Apache responds in https, but only by test page, not my website


In order to switch from http to https, I have already obtained my SSL
certificates. But my problem is to run the Apache webserver (Server
version: Apache/2.4.23 (Fedora) with https (no problems with http).

Running cluster side commands via Apache CGI scripts


I am in a linux environment. In my python code, I am trying to do :
-["ls", "-l"])

This command is inside my CGI script. The script is called successfully,
but this command wont run.

How can I make the CGI script process server side commands ? Any special
modules to incorporate ?


Disable Autoindex module

Dear Experts

Hi I am new to Apache configuration.

Unreliable Fedora 26 installation using a kickstart file

Dear listers
I never had such an unreliable installation as the one for fedora 26. I
am a long time user of fedora (at least since 2003).

The HW here:
1. Workstation with two disks, each having its own fedora installation.
On each fedora bare-metal installation there is a fedora installation
under VirtualBox. All four installations are of MBR type.
2. Laptop with UEFI type installation.
There are 5 installations to be done.

My fedora installation:
I am an Xfce4 user, so i don't use any of the worksation spins of

Permission to enable CGI Scripts to do an I/O on the file system


I have written a python script that will spit out a log file. This python
script will be executed as a CGI script.

I am able to run the python program, but not able to make it write to an
output file. How can I enable Apache web server to do so ?


<a href="" title=""></a>

Best practice for mod_authn_dbd + postgresql; really SHA1?

Dear Experts,

I'm trying to determine the best way to implement Apache
authentication using mod_authn_dbd and PostgrSQL; my starting
point has been this documentation:

<a href="" title=""></a>
<a href="" title=""></a>
<a href="" title=""></a> (F.25.2)

It looks like my choices are:

1: Do the crypto in PostgreSQL.

wrong content-type in responses from Apache 2.4.16


Apache Version: 2.4.16
Problem: Apache responds with the wrong content-type header when file names have multiple extensions. Here is an example file name : grouped_user_todolist_js.xml.81494e1e4a606317a1079f21bd9e88e3.merged.js;mod=ca2fb907
Initial request for this resource is served by a proxy server and cached by mod_disk_cache. Subsequent requests returns the content-type as text/xml.

When we disable cache, the content-type is always returned by the proxy server correctly.

Satish Kandi

Access Control in 2.4 question

If all the necessary modules are installed, what would prevent this from working?

<Files "private.html">
Require all denied

mod_dav LOCK issues


I have configured WebDAV with Apache2 on a Ubuntu machine using the mods
dav, dav_fs and dav_lock.

Connecting to WebDAV folders works fine, from both Windows and Linux
clients. Even writing, modifying and deleting documents is possible.

Then only problem is when I try to save documents from Microsoft Word
2016 into a WebDAV folder. Word first creates the file on the server, but then following
error appears:

"There has been a network or file permission error.

Cannot troubleshoot php-fpm with apache


I am running httpd-2.4.6-45.el7.centos.x86_64 with
php-fpm-7.0.22-1.el7.remi.x86_64 (on CentOS 7).

My main problem: On this httpd server I have several vhosts running, but
apparently I am facing intermittent problems with php-fpm communication
on only one of them.

Most of the sites are WordPress or Joomla Applications (running with

Strange WebDAV behavior on MKCOL for 1 client only


I have Apache mod_dav running on Windows 2012.

When a webDAV enabled application connects and tries to MKCOL on a
directory that already exists, it receives an HTTP 400:

yyy.yyy.yyy.yy - username [07/Aug/2017:11:00:03 -0700] "MKCOL
/webdav/dir1/dir2/dir3/dir4/dir5/dir6/ HTTP/1.1" 400 226

However, all other clients are receiving an HTTP 405 when they issue a
MKCOL for a directory that already exists:

RewriteRule : Altering the current protocol

I have a configuration question regarding RewriteRule.

We have a SSL terminator in front of our Apache, which redirect traffic to different port based virtual host depending on which protocol the connection came from.
As a result, Apache is only responding to HTTP requests.

We have RewriteRule that perform relative 301 and 302 redirections.

Exemple: RewriteRule ^/deprecatedPage.html$ / [R=301,L,E=nocache:1]

According to the documentations:
"If a fully-qualified URL is specified (that is, including <a href="http://servername/" title="http://servername/">http://servername/</a>) then a redirect will be issued to that location.

Require local_subnet

Hi folks,

I would like to introduce access restrictions to some Direc-
tories based on the local subnet, similar to "Require local",
but looking at the currently assigned IPv6 prefix instead of
the local IP addresses.

Is this possible? I haven't found this feature documented or
requested in the bug tracker, but maybe I was too blind to

A static subnet configuration is not an option. I wouldn't
like to edit the apache config file again and again on each
new prefix delegation.

Apache upgrade error

Hi, After apgrading Apache RPM packages from 2.4.12 to 2.4.25 on AIX 6.1,
one apache instance is not working and error_log is getting filled with
below error messages.
However, other instance is working fine with no issues.

[Wed Aug 02 23:57:17.644430 2017] [http:error] [pid 23461910:tid 4627]
[client] AH02429: Response header name 'P3P:
policyref="/w3c/p3p.xml"' contains invalid characters, aborting request

[Wed Aug 02 23:57:20.713479 2017] [http:error] [pid 24510582:tid 4627]
[client] AH02429: Response header name 'P3P:
policyref="/w3c/p3p.xml"' contain

Apache + virtual hosts + php-fpm?

Looking at the php-fpm homepage …

<a href="" title=""></a>

it says this …

It was not designed with virtual hosting in mind (large amounts of pools) however it can be adapted for any usage model.

Are folks using Apache with numerous virtual hosts, still using mod_php as the preferred approach? With I assume prefork MPM?

How to use binary to run httpd in different location


I have ported apache on my machine. I have copied bin,lib.conf,modules,
htdocs,logs to another location. Now I want to run my apache in new
location with these things only.
I changed path in httpd.conig and apachectl of new location, but while
starting it is starting apache in old location.

For example :
I ported apache on /home/hemant ..
I copied bin,conf,logs,htdocs,modules to /home/rakesh and in httpd.config I
replace all path of /home/hemant to /home/rakesh and changed port also.

Apache 2.4.25 AIX rpms

I am installing Apache 2.4.25 on Aix 6.1. Can i ignore devel packages for
higher environments?
There are a bunch of devel rpms recommended in Bullfreeware.

Apache 2.4 on AIX 6.1

I am trying to install Apache 2.4.25 with openssl on AIX 6.1
Can you please let me know where can I find the official IBM RPM packages
1. Apache httpd 2.4.25
2. latest openssl
3. latest openssldevel

I tried AIX toolbox for Linux application IBM link but not able to find
openssl packages there.

WebDAV not working with Microsoft Windows


I have configured WebDAV with Apache2 on a Ubuntu machine using the mods
dav, dav_fs and dav_lock.

Connecting to WebDAV folders works fine, from both Windows and Linux
clients. Even writing, modifying and deleting documents is possible.

Then only problem is when I try to save documents from Microsoft Word
2016. Word first creates the file on the server, but then following
error appears:

There has been a network or file permission error.

Need help on CORS ( Cross Origin Resource Sharing ) Issue

Hello Team,

I need help on the CORS issue and what needs to be configured for the below

User receive CORS error when calling IGC with AJAX Javascript call from the

"Cross-Origin Request Blocked: The Same Origin Policy disallows reading the
remote resource at

Negative Pattern Matching with DirectoryMatch

Is there a way to ReDirect for all but a certain path?

That is, is some like this possible?

<DirectoryMatch "!^/somedir">
Redirect ......

I'm using 2.4.27.


graceful restarts

I, as a developer, have a question to you, the users of httpd:

For the Let's Encrypt support, the server will - if you enable it - generate keys and retrieve certificates. Once it has those, it needs to perform a graceful restart to configure itself anew with the new certificates. I assume that a certain time of day (or even time of week?) would be most desirable to configure for such a restart? Anything else?

Looking forward to hear from you. Cheers,


PS. To clarify: these are all features that you will need to configure.

access_log and split-logfile, vlogger, something else?

Is there a most frequently used tool for culling virtual host log files out of a single access_log file?

split-logfile? vlogger? Something else?


Apache 2.4.12 to 2.4.26 upgrade on AIX 6.1

I am new to Apache on AIX. We have a system where Apache 2.4.12 has been
installed on AIX 6.1. I need to upgrade it to latest 2.4.26. Looks like the
previous install was an RPM based install.
I need some help with upgrading Apache.

1. What is the best process to upgrade to Apache 2.4.26. Can I use compile
method instead of RPM which I am familiar with?
2. If I download latest RPM's from IBM and install them, will it not
overwrite the existing apache installation in /opt/freeware...
3. In Aix looks like apache install files will be in /opt/freeware under
several different directories.

Getting 'Fatal Handshake Failure' with WebDAV client


I've set up Apache 2.4.27 with mod_dav, running on Windows 2012 on an
Apache Haus build.

How to benchmark ChaCha20-Poly1305 capable websites using Apache Benchmark (ab) tool?

I'm trying to use 'ab' to do some performance benchmarks of my website after having made some performance tweaks.

Specifically, I'd like to test the difference in performance between the following cipher suites - all supported by my website:


The three commands that I've tried are:

ab -l -n 1000 -c 10 -H "Accept-Encoding: gzip, deflate, br" -Z ECDHE-RSA-AES128-GCM-SHA256 <a href="" title=""></a>
ab -l -n 1000 -c 10 -H "Accept-Encoding: gzip, deflate, br" -Z ECDHE-ECDSA-AES128-GCM-SHA256 <a href="" title=""></a>
ab -

Configuring Apache Web Server for SSL Operation

This article is written by Turritopsis Dohrnii Teo En Ming on 24 Jul
2017 Monday at 9:50 PM SGT

Using Apache 2.4.27 for Windows with VC 15 (Visual C++ 2017)

Step 1. Edit httpd.conf

LoadModule ssl_module modules/

LoadModule socache_shmcb_module modules/

Include conf/extra/httpd-ssl.conf

Step 2. Set Windows 10 environment variable

set OPENSSL_CONF=C:\Apache24\conf\openssl.cnf

Step 3. Execute openssl.exe

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout server.key
-out server.crt

Step 4.

Unexpected URLs in Apache 2.4 acce log file


I am running an Apage 2.4 server on Debian 8.

Recently, I have noticed that my access log file contains entries like: - - [24/Jul/2017:15:29:45 +0100] "GET <a href="http://px.*wangying06*" title="http://px.*wangying06*">http://px.*wangying06*</a>.
*com*/?bdc HTTP/1.0" 302 - "http://px.*wangying06*.*com*/?bdc" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1; SV1)" - - [24/Jul/2017:15:29:49 +0100] "GET <a href="http://*" title="http://*">http://*</a>
<>* HTTP/1.0" 302 - "http://*xtt111*.com/" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1; SV1)" - - [24/Jul/2017:15:29:53 +0100] "GET
<a href="http://*video-edge-c2b188.fra0" title="http://*video-edge-c2b188.fra0">http://*video-edge-c2b188.fra0</a>

Migrate webDAV on IIS to Apache?


I'm currently have IIS set up to run webDAV. Is it possible to migrate to
webDAV on Apache instead without losing any data?


Apache Struts Vulnerability - CVE-2017-9791

Hi All,

Can someone please confirm if Apache 2.4.10 is vulnerable to the CVE-2017-9791.
We came to know that Apache which is having Apache Struts version 2.3.x with Struts 1 plugin and Struts 1 action is highly vulnerable . If exploited, this vulnerability would allow a remote code execution attack.


This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential.

How to different SSLProtocol for each of the conf files

Hi All,

We have an Apache WebServer (2.2.15) setup on CentOS 6 where in httpd,conf
we have included conf.d/*.conf files which has configuration for all the
virtual hosts.

In conf.d we have respective .conf file for each of the virtual hosts like

abc_com.conf for
xyz_com.conf for


now I want to disable the TLSv1.0 and SSLv3 request only for one of this
virtual hosts, but even if i put the values like :

*SSLProtocol ALL -SSLv3 -SSLv2 -TLSv1 -TLSv1.1* in xyz_com.conf
file TLSv1.0 and 1.1 are still enabled for

to disable it, I have to put the same val

Crashes in CentOS 7

We got the following crash when under load:
*** Error in `/usr/sbin/httpd': double free or corruption (!prev):
0x00007f19a010cf80 ***
======= Backtrace: =========

Mod_http2 as static

Hi all

I want to load mod_http2 in my apache-2.4.25. I have installed nghttp2 also.
But my all others modules are shared i:e .so but my mod_http2 is creating
only static i:e .a

In my configure I have given --enable-mods-shared=all and

I tried with --enable-http2., also creating only static not dynamic.

Please help to create .so of http2.


Header directive to enable Cross Origin Resource Sharing

Hello Team,

Could you please assist me in adding Header directive in httpd.conf file?
Where I can add the below configuration in the file?

Header set Access-Control-Allow-Origin "*"

Thanks & Regards,

2.4.27 installed, no con fig change, but web site down!

I installed 2.4.27, along with the latest openssl. no config was changed,
but my server isn't serving.

I show no errors in the error log.

I will try to go back to previous versions to see if I can recover, but
wonder if anyone can guess what has happened.



Apache 2.4 access control question


This is on a ubuntu 16.04 LTS system running apache 2.4.18 (mpm_event) with php 7.0 running in php-fpm mode.

I wish to completely block access to a directory in my document root except to a set of ip addresses but it’s not working and I am trying to figure out what is happening.

How does Apache detects a stopped Tomcat JVM?

Hello Folks,

I am new to Apache httpd world and wanted to know more about it. :)

Reason I got interested in this is that, in our case, we are running
multiple Tomcat JVMs under a single Apache cluster. If we shut down
all the JVMs except one, sometime we get 503s. If we increase the
retry interval to 180(from retry=10), problem goes away. That bring me
to this question, how does Apache detects a stopped Tomcat JVM? If I
have a cluster which contains multiple JVMs and some of them are down,
how Apache finds that one out?

Apache server response very very slow from chrome/ firefox and works fine from Safari - User-Agent issue


We have a strange issue recently with Apache. When we request some webpages
(running on apache web server) from our server, if we make the request from
Safari, they are loaded instantly. If we load the web page from Chrome or
Firefox, it takes approximately 10 minutes to get the response. The same
behavior is observed with curl too. After much research, we found that if
the User-Agent header has "Mozilla" String in it, the requests are taking

How Apache starts is server


My apache is working with worker_mpm. I want to start my server as server
class, for this I need some changes.

I want to know how apache starts and reads which file. I found no line in
httpd.conf whcih tells or calls mpm_worker to start.

Please help in which way apache flows goes.


WebSockets support in transparent proxy

Hi Everyone,

Sorry if I've completely missed this but I'm hoping maybe someone can help with what I hoped would be a simple setup. I'm setting up a proxy server on an edge node of a private network in order to expose a number of internal services within the private side to the public side through the proxy. This method works well for most traffic. Unfortunately, a number of requests are initiating websocket connections using the upgrade method.

Subdomain of a virtual host ?

I have a virtual host configured for complete with directory definitions and redirects. I now have a request for and they would like the same abilities for the subdomain. I’m unsure as to how to make this work or if this is even possible. I am looking for help, suggestions?

Darryl Baker
Sr. System Administrator
Distributed Application Platform Services
Northwestern University
darryl. ... at northwestern dot edu<mailto:darryl. ... at northwestern dot edu>




I want to download a different file from apach not just the two files that
came in 'htdocs' folder (apachehaus.ico , index.html ) ... what i need
to do?



virtual host double slash effect, need solution


I'm running Apache 2.4 on a FreeBSD 10.3 system, with several virtual
hosts. My goal is to have all of them completely ssl, except for the
.well-known area needed for letsencrypt.

I'm getting a double slash effect,

for example

and similar for other virtual hosts.

Kill Parent Process


I tried two scenarios with httpd-2.4.25 on my machine. My apache has
Case -1 :
I killed one process other than Parent process then new process is created
by apache at same time and there is no effect on requests accept by apache.

I killed parent process then all processes become zombie processes and
apache stops handling processes.

Is there any way so that if my parent process crashes then still apache
works properly and assign new parent process.


disk cache setup


Wondering about disk cache setup?

CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
all versions through 2.2.33 and 2.4.26

The value placeholder in [Proxy-]Authorization headers
of type 'Digest' was not initialized or reset
before or between successive key=value assignments.
by mod_auth_digest
Providing an initial key with no '=' assignment
could reflect the stale value of uninitialized pool
memory used by the prior request, leading to leakage
of potentially confidential information, and a segfault

All users of httpd should upgrade to 2.4.27 (or minimally
2.2.34, which w

CVE-2017-9789: Read after free in mod_http2

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
httpd 2.4.26

When under stress, closing many connections, the HTTP/2
handling code would sometimes access memory after it has
been freed, resulting in potentially erratic behaviour.

2.4.26 users of mod_http2 should upgrade to 2.4.27.

The Apache HTTP Server security team would like to thank Robert Święcki
for reporting this issue.

<a href="" title=""></a>

RewriteRule in .htaccess disables directive AddInputFilter DEFLATE from httpd.conf

I have configured my apache installation to accept a gzipped body on
http requests.

Server status - meaning of Reading Request state

Hello there!

On our Apache 2.2.23 server-status page we can see many requests in

"*R*" Reading Request

Currently I'm not looking for the reasons behind, at the moment I just want
to make sure the meaning of this status is correctly interpreted by us.
Was no able to find a more verbose description about all the statuses than
the server-status page itself explains it (1-6 words), so decided to ask
more experienced Apache users.

rpmbuild of httpd-2.4.27 is successful


I would like to report the rpmbuild of httpd-2.4.27 has been finished
beautifully and successfully on CentOS Linux release 7.3.1611.

Thank you all for the efforts to release this.

Yours truly,
Kazuhiko Kohmoto

Apache HTTP Server 2.2.34 Released

July 11, 2017

The Apache Software Foundation and the Apache HTTP Server Project
announce the release of version 2.2.34 of the Apache HTTP Server
("Apache"), the final maintenance release of the 2.2 series. No
further 2.2 releases are anticipated. This version of Apache is
principally a security and bug fix maintenance release.

We consider the current Apache HTTP Server 2.4 release to be the best
version of Apache available, and encourage every user of 2.2 and all
prior versions to upgrade.

RE: [users@httpd] Apache (2.4.26) changing permissions on passed file?

Is the file owned by the user running Apache?

Darryl Baker

I wonder if someone can shed some light on this.

I've been running Apache 2.4.7 on Ubuntu 14.04LTS using a VirtualHost with a passwd file and all was working fine. I upgraded Apache to 2.4.26 and the site stopped working.

Apache (2.4.26) changing permissions on passwd file?

I wonder if someone can shed some light on this.

I've been running Apache 2.4.7 on Ubuntu 14.04LTS using a VirtualHost
with a passwd file and all was working fine. I upgraded Apache to 2.4.26
and the site stopped working. The error being logged is:

[Tue Jul 11 20:58:27.722904 2017] [authn_file:error] [pid 3403]
(13)Permission denied: [client ::1:37626] AH01620: Could not open
password file: /etc/stm/passwd

Sure enough, when I check /etc/stm/passwd its permissions have been
changed from 644 to 600. When I change them back, everything starts

mod_proxy performance with IIS

I had an httpd 2.2 (under Centos 6) with mod_proxy forwarding requests to
an IIS 7.5 in HTTPS. I replaced it with an httpd 2.4 (Centos 7) and I
expected a huge increase in performance due to the connection pooling on
the back but it only increased by 10%.

Doing the same test with an httpd back-end leads to 50% increase.

Any idea why IIS behaves this way? Can we change anything on IIS (or httpd)?

Remark: proxy-nokeepalive is not defined

Thanks a lot

Apache HTTP Server 2.4.27 Released

Apache HTTP Server 2.4.27 Released

July 11, 2017

The Apache Software Foundation and the Apache HTTP Server Project
are pleased to announce the release of version 2.4.27 of the Apache
HTTP Server ("Apache"). This version of Apache is our latest GA
release of the new generation 2.4.x branch of Apache HTTPD and
represents fifteen years of innovation by the project, and is
recommended over all previous releases. This release of Apache is
a security, feature, and bug fix release.

Potential Feature Request for FrontControllers

Before I open an official request I would like to heard the opinion of
people on this list.

I have project who run with a single FrontController which means all routes
are dynamic and sent to a single PHP page. While we might debate if this is
a good idea or not, I find it extremely powerful for multi-lingual website
without having to duplicate file structure.

One problem I am having is overwriting PHP values. Because I mod_rewrite,
Apache seems to lose track of the location and it's impossible to overwrite
at this level.

need help


I have a fault with multi-processing modules in httpd-2.4.25 compilation
on CentOS 7.3.1611. I want to compile httpd with --with-mpm=event module
loaded dynamically but I'm getting a fault below after starting httpd

Problem with Redirect


I am using Apache 2.4.18 on a 64 bit Linux box. I am serving several
different URL's via VirtualHost. All is working well except a single,
unique case. In the case with the problem, I am attempting to redirect a
URL to an external URL. All the cases that work, I am hosting the site,
but not in this one case.

Naturally, I own the domain name. The DNS points to my server, but I want
it redirected to a site I pay for but isn't hosted by my machine.

apache 2.4 and php on Freebsd

Is anyone running Apache 2.4 and mod_php (either 5.6 or 7.0)?

Despite many times building out of ports or manually, I cannot get apache to launch successfully with php enabled. Is there something else I can do to get php working?

I can get apache to load with mod_php56, but loading php pages results in filter_var errors despite filter being definitely installed.

# php -m | grep filter

conditional expression looking for another virtualhost entry


I am modifying a template in virtualmin. I want to have in a <virtualhost *:80> section something to the effect of:

“if there is a <virtualhost *:443> section with the same servername directive
redirect permanent / https://<servername>

So basically I want apache to figure out if there is another virtualhost and enable an entry based on that.

Does that make sense?


Jason Brooks Systems Administrator
eROI Performance is Art.

m: 505 nw couch #300 w: <>
t: 503.290.3105 f: 503.228.4249

fb: <>

Syndicate content