DevHeads.net

User

high count h2 idle streams

Hello List,

found today an abnormality in my apachestatus for some servers.
There are a lot of "h2  idle, streams" in apachestatus.

httpd 2.4.28 installed

Hello,

OS:
CentOS Linux release 7.4.1708 (Core)
kernel:  3.10.0-693.2.2.el7.x86_64

httpd 2.4.28 was successfully installed via rpm form.
Thank you all for this great job.

Yous truly,
Kazuhiko Kohmoto

how to get the expiration date of a cookie

I cannot find a place where is written how to get the expiration date of
the cookie I set.
Please anyone knows how to do that?

thanks

Server version: Apache/2.2.15

Hi,

I’ve just subscribe to Apache forum recently.
Please advise URL for posting to the forum.
I apologize for piggy-back on ... at gmail dot com’s<mailto: ... at gmail dot com's> email below.

We have recently upgraded our server to : Apache Server version: Apache/2.2.15
and have encountered this phenomenon:

The old server, will display page_name.html.n file from the document root; where ‘n’ is some digit
So, page_name.html.n would display as a html page successfully.
But on the new server Apache Server version: Apache/2.2.15.
It would prompt to open or save page_name.man and won’t displ

Difference in Apache version

Hello all,

- I am running Apache httpd version *2.2.29* and server built on Aug 23
2015 13:19:54 .

/usr/local/apache2/bin/httpd -v

*Server version: Apache/2.2.29 (Unix)*

*Server built: Aug 23 2015 13:19:54*

- But the server-status page shows a different version and built.

[image: Inline image 1]

- Can you please advise what is wrong with my configuration?

X-Forward-For in ssl_access_log / apache behind WAF

Hello together
I'm a little bit confused about manipulation ssl_access_log to get the X-Forward-For IP but not the "WAF/Proxy" IP.
(sorry for that long text...)

# Settings:
rhel 7.3
apache 2.4.6
Redirect: apache redirect (nearly) everthing to https

- Apache is behind a Web Application Firewall (WAF).

Problems using olingo library

Hello,
after trying to send an http request using apache olingo(version 4.4.0), i
encountered some problems regarding null values. After doing some research
i found out that the problem was fixed :
<a href="https://github.com/apache/olingo-odata4/pull/21/commits/6d5ed5a6c39890f7813763869eda292d712f5e77" title="https://github.com/apache/olingo-odata4/pull/21/commits/6d5ed5a6c39890f7813763869eda292d712f5e77">https://github.com/apache/olingo-odata4/pull/21/commits/6d5ed5a6c39890f7...</a>
, but i haven't found any release with the committed change. I am using
maven as my project management tool. I would a appreciate a quick reply.

Thanks,

ProxyPass ordering

I have a site where multiple locations are mapped to different Proxy
balancers named balancer1, balancer2, balancer3 etc. One of the locations
mapped is root, "/", and according to the documentation, if that ProxyPass
mapping comes last in the config, it should work as expected. Instead, with
Apache2.4.27, I see everything being sent to the balancer that I've mapped
"/" to. The ProxyPass directives are inside Location directives but they
are in the correct order.

Does having the ProxyPass directives inside Location directives interfere
with the ordering? Is this a known problem?

Apache server-status and balancer-manager

Team,

I have installed Apache 2.2.29 version on RHEL VM, but the "Server Version"
on *server-status*and *balancer-manager* is showing as Apache/2.2.15.

I am confused why its different. Am i missing any configuration?

Compiling Apache 2.4.27 with VC++ 2015 IDE

Hi Team,

Compiling Apache 2.4.27 with VC++ 2015 IDE. I have added the envinronment in IDE toold for vcvars32.bat . And Executed linends.pl and open the Apache.dsw file in the VC++ 2015. Given the foloowing report. Its shows list of error. Could you guys advice me if I missed any.

Previously I have compiled Apache 2.4.23 version 2015. But before that I have loaded the project on vc 2008 and vc2010 and then 2015. It's a long process so this time I have tried directly done the project conversion on 2015. Please advice.

Thanks,
Anitha.S

issue with apache and virtual hosts and acme-client letsencrypt certificates

Hello,

I'm running a FreeBSD system that I'm running apache on and using that
to validate and put in to place letsencrypt certificates for several
domains.

I thought I had auto-updating working, turns out I didn't, but also
I've got a configuration problem with apache that is preventing
certificate validation.

If I use:

acme-client -v -C /usr/local/www/.well-known/acme-challenge -mbnN
domain.com webmail.domain.com

/usr/local/www/.well-known/acme-challenge is where challenges are
stored, the validation works only if I have this line commented out:

Redirect / <a href="https://www.domain.com/" title="https://www.domain.com/">https://www.domain.com/</a>

if t

comfil problem with 2.4.23

I am having trouble compiling mod_perl and the docs recommend 2.4.23

is I tried it and I get this compile error

make[2]: Entering directory '/home/ruben/src/httpd-2.4.23/support'
/usr/share/apr-1/build/libtool --silent --mode=link gcc -pthread -lssl -lcrypto \
-L/usr/lib -o ab ab.lo -L/usr/lib -R/usr/lib -laprutil-1 -ldb-5.3 -lgdbm -lexpat -L/usr/lib -R/usr/lib -lapr-1 -lm
ab.o: In function `main':
ab.c:(.text+0x64b4): undefined reference to `SSLv2_client_method'
ab.c:(.text+0x675b): undefined reference to `CRYPTO_malloc_init'
collect2: error: ld returned 1 exit status

I i

how to simply set a cookie?

I tried with this function

apr_table_add(r->headers_out,"Set-Cookie","doodle=hello");

but I am not seeing the cookie I set when querying my website in chrome dev
tool under application->storage->Cookies

Thanks

Validating Redirect Targets

Posting email list is dedicated to the use and usually the syntax of Apache configurations so my question may be off topic. If so please direct me to the correct place.

I have inherited an Apache configuration that has grown organically over more than a decade. I know there are redirects and rewrite rules which are now pointing to invalid URLs.

Graceful stop does not wait for PHP script execution

Greetings,

I need some help in troubleshooting this problem.

"not found or unable to stat" crashes our site

Our server started to get hit with a particular URL from many different IPs. The URL was for the file wp-login.php. We are running PHP but we are not running Word Press. This looks like some sort of brute force attack.

apache2 a2enmod error after update

opensuse 42.2
linux v4.4.87-18.29-default x86_64
apache 2.4.23 (Linux/SUSE)

(I did ask this question at a general opensuse forum. No response.)

After a recent Apache2 update by zypper, a series of messages were emitted:

Output of apache2-2.4.23-8.12.1.x86_64.rpm %posttrans script:
/usr/share/apache2/apache-22-24-upgrade: line 6: a2enmod: command not
found
...more of the same...

a2enmod exists in the system at </usr/sbin/a2enmod>. Both user and root
can find the app although the user invocation complains about it being
in /usr/sbin/.

Is a2enmod important?

httpd 2.4 - mod_lua question: LuaHookAuthChecker hook is not called

Hi,

i am using httpd 2.4.10 (trusty-backports) one and configured my default
virtual host like this:

<Location />
# translation works
#LuaHookTranslateName /etc/apache2/auth.lua silly_mapper
LuaHookAuthChecker /etc/apache2/auth.lua authcheck_hook
AllowOverride All
#Require foo valid-user
</Location>

The silly_mapper gets called.

But no matter what i try, i can't get the LuaHookAuthChecker working.
Loglevel is debug - but my script is not called (from observing and
according to the debug logs) - it's a 1:1 copy of the example from:

<a href="https://httpd.apache.org/docs/2.4/mod/m" title="https://httpd.apache.org/docs/2.4/mod/m">https://httpd.apache.org/docs/2.4/mod/m</a>

mod_ssl: problem using a self-compiled OpenSSL installation on a 64-bit Linux system

Hi,

if I formerly compiled the Apache httpd server myself using an also
self-compiled OpenSSL installation for building "mod_ssl" as a shared
module I added only the configure option "--with-ssl" to specify the
according OpenSSL installation directory (if I remember correctly).

Now on a 64-bit Linux system it seems no longer to work. OpenSSL was
installed by using the configure option "--prefix" say into a directory
named /usr/local/sc (sc=self-compiled) so I added accordingly the httpd
configure option "--with-ssl=/usr/local/sc".

Apache 2.4 Returns 400 for server names that have a TLD beginning with a number

Hi Folks,

I've got a domain where the TLD begins with a number, which appears to be
causing Apache httpd to throw a 400 error. So for example, if I try to
access my Apache host at "foo.9k", it will tell me it was a bad request.

This got me wondering if I was unaware of some RFC that outlines TLD
syntax, so I went digging. What I found (and how I understood it), a TLD
"must be alphabetic" with the exception of unicode TLDs which have the
"xn--" prefix. That's how I read it at least, please correct me if I am
wrong.

Anyways, the reason I want to raise this question is what I found after.

Loosing random requests from httpd 2.4.26+ Solaris

We are building httpd with a fips capable OpenSSL, all requests are https.

On just our Solaris servers, we are experiencing the behavior of random request/resposes abort in IE 11 (gifs, stylesheets,etc) if we trace the network traffice between the browser and httpd using F12 Developer tools in IE.

Again, this is only happening on our Solaris build (Windows httpd works fine), and it started happening when we upgraded to 2.4.26. We experience the same issues in 2.4.27.

fcgi error ap_pass_brigade failed

Hello all,

I have setup a Webserver and see a lot of the following errors:

[Wed Sep 20 16:28:48.332977 2017] [fcgid:warn] [pid 14969:tid
140600728618752] (32)Broken pipe: [client x.x.x.x:55994] mod_fcgid:
ap_pass_brigade failed in handle_request_ipc function, referer:
<a href="http://example.com/" title="http://example.com/">http://example.com/</a>

Website use PHP in various versions, from 5.6 to 7.2, and are started
with the following settings in the vhost:

      AddHandler fcgid-script .php
      FCGIWrapper /var/www/wusr36024/php-fcgi/php-fcgi-starter .php

The websites are working, no errors showing up on browsing to them.

Impact of CVE-2017-9789?

Hey all,

Under FreeBSD, mod_http2 is not compiled by the ports tree by default.

Are we still vulnerable to this?

Is there any mitigation strategy besides upgrading? (Disabling htaccess
parsing, for example?)

-Dan

how to externally redirect?

how can I redirect externally from my module?

for instance under certain condition I need to go to <a href="http://www.google.com" title="www.google.com">www.google.com</a>

I saw this api
void
<https://ci.apache.org/projects/httpd/trunk/doxygen/group__MOD__ISAPI.html#gacd6cdbf73df3d9eed42fa493d9b621a6>
ap_internal_redirect
<https://ci.apache.org/projects/httpd/trunk/doxygen/group__APACHE__CORE__REQ.html#gac3338d5cb2db319ab2140a48900c87e9>
(const
char *new_uri, request_rec
<https://ci.apache.org/projects/httpd/trunk/doxygen/structrequest__rec.html>
*r
<https://ci.apache.org/projects/httpd/trunk/doxygen/group__MOD__PROXY.html#gac68e921ed15f71060d61

setting getting variable to be changed in production and read in my C module

I have to write a set of variable to be read from my C module. Those
variable could be change when the code is in production, similar to what u
would write in a java properties file.

What is the proper way to do it and which functions to use?

1. write the in the httpd.conf (what is the API for getting/setting a
var visible in all the apache web server)
2. write them in the [module].conf (what is the API for getting/setting
a var visible in all my module)
3.

Restrict access to site pages except specific url

Hi guys,

I'm trying to configure apache 2.4 to allow access only to a specific set of
pages when accessed through a hostname.

So i have two virtualhosts configured , both pointing to the same physical
path/site.

Let's say <a href="http://www.mainsite.com" title="www.mainsite.com">www.mainsite.com</a> <http://www.mainsite.com> and blog.mainsite.com
.

There are categories for different sections of the site like /news ,
/contact , /blog and so on.

What i would like is that when the site is accessed through
blog.mainsite.com , only the subpages under /blog to be accessible like
/blog/artile-url.

allow only HTML for a VirtualHost and deny other script content without .htaccess

hi

My web server have to host a HTML website.

I create a virtualhost for this website

I want to allow only HTML content for this site and deny all other
script content like PHP, Perl and other.

How can I configure my virtualhost ( i don't want htaccess file) to do that

thank for help

Cordialy

Update OCSP stapling response in advance

Dear list,
good time of the day,

Is it possible to make Apache start requesting fresh OCSP response some
time before previous one expires, in order to prevent outages due to
poor OCSP server availability? SSLStaplingResponseMaxAge directive looks
promising, but will it return older response if fresh one cannot be
obtained, or will it just fail?

(Sorry if discussed earlier, I remember something along these lines, but
don't remember of some solution or workaround was found.)

Increasing packet size to 64 KB on mod_proxy and mod_proxy_balancer

Hi All,

We are using apache mod_proxy and mod_proxy_balancer to talk to the backend
ratpack.io app (which has netty by default).

We see high latency when the headers go above 8 KB. to debug the issue we
have monitored the traffic from apache to netty with wireshark.

We noticed that apache is sending request in multiple packets to netty.
This is adding latency in processing the request.

Is there a way to increase the packet size to higher value like 64 KB in
mod_proxy. I know this can be achieved with modJK and AJP.

How to stop apache from debugging

Hi,

I started debugging with "./httpd -X" command. It starts debugging. Now I
want to stop debugging and start the server normally.

Which command should I use to stop debugging ?

HC

.htaccess

Hi Folks,

Sorry to bother you.
My website is using apache at Dreamhost.

I'm authenticating using a require valid-user at .htaccess
But I need to add more directives to authenticate the access by Referer.

If the user comes from a specific referer, the user doesn't have to receive
the authentication box and bypass the authentication.

Is that possible?

My .htaccess file is:

AuthName "My Security Area"
AuthType Basic
AuthUserFile /myusersfilepath/
require valid-user

ErrorDocument 401 /error.html

I'd like to add authentication by Referer
if Referer or host domain.the extension then there i

SSLEngine on and mod_macro

When setting “SSLEngine on” in a mod_macro config file for virtual hosts we are not able to start Apache.

When it is commented out, Apache will start. On the same server “SSLEngine on” is in another self-contained virtual host config file, and also in ssl.conf. Those do not cause any problems with starting Apache. Only when it is in the mod_macro config file.

The above, "SSLEngine on” in the mod_marco config file worked fine on a Apache 2.2 system. But on an Apache 2.4.6, it is having the above problem.

Any ideas?

Thanks

htaccess looping

Hi, I've got problem with htaccess configuration.

Run apache without master

Hi,

I want to start my apache without master process means when I will give
"httpd" command, it should start 5 worker process which has access to
httpd.conf as well as serve requests.

Is it possible to achieve this ? If yes, then how should to achieve this ?

Thanks
hemant

mod_evasive whitelist question

Hi all

I'm trying to whitelist 10.* addresses so that they¹re not caught by
mod_evasive.

Question about apache2.4, prefork and mod_perl

Hello,

I hope this request is not stupid, but I did not find anything which
gives me an answer...

So: I am running apache 2.4 (on FreeBSD 11), use mod_perl and prefork.
When the server starts it creates several httpd processes all running
under root. This is ok. When a request arrives it creates subprocesses
with the user www:www (80:80) - everything ok. But now the question:
why are the processes with www:www user terminated after a short time /
request?

Basic Authentication by password and Bypass by Referer

Hi Folks,

I want to configure my .htaccess that requires user authentication or
bypass the user authentication if it comes from a specific referer.
Is there any way to do this ?

Thanks in advance,

--DJ

Configuration help - addhandler <> mod_proxy_fcgi

Hello List,

currently i use classic mod_fastcgi (fastcgiexternalserver) with
php-fpm, which is quite reliable.
A disadvantage of this setup is, that not every response-header set by
.htaccess will really send to client.
Something like this is the current setup:

<IfModule mod_fastcgi.c>
    AddHandler myphp-cgi .php
    Action myphp-cgi /cgi-fpm/php71-fpm
</IfModule>

The big advantage is, that my users are able to use addhandler by
.htaccess to choose any provided php-version.

Now i try to switch from mod_fastcgi to new recommend way of mod_proxy_fcgi

The basic variants with SetHandle

Offtopic: Apache Struts vulnerability: how to detect Struts & will DB encryption help

Understand Apache web servers (runs on Unix only) & Apache Struts
(can run in Windows & appliances) are different things:

Q1:
Can the various VA scanners (like Nessus & McAfee Vulnerability Manager)
detect the presence of Struts or you'll need to login to individual servers/
endpoints or have an agent running in them (like SCCM or MS Desktop
Central) to check for the presence of Struts?

Q2:
Will DB encryption help stop Struts vulnerabilities eg, the recent one?
Is the following true (someone told me):
If hackers directly access the database (say using sql query tools/command
to get sensiti

Waiting for mod_dav.o.lock to be removed

HI

I am getting "libtool:Waiting for mod_dav.o.lock to be removed" error while
make apache.

Any help will be appreciated.

Thanks
Hemant

CSP nonces in apache

Hello;

I wanted to have CSP nonces in apache.

how to get apr_pool_t when need to call ap_md5

In my function I need to get the checksum using md5.

I saw that there is this function ap_md5(apr_pool_t *a, const unsigned char
*string);

but it needs apr_pool_t

how can I get it?

char key[] = "abc";

key_md5 = ap_md5(mem_pool, key);

RE: Web sockets & proxypass - No protocol handler was valid for the URL

Hi Eric/Adam,

Just reviving an old thread. Here is the full thread archive if it helps. <a href="http://apache-http-server.18135.x6.nabble.com/Web-sockets-amp-proxypass-No-protocol-handler-was-valid-for-the-URL-td5033887.html" title="http://apache-http-server.18135.x6.nabble.com/Web-sockets-amp-proxypass-No-protocol-handler-was-valid-for-the-URL-td5033887.html">http://apache-http-server.18135.x6.nabble.com/Web-sockets-amp-proxypass-...</a>

I am using Apache virtual host as frontend, and Node.js as backend running express and socket.io

I’ve come into the same issue as you Adam.

Node.js Socket.io library uses the path /socket.io/ for both web socket and non-websocket requests where the difference is in the query parameter, rather than the path.

Apache assertion

I'm trying to add a directive to apache's httpd.conf, straight out of the page at <a href="http://perl.apache.org/docs/2.0/user/config/custom.html#Creating_and_Using_Custom_Configuration_Directives" title="http://perl.apache.org/docs/2.0/user/config/custom.html#Creating_and_Using_Custom_Configuration_Directives">http://perl.apache.org/docs/2.0/user/config/custom.html#Creating_and_Usi...</a> <http://perl.apache.org/docs/2.0/user/config/custom.html#Creating_and_Using_Custom_Configuration_Directives>:
package Journals::Trans;

use strict;
use warnings FATAL => 'all';

use Apache2::Module ();
use Apache2::Directive ();

my @directives = (
{
name => 'JournalsTrans',
},
);

Apache2::Module::add(__PACKA

Struts vulnerability

Hello all

I am new to the mailing list as well as new to Apache Struts. We all heard
in the news about the vulnerability affecting Apache Struts. I have been
tasked to determine which of our servers have Struts running on them.

Why Apache does not save some records to error log

I am not sure what is the reason of my problem. In some cases my PHP
script successfully saves data in it's own (script's) log.

Request_URI and ErrorDocument interaction ?

Hi,

I'm having a problem using together Request_URI and ErrorDocument, and I can't solved it by myself.
My initial need was to very simple: separate the request path in the logformat.

I've started to use the %U format string, it was fine, but I notice that in case of some rewriterule my logfile was containg the result of the rewrite and not the original request path.
So I've figured to make it work doing this:

SetEnvIf Request_URI ^(.*)$ originalPath=$1
LogFormat "...

Which file creates master process

Hi

I have apache-2.4.25 on my ststem. When we start server, initially master
process starts and give access to mpm. I want to know which ".c" file is
used to create master process before worker.c.

Thanks
Hemant

Debugging Intermittent 500 Errors

We have set of three servers running Apache 2.4. (version distributed with
RedHat 7) behind a Kemp LoadMaster load balancer. The configuration is
managed by Puppet, so all the servers have the same configuration.

mod_authz_core and http response 451

Hello,

I've googled a bit and I can't find a way to handle this without using a
rewrite rule.

I'm setting up a rule using mod_geoip to block embargoed countries.

How to pass query string as encoded value to another parameter?

In my use case, I need to encode {QUERY_STRING} value and pass this value
as a separate parameter.

How to pass query string as encoded value to another parameter?

down votefavorite
<https://stackoverflow.com/questions/45984933/how-to-encode-query-parameters-using-apache-url-rewrite-rules#>

In my use case, I need to encode {QUERY_STRING} value and pass this value
as a separate parameter.

Update 1: [users@httpd] Apache Restart Failure

Hi Nick,

Forgot to add my current disk space information which is as follows:

ubuntu@ip-172-31-7-154:~$ df -h
Filesystem Size Used Avail Use% Mounted on
udev 487M 0 487M 0% /dev
tmpfs 100M 12M 88M 12% /run
/dev/xvda1 7.8G 5.6G 1.9G 76% /
tmpfs 496M 0 496M 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 496M 0 496M 0% /sys/fs/cgroup
tmpfs 100M 0 100M 0% /run/user/1000

ubuntu@ip-172-31-7-154:~$ df -i
Filesystem Inodes IUsed IFree IUse% Mounted on
udev 124464 3

Apache Restart Failure

Hi There, BTW - I'm new to contacting this support process.

Until now I've had Apache running successfully on an AWS Ubuntu 16.04 EC2 with RDS MysSql

The problem is after adding another virtual host when I restart apache2 I got the following...................

ubuntu@ip-172-31-7-154:~$ sudo systemctl restart apache2
Job for apache2.service failed because the control process exited with error code.

Flood 0.4 status? (was: flood 0.4 was never signed for?)

What's our position on this? Is it time to declare flood abandoned?

Are there any users of this tool who want to contribute to maintaining it?

Offhand, I expect it does not support TLS/SNI. Nor HTTP/2.

If abandoned, we can simply remove <a href="http://www.a.o/dist/httpd/flood" title="www.a.o/dist/httpd/flood">www.a.o/dist/httpd/flood</a>
to resolve Daniel's issue.

MPM Modules Rule of Thumb

Hi All,

I've been scouring the internet for best practices or heuristics for
specifying parameter values of the MPM directives. My server seems to lock
up regardless of the values I enter. Are there "rules of thumb" for each
MPM type (prefork, worker, event)?

Thanks!

Build apache without mpm

Hi

By which configuration I can build apache without threaded> I dont want to
sue mpm.

Thanks
Hemant

no-cache header setting for 1 file

Hi team,

can you please help me in setting a single no-cache header for an single
file noImageIcon.jpg so that everytime its being accessed request should
go to the webserver to check for file.

currently we have setting like below:-

<LocationMatch /store.*/jawr/jawrTmp/>
CookieTracking off
FileETag None
Header Set Cache-Control "max-age=28800, s-maxage=28800, private"
Header unset Last-Modified
# need to remove these
Header unset Pragma
Header unset Expires
</LocationMatch>

<LocationMatch /store.*/jawr/cssSprites/>
CookieTracking off
FileETag None
Header Set Cache-Control "max-age=28800,

ProxyPass, root "/" directory and DirectoryIndex

Hi,

During the setup of an Apache (2.4.18) proxy pass, I noticed that when requesting the root “/“, Apache assumes that the resource asked is /index.html. In our test environment the machine beg the proxy by default serves index.php I found out the way to change is by tweaking the DirectoryIndex on the proxy pass.

However, we’d like to tell the proxy to simply forward the request to the machine behind it as is, that is, if requested “/“ pass that to the machine behind.

Am I missing something? How can I accomplish that?

Best,

Gus

——————

Marfeel Solutions S.L.
Avda.

MPM_Worker main process

Hi folks,

I have my apache-2.4.25 with worker mpm. For testing, I have killed the
master/main process and send simultaneous requests from apache j-meter and
my apache serves all the requests. What I have observed is that even with
loads number of worker threads are same, it means I lost forking
capability because of main process.

My query is without Master process, what functionalities will I loose?

Thanks
Hemant

Syndicate content