mod_proxy - sticky sessions configuration help


I am setting up a frontend HTTPD load balancer to a backend Tomcat
application using mod_proxy. I have not done so previously and am looking
for some guidance.

Suggestion on Redirect parsing

The syntax for redirect treats

Redirect / <a href="" title=""></a>

as a request to redirect, for example, index.html as ""

Since I can't think of any reason that this could possibly be desired, it seems the parser should understand that when only a FQDN is specified with a URL scheme, the final '/' is assumed.

this would still allow for <a href="" title=""></a> formats, etc, and would only apply to the specific format xxxx://FQDN

(Although I think even this syntax should assume a final / and that if the "append .

Auth with dbm extremely slow with ProxPass


I am using http 2.4.29 and am securing some ProxyPass rules with
Now with AuthBasicProvider file this is extremely fast and seems to work
But in the first run I wanted to work with dbm on the server but there
are big problems when working with ProxyPass.
For things like server-status there is also very fast access with dbm
auth but for things like proxying to localhost ports for solr or rspamd
web UI's the page loading needs forever.
And to mention I am redirecting to https before.
As said with "file" it works like a charm.
Any ideas why this could be?


balancing best practices - mod_proxy_balancer


I am looking for some guidance on using HTTPD as a proxy and load balancer
to a backend Tomcat application. Specifically, I'm interested in how to
best handle the balancing of requests.

How to browse to index.php OR index.html on WordPress site?

I have a WordPress site that works. If my
/etc/apache2/sites-enabled/sitename.conf file is set with the
"DirectoryIndex index.php" directive, all is well, and pointing a
web-browser to <a href="" title=""></a> loads the sitename's index.php file as
it should.

But I need to temporarily put up a dummy site, consisting of just a very
simply index.html file. That's easy enough; I create the index.html file,
and then change the sitename.conf file to "DirectoryIndex index.html" and
restart Apache2. All is good.

But I still need to manually be able to get to the full-blown .php-based

Mod_Proxy, SSLVerifyClient, Safari, and Guacamole issues

Good day,

I am using Apache HTTPd w/Mod_Proxy to proxy Apache Guacamole. The httpd
side of things does a client side certificate validation. On Chrome and
FF, everything works just fine, however on Safari, it does not. If I go
direct to the Guacamole via Safari bypassing the mod_proxy, Safari

Using the developer tools in Safari, the /guacamole/api/tokes request is
not getting the certificate "re-passed" by safari and apparently Chrome
and FF handle this properly.

Can't install apache2 in ubntu after an uninstall

<html><head></head><body><div style="font-family: Verdana;font-size: 12.0px;"><div>&nbsp;</div>

<div>Please take a look at this url,</div>


<div><a href=""></a></div>


<div>and please help me.&nbsp; thanks.</div>









<div class="signature">What if eternit

Environment variables not being set by php module


I'm trying to set an environment variable and run a program via php when
the page is loaded. This command runs fine when I use the php
interactive shell:///|putenv('TS_SOCKET=/tmp/test.socket'); echo

However, if I wrap that with php tags, throw it in a .php file and
access it via browser, the environment variable seems to not be set at
all (evidenced by the incorrect output of `tsp`). Setting the
environment variable in the exec() call doesn't work either.

Trouble using soft link when requesting image file

WHM v68.0.29

I am trying to configure Apache to follow a symbolic link from one account's
public_html folder to another account's public_html folder. So, if Account1
has a soft link "slink":

~account1/public_html/slink -> ~account2/public_html

Given the above, assets are available via two paths: is the same as is the same as

I added the symlink, and things seemed to work, including html, css, and
javascript files, files in subfolders, etc.

CPU usage in server-status and top not matching


Trying to match high %cpu httpd processes from "top" with what they are requesting and ip addresses

Any suggestions?


Save the date: ApacheCon North America, September 24-27 in Montréal

Dear Apache Enthusiast,

(You’re receiving this message because you’re subscribed to a user@ or
dev@ list of one or more Apache Software Foundation projects.)

We’re pleased to announce the upcoming ApacheCon [1] in Montréal,
September 24-27. This event is all about you — the Apache project community.

We’ll have four tracks of technical content this time, as well as lots
of opportunities to connect with your project community, hack on the
code, and learn about other related (and unrelated!) projects across the

The Call For Papers (CFP) [2] and registration are now open.

Apache 2.0 architecture

Hi All,

While Debugging apache, I encountered with following questions. I am unable
to get answers for the following questions, please help to answer them.

Q1. Startup process is reading configuration two times and creating
conftree. Why do we need to read configuration script twice? Is there any
difference in conftree after first and second read of configuration script.

Q2. When we start apache, it starts with startup process and then it
detaches and starts Master/Parent Process. After that Master Process take
control and spawn child processes.

Apache httpd 2.4.30-dev available for testing

The Windows lovers can test the soon coming httpd 2.4.30.

See <a href="" title=""></a>

Please let me us know how it goes.

Issues you can report here or at Apache Lounge.

Is it safe to run Apache HTTP Server binary on Windows?

I am running 64-bit version of Windows 10 and Windows Server 2016.


Turritopsis Dohrnii Teo En Ming's Academic Qualifications as at 30 Oct 2017

[1] <a href="" title=""></a>

[2] <a href="" title=""></a>

[3] <a href="" title=""></a>


SSL cipher suites


I'm looking for recommendations. I'm running apache 2.4 and Openssl

rewrite not working, still going https


I'm trying to get apache 2.4 not to rewrite urls with
.well-known/acme-challenge in them. I do not want these urls
redirected to https but all other urls to do so.

FilterProvider - list of providers


I am trying to get my head round what I can do with filters.

httpd running with uid - apache 2.4.29


I am experimenting a scratch install of Apache 2.4 on RHEL. I noticed the
httpd process is running with UID instead of username. Any ideas?

root 30426 1 0 14:40 ? 00:00:00
/app/apache/apache24/bin/httpd -k start
30139 30427 30426 0 14:40 ? 00:00:00
/app/apache/apache24/bin/httpd -k start
30139 30428 30426 0 14:40 ? 00:00:00
/app/apache/apache24/bin/httpd -k start
30139 30429 30426 0 14:40 ? 00:00:00
/app/apache/apache24/bin/httpd -k start

The httpd.conf file has the user and group configured as apache

Apache httpd dynamically links to wrong ssl library on macOS causing a crash


I’m currently working on a new php formula in the Homebrew package manager
project where we have noticed that httpd crashes on macOS High Sierra under
certain conditions.

Apache httpd directory listing no longer working

Directory listing inside one of our VirtualHost configurations has stopped working recently.
It now returns a 403 Forbidden when trying to access a directory.

The url is protected with basic authentication from a .htpasswd file.
Accessing a specific file under de location presents no problem.

"apachectl -S" and DocumentRoot


apachectl -S

is a nice command. We are looking for something that outputs the "DocumentRoot" for all virtual hosts

Is there some way to do that with a single command?


upgrade or new install


Looking for best practice upgrade method from Apache 2.2.29 to Apache

Should i perform an in place upgrade or install a new version of Apache

E-commerce Rewrite Rule

Good morning Team,

Below 4 URL in my e-commerce, please guide me right rewriterule for it.

1. / Clothing[Department] / Mens[Main Catagory] / Shirts[Sub
Catagory] / T-Shirts [Sub Sub Catagory] / White Shirt [product_id=15]

2. / Mens[Main Catagory] / Shirts[Sub Catagory] / T-Shirts [Sub
Sub Catagory] / White Shirt [product_id=15]

3. / Clothing[Department] / Mens[Main Catagory] / Shirts[Sub
Catagory] / White Shirt [product_id=15]


Setting up Apache 2.4 with Letsencrypt

I have dehydrate properly renewing certs from Let's Encrypt (which I am using successfully for mail authentication) and I ma trying to get them working for Apache 2.4, but no luck so far.

I created aliases in /usr/local/etc/apache24/ pointing to the files in /usr/local/etc/dehydrated/certs/domain.tld/fullchain.pem and privkey.pem

in httpd.conf I have:

LoadModule ssl_module libexec/apache24/

Include etc/apache24/extra/httpd-ssl.conf
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

Listen 443

Apache Unable to reinitiate connection after application server's ip change.

Hello All,

I'm using Apache as my Webserver and we have Tomcat and Websphere as our application servers. We are making an IP change on application servers. On our application servers we don't specify any IP address in any of Tomcat or Websphere configuration. We only specify server name everywhere.

We are only changing IP address but not the server name.

apache 2.4 and python


I'm trying to get mod python 3.5 working with apache 2.4. I keep
getting an error on the PythonHandler line. I've got python 3.5
installed, and mod_python 3.5 with apache 2.4, they are not talking to
each other.

Any ideas?


Mutual authentication between Apache HTTP server and an application server.


I'm using Apache HTTP server as a webserver and Websphere application server as an Application server. Apache is using Proxy to redirect requests from Apache to Websphere. On my websphere side security is enabled, and its looking for mutual authentication. Could you please help me with where I can add my Application server's root certificate on Apache end?

Could you please let me know how can I add websphere certificate in my Apache.

Set up an Apache HTTP server as a rotating proxy


Suppose that I have many proxies that I can use (called secondary
proxies here). I'd like to create a master proxy that rotates its
connection to these secondary proxies. In this way, an application
only needs to connect to this master proxy and does not need to know
whether the master proxy rotates among these secondary proxies.

I see that apache reverse proxy probably may be able to do this. But I
am not very sure. Could anybody confirm whether this is the case? Is
there any specific configuration need to done to ensure a strict
rotation policy?

Spurious access denied errors

Dear list,

I've installed and configured mediawiki as follows (on top of default
Ubuntu 16.04 Apache/2.4.18 installation):

Help with ProxyPass and ProxyPassReverse

I have a HTTP mail client running on port 7080 on the server that must be
proxied through Apache.

Using a workstation, I can enter:

<a href="" title=""></a>

and it brings up the mail client correctly.

I tried to use ProxyPass/ProxyPassReverse to move the mail client to run on
port 80 with the following configuration:

# Surgemail redirect to allow web based e-mail
<VirtualHost *:80>
ProxyPass "/" ""
ProxyPassReverse "/" ""
ProxyPassReverseCookieDomain "" ""

Re: [users@httpd] websocket header not passing a long with ProxyPass and mod_headers

On Thu, Feb 8, 2018 at 1:33 PM, <users-digest- ... at httpd dot> wrote:
Hi Rainer,

Thanks. Yes, I am using mod_proxy_wstunnel and it appears that that is
the issue.


websocket header not passing a long with ProxyPass and mod_headers

Hello, I have an operational setup where Apache httpd is proxying secure
websockets traffic to an Apache Tomcat server. In other words, I'm using
ProxyPass to pass traffic along to a WSS url.

I'm now having some issues trying to throw mod_headers into the mix.

SSL Certificate Validation

Dear users,
We are currently using Apache 2.2.22 (mod_ssl 2.2.22, OpenSSL/0.9.8t) and we have a security concern since developers are able to bypass the SSL certificate verification when using HTTPS calls. Kindly advise what configuration is needed to enforce the certificate verification?

symbol SSLv2_client_method


i have a solaris zone whit apache:

# /app/apache/bin/httpd -version
Server version: Apache/2.0.59
Server built: Jun 18 2007 14:27:08

when a try to start receive this error:

yntax error on line 32 of /app/apache/conf/httpd.conf:
Cannot load /app/apache/modules/ into server: httpd:
fatal: relocation error: file /app/apache/modules/ symbol
SSLv2_client_method: referenced symbol not found

# ldd /app/apache/modules/ => /lib/ => /usr/sfw/lib/ => /lib/li

Virtual/Proxy setup to internal webserver

I have apache24 running on freebsd.

Can I configure virtual host to direct a request for
to an internal webserver on my network

eg; DocumentRoot ""
or ""

I tried using Proxy mod but not sure how to setup.

Any hints welcome

Probably small problem with SSL config

I'm setting up an Apache server 2.4.25 in our DMZ for the first time,
and having an issue with getting SSL configured correctly.

I am using links text based browser to connect from a second machine
to the first machine.

apxs tool for Windows x64

Hi All,

Is there apxs tool for Windows x64?
I could only find a very old version for Win32 at <a href="" title=""></a> .


How to build httpd module on Windows

Hi All:

How can I build a module on Windows platform without apxs tool?
I downloaded and installed Apache httpd binaries for Windows. Httpd runs and is functional. I would like to build my own module on Windows.
When I try to start up httpd with my custom *.so module built on VS2015, I receive and error, as expected:

httpd.exe: Syntax error on line 181 of C:/Apache24/conf/httpd.conf: Can't locate API module structure `example_module' in file C:/Apache24/modules/ No error


Help: Vhost default whit other IP.

Hi, i've http(apache2) in debinan 8 and my setup a second vhost(
<a href="" title=""></a>) with ip: but my default host in apache is
<a href="" title=""></a>.
My apache with received request from browser in, redirect
my request for <a href="" title=""></a>
I need help

Retry connection to reverse proxy backend


I've configured Apache as a reverse proxy for my application server.
When the backend server isn't available, Apache quickly responds the
browser with an error 503.

There are short downtimes while I'm upgrading the application server.
But Apache doesn't even care to retry and make the connection request
succeed maybe a few seconds later. It always raises error 503.

Can I configure Apache to try a little harder, and if the backend isn't
responding, wait a second and try again a couple times?

apache httpd2.4.29 error when running make command

Hello group,

I am getting following error when running the make command for httpd2.4.28
on RHEL6

Please advice.

*make[2]: Entering directory
--silent --mode=link gcc -std=gnu99 -g -O2 -pthread -o htpasswd
htpasswd.lo passwd_common.lo
<> /app/apache/httpd-2.4.29/srclib/apr/
<> -lrt -lcrypt -lpthread
undefined refe

How to retrieve variables from POST XML data

Hi All,

Can please someone provide an example of how to retrieve values from POST xml data.

I use ap_xml_parse_input() to get and parse XML POST.

At the moment I can retrieve everything, including elements, attributes, cdata, but the actual string values.

stable version of 2.4 running in production?

I am planing to upgrade Apache from 2.2 to 2.4 on RHEL 6.6.

I am looking for best practice, should i perform an upgrade from 2.2 or
install 2.4?

Thank you.

Apache responding with wrong protocol

I'm trying to set up Apache 2.4.25 with a Let's Encrypt certificate on
Raspian Stretch. However, I can't get SSL working. Apache keeps
responding with a 400 using HTTP instead of doing the SSL handshake.
What's most confusing is that the log produces lines like:

hostname:80 - - [31/Jan/2018:18:23:13 +0100]
"\x16\x03\x01" 400 0 "-" "-"

i.e. it says the request was coming in through port 80, even though it
didn't. I changed my configuration to include 'Listen 443 https' and
disabled the default listener on port 80.

apache 2.4, git smart http, and gitweb configuration


I'm trying to host a git repository via smart http on apache 2.4. I'm
also trying to make it viewable using gitweb. The goal is for all
transactions to happen over https so I've got a letsencrypt
certificate. Both reading and writing to the repo on the server should
prompt for a password.

Open Position: Webserver Engineer in Switzerland

Hi there,

My company,, is a small consulting / contracting company based in
Berne, the capital of Switzerland. We specialize in network monitoring and
Apache / ModSecurity.

We have an open position for a webserver engineer with a strong interest in

I am the author of the 2nd Edition of the ModSecurity Handbook, I maintain
a popular set of Apache / ModSecurity tutorials on the website
and I am one of the co-leads of the OWASP ModSecurity Core Rule Set project.

Obviously, the new netnea employee would work with me and with our
customers on these topics.

Mutex at run time


I set Mutex to default, sysvsem but when I am checking error_log
AcceptMutex is none.

My httpd.conf:
Mutex sysvsem
Mutex sysvsem mpm-accept

My error_log :
worker.c(1885): AH00294: Accept mutex: none (default: sysvsem)

Where am I going wrong to use mutex ?


compiling Apache httpd 2.4 with mod_nss - ignoring --with-nss= option

Apache 2.4.29 on RHEL 7.4

I need to compile Apache with --prefix so that I can manage it with a
non-privileged account, thus I am avoiding the RHEL provided RPMs. I am
trying to compile Apache 2.4.29 from scratch with mod_nss included.

I am configuring using:

./configure --with-apxs --prefix=/opt/apps/httpd-2.4.29
--enable-mods-shared="all cgi nss" --enable-mpms-shared='all'
--with-nss=/opt/local/ --with-nspr=/opt/local/ --enable-mods-shared

However, I do not see that any action is taken on the --with-nspr or
--with-nss options.

proxy_fcgi - force flush to client

Hello List,

currently i compare features and behaviour of proxy_fcgi to classical
methods like mod_fastcgi/mod_php.

mod_php/fastcgi have options to send every output from backend
immediately to client.

virtual host gives unexpected network read error


Can someone take a look at the below virtual host configuration?
Whenever I put it in my apache 2.4 the server returns an alert
unexpected network read error connection aborted message. If I take it
out the server behaves normally. Of course nothing is in any of the
logs I've got LogLevel set to warn.

minimal custom modul with no functionality

Hello List,

i try to remove mod_php and switch to php-cgi with proxy_fcgi and mpm_event.
An example setup is running well.  But by removing i want to
keep support for php_value/php_flag directives  in .htaccess
This is done by php-htscanner extension.

Apache child process crashing frequently

We have four Windows Servers running Apache 2.4.27 acting as load balancers for our application server cluster, which is running Tomcat. Recently, we have started to experience a high number of crashes with the web servers.

How to determine if some hook functions are registered for e.g the "Check User ID" phase

Is there some way to determine in a c-module which registered a authn
hook for authorization, if any other hook is configured in the "Check
User ID" phase of request processing?

Looking at:

<a href="" title=""></a>

i can register a hook to negotiated the user ID (in any arbitrary way
and set r.user = 'foo').

How can any other module in the auth stack chain determine if there is
some auth hook registered for e.g.

Successful arbitrary authentication with denied access on the resource results in a core:error AH00571 message in the logs about a missing AuthType

I am using an arbitrary authentication with mod_lua which works so far.

Authentication is done via mod_lua:

<a href="" title=""></a>

Authorization is done via mod_authz_svn.

I did that and set r.user = 'foo' to the request - just always the same
for this example, which is neither None, Form, Basic, or Digest

If a later authz_module in the stack, e.g.

Can't contact LDAP server

Hello all,

I'm doing SSO using auth_kerb_module with Active Directory and
authnz_ldap_module as fallback (Apache 2.4, FreeBSD 11.1, Windows Server

<IfModule auth_kerb_module>
LoadFile /usr/lib/
LoadFile /usr/lib/
AuthType Kerberos
AuthBasicAuthoritative off
Krb5Keytab /var/www/passwords/auth_kerb.keytab

h2load http/2 benchmarkingresults using different mpm/php configurations

Hello List,

separatly from other mail with proxy_fcgi/enablereuse problem i want to
tell about my results.

Apache 2.4 order mpm issue

Apache 2.4
CentOS 7
Apache has numerous times today hung on me.

difference in alias lines?


What is the difference between the two below alias lines?

Alias /.well-known/acme-challenge/ /usr/local/www/.well-known/
Alias /.well-known/acme-challenge "/usr/local/www/.well-known/"


Problem with authorized user and SVN access


I have an observation on the mod_authz_svn Module in combination with an authorized user.

I have a configuration with an Apache 2.4, mod_lua and Subversion modules 1.9.xx. This is my repo conf:
<Location /svn/repo>
DAV svn
SVNPath "/.../repo"
LuaHookCheckUserID "/etc/apache2/lua/hook.lua" authcheck_hook
AuthzSVNAccessFile "/.../repo.access"
Require valid-user

As you can see, the authorization is done by the Lua-script. As I understand it, this can be used a full replacement to, for example Basic Authentication.

Syndicate content