HTTPProtoco Options Apache 2.2

Hi Yann/Eric.
- We have ported the changes for CVE -2016-8743.

Reg: Persistent Connection B/W Apache(Proxy) and Weblogic(Content Server)

Hi All,
Just a quick question. when I use Apache 2.4.25 as reverse proxy via
mod_proxy and back end is weblogic 12c.

1) Is there any Apache parameter to count the persistent connection
between Apache and Weblogic.
2) Does all connection between front end proxy (Apache) and back end
content(weblogic) persistent by default?


allow deny file and multiple .conf question

When controlling access to specific files via Allow/Deny, and not using <Directory> or <Location>, and putting in different .conf files, does the order of the conf files matter?

In other words …

aaa-block.conf has …
<Files “aaa.php>
Order Deny,Allow
Deny from All

zzz-block.conf has …
<Files “zzz.php”>
Order Deny, Allow
Deny from all
Allow from your

Would the .conf files similar to one above controlling access previous be negated by the last zzz-block.conf above?

SSL virtual Hosts

I hope for my first question my questions isn't too stupid but I haven't
been able to figured out my problem. My problem is I have about 10 virtual
domains under the conf.d (Centos 6) directory with Apache HTTPD 2.2. SSL
(only) virtual hosts don't work if I used individual configuration files to
define the virtual hosts. But all works as I understand it should work if I
put all my SSL virtual hosts in 1 ssl.conf file in the same conf.d
directory. can anyone tell me, or point me to the info, why multiple
configuration files are not working for my SSL virtual hosts.

paypal/php apache2 integration problem

Hi Team, I have been battling this for several weeks now and am
completely stumped, so I am hoping for some inspiration!

We are using standard ubuntu 14.02 lamp stack, but reverted back to

We use backlevel Codeigniter framework (v2).

My latest task is to integrate Paypal Express checkout into our website.
After much research I have managed to code up units for a) getting a
token, b) creating a payment c) completing a payment (using server side
integration). I have pasted the recommended button code into one of our

I can successfully test each step from the command line.

if directive not being respected in Apache 2.4.6

While trying to set a conditional parameter for the OpenIDC apache module, it seems the directive is not being respected at run-time. For example:

<If "'foo' == 'foo'">
Define locale1 fr-FR
Define locale1 en-UK
OIDCAuthRequestParams locale=${locale1}

The value of locale is set to en-UK. Have tried string match(i.e. -strmatch) with same results.

Anyone successfully using the if directive in Apache 2.4 for a similar use-case?

How does apache2.4 maintains php7.0 opcache in prefork model

Does each apache2.4 child processes maintain their own opcache or is there
a global opcache shared by all children?

replace trailing new line character


I need to do some content filtering on my output. Currently, I've got
mod_sed to remove some xml nodes that I don't want going out. via:

OutputSed "/<nodeToRemove/d"

The final step is that the last line in the content contains a newline
character \n, but I need to remove that.

How can I easily remove the trailing new line character at the end of the



Yet another help with a rewrite rule :).

Basically, I need to rewrite from:

<a href="http://host:8080/context/8/13806050/model/834/data/modelData/90791" title="http://host:8080/context/8/13806050/model/834/data/modelData/90791">http://host:8080/context/8/13806050/model/834/data/modelData/90791</a>


<a href="http://host:8080/context/8/13806050/model/834/data/modelData/90791/raw" title="http://host:8080/context/8/13806050/model/834/data/modelData/90791/raw">http://host:8080/context/8/13806050/model/834/data/modelData/90791/raw</a>

where the constants of the url are "model" "data" "modelData" The other
parts are wild cards that can be anything.

Any help on a rewrite rule would be most appreciated. my regex is rather


Query on cgidtimeout

Hi Yann,
I have a query wrt cgidscripttimeout in apache 2.4
There is simple cgi script which runs in loop printing the env
However low the value of cgidscripttimeout ts set to the script
doesnt seem to terminate, but executes completely.
Is there anything i am missing, pls advise.


Apache 2.4.25 with openssl 1.1.0e


I am trying to build httpd-2.4.25 with openssl-1.1.0e. But getting
error in SSLv2_Client_Method,
CRYPTO_malloc_init functions .

Whether anyone encountered the same problem?
Does apache-2.4.25 support openssl 1.1.0e?


Vendor Connection via Proxy to SNI Server response 403 Forbidden

Hi Everyone,

There are few posts going around and I was wondering if any one had some advice or experienced a similar issues

Current Apache Version: httpd-2.4.12


- External Vendor WebServer enables SNI check
- I currently connect to vendor via proxy (from Http to Https)
- I disable ssl checks on the certificate
- Each time we make a connection I’m returned 403, the reason is the vendor enables SNI check and within the Client Hello (SSL Handshake) packet we set ServerName from vHost “”

Basic config

<VirtualHost *:*>

ServerName Internal-site.

Kerberos authentication exclusion by IP address

Apache 2.4.6

My site is behind an F5 load balancer. Apache sees all requests coming from The F5 sends the X-Forwarded-For header containing the actual client IP address. I need to attempt Kerberos auth for the entire site (<Location />) for internal (X-Forwarded-For header is users. This is working just fine. Apache should not even attempt Kerberos for external (X-Forwarded-For header is anything but users. It _can_ attempt it as long as the user does not see indication that Kerberos auth failed (which it always will for external users).

What is configuration

i need redirect my apache for use cups and i need use Directory
/var/www/html/jasmine with another application. What is a configuration
correct? in apache show "Not Found" for directory of Jasmine, if i remove
proxy pass directory jasmine work.

<VirtualHost *:80>

ProxyPreserveHost Off
ProxyPass / <a href="http://localhost:631/" title="http://localhost:631/">http://localhost:631/</a>
ProxyPassReverse / <a href="http://localhost:631/" title="http://localhost:631/">http://localhost:631/</a>


<VirtualHost *:80>

<Directory "/var/www/html/jasmine">
Require all granted


Analog log file analyzer for Apache logs

Has anyone used these more recent versions (C:Amie) for Apache logs?

<a href="" title=""></a>


Trouble updating PHP version on MAMP on Mac

I'm trying to update the PHP version used in the built-in MAMP on my Mac,
as indicated at
<a href="" title=""></a>.

After obediently completing all the steps, the "CLI" version is
updated allright :
the output of php- v in my terminal is

PHP 7.1.4 (cli) (built: May 6 2017 10:02:00) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.1.0, Copyright (c) 1998-2017 Zend Technologies
with Zend OPcache v7.1.4, Copyright (c) 1999-2017, by Zend Technologies
with Xdebug v2.5.3, Copyright (c) 2002-2017, by Derick Rethans

But I look at t

Server Side Includes question

1) Is it possible to auto add a footer to all web pages on a server, including all virtual hosts sites pages, with a Server Sides Includes, without editing any of the pages?

2) Is it possible to accomplish adding a javascript to the bottom of all pages on a server, including virtual hosts, automatically via Apache, without touching any of the sites pages?
If so, how?


apache in proxy mode introduces extra delay for sockjs in xhr poll mode

I need to handle users disconnecting from my sockjs application  running in xhr-polling mode . When I connect to localhost, everything works as expected. When I put apache between nodejs and browser, I get ~20 sec delay between closed browser and disconnect event inside nodejs. My apache proxy config is following:
ProxyPass <a href="" title=""></a>
ProxyPassReverse <a href="" title=""></a>
The rest of the file is default, you can see it  here .

adding footer to all web pages

If we wanted to add a Google Analytics footer to all pages on our server, meaning all virtual hosts, what is the best way to do that via Apache without having to touch the individual web sites?

'found' mod_proxy_html and mod_ssl


I did eventually figure out that these modules were created (or not)
by the configure script. Is this true of all of the modules supported
by Apache that aren't core functionality?

Jeff Cauhape
IT Professional III
Department of Employment, Training and Rehabilitation
Phone 1-775-684-3804
Email: <a href="mailto: ... at nvdetr dot org"> ... at nvdetr dot org</a>

Building httpd2.4.25 on powerpc-ibm-aix7.1.0.0

I have been trying to install/compile Apache Subversion 1.9.5 with HTTPD-2.2.32, and it's been failing consistently.
Someone mentioned that Subversion1.9.5 may not have been fully tested with HTTPD2.2.x. So I decided to install httpd-2.4.25 on the same machine and give it a try.
Except that I am getting errors when building httpd-2.2.32.
Config command line is as follows:
It was created by configure, which was
generated by GNU Autoconf 2.69.

compiling apache on ubuntu

hi all!

i try to compile Apache 2.2.32 on:

VERSION="16.04.2 LTS (Xenial Xerus)"
PRETTY_NAME="Ubuntu 16.04.2 LTS"

this is my configure:

./configure --enable-rewrite --enable-vhost-alias --enable-so
--enable-ssl --enable-deflate --enable-headers

i get this error on "make":

network_io/unix/sockaddr.c: In function ‘find_addresses’:
network_io/unix/sockaddr.c:518:20: error: storage size of ‘hs’ i

Rewrite REMOTE_USER environment variable

I am involved in migrating a legacy site, using Apache authentication and cgi
scripts, to a CMS based site which uses its own access control.

The legacy site used membership numbers as the user name, but the CMS site uses
zero padded versions of those numbers. So a user logging in to the legacy site
would enter 10123, but 00010123 on the CMS site.

no return nor action of program

Dear list,

I am using an 64bit ArchLinux with gcc 6.3.1 and compiled apache 2.4.25.
This is done as part of the apache-tools package from AUR [0].
As you can see we apply a patch for openssl1.1, since AL switched to
that version recently.

Apache 2.2.32 request header parsing and RFC7230 compliance

RFC7230 section 3.2.6 (<a href="" title=""></a> ) defines a HTTP header field as:

header-field = field-name ":" OWS field-value OWS
field-name = token
token = 1*tchar
tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*"
/ "+" / "-" / "." / "^" / "_" / "`" / "|" / "~"
; any VCHAR, except delimiters

I believe Apache 2.2.32 fails to comply with the above definition for a single character request header.

Apache HTTP Server - 2.4.15-mod_prefork module

Any help how do I explicitly install and enable mod_prefork module for
Apache 2.4.15 proxy.

When I installed Apache proxy, chose mod_modules to all, but prefork is
not installed, cannot see it in modules folder.

Please help.


http/2 vs. Headername

Apache 2.4.25


i have a small .htaccess with following content to view Foldercontents:
Options +Indexes
Headername /foo/bar.htm
This is working by http, but fails in https if browser uses http/2.
Firefox: Secure Connection Failed

I dont see **any error in my logs, http/2 Browsers just stop loading.
When disabling http/2, also https is working.
What to do now?


Suggestion/Question about HTTP & HTTPS configurations


I am a user of Apache in the sense that I install it, configure it and run
it to host sites...I'm hoping this is the correct list to send this to.

Anyway, I recently did my first "from scratch" Apache install, build and
configuration in a cloud server (I had always used cPanel & WHM before).

My suggestion is that Apache should "assume" that port 80 for HTTP and port
443 for HTTPS and that they both serve the same content.

I'm not suggesting people shouldn't be able to customize it, but adding
duplicate and redundant directives for each Virtual Host for HTTP and HTTPS
seems unneeded.

Automatic session expiration with auth_form

Is there any way to cause an auth_form session to expire automatically?


Best regards,


SSL Installation with certbot; problems

Hello all,

Firstly, I'm a bit of a beginner so please be as patient as you can.

I set up a practice website that sent data collected from a form to a
database. It worked.

I then tried to install an SSL certificate for better security.
Unfortunately it didn't work (when typing URL my browser couldn't open the
page). I then discovered certbot and used this to attempt to install an SSL
certificate. It doesn't work now. As I didn't make the changes myself I
can't go back and undo them.

Help needed on using python script from Apache Rewrite configuration


I have Server version: Apache/2.2.31 (Unix) and trying to pass few arguments from Apache rewrite conf file to Python (version 2.6) script.

Also, I want to process the python output in rewrite configuration file.

Please let me know, how can I pass variables to python script and retrieve the output in rewrite configuration file.
I have loaded mod_python-3.3.1-16.el6.x86_64 and updated the httpd.conf file with proper path.

I have tried below steps just to verify, but no luck :
RewriteEngine On

RewriteMap d2u "prg:/opt/httpd/custom.d/"


Hello Team,

Any idea how can we test if apache supports TLS1.1 and TLS1.2?

This is bundled with openssl?

Please share detail on tls , how to test?

Ankit Jain

Need help in change of context root while redirecting url

Hello Team,

I have a requirement to change the context root in the url when redirecting.

For example: If user hits the url <a href="" title=""></a>
It should redirect to <a href="" title=""></a>.

from url: <a href="*abc/def" title="*abc/def">*abc/def</a> *--> <a href="" title=""></a>

Please help me if RedirectMatch will work in this case.

RedirectMatch /*abc/def * /

Thanks & Regards,

A curious thing - apachectl status in Apache 2.4.25

I recently built Apache 2.4.25 and am running it on RHEL 7.3.
I've found something that seems a step backwards from 2.4.6
and I'm hoping someone can shed some light on it.

In the Apache 2.4.6 shell script apachectl, a call to "apachectl status"
invokes systemctl status httpd.service. This gives you easy-to-read
output regardless if the server is running or not.

In the Apache 2.4.25 version of apachectl, "apachectl status" instead
calls links with the /server-status URL. When the server is up, you
get a lot of info.

Redirect all unconfigured sub-domains to specific sub-domain


I'm using Apache 2.2 and currently have the following configuration files:

00-default -> redirect non-https-URLs to https-URLs
00-default-ssl -> default configuration for <a href="" title=""></a> and <a href="" title=""></a>

Then several files -> configuration for <a href="" title=""></a>

So what I want to do is if a user browses to my domain with an unconfigured sub domain, he is redirected to lets say <a href="" title=""></a>

Reason: Currently he gets a certificate error, cause cert (letsencrypt) is only valid <a href="" title=""></a> and h

mod_proxy and 404


I’m noticing that mod_proxy sends its entire payload upstream without checking for an early response (e.g., 308 or 404). If upstream sends such a response then closes the connection, mod_proxy never sees it and reports a 502 back.

Browsers don’t behave this way; they see the response and forward it as expected. Is this a bug in mod_proxy?

-Felipe Gasper
Mississauga, ON

How to proxy web server?


Apache 2.4 on Debian Testing, mpm_itk

I have the Discourse web forum running in a docker container. The container's webserver is bount to localhost:2080.

How to customize error responses (while using mod_rewrite)?


my general question is how I can generate customized error responses
while using the mod_rewrite module. Yes, I know the page

<a href="" title=""></a>

but the ErrorDocument directive allows only to do some customization per
status code optionally refined by context but I want to output customized
error pages specifically for many different request conditions determined
mainly by various RewriteCond directives.

Here an actual special example: On a server running httpd 2.4 I want to
disallow the HTTPS access using the TLSv1.0 protocol.

Getting PHP-FPM working

I'm not sure is this is the correct list to post these questions to, since
I now have things isolated to a single module in PHP-FPM, so please
redirect me if necessary.

Apache 2.4.25: Attempting to load balance websockets in conjunction with ProxyPassMatch

I would love some inputs on the attempted configuration for load balancing
websocket & http requests in conjunction with ProxyPassMatch.

I am trying to load balance via Apache 2.4.25 two instances of an
application which intrinsically uses nginx as its internal proxy.

problems with apr-iconv and mod_dav with special chars

Hey all,

dont know if im right here, so i will quick ask my question here.

In the german language are this annoying special chars and umlauts: äöü...
Problem is, that when an user saves an file with these umlauts, and connects over webdav to the apache, then the umlauts are not readable and the files are not usable and so on.
I have tried all Charset options in config, without success :(

Therefore i have thought i will include apr-iconv and patch the mod_dav, that it returns the filenames in the correct charset.
But the problem is, that im an bad programmer and the apache only segfaults.

Reg: Queue up connections in Apache Proxy 2.4.15

Dear All,
I am using Apache 2.4.15 as a reverse proxy for back-end weblogic 12c.

My requirement is to queue up connections/requests in Apache when the
back-end weblogic 12c server is overloaded and then release the connection
when capacity is available.

is this possible to achieve in Apache 2.4 proxy?

Your input is much appreciated.

Apache 2.4.15 (proxy)
weblogic 12.1.3 (content server)
Red Hat Linux 7.2


Redirection of URL in Apache

Hello Team,

I have a request to redirect a URL to a different server (host) and then to
another server.

How rewrite module can help me in this case.

Please do the needful and let me know if need further details.

Thanks & Regards,

cgi script error output logging


According to this documentation everything a cgi script sends to stderr is written to the apache error log file. 

Unfortunately I can not control those scripts running on my server and often garbage is sent to stderr and then written to my error log. Because there isn't even a timestamp or any other useful information on those lines, I can't find out, which vhost created the error.

SSL / ca-bundle.crt file

This is a follow up to an email I send out last Friday.

When setting up a website to use MIL CAC cards. As long as SSLVerifyClient
require SSLVerifyDepth 10 and we do not remove anything from ca-bundle.crt
file we receive from DOD it works fine.

Our problem is: When a user puts in his CAC and goes to our site we only
want the "EMAIL CA" to show in the "Select a Certificate" box. So we
change the SSLVerifyDepth to a 1.

Error with Kerberos in Apache

Well, i try my first test and work, if i authentic with Ldap protocols
without kerberos work, but i try add kerberos, show erros messages in log.
Any idea?

No errors in apachectl configtest

cat /etc/krb5.conf

default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

default_realm = REDE.COM.BR
dns_lookup_realm = false
dns_lookup_kdc = true
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false

Problem running cgi-bin scripts

I've been using Apache 2.2 on an old Solaris box for ages.

apache 2.4 includes vi .swp files


found an interesting difference between include behaviour of apache 2.2
and 2.4

Have an include in apache2.conf:

Include /etc/apache2/conf.d/

When editing a conf file in this folder by vi, vi creates a new swp file.
lets say i edit a file logging.conf, so vi creates a file .logging.conf.swp

When running "apachectl configtest" at this particular time, apache 2.4
tries to include the .logging.conf.swp which fails, because
.logging.conf.swp is binary and invalid.
This prevents apache 2.4 from sucessfully start and leads to downtime.

Apache 2.2 tries not to include this .swp file a

ProxyPass with Location in 2.4.25

Hello, we upgraded from 2.4.18 to 2.4.25 and now our configuration
isn't working anymore.

ProxyPreserveHost On

<Proxy balancer://ppp>
BalancerMember <a href="http://xxx.xx.xx.xx:8080" title="http://xxx.xx.xx.xx:8080">http://xxx.xx.xx.xx:8080</a> route=vm_0 ping=5
BalancerMember <a href="http://xxx.xx.xx.xx:8080" title="http://xxx.xx.xx.xx:8080">http://xxx.xx.xx.xx:8080</a> route=vm_1 ping=5

<Location "/service">
ProxyPass balancer://ppp/system
stickysession=JSESSIONID|jsessionid scolonpathdelim=On
ProxyPassReverse balancer://ppp/system
ProxyPassReverse <a href="http://ppp.local/system" title="http://ppp.local/system">http://ppp.local/system</a>
ProxyPassReverse <a href="https://ppp.local/system" title="https://ppp.local/system">https://ppp.local/system</a>
ProxyPassReverseCookiePath /system /service

http connection queuing in Apache 2.4 (Reverse Proxy Server)

I am using Apache 2.4.28 as a reverse proxy for weblogic 12c. I am using
Oracle delivered plugin to communicate from Apache to weblogic 12c. My
requirement is to enable queuing option in Apache proxy server. Meaning,
when I restrict the connections at weblogic layer, I want the users to be
queued in Apache proxy for certain period until weblogic releases the some

is this possible to achieve in Apache 2.4 proxy?

Apache 2.4.28 (proxy)
weblogic 12.1.3 (content server)
Red Hat Linux 7.2

Velmurugan Dhakshnamoorthy (Vel)

AuthLDAPInitialBindAsUser etc.

Hi all,

I have a 90% solution for authenticating against an ldap server that
does not allow unauthenticated binds, but I'm looking for the
last 10%.

MIL CAC and mod_ssl for httpd 2.4.6

We have a setup where we have to use MIL CAC's to access our site. It
currently works with SSLVerifyClient require and SSLVerifyDepth 10, but
we want to limit what the users see to just of the certs that is
presented. We tried changing the VerifyDepth to 1 and removed all the
non-email certs in the ca-bundle.crt file. But the problem we get is it
errors in the ssl_errors_log of AH02039: Certificate Verification: Error
(20): unable to get local issuer. Googling this error says it's missing a
intermediate cert.

Headers blocking application content


We are using below header to fix the vulnerabilities.

Header set Content-Security-Policy "default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';"

But after that application content is getting blocked while accessing it through browser.

We have given a try with same header but with different value.

Header set Content-Security-Policy "frame-ancestors"

Application is able show the content in IE and Firefox but not in chrome.

HTTPS implementation to apache2 server, localhost

Hi All,

I am trying to implement HTTPS to my local server(apache2) and below is
configuration file.

Matt Tosto has shared a document on Google Docs with you

Matt Tosto has invited you to view the following document:

Open in Docs

Error in log, Idk problem

I have a problem and I do not know how to fix it,
Is problem with sub directories, I try redirect with cups.

Apache 2.4: Proxy certificate configuration question


when Apache is configured as a WebServer I can configure the private
key and the certificate of the server separately using
SSLCertificateFile and SSLCertificateKeyFile.

When configuring Apache as an HTTP Proxy (Reverse Proxy or Forward
Proxy) it seems I can only configure the proxy private key and
certificate if they are combined into a single PEM file with

Is that understanding corrector is there also a way to defined key and
certificate for an HTTP Proxy configuration separately?


Browser differences

We have developed a complex javascript application
There are "a few megabytes" of our own code, plus OpenLayers map handling
and jQuery.

We're serving it through Apache 2.2.15-59, which arrived on CentOS 6.9 in
mid April.
And everything works well and reliably for us.

But for the last couple of weeks, our client has been experiencing problems
starting the application.
The Javascript console reports that some Javascript files are not loading
because "Connection Timed Out" on one of the JS files.
Apache is not logging any errors.

The obvious explanation would be in terms of network connection

CRL list with size more than 4MB


We have a system in which the access control is done via SSL certificates. The end-users provide their personal certificate and we let them in. We have Oracle Linux 6.8 with apache 2.4 and openssl 1.0.1e. We have problem with one of the issuers of certificates (CA) in our country. Their CRL files are larger than 4MB.

I need help figuring out a 500 response code

Hi. I am having major problems figuring out a 500 response code I am
getting on my hserver.

I am using apache 2.4.25 on gentoo linux up to date as of a few days

So, I havinstalled owncloud which is a cloud server written in php and
it has worked for a long time, but for a few days I have gotten 500
when I try to access it.

Syndicate content