specific handling
> based on the IP used to handle the request, such as https://IP1/ or
> https://IP2/. However, it is rarely needed by most servers.
>
> For now, you can use *:443, and run apachectl -S to make sure there is no
> overlap before restarting httpd.
>
> On Fri, 20 May 2022 at 07:04, frank picabia  wrote:
>
>
> Sorry, that should not have said "top level domains".  I meant domains.
> Like example.com, example.net
> 
> .
>
>
> On Fri, May 20, 2022 at 7:05 AM frank picabia  wrote:
>
>
> It looks like there are two requirements for multiple top level domains
> with SSL
> on the same apache.
>
> 1. IP values must be used inside VirtualHost, not *:443
> 2. All IP values must be unique, even on 

Re: [users@httpd] Re: Multi-domain with SSL - Virtualhost all need IPs?

[Yehuda Katz]

>
> It will have a different set of cert files.  I let it have an IP which
> nothing else shares.

I'm keenly aware of this IP as I've set it up in DNS as well.

If you have , it will use ALL IPs - if you want to
dedicate an IP for a site, you need to specify IPs for every other site too.

I am not sure how this matches what you see though - non-wildcard
VirtualHost declarations are supposed to have precedence over wildcards and
I have never seen this issue on any of my systems.

>From the documentation (
https://httpd.apache.org/docs/2.4/mod/core.html#virtualhost):

> When a request is received, the server first maps it to the best matching
>  based on the local IP address and port combination only.
> Non-wildcards have a higher precedence. If no match based on IP and port
> occurs at all, the "main" server configuration is used.

If multiple virtual hosts contain the best matching IP address and port,
> the server selects from these virtual hosts the best match based on the
> requested hostname. If no matching name-based virtual host is found, then
> the first listed virtual host that matched the IP address will be used. As
> a consequence, the first listed virtual host for a given IP address and
> port combination is the default virtual host for that IP and port
> combination.


Use `httpd -S` (or `apache2ctl -S`, depending on your distribution) to
verify the list of VirtualHosts being served.

- Y

On Fri, May 20, 2022 at 12:56 PM frank picabia  wrote:

> I'm trying hard to get the lay of the land logic here, and it isn't
> happening.  I'm bouncing between what I read here,
> and what apache actually does, and it doesn't add up.
>
> In my case we tried to introduce a new domain, let's call it example2.com
> It will have a different set of cert files.  I let it have an IP which
> nothing else shares.
> I'm keenly aware of this IP as I've set it up in DNS as well.
>
> 
> Servername example2.com
> SSLEngine on
> SSLCertificateFile /etc/http/certs/example2.crt
> ...
> 
>
> Every other vhost had a different servername, and they used the
> cert for example1.com .  They also had *:443
> Only for example1.com do we have multiple aliases on the same IP.
>
> When visiting the example2.com site, the web site shows apache has served
> a certificate for example1.com
>
> I had believed this was because we had used *:443 rather than explicitly
> show the IP
> for all our vhosts.  It seemed the early conversation on SSL/TLS was
> matching a random
> vhost via this use of *:443 and that's how it got the cert for
> example1.com
> Since before this point all vhosts were on example1.com the wildcard cert
> it
> found was always working while we had *:443 in use.
>
> What can we say about how multi-domain SSL works that we can rely on?
> I can find a dozen pages on google search from people who get the wrong
> certificate and they never get an answer.  Some good hard rules on what
> is required would probably help a lot of people over the years.
>
>
>
> On Fri, May 20, 2022 at 11:59 AM Frank Gingras  wrote:
>
>> As mentioned, name-based vhosts will work with SNI and *:443 provided
>> that you have the correct certificate assigned to each vhost.
>>
>> In rare cases, you can use IP:443 vhosts if you want specific handling
>> based on the IP used to handle the request, such as https://IP1/ or
>> https://IP2/. However, it is rarely needed by most servers.
>>
>> For now, you can use *:443, and run apachectl -S to make sure there is no
>> overlap before restarting httpd.
>>
>> On Fri, 20 May 2022 at 07:04, frank picabia  wrote:
>>
>>>
>>> Sorry, that should not have said "top level domains".  I meant domains.
>>> Like example.com, example.net.
>>>
>>>
>>> On Fri, May 20, 2022 at 7:05 AM frank picabia 
>>> wrote:
>>>

 It looks like there are two requirements for multiple top level domains
 with SSL
 on the same apache.

 1. IP values must be used inside VirtualHost, not *:443
 2. All IP values must be unique, even on the same top level domain

 Is the above conjecture true?

 We have many setup like this example...

 
ServerName s1.example1.com
 ...
 

 
ServerName s2.example1.com
 ...
 

 where s1 and s2 are aliases on the same IP.  It has worked like that
 for years.  330 vhosts on about 80 IPs.

 When I started to convert them to use the actual IP value rather than *

 
ServerName s1.example1.com
 ...
 
 
ServerName s2.example1.com
 ...
 

 This had nothing to do with the example2.com I also want to put in
 there
 but on a unique IP.  I did a few conversions from *:443, saved it and
 restarted apache.
 Then vhosts I had not touched yet were getting pages for other
 vhosts.  It was random chaos and I reverted to the previous ssl.conf
 copy

Re: [users@httpd] Unable to connect to Apache test website on LocalHost

[Yehuda Katz]

Besides the ServerAlias, You probably also need to add
DirectoryIndex index.html
and also change your document root to the actual root directory where your
website is located.

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.

On Tue, Apr 12, 2022, 5:21 PM Eric Covener  wrote:

> On Tue, Apr 12, 2022 at 5:12 PM DiversityLink/Milt Spain
>  wrote:
> >
> > Apache2.4 installed and operating on Widows 7. Test site is loaded at
> C:\Apache24\htdocs\testsite.com. Site index is loaded in the testsite.com
> folder as index (an htm file). Virtual Hosts is set up as:
> >
> > 
> >
> > ServerAdmin a...@example.com
> > DocumentRoot"C:Apache24/htdocs/"
> > ServerName testsite.com
>
> How about appending:
> ServerAlias localhost
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] migrate apache httpd from 2.4.17 to 2.4.48

[Yehuda Katz]

It depends how you installed it originally. There is no official Windows
package of HTTPD, but there are a number of other people/groups who make
such builds available.

I personally use the package built by ApacheLounge. It has no installer - I
install it by unzipping to C:\Webserv\Apache and running `httpd -k install`
and `httpd -k start` on an elevated Command Prompt. To upgrade, I stop the
server, rename the old installation folder as a backup, unzip the new
folder, copy the old config over the new, and start the server again. I
rarely need to change my configuration, but I usually copy the whole config
folder using a program called Beyond Compare, a graphical diff tool, so I
can see if any of the default settings changed.

If you have a different distribution, you may have an installer or you may
have other components that need to be upgraded at the same time, so if you
need more help, we need more information about your current system.

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.

On Thu, Mar 3, 2022, 5:39 AM BENMOUSSA Othmane 
wrote:

> Hello,
>
> I need to migrate apache from version 2.4.17 to 2.4.48 on a 64bits windows
> server, I can't find the migration guide on the apache website, can you
> please send me a migration procedure.
>
> version 2.4.48 is the latest version supported by my application
>
>
>
> Thanks to share you experiences with mer
>
>
>
> Cordialement,
>
>
>
> *Othmane BENMOUSSA*
>
> *Ext / HELPLINE*
>
> Equipe Production
>
> *IT Technical Team*
>
> Direction Digitale
>
>
>
> +33 (0)4 72 18 68 52
>
>
>
> [image: signature_1448240921]
>
>
> Ce message électronique et tous les fichiers attachés qu'il contient sont
> confidentiels et destinés exclusivement à l'usage de la personne à laquelle
> ils sont adressés. Si vous avez reçu ce message par erreur, merci de le
> retourner à son émetteur. Les idées et opinions présentées dans ce message
> sont celles de son auteur, et ne représentent pas nécessairement celles de
> l’institution ou les entités affiliées dont dépend l’auteur. La
> publication, l'usage, la distribution, l'impression ou la copie non
> autorisée de ce message et des attachements qu'il contient sont strictement
> interdits ». “This email and any files transmitted with it are confidential
> and intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please return it to
> the sender. The ideas and views expressed in this email are solely those of
> its author, and do not necessarily represent the views of the institution
> or company the author is dependent from. Unauthorized publication, use,
> distribution, printing or copying of this e-mail or any attached files is
> strictly forbidden.
>

Re: [users@httpd] How to get someone to look at a Apache bug report on Red Hat's Bugzilla?

[Yehuda Katz]

Please keep your replies on the mailing list so that everyone can benefit
from the discussion.

What is your "threat model" in which this way is less safe?

For example: Are you worried that the packaged version from someone else
has been modified with a backdoor? Are you worried that you would not be
able to get RPMs for new versions in a timely fashion when a security issue
is announced?

There are different ways to address different concerns, but if you are more
specific, we can make sure you get the best answer.

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.

On Tue, Mar 1, 2022, 11:18 AM Jeroen Verhoeckx 
wrote:

> > Since you don't have paid support from RedHat, there is absolutely no
> reason to not install your own version of httpd.
>
> I don't mind doing that but I'm afraid it's less safe?
>
>
> Thanks for thinking along!
>
> Jeroen Verhoeckx
>
>
>
> 
> *Support the independent web, use **Firefox*
> <https://www.mozilla.org/en-US/firefox/new/>
>
>
>
> --- Original Message ---
> On Thursday, February 24th, 2022 at 10:41 PM, Yehuda Katz <
> yeh...@ymkatz.net> wrote:
>
> In terms of getting a RedHat eningeer, it looks like you have done all you
> can do. There are RedHat developers on this list and on the RedHat forums
> and they also look at Bugzilla, so there probably isn't much more you can
> do.
>
> Since you don't have paid support from RedHat, there is absolutely no
> reason to not install your own version of httpd.
>
> - Y
>
> On Thu, Feb 24, 2022 at 9:37 AM Jeroen Verhoeckx <
> j.verhoe...@protonmail.com> wrote:
>
>> Hello Yehuda,
>>
>> First: sorry for my very late reply!
>>
>> > You mention in the bug report that you are running an old version of
>> HTTPD because you are using the version packaged by RedHat.
>> > Your bug report asks RedHat to backport the specific fixes for your
>> issue.
>>
>> Yes, that's a really good summary of what I try to achieve!
>>
>>
>> About the two options:
>>
>>
>>1. I have the 'Red Hat Developer Subscription for Individuals' and
>>thus I'm not entitled to get any official support.
>>2. Red Hat strongly discourages the installation of a different
>>version of Apache (https://access.redhat.com/solutions/445713) .
>>
>>
>>
>> I asked the same question on Red Hat Community portal (
>> https://access.redhat.com/discussions/6756211) but so far I didn't get
>> any reaction.
>>
>>
>> Does someone know where the Apache developers of Red Hat hang out?
>>
>>
>>
>> Jeroen Verhoeckx
>>
>>
>>
>> 
>> *Support the independent web, use **Firefox*
>> <https://www.mozilla.org/en-US/firefox/new/>
>>
>>
>>
>> --- Original Message ---
>> On Friday, February 18th, 2022 at 8:38 PM, Yehuda Katz 
>> wrote:
>>
>>
>> I see two options for you going forward:
>> 1. Contacting RedHat: You need a subscription to do this. Posting to the
>> upstream HTTPD mailing list probably won't help.
>>
>> 2. Use a different package: There are newer rpms available if you don't
>> want to build your own. You can look at rpmfind or build the rpm yourself (
>> https://httpd.apache.org/docs/2.4/platform/rpm.html)
>>
>> - Y
>>
>> On Fri, Feb 18, 2022 at 1:02 PM Jeroen Verhoeckx
>>  wrote:
>>
>>> Hello Apache Administrators,
>>>
>>> On 6 January I reported a possible bug of Apache on Red Hat's Bugzilla, but
>>> no one has responded since then.
>>>
>>> It's about this bug report:
>>> https://bugzilla.redhat.com/show_bug.cgi?id=2037967
>>>
>>>
>>> Does someone have an idea about what I could do next?
>>> Does someone know I place where I can contact RHEL Apache
>>> developers/administrators?
>>> Or is there another friendly way to get attention for this bug report?
>>>
>>>
>>> Yours sincerely,
>>>
>>> Jeroen Verhoeckx
>>>
>>>
>>>
>>> 
>>> *Support the independent web, use **Firefox*
>>> <https://www.mozilla.org/en-US/firefox/new/>
>>>
>>>
>>>
>>
>

Re: [users@httpd] How to get someone to look at a Apache bug report on Red Hat's Bugzilla?

[Yehuda Katz]

In terms of getting a RedHat eningeer, it looks like you have done all you
can do. There are RedHat developers on this list and on the RedHat forums
and they also look at Bugzilla, so there probably isn't much more you can
do.

Since you don't have paid support from RedHat, there is absolutely no
reason to not install your own version of httpd.

- Y

On Thu, Feb 24, 2022 at 9:37 AM Jeroen Verhoeckx 
wrote:

> Hello Yehuda,
>
> First: sorry for my very late reply!
>
> > You mention in the bug report that you are running an old version of
> HTTPD because you are using the version packaged by RedHat.
> > Your bug report asks RedHat to backport the specific fixes for your
> issue.
>
> Yes, that's a really good summary of what I try to achieve!
>
>
> About the two options:
>
>
>1. I have the 'Red Hat Developer Subscription for Individuals' and
>thus I'm not entitled to get any official support.
>2. Red Hat strongly discourages the installation of a different
>version of Apache (https://access.redhat.com/solutions/445713) .
>
>
>
> I asked the same question on Red Hat Community portal (
> https://access.redhat.com/discussions/6756211) but so far I didn't get
> any reaction.
>
>
> Does someone know where the Apache developers of Red Hat hang out?
>
>
>
> Jeroen Verhoeckx
>
>
>
> 
> *Support the independent web, use **Firefox*
> <https://www.mozilla.org/en-US/firefox/new/>
>
>
>
> --- Original Message ---
> On Friday, February 18th, 2022 at 8:38 PM, Yehuda Katz 
> wrote:
>
>
> I see two options for you going forward:
> 1. Contacting RedHat: You need a subscription to do this. Posting to the
> upstream HTTPD mailing list probably won't help.
>
> 2. Use a different package: There are newer rpms available if you don't
> want to build your own. You can look at rpmfind or build the rpm yourself (
> https://httpd.apache.org/docs/2.4/platform/rpm.html)
>
> - Y
>
> On Fri, Feb 18, 2022 at 1:02 PM Jeroen Verhoeckx
>  wrote:
>
>> Hello Apache Administrators,
>>
>> On 6 January I reported a possible bug of Apache on Red Hat's Bugzilla, but
>> no one has responded since then.
>>
>> It's about this bug report:
>> https://bugzilla.redhat.com/show_bug.cgi?id=2037967
>>
>>
>> Does someone have an idea about what I could do next?
>> Does someone know I place where I can contact RHEL Apache
>> developers/administrators?
>> Or is there another friendly way to get attention for this bug report?
>>
>>
>> Yours sincerely,
>>
>> Jeroen Verhoeckx
>>
>>
>>
>> 
>> *Support the independent web, use **Firefox*
>> <https://www.mozilla.org/en-US/firefox/new/>
>>
>>
>>
>

Re: [users@httpd] How to get someone to look at a Apache bug report on Red Hat's Bugzilla?

[Yehuda Katz]

You mention in the bug report that you are running an old version of HTTPD
because you are using the version packaged by RedHat.
Your bug report asks RedHat to backport the specific fixes for your issue.

I see two options for you going forward:
1. Contacting RedHat: You need a subscription to do this. Posting to the
upstream HTTPD mailing list probably won't help.

2. Use a different package: There are newer rpms available if you don't
want to build your own. You can look at rpmfind or build the rpm yourself (
https://httpd.apache.org/docs/2.4/platform/rpm.html)

- Y

On Fri, Feb 18, 2022 at 1:02 PM Jeroen Verhoeckx
 wrote:

> Hello Apache Administrators,
>
> On 6 January I reported a possible bug of Apache on Red Hat's Bugzilla, but
> no one has responded since then.
>
> It's about this bug report:
> https://bugzilla.redhat.com/show_bug.cgi?id=2037967
>
>
> Does someone have an idea about what I could do next?
> Does someone know I place where I can contact RHEL Apache
> developers/administrators?
> Or is there another friendly way to get attention for this bug report?
>
>
> Yours sincerely,
>
> Jeroen Verhoeckx
>
>
>
> 
> *Support the independent web, use **Firefox*
> 
>
>
>

Re: [users@httpd] Re: Question about running apache server using WAMP

[Yehuda Katz]

My understanding of the original question is that Krishna wants to create a
proxy through his WAMP server to allow his family members to use his own
Facebook account. That is not an HTTPD question and is a violation of the
Facebook ToS.

- Y

On Fri, Jul 30, 2021 at 1:30 PM  Good Guy   wrote:

> On 30/07/2021 18:16, Yehuda Katz wrote:
> > Once we get out of the technical discussion relating to HTTPD and into
> > how to access Facebook, besides for the fact that this is not on topic
> > for this mailing list, I suggest reading the Facebook Terms of Service
> > which explicitly disallow account sharing.
> >
> >
> Perhaps we are all missing the point altogether. Krishna has setup a
> WAMP server so he wants to run a website  from it. Facebook (or Google
> or any other 3rd party authentication) only comes into the equation for
> login purposes. So the question is why do his users need to login? Most
> websites are for public browsing and very few sites require login when
> users want to access premium content such as newspaper sites. I am not
> talking about bank sites here because that is not part of the question.
>
>
>
> --
>
> With over 1.3 billion devices now running Windows 10, customer
> satisfaction is higher than any previous version of windows.
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] Question about running apache server using WAMP

[Yehuda Katz]

Once we get out of the technical discussion relating to HTTPD and into how
to access Facebook, besides for the fact that this is not on topic for this
mailing list, I suggest reading the Facebook Terms of Service which
explicitly disallow account sharing.

https://www.facebook.com/terms.php

> 3. Your commitments to Facebook and our community
> We provide these services to you and others to help advance our mission.
In exchange, we need you to make the following commitments:
> 1. Who can use Facebook
> When people stand behind their opinions and actions, our community is
safer and more accountable. For this reason, you must:
> [...]
> - Not share your password, give access to your Facebook account to
others, or transfer your account to anyone else (without our permission).

On Fri, Jul 30, 2021 at 1:11 PM Nick Folino  wrote:

> Why not just set facebook as their start page and give them your password?
>
> On Fri, Jul 30, 2021 at 12:52 PM Krishna P 
> wrote:
>
>> My thought is to give them my public ip which will bring them to my local
>> ip which I am able to do as of now and they are able to see the WAMP server
>> home page. All I want is them to see the facebook page account  where I
>> keep my  up to date profile. It is just so easy for them to type numbers in
>> their mobile or ipad browsers rather than login etc because they are in
>> different country.
>>
>> On Fri, Jul 30, 2021 at 7:06 AM Nick Folino  wrote:
>>
>>> So they'll go to your site, login there and get proxied to your Facebook
>>> account, where something will login you in to Facebook so they can see your
>>> Facebook content?  Wow.
>>>
>>>
>>> On Fri, Jul 30, 2021 at 9:50 AM Krishna P 
>>> wrote:
>>>
 So that I give access to my family members without creating their own
 accounts and login due to their old age.

 On Fri, Jul 30, 2021 at 3:02 AM Nick Folino  wrote:

> I have to know Why??
>
> On Fri, Jul 30, 2021 at 12:17 AM Krishna P 
> wrote:
>
>> Hello everyone,
>>I want to run a apache server with my facebook account login and
>> give the access to my family. I am able to get the local server WAMP page
>> when I give my local host but how I do I connect to
>> https://facebook.com and login with my credentials and give the
>> address to my family who can login from different computer location or
>> mobile and see the same content as I see ?
>> Thanks and regards
>> Krishna
>>
>

Re: [users@httpd] Public viewing when it should be private

[Yehuda Katz]

I would also recommend mod_auth_cas if your SSO supports it - very easy to
set up.

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.

On Thu, May 20, 2021, 2:41 AM Michael Wechner 
wrote:

> Hi Michael
>
> I think it depends on your SSO app, more specifically what standards it
> supports.
>
> For example you could use *mod_auth_kerb** and *
>
> *mod_auth_gssapi *
> https://active-directory-wp.com/docs/Networking/Single_Sign_On/Kerberos_SSO_with_Apache_on_Linux.html
> https://wiki.centos.org/HowTos/HttpKerberosAuth
>
> Another possibility might be to use JWT
>
> https://www.miniorange.com/apache-adfs-single-sign-on(sso)
>
> or
>
> https://github.com/zmartzone/mod_auth_openidc
>
> Also have a look at
>
> https://httpd.apache.org/docs/trunk/howto/auth.html
>
> I am not sure what other possibilities exist which work together with your
> SSO app, but it might be less effort to just move your documentation into
> your app servers.
>
> HTH
>
> Michael
>
>
>
> Am 20.05.21 um 06:46 schrieb Michael D.:
>
> Hello user group.
>
> I maintain a website that authenticates users through an internal
> single-sign-on app.
>
> I have a documentation page that is publically viewable but I only want it
> viewable after authentication. I've looked into .htaccess but I don't want
> a separate login process for users to view documentation. I want them to be
> able to login through our internal SSO and automatically have access to
> those documents that are currently stored on the web server.
>
> Is this possible to do through Apache or should these static documentation
> pages be put on our app servers and then served up for authenticated users?
>
> I'm not finding a way to avoid a second authentication process just to
> view documentation that is private info for only authorized users
>
> (Fyi we have thousands of users that need access to this documentation.)
>
>
>

Re: [users@httpd] Replays from Internet

[Yehuda Katz]

It is likely that the user still has the browser tab open and it refreshes
for some reason, or their browser crashed and reopened, or they use a
session restore tool when they reopen the browser - all of these could
cause an exact duplicate request.
You might want to look into the Post-Redirect-Get pattern.

In a nutshell:
When a POST request completes without any errors, never return any output
except a redirect to a completion page. The browser will make a new GET
request to this page and any POST data will not be included.

This will prevent a form that was submitted successfully from ever being
resubmitted accidentally.

On Tue, Jan 19, 2021 at 12:00 PM John  wrote:

> Since the beginning of 2021 we have encountered two online orders and
> possibly a third, where the customer denies making the order and the
> httpd log seems to confirm that.
>
> In each case, the person made an order and a day or more later a
> second order was placed for the same item and carrying the same credit
> card information.  Since everything looked valid and the delay
> bypassed our duplicate order check, the order was accepted.
>
> Some background: a customer can connect to our catalogue and move
> around untracked for as long as they want until they decide to place
> an order.  At this point there is only one path to follow to enter
> address info, credit card, etc. This ends with a summary of the order
> and if they click to proceed, it POST's the server order processor
> with the relevant info causing the credit card to be charged and the
> order to be entered. In total 3 scripts must be processed in the
> correct order.
>
> I scanned for the customer's IP in the httpd access log in each case
> and found that when they made the valid order they were on our
> catalogue and followed the correct path to place the order, confirming
> it as expected.
>
> BUT, and here is what I am having trouble understanding, for the
> invalid order ONLY the last request was logged as received by httpd.
> It shows the correct source (ie the page that should have resulted in
> an order) yet that page does not show in the httpd log as having been
> served.  In one case, NO other page was served to that customer on
> that day ahead of the received order, at least judging from IP
> addresses in use.
>
> So what I appear to be seeing is a replay from the Internet which I
> find hard to accept as real.  Has anyone ever seen this before and if
> so what did they do to resolve it?  The only other possibility that I
> can think of is that their browser cached the page and re-transmitted
> it. (a violation of the HTML standard I think for a form page).
>
> The environment is Apache 2.4.25 on Fedora using php-fpm.
>
> Thanks in advance and apologies for the length of this post.
>
> John
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] Alternative to Let's Encrypt?

[Yehuda Katz]

You can install certbot in a python virtualenv from pypi. This is
technically not supported, but it does work.
https://pypi.org/project/certbot/

See other alternate installation methods:
https://certbot.eff.org/docs/install.html

You can also use mod_md to have all the certificate generation handled by
HTTPD: http://httpd.apache.org/docs/2.4/mod/mod_md.html

On Thu, Dec 17, 2020 at 10:40 AM Daniel Armando Rodriguez <
drodrig...@epet1.edu.ar> wrote:

> Is there any?
> Asking because don't want to use snap.
>

Re: [users@httpd] multiple internal websites

[Yehuda Katz]

The best choice would be to register a real domain name. Because of the
gTLD program, almost anything can now be registered on the internet, so you
will keep having issues.

You could use .example or .test which shouldn't ever be on the public
internet, or you could use .internal which might be registered some day.
.home.arpa. is also listed as a sort-of TLD for internal use.

Whatever you do, if you want subdomains to resolve, you will probably need
a full DNS resolvers and block DNS queries to other servers

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.

On Wed, Sep 23, 2020, 4:59 PM Manning Allan 
wrote:

> Hi, I am quite familiar with hosting multiple domains on a single server
> using apache virtual hosts.
>
> I rent a web server and am running 16 domains (currently) for myself,
> family and friends.
>
>
>
> Now I need to host some internal only websites for my employer (employees
> get free wifi in the cafeteria) to pass on information to the employees.
>
>
>
> I have setup a virtual debian 10 server with apache installed.
>
> I have a PC functioning as a router (192.168.1.1/24) using the x86
> version of DD-WRT, and have added the various hostnames to DNSMasq (i.e. I
> can now nslookup “daily”, “jobs”, “deals” and they all resolve to the same
> ip 192.168.250.1-as long as I put a dot after e.g. daily., or jobs.)
>
>
>
> Using the default 000-default.conf file included in sites-available and
> sites-enabled as-is, I am able to reach my webserver using any of those
> names, and see my current index.html file.
>
>
>
> I have tried to modify the conf file as follows. (I removed all the
> commented out lines)
>
>
>
> 
>
> ServerAdmin webmaster@localhost
>
> DocumentRoot /var/www/html
>
> 
>
> 
>
> ServerName daily
>
> ServerAlias www.daily
>
> DocumentRoot /var/www/html/daily
>
> 
>
> 
>
> ServerName deals
>
> ServerAlias www.deals
>
> DocumentRoot  /var/www/html/deals
>
> 
>
>
>
> I know this would work if I was trying to go to say http://today.jobs or
> http://monthly.deals i.e. using a TLD and hosting from the internet
>
>
>
> Ultimately I would like a separate webpage for each name i.e.  http://jobs,
> http://daily, http://deals
>
>
>
> I know I can accomplish this if I set up a webserver for each name, but
> that seems like a waste.
>
>
>
> All the internet searches show me how to do this with internet facing
> TLD’s.
>
> Is it even possible to do this internally?
>
> Do I need to create a dummy domain?
>
>
>
> Any help will be greatly appreciated.
>
>
>
>
>
>
>
>
>
>
>

Re: [users@httpd] IP address show Apache welcome page but domain name working!

[Yehuda Katz]

That file is for Debian-flavor distributions. On RedHat-flavors, a similar
file would be in /etc/httpd/conf.d if it exists (not in conf.modules.d
though). You can check which files have the actual config for a vhost by
running the command 'httpd -S'.

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.

On Tue, Sep 22, 2020, 9:15 AM Jason Long 
wrote:

> Where is "000-default.conf" file? I have not it!!
>
> # ls /etc/httpd/conf.modules.d/
> 00-base.conf   00-proxy_timeout.conf  10-mod_security.conf
> 00-dav.conf00-ssl.conf10-proxy_h2.conf
> 00-lua.conf00-systemd.conf15-php.conf
> 00-mpm.conf01-cgi.confREADME
> 00-optional.conf   10-fcgid.conf
> 00-proxy.conf  10-h2.conf
>
>
>
>
>
>
> On Tuesday, September 22, 2020, 11:12:28 AM GMT+3:30, Walter Penn
>  wrote:
>
>
>
>
>
> Jason Long wrote:
> > When I visit my website by its IP address the welcome page of Apache
> showed, but with"https://domain-name.net;  everything is OK. How can I
> block direct access by IP or forward it to domain?
>
> In the 000-default.conf put these lines:
>
>
>
> RewriteEngine on
> RewriteRule ^/
> https://your.domain.name/ [R,L]
>
> Retart httpd then it will work.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] File structure for nearly identical sites

[Yehuda Katz]

Your best option to do that might be to add a separate file with that
config and call it with IncludeOptional

For example:


ServerName $domain
ServerAlias www.$domain

DocumentRoot "/var/www/vhosts/$name"
ErrorLog "/var/log/httpd/$name.error_log"
CustomLog "/var/log/httpd/$name.access_log" combined

IncludeOptional "/var/www/config/$name.conf"


You can then add the different config to those files.

- Y

On Thu, Jul 9, 2020 at 4:25 PM Darryl Philip Baker <
darryl.ba...@northwestern.edu> wrote:

> I am getting a set of over 50 sites moved over to my server from elsewhere
> and the content manager want to duplicate each of these in a dev subdomain.
> An example eatatjoes.example.com and eatatjoes.dev.example.com. I am
> thinking that I can include the same configuration file twice if I replace
> the “dev.” with a macro. The first time in include the file the macro has
> the value of “.” And the second time the value of the macro is “dev.” I
> would do something similar for the document directory.
>
>
>
> Is there a way of keeping some directives from being in the live
> configuration for just the second time I include the file?
>
>
>
> In my case there are likely to be redirects as they test a site prior to a
> relaunch. They like to keep bookmarks working even after restructuring a
> site.
>
>
>
> *Darryl Baker, *GSEC  (he/him/his)
>
> Sr. System Administrator
>
> Distributed Application Platform Services
>
> *Northwestern University*
>
> 1800 Sherman Ave.
>
> Suite 6-600 – Box #39
>
> Evanston, IL  60201-3715
>
> *darryl.ba...@northwestern.edu *
>
> (847) 467-6674
>
>
>

Re: [users@httpd] How to permanently disable default config files

[Yehuda Katz]

You can use yum-plugin-post-transaction-actions to delete the files (not
currently available in CentOS 8 though):
Create a file named /etc/yum/post-actions/httpd.action
With the content:
httpd*:update:rm -f /etc/httpd/conf.d/file_to_delete

You should also be able to leave the files empty instead of deleting them -
yum should leave the modified files alone.

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.

On Wed, Jun 10, 2020, 5:29 PM Scott A. Wozny  wrote:

> Running the Centos7 packaged httpd, I didn't want the config files in
> /etc/httpd/conf.d (autoindex.conf, userdir.conf and welcome.conf) to load.
> I thought I was being clever and renamed them all to name.disable so they
> there there for my reference, but wouldn't load the modules and settings.
>
> Then I did a yum update to httpd.  The disable files were still there, but
> the installer replaced the "missing" .conf file which kept my instance from
> loading (I have disabled modules necessary for some of the config lines in
> these conf files).
>
> Is there a "standard" way to remove files so a yum update install doesn't
> replace them?  I have "comment out all the lines in the conf files and
> leave them in place" as a fallback, but I was wondering if I'm missing the
> "correct" way to do this.  I can't imagine I'm the only person who doesn't
> want those files to load on a default install.
>
> Thanks for any suggestions you may have,
>
> Scott
>

Re: [users@httpd] Authentication plugins/front end

[Yehuda Katz]

We use mod_auth_cas. We wrote our own cas server, but there are some off
the shelf options including with support for MFA, password reset, and lots
more. There is also mod_auth_tkt, but I haven't used it.

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.

On Sat, Jun 6, 2020, 10:12 PM @lbutlr  wrote:

> I'm not sure exactly what I am looking for, so not sure exactly what to
> search for.
>
> Basically, I would like to add authentication to web applications or sites
> that have no support for authentication, and I wonder if there is some sort
> of plugin for apache that I can use that sits between the outside and the
> web pages that handles authentication better than the simple httpauth?
> Perhaps even with support for such "advanced" features as password reset or
> OAuth?
>
> In most cases I do not want to touch the code for the actual webapp/site
> beyond maybe changes to .htaccess that would not interfere with the
> settings already in htaccess.
>
> This must be something people have already done.
>
>
>
> --
> Did they get you to trade your heroes for ghosts? Hot ashes for
> trees? Hot air for a cool breeze? Cold comfort for change?
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] Small difference on error messages

[Yehuda Katz]

Hi Kazuhiko,

This change was in response to CVE-2019-10092.
People who aren't upgrading httpd for some reason should still remove the
path information from the error pages to prevent XSS.

- Y

On Thu, Jan 30, 2020 at 4:05 AM kohmoto  wrote:

> Hi,
>
> I have learned small changes in httpd would cause to expose
> version information even we hide it though settings.
>
> The article indicating this realities is in the follow link.
>
> https://blog.eg-secure.co.jp/?m=1
>
> This article is written in Japanese. Please apologize this
> convenience, but you can understand what is there.
>
> Thank you for your cooperation.
>
> Yours truly,
> Kazuhiko Kohmoto
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] Remove Apache 2.4

[Yehuda Katz]

Open Command Prompt as administrator and run "httpd -k uninstall" to remove
the Windows service, then just delete the folder.

On Wed, Nov 13, 2019 at 9:12 AM Mystic Fallout 
wrote:

> Hello,
>
> I need to remove version 2.4 from my laptop as it is going to my daughter,
> factory reset is not a possibility. I plan on reinstalling on my new laptop
> when I get it.
>
> I've read everything I can find on Apache.org. Google searches show how to
> uninstall via application uninstalling which Apache doesn't have.
>
> I would be very grateful for any assistance you can provide.
>
> Thank you and good day.
>

Re: [users@httpd] RE: Need some advice - thread safe php module

[Yehuda Katz]

It says you are missing libargon2.so. You should be able to get it from
libargon2 in EPEL.

- Y

On Thu, May 23, 2019 at 4:59 PM Jeff Cauhape  wrote:

> Yehuda,
>
>
>
> Thank you. I figured that one out. 
>
>
>
> However, I’m seeing something odd that has me scratching my head.
>
>
>
> If I load the wrong module, it’s found but can’t be used (from httpd.conf):
>
>
>
> #
>
> # Diagnostic test - loading PHP module
>
> #
>
> LoadModule php5_module   modules/old/libphp5.so
>
> #LoadModule php7_module   modules/old/libphp7-zts.so
>
>
>
> and I get
>
>
>
> [root@web1e conf]# ../bin/httpd -t
>
> [Thu May 23 13:30:24.323227 2019] [:crit] [pid 2861:tid 139938397767552]
> Apache is running a threaded MPM,
>
> but your PHP Module is not compiled to be threadsafe.  You need to
> recompile PHP.
>
> AH00013: Pre-configuration failed
>
>
>
> which is what I suspect. However, comment out the wrong module
>
> and uncomment the correct one:
>
>
>
> #
>
> # Diagnostic test - loading PHP module
>
> #
>
> #LoadModule php5_module   modules/old/libphp5.so
>
> LoadModule php7_module   modules/old/libphp7-zts.so
>
>
>
> and check again …
>
>
>
> [root@web1e conf]# ../bin/httpd -t
>
> httpd: Syntax error on line 173 of /apps/apache_2.4.37/conf/httpd.conf:
> Cannot load modules/old/libphp7-zts.so into server: libargon2.so.0: cannot
> open shared object file: No such file or directory
>
>
>
> but both shared objects are in the same directory and have same
> permissions:
>
>
>
> [root@web1e old]# ls -l lib*
>
> -rwxr-xr-x. 1 apache apache 4588168 May 22 09:19 libphp5.so
>
> -rwxr-xr-x. 1 apache apache 5309568 May 23 11:52 libphp7-zts.so
>
>
>
> and they have the same magic cookies:
>
>
>
> [root@web1e old]# file lib*
>
> libphp5.so: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV),
> dynamically linked, BuildID[sha1]=ffdbbd7feae16b186d72c1cb2abc072ee3d3ceb6,
> stripped
>
>
>
> libphp7-zts.so: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV),
> dynamically linked, BuildID[sha1]=dcac17fd34443cb602e1d13f2cb812f6165d7ba3,
> stripped
>
>
>
> I thought that maybe the problem was some strange module name that wasn’t
> correct in httpd.conf
>
>
>
> [root@web1e old]# strings lib* | grep php | grep module
>
> php_info_print_module
>
> php_session_register_module
>
> _php_find_ps_module
>
> php_get_module_initialized
>
> php_module_startup
>
> php_module_shutdown_for_exec
>
> php_module_shutdown
>
> php_module_shutdown_wrapper
>
> php5_module
>
> /usr/lib64/php/modules
>
>
>
> php_info_print_module
>
> php_session_register_module
>
> _php_find_ps_module
>
> php_get_module_initialized
>
> php_module_startup
>
> php_module_shutdown_for_exec
>
> php_module_shutdown
>
> php_module_shutdown_wrapper
>
> php7_module
>
> /usr/lib64/php-zts/modules
>
>
>
> But that’s not the case.
>
>
>
> Ideas?
>
>
>
> *Jeffrey Cauhape – IT Professional III – Linux and Solaris Administrator*
>
> Nevada Department of Employment, Training and Rehabilitation
>
> (775) 684-3804 (office) jpcauh...@detr.nv.gov
>
>
>
> *From:* Yehuda Katz 
> *Sent:* Thursday, May 23, 2019 11:30 AM
> *To:* users@httpd.apache.org
> *Subject:* Re: [users@httpd] RE: Need some advice - thread safe php module
>
>
>
> Sorry for the delay. As Rainer said, the system-wide packages include zts
> builds. For example (I have php-73):
>
> /usr/lib64/httpd/modules/libphp7-zts.so
>
> /usr/bin/zts-php
>
>
>
> - Y
>
>
>
> On Thu, May 23, 2019 at 11:19 AM Jeff Cauhape 
> wrote:
>
> Thank you!
>
> Jeffrey Cauhape – IT Professional III – Linux and Solaris Administrator
> Nevada Department of Employment, Training and Rehabilitation
> (775) 684-3804 (office) jpcauh...@detr.nv.gov
>
> -Original Message-
> From: Rainer Canavan 
> Sent: Thursday, May 23, 2019 1:27 AM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] RE: Need some advice - thread safe php module
>
> On Thu, May 23, 2019 at 12:15 AM Jeff Cauhape 
> wrote:
> >
> > Yehuda,
> >
> > But how do you tell if the Apache thread-safe module is included?
> >
> > I’ve already wasted more than enough time on this task, and I’d like
> >
> > some way to determine I’m not just wasting more time.
>
> It's in the FAQ, a single mouse click away from the link Yehuda has
> provided:
>
> https://blog.remirepo.net/pages/English-FAQ#scl
>
> in short: pick the right package from Remi's repositories.
>
> rainer
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] RE: Need some advice - thread safe php module

[Yehuda Katz]

Sorry for the delay. As Rainer said, the system-wide packages include zts
builds. For example (I have php-73):
/usr/lib64/httpd/modules/libphp7-zts.so
/usr/bin/zts-php

- Y

On Thu, May 23, 2019 at 11:19 AM Jeff Cauhape  wrote:

> Thank you!
>
> Jeffrey Cauhape – IT Professional III – Linux and Solaris Administrator
> Nevada Department of Employment, Training and Rehabilitation
> (775) 684-3804 (office) jpcauh...@detr.nv.gov
>
> -Original Message-
> From: Rainer Canavan 
> Sent: Thursday, May 23, 2019 1:27 AM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] RE: Need some advice - thread safe php module
>
> On Thu, May 23, 2019 at 12:15 AM Jeff Cauhape 
> wrote:
> >
> > Yehuda,
> >
> > But how do you tell if the Apache thread-safe module is included?
> >
> > I’ve already wasted more than enough time on this task, and I’d like
> >
> > some way to determine I’m not just wasting more time.
>
> It's in the FAQ, a single mouse click away from the link Yehuda has
> provided:
>
> https://blog.remirepo.net/pages/English-FAQ#scl
>
> in short: pick the right package from Remi's repositories.
>
> rainer
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] RE: Need some advice - thread safe php module

[Yehuda Katz]

We are happy with Remi's Repo:  https://rpms.remirepo.net/wizard/ (Remi is
a core PHP team member).

You should consider newer versions of PHP (7.1+) as older version are no
longer maintained, unless you use the version supplied by RedHat (since
they are still updating it).

- Y

On Wed, May 22, 2019 at 4:12 PM Jeff Cauhape  wrote:

> I should mention this is running on RHEL 7.6, x86_64.
>
>
>
> *Jeffrey Cauhape – IT Professional III – Linux and Solaris Administrator*
>
> Nevada Department of Employment, Training and Rehabilitation
>
> (775) 684-3804 (office) jpcauh...@detr.nv.gov
>
>
>
> *From:* Jeff Cauhape 
> *Sent:* Wednesday, May 22, 2019 1:07 PM
> *To:* 'users@httpd.apache.org' 
> *Subject:* [users@httpd] Need some advice - thread safe php module
>
>
>
> Hi,
>
>
>
> I am porting some older web pages from Apache 2.4.6 to Apache 2.4.37 on
> Linux
>
> and apparently need to find a thread-safe version of libphp5.so to use,
> since we’re
>
> running MPM.
>
>
>
>- Does anyone know where I can download the apache thread safe php
>module?
>- If not, can someone give me a clue about the configuration options I
>should use
>
> to build a new version of PHP which contains the php module for Apache?
>
>
>
> I have been unable to find a download for the php module, and building PHP
> is not
>
> producing a php module either.
>
>
>
> Thanks,
>
>
>
> *Jeffrey Cauhape – IT Professional III – Linux and Solaris Administrator*
>
> Nevada Department of Employment, Training and Rehabilitation
>
> (775) 684-3804 (office) jpcauh...@detr.nv.gov
>
>
>

Re: [users@httpd] Fwd: Apache 2.4.39 update for Ubuntu 14.04

[Yehuda Katz]

Ubuntu 14.04 is no longer supported, so the ppa you are using to install
Apache is no long building new versions and Canonical is no longer
releasing free security updates. If you pay for an extended support
subscription, the version of Apache you will get will be maintained by
Canonical and will continue to get security updates (although it is Apache
2.2 if I remember correctly).

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.

On Wed, May 15, 2019, 7:55 AM Hajo Locke  wrote:

> Hello,
> Am 15.05.2019 um 13:43 schrieb Frank Gingras:
>
> Nitin,
>
> You will need to ask the folks that maintain your distribution/repository
> for help with updated packages.
>
> On Tue, 14 May 2019 at 01:18, Nitin Kadam 
> wrote:
>
>> Hello Team,
>>
>> I have ubuntu 14.04 web server with apache 2.4.33 package and with the
>> latest release of 2.4.39 internal security asked to update same ASAP.
>>
> Ubuntu 14.04 is end of life.
> You should upgrade your OS and distribution will update version or patch
> current version.
>
> when I do apt-cache policy its shows installed version 2.4.33 and
>> candidate also 2.4.33.
>>
>> Can you please help here its production application server.
>>
>> *apache2:*
>> *  Installed: 2.4.33-1+ubuntu14.04.1+deb.sury.org
>> +1*
>> *  Candidate: 2.4.33-1+ubuntu14.04.1+deb.sury.org
>> +1*
>> *  Version table:*
>> * *** 2.4.33-1+ubuntu14.04.1+deb.sury.org +1 0*
>> *100 /var/lib/dpkg/status*
>> --
>> Regards
>> Nitin Kadam
>>
>>
>>
>> Hajo
>

Re: [users@httpd] Re: CVE-2019-0211/0215/0217

[Yehuda Katz]

The distributions like RedHat, Debian, Ubuntu, etc. lock the version of
their software packages when they release any specific version of their OS
and they are responsible to backport any security or bug fixes.

For example, you can see Debian's tracker here:
https://security-tracker.debian.org/tracker/CVE-2019-0211
They append their own release number to the end of the HTTPD version to
show that they fixed the bug (2.4.25-3+deb9u6 to deb9u7).
Ubuntu says they fixed the issues in 2.4.29-1ubuntu4.6

- Y

On Sun, Apr 7, 2019 at 3:43 AM Dan Ehrlich 
wrote:

> I’ve seen a few CVEs now that are low level but pretty much effect every
> version from 2.4.30ish and back.
>
> The default Apache versions in the Debian and Ubuntu repos are 2.4.25 and
> 2.4.29 respectively.
>
> QUESTIONS:
> 1. Anyway to move the versions up (assuming I didn’t miss something) ?
> 2. Happy to help / take on task if someone can point me in the right
> direction
>
>
> On Apr 6, 2019, at 11:14 PM, Sunhux G  wrote:
>
> Also,
> can we safely say CVE-2019-0217 & CVE-2019-0215 affects "2.4.17 through
> 2.4.38 with MPM event, worker or prefork" only (just like CVE-2019-0211)?
>
> How do I check if we have "MPM event, worker or prefork" in our Apache?
>
> On Sat, Apr 6, 2019 at 10:59 PM Sunhux G  wrote:
>
>>
>> Are above CVEs affecting Apache httpd (ie web servers) 2.4.x  only
>> & other lower versions (eg: our Solaris 10's  Apache/2.0.63) are not
>> affected?
>>
>> Can point me to where to get the patches for RHEL7/RHEL6
>> in Red Hat support portal or anywhere else that's reliable??
>>
>> Sun
>>
>

Re: [users@httpd] Scalability: Single Server with Multiple SSL cert and keys

[Yehuda Katz]

You could add a load balancer/proxy that does SSL termination in front of
your web server (we use haproxy). If you are overloading your server, you
might just need to get another one.

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.


On Fri, Jan 25, 2019, 9:39 AM Mahesh Patil  Hi all,
> I have one server and it is serving multiple websites:
> eg.
> www.example1.com
> www.example2.com and such thousands of website and domains.
>
> Each website has its own SSL certificate.
> I made entry for each private key (SSLCertificateKeyFile), Certificate
> (SSLCertificateFile), and CA Certificate (SSLCACertificateFile) of the
> above in VirtualHost for each webiste.
> But as the number of websites are thousands, its slow and this is not
> scalable.
> Can any one suggest a scalable way to implement this scenario.
> Thanks in advance
> regards
> Mahi
>

Re: [users@httpd] Reverse proxy stalling forever

[Yehuda Katz]

I see that I can access your config.js 
from my browser, so httpd is serving that vhost.

What does localhost resolve to and is prosody listening on that IP address.
For example, maybe it is resolving to IPv6.
Check with netstat -ln to see what IP prosody is listening on. You should
try using that IP explicitly in RewriteRule instead of localhost.

- Y

On Tue, Jan 22, 2019 at 10:47 PM Alexandre Garreau 
wrote:

> Normally I have no firewall, and what’s behind ports 5280/5281 are the
> standard RFC-defined xmpp bosh ports (xmpp over http), ran by prosody.
>
> I can attach my prosody configuration file but I supposed it wasn’t of
> much help.
>
> And normally I don’t run any firewall. At least I didn’t set up any, so
> unless debian (stable) managed to install one without bothering me (that is
> without having to bug me about which ports to open or not), it’s very
> unlikely.
>
> <#part type="application/octet-stream"
> filename="/sudo:r...@portable.galex-713.eu:/etc/prosody/prosody.cfg.lua"
> disposition=attachment> <#/part> <#part type="application/octet-stream"
> filename="/sudo:r...@portable.galex-713.eu:/etc/apache2/sites-enabled/meet.galex-713.eu.conf"
> disposition=attachment> <#/part>
>

Re: [users@httpd] Reverse proxy stalling forever

[Yehuda Katz]

The configuration you sent doesn't show your server running on port
5280/5281, so we can't compare the configuration and see what might be
different.
My number one suspect would be your firewall.

- Y

On Tue, Jan 22, 2019 at 7:40 PM Alexandre Garreau 
wrote:

> Hi,
>
> I’m trying to make Jitsi Meet work. Initially it worked, but since the
> while it didn’t. So I’m investigating everything that could be going wrong.
>
> Here the VirtualHost Jitsi installation automatically created, with
> further additions by me (GnuTLS support, better rewritting supporting other
> alphabets): https://paste.debian.net/1062011/
>
> I was asked « apachectl -S » output on #httpd:
> http://paste.debian.net/1062013/
>
> So because HSTS, if you try http://meet.galex-713.eu:5280/http-bind it
> might not work, in which case try https://meet.galex-713.eu:5281/http-bind
>
> You can also try with curl: normally it should say “it works” and a link
> to prosody documentation.
>
> And that’s what should also be displayed by
> https://meet.galex-713.eu/http-bind but it stalls forever, any idea how’s
> this?
>
> Whenever I connect to this, all apache logs stay silent, why?
>

Re: [users@httpd] Apache Fake Story?

[Yehuda Katz]

Check the bugzilla thread for all the details:
https://bz.apache.org/bugzilla/show_bug.cgi?id=63098
The short version is that HTTPD developers found that the bug can only be
reproduced under specific conditions with debugging options turned on,
which is not the way people usually run the server (with the exception of
OpenBSD ports distribution which had another mitigating factor).

There is also a post about h2 specifically:
https://icing.github.io/mod_h2/pool-debugging.html

- Y

On Tue, Jan 22, 2019 at 7:57 PM Dan Ehrlich  wrote:

> Is this true?
>
> https://github.com/hannob/apache-uaf/blob/master/README.md
>
> Was this security vulnerability really treated with such disregard by
> Apache HTTPD devs?
>
> I am aware the work that they do is free, but I contribute to plenty of
> open source for free and take the responsibility very seriously.
>
> This is extremely disturbing and we should all be concerned.
>
> If there was an oversight I made or this story changed please respond and
> correct me and I apologize in advance.
>
>
>
>

Re: [users@httpd] Port Forwarding Help?

[Yehuda Katz]

If your ISP blocks port 80 and port 443, there is no way for you to host
the site without a port number.
If you can run a server on those ports, HTTPD would listen there and
reverse proxy to the internal port the app is running on (5501?). You would
not want to forward 5501 through the router because it would allow people
to bypass your reverse proxy.
You prove ownership of the URL by placing a particularly named file in
/.well-known/ and the SSL tool will check for it there. This will not work
if you aren't on a standard port (80/443).

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.

On Sun, Jan 20, 2019, 3:50 PM Osman Zakir  I found out that the problem was that I was using port 8080 which was
> blocked by my ISP.  I managed to get it to work using a different port
> (port 8443 didn't work either).
>
> Now I need to ask this: if I want to put my app behind Apache's reverse
> proxy, do I need to set up port forwarding for just the port that I set for
> the reverse proxy in ProxyPass directive, or do I also have to do it for
> the one Apache is listening on?
>
> Also, I got a free DynDNS from dynu.com and I'm serving my app on port
> 5501 on it, but is there no way I can use a URL where specifying the port
> number isn't a requirement?  The URL is http://dragonosman.dynu.net:5501/
> .  And if I want to get an SSL certificate for it, seeing as I'm hosting it
> on my own computer with a Dynamic DNS, how do I prove ownership of the
> domain when I try to use something like this? https://www.sslforfree.com/
> .
> SSL For Free - Free SSL Certificates in Minutes
> 
> Free SSL Certificate issued in less than a minute. 100% Free Forever.
> Never pay for SSL again. Thanks to Letsencrypt the first non-profit CA..
> Widely Trusted. Our free SSL certificates are trusted in 99.9% of all major
> browsers.
> www.sslforfree.com
>
>

Re: [users@httpd] Doubts in apache-2.4.37

[Yehuda Katz]

1. Don't know, should be easy to test.

2. Pipe.

3. I think this depends on which actual proxy module you are using. (There
are parameters for controlling the buffer size and when to flush)

On Mon, Jan 14, 2019 at 9:51 AM Hemant Chaudhary <
hemantdude.chaudh...@gmail.com> wrote:

> Hi Team,
>
> I have following doubt, please help me to understand
>
> 1) I am using worker MPM and according to architecture, each child process
> creates one worker listener thread which has mutex and listens on the port.
> If I am using two ports 80 and 443 then whether each child creates two
> listener thread  to listen on each port(80 and 443) or it will create only
> one listener thread.
>
> 2) When mod_cgi forks the another process and sends the response back to
> client then the communication between http process and forked process
> happens through pipe or socket.
>
> 3) When we proxy https request to backend server like tomcat then whether
> message transfers takes place in stream manner or it sends the whole
> message to backend server after decrypt the message.
>
> Please let me know if I am not clear.
>
> Thanks
> Hemant
>

Re: [users@httpd] Apache 2.4 how to exclude certain GET requests from log using SetEnvIf

[Yehuda Katz]

You need to specify an env= (or !=) On the LogFormat line. There is nothing
magic about setting dontlog.

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.

On Thu, Nov 15, 2018, 3:30 AM UniCapitals  Hello to Apache Community,
> I spent time with Apache docs and Google but did not find any real example
> for that.
>
> I want to exclude from logging many unnecessary lines like that
>
> 83.266.84.27 - - [27/Oct/2018:14:07:19 -0500] "GET
> example.com/mod/maxtop.php HTTP/1.1" 200 3412 "
> http://example.com/page218.html; "Mozilla/5.0 (Windows NT 10.0; rv:56.0)
> Gecko/20100101 Firefox/56.0"
>
> I tried
> SetEnvIf Request_Method GET "^/maxtop\.php$" dontlog
> and
> SetEnvIf Request_Method "GET(.*)/maxtop\.php$" dontlog
> ...but no success.
>
> Additional info
> CentOS 7.5
> Server version: Apache/2.4.6 (CentOS)
> LogFormat "%h %l %u %t \"%m %V%U %H\" %>s %b \"%{Referer}i\"
> \"%{User-agent}i\"" combined
>
> Thx for any hint what else to try (if Apache GET exclude by regex at all
> possible...)
>
> Serge
>

Re: [users@httpd] Question about linking third-party GPL plugin to httpd

[Yehuda Katz]

You should definitely talk to your own lawyer but in general, the license
applies to distribution, not to your own use.
https://www.gnu.org/licenses/gpl-faq.en.html#GPLRequireSourcePostedPublic



- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.

On Mon, Oct 29, 2018, 10:47 PM Remus Clearwater 
wrote:

> Hi,
> I downloaded the sources of a third-party plugin A and the httpd
> separately. The license of plugin A is GPL, and httpd is Apache License
> 2.0. There is also a plugin B developed by our own company and is closed
> source. So, does there would be some problems when I compile and link
> them three together to provide web service for our users through the
> internet? (Since GPL is infectious, will plugin B and httpd be infected
> in this case?)
>
> Thank you very much for your time :-)
>
> All the best
>
> Remus
>

Re: [users@httpd] How to auto-select SSL certificate by hostname

[Yehuda Katz]

There is no built-in way to handle this. You would need to list every
domain name as a server alias for HTTPD to select the correct certificate.
You could look at mod_macro so you don't need to rewrite the same
configuration multiple times or a configuration management tool like
Puppet/Chef/etc that can just take a list and create the config.
Alternatively, you could set up haproxy in front of HTTPD since it searches
a directory for all certificates.

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.

On Wed, Sep 12, 2018, 2:51 PM  wrote:

> I am trying to configure a server that has the singular purpose of
> redirecting https://anyhost.com to https://www.anyhost.com. Without SSL,
> this is trivial: create a single configuration that uses Rewrite to
> redirect to www.{%HOST}.
>
>
>
> Bringing SSL into it complicates things however. We’ll be doing redirects
> for 1000+ domains, so managing hostname --> certificate mappings with
> VHosts is a challenge. We can fit 100 names on each certificate, so we’ll
> need to handle at minimum 10 certificates.
>
>
>
> From my reading of the documentation, each VHost can only be configured
> for a single certificate. Is there any method, with or without the use of a
> module, for having a single configuration that can serve the appropriate
> certificate automatically?
>
>
>
> The behavior I’m attempting to emulate is available on Amazon Application
> Load Balancers. Multiple certificates can be added to a single ALB, and it
> examines the Host header to determine which certificate is appropriate with
> zero configuration of any domain-certificate mapping.
>
>
>
>
> *Craig Menning*BubbleUp.net
> cr...@bubbleup.net
> O: (832) 585-0709
> C: (713) 568-5355
>
>
>

Re: [users@httpd] Odd session cookies

[Yehuda Katz]

It looks like someone trying to guess existing cookies and retrieve session
information for existing sessions. Based on the cookie format, I am
guessing the sessions are actually controlled by PHP - you can add some
code to log IP address and cookie combinations and see if there is a
patterns.

I am pretty sure sess_rfc1867-tests-post is a cookie name from the PHP test
suite. The other examples you gave look like what might happen if you set a
custom session handler and didn't add a unique value for each session.

If you are worried about actual session hijacking, store the client IP
address in the session and don't let other IPs use it and/or consider an
application firewall that can detect these things (no specific
recommendation).

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.

On Fri, Sep 7, 2018, 1:17 AM John  wrote:

> Beginning last Sunday (2 September) I have been finding several oddly named
> session cookies each day on my server.  The normal Apache session cookies
> have
> names like "sess_d50280ded90f1dbd48fcfd5fc77baa77".  These new ones have
> names
> like:
>
> sess_mycustomsession
> sess_sessionidhere
>
>
> The content seems strange too, although so far I haven't found anything
> important in one of the.  The owner name is often mine, although some have
> "php-fpm" as the file owner.
>
> Here is an example:
>
> cookie name:  sess_rfc1867-tests-post
>
> cookie content:
>
>
> upload_progress_rfc1867_sid_only_cookie_2.php|a:5:{s:10:"start_time";i:153591608
>
> 5;s:14:"content_length";i:603;s:15:"bytes_processed";i:603;s:4:"done";b:1;s:5:"f
>
> iles";a:2:{i:0;a:7:{s:10:"field_name";s:5:"file1";s:4:"name";s:9:"file1.txt";s:8
>
> :"tmp_name";s:14:"/tmp/phpQWrbXC";s:5:"error";i:0;s:4:"done";b:1;s:10:"start_tim
>
> e";i:1535916085;s:15:"bytes_processed";i:1;}i:1;a:7:{s:10:"field_name";s:5:"file
>
> 2";s:4:"name";s:9:"file2.txt";s:8:"tmp_name";s:14:"/tmp/phpSoCWFv";s:5:"error";i
>
> :0;s:4:"done";b:1;s:10:"start_time";i:1535916085;s:15:"bytes_processed";i:1;}}}
>
> Does anyone have any idea what these are and if I have some sort of a
> compromise
> to the server going on?
>
> Thanks in advance.
>
> John
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] Renaming default page example.com to Data Portal

[Yehuda Katz]

The server doesn't set the title, the application does by sending the html
 tag. Check with your application developer.

- Y

On Thu, Aug 9, 2018 at 3:46 PM Collins O. Adoyo 
wrote:

> Dear Users,
>
> I have a web portal with the title of page showing a default name
> example.com. I wish to rename it to Data Portal. Kindly how do I go about
> it. I know there is a file I should edit and insert Data Portal where the
> word www.example.com .
>
> Kindly in which directory is this file and whats the same. The server is
> Apache web server. See the image below to help clarify the same.
>
> [image: Inline image]
>
>
> Kind regards.
> Collins
>
>
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] How to start perl script using FCGID module

[Yehuda Katz]

WSGI doesn't work with FastCGI by itself. You can use mod_wsgi, a
wsgi->fastcgi wrapper like flup, or change your program to use fcgiapp or
python-fastcgi.
I think the Flask documentation has some good details and examples:
http://flask.pocoo.org/docs/1.0/deploying/

- Y

On Thu, Aug 9, 2018 at 12:51 PM Ananya Dey  wrote:

> Thanks for the response Yehuda Katz :)
> Also, to run python scripts we need to use the WSGI module. So how do we
> implement that with mod_fcgid?
>
> Regards
> Ananya
>
> On Thu, Aug 9, 2018 at 6:50 PM, Yehuda Katz  wrote:
>
>> The difference between FastCGI and regular CGI is that regular CGI runs
>> the program directly and FastCGI is expected to run continuously and handle
>> requests. If you want to use FastCGI in Perl, you might want to start with
>> a library like PSGI or a framework like Catalyst.
>>
>> - Y
>>
>> Sent from a device with a very small keyboard and hyperactive autocorrect.
>>
>> On Thu, Aug 9, 2018, 8:10 AM Ananya Dey  wrote:
>>
>>> Hi,
>>>
>>> I am trying to run a perl script using fcgid module.
>>> I have loaded mod_fcgid module.
>>>
>>> I have created a directory in apache called fcgi-bin and added the below
>>> snippet to my httpd.conf file.
>>> 
>>> AddHandler fcgid-script .pl
>>> AllowOverride All
>>> Options +Indexes +FollowSymLinks +ExecCGI
>>> Require all granted
>>> 
>>>
>>> And have also added -
>>> ScriptAlias /fcgi-bin/
>>> '/home/ananya/apache-http-connector/apache-2.4.29/fcgi-bin/'
>>>
>>> My perl program is a simple hello world programme as follows-
>>>
>>> #!/usr/bin/perl
>>> print("Content-Type: text/plain\n\n");
>>> print "Hello world";
>>>
>>> But the problem that I am facing is that the 'Hello World' output is
>>> getting printed in my Apache error logs and not in the browser as a perl
>>> script. Can someone please help me out with this?
>>>
>>> Thanks
>>> Ananya
>>>
>>
>> On Aug 9, 2018 8:10 AM, "Ananya Dey"  wrote:
>>
>> Hi,
>>
>> I am trying to run a perl script using fcgid module.
>> I have loaded mod_fcgid module.
>>
>> I have created a directory in apache called fcgi-bin and added the below
>> snippet to my httpd.conf file.
>> 
>> AddHandler fcgid-script .pl
>> AllowOverride All
>> Options +Indexes +FollowSymLinks +ExecCGI
>> Require all granted
>> 
>>
>> And have also added -
>> ScriptAlias /fcgi-bin/
>> '/home/ananya/apache-http-connector/apache-2.4.29/fcgi-bin/'
>>
>> My perl program is a simple hello world programme as follows-
>>
>> #!/usr/bin/perl
>> print("Content-Type: text/plain\n\n");
>> print "Hello world";
>>
>> But the problem that I am facing is that the 'Hello World' output is
>> getting printed in my Apache error logs and not in the browser as a perl
>> script. Can someone please help me out with this?
>>
>> Thanks
>> Ananya
>>
>>
>>
>

Re: [users@httpd] How to start perl script using FCGID module

[Yehuda Katz]

The difference between FastCGI and regular CGI is that regular CGI runs the
program directly and FastCGI is expected to run continuously and handle
requests. If you want to use FastCGI in Perl, you might want to start with
a library like PSGI or a framework like Catalyst.

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.

On Thu, Aug 9, 2018, 8:10 AM Ananya Dey  wrote:

> Hi,
>
> I am trying to run a perl script using fcgid module.
> I have loaded mod_fcgid module.
>
> I have created a directory in apache called fcgi-bin and added the below
> snippet to my httpd.conf file.
> 
> AddHandler fcgid-script .pl
> AllowOverride All
> Options +Indexes +FollowSymLinks +ExecCGI
> Require all granted
> 
>
> And have also added -
> ScriptAlias /fcgi-bin/
> '/home/ananya/apache-http-connector/apache-2.4.29/fcgi-bin/'
>
> My perl program is a simple hello world programme as follows-
>
> #!/usr/bin/perl
> print("Content-Type: text/plain\n\n");
> print "Hello world";
>
> But the problem that I am facing is that the 'Hello World' output is
> getting printed in my Apache error logs and not in the browser as a perl
> script. Can someone please help me out with this?
>
> Thanks
> Ananya
>

On Aug 9, 2018 8:10 AM, "Ananya Dey"  wrote:

Hi,

I am trying to run a perl script using fcgid module.
I have loaded mod_fcgid module.

I have created a directory in apache called fcgi-bin and added the below
snippet to my httpd.conf file.

AddHandler fcgid-script .pl
AllowOverride All
Options +Indexes +FollowSymLinks +ExecCGI
Require all granted


And have also added -
ScriptAlias /fcgi-bin/
'/home/ananya/apache-http-connector/apache-2.4.29/fcgi-bin/'

My perl program is a simple hello world programme as follows-

#!/usr/bin/perl
print("Content-Type: text/plain\n\n");
print "Hello world";

But the problem that I am facing is that the 'Hello World' output is
getting printed in my Apache error logs and not in the browser as a perl
script. Can someone please help me out with this?

Thanks
Ananya

Re: [users@httpd] Help with SSL not working on Ubuntu 14.04

[Yehuda Katz]

Hi Travis,
I see you mentioned on StackOverflow that your question is resolved (extra
virtual hosts in the configuration meant you weren't reaching to correct
host).

One recommendation based on the config you posted there: Don't use
 if it is critical to you that your site is available
over ssl (or similar for any other module you need).
 is great if you don't know anything about the server where your
code is actually going to run, but not necessarily when you control the
server.
If your SSL configuration is inside  and for some reason mod_ssl
isn't loaded, you will not get an error message when you run a config check
(highly recommended before reloading/restarting the service) that SSL (or
other module) isn't loaded.
You would rather know that.

- Y

On Wed, Aug 8, 2018 at 5:21 PM Travis Johnston 
wrote:

> Hello,
>
> This is my first post to the group so testing the waters with an issue
> that I am having. I run 4 Ubuntu servers, each controlled with Webmin and
> Virtualmin. I am adding SSL to one of the sites but every time I visit the
> https://www.domain.org it gives me either one of the errors.
>
> Chrome: ERR_SSL_PROTOCOL_ERROR
>
> Firefox: SSL_ERROR_RX_RECORD_TOO_LONG
>
> The Chrome one isn't very helpful but the Firefox error at least tells me
> that it's an issue on the server. I've posted to Stackoverflow about the
> issue as well here:
>
>
> https://stackoverflow.com/questions/51733739/ssl-on-ubuntu-14-04-virtualmin-virtual-server-shows-unknown-protocol
>
> I've made sure that port 443 is being listened to and in the
> site-avaiable/domain-name.conf file there are 2  entries, one
> for port 80 and one for port 443.
>
> The SSL cert installed correctly without any errors and the 443 entry was
> added and appears fine. SSLEngine is On, file paths for certs are all
> correct. The *.conf files are being loaded by Apache OK.
>
> One issue I do have is if I set the 443 to *:443 in the conf file, a
> different website on the server loads if you visit https. I need to
> specifically enter the IPADDRESS:443 or the domain:443 to stop it from
> redirecting.
>
> Any help is appreciated, really stumped with this one.
>
> Thanks,
>
> *Travis Johnston, Web Systems Architect & Salesforce Administrator*
> Collaborative for Educational Services
> 97 Hawley St, Northampton, MA. 01060
> Company Phone: (413) 586-4900
> Direct Line: (413) 588-5930
> Website: http://www.collaborative.org/web-dev
> Twitter: https://twitter.com/CESTravis
> LinkedIn: https://www.linkedin.com/in/travisejohnston
>
> For all support related issues, please visit our Help Center at
> http://support.collaborative.org and login with your Google Apps account
> or register to see answers to commonly asked support questions. If you do
> not find an answer that meets your support needs, please submit a request
> by clicking the button located at the top of the Help Center.
>
>
> All email sent to or received from CES is a matter of public record and
> may be viewed by others. Please do not share or forward. The content of
> this email may be confidential unless otherwise indicated. If you are not
> the intended recipient (or have received this email in error), please
> notify the sender immediately and delete this email.

Re: [users@httpd] Where to download HTTPD

[Yehuda Katz]

Welcome to the mailing list - please don't hijack other people's threads.

There is no official binary distribution for HTTPD. I recommend the builds
from ApacheLounge.
https://www.apachelounge.com/download/win64/

- Y

On Wed, Aug 8, 2018 at 8:05 PM Eric Ngo  wrote:

> Hi
> Can someone point me to a site where I download the windows installer
> (.msi) for the Apache HTTP Server version 2.4.34?
> I am new at this.
> Thanks a bunch!
>
> On Wed, Aug 8, 2018 at 2:20 PM, Travis Johnston <
> tjohns...@collaborative.org> wrote:
>
>> Hello,
>>
>> This is my first post to the group so testing the waters with an issue
>> that I am having. I run 4 Ubuntu servers, each controlled with Webmin and
>> Virtualmin. I am adding SSL to one of the sites but every time I visit the
>> https://www.domain.org it gives me either one of the errors.
>>
>> Chrome: ERR_SSL_PROTOCOL_ERROR
>>
>> Firefox: SSL_ERROR_RX_RECORD_TOO_LONG
>>
>> The Chrome one isn't very helpful but the Firefox error at least tells me
>> that it's an issue on the server. I've posted to Stackoverflow about the
>> issue as well here:
>>
>>
>> https://stackoverflow.com/questions/51733739/ssl-on-ubuntu-14-04-virtualmin-virtual-server-shows-unknown-protocol
>>
>> I've made sure that port 443 is being listened to and in the
>> site-avaiable/domain-name.conf file there are 2  entries, one
>> for port 80 and one for port 443.
>>
>> The SSL cert installed correctly without any errors and the 443 entry was
>> added and appears fine. SSLEngine is On, file paths for certs are all
>> correct. The *.conf files are being loaded by Apache OK.
>>
>> One issue I do have is if I set the 443 to *:443 in the conf file, a
>> different website on the server loads if you visit https. I need to
>> specifically enter the IPADDRESS:443 or the domain:443 to stop it from
>> redirecting.
>>
>> Any help is appreciated, really stumped with this one.
>>
>> Thanks,
>>
>> *Travis Johnston, Web Systems Architect & Salesforce Administrator*
>> Collaborative for Educational Services
>> 97 Hawley St, Northampton, MA. 01060
>> 
>> Company Phone: (413) 586-4900
>> Direct Line: (413) 588-5930
>> Website: http://www.collaborative.org/web-dev
>> Twitter: https://twitter.com/CESTravis
>> LinkedIn: https://www.linkedin.com/in/travisejohnston
>>
>> For all support related issues, please visit our Help Center at
>> http://support.collaborative.org and login with your Google Apps account
>> or register to see answers to commonly asked support questions. If you do
>> not find an answer that meets your support needs, please submit a request
>> by clicking the button located at the top of the Help Center.
>>
>>
>> All email sent to or received from CES is a matter of public record and
>> may be viewed by others. Please do not share or forward. The content of
>> this email may be confidential unless otherwise indicated. If you are not
>> the intended recipient (or have received this email in error), please
>> notify the sender immediately and delete this email.
>
>
>

Re: [users@httpd] How to configure two frontend Apache mod_proxy failover cluster with single backend webserver

[Yehuda Katz]

Hi Kamal,
You could look into keepalived.

This article is a decent (although old) guide:
https://backreference.org/2012/04/25/load-balancing-and-ha-for-multiple-applications-with-apache-haproxy-and-keepalived/
(You can ignore all the parts about HAProxy)

- Y

On Tue, Jul 31, 2018 at 8:22 AM kamaljeet singh
 wrote:

> Hi,
>
> I want to configure two Apache mod_proxy servers in failover cluster with
> a single backend web server.
>
> Presently I have a single webserver (since it does not handle heavy
> workloads) for which I plan to configure mod_proxy server. Since we will be
> relying heavily on the proxy server to handle our web server requests so we
> do not want to take any chance of proxy server going down. Considering
> this, we wish to configure two mod_proxy servers working in tandem so that
> if one proxy server is unavailable due to some reason the other proxy
> server is able to handle all web server requests. Is that possible to do?
> If yes, how?
>
> I looked around the web to search for mod_proxy cluster/failover
> configuration bout couldn't find any clue. The only information I could
> find was failover configuration for backend web servers but this is not
> which I want since I have a single backend web server. Instead I need to
> have two frontend proxy servers working simultaneously in a failover
> cluster mode.
>
> Any help on this is highly appreciated.
>
> Regards,
> Kamal
>

Re: [users@httpd] access control and Apache load balancing

[Yehuda Katz]

You can filter based on the X-Forwarded-For header or use mod_remoteip.
mod_remoteip will rewrite the remote address so you can use standard
filters.

To use X-Forwarded-For, you can do something like this:
SetEnvIF X-Forwarded-For "^192\.168\.10\.\d+$" MY_PRIVATE_NETWORK1
SetEnvIF X-Forwarded-For "^172\.16\.10\.\d+$" MY_PRIVATE_NETWORK2

Require env MY_PRIVATE_NETWORK1
Require env MY_PRIVATE_NETWORK2


- Y

On Mon, Jul 30, 2018 at 11:44 AM Rose, John B  wrote:

> Any suggestions on how to implement access control for ip address
> ranges to specific files on back end hosts when going thru Apache load
> balancer?
>
>
> For example, you do not want external IPs to access "filename.php" on your
> backend hosts thru load balancer
>
>
>
>

Re: [users@httpd] SSLCertificateChainFile

[Yehuda Katz]

You can use a tool like https://www.ssllabs.com/ssltest/ to check the chain
(and other settings) or you can use openssl (openssl s_client -showcerts
-connect www.example.com:443).
As you found, putting the chain in the certificate file should work.

- Y

On Thu, Jul 19, 2018 at 2:47 PM  wrote:

> I am putting to together a config for both RH6 and RH7 systems.  RH6 used
> Apache/2.2.15, RH7 uses Apache/2.4.6.
>
> I understand that in 2.4.8 SSLCertificateChainFile is deprecated and the
> intermediates should be appended to  the file that SSLCertificateFile
> points to.
>
> Can 2.2 and < 2.4.8 work properly if the SSLCertificateChainFile in the
> config is NOT used and instead the intermediates are appended the file
> that  SSLCertificateChainFile points to as you would in 2.4.8 and greater.
> Just thinking that if it will work correctly, the config would be the same
> now and when 2.4.8 and greater  gets in place.
>
> We have done this on a test system and it seems to work, however I'm not
> sure if we are just fooling ourselves and it isn't even seeing the
> intermediates and the client just isn't complaining.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] Mutiple IP/Multiple SSL

[Yehuda Katz]

You can definitely do this. For each VirtualHost, make sure you have
ServerName set to the main web site and ServerAlias set for any additional
name that the SSL certificate is good for.
When a request comes in, Apache compares the SNI information in the request
to the ServerName/Aliases that it knows about and uses that to choose which
VirtualHost, and therefore which SSL Certificate, to serve.

Separately, if you want your sites to have HTTPS, don't use  in your configuration. You would likely rather have the server
give you an error if mod_ssl is not loaded.

- Y

On Thu, Jul 19, 2018 at 10:33 AM Robert Earnest Lassiter <
robert.lassi...@earnestware.com> wrote:

> Cannot determine if it’s possible to run multiple SSL with individual
> IP/SSL site on same server(ubuntu). We run multiple domains and would like
> to stack these SSL sites if it’s possible.
>
> No issue multihoming the NIC, no issue multiple domains/server on port 80
> – only issue is apache finding the correct SSL cert. It seems to get
> confused and hangs…
>
>
>
> Ubuntu – 16.04
>
> Apache –
>
> Server version: Apache/2.4.18 (Ubuntu)
>
> Server built:   2018-06-07T19:43:03
>
>
>
>
>
> I’ve tried wild card and setting the ip address
>
> (example )
>
> 
>
> 
>
> 
>
> 
>
>
> And
>
> 
>
>  (1.2.3.4 is example)
>
> 
>
> 
>
>
>
>
> Regards
> Robert Earnest Lassiter
>
>
>

Re: [users@httpd] download

[Yehuda Katz]

You can definitely try it on Windows 10, it shouldn't be worse than XP.
The major difference since the last time you installed might be that there
are no longer Windows binaries on the httpd website. [1]
I recommend the builds from ApacheLounge:
https://www.apachelounge.com/download/

If you haven't downloaded PHP for Windows in a while, that has also moved:
https://windows.php.net/
If you are using the ApacheLounge build with mod_php, you should download
the Thread-Safe version of PHP.

[1] Statement on binary downloads for Windows:
http://httpd.apache.org/docs/current/platform/windows.html#down

- Y

On Thu, Jul 12, 2018 at 4:44 AM georg.chamb...@telia.com <
georg.chamb...@telia.com> wrote:

> Ok, tnx, could have thought there would be some issues,
> so is there a diff from XP in the way http is handled ?
> I think it might be time to shove MS alltogether an take the trouble to
> learn back to an ix system ...
>
>
> >Ursprungligt meddelande
> >Från : w...@bachsau.name
> >Datum : 2018-07-12 - 04:17 (V)
> >Till : users@httpd.apache.org
> >Ämne : Re: [users@httpd] download
> >
> >Am 12.07.2018 um 00:10 schrieb georg.chamb...@telia.com:
> >> but now im (unfortunately) on a W10, which is the target.
> >
> >In that case, please also note that W10 is not a server system and is
> >therefore artifically limited in the number of incomming connections it
> >can handle. Because of this I would strongly encourage using a Windows
> >Server system instead, even if running Apache httpd.
> >
> >
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] .php3 files recognised but .php files not

[Yehuda Katz]

I would suggest removing "" from your configuration.
It is possible mod_php7 is not actually loaded and you have some other part
of your configuration that is setting the handler for .php files.
If you remove " wrote:

>
>
> On 10/06/2018 18:53, Michael A. Peters wrote:
> > On 06/10/2018 06:04 AM, Paul Gardiner wrote:
> >> I have just installed openSUSE Leap 15.0 on a server including Apache
> >> 2.4.33 and php 7.2.5.
> >>
> >> If I attempt to access .php files, I'm offered them as downloads,
> >> although renaming them to .php3 makes them work fine. I have this file
> >> amongst my apache config
> >>
> >> conf.d/php7.conf
> >>
> >> 
> >>
> >>SetHandler application/x-httpd-php
> >>
> >>
> >>SetHandler application/x-httpd-php-source
> >>
> >> DirectoryIndex index.php4
> >> DirectoryIndex index.php5
> >> DirectoryIndex index.php
> >> 
> >
> > Just change it to
> >
> >
> > 
> >
> >   SetHandler application/x-httpd-php
> >
> >
> >   SetHandler application/x-httpd-php-source
> >
> >DirectoryIndex index.php
> > 
> >
> > If you really need .php3 .php4 .php5 add them as separate FilesMatch
> > directives.
> >
> > Lot of stuff in php3/4 is deprecated on php7 so scripts written for php
> > that ancient are not likely to work unless they are very simple, and I
> > don't recall .php5 ever being an extension ever officially being
> promoted.
> >
> > .php3 was because some servers had both php3 and php4 but I don't even
> > recall .php4 being an officially endorsed extension, let alone .php5.
>
> Thanks for the suggestion, but it still doesn't work: .php files are
> still offered for download rather than being executed. Now that I've
> made the change you suggested, .php3 files don't work either
> unsurprisingly. There has to be something else in my configuration that
> specifically stops .php files being executed but doesn't stop .php3. I
> have no idea where to look.
>
> Cheers,
> Paul.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] Rotate logs in apache-2.4.29

[Yehuda Katz]

Is rotatelogs actually located in /bin/ ?

On my REHL 7 system, it is located in /usr/sbin/
On Ubuntu 16.04, it is located in /usr/bin/

- Y

On Fri, Jun 8, 2018 at 5:11 AM Hemant Chaudhary <
hemantdude.chaudh...@gmail.com> wrote:

> Hi All,
>
> I am trying to use rotatelogs in my webserver, but unable to do that.
> Please help me to know where I am going wrong.
>
> httpd.conf:
> CustomLog "|/bin/rotatelogs logs/httpd_log 60" combined
>
> error_log:
> (4002)No such file or directory: AH00104: unable to start piped log
> program ' /bin/rotatelogs /logs/httpd_log 60'
> AH00015: Unable to open logs
>
>
> I tired for access_log too. But getting the same error.
>
> Thanks
> Hemant
>

Re: [users@httpd] MySQL Java 10 and XQuery

[Yehuda Katz]

You have the wrong mailing list.

On Thu, Jun 7, 2018 at 1:57 PM Ted Hickox  wrote:

> Can MySQL work with Java 10 and XQuery?
>

Re: [users@httpd] Installation Error in Apache2

[Yehuda Katz]

Since none of us can see your server, we can't tell you exactly what you
need.
If you installed it with apt, you can run apt purge apache2
If you installed it some other way, we can't help you.

- Y

On Sun, May 13, 2018 at 3:33 PM, Deepak Goel <deic...@gmail.com> wrote:

> I am a newbie so sorry to test your patience.
>
> How to go about getting a fresh installation of Apache2 on my Ubuntu box
> which supports SSL? (Please note there might be an earlier broken Apach2
> installation. How do I clean this up? And then go about installing a fresh
> installation)
>
> Thank You very much
>
>
>
> Deepak
> "The greatness of a nation can be judged by the way its animals are
> treated. Please stop cruelty to Animals, become a Vegan"
>
> +91 73500 12833
> deic...@gmail.com
>
> Facebook: https://www.facebook.com/deicool
> LinkedIn: www.linkedin.com/in/deicool
>
> "Plant a Tree, Go Green"
>
> Make In India : http://www.makeinindia.com/home
>
> On Mon, May 14, 2018 at 12:26 AM, Yehuda Katz <yeh...@ymkatz.net> wrote:
>
>> Each configuration directive is valid in specific parts of the
>> configuration.
>> Look at "Context" in the manual: https://httpd.apache.o
>> rg/docs/2.4/mod/directive-dict.html#Context
>>
>> For this specific case, https://httpd.apache.org
>> /docs/2.4/mod/mod_ssl.html#sslrandomseed
>> SSLRandomSeed can only be in the global server config, not in a
>> .
>>
>> - Y
>>
>> On Sun, May 13, 2018 at 12:08 PM, Deepak Goel <deic...@gmail.com> wrote:
>>
>>> Removing SSLv3 parameter gives the following error:
>>>
>>> *SSLRandomseed cannot occur within  section*
>>> *Action configtest failed*
>>>
>>>
>>>
>>>
>>>
>>> Deepak
>>> "The greatness of a nation can be judged by the way its animals are
>>> treated. Please stop cruelty to Animals, become a Vegan"
>>>
>>> +91 73500 12833
>>> deic...@gmail.com
>>>
>>> Facebook: https://www.facebook.com/deicool
>>> LinkedIn: www.linkedin.com/in/deicool
>>>
>>> "Plant a Tree, Go Green"
>>>
>>> Make In India : http://www.makeinindia.com/home
>>>
>>> On Sun, May 13, 2018 at 11:04 AM, Daniel <dferra...@gmail.com> wrote:
>>>
>>>> Just do what Frank says and look for the directive SSLProtocols and
>>>> remove SSLv3 parameter
>>>>
>>>> El sáb., 12 may. 2018 21:40, Deepak Goel <deic...@gmail.com> escribió:
>>>>
>>>>> I have already raised it with Ubuntu but am yet to get a response
>>>>>
>>>>> On Sun, 13 May 2018, 01:02 Frank Gingras, <thu...@apache.org> wrote:
>>>>>
>>>>>> So, just to confirm, you had a lingering config file that was trying
>>>>>> to use SSLv3 prior?
>>>>>>
>>>>>> If not, please file a bug with the ubuntu package maintainer, as Nik
>>>>>> pointed out.
>>>>>>
>>>>>> On Sat, May 12, 2018 at 5:01 AM Deepak Goel <deic...@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> On Sat, May 12, 2018 at 2:25 PM, Nick Kew <n...@apache.org> wrote:
>>>>>>>
>>>>>>>>
>>>>>>>> > On 12 May 2018, at 09:33, Deepak Goel <deic...@gmail.com> wrote:
>>>>>>>> >
>>>>>>>> > Anyone has any clue on how to resolve the error?
>>>>>>>>
>>>>>>>> Looks clear enough to me.  Either turn off SSL, or update your
>>>>>>>> OpenSSL install.
>>>>>>>>
>>>>>>>>
>>>>>>> I need SSL so I wouldn't like to turn it off. I tried updating
>>>>>>> OpenSSL, but it told me it is the latest
>>>>>>>
>>>>>>>
>>>>>>>> If this was a first-time install of any "apache2" package
>>>>>>>
>>>>>>>
>>>>>>> There was apache2 installed. I removed it and then got it to install
>>>>>>> it again
>>>>>>>
>>>>>>>
>>>>>>>> , and if your OpenSSL
>>>>>>>> is also ubuntu's package (as opposed to your own or a third-party)
>>>>>>>
>>>>>>>
>>>>>>> Yes, OpenSSL was Ubuntu's package. Any way around this?
>>>>>>>
>>>>>>> Thanks :)
>>>>>>>
>>>>>>>
>>>>>>>> , then it
>>>>>>>> looks like a ubuntu bug: they should either fix their OpenSSL
>>>>>>>> package
>>>>>>>> dependency or not load SSL by default.
>>>>>>>>
>>>>>>>> --
>>>>>>>> Nick Kew
>>>>>>>> 
>>>>>>>> -
>>>>>>>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>>>>>>>> For additional commands, e-mail: users-h...@httpd.apache.org
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Deepak
>>>>>>> "The greatness of a nation can be judged by the way its animals are
>>>>>>> treated. Please stop cruelty to Animals, become a Vegan"
>>>>>>>
>>>>>>> +91 73500 12833
>>>>>>> deic...@gmail.com
>>>>>>>
>>>>>>> Facebook: https://www.facebook.com/deicool
>>>>>>> LinkedIn: www.linkedin.com/in/deicool
>>>>>>>
>>>>>>> "Plant a Tree, Go Green"
>>>>>>>
>>>>>>> Make In India : http://www.makeinindia.com/home
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>
>>
>

Re: [users@httpd] Installation Error in Apache2

[Yehuda Katz]

Each configuration directive is valid in specific parts of the
configuration.
Look at "Context" in the manual:
https://httpd.apache.org/docs/2.4/mod/directive-dict.html#Context

For this specific case,
https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslrandomseed
SSLRandomSeed can only be in the global server config, not in a
.

- Y

On Sun, May 13, 2018 at 12:08 PM, Deepak Goel  wrote:

> Removing SSLv3 parameter gives the following error:
>
> *SSLRandomseed cannot occur within  section*
> *Action configtest failed*
>
>
>
>
>
> Deepak
> "The greatness of a nation can be judged by the way its animals are
> treated. Please stop cruelty to Animals, become a Vegan"
>
> +91 73500 12833
> deic...@gmail.com
>
> Facebook: https://www.facebook.com/deicool
> LinkedIn: www.linkedin.com/in/deicool
>
> "Plant a Tree, Go Green"
>
> Make In India : http://www.makeinindia.com/home
>
> On Sun, May 13, 2018 at 11:04 AM, Daniel  wrote:
>
>> Just do what Frank says and look for the directive SSLProtocols and
>> remove SSLv3 parameter
>>
>> El sáb., 12 may. 2018 21:40, Deepak Goel  escribió:
>>
>>> I have already raised it with Ubuntu but am yet to get a response
>>>
>>> On Sun, 13 May 2018, 01:02 Frank Gingras,  wrote:
>>>
 So, just to confirm, you had a lingering config file that was trying to
 use SSLv3 prior?

 If not, please file a bug with the ubuntu package maintainer, as Nik
 pointed out.

 On Sat, May 12, 2018 at 5:01 AM Deepak Goel  wrote:

> On Sat, May 12, 2018 at 2:25 PM, Nick Kew  wrote:
>
>>
>> > On 12 May 2018, at 09:33, Deepak Goel  wrote:
>> >
>> > Anyone has any clue on how to resolve the error?
>>
>> Looks clear enough to me.  Either turn off SSL, or update your
>> OpenSSL install.
>>
>>
> I need SSL so I wouldn't like to turn it off. I tried updating
> OpenSSL, but it told me it is the latest
>
>
>> If this was a first-time install of any "apache2" package
>
>
> There was apache2 installed. I removed it and then got it to install
> it again
>
>
>> , and if your OpenSSL
>> is also ubuntu's package (as opposed to your own or a third-party)
>
>
> Yes, OpenSSL was Ubuntu's package. Any way around this?
>
> Thanks :)
>
>
>> , then it
>> looks like a ubuntu bug: they should either fix their OpenSSL package
>> dependency or not load SSL by default.
>>
>> --
>> Nick Kew
>> -
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>>
>>
>
>
>
>
>
> Deepak
> "The greatness of a nation can be judged by the way its animals are
> treated. Please stop cruelty to Animals, become a Vegan"
>
> +91 73500 12833
> deic...@gmail.com
>
> Facebook: https://www.facebook.com/deicool
> LinkedIn: www.linkedin.com/in/deicool
>
> "Plant a Tree, Go Green"
>
> Make In India : http://www.makeinindia.com/home
>
>
>
>
>

Re: [users@httpd] Newbie - Apache as internet facing proxy for Windows/IIS backend .net app server?

[Yehuda Katz]

You could add additional authentication requirements in the reverse proxy
for specific requests. You can also make sure to only proxy requests that
match what you think the backend should process.
There are a lot of tools that can help you, but as you said, you might get
the best results if someone actually looks at your specific system and your
specific requirements.

- Y

On Thu, May 10, 2018 at 10:49 AM Charles Marcus <cmar...@media-brokers.com>
wrote:

> Ok, a follow-up question...
>
> My only concern here is security. This is not and never will be a heavily
> used system, but it will serve as a gateway to a backend accounting system,
> so I'm not concerned with load balancing or any of the other features that
> come with a reverse proxy. My only concern is that it be as secure as
> possible.
>
> I know that a reverse proxy in and of itself doesn't add any real security
> (other than this will be running on linux, which I'm more comfortable
> exposing to the internet).
>
> So, with that in mind... I would appreciate any links to how to do this
> with security as the primary goal. Something more than just 'enable
> mod_security'.
>
> Also, I would be very open to paying a consultant to assist in setting
> this up, if I can be convinced they are legit and worth their asking price.
> Two things I'd want/need help with is testing to whittle down the http
> features to only those necessary to interact with our system, taking
> advantage of mod_secs 'continuous passive security assessment' feature, and
> anything else that makes sense.
>
> And thanks for the responses so far!
>
> *Charles*
>
> On Mon May 07 2018 13:56:56 GMT-0400 (Eastern Standard Time), Yehuda Katz
> <yeh...@ymkatz.net> <yeh...@ymkatz.net> wrote:
>
> Your application will still need to run on a Windows server with IIS, but
> it can be behind your firewall. Your Apache HTTPD server would go in your
> DMZ and would proxy connections between the clients on the internet and the
> internal server. (Your firewall would need to allow those connections.)
>
> - Y
>
> On Mon, May 7, 2018 at 1:44 PM Charles Marcus <cmar...@media-brokers.com>
> wrote:
>
>> Ok, thanks!
>>
>> But to be clear - I asked the Support people and was told, and I quote:
>>
>> "The Webvantage, Client Portal and Mobile Server applications are .Net
>> IIS applications that require Microsoft Windows and IIS."
>>
>> So... was that just a typical response from a Windows support person who
>> doesn't really understand web servers?
>>
>> The software in question is described here:
>>
>> http://www.gotoadvantage.com/web-based-management-software
>>
>> I don't mind doing the work, I'd just rather not go down a rabbit hole
>> trying to do something that can/will never work.
>>
>> Thanks again,
>>
>> *Charles*
>>
>>
>> On Mon May 07 2018 13:37:36 GMT-0400 (Eastern Standard Time), Yehuda Katz
>> <yeh...@ymkatz.net> <yeh...@ymkatz.net> wrote:
>>
>> Certainly. I would start with the Reverse Proxy Guide:
>> https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html
>> Come back here if you have any questions.
>>
>> - Y
>>
>> On Mon, May 7, 2018 at 1:32 PM Charles Marcus <cmar...@media-brokers.com>
>> wrote:
>>
>>> Hello all,
>>>
>>> I just want to know if this is even worth my time trying to figure out.
>>>
>>> We have an Accounting application (.ne/IIS on Windows Server 2008R2) on
>>> our LAN, but I need to provide a window to this through the internet, and
>>> I'd really, really like to not put a Windows Server on our DMZ facing the
>>> internet directly (if I have to, it will be a separate/standalone server
>>> that redirects/proxies to the Accounting server).
>>>
>>> first and foremost - is it even possible to setup an Apache server to do
>>> this? I loathe IIS, and also don't know much about it, but I'm also pretty
>>> much a noob when it comes to web servers in general. I do have some
>>> experience a while back with Apache, which is why I'm starting here.
>>>
>>> If it isn't, so be it, but if it is, is it very involved?
>>>
>>> Tia...
>>>
>>> *Charles*
>>>
>>
>>
>

Re: [users@httpd] Newbie - Apache as internet facing proxy for Windows/IIS backend .net app server?

[Yehuda Katz]

Your application will still need to run on a Windows server with IIS, but
it can be behind your firewall. Your Apache HTTPD server would go in your
DMZ and would proxy connections between the clients on the internet and the
internal server. (Your firewall would need to allow those connections.)

- Y

On Mon, May 7, 2018 at 1:44 PM Charles Marcus <cmar...@media-brokers.com>
wrote:

> Ok, thanks!
>
> But to be clear - I asked the Support people and was told, and I quote:
>
> "The Webvantage, Client Portal and Mobile Server applications are .Net IIS
> applications that require Microsoft Windows and IIS."
>
> So... was that just a typical response from a Windows support person who
> doesn't really understand web servers?
>
> The software in question is described here:
>
> http://www.gotoadvantage.com/web-based-management-software
>
> I don't mind doing the work, I'd just rather not go down a rabbit hole
> trying to do something that can/will never work.
>
> Thanks again,
>
> *Charles*
>
>
> On Mon May 07 2018 13:37:36 GMT-0400 (Eastern Standard Time), Yehuda Katz
> <yeh...@ymkatz.net> <yeh...@ymkatz.net> wrote:
>
> Certainly. I would start with the Reverse Proxy Guide:
> https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html
> Come back here if you have any questions.
>
> - Y
>
> On Mon, May 7, 2018 at 1:32 PM Charles Marcus <cmar...@media-brokers.com>
> wrote:
>
>> Hello all,
>>
>> I just want to know if this is even worth my time trying to figure out.
>>
>> We have an Accounting application (.ne/IIS on Windows Server 2008R2) on
>> our LAN, but I need to provide a window to this through the internet, and
>> I'd really, really like to not put a Windows Server on our DMZ facing the
>> internet directly (if I have to, it will be a separate/standalone server
>> that redirects/proxies to the Accounting server).
>>
>> first and foremost - is it even possible to setup an Apache server to do
>> this? I loathe IIS, and also don't know much about it, but I'm also pretty
>> much a noob when it comes to web servers in general. I do have some
>> experience a while back with Apache, which is why I'm starting here.
>>
>> If it isn't, so be it, but if it is, is it very involved?
>>
>> Tia...
>>
>> *Charles*
>>
>
>

Re: [users@httpd] Newbie - Apache as internet facing proxy for Windows/IIS backend .net app server?

[Yehuda Katz]

Certainly. I would start with the Reverse Proxy Guide:
https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html
Come back here if you have any questions.

- Y

On Mon, May 7, 2018 at 1:32 PM Charles Marcus 
wrote:

> Hello all,
>
> I just want to know if this is even worth my time trying to figure out.
>
> We have an Accounting application (.ne/IIS on Windows Server 2008R2) on
> our LAN, but I need to provide a window to this through the internet, and
> I'd really, really like to not put a Windows Server on our DMZ facing the
> internet directly (if I have to, it will be a separate/standalone server
> that redirects/proxies to the Accounting server).
>
> first and foremost - is it even possible to setup an Apache server to do
> this? I loathe IIS, and also don't know much about it, but I'm also pretty
> much a noob when it comes to web servers in general. I do have some
> experience a while back with Apache, which is why I'm starting here.
>
> If it isn't, so be it, but if it is, is it very involved?
>
> Tia...
>
> *Charles*
>

Re: [users@httpd] Re: apachectl -k graceful

[Yehuda Katz]

We have a server farm with a load balancer, but we still announce a
maintenance window when we do major MediaWiki upgrades and take the site
down for five minutes.
The other thing we do is use PHP-FPM instead of mod_php. That lets us not
worry about HTTPD restarts.

- Y

On Thu, May 3, 2018 at 9:32 AM Greg Rundlett (freephile) 
wrote:

> I've read the manual
> https://httpd.apache.org/docs/2.4/stopping.html#graceful and believe I'm
> doing things "the right way". I know I've seen anecdotes and forum
> discussions where people complain of long restarts, but I'm confident that
> those are the result of some particular environment issue (like
> long-running child processes) or misconfiguration. I've also heard
> anecdotes that sometimes during a deployment of new MediaWiki versions
> (thousands of php files) that you might see weird bugs because a specific
> user request could get a "mixed" set of files (aka some from Vx and some
> from Vy). I assume the best way to handle roll-outs is to take a server out
> of rotation from the loadbalancer; update it; and then add it back in. But
> what about deployments where there is only one server? Short of stopping
> the server, I guess the technique there would be to make all file updates
> to a shadow directory, and then replace the symlink or mv the shadow
> directory into the real directory.
>
> I can look at the scoreboard in server-status during my next deploy to
> check how things go. Or even better, I could install
> https://github.com/humbedooh/server-status to keep an eye on things.
>
> Still, if anyone on list can confirm their practice for rolling out
> changes to php.ini + clearing opcache + pushing new code to production
> under Apache and mod_php, that would be appreciated.
>
> Greg Rundlett
> https://eQuality-Tech.com
> https://freephile.org
>
> On Wed, May 2, 2018 at 3:12 PM, Greg Rundlett (freephile) <
> g...@freephile.com> wrote:
>
>> If I do an apache2ctl -k graceful on Ubuntu (or service httpd restart in
>> CentOS), using mod_php and a max_execution_time = 30 in php.ini, then is
>> there any reason why the server would take more than say 1 minute to serve
>> all requests with the new php.ini + Apache configuration (+ php files)?
>>
>> I know max_execution_time doesn't include system calls, so if a large
>> file were being uploaded and simultaneously thumbnailed at various sizes
>> with imagemagick or something, then it could take more than 30 seconds.
>>
>> I'm asking because I'm doing DevOps and I don't want to introduce delay
>> into deployments (which already take 15 minutes), but I feel that if I'm
>> deploying new PHP files (MediaWiki), then each client request should get a
>> consistent set of files, rather than mixed content from two different
>> releases which could happen if I just deploy updates without making a
>> simultaneous graceful restart.
>>
>> Thanks,
>>
>> Greg
>>
>> Greg Rundlett
>> https://eQuality-Tech.com
>> https://freephile.org
>>
>
>

Re: [users@httpd] Spurious access denied errors

[Yehuda Katz]

At first glance, something in your browser is probably requesting the page
/test. Since it doesn't correspond to any of your alias statements, it hits
the DocumentRoot which you have denied access to.

Is there a corresponding entry in your access log?

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.

On Feb 9, 2018 4:43 AM, "Marat Khalili"  wrote:

Dear list,

I've installed and configured mediawiki as follows (on top of default
Ubuntu 16.04 Apache/2.4.18 installation):

DocumentRoot /var/www/html
>
> 
> Options None
> Require all denied
> 
>
> 
> Options ExecCGI
> Require host proxy.example.com
> 
> 
> Options None
> Require host proxy.example.com
> 
>
> Alias /wiki /opt/local/mediawiki/index.php
> Alias /w/images /mnt/mediawiki/images
> Alias /w /opt/local/mediawiki
>

*Everything works*, i.e. client successfully receive all pages with
appropriate HTTP statuses in both client and Apache access log. However,
for each request like /wiki/test I see the following extra message in
error.log:

[Fri Feb 09 09:35:25.368731 2018] [authz_core:error] [pid 695] [client
> 10.4.1.4:56622] AH01630: client denied by server configuration:
> /var/www/html/test
>

If I remove  clause, these messages disappear. They
trigger fail2ban and are generally confusing. What may be causing them and
how to make them stop?


--

With Best Regards,
Marat Khalili

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Probably small problem with SSL config

[Yehuda Katz]

I would agree that you should start by turning on logging.
Do you get a slightly different error if you use a different browser?
Firefox usually gives more detail than Internet Explorer.

Better not to use  in configuration you write yourself unless
you need it for a specific reason. If you use it, then you won't know that
the reason your system doesn't work is that the module is not loaded. If
you don't include  and the module is not loaded, HTTPD will give
you an error when it starts up and you will know you need to fix it.
This is particularly bad when an access control directive is in 
because it often results in all content becoming accessible to anyone if a
module is missing.

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.

On Feb 5, 2018 8:02 PM, "mlrx"  wrote:

Hello,


Le 06/02/2018 à 01:02, Jeff Cauhape a écrit :

> I’m setting up an Apache server 2.4.25 in our DMZ for the first time,
>
> and having an issue with getting SSL configured correctly.
>
> I am using links text based browser to connect from a second machine
> […]
>
> 
>
Is the directive "LogLevel" used with "debug" or more ?
https://httpd.apache.org/docs/2.4/en/mod/core.html#loglevel

The virtualhost can be included in "IfModule ssl_module" :

  
  


Does it work without SSL ?



I’m loading modules ssl_module, authn_dbm_module among others.
>
> The ssl directory is  755, root/root and the crt and key files are
> daemon/root 644.
>
chown -Rfv apache_user:apache_group /srv/www/html/your_site/ (?)


 […]
>
>
> Ideas? Suggestions where to look?
>
httpd -S ?
Reload httpd daemon evry time you change somethings ?
Firewall ?


Thanks,
>
> Jeff Cauhape
>


Regards,
-- 
benoist

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] SFTP JAIL

[Yehuda Katz]

You should try asking in an OpenSSH forum, a forum for your operating
system, or ServerFault. This list is for Apache HTTPD support.

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.

On Jan 16, 2018 8:51 AM, "Rodrigo Cunha"  wrote:

> Hi everyone,
> I have a problem with setup sftp access.My sftp user can't  jaule.
> I configure setup with this procedures:
> https://wiki.archlinux.org/index.php/SFTP_chroot
> But when i setup my user webmaster in group sftponly my client is not work.
>
> Any feedback would be greatly appreciated.Tks
>
> --
> Atenciosamente,
> Rodrigo da Silva Cunha
> São Gonçalo, RJ - Brasil
>
>
>
> 
>  Livre
> de vírus. www.avast.com
> .
> <#m_-6368862612387619786_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>

Re: [users@httpd] SSI/website rendering errors

[Yehuda Katz]

LiteSpeed is a commercial web server all by itself and has nothing to do
with Apache HTTPD. If you are running LiteSpeed, you aren't running HTTPD
and we can't do anything to help you.

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.

On Dec 14, 2017 6:07 PM,  wrote:

Although my website was functioning properly on Monday, 12/11/17, it
exhibited several errors the following day (12/12/17). No changes were made
to any of the files after 12/6 (the last being an SSI text file on 12/6).
Several of the base html files are nearly nine years old (I modify the SSI
include files as needed, and rarely touch the others).

The site is coded in XHTML 1.0 Strict and until 12/12 the code has been
fully compliant (per W3C HTML and CSS validators). I suspect it may have
something to do with SSI, which is used extensively on the site, but I have
seen only one possibly-related post concerning a recent Apache release
(Critical Changes In Apache 2.4 - https://documentation.cpanel.
net/display/EA/Critical+Changes+In+Apache+2.4#CriticalChangesInApache2.4-
Server-SideInclude(SSI)ExpressionParser).

The server OS is LiteSpeed (Apache Version 2.4.29). The hosting company
stated that no patches were applied to the system after the 11th, but I
note that LiteSpeed released LSWS v. 5.2.3 on 12/11/17, the last day on
which the website was working correctly.  (This query is also posted on a
LiteSpeed forum.)

All suggestions are welcome.

Re: [users@httpd] Apache2 php not responding

[Yehuda Katz]

The two log lines you posted show different client IP addresses. Which one
of them is a request that you made that you know is legitimate?

For the first line: The script not found message could be someone looking
for vulnerabilities on the server and just not finding them.

As far as the second line, your PHP application is clearly being loaded.
Knowing what is on line 300 of that file could be helpfully, but since you
are getting that error, it is not likely to be an issue with HTTPD. You
might want to try on the help forum for EGroupware:
https://help.egroupware.org/



- Y

On Tue, Dec 12, 2017 at 12:56 PM, Robert Steinmetz AIA  wrote:

> I run a server on Ubuntu 16.04 and recently did some updates, after the
> updates the Apache2 server does not run php correctly. the pages simply
> time out. I'm running a php Application Egroupware, which is written in php.
>
> Running the php files from the command lie seems to work, of course
> nothing is rendered. I've been looking in the logs. I  see these two php
> error messages
>
> error.log.1:[Mon Dec 11 19:56:47.782040 2017] [:error] [pid 23063] [client
> 72.200.56.98:50468] script '/var/www/groupdav.php' not found or unable to
> stat
>
>
> error.log.1:[Tue Dec 12 10:00:26.760406 2017] [:error] [pid 23064]
> [client 192.1.68.1.219:64798] PHP Fatal error:  Maximum execution time of
> 90 seconds exceeded in /usr/share/egroupware/api/src/Framework/IncludeMgr.php
> on line 300
>
>
> I could use some help figuring out what went wrong, It used to work just
> fine before the upgrade Honest.
>
>hamlet@hamlet:/var/www/egroupware/setup$ apache2 -v
>Server version: Apache/2.4.18 (Ubuntu)
>Server built:   2017-09-18T15:09:02
>
>root@hamlet:/var/log# php -v
>PHP 7.0.22-0ubuntu0.16.04.1 (cli) ( NTS )
>Copyright © 1997-2017 The PHP Group
>Zend Engine v3.0.0, Copyright © 1998-2017 Zend Technologies
>with Zend OPcache v7.0.22-0ubuntu0.16.04.1, Copyright © 1999-2017,
>by Zend Technologies
>
>mysql -v
>Welcome to the MySQL monitor. Commands end with ; or \g.
>Your MySQL connection id is 730
>Server version: 5.7.20-0ubuntu0.16.04.1 (Ubuntu)
>
>
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] Problems using olingo library

[Yehuda Katz]

This list is for Apache HTTPD. Please ask about Olingo issues on an Olingo
support list: https://olingo.apache.org/support.html

- Y

On Wed, Oct 4, 2017 at 11:51 AM, Bogdan Filip  wrote:

> Hello,
> after trying to send an http request using apache olingo(version 4.4.0), i
> encountered some problems regarding null values. After doing some research
> i found out that the problem was fixed : https://github.com/apache/
> olingo-odata4/pull/21/commits/6d5ed5a6c39890f7813763869eda292d712f5e77 ,
> but i haven't found any release with the committed change. I am using maven
> as my project  management tool. I would a appreciate a quick reply.
>
> Thanks,
>

Re: [users@httpd] Offtopic: Apache Struts vulnerability: how to detect Struts & will DB encryption help

[Yehuda Katz]

Post Apache Struts questions on the Struts mailing list:
http://struts.apache.org/mail.html

It also happens that you are wrong about where HTTPD runs. Plenty of people
have it running perfectly well on Windows.

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.


On Sep 10, 2017 9:45 AM, "Sunhux G"  wrote:

Understand Apache web servers (runs on Unix only) & Apache Struts
(can run in Windows & appliances) are different things:

Q1:
Can the various VA scanners (like Nessus & McAfee Vulnerability Manager)
detect the presence of Struts or you'll need to login to individual servers/
endpoints or have an agent running in them (like SCCM or MS Desktop
Central) to check for the presence of Struts?

Q2:
Will DB encryption help stop Struts vulnerabilities eg, the recent one?
Is the following true (someone told me):
  If hackers directly access the database (say using sql query tools/command
to get sensitive data) on an encrypted DB, they would be stopped;
  if they hacked a user password or exploited a website (that had vulnerable
Struts to the encrypted DB, it would be no help.

It's kinda saying if my PC's HDD is encrypted (with a PBA password
required), hackers can't access a powered down HDD but if the PC
is powered up & logged in & there's a remote execution vulnerability
to my OS, hackers can still get data out of my encrypted HDD via
this remote execution vulnerability : is this a fair analogy?

Sun

[users@httpd] Debugging Intermittent 500 Errors

[Yehuda Katz]

We have set of three servers running Apache 2.4. (version distributed with
RedHat 7) behind a Kemp LoadMaster load balancer. The configuration is
managed by Puppet, so all the servers have the same configuration. I put
the configuration in a Gist to keep the email simple:
https://gist.github.com/yakatz/b406753f6bdc5e19ef5386361afa4b1c

We have several directories that randomly show 500 errors, but when you
refresh, everytthing works fine.
The 500 error is written to the access log on the expected server, but
nothing shows up in any error log on any of the servers.

I suspect this is caused by mod_authnz_ldap because the errors usually show
up upon accessing a page that uses basic auth + ldap for the first time
during the day (or after a long, but undetermined, timeout). The document
root is also on an NFS mount, but we have good logging for NFS and haven't
seen any issues, so I don't think that is the source of the issue.

I know the correct virtual host is being used because I added a custom 500
error page which is being shown and the correct access log is being written
to.

I did not see any documentation about enabling additional logging for
mod_ldap or mod_authnz_ldap, but since most connection have no problems, I
think that will lead to much more noise in the logs.

Is there any other good way to troubleshoot this?

- Y

Re: [users@httpd] Disable Autoindex module

[Yehuda Katz]

The server might not start because removing the module leaves an invalid
configuration somewhere.
If you run httpd -t or look in the error log, it should tell you where the
problem is.

- Y

On Fri, Aug 11, 2017 at 12:01 PM, David Wright - NOAA Affiliate <
david.e.wri...@noaa.gov> wrote:

> Dear Experts
>
> Hi I am new to Apache configuration. I have been tasked to set up a
> Development and Production Apache Server running on RHEL to run a Drupal
> website.
> I now have it up and working but now I have to secure the server we use
> NESSUS vulnerability scanner to to find vulnerability's in the server.
> One of the scans came up with this
>
> 1.2.5 Disable Autoindex module
> Info
> The Apache autoindex module automatically generates web page listing the
> contents of directories on the server, typically used so that an index.html
> does not have to be generated.
> Solution
> Perform the following to determine if the module is enabled. Run the httpd
> server with the -M option to list enabled modules:
> # httpd -M | grep autoindex_module
>
>
> The module is there but if I go into the etc/httpd/conf.modules.d folder i
> find
> 00-base.conf when i edit this file I can go in and disable the auto index
> module. But when i restart Apache it fails Any one no why this happens? Am
> i disabling the module correctly?
>
> Any help would be great thanks in adavance
> David
>
> Running Red Hat 7 and Apache 2.4
>
> --
> David Wright
>
>

Re: [users@httpd] Unreliable Fedora 26 installation using a kickstart file

[Yehuda Katz]

I think you might have the wrong list...

Sent from a device with a very small keyboard and hyperactive autocorrect.

On Aug 11, 2017 2:56 AM, "fedora"  wrote:

> Dear listers
> I never had such an unreliable installation as the one for fedora 26. I am
> a long time user of fedora (at least since 2003).
>
> The HW here:
> 1. Workstation with two disks, each having its own fedora installation. On
> each fedora bare-metal installation there is a fedora installation under
> VirtualBox. All four installations are of MBR type.
> 2. Laptop with UEFI type installation.
> There are 5 installations to be done.
>
> My fedora installation:
> I am an Xfce4 user, so i don't use any of the worksation spins of fedora.
> I install fedora in the following way:
>
> - write the Fedora-Server-netinst-x86_64-26-1.5.iso to an USB stick
> - prepare a ks file on a local web for a minimal install
> - boot from the USB stick with the ks file specified to the kernel
> - run the installation
> - dnf update
> - dnf groupinstall "Xfce Desktop"
> - dnf install sddm
> - systemctl enable --force sddm
> - reboot
> - with the Xfce Desktop being activ install all needed packages and do the
> final system setup
>
> My problems:
> During the download process, the installation broke down at different
> stages:
> - while downloading packet metadata (i.e. at the very beginning)
> - while downloading group metadata
> - while downloading the packages (mainly past 50 %)
> Anaconda then showed a window saing that it could not download such and
> such package, and that the failure was fatal. The only choice left was Stop
> Install.
> While this window was shown I tried to get into terminal mode
> (CTRL-ALT-F2) to find a reason for the breakdown, but I couldn't find any
> log.
> Once, the download process went through successfully but then the
> installation hung when Installing Boot-Loader. This was on the Laptop with
> UEFI.
>
> In about 30 to 35 retrials I finally could realize the 5 installations.
>
> When searching around for work-arounds I found a discussion (in a blog?)
> of the above problem, that the installation of fedora 26 becomes unreliable
> when using a kickstart file. But no work-around was offered.
>
> suomi
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] Strange WebDAV behavior on MKCOL for 1 client only

[Yehuda Katz]

If you run with dumpio on the Linux server, does the connection look the
same?

- Y

On Mon, Aug 7, 2017 at 11:33 PM, Todd Blum <t...@toddblum.org> wrote:

> OK, thanks.
>
> Note that this same client works OK when it connects to Apache 
> 2.4.6/OpenSSL/1.0.1e
> running on Linux.  The HTTP 400 uri mismatch only happens when it connects
> to Apache 2.4.4/OpenSSL/1.0.1e on Windows.  What would explain the
> difference?
>
> Todd
>
> On Mon, Aug 7, 2017 at 11:01 PM, Yehuda Katz <yeh...@ymkatz.net> wrote:
>
>> It looks like a problem with the implementation or configuration in the
>> client.
>> The actual source of your 400 error is this:
>> [auth_digest:error] [pid 3880:tid 1132] [client yyy.yyy.yyy.yy:61411]
>> AH01786: uri mismatch -  does not
>> match request-uri 
>>
>> This is because your Authorization header has - as the error message
>> clearly states - a mismatch.
>>
>> On your working connection:
>> Authorization: [...] uri="/webdav/dir1/dir2/dir3/dir4/dir5/dir6/", [...]
>>
>> On your broken connection:
>> Authorization: [...] uri="/webdav/dir1/dir2/dir3/dir4/dir5/dir6", [...]
>>
>> Note the missing trailing slash in your authorization header.
>> I suspect if you figure out why you are getting that, everything will
>> start working.
>>
>> - Y
>>
>> On Mon, Aug 7, 2017 at 6:22 PM, Todd Blum <t...@toddblum.org> wrote:
>>
>>> OK, here is the MKCOL of a working client:
>>>
>>> 
>>> _
>>>
>>> [Mon Aug 07 14:47:04.258261 2017] [dumpio:trace7] [pid 3104:tid 1132]
>>> mod_dumpio.c(135): [client xxx.xxx.xxx.xx:45537] mod_dumpio: dumpio_in
>>> [getline-blocking] 0 readbytes
>>> [Mon Aug 07 14:47:04.329225 2017] [dumpio:trace7] [pid 3104:tid 1132]
>>> mod_dumpio.c(58): [client xxx.xxx.xxx.xx:45537] mod_dumpio:  dumpio_in
>>> (data-TRANSIENT): 48 bytes
>>> [Mon Aug 07 14:47:04.329225 2017] [dumpio:trace7] [pid 3104:tid 1132]
>>> mod_dumpio.c(100): [client xxx.xxx.xxx.xx:45537] mod_dumpio:  dumpio_in
>>> (data-TRANSIENT): MKCOL /webdav/dir1/dir2/dir3/dir4/dir5/dir6/
>>> HTTP/1.1\r\n
>>> [Mon Aug 07 14:47:04.329225 2017] [dumpio:trace7] [pid 3104:tid 1132]
>>> mod_dumpio.c(135): [client xxx.xxx.xxx.xx:45537] mod_dumpio: dumpio_in
>>> [getline-blocking] 0 readbytes
>>> [Mon Aug 07 14:47:04.329225 2017] [dumpio:trace7] [pid 3104:tid 1132]
>>> mod_dumpio.c(58): [client xxx.xxx.xxx.xx:45537] mod_dumpio:  dumpio_in
>>> (data-TRANSIENT): 40 bytes
>>> [Mon Aug 07 14:47:04.329225 2017] [dumpio:trace7] [pid 3104:tid 1132]
>>> mod_dumpio.c(100): [client xxx.xxx.xxx.xx:45537] mod_dumpio:  dumpio_in
>>> (data-TRANSIENT): User-Agent: cadaver/0.23.3 neon/0.30.1\r\n
>>> [Mon Aug 07 14:47:04.329225 2017] [dumpio:trace7] [pid 3104:tid 1132]
>>> mod_dumpio.c(135): [client xxx.xxx.xxx.xx:45537] mod_dumpio: dumpio_in
>>> [getline-blocking] 0 readbytes
>>> [Mon Aug 07 14:47:04.329225 2017] [dumpio:trace7] [pid 3104:tid 1132]
>>> mod_dumpio.c(58): [client xxx.xxx.xxx.xx:45537] mod_dumpio:  dumpio_in
>>> (data-TRANSIENT): 16 bytes
>>> [Mon Aug 07 14:47:04.329225 2017] [dumpio:trace7] [pid 3104:tid 1132]
>>> mod_dumpio.c(100): [client xxx.xxx.xxx.xx:45537] mod_dumpio:  dumpio_in
>>> (data-TRANSIENT): Connection: TE\r\n
>>> [Mon Aug 07 14:47:04.329225 2017] [dumpio:trace7] [pid 3104:tid 1132]
>>> mod_dumpio.c(135): [client xxx.xxx.xxx.xx:45537] mod_dumpio: dumpio_in
>>> [getline-blocking] 0 readbytes
>>> [Mon Aug 07 14:47:04.329225 2017] [dumpio:trace7] [pid 3104:tid 1132]
>>> mod_dumpio.c(58): [client xxx.xxx.xxx.xx:45537] mod_dumpio:  dumpio_in
>>> (data-TRANSIENT): 14 bytes
>>> [Mon Aug 07 14:47:04.329225 2017] [dumpio:trace7] [pid 3104:tid 1132]
>>> mod_dumpio.c(100): [client xxx.xxx.xxx.xx:45537] mod_dumpio:  dumpio_in
>>> (data-TRANSIENT): TE: trailers\r\n
>>> [Mon Aug 07 14:47:04.329225 2017] [dumpio:trace7] [pid 3104:tid 1132]
>>> mod_dumpio.c(135): [client xxx.xxx.xxx.xx:45537] mod_dumpio: dumpio_in
>>> [getline-blocking] 0 readbytes
>>> [Mon Aug 07 14:47:04.329225 2017] [dumpio:trace7] [pid 3104:tid 1132]
>>> mod_dumpio.c(58): [client xxx.xxx.xxx.xx:45537] mod_dumpio:  dumpio_in
>>> (data-TRANSIENT): 35 bytes
>>> [Mon Aug 07 14:47:04.329225 2017] [dumpio:trace7] [pid 3104:tid 1132]
>>> mod_dumpio.c(100): [client xxx.xxx.xxx.xx:45537] mod_dumpio:  dum

Re: [users@httpd] Strange WebDAV behavior on MKCOL for 1 client only

[Yehuda Katz]

(58): [client yyy.yyy.yyy.yy:61411] mod_dumpio:  dumpio_out
> (metadata-EOS): 0 bytes
> [Mon Aug 07 14:48:34.518391 2017] [dumpio:trace7] [pid 3880:tid 1132]
> mod_dumpio.c(164): [client yyy.yyy.yyy.yy:61411] mod_dumpio: dumpio_out
> [Mon Aug 07 14:48:34.518391 2017] [dumpio:trace7] [pid 3880:tid 1132]
> mod_dumpio.c(58): [client yyy.yyy.yyy.yy:61411] mod_dumpio:  dumpio_out
> (metadata-EOR): 0 bytes
> [Mon Aug 07 14:48:34.518391 2017] [dumpio:trace7] [pid 3880:tid 1132]
> mod_dumpio.c(164): [client yyy.yyy.yyy.yy:61411] mod_dumpio: dumpio_out
> [Mon Aug 07 14:48:34.518391 2017] [dumpio:trace7] [pid 3880:tid 1132]
> mod_dumpio.c(58): [client yyy.yyy.yyy.yy:61411] mod_dumpio:  dumpio_out
> (metadata-FLUSH): 0 bytes
> [Mon Aug 07 14:48:34.518391 2017] [dumpio:trace7] [pid 3880:tid 1132]
> mod_dumpio.c(58): [client yyy.yyy.yyy.yy:61411] mod_dumpio:  dumpio_out
> (metadata-EOC): 0 bytes
> 
> _
>
> Todd
>
> On Mon, Aug 7, 2017 at 5:07 PM, Yehuda Katz <yeh...@ymkatz.net> wrote:
>
>> Try mod_dumpio or a packet capture to see what else is different about
>> the request.
>>
>> - Y
>>
>> On Mon, Aug 7, 2017 at 3:53 PM, Todd Blum <t...@toddblum.org> wrote:
>>
>>> Hello,
>>>
>>> I have Apache mod_dav running on Windows 2012.
>>>
>>> When a webDAV enabled application connects and tries to MKCOL on a
>>> directory that already exists, it receives an HTTP 400:
>>>
>>> 
>>> 
>>>
>>> yyy.yyy.yyy.yy - username [07/Aug/2017:11:00:03 -0700] "MKCOL
>>> /webdav/dir1/dir2/dir3/dir4/dir5/dir6/ HTTP/1.1" 400 226
>>> 
>>> 
>>>
>>>
>>> However, all other clients are receiving an HTTP 405 when they issue a
>>> MKCOL for a directory that already exists:
>>>
>>> 
>>> 
>>>
>>> xxx.xxx.xxx.xx - username [07/Aug/2017:12:32:16 -0700] "MKCOL
>>> /webdav/dir1/dir2/dir3/dir4/dir5/dir6/ HTTP/1.1" 405 253
>>> 
>>> 
>>>
>>>
>>> The application is dependent on receiving a 405 in this scenario, has
>>> anyone else had this situation before?
>>>
>>>
>>> Todd
>>>
>>>
>>
>

Re: [users@httpd] Strange WebDAV behavior on MKCOL for 1 client only

[Yehuda Katz]

Try mod_dumpio or a packet capture to see what else is different about the
request.

- Y

On Mon, Aug 7, 2017 at 3:53 PM, Todd Blum  wrote:

> Hello,
>
> I have Apache mod_dav running on Windows 2012.
>
> When a webDAV enabled application connects and tries to MKCOL on a
> directory that already exists, it receives an HTTP 400:
>
> 
> 
>
> yyy.yyy.yyy.yy - username [07/Aug/2017:11:00:03 -0700] "MKCOL
> /webdav/dir1/dir2/dir3/dir4/dir5/dir6/ HTTP/1.1" 400 226
> 
> 
>
>
> However, all other clients are receiving an HTTP 405 when they issue a
> MKCOL for a directory that already exists:
>
> 
> 
>
> xxx.xxx.xxx.xx - username [07/Aug/2017:12:32:16 -0700] "MKCOL
> /webdav/dir1/dir2/dir3/dir4/dir5/dir6/ HTTP/1.1" 405 253
> 
> 
>
>
> The application is dependent on receiving a 405 in this scenario, has
> anyone else had this situation before?
>
>
> Todd
>
>

Re: [users@httpd] WebSockets support in transparent proxy

[Yehuda Katz]

What you are describing sounds like a reverse proxy to me. Are you using
ProxyPass and did you try the same configuration with the ws or wss
protocol (in place of http/https)?

Can you post a snippet of your current configuration?

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.


On Jul 17, 2017 11:27 PM, "Ray Navarette"  wrote:

Hi Everyone,



Sorry if I’ve completely missed this but I’m hoping maybe someone can help
with what I hoped would be a simple setup.  I’m setting up a proxy server
on an edge node of a private network in order to expose a number of
internal services within the private side to the public side through the
proxy.  This method works well for most traffic.  Unfortunately, a number
of requests are initiating websocket connections using the upgrade method.
Is there any way that I can easily get these forwarded properly and respond
to the client in a generic (not having to map every possible server) way?
I’ve seen some things for reverse proxy, but not forward.  Any and all help
is much appreciated.



Thanks,

Ray

--

RE: [users@httpd] Subdomain of a virtual host ?

[Yehuda Katz]

httpd will choose the first matching name it comes to (as long as the IP
address is correct too).

Sent from a device with a very small keyboard and hyperactive autocorrect.

On Jul 17, 2017 12:32 PM, "Darryl Philip Baker" <
darryl.ba...@northwestern.edu> wrote:

Thanks Yehuda, Any affect from the order of the definitions?



*Darryl Baker*

Sr. System Administrator

Distributed Application Platform Services

*Northwestern University*

darryl.ba...@northwestern.edu

(847) 467-6674



*From:* Yehuda Katz [mailto:yeh...@ymkatz.net]
*Sent:* July 17, 2017 11:28 AM
*To:* users@httpd.apache.org
*Subject:* Re: [users@httpd] Subdomain of a virtual host ?



You can create it exactly the same way as any other virtual host.



- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.



On Jul 17, 2017 12:10 PM, "Darryl Philip Baker" <
darryl.ba...@northwestern.edu> wrote:

I have a virtual host configured for george.example.com
<https://urldefense.proofpoint.com/v2/url?u=http-3A__george.example.com=DwMFaQ=yHlS04HhBraes5BQ9ueu5zKhE7rtNXt_d012z2PA6ws=tdje61_VHSXp608oLofeaJnnzo2Sr9_Cdcp70bBEtQ8=-RqFGBRbyJGjy6NIWrytg6j-sTD-3RfBq05ZM454rkA=iX8MUwTn_wYirBo4ofziwfK4-NdcCRUBKkoEwS35OAA=>
complete with directory definitions and redirects. I now have a request for
washington.george.example.com
<https://urldefense.proofpoint.com/v2/url?u=http-3A__washington.george.example.com=DwMFaQ=yHlS04HhBraes5BQ9ueu5zKhE7rtNXt_d012z2PA6ws=tdje61_VHSXp608oLofeaJnnzo2Sr9_Cdcp70bBEtQ8=-RqFGBRbyJGjy6NIWrytg6j-sTD-3RfBq05ZM454rkA=JKuOGXaxKSQn5yUbWGDnJ0N5uJ4C81hVKmYu0OnG3Es=>
and they would like the same abilities for the subdomain. I’m unsure as to
how to make this work or if this is even possible. I am looking for help,
suggestions?



*Darryl Baker*

Sr. System Administrator

Distributed Application Platform Services

*Northwestern University*

darryl.ba...@northwestern.edu

Re: [users@httpd] Subdomain of a virtual host ?

[Yehuda Katz]

You can create it exactly the same way as any other virtual host.

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.

On Jul 17, 2017 12:10 PM, "Darryl Philip Baker" <
darryl.ba...@northwestern.edu> wrote:

> I have a virtual host configured for george.example.com complete with
> directory definitions and redirects. I now have a request for
> washington.george.example.com and they would like the same abilities for
> the subdomain. I’m unsure as to how to make this work or if this is even
> possible. I am looking for help, suggestions?
>
> *Darryl Baker*
> Sr. System Administrator
> Distributed Application Platform Services
> *Northwestern University*
> *darryl.ba...@northwestern.edu* 
>
>
>
>

Re: [users@httpd] Apache (2.4.26) changing permissions on passwd file?

[Yehuda Katz]

Did you compile Apache yourself or use a package from somewhere?

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.


On Jul 11, 2017 11:53 AM, "Kevin Miles"  wrote:

I wonder if someone can shed some light on this.

I've been running Apache 2.4.7 on Ubuntu 14.04LTS using a VirtualHost with
a passwd file and all was working fine. I upgraded Apache to 2.4.26 and the
site stopped working. The error being logged is:

[Tue Jul 11 20:58:27.722904 2017] [authn_file:error] [pid 3403]
(13)Permission denied: [client ::1:37626] AH01620: Could not open password
file: /etc/stm/passwd

Sure enough, when I check /etc/stm/passwd its permissions have been changed
from 644 to 600. When I change them back, everything starts working. But
when I reload the system, something sets them back to 600 and it stops
working!

AFAICT it's Apache that is changing the permissions. Audit shows the only
process touching this file is Apache (htpasswd). And if I disable Apache on
start-up and perform a system reload, the permissions are unchanged. Until
I start Apache, when they get flipped back to 600.

On the face of it, Apache 2.4.26 appears to be changing the permissions on
my passwd file to a value that prevents it from using it. I can't see
anything in the Release Notes that indicates this is a feature... Can
anyone tell me why this is happening, and suggest the best solution for
getting this VirtualHost working again?

Thanks.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] [ANNOUNCEMENT] Apache HTTP Server 2.4.27 Released

[Yehuda Katz]

H2 is threaded and prefork is not, so the performance is poor or it doesn't
work at all.

There was a discussion about this on the dev list:
https://lists.apache.org/thread.html/bae472cadaeeb761b88bb4569cc0b7d87bc2dcb2fbcbf472d895f32e@%3Cdev.httpd.apache.org%3E

Sent from a device with a very small keyboard and hyperactive autocorrect.

On Jul 11, 2017 9:48 AM, "David Copeland"  wrote:

> I'm wondering what the reason for this is?
>
> Thanks.
>
> On 11/07/17 09:04 AM, Jim Jagielski wrote:
> >Apache HTTP Server 2.4.27 Released
> >
> >
> > o HTTP/2 will not be negotiated when using the Prefork MPM
> >
>
> --
> David Copeland
> JSI Data Systems Limited
> 613-727-9353
> www.jsidata.ca
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] Apache on Mac Sierra 10.12.5

[Yehuda Katz]

What does the error log say?

What user and group is the httpd process actually running as? (`ps aux`
should tell you.)

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.

On Jul 2, 2017 4:12 PM, "Manal Helal"  wrote:

> I followed this guide to install apache on Sierra 10.12.5:
>
> https://medium.com/@JohnFoderaro/how-to-set-up-
> apache-in-macos-sierra-10-12-bca5a5dfffba
>
> And it worked locally for a while logged in using the same Mac user.
>
> The only problem is I need this for dynamic dns and to have external
> global access. I followed the steps on the 172 rated first reply in this
> post:
>
> https://stackoverflow.com/questions/2001881/correct-
> owner-group-permissions-for-apache-2-site-files-folders-under-mac-os-x
>
> Now both the domain name access and localhost access gives this error:
>
> Forbidden
>
> You don't have permission to access / on this server.
>
> Please advise how to resolve,
>
> Thank you very much,
>
> Manal
>

Re: [users@httpd] allow deny file and multiple .conf question

[Yehuda Katz]

Allow/Deny directives apply to whatever container they are in. A single
file can onl.y ever match a single  block and the individual 
blocks do not have any connection to each other.

In general, .conf files are loaded alphabetically, but in your example, it
shouldn't matter.

- Y

On Fri, Jun 9, 2017 at 5:49 PM, Rose, John B  wrote:

> When controlling access to specific files via Allow/Deny, and not using
>  or , and putting in different .conf files, does the
> order of the conf files matter?
>
> In other words …
>
> aaa-block.conf has …
> 
>   Order Deny,Allow
>   Deny from All
> 
> …
>
> zzz-block.conf has …
> 
>   Order Deny, Allow
>   Deny from all
>   Allow from your domain.com
> 
>
>
> Would the .conf files similar to one above controlling access previous be
> negated by the last zzz-block.conf above? In other words “Allow from
> yourdomain.com" would apply to all the previous  statements? Are
> the .conf files in the same directory loaded alphabetically by Apache?
>
> Thanks
>
>

Re: [users@httpd] Re: SSL virtual Hosts

[Yehuda Katz]

HTTPD doesn't care how many files your configuration uses. You can include
as many  directives in a single file as you want.
To quote from [the documentation](https://httpd.apache.org/docs/current/
configuring.html):
>  In addition, other configuration files may be added using the Include
directive, and wildcards can be used to include many configuration files.
Any directive may be placed in any of these configuration files.

The only time you need more than one config file is if you are running more
than one httpd process on a single server. You can then specify which
configuration file each one should read to start up using the `-f`
parameter.

- Y

On Sat, Jun 10, 2017 at 6:33 PM, Ian Pilcher  wrote:

> On 06/09/2017 01:30 PM, Carlos Cruz wrote:
>
>> I hope for my first question my questions isn’t too stupid but I haven’t
>> been able to figured out my problem. My problem is I have  about 10 virtual
>> domains under the conf.d (Centos 6) directory with Apache HTTPD 2.2. SSL
>> (only) virtual hosts don’t work if I used individual configuration files to
>> define the virtual hosts. But all works as I understand it should work if I
>> put all my SSL virtual hosts in 1 ssl.conf file in the same conf.d
>> directory. can anyone tell me, or point me to the info, why multiple
>> configuration files are not working for my SSL virtual hosts.
>>
>> 1 domain uses a wild card certificate
>>
>> The other domains use basic single domain certificates.
>>
>
> I suspect that all domains are actually using the wildcard certificate
> when you use a single file.  That's the only way that I can see this
> working.
>
> The SSL session is established *before* the client sends any HTTP
> request to the server, so the server has to choose which certificate to
> present to the client before it knows the hostname that the client is
> using.  Thus, *named* virtual hosts don't work over SSL.  (There's an
> extension called SNI that addresses this, but you didn't mention it, so
> I assume that you're not using it.)
>
> --
> 
> Ian Pilcher arequip...@gmail.com
>  "I grew up before Mark Zuckerberg invented friendship" 
> 
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] SSL virtual Hosts

[Yehuda Katz]

Are any errors shown in the httpd logs?

Is httpd actually reading the files you create in the conf.d directory? I
sometimes check that by putting gibberish in the config file and then
running `httpd -t` to test the configuration.

What is the actual Include directive in httpd.conf that includes the conf.d
files? Does it require the filenames end with `.conf`?
Does httpd have permission to read the new config files? Do you have
selinux on and is it logging anything?

You can always run `httpd -S` to see what virtual hosts httpd found and
where they are in the config.

- Y

On Fri, Jun 9, 2017 at 2:30 PM, Carlos Cruz 
wrote:

> I hope for my first question my questions isn’t too stupid but I haven’t
> been able to figured out my problem. My problem is I have  about 10 virtual
> domains under the conf.d (Centos 6) directory with Apache HTTPD 2.2. SSL
> (only) virtual hosts don’t work if I used individual configuration files to
> define the virtual hosts. But all works as I understand it should work if I
> put all my SSL virtual hosts in 1 ssl.conf file in the same conf.d
> directory. can anyone tell me, or point me to the info, why multiple
> configuration files are not working for my SSL virtual hosts.
>
>
>
> 1 domain uses a wild card certificate
>
> The other domains use basic single domain certificates.
>
>
>
> Thx!
>
> Carlos
>
>
>
>

Re: [users@httpd] paypal/php apache2 integration problem

[Yehuda Katz]

You should probably ask this on a Codeigniter help list or forum. This does
not appear to be an issue with Apache HTTPD.

- Y

On Fri, Jun 9, 2017 at 1:54 PM, Paul Claridge 
wrote:

> Hi Team, I have been battling this for several weeks now and am completely
> stumped, so I am hoping for some inspiration!
>
> We are using standard ubuntu 14.02 lamp stack, but reverted back to php5.
>
> We use backlevel Codeigniter framework (v2).
>
> My latest task is to integrate Paypal Express checkout into our website.
> After much research I have managed to code up units for a) getting a token,
> b) creating a payment c) completing a payment (using server side
> integration). I have pasted the recommended button code into one of our
> views.
>
> I can successfully test each step from the command line. However, when I
> create a simple controller and integrate my code into an extended
> CI_Controller class nothing works. I also employ CI routing. I cannot even
> get any error_log logging from my scripts.
>
> When I look at the Firefox debugging/console I see loads of stuff from
> Paypal objects and in particular some reference to an HSTS header not being
> parsed.
>
> So, the reason for this post is to sanity check what I am doing and to
> see if anyone can see an obvous mistake in my approach. I admit to be
> wallowing around in all this detail somewhat, but perhaps I have uncovered
> a strange problem in Paypal world, although I tend to think that is
> unlikely!
>
> The slight irony is we are only integrating (deliberately) the simplest PP
> interface and I'm in a world of hurt, so any kind advice or direction would
> be appreciated.
>
> Thanks, Paul
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] Does Apache need to delay startup until system time set?

[Yehuda Katz]

There are some parts of the HTTP conversation which could be affected by
having the wrong time, but HTTPD itself doesn't care.
For example, if you are using cookies, caching, those could be affected by
the time change (even more specifically, for PHP sessions, when the clock
changes, the PHP session cleanup handler might think a session is very old
and remove it).
If you want to wait for the time to be synchronized, I think you can change
the systemd unit to require chrony-wait.service (
https://git.tuxfamily.org/chrony/chrony.git/tree/examples/chrony-wait.service
)

- Y

On Thu, Apr 20, 2017 at 4:57 PM, Robert Moskowitz 
wrote:

> This is for Centos7 on an armv7 SOC with no clock battery.
>
> On startup, Centos runs Chronyd which eventually sets the system clock.
> This can happen really fast, or not depending.  I have learned that it is
> NOT a good thing for postfix to start when the system time is earlier than
> the build date of postfix.  There is a way for me to delay postfix start
> until the time is set.
>
> Does Apache also have this concern not to start until the time is 'fixed'?
>
> thanks
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] configured HTTP(80) on the standard HTTPS(443) port!

[Yehuda Katz]

The first warning is telling you that you are serving regular HTTP traffic
on what is usually an HTTPS port. This is because you do not have any SSL
configuration on the virtual host on port 443. You need "SSLEngine on" and
certificate information at least.
You can ignore the second warning about "server name indication" unless you
specifically want to support really old and insecure browsers.

- Y

On Tue, Apr 4, 2017 at 10:47 PM, Robert Moskowitz 
wrote:

> I just noticed the following in error_log on httpd startup:
>
> [Tue Apr 04 21:20:43.030519 2017] [ssl:warn] [pid 15521] AH01916: Init: (
> z9m9z.test.htt-consult.com:443) You configured HTTP(80) on the standard
> HTTPS(443) port!
> [Tue Apr 04 21:20:43.030759 2017] [ssl:warn] [pid 15521] AH02292: Init:
> Name-based SSL virtual hosts only work for clients with TLS server name
> indication support (RFC 4366)
>
> What does this mean?
>
> One of my .conf files is:
>
> # cat 00-init.conf
> ServerAdmin r...@htt-consult.com
> ServerName z9m9z.test.htt-consult.com
> 
> 
> Options Indexes FollowSymLinks
> AllowOverride None
> Require ip 192.168.0.0/16
> 
> 
> 
> 
> Options Indexes FollowSymLinks
> AllowOverride None
> Require ip 192.168.0.0/16
> 
> 
>
> httpd -S reports:
>
> VirtualHost configuration:
> *:80   is a NameVirtualHost
>  default server z9m9z.test.htt-consult.com
> (/etc/httpd/conf.d/00-init.conf:3)
>  port 80 namevhost z9m9z.test.htt-consult.com
> (/etc/httpd/conf.d/00-init.conf:3)
>  port 80 namevhost webmail.test.htt-consult.com
> (/etc/httpd/conf.d/roundcubemail.conf:1)
>  alias webmail
> *:443  is a NameVirtualHost
>  default server z9m9z.test.htt-consult.com
> (/etc/httpd/conf.d/00-init.conf:10)
>  port 443 namevhost z9m9z.test.htt-consult.com
> (/etc/httpd/conf.d/00-init.conf:10)
>  port 443 namevhost webmail.test.htt-consult.com
> (/etc/httpd/conf.d/roundcubemail.conf:16)
>  alias webmail
>  port 443 namevhost z9m9z.test.htt-consult.com
> (/etc/httpd/conf.d/ssl.conf:56)
> ServerRoot: "/etc/httpd"
> Main DocumentRoot: "/var/www/html"
> Main ErrorLog: "/etc/httpd/logs/error_log"
> Mutex ssl-stapling: using_defaults
> Mutex proxy: using_defaults
> Mutex authn-socache: using_defaults
> Mutex ssl-cache: using_defaults
> Mutex default: dir="/run/httpd/" mechanism=default
> Mutex mpm-accept: using_defaults
> Mutex authdigest-opaque: using_defaults
> Mutex proxy-balancer-shm: using_defaults
> Mutex rewrite-map: using_defaults
> Mutex authdigest-client: using_defaults
> PidFile: "/run/httpd/httpd.pid"
> Define: DUMP_VHOSTS
> Define: DUMP_RUN_CFG
> User: name="apache" id=48
> Group: name="apache" id=48
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] What is preferred PHP interface?

[Yehuda Katz]

The Apache wiki has a rundown of options: https://wiki.apache.org/httpd/php
Plenty of people still use mod_php and it has been updated to work with
HTTPD 2.4 and PHP 7.

- Y

On Wed, Mar 29, 2017 at 8:49 PM, John Iliffe  wrote:

> Reading several sources there is conflicting information as to what is the
> preferred way to implement PHP scripts.  It appears that mod_php (how we do
> things now) is deprecated so I would like to take advantage of a server
> change to do things "right".
>
> The documentation on mod_fcgid seems to stop in 2013 with the release of
> version 2.3.9, so I assume that this is no longer considered to be a good
> approach.
>
> The link to mod_fastcgi on the Apache documentation page leads to a static
> billboard page for Chelsea Networks with no links and a last maintained
> date in 2002, so it doesn't seem to be current either.  This page says to
> use Netscape to view it (?)
>
> mod_proxy_fcgi seems to be in current use, but right up front is the caveat
> that there is no starter for the script.  My guess would be that some sort
> of a wrapper is required to insert the path to the executable, but no
> documentation has appeared so far.
>
> Using mod_proxy_fcgi also raises the issue of what to proxy to.  The PHP
> installation (version 7.1.3) includes a php-fpm module but the
> documentation for it on the PHP web site is rather sparse - ie non-
> existent.  A Google search comes up with a web site php-fpm.org, but the
> last entry on the news page is 29 Nov, 2011.  Doesn't sound like this is
> the preferred path!  The support link here says "Wiki is now offline,
> sorry.
> Use PHP 5.3.3+ now, and use php.net!".  This is a very back level of PHP!
>
> So, how is the best way to proceed?
>
> As always, thanks to those who will respond.
>
> Regards,
>
> John
>
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

RE: [users@httpd] Hiding Apache version info on the Aix server for Apache.

[Yehuda Katz]

I believe the only way to do that is to recompile HTTPD yourself.

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.

On Mar 16, 2017 6:02 AM, "Chunduru, Krishnachaithanya" <
krishnachaithanya.chund...@broadridge.com> wrote:

> Hi Konstantin/All,
>
> I have now resolved the problem of the server name and OS version, but I
> was asked to remove the Apache name itself from the response headers.
>
> Can someone please let me know how can we achieve this on Aix, in linux we
> can use the mod_security but I don't get anything like that in Aix.
>
> Regards,
> Krishna
>
>
> -Original Message-
> From: Chunduru, Krishnachaithanya [mailto:Krishnachaithanya.
> chund...@broadridge.com]
> Sent: Wednesday, March 15, 2017 6:35 PM
> To: users@httpd.apache.org
> Subject: RE: [users@httpd] Hiding Apache version info on the Aix server
> for Apache.
>
> Hi,
>
> Below are the entries I have updated in the httpd.conf and tried
> restarting the apache, but it didn't started and didn't even gave any
> errors.
>
> $cat /etc/httpd/conf/httpd.conf | grep -i signature ServerSignature Off
>
> $ cat /etc/httpd/conf/httpd.conf | grep -i tokens ServerTokens Prod
>
> Regards,
> Krishna
>
>
> -Original Message-
> From: Konstantin Kolinko [mailto:knst.koli...@gmail.com]
> Sent: Wednesday, March 15, 2017 1:24 PM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Hiding Apache version info on the Aix server
> for Apache.
>
> 2017-03-14 14:56 GMT+03:00 Chunduru, Krishnachaithanya
> :
> > Hi All,
> >
> >
> >
> > Can anyone please let me know how to hide the apache version and the
> > OS name running on Aix server.
> >
> >
> >
> > The servertokens or the server signature fields are set to PROD and
> > signature off, then I tried restarting the httpd but apache was not
> > starting until these two parameters are removed from the config file.
>
> Thus your edits have an effect. Good.
>
> What are the actual lines, and what was the actual error message?
>
> Check you spelling.  Copy-paste from documentation, if possible.
>
> Try to search if other configuration files define those directives.
> (The files included into main httpd.conf file with "Include" directive).
>
>
> Best regards,
> Konstantin Kolinko
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
> This message and any attachments are intended only for the use of the
> addressee and may contain information that is privileged and confidential.
> If the reader of the message is not the intended recipient or an authorized
> representative of the intended recipient, you are hereby notified that any
> dissemination of this communication is strictly prohibited. If you have
> received this communication in error, please notify us immediately by
> e-mail and delete the message and any attachments from your system.
>  B CB
>   [  X  ܚX K  K[XZ[
>   \ \  ][  X  ܚX P
>  \ X  K ܙ B  ܈ Y  ] [ۘ[[X[ K[XZ[
>   \ \  Z [
>  \ X  K ܙ B
>
> This message and any attachments are intended only for the use of the
> addressee and may contain information that is privileged and confidential.
> If the reader of the message is not the intended recipient or an authorized
> representative of the intended recipient, you are hereby notified that any
> dissemination of this communication is strictly prohibited. If you have
> received this communication in error, please notify us immediately by
> e-mail and delete the message and any attachments from your system.
>

Re: [users@httpd] Hiding Apache version info on the Aix server for Apache.

[Yehuda Katz]

HTTPD should be logging somewhere, often /var/log/httpd or
/var/log/apache2. See if there is an error there.

- Y

On Tue, Mar 14, 2017 at 9:35 AM, Chunduru, Krishnachaithanya <
krishnachaithanya.chund...@broadridge.com> wrote:

> Hi,
>
>
>
> No, I was not getting any error. When the script is executed, it is giving
> message like “starting Apache” later when we are checking the process is
> not running.
>
>
>
> I can’t even find the /etc/conf-* dir in our Aix server.
>
>
>
> *Regards,*
>
> *Krishna*
>
>
>
> *From:* Yehuda Katz [mailto:yeh...@ymkatz.net]
> *Sent:* Tuesday, March 14, 2017 7:02 PM
> *To:* users@httpd.apache.org
> *Cc:* Mitchell Krog Photography
>
> *Subject:* Re: [users@httpd] Hiding Apache version info on the Aix server
> for Apache.
>
>
>
> /etc/conf-available/security.conf is part of the Debian/Ubuntu packaged
> layout of HTTPD, not standard.
>
>
>
> Do you get an error when you try to start up the server?
>
>
>
> - Y
>
>
>
> On Tue, Mar 14, 2017 at 9:08 AM, Chunduru, Krishnachaithanya <
> krishnachaithanya.chund...@broadridge.com> wrote:
>
> Hi,
>
>
>
> I couldn’t find the file security.conf.
>
>
>
> We are having 2.4.x version running. I have only /etc/httpd/ dir, but not
> /etc/apache2. Can you please help me if there are any other files to check.
>
>
>
> *Regards,*
>
> *Krishna*
>
>
>
> *From:* Mitchell Krog Photography [mailto:mitchellk...@gmail.com]
> *Sent:* Tuesday, March 14, 2017 5:54 PM
> *To:* Chunduru, Krishnachaithanya; users@httpd.apache.org
> *Subject:* Re: [users@httpd] Hiding Apache version info on the Aix server
> for Apache.
>
>
>
> Sorry typo ….  /etc/apache2/conf-available/security.conf
>
>
>
>
>
>
> From: Chunduru, Krishnachaithanya <krishnachaithanya.chunduru@
> broadridge.com> <krishnachaithanya.chund...@broadridge.com>
> Reply: users@httpd.apache.org <users@httpd.apache.org>
> <users@httpd.apache.org>
> Date: 14 March 2017 at 1:56:04 PM
> To: users@httpd.apache.org <users@httpd.apache.org>
> <users@httpd.apache.org>
> Subject:  [users@httpd] Hiding Apache version info on the Aix server for
> Apache.
>
>
>
> Hi All,
>
>
>
> Can anyone please let me know how to hide the apache version and the OS
> name running on Aix server.
>
>
>
> The servertokens or the server signature fields are set to PROD and
> signature off, then I tried restarting the httpd but apache was not
> starting until these two parameters are removed from the config file.
>
>
>
> *Regards,*
>
> *Krishna*
>
>
>
>
> This message and any attachments are intended only for the use of the
> addressee and may contain information that is privileged and confidential.
> If the reader of the message is not the intended recipient or an authorized
> representative of the intended recipient, you are hereby notified that any
> dissemination of this communication is strictly prohibited. If you have
> received this communication in error, please notify us immediately by
> e-mail and delete the message and any attachments from your system.
>
>
> This message and any attachments are intended only for the use of the
> addressee and may contain information that is privileged and confidential.
> If the reader of the message is not the intended recipient or an authorized
> representative of the intended recipient, you are hereby notified that any
> dissemination of this communication is strictly prohibited. If you have
> received this communication in error, please notify us immediately by
> e-mail and delete the message and any attachments from your system.
>
>
>
> This message and any attachments are intended only for the use of the
> addressee and may contain information that is privileged and confidential.
> If the reader of the message is not the intended recipient or an authorized
> representative of the intended recipient, you are hereby notified that any
> dissemination of this communication is strictly prohibited. If you have
> received this communication in error, please notify us immediately by
> e-mail and delete the message and any attachments from your system.
>

Re: [users@httpd] Hiding Apache version info on the Aix server for Apache.

[Yehuda Katz]

/etc/conf-available/security.conf is part of the Debian/Ubuntu packaged
layout of HTTPD, not standard.

Do you get an error when you try to start up the server?

- Y

On Tue, Mar 14, 2017 at 9:08 AM, Chunduru, Krishnachaithanya <
krishnachaithanya.chund...@broadridge.com> wrote:

> Hi,
>
>
>
> I couldn’t find the file security.conf.
>
>
>
> We are having 2.4.x version running. I have only /etc/httpd/ dir, but not
> /etc/apache2. Can you please help me if there are any other files to check.
>
>
>
> *Regards,*
>
> *Krishna*
>
>
>
> *From:* Mitchell Krog Photography [mailto:mitchellk...@gmail.com]
> *Sent:* Tuesday, March 14, 2017 5:54 PM
> *To:* Chunduru, Krishnachaithanya; users@httpd.apache.org
> *Subject:* Re: [users@httpd] Hiding Apache version info on the Aix server
> for Apache.
>
>
>
> Sorry typo ….  /etc/apache2/conf-available/security.conf
>
>
>
>
>
>
> From: Chunduru, Krishnachaithanya  broadridge.com> 
> Reply: users@httpd.apache.org 
> 
> Date: 14 March 2017 at 1:56:04 PM
> To: users@httpd.apache.org 
> 
> Subject:  [users@httpd] Hiding Apache version info on the Aix server for
> Apache.
>
>
>
> Hi All,
>
>
>
> Can anyone please let me know how to hide the apache version and the OS
> name running on Aix server.
>
>
>
> The servertokens or the server signature fields are set to PROD and
> signature off, then I tried restarting the httpd but apache was not
> starting until these two parameters are removed from the config file.
>
>
>
> *Regards,*
>
> *Krishna*
>
>
>
>
> This message and any attachments are intended only for the use of the
> addressee and may contain information that is privileged and confidential.
> If the reader of the message is not the intended recipient or an authorized
> representative of the intended recipient, you are hereby notified that any
> dissemination of this communication is strictly prohibited. If you have
> received this communication in error, please notify us immediately by
> e-mail and delete the message and any attachments from your system.
>
> This message and any attachments are intended only for the use of the
> addressee and may contain information that is privileged and confidential.
> If the reader of the message is not the intended recipient or an authorized
> representative of the intended recipient, you are hereby notified that any
> dissemination of this communication is strictly prohibited. If you have
> received this communication in error, please notify us immediately by
> e-mail and delete the message and any attachments from your system.
>

Re: [users@httpd] URG:DocumentRoot relate query on WIndows

[Yehuda Katz]

You can set the DocumentRoot to "C:/" (note the forward slash instead of
the backslash).
You can technically set it to just "/" also if you want the drive where
HTTPD is located.

When running HTTPD on Windows, it is good practice to use forward slashes
even though backslashes work in some places.
This is supposed to be inserted as a comment in the Windows httpd.conf (by
httpd/branches/2.4.x/build/installwinconf.awk):


> # NOTE: Where filenames are specified, you must use forward slashes
> # instead of backslashes (e.g., "c:/apache" instead of "c:\apache").
> # If a drive letter is omitted, the drive on which httpd.exe is located
> # will be used by default.  It is recommended that you always supply
> # an explicit drive letter in absolute paths to avoid confusion.


- Y

On Fri, Mar 10, 2017 at 8:37 AM, Eric Covener  wrote:

> On Fri, Mar 10, 2017 at 8:25 AM, Ishan Thakur
>  wrote:
> > “We are setting the documentRoot as “web”(no complete absolute path).
> This
> > works fine for all the paths.
> > The paths can be direct drive(D:\). But it fails only for C drive(C:\).
> The
> > same works fine for all other paths(D:\, C:\Program Files…etc)
> >
> > For C drive, we are getting following error:
> >
> > Syntax error on line 129 of C:/httpd.conf:
> > DocumentRoot must be a directory
> > “
> > Is there any restriction for C drive on Windows for Apache httpd-2.2.31?
>
>
> You'll have to provide some more detail. How does "web" work for
> different drive letters?  Do you specify different server roots in
> different configuration files?
>
> There's nothing special about the C drive when you specify a DocumentRoot.
>
> --
> Eric Covener
> cove...@gmail.com
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] Why ExpiresByType is ignored when has SetHandler application/x-httpd-php ?

[Yehuda Katz]

The order modules are loaded in the config file does not change the order
they execute. That is set in the code.

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.

On Mar 2, 2017 6:03 AM, <7rai...@inbox.lv> wrote:

> Eric, it is not the case. Here is the order of my loaded modules and the
> issue still happens (is relevant also for latest Apache version):
> ...
> LoadModule expires_module modules/mod_expires.so
> LoadModule headers_module modules/mod_headers.so
> ...
>
>
> Binyamin
>
> - Reply to message -
> *Subject:* Re: [users@httpd] Why ExpiresByType is ignored when has
> SetHandler application/x-httpd-php ?
> *Date:* trešdiena, 2016. gada 28. decembris 13:20:25
> *From:* Eric Covener <cove...@gmail.com> <cove...@gmail.com>
> *To:* <users@httpd.apache.org> <users@httpd.apache.org>
>
> On Tue, Dec 27, 2016 at 10:29 PM, Yehuda Katz <yeh...@ymkatz.net> wrote:
> > Why ExpiresByType is ignored when has SetHandler application/x-httpd-php
> ?
> >
> > /sitemap.xml Response Headers shows 1 day expiration while expected to
> be 1
> > year (1 month)
> >
> > Content-Type: application/xml; charset=utf-8
> > Date: Tue, 27 Dec 2016 19:59:00 GMT
> > Expires: Wed, 28 Dec 2016 19:59:00 GMT
> >
> > seems SetHandler forces it to apply text/html expiration and doesn't
> allow
> > to rewrite it
> >
> > ExpiresActive On
> > ExpiresDefault "access plus 1 month"
> > ExpiresByType text/html "access plus 1 day"
> > ExpiresByType application/xml "access plus 1 week"
> >
> > 
> > SetHandler application/x-httpd-php
> > Header set Content-Type "application/xml"
> > ExpiresDefault "access plus 1 year"
> > 
>
> It's likely just an ordering problem. mod_expires runs before
> mod_headers and you can't really change it any meaningful way in this
> case (you can ask mod_headers to run much earlier, but then your
> scripts output will overwrite it anyway)
>
> Presumably your script issues Content-Type: text/html which is bogus
> and what's seen when mod_expires runs. A short while later,
> mod_headers changes the content-type.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
>
> - To
> unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional
> commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Question about make openssl files

[Yehuda Katz]

Hi Rodrigo,
This mailing list is for Apache HTTPD. If you have questions about OpenSSL,
you should try an OpenSSL mailing list (https://www.openssl.org/
community/mailinglists.html) or documentation (https://www.openssl.org/docs/
manpages.html).

To point you in the right direction though: you probably want to start with
the req manpage: https://www.openssl.org/docs/man1.0.2/apps/req.html and
read the information about setting attributes.

- Y

On Thu, Feb 23, 2017 at 1:58 PM, Rodrigo Cunha 
wrote:

> Dears, a want know how i insert auto answers for questions from openssl
> stdout.
> I want knew how to bypass the extra attributes "password" options in my
> csr settings.
> my commands for make this files:
> openssl req  -nodes -new -x509  -keyout aux.key -out aux.cert
> openssl req -new -key aux.key -out aux.csr
>
> I want do answers for this questions:
>
> Country Name (2 letter code) [AU]: Indefinido
> State or Province Name (full name) [ ]: Indefinido
> Locality Name (eg, city) []:
> Organization Name (eg, company) [Internet Widgits Pty Ltd]:Indefinido
> Organizational Unit Name (eg, section) []:Indefinido
> Common Name (e.g. server FQDN or YOUR name) []:Indefinido
> Email Address []:Indefinido
>
> I dont answers password for this.
>
> --
> Atenciosamente,
> Rodrigo da Silva Cunha
> São Gonçalo, RJ - Brasil
>
>
>
> 
>  Livre
> de vírus. www.avast.com
> .
>
> <#m_4278783927997947723_m_6002865144250440756_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>

Re: [users@httpd] apache run status: how to tell as non-root user (on *nix)?

[Yehuda Katz]

That grep would not work on Debian-style packages because they show apache2
as the executable but it might be the best way on other systems.

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.

On Feb 21, 2017 8:54 AM, "Tom Browder"  wrote:

> I need to programatically determine whether httpd is running or not,
> whether I'm root or not. The only reliable way I have found is to use the
> system command 'ps -C httpd' and grep the results.
>
> Is there a better way?
>
> Thanks.
>
> Best regards,
>
> -Tom
>

Re: [users@httpd] Core code in apache

[Yehuda Katz]

How do you define the core vs. modules?
If you look at the documentation (http://httpd.apache.org/docs/2.4/mod/),
it describes what is included in the core and what is a module. There are
the core, mpms and other modules.
Also maybe the LAYOUT file will help you.

- Y

On Mon, Feb 20, 2017 at 6:48 AM, Hemant Chaudhary <
hemantdude.chaudh...@gmail.com> wrote:

> HI
> As apache has two parts, core and mudules.
> I want to understand core part code of apache. Please share which is the
> core code of apache.
>
>
> Thanks
> Hemant
>