New module added: mod_proxy_filter_xff
Hello, A new module has been created and is awaiting approval. If you are a modules.apache.org administrator, please check whether this module passes the requirements of an httpd module and approve it if so. Author: peterpramb Module name: mod_proxy_filter_xff Tags:proxying,filters License: MIT license Homepage:http://www.pramberger.at/peter/software/projects/filterxff/ Caption: An Apache filter module for XFF headers
New module added: mod_mruby
Hello, A new module has been created and is awaiting approval. If you are a modules.apache.org administrator, please check whether this module passes the requirements of an httpd module and approve it if so. Author: matsumoto_r Module name: mod_mruby Tags: misc,proxying,vc,scripting,filters,generators,mapping,logging,security License: MIT license Homepage:https://github.com/matsumoto-r/mod_mruby Caption: mod_mruby - to provide an alternative to mod_lua.
New module added: mod_process_security
Hello, A new module has been created and is awaiting approval. If you are a modules.apache.org administrator, please check whether this module passes the requirements of an httpd module and approve it if so. Author: matsumoto_r Module name: mod_process_security Tags:security License: MIT license Homepage:https://github.com/matsumoto-r/mod_process_security Caption: This module is a suEXEC module for CGI and DSO. Improvement of mod_ruid2(vulnerability) and mod_suexec(performance).
New module added: mod_request_dumper
Hello, A new module has been created and is awaiting approval. If you are a modules.apache.org administrator, please check whether this module passes the requirements of an httpd module and approve it if so. Author: matsumoto_r Module name: mod_request_dumper Tags:logging License: MIT license Homepage:https://github.com/matsumoto-r/mod_request_dumper Caption: output request_rec, server_rec, conn_rec on earch hook phases.
New module added: mod_load_monitor
Hello, A new module has been created and is awaiting approval. If you are a modules.apache.org administrator, please check whether this module passes the requirements of an httpd module and approve it if so. Author: matsumoto_r Module name: mod_load_monitor Tags:filters,logging License: MIT license Homepage:https://github.com/matsumoto-r/mod_load_monitor Caption: mod_load_monitor - exec command over threshold of load average
New module added: mod_vlimit
Hello, A new module has been created and is awaiting approval. If you are a modules.apache.org administrator, please check whether this module passes the requirements of an httpd module and approve it if so. Author: matsumoto_r Module name: mod_vlimit Tags:misc License: MIT license Homepage:https://github.com/matsumoto-r/mod_vlimit Caption: Control the number of references from the same IP address to file access or the number of references from the same file name to file access
New module added: mod_rchecker
Hello, A new module has been created and is awaiting approval. If you are a modules.apache.org administrator, please check whether this module passes the requirements of an httpd module and approve it if so. Author: matsumoto_r Module name: mod_rchecker Tags:logging License: MIT license Homepage:https://github.com/matsumoto-r/mod_rchecker Caption: Process Resource Logging Module
New module added: mod_lalimit
Hello, A new module has been created and is awaiting approval. If you are a modules.apache.org administrator, please check whether this module passes the requirements of an httpd module and approve it if so. Author: matsumoto_r Module name: mod_lalimit Tags:misc License: MIT license Homepage:https://github.com/matsumoto-r/mod_lalimit Caption: Control the number of processes in the system run queue averaged over the last 1 minutes.
New module added: mod_falcon
Hello, A new module has been created and is awaiting approval. If you are a modules.apache.org administrator, please check whether this module passes the requirements of an httpd module and approve it if so. Author: jonnymind Module name: mod_falcon Tags:scripting License: Apache License 2.0 Homepage:http://www.falconpl.org Caption: Interpreter for the Falcon Programming Langauge
Re: how to do something in a mod when apache is shutting down?
On 5 Feb 2013, at 02:29, chary wrote: I'm writing a mod for apache, and I need some help. how to do something in a mod when apache is shutting down? What kind of hooks could be used? Register your function as a cleanup on the process pool. -- Nick Kew
re: how to do something in a mod when apache is shutting down?
Thanks for your help ,Nick. Do you mean this function ? void apr_pool_cleanup_register ( apr_pool_t *p, const void *data, apr_status_t(*)(void *) plain_cleanup, apr_status_t(*)(void *) child_cleanup ) Chary On 5 Feb 2013, at 02:29, chary wrote: I'm writing a mod for apache, and I need some help. how to do something in a mod when apache is shutting down? What kind of hooks could be used? Register your function as a cleanup on the process pool. -- Nick Kew
RE: Apache 2.4.3 issue related to SLProxyCheckPeerCN directive
Hi Zisis, Finally able to introduce “SLProxyCheckPeerCN off” in Apache conf file and now “Proxy error” issue has been resolved. Link to Tomcat webserver is now redirecting properly, BUT with some breakage. After a while we got “Connection got reset” error on UI. Again checked error log and found following new messages: --- [Tue Nov 20 22:18:52.356772 2012] [core:notice] [pid 2511] AH00052: child pid 2544 exit signal Segmentation fault (11) [Tue Nov 20 22:18:53.363481 2012] [core:notice] [pid 2511] AH00052: child pid 2526 exit signal Segmentation fault (11) --- Can you help in understanding the probable cause of this exception? Thanks, Pravesh -Original Message- From: Zisis Lianas [mailto:zisis.lia...@consol.de] Sent: Tuesday, November 20, 2012 5:33 PM To: dev@httpd.apache.org Subject: Re: Apache 2.4.3 issue related to SLProxyCheckPeerCN directive Hi Pravesh, this is the expected behaviour of SSLProxyCheckPeerCN. When set to on (default), the certificate CN of the backend server has to match the configured BalancerMember's name. In your case, your BalancerMember seems to be https://15.146.153.101/; (so the name is 15.146.153.101), which has configured an SSL certificate with CN=y. This constellation can't work. Normally SSLProxyCheckPeerCN off should solve your issue - what do you mean with 'is not helping much in our case'? What is the error message when turning SSLProxyCheckPeerCN off? Perhaps you can also post the relevant part of your configuration. The links you posted are not really applicable for this configuration issue. Please also consider that this is more an users-issue than dev (- users mailinglist). Regards, Zisis - Original Message - From: Pravesh R Rai (STSD) pravesh@hp.com To: dev@httpd.apache.org Sent: Tuesday, November 20, 2012 12:17:13 PM Subject: Apache 2.4.3 issue related to SLProxyCheckPeerCN directive Hi All, While trying to use Apache 2.4.3, we are getting following error messages (in error_log), when trying to access a link to another application running on Tomcat web server: -- [ssl:info] [pid 3264] [remote 127.0.0.1:1188] AH02005: SSL Proxy: Peer certificate CN mismatch: Certificate CN: y Requested hostname: 15.146.153.101 [ssl:info] [pid 3264] [remote 127.0.0.1:1188] AH01998: Connection closed to child 0 with abortive shutdown (server localhost:2381) [proxy_http:error] [pid 3264] (502)Unknown error 502: [client 16.154.173.74:52712] AH01084: pass request body failed to 127.0.0.1:1188 (localhost), referer: https://15.146.153.101:2381/chplinkstrt.php?chppath=Tools%3A%3AService guardchppage=Serviceguard%20Managerchpurl=/sgmgr/main/main.dochptar get=undefined [proxy:error] [pid 3264] [client 16.154.173.74:52712] AH00898: Error during SSL Handshake with remote server returned by /sgmgr/main/main.do, referer: https://15.146.153.101:2381/chplinkstrt.php?chppath=Tools%3A%3AService guardchppage=Serviceguard%20Managerchpurl=/sgmgr/main/main.dochptar get=undefined [proxy_http:error] [pid 3264] [client 16.154.173.74:52712] AH01097: pass request body failed to 127.0.0.1:1188 (localhost) from 16.154.173.74 (), referer: https://15.146.153.101:2381/chpl -- Also found that, the same bug is reported at some Apache Bugzilla sites: https://issues.apache.org/bugzilla/show_bug.cgi?id=53006 http://mail-archives.apache.org/mod_mbox/httpd-bugs/201203.mbox/%3Cbug -53006-7...@https.issues.apache.org/bugzilla/%3E http://osdir.com/ml/bugs-httpd/2012-03/msg00324.html but none of those points to the right direction. After going through Apache-2.4.3 docs/forum: http://apache-http-server.18135.n6.nabble.com/SSLProxyCheckPeerCN-Prox yPreserveHost-issue-td447.html http://httpd.apache.org/docs/2.4/upgrading.html#misc http://httpd.apache.org/docs/trunk/mod/mod_ssl.html found that, it is observed only with Apache-2.4.3 is due to one directive SLProxyCheckPeerCN, which is now on by default. But even setting this to off is not helping much in our case. Can anybody please provide some clue about this behavior? Regards, Pravesh
Review request
Hi, can somebody check simple patch in https://issues.apache.org/bugzilla/show_bug.cgi?id=54474 ? It solves my problem and is backed up by RFC2817. It would be nice to have it in 2.4.4. Thanks -- Pavel Mateja
Re: [users@httpd] Proxy CONNECT HTTP version
Hi Pavel, On 01/30/2013 11:41 AM CEST +02:00, Pavel Mateja wrote: The wget package will be in next stable debian which sux because all CONNECT requests thru apache will fail. I just compiled wget from git (1.14.31-3be7) and the bug is still there. Any idea what to do? Should somebody fill bug for debian and wget or should we ignore that RFC request? If wget fails to send a Host: header when RFC mandates it, I recommend you to file a bug against wget in the Debian bug tracker. Regards, Micha
Re: [users@httpd] Proxy CONNECT HTTP version
Hi Pavel, On 01/30/2013 11:41 AM CEST +02:00, Pavel Mateja wrote: The wget package will be in next stable debian which sux because all CONNECT requests thru apache will fail. I just compiled wget from git (1.14.31-3be7) and the bug is still there. Any idea what to do? Should somebody fill bug for debian and wget or should we ignore that RFC request? If wget fails to send a Host: header when RFC mandates it, I recommend you to file a bug against wget in the Debian bug tracker. Regards, Micha Hi, I've alrady sent patch and it was accepted: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699337 -- Pavel Mateja
