RE: [EMAIL PROTECTED] and deny directives

[Boyle Owen]

> -Original Message-
> From: Mark A. Craig [mailto:[EMAIL PROTECTED] 
> >>
> >> 
> >>Options None
> >>AllowOverride None
> >>#Order allow,deny
> >>#Allow from all
> >>order deny,allow
> >>deny from .svservers.com

This is just a guess, but I wouldn't put in the leading dots in the
domain names, if I were you. It's not done like that in the docs and, if
I guess rightly (without bothering to check the code), apache just does
a DNS lookup on the "deny from" argument. If so, then it will not
resolve with a leading dot.


> >>deny from .static.theplanet.com
> >>deny from .goo.ne.jp
> >>deny from .cable.casema.nl
> >>deny from -xbox.dedi.inhoster.com

Also, partial matches won't work (so say the docs).

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

> >>deny from .knology.net
> >>deny from .pppoe.mtu-net.ru
> >>deny from .barak-online.net
> >>deny from .barak.net.il
> >>deny from .keymachine.de
> >>deny from .hostingprod.com
> >>deny from .client.bresnan.net
> >>deny from 210.240.
> >>deny from .dsl.ip.tiscali.nl
> >>deny from .qwerty.ru
> >>deny from .t-ipconnect.de
> >> 
> >>
> >> There's only one problem: it's not working!  The log still shows 
> >> visits from these hostnames.  What am I missing?  Do I need to add 
> >> "/*" to the end of the  directive, or do subdirectories 
> >> implicitly inherit the same directives?
> >>
> >> Mark
> >>
> >>
> >>
> > 
> > you should use
> > 
> > Order allow,deny
> > Allow from all
> > 
> > instead of
> > 
> > order deny,allow
> > 
> 
> 
> -
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
 
 
This message is for the named person's use only. It may contain confidential, 
proprietary or legally privileged information. No confidentiality or privilege 
is waived or lost by any mistransmission. If you receive this message in error, 
please notify the sender urgently and then immediately delete the message and 
any copies of it from your system. Please also immediately destroy any 
hardcopies of the message. You must not, directly or indirectly, use, disclose, 
distribute, print, or copy any part of this message if you are not the intended 
recipient. The sender's company reserves the right to monitor all e-mail 
communications through their networks. Any views expressed in this message are 
those of the individual sender, except where the message states otherwise and 
the sender is authorised to state them to be the views of the sender's company.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] and deny directives

[Mark A. Craig]

Owen:

Actually, the partial matches do seem to work... see my reply to Joshua.  It's 
only the first DENY that I can clearly see doesn't work (so far).  I got the 
idea to do it that way from this page (see about mid-page):


http://www.hostingmanual.net/other/htfun.shtml

Mark

 Original Message  
Subject: Re: [EMAIL PROTECTED]  and deny directives
From: Boyle Owen <[EMAIL PROTECTED]>
To: users@httpd.apache.org
Date: Friday, September 14, 2007 12:07:41 AM


-Original Message-
From: Mark A. Craig [mailto:[EMAIL PROTECTED] 


   Options None
   AllowOverride None
   #Order allow,deny
   #Allow from all
   order deny,allow
   deny from .svservers.com


This is just a guess, but I wouldn't put in the leading dots in the
domain names, if I were you. It's not done like that in the docs and, if
I guess rightly (without bothering to check the code), apache just does
a DNS lookup on the "deny from" argument. If so, then it will not
resolve with a leading dot.



   deny from .static.theplanet.com
   deny from .goo.ne.jp
   deny from .cable.casema.nl
   deny from -xbox.dedi.inhoster.com


Also, partial matches won't work (so say the docs).

Rgds,
Owen Boyle





   deny from .knology.net
   deny from .pppoe.mtu-net.ru
   deny from .barak-online.net
   deny from .barak.net.il
   deny from .keymachine.de
   deny from .hostingprod.com
   deny from .client.bresnan.net
   deny from 210.240.
   deny from .dsl.ip.tiscali.nl
   deny from .qwerty.ru
   deny from .t-ipconnect.de


There's only one problem: it's not working!  The log still shows 
visits from these hostnames.  What am I missing?  Do I need to add 
"/*" to the end of the  directive, or do subdirectories 
implicitly inherit the same directives?


Mark




you should use

Order allow,deny
Allow from all

instead of

order deny,allow






-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Dummy threads

[Odile Bénassy]

Hello,

I'm currently trying to port glasnost CMS on Apache2 and encounter
issues related to Dummy Threads

Here is my test.py file (I use it as a mod python handler):

--%<
#!/usr/bin/env python

import threading
from mod_python import apache

def handler(req):
thread = threading.currentThread()
r = req.the_request
req.content_type = "text/plain"
req.write("Bonjour!")
req.write("\n")
req.write(r)
req.write("\n")
req.write(repr(thread))
return apache.OK

--%<

As you can see, it is a rather minimal handler.

At first it renders:

--%<
Bonjour!
GET / HTTP/1.1
<_MainThread(MainThread, started)>
--%<

but if I call any URL more than 3 or 4 times in a row, I get this on the
browser

-%<
Bonjour!
GET / HTTP/1.1
<_DummyThread(Dummy-1, started daemon)>
--%<

Can you help me figuring out why this dummy & annoying thing is happening?

Thanks in advance,

-- 
Odile Bénassy
http://www.ofset.org
http://gnuedu.ofset.org

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Troubles with php5_apache2.dll

[Ersin Ersin]

Hello

I'm really mad with php 5.1.2. under apache 2.0. (OS Windows XP SP2) with mysql 
connection.
When I start apache as apache.exe, everything works fine. So I think that 
everything is well configurated.
But when I install apache service (using "apache.exe -k install") a then try to 
run it, I get an error "couldn't find module "C:\php\ext\php_mysql.dll". But of 
course, this file on this place exists. Finally, It has worked, when it was run 
as a program, not as a service.

Any idea, what is bad?

I appreciative any response.

Ersin

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] building httpd 2.2.4 for PPC on Intel Mac

[Vincent Bray]

On 14/09/2007, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> but when I try "sudo apachectl start", I get no httpd processes, and
> this message in my error log:
>
>
> "[emerg] (14)Bad address: Couldn't set permissions on
> cross-process lock; check User and Group directives"
>
> The default User and Group directives use daemon. I tried creating my
> own user account and plugging in that user/group in place of daemon,
> but I get the same result.

I've never seen this error message before. Grepping the code shows
that it's related to an inability to create the accept lock. As a
guess then, does changing the value of AcceptMutex make any
difference?

http://httpd.apache.org/docs/2.2/mod/mpm_common.html#acceptmutex

-- 
noodl

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Load balancing question

[James Sherwood]

Hello,

We are currently trying to increase the amount of hits our system can handle 
without buying hardware loadbalancers etc.


Our current setup is:

Server 1: Apache, DB, 2 Tomcats
Server2: 1 Tomcat
Server3: 2 Tomcats

We use the apache on server 1 to loadbalance across all tomcats using modjk.

The lbfactors are:
Server1:50
Server2:100
Server3:100

We have stressed the system to failure using WebLOAD from an outside source 
and cannot find the bottleneck.


All perfmons show nothing being stressed above acceptable levels.

We THINK its the actual internet connection which at this point is only 5mb 
but is being upped to 10mb is the bottleneck.


We also have the problem of once the load stops, the sites are still down 
but Apache/tomcats still seem to be running fine.  A restart of either(not 
even both) fixes the sites.


Any ideas what we are doing wrong?

Thanks in advance,
James



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] building httpd 2.2.4 for PPC on Intel Mac

[zdbwo]

I'm trying to build httpd 2.2.4 on an Intel Mac as a PPC binary. I'm  
doing this so that I can build a PHP module with Oracle support.  
Because Oracle has only released PPC libraries, I have to compile  
PPC-only apps if I want to use them. Otherwise, ld complains that the  
architecture is different between the executable and the library.


At any rate, compiling works:

$ CPPFLAGS="-arch ppc" LDFLAGS="-arch ppc" ./configure
--build=ppc-apple-darwin8.10.2

but when I try "sudo apachectl start", I get no httpd processes, and  
this message in my error log:



"[emerg] (14)Bad address: Couldn't set permissions on
cross-process lock; check User and Group directives"

The default User and Group directives use daemon. I tried creating my  
own user account and plugging in that user/group in place of daemon,  
but I get the same result.


Has anybody else encountered this? Do you have any hints?

Thanks,

zak.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] and deny directives

[Joshua Slive]

On 9/14/07, Mark A. Craig <[EMAIL PROTECTED]> wrote:
> Joshua:
>
> Thanks for the quick and comprehensive reply.  Lemme address everything in 
> order:
>
> 1. Whatcha mean by "the config is inherited"?  Did you mean to address my
> question about sub-directories?  I suspect so, but if not please clarify.
>
> 2. The status codes are in fact mostly 403s, but not ALL... some that match my
> deny directives, notably ".svservers.com", are still being allowed with 200s.
> The 403s that are occurring could also be the result of the http:BL module in
> the blog software itself, which checks the IPs of attempted commenters against
> the Project Honeypot DNS blacklist and bounces them with a 403 if the IP is a
> match (there's a lot of 403s for hostnames not in my little DENY list).  At
> least that's the only explanation I can imagine for the inconsistency.
>
> My goal here is to nail the spammy GETs; at first I'd considered a 
> directive, but I couldn't figure out where/how to apply it and so resorted to
> this current technique.

Don't use . See the docs on  for why that would be a mistake.

Your config looks basically correct. But of course, other things in
your config file could be overriding it. If you replace all those Deny
directives with a "Deny from all", do you block all access? If not,
then either you aren't editing the correct place in the config file,
or you are overriding this config someplace else (such as in a
 section).

Another likely issue is your use of hostnames. The hostnames that are
getting the 200 response above have messed-up reverse lookups. (The
domain you get when looking up the IP address does not map back to
that IP address.) Although I haven't checked the code, it is possible
that apache is ignoring those ones because it can't confirm whether or
not the client is really in that domain.

In general, it is better to use IP addresses for blocking instead of domains.

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Try to find a solution, when restart Apache with PHP Script

[Rodolfo De Nadai]

Hi all...

I'm facing a serious problem with my application. I have a script in PHP 
that starts in Internet Explorer, this script keep on running until a 
varible value change on my MySQL database.
The problem is that when i restart Apache, the process child initalized 
isn't kill... then the apache can't be start because the script is used 
the port 80.


To solve my problem, without change anything, the best would be that 
when i execute the script, it run on other port than the default 80... 
so this way apache could start...
The is a way to redirect through apache a script to run on a diferent 
port?? Like change some line, or add on conf files??


thanks ... for any info

PS: Sorry for english errors... i'm not from USA or England

--
* Rodolfo De Nadai *
* Analista de Sistema Jr. - Desenvolvimento *




*Informática de Municípios Associados S.A.*
Seu governo mais inteligente
[EMAIL PROTECTED]   - 
www.ima.sp.gov.br 
Fone: (19) 3739-6000 / Ramal: 1307 



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Load balancing question

[AFrieze]

We also have the problem of once the load stops, the sites are still 
down but Apache/tomcats still seem to be running fine.  A restart of 
either(not even both) fixes the sites.

A guess

 Your apache server is not releasing connections.  If you are running 
linux, type  "netstat -vat" into a terminal on your apache machine, 
before and after you hit your server.  See if the connections are being 
released.


You could also try typing "ps -e | grep "httpd"" to see how many apache 
processes are being run before/after.  Look in the apache error log, 
etc.  You might find a clue like "MaxClients reached"


Question
Are you able to log into all your tomcats(through port 8080) independent 
of apache and get served requests?  Can you log onto apache and get a 
statically served page?


Cheers
AFrieze

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] ProxyPass issues

[Nick Powers]

Hey Jeff,

  When I simultaneously send ping packets I lose none and I should note that I 
only lose the images for my pages. All data and links come up but I get no 
images. If I hit refresh the page comes up fully. Here is my config:

ProxyPass /index.php http://backend.ca/default.aspx retry=1
ProxyPassReverse /index.php http://backend.ca/default.aspx

ProxyPassReverseCookieDomain backend.ca www.frontend.ca 
ProxyPassReverseCookiePath / /

SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1

SSLProxyEngine On

RewriteEngine on
RewriteRule ^/secure/(.*)$ https://www.frontend.ca/secure/$1 [R,L]

I sniffed the traffic using Wireshark/Ethereal and nothing looked out of the 
ordinary. It just looks like the images are taking longer to come up than the 
text. 

Thanks,

Nick



>>> "Jeff Beard" <[EMAIL PROTECTED]> 12/09/2007 5:56 pm >>>
Looks to me like it's an issue with the backend server not Apache. Have you
validated that the IIS server is responding to requests within the timeout
period when the problem is manifesting itself? A simple test would be to use
wget from the Linux host to the IIS server when you see the problem. 


Cheers,

Jeff


> -Original Message-
> From: Nick Powers [mailto:[EMAIL PROTECTED] 
> Sent: Wednesday, September 12, 2007 2:08 PM
> To: users@httpd.apache.org 
> Subject: [EMAIL PROTECTED] ProxyPass issues
> 
> Hello All,
> 
>   We currently have in place a dual web server environment with a Redhat
> ES4/Apache 2.2.2 server using proxypass commands to send requests to our
> internal IIS server. We are experiencing periodic lost in connectivity to
> our IIS server from the Redhat proxy server. In the logs we see:
> 
> [Wed Sep 12 15:14:07 2007] [error] (110)Connection timed out: proxy: HTTP:
> attempt to connect to xxx.xxx.xxx.xxx:80 (www.backend.ca) failed
> [Wed Sep 12 15:14:07 2007] [error] ap_proxy_connect_backend disabling
> worker for (www.backend.ca)
> [Wed Sep 12 15:14:14 2007] [error] proxy: HTTP: disabled connection for
> (www.backend.ca)
> [Wed Sep 12 15:14:16 2007] [error] proxy: HTTP: disabled connection for
> (www.backend.ca)
> [Wed Sep 12 15:14:17 2007] [error] proxy: HTTP: disabled connection for
> (www.backend.ca)
> [Wed Sep 12 15:14:19 2007] [error] proxy: HTTP: disabled connection for
> (www.backend.ca)
> [Wed Sep 12 15:14:22 2007] [error] proxy: HTTP: disabled connection for
> (www.backend.ca)
> 
> When viewing the web pages during this time, the content is there but the
> images are missing.
> 
> Any thoughts, anyone else experience this?
> 
> Thanks,
> Nick
> 
> 
> 
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED] 
>"   from the digest: [EMAIL PROTECTED] 
> For additional commands, e-mail: [EMAIL PROTECTED] 



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED] 
   "   from the digest: [EMAIL PROTECTED] 
For additional commands, e-mail: [EMAIL PROTECTED] 



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] My Alias stopped working.

[Rachel Anderson-Barrios]

Hi,

I have seen many questions from Google about the error_log and apache
configuration, but nothing similar to the problem I'm experiencing.

The machine and configuration was working until it was moved onto a
different network, now I'm getting the following error in the error_log
file:


[Fri Sep 14 01:04:34 2007] [error] [client ***.***.***.**] File does not
exist: /home/httpd/riskanalyticsinc/ramain/jag
[Fri Sep 14 01:05:41 2007] [error] [client ***.***.***.**] File does not
exist: /home/httpd/riskanalyticsinc/ramain/clients


I had gone to http://my.domain.com/jag and http://my.domain.com/clients

This is part of my http.conf file:


DocumentRoot "/home/httpd/riskanalyticsinc/ramain"





ServerAdmin [EMAIL PROTECTED]
DocumentRoot /home/httpd/riskanalyticsinc/ramain
ServerName marcodev
JkMount /*.xsp ajp13
JkMount /*.xxsp ajp13
JkMount /*.xml ajp13
Alias /clients "/home/httpd/riskanalyticsinc/clients"
Alias /ramain "/home/httpd/riskanalyticsinc/ramain"
Alias /jag "/home/httpd/riskanalyticsinc/jag"




ServerAdmin [EMAIL PROTECTED]
DocumentRoot /home/httpd/riskanalyticsinc/ramain
ServerName localhost
Alias /jag "/home/httpd/riskanalyticsinc/jag"
Alias /clients "/home/httpd/riskanalyticsinc/clients"
Alias /ramain "/home/httpd/riskanalyticsinc/ramain"



Options Includes FollowSymLinks
AllowOverride None
Order deny,allow
Allow from all



AllowOverride None
deny from all



However, if I goto http://my.domain.com (which is the ramain project) I
get and unformatted XSP page from index.xsp :

This XML file does not appear to have any style information
associated with it. The document tree is shown below.



Any help would be greatly appreciated!

Sincerely,
-Rachel Barrios



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] and deny directives

[Mark A. Craig]

Joshua:

I see what you mean about the rDNS, though perversely it was the svservers.com 
case that drove me to use partial hostnames in the first place, because they 
lease from multiple IP blocks from multiple sources, and I've been getting spam 
recon from all of them, so I thought I could kill all the birds with just the 
one hostname stone.  It seemed intuitive at the time  As of last night, I 
have another instance just like it, a different partial hostname from my list 
that passes thru, apparently because the actual IP address doesn't fall in the 
returned IP range when an rDNS *on just the primary domain* is performed.  I 
think you're right.


One way to test it: substitute partial IP addresses, to represent each of the 
leased IP blocks.  It's more work, but I'll see what happens.  It would sure be 
nice if the code didn't pull a non-intuitive stunt like this, though!  If the 
DNS lookup resolves to the specified *partial* hostname, it should act on it, 
not second-guess it with an rDNS like this.


Mark

 Original Message  
Subject: Re: [EMAIL PROTECTED]  and deny directives
From: Joshua Slive <[EMAIL PROTECTED]>
To: users@httpd.apache.org
Date: Friday, September 14, 2007 06:06:13 AM


On 9/14/07, Mark A. Craig <[EMAIL PROTECTED]> wrote:

Joshua:

Thanks for the quick and comprehensive reply.  Lemme address everything in 
order:

1. Whatcha mean by "the config is inherited"?  Did you mean to address my
question about sub-directories?  I suspect so, but if not please clarify.

2. The status codes are in fact mostly 403s, but not ALL... some that match my
deny directives, notably ".svservers.com", are still being allowed with 200s.
The 403s that are occurring could also be the result of the http:BL module in
the blog software itself, which checks the IPs of attempted commenters against
the Project Honeypot DNS blacklist and bounces them with a 403 if the IP is a
match (there's a lot of 403s for hostnames not in my little DENY list).  At
least that's the only explanation I can imagine for the inconsistency.

My goal here is to nail the spammy GETs; at first I'd considered a 
directive, but I couldn't figure out where/how to apply it and so resorted to
this current technique.


Don't use . See the docs on  for why that would be a mistake.

Your config looks basically correct. But of course, other things in
your config file could be overriding it. If you replace all those Deny
directives with a "Deny from all", do you block all access? If not,
then either you aren't editing the correct place in the config file,
or you are overriding this config someplace else (such as in a
 section).

Another likely issue is your use of hostnames. The hostnames that are
getting the 200 response above have messed-up reverse lookups. (The
domain you get when looking up the IP address does not map back to
that IP address.) Although I haven't checked the code, it is possible
that apache is ignoring those ones because it can't confirm whether or
not the client is really in that domain.

In general, it is better to use IP addresses for blocking instead of domains.

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Apache Modules and Libraries

[Aaron Smith]

When apache loads a module, does it use any environment variables to
locate it's libraries?  If so..what?  I have an install of apache 2.0.55
on HP-UX 11.11.  It was compiled with mod_ldap.so and mod_auth_ldap.so.
The OpenSSL libraries that were used during the compile of apr,
apr-util, and httpd have a funky link in them that starts with a "./".
If you start httpd, it says it can't find the SSL library.  Setting the
SHLIB_PATH environment fixes that, but then it throws this error:

 

Syntax error on line 191 of /opt/apache3/conf/httpd.conf:

Cannot load /opt/apache3/modules/mod_ldap.so into server: Unresolved
external

 

I'm thinking they're related as the mod_auth_ldap.so uses SSL so it's
probably trying to find the SSL libraries somehow.  I just need to
figure out how to tell it where they are.

 

Aaron

Re: [EMAIL PROTECTED] Load balancing question

[James Sherwood]

Hello,

Everything is Windows2003 Server.

After the load we cannot load pages either through apache or by contacting 
tomcat directly.


I beleive you are on the right path tho, about connections not getting 
released, thats what I figure it is too but I do not know how to fix it.


Thanks,
James


- Original Message - 
From: "AFrieze" <[EMAIL PROTECTED]>

To: 
Sent: Friday, September 14, 2007 12:02 PM
Subject: Re: [EMAIL PROTECTED] Load balancing question






We also have the problem of once the load stops, the sites are still down 
but Apache/tomcats still seem to be running fine.  A restart of 
either(not even both) fixes the sites.

A guess

 Your apache server is not releasing connections.  If you are running 
linux, type  "netstat -vat" into a terminal on your apache machine, before 
and after you hit your server.  See if the connections are being released.


You could also try typing "ps -e | grep "httpd"" to see how many apache 
processes are being run before/after.  Look in the apache error log, etc. 
You might find a clue like "MaxClients reached"


Question
Are you able to log into all your tomcats(through port 8080) independent 
of apache and get served requests?  Can you log onto apache and get a 
statically served page?


Cheers
AFrieze

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


__ NOD32 2529 (20070913) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com





-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] and deny directives

[Joshua Slive]

On 9/14/07, Mark A. Craig <[EMAIL PROTECTED]> wrote:
>  It would sure be
> nice if the code didn't pull a non-intuitive stunt like this, though!  If the
> DNS lookup resolves to the specified *partial* hostname, it should act on it,
> not second-guess it with an rDNS like this.

Yes, it is non-intuitive. But on the other hand, it is much more
common to use hostnames for Allow directives than for Deny directives
(since the hostname is often under the control of the attacker). You
MUST check the forward and reverse for Allow directives, or else they
would be worthless. And then it could potentially cause even more
confusion if the Allow and Deny directives matched differently.

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] and deny directives

[Joshua Slive]

On 9/14/07, Mark A. Craig <[EMAIL PROTECTED]> wrote:
>  It would sure be
> nice if the code didn't pull a non-intuitive stunt like this, though!  If the
> DNS lookup resolves to the specified *partial* hostname, it should act on it,
> not second-guess it with an rDNS like this.

Yes, it is non-intuitive. But on the other hand, it is much more
common to use hostnames for Allow directives than for Deny directives
(since the hostname is often under the control of the attacker). You
MUST check the forward and reverse for Allow directives, or else they
would be worthless. And then it could potentially cause even more
confusion if the Allow and Deny directives matched differently.

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Permissions dilemma in the /var/log/httpd directory

[Mukarram Syed]

Hi,
Here is my dilemma and I'd appreciate some help.
Apache has been configured and is running fine.  But other users need read 
permissions to the /var/log/httpd directory.
Before I implemented cronolog (www.cronolog.org), I forced a permissions change 
to 755 in the startup script for the /var/log/httpd directory.  After I 
implemented cronolog this does not work, since cronolog automatically changes 
permissions to 400.
Is there a way to force permissions to 644 at least in the httpd.conf file and 
keep it that way even after cronolog rotates logs.
I could implement chmod -R 755 /var/log/httpd via cron at midnight, but this is 
a crude way of doing thing.  I hope there is a better, elegant way, via Apache.

I again appreciate any inputs to this.

thanks

# mukarram syed



Mukarram Syed
[EMAIL PROTECTED]
   
-
Fussy? Opinionated? Impossible to please? Perfect.  Join Yahoo!'s user panel 
and lay it on us.

Re: [EMAIL PROTECTED] Permissions dilemma in the /var/log/httpd directory

[Dan_Mitton]

Have you tried setting the umask in your apache startup script?  I'm 
running on Sun Solaris and I've used ACL's to get the permissions I want.

Dan



Please respond to users@httpd.apache.org

To: users@httpd.apache.org
cc:  (bcc: Dan Mitton/YD/RWDOE)
Subject:[EMAIL PROTECTED] Permissions dilemma in the /var/log/httpd 
directory
LSN: Not Relevant
User Filed as: Not a Record

Hi,
Here is my dilemma and I'd appreciate some help.
Apache has been configured and is running fine.  But other users need read 
permissions to the /var/log/httpd directory.
Before I implemented cronolog (www.cronolog.org), I forced a permissions 
change to 755 in the startup script for the /var/log/httpd directory. 
After I implemented cronolog this does not work, since cronolog 
automatically changes permissions to 400.
Is there a way to force permissions to 644 at least in the httpd.conf file 
and keep it that way even after cronolog rotates logs.
I could implement chmod -R 755 /var/log/httpd via cron at midnight, but 
this is a crude way of doing thing.  I hope there is a better, elegant 
way, via Apache.

I again appreciate any inputs to this.

thanks

# mukarram syed



Mukarram Syed
[EMAIL PROTECTED]
 Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user 
panel and lay it on us. 



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Permissions dilemma in the /var/log/httpd directory

[Mukarram Syed]

I'll try that.
Thanks.

[EMAIL PROTECTED] wrote: Have you tried setting the umask in your apache 
startup script?  I'm 
running on Sun Solaris and I've used ACL's to get the permissions I want.

Dan



Please respond to users@httpd.apache.org

To: users@httpd.apache.org
cc:  (bcc: Dan Mitton/YD/RWDOE)
Subject:[EMAIL PROTECTED] Permissions dilemma in the /var/log/httpd 
directory
LSN: Not Relevant
User Filed as: Not a Record

Hi,
Here is my dilemma and I'd appreciate some help.
Apache has been configured and is running fine.  But other users need read 
permissions to the /var/log/httpd directory.
Before I implemented cronolog (www.cronolog.org), I forced a permissions 
change to 755 in the startup script for the /var/log/httpd directory. 
After I implemented cronolog this does not work, since cronolog 
automatically changes permissions to 400.
Is there a way to force permissions to 644 at least in the httpd.conf file 
and keep it that way even after cronolog rotates logs.
I could implement chmod -R 755 /var/log/httpd via cron at midnight, but 
this is a crude way of doing thing.  I hope there is a better, elegant 
way, via Apache.

I again appreciate any inputs to this.

thanks

# mukarram syed



Mukarram Syed
[EMAIL PROTECTED]
 Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user 
panel and lay it on us. 



-
The official User-To-User support forum of the Apache HTTP Server Project.
See  for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




Mukarram Syed
[EMAIL PROTECTED]
   
-
Looking for a deal? Find great prices on flights and hotels with Yahoo! 
FareChase.

Re: [EMAIL PROTECTED] Permissions dilemma in the /var/log/httpd directory

[Mukarram Syed]

I think that worked!
Just by adding umask 022 in apachectl startup script and restarting apache.

Thanks


Mukarram Syed <[EMAIL PROTECTED]> wrote: I'll try that.
Thanks.

[EMAIL PROTECTED] wrote: Have you tried setting the umask in your apache 
startup script?  I'm 
running on Sun Solaris and I've used ACL's to get the permissions I want.

Dan



Please respond to users@httpd.apache.org

To: users@httpd.apache.org
cc:  (bcc: Dan Mitton/YD/RWDOE)
Subject:[EMAIL PROTECTED] Permissions dilemma in the /var/log/httpd 
directory
LSN: Not Relevant
User Filed as: Not a Record

Hi,
Here is my dilemma and I'd appreciate some help.
Apache has been configured and is running fine.  But other users need read 
permissions to the /var/log/httpd directory.
Before I implemented cronolog (www.cronolog.org), I forced a permissions 
change to 755 in the startup script for the /var/log/httpd directory. 
After I implemented  cronolog this does not work, since cronolog 
automatically changes permissions to 400.
Is there a way to force permissions to 644 at least in the httpd.conf file 
and keep it that way even after cronolog rotates logs.
I could implement chmod -R 755 /var/log/httpd via cron at midnight, but 
this is a crude way of doing thing.  I hope there is a better, elegant 
way, via Apache.

I again appreciate any inputs to this.

thanks

# mukarram syed



Mukarram Syed
[EMAIL PROTECTED]
 Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user 
panel and lay it on us. 



-
The official User-To-User support forum of the Apache HTTP Server Project.
See  for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest:  [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




Mukarram Syed
[EMAIL PROTECTED]

-
Looking for a deal? Find great prices on flights and hotels with Yahoo! 
FareChase.


Mukarram Syed
[EMAIL PROTECTED]
   
-
Need a vacation? Get great deals to amazing places on Yahoo! Travel. 

Re: [EMAIL PROTECTED] Permissions dilemma in the /var/log/httpd directory

[Dan_Mitton]

Remember, that this would effect every file create by apache or any 
children (like cronlog).  If there are CGI script that create files, these 
will be effected too.  By putting an ACL on the log directory, you kind of 
limit the "scope" of the change.

My ACL on our log directory looks like:

# file: apache2
# owner: root
# group: apache
user::rwx
group::rwx  #effective:rwx
mask:rwx
other:r-x
default:user::rwx
default:group::r-x
default:mask:r-x
default:other:---

Dan



Please respond to users@httpd.apache.org

To: users@httpd.apache.org
cc:  (bcc: Dan Mitton/YD/RWDOE)
Subject:Re: [EMAIL PROTECTED] Permissions dilemma in the 
/var/log/httpd directory
LSN: Not Relevant
User Filed as: Not a Record

I think that worked!
Just by adding umask 022 in apachectl startup script and restarting 
apache.

Thanks


Mukarram Syed <[EMAIL PROTECTED]> wrote:
I'll try that.
Thanks.

[EMAIL PROTECTED] wrote:
Have you tried setting the umask in your apache startup script? I'm 
running on Sun Solaris and I've used ACL's to get the permissions I want.

Dan



Please respond to users@httpd.apache.org

To: users@httpd.apache.org
cc: (bcc: Dan Mitton/YD/RWDOE)
Subject: [EMAIL PROTECTED] Permissions dilemma in the /var/log/httpd 
directory
LSN: Not Relevant
User Filed as: Not a Record

Hi,
Here is my dilemma and I'd appreciate some help.
Apache has been configured and is running fine. But other users need read 
permissions to the /var/log/httpd directory.
Before I implemented cronolog (www.cronolog.org), I forced a permissions 
change to 755 in the startup script for the /var/log/httpd directory. 
After I implemented cronolog this does not work, since cronolog 
automatically changes permissions to 400.
Is there a way to force permissions to 644 at least in the httpd.conf file 

and keep it that way even after cronolog rotates logs.
I could implement chmod -R 755 /var/log/httpd via cron at midnight, but 
this is a crude way of doing thing. I hope there is a better, elegant 
way, via Apache.

I again appreciate any inputs to this.

thanks

# mukarram syed



Mukarram Syed
[EMAIL PROTECTED]
Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user 
panel and lay it on us. 



-
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




Mukarram Syed
[EMAIL PROTECTED]
Looking for a deal? Find great prices on flights and hotels with Yahoo! 
FareChase.



Mukarram Syed
[EMAIL PROTECTED]
 Need a vacation? Get great deals to amazing places on Yahoo! Travel. 



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Apache 2.2.6 on Windows issues status

[Steffen]

Just to catch up.

A few things got broken in the changes between 2.2.5 and 2.2.6 and there is
no sight yet when the issues are solved.

For the status see:

http://www.apachelounge.com/forum/viewtopic.php?p=8758#8758


Steffen


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Apache Modules and Libraries

[Sheryl]

> When apache loads a module, does it use any environment variables to
> locate it's libraries?  If so..what?  I have an install of apache 2.0.55
> on HP-UX 11.11.  It was compiled with mod_ldap.so and mod_auth_ldap.so.
> The OpenSSL libraries that were used during the compile of apr,
> apr-util, and httpd have a funky link in them that starts with a "./".
> If you start httpd, it says it can't find the SSL library.  Setting the
> SHLIB_PATH environment fixes that, but then it throws this error:
>
>
>
> Syntax error on line 191 of /opt/apache3/conf/httpd.conf:
>
> Cannot load /opt/apache3/modules/mod_ldap.so into server: Unresolved
> external
>
>
>
> I'm thinking they're related as the mod_auth_ldap.so uses SSL so it's
> probably trying to find the SSL libraries somehow.  I just need to
> figure out how to tell it where they are.

I haven't used HPUX in a while, but if it has the ldd command you should
be able to find out which library is causing the problem.

Then you can add the directory where the library resides to
/apache-install-directory/bin/envvars in the LD_LIBRARY_PATH variable.

Or you can compile in an RPATH which may have a slight security benefit. 
Depending upon the OS, you may be able to do that by exporting
LDFLAGS='-L/path/to/lib -R/path/to/lib' or you may have to do something like

export LDFLAGS="-L/path/to/lib  -Wl,--rpath -Wl,/path/to/lib"

Sheryl

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Direct script to specific port...

[Rodolfo De Nadai]

Is there a way to direct a specific script to run on a diferent port 
than the default configurated in http.conf??


Exemple:
default port is 80
script myscript.php should run on port 5128
all other scripts should run on port 80

thanks
--
* Rodolfo De Nadai *
* Analista de Sistema Jr. - Desenvolvimento *




*Informática de Municípios Associados S.A.*
Seu governo mais inteligente
[EMAIL PROTECTED]   - 
www.ima.sp.gov.br 
Fone: (19) 3739-6000 / Ramal: 1307 



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Direct script to specific port...

[Chris Howell]

You could try configuring Virtual hosts to run on different ports, 
running your different programs/scripts in each different host.


Rodolfo De Nadai wrote:
Is there a way to direct a specific script to run on a diferent port 
than the default configurated in http.conf??


Exemple:
default port is 80
script myscript.php should run on port 5128
all other scripts should run on port 80

thanks


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] building httpd 2.2.4 for PPC on Intel Mac

[zdbwo]

Vincent Bray wrote on Fri 14 Sep 2007 07:39:17 AM EDT:

On 14/09/2007, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:

but when I try "sudo apachectl start", I get no httpd processes, and
this message in my error log:


"[emerg] (14)Bad address: Couldn't set permissions on
cross-process lock; check User and Group directives"

The default User and Group directives use daemon. I tried creating my
own user account and plugging in that user/group in place of daemon,
but I get the same result.


I've never seen this error message before. Grepping the code shows
that it's related to an inability to create the accept lock. As a
guess then, does changing the value of AcceptMutex make any
difference?

http://httpd.apache.org/docs/2.2/mod/mpm_common.html#acceptmutex


Adding "AcceptMutex flock" to httpd.conf did the trick. The default  
AcceptMutex is apparently sysvsem (I can actually get the debugging  
output in the error log now that httpd starts!), but that and pthread  
both fail.


flock, fcntl and posixsem all work fine.

Thanks for the help!

Cheers,

zak.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]