DevHeads.net

User

Apache 2.4: Users autenthication in Active Directory

Hi!
Thanks in advance!
I need help with Apache configuration to enable login through Active directory.
I want allow login if a user is member of a group contained in other group.
Now I have this:
Alias /nagios /opt/nagios/share
<Directory "/opt/nagios/share">
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
AuthType Basic
AuthName "Acceso restringido"
AuthBasicProvider ldap
AuthLDAPURL
"ldap://server/DC=domain,DC=red?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN <a href="mailto: ... at domain dot red"> ... at domain dot red</a>
AuthLDAPBindPassword "xxxxxx"
Require l

Help needed on Apache http server setting

Hi All,

We are using HTTP server to route the request to Winchill PLM. There is a requirement to force the user to change the password once the login first time into the PLM.

RedirectMatch escaping AMP ?

Hello Guys,

I have a condition like this:

RedirectMatch ^/g/(.*) https <https://www.${apache_hostname}/folder1/?ec=$1&ea=EBH&el=GCC>: <https://www.${apache_hostname}/folder1/?ec=$1&ea=EBH&el=GCC>//www.${APACHE_HOSTNAME}/folder1/?ec=$1&ea=EBH&el=GCC <https://www.${apache_hostname}/folder1/?ec=$1&ea=EBH&el=GCC>
So when I do CURL to that virtualhost running that condition like this <a href="https://www.example.com/g/1234" title="https://www.example.com/g/1234">https://www.example.com/g/1234</a> <https://www.example.com/g/1234>
it gives me back this:

<a href="https://www.example.com/folder1/?ec=1234&amp;ea=EBH&amp;el=GCC" title="https://www.example.com/folder1/?ec=1234&amp;ea=EBH&amp;el=GCC">https://www.example.com/folder1/?ec=1234&amp;ea=EBH&amp;el=GCC</a> <http://www.example.com/folder1/?ec=1234&amp;ea=EBH&amp;el=GCC>
I

Help regarding Listen directive

Hello

I have tried to upgrade my http from version 2.4.25 to 2.4.33 but
encountered an issue with configuration file. In my configuration file
I have 'Listen port' directive is repeated ( configuration files are
created dynamically by application logic ). in 2.4.25 apache read the
directive wisely and works fine.

Some questions regarding Apache HTTP Server ServerLimit (Too Many Child Processes)

Hello,

I'm using Apache HTTP Server 2.2.32 on Linux.

I see that too many child processes are being made on Apache HTTP Server.

Child processes are being made up to 256 on Apache HTTP Server.

Apache HTTP Server is using ServerLimit default value(256).

Q. Could you please provide me how to set ServerLimit value greater than
ServerLimit default value(256) on Apache HTTP Server?

Q. Could you please give me any advice for reducing be being made too many
child processes on Apache HTTP Server?

Q.

(rewritten) In directory pages, how to show file dates in a specific timezone?

Hello,

I could not find a way to show file listing pages (generated by Apache)
with times in the correct timezone. The timezone is defined in the
environment, but Apache refuses to take it into account (assuming that
what I set it what should be set).

To detail the situation a bit more: a Debian 9 server with Apache 2.4; a
normal user account; a working ~/public_html folder for public web content.

Dates and times are correctly shown in SSH accesses to the server, made
by me.

configuring a proxy fallback

Here's something I think I can't do with apache.

I have a uwsgi backend server and a legacy http server. I would like a
reverse proxy that puts the dynamic site "in front of" the legacy site,
such that 404s from the former are internally redirected to the latter.

We have this implemented in nginx, but I recently needed to switch the
proxy to apache. ErrorDocument is the obvious hook, but it has to be
a local url. I've looked at the rewrite engine and balancer groups,
and I haven't found any way to do this.

IF request_uri regex syntax

Hello,

Trying to check the request uri against a regex in an IF directive.
This IF directive is located inside a <Location> tag.

Following is the code:

<If "%{REQUEST_URI} =~ /manager/status/ && %{HTTP_USER_AGENT} =~
/Chrome/ && %{QUERY_STRING} =~
/org.apache.catalina.filters.CSRF_NONCE=.*/">

AddOutputFilterByType INFLATE;SUBSTITUTE;DEFLATE text/html

</If>

However, when trying to restart apache, I get the following:

May 16 19:20:53 apache.localdomain systemd[1]: Starting The Apache
HTTP Server...
May 16 19:20:54 apache.localdomain httpd[2586]: AH00526: Syntax error
on line 21 of /etc/ht

In directory pages, how to show file dates in a specific timezone?

Hello,

I could not find a way to show file listing pages (of Apache) with times
in correct the timezone. The timezone is defined in the enrironment, but
Apache refuses to take it into account.

The discussion made in
<a href="https://www.linuxquestions.org/questions/showthread.php?p=5855435" title="https://www.linuxquestions.org/questions/showthread.php?p=5855435">https://www.linuxquestions.org/questions/showthread.php?p=5855435</a> shows
that situation clearly.

Running Lua Script using mod_lua

Hi,

While running lua_script using mod_lua, I am getting this error in
error_log. What does it mean
"PANIC: unprotected error in call to Lua API (core and library have
incompatible numeric types)"

Thanks
Hemant

Installation Error in Apache2

Hello

When I try to install Apache2 on Ubuntu using the command

"sudo apt-get install apache2 apache2-doc apache2-utils"

It throws up the following error:

*Syntax error on line 17 of /etc/apache2/sites-enabled/000-default.conf*
*SSLv3 not supported by this version of OpenSSL*
*Action 'configtest' failed*

Anyone has any clue on how to resolve the error?

Thank You
Deepak

Deepak
"The greatness of a nation can be judged by the way its animals are
treated.

How configuring a per directory and servername access

Hi,

I have a server running lots of virtualhosts, each served by a
servername.

Exemple: demo1.domain.tld demo2.domain.tld ... demoX.domain.tld

I start a migration on an other server/other IP and would like make
tests before production without having to create again all the
servernames in DNS.

Newbie - SSL Apache2 Ubuntu

Hello

Is there a start-to-finish guide on how to integrate SSL with Apache2 on
Ubuntu?

Thank you
Deepak

Deepak
"The greatness of a nation can be judged by the way its animals are
treated. Please stop cruelty to Animals, become a Vegan"

+91 73500 12833
<a href="mailto: ... at gmail dot com"> ... at gmail dot com</a>

Facebook: <a href="https://www.facebook.com/deicool" title="https://www.facebook.com/deicool">https://www.facebook.com/deicool</a>
LinkedIn: <a href="http://www.linkedin.com/in/deicool" title="www.linkedin.com/in/deicool">www.linkedin.com/in/deicool</a>

"Plant a Tree, Go Green"

Make In India : <a href="http://www.makeinindia.com/home" title="http://www.makeinindia.com/home">http://www.makeinindia.com/home</a>

Getting hostname from FQDN as variable in config file

Is it possible the access the hostname part of a FQDN in a config file?

For example, suppose the config has the following condition:

<If "-d '/var/test/%{HTTP_HOST}'">

This might resolve to a directory such as:

/var/test/NAME.example.com

Is there a way to resolve just the initial part of the host, i.e. NAME?

Security Headers, ISP, no root won't work

Hi!

I want to enable some security headers.

Missing headers on 403 pages

Dear Sir/Madam,

We setup apache to set headers, like the X-Frame-Options.
But this doesn’t work for the 403 pages, only the Strict-Transport-Security works. On non-error pages, the headers are showing correctly in the browser/security scans

The headers are set to the virtual hosts and later also to the global apache configuration, without any luck.

The problem is that some security scans show warnings to the customers and the think the sites are unsafe.

Is it possible to set the headers, so 403 pages are also delivering this to the browsers?

Met vriendelijke groet,
G.

AuthLDAPRemoteUserAttribute Directive in mixed mod_authnz_ldap Authn and Authz setup

Hello,

I am trying to get Kerberos Authentication and LDAP Authorization
working together.

But I have a situation where some of my users have Kerberos principal
name that are different from their LDAP uids which is used in group
membership. Basically each users has 2 UID attributes, one is just a
plain username, and 2nd is ... at REALM dot

Python and Perl support in Apache

Hi All,

Which of the following is the best way to support python and perl in our
apache and why.

Python - WSGI, CGI, CGID or FCGID.

PERL - mod_perl, cgi, cgid , mod_fcgid, mod_psgi.

Thanks
Hemant

Newbie - Apache as internet facing proxy for Windows/IIS backend .net app server?

Hello all,

I just want to know if this is even worth my time trying to figure out.

We have an Accounting application (.ne/IIS on Windows Server 2008R2) on
our LAN, but I need to provide a window to this through the internet,
and I'd really, really like to not put a Windows Server on our DMZ
facing the internet directly (if I have to, it will be a
separate/standalone server that redirects/proxies to the Accounting server).

first and foremost - is it even possible to setup an Apache server to do
this?

sanity check

Hello,

Can someone look at this file snipet and give me a sanity check on it?
This is for Apache 2.4, and I'm thinking something might be not right
with it.

2.4.33 secure web crashes

Hello,
We have been running/upgrading the Apache web for years on a custom ARM
device with great success.

When we upgraded from 2.4.29 to 2.4.33 we now have trouble with crashes.

If we query the web server with multiple sessions via http, no problems, if
we do the same thing with https, after a minute or two the web server will
do a hard crash.

The web server is set-up for Basic Authentication, using pwauth i.e.
AddExternalAuth pwauth
/bin/pwauth
SetExternalAuthMethod pwauth
pipe

We go back and forth between builds switching between 2.4.33 and 2.4.29
(only the main app and modules are swap

mod_proxy_fcgi unix domain socket syntax question on Apache documentation

Looking at the documentation on this page ...

<a href="https://httpd.apache.org/docs/2.4/mod/mod_proxy_fcgi.html" title="https://httpd.apache.org/docs/2.4/mod/mod_proxy_fcgi.html">https://httpd.apache.org/docs/2.4/mod/mod_proxy_fcgi.html</a>

<https://httpd.apache.org/docs/2.4/mod/mod_proxy_fcgi.html>The documentation says "With this syntax, the hostname and optional port following fcgi:// are ignored." regarding this example ...

ProxyPassMatch "^/(.*\.php(/.*)?)$" "unix:/var/run/php5-fpm.sock|fcgi://localhost/var/www/"

Why are they in the example if they are ignored?

Are they also ignored here?

SetHandler "proxy:unix:/path/to/app.sock|fcgi://localhost/"

Thanks

John

ssh setup question

Hey all,

 for a new web server, so we need to create a .ssh directory and store
the public key in

.ssh/authorized_keys? If so, where does doe the directory need to be
placed - underneath DocumentRoot?

Jarrell

apachectl -k graceful

If I do an apache2ctl -k graceful on Ubuntu (or service httpd restart in
CentOS), using mod_php and a max_execution_time = 30 in php.ini, then is
there any reason why the server would take more than say 1 minute to serve
all requests with the new php.ini + Apache configuration (+ php files)?

I know max_execution_time doesn't include system calls, so if a large file
were being uploaded and simultaneously thumbnailed at various sizes with
imagemagick or something, then it could take more than 30 seconds.

I'm asking because I'm doing DevOps and I don't want to introduce delay
into deployments (

Apache FilterProvider Deflate expression

Hello all,

I am trying to inflate, substitute, and then deflate the content
returned to the client based on the response header.

Apache24 fails after LibreSSL 2.7.2: mod_ssl.so: Undefined symbol "OPENSSL_malloc_init"

LibreSSL 2.7+ is a big change and it caused a host of issues for me, most of which I've resolved with the patches posted on the LibreSSL wiki at <a href="https://wiki.freebsd.org/LibreSSL/2.7" title="https://wiki.freebsd.org/LibreSSL/2.7">https://wiki.freebsd.org/LibreSSL/2.7</a>, but www/apache24 is still refusing to start post-update (the port was patched for LibreSSL on 24 Mar with 2.4.33)

my env:
apache24-2.4.33
libressl-2.7.2_1
FreeBSD 10.3-RELEASE-p28 #0 r330946
(portmaster)

When I try # apachectl restart I get:

Apache24 will not start:
httpd: Syntax error on line 130 of /usr/local/etc/apache24/httpd.conf: Cannot load libexec/apache24/mod_ssl.so into server: /usr/local/libexec/ap

change mime.types using cmake command script

Hi Team,

I am creating apache build using source code, I came into one requirement to update mime type, Please let me know how can I mime.types using cmake command,

I have a way to create a patch file and update mime type, so please let me know the best way to update it.

Thanks and Regards,
Rajendra Rathore
9922701491

openssl-1.1.0 with httpd-2.4.33

Hi All,

I am trying to build openssl-1.1.0 with httpd-2.4.33, everything is working
fine without mod_ssl. But when I am loading mod_ssl, I am getting error
while deloading the module i:e dso_close. Whereas httpd-2.4.33 is working
fine with openssl-1.0.2d.

Does anybody also get this issue ?

Thanks
Hemant

ApacheCon North America 2018 schedule is now live.

Dear Apache Enthusiast,

We are pleased to announce our schedule for ApacheCon North America
2018. ApacheCon will be held September 23-27 at the Montreal Marriott
Chateau Champlain in Montreal, Canada.

Registration is open! The early bird rate of $575 lasts until July 21,
at which time it goes up to $800. And the room block at the Marriott
($225 CAD per night, including wifi) closes on August 24th.

We will be featuring more than 100 sessions on Apache projects.

programmatic control of paths to site

I have an apache virtual server that proxies requests to a local service.
I need to programmatically deny access to various child paths during
certain local maintenance operations. Rather than create discrete
instances for each child path that I could stop, is there a more elegant
solution to handling case?

Thanks,
jlc

ab bugs and a misfeature

1) The misfeature: The percentiles that ab prints to stdout do not
match the values it prints to the .csv file.

Lines 1157-1158 of the current trunk version of ab.c:

printf(" %d%% %5" APR_TIME_T_FMT "\n", percs[i],
ap_round_ms(stats[(unsigned long)done * percs[i] / 100].time));

and line 1175:

t = ap_double_ms(stats[(unsigned long) (0.5 + (double)done * i /
100.0)].time);

This was introduced by revision 1617913 (which fixed a nastier bug.)

2) The first bug: The second calculation overruns the end of the array
if "done" is small.

Proxying everything but one file

Greetings fellow Apache users,

I have a simple setup where I currently proxy to a backend application server farm, i.e.

ProxyPass / <a href="https://url.myserverfarm.com:port/" title="https://url.myserverfarm.com:port/">https://url.myserverfarm.com:port/</a>
ProxyPassReverse / <a href="https://url.myserverfarm.com:port/" title="https://url.myserverfarm.com:port/">https://url.myserverfarm.com:port/</a>

Now we want to start monitoring the proxies for a health check file that exists in the local htdocs directory, something similar to:

/healthcheck/server.html

however since we proxy everything and the kitchen sink what is the best way to accomplish this without having have individual entries for every proxied URL (currently over 100+ URLS) ?

mod_proxy_ajp - Bad request for one specific request

Hi,

We're using Apache 2.4.20 on Windows.

CORS (Cross Origin Resource Sharing) server side configuration

Good Morning, I'm looking for documentation about setting CORS headers in
apache.
The problem is that I need to handle a cors request and be sure I set all
the necessasary header in apache.
Right now I het error 401.
*Most of all, I can't find good server side documentation on how to handle
CORS request!*
May you please write a link if that documentation exists?
This
<https://benjaminhorn.io/code/setting-cors-cross-origin-resource-sharing-on-apache-with-correct-response-headers-allowing-everything-through/>
is the most complete topic I found but it sounds alchemic.
Ok, here we go with details:

apache 2.4 email autoconfig and autodiscover configuration

Hello,

If anyone is using email autoconfig and/or email autodiscover with
apache 2.4 can you let me know? I'm trying to get it working, and the
xml files from what i'm researching on the net, look good. I'd like to
know your apache configuration?

Thanks.
Dave.

mod_ratelimit working by steps ?

Hello all,

I'm using Apache 2.4.24 on Debian 9 Stable, behind a DSL connection,
with an estimated upload capacity of ~130kB/s.
I'm trying to limit the bandwidth available to my users (per-connection
limit is fine).
However, it seems to me that the rate-limit parameter is coarsely
grained :

- if I set it to 8, users are limited to 8 kB/s
- if I set it to 20, or 30, users are limited to 40 kB/s
- if I set it to 50, 60 or 80, users are limited to my BW, so ~120 kB/s

(tests were done by changing the parameter, restarting apache, then
downloading a file using Firefox.

Apache supports client initiated renegotiation

Hi Team,

I tried to send request from openssl-1.0.2d to Apache server-2.4.25 for ssl
renegotiation using command "openssl s_client -connect IP:PORT". I got
error RENEGOTIATING
2283136:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake
failure:s3_pkt.c:656. I checked in error log, error is [client
15.213.82.149:52145] AH02042: rejecting client initiated renegotiation.

I got SSL_SECURE_RENEG true in my custom log, it means we are supporting
Secure Renegotiation. But how should I enable client initiated ssl
renegotiation ?

Thanks
Hemant

Server Configuration

Need your suggestion on setting up an web application and REST api in
server.

Currently there are 3 applications like as below

1. User web application - Running on node.js - port 3389 / universal react
application
2. Admin web application - Running on apache - port 8080 / laravel
3. Rest Api for user application - Running on apache - port 8080 / laravel

Currently we load the applications like as below

*User Application:- *
<a href="http://www.xyz.com:3389" title="www.xyz.com:3389">www.xyz.com:3389</a>
www. xyz .com:3389/help
www.

Logging in apache

Hi Team,

How apache writes to access_log or error log. Whether it opens File
Descriptor(FD) for each request/connection to write in log file.

Thanks
Hemant

Require directives

Hi,

Configuration question.

Apache version 2.4.23

What I am trying to do is have users authenticate but only allow access
to that authentication method from known IP ranges.

Domain level subdirectories needed

Hi Team,

We need to append multiple subdirectories and the content should be serve
from some other container where we proxied the request.

<VirtualHost *:80>
<Proxy *>
Order deny,allow
Allow from all
RewriteEngine On
RewriteRule ^(.*)$ <a href="https://domain.example.com" title="https://domain.example.com">https://domain.example.com</a> [R=301,L]
</Proxy>

</VirtualHost>

<VirtualHost *:443>
ServerName domain.example.com

<Proxy *>
Order deny,allow
Allow from all
</Proxy>

SSLEngine On
SSLProxyEngine On
SSLCertificateFile /etc/apache2/ssl/speedy.marriott.com.crt
SSLCertificateKeyFile

How modules are called during request processing phase

Hi All,

If I have two modules mod_A and mod_B. Both has defined a hook handler with
APR_HOOK_MIDDLE then which module will be called first to check handler.
Whether calling of module will be random for each request or it depends
which module is loaded first in httpd.conf.

Thanks
Hemant

mod_suexec with mod_userdir and fcgid (webapps in subdirs with separated user context)

Hello list,

I try to make web applications available in subfolders of one
VirtualHost, but each one in an isolated user context. All web apps are
PHP applications and I use mod_fcgid to run them.

Unfortunately, SuexecUserGroup is not not allowed in Directory context,
which would be by far the simples solution.

So to achieve my goal, I tried (and failed with) two different approaches:

1. Using mod_userdir together with mod_suexec
2.

Need Help in AB load testing with random query params.

Hi All ,

I need help in passing random inputs from a input file to apache benchmark
(abs) for load testing a URL :

I want to pass random inputs for load testing my search URL . Search texts
have to be read from an Input file and appended in the URL and send for the
AB load testing .

Eg.

a) Input file : text1 text2 text3

b) URL :- {{BaseURL}}/apps/{{ApplId}}/courses/search?query={{random text
from input file }}

I would like to hit this search URL with different/random texts present in
the input file .

Writting own module

Hi All,

I am writing my own module just to check process flow.

ProxyErrorOverride on with PHP-FPM

Hi,

I'm trying to get rid of the message

[proxy_fcgi:error] ... AH01071: Got error 'Primary script unknown\n'

in error logs (LogLevel notice) when proxying to an php-fpm daemon and
the requested php file doesn't exist.

php-fpm config in VirtualHost is

<FilesMatch "\.php$">
SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://foobar/"
</FilesMatch>

When I set "ProxyErrorOverride on" the error in browser changes from
"File not found." to "Not Found

The requested URL /bla.php was not found on this server."

In error.log is still get the "Primary script unknown" message.

Initial design ideas of AB tools to test the performance of Web Server

Hi,
I'm using AB tools , and I use the means to add concurrency to get
the accurate max value of RPS(request per second) ,while I found that with
the concurrency Increase, the latecy time increase , the RPS increase then
reduce . Do that mean the maximum value of RPS is the capacity of server?
If it is not correct, what's the initial design ideas of ab tools to test
the performance of Web Server?
English is not my native language; please excuse typing errors. And I
search the Internet but didn't find the systematic method to get the
performance of server.
Thanks~

Apache2.4 forward proxy ssl between client and proxy server

HI

I am looking for some help in configuring a forward proxy , the proxy has
to listing on HTTPS port , clients needs to.connect.

Error compile apache httpd-2.4.33

Dears, i try installing apache httpd-2.4.33 in debian8 but not work.

My httpd source code, in configure script, request the modules apr.

Need Help in AB load testing with random query params.

Hi ,How to pass random inputs from a input file to apache benchmark (abs)
for load testing a URL :

I want to pass random inputs for load testing my search URL . Search texts
have to be read from an Input file and appended in the URL and send for the
AB load testing .

Eg. a) Input file : text1 text2 text3 b) URL :-
{{BaseURL}}/apps/{{ApplId}}/courses/search?query={{random
text from input file }}

I would like to hit this search URL with different/random texts present in
the input file .

"Require valid-user" with multiple auth providers

I want to authenticate/authorize primarily via LDAP and require a specific group membership if authenticating this way.
However, if LDAP is not available, use the file provider to authenticate. If that's the case, any user authenticated via the file provider should be allowed.

Current config is as follows.

apache, git, and gitweb

Hello,

Does anyone have an apache 2.4 with git/gitweb setup going?

facing issue with building apache for latest version 2.4.33

Hi Team,

I am facing the issue while building apache on Window machine with the help of apache source code and got below error

[ 92%] Building C object CMakeFiles/mod_ssl.dir/modules/ssl/ssl_engine_init.c.obj
ssl_engine_init.c
C:\apacheBuild\apache2.4\build\httpd-2.4.33\modules\ssl\ssl_engine_init.c(33) : fatal error C1083: Cannot open include file: 'mod_md.h': No such file or directory
NMAKE : fatal error U1077: 'c:\PROGRA~2\MICROS~2.0\VC\bin\amd64\cl.exe' : return code '0x2'
Stop.

I did some investigation and found that with new version of apache we added a new module called mod_md which

LDAP not working

Hi all,

I have no idea what's going on and why my setup that's been working for
years suddenly stopped working so have to ask here after had done extensive
debugging.

Maybe something has changed in the ldap and/or authentication/authorization
modules but the effect is same on apache 2.2.22 and 2.4.18 -> I'm not
getting the basic authentication pop-up any more and the site access is
unprotected.

I have the following config enabled:

<IfModule mod_ldap.c>
<AuthnProviderAlias ldap ldap1>
AuthBasicAuthoritative off
AuthBasicProvider ldap
AuthLDAPURL ldap://
ldap1.domain.

Configuring httpd forward proxy to restrict destinations by subnet

I have an Apache httpd v2.2 server (on Centos 6) set up as a forward proxy
to get to a DMZ in a test lab environment. It is working, but I would like
to restrict destinations to specific subnets, both IPv4 and IPv6.

Apache build on Windows

Hi, I just joined the list.

I am trying to set up an Apache server from build on Windows as part of a
Ruby tutorial. I am stuck on PGP and wasn't sure if this would be the
correct place to ask: How do I verify a public key fingerprint? Or am I
using the wrong word?

Michael

awstats removing script path and authentication check

Hello,

I've got two questions both about running awstats in a multiple domain
setup on apache 2.4.

I've got the below block in each of my ssl-enabled virtual hosts that
use awstats. Everything is working. First of all can I get a
confirmation that my authentication and authorization settings are
good?

Second, currently I have to:

domain.com/awstats/awstats.pl

which does work.

processing cgi scripts

Hello,

Confusion, I am running Apache 2.4 and am being asked to process cgi
scripts in various languages.

apache 2.4 and automx configuration

Hello,

I'm trying to troubleshoot an automx error that it's giving me a 403
message, I'm using FreeBSD 11.1, and apache 2.4, and of course automx.
It's looking not like an automx-specific issue, but an apache-specific
issue.

Syndicate content