Re: [EMAIL PROTECTED] limiting user?

[WhoAmI]

I think you can find many tutorials on-line.

You have to use the system-quota and, php open_basedir directive and some
chroot options, it's very simple.

WhoAmI

On Wed, 27 Aug 2008 17:08:49 -0400, "Zach Uram" <[EMAIL PROTECTED]> wrote:
> I wish to add a user account for my friend on my Apache2 webserver
> (running in Debian).
> 
> How can I limit how much disk space he can use and limit how much
> bandwidth?
> 
> Also I would like it so he cannot explore the filesystem and is
> limited to his $HOME directory only.
> 
> Zach
> 
> -
> The official User-To-User support forum of the Apache HTTP Server
Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
-- 
-WhoAmI-

Email: [EMAIL PROTECTED]
WebSite: http://www.autistici.org/whoami/


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Apache2 rewrite_log_lock

[Sam Wootton]

Hi,

Thanks for your reply and advice. Much appreciated.

I have this in my conf:

RewriteLog "logs/rewrite.log"

I think i was just being lazy when i typed the sentence: RewriteLog
"logs/rewrite.log"

However, i still do not get things working, and still get the same error.

I'm not so sure the error (of permissions and logs) is actually 100% the way
to solve this (i could well be wrong on that), but i cannot see why it would
be complaining. This is my conf:

RewriteLog "logs/rewrite.log"
RewriteLogLevel 0
RewriteEngine Off

The logs is has /Library/Apache/ prepended to it.

Regards, Sam



2008/8/28 Ron Savage <[EMAIL PROTECTED]>

> Hi Sam
>
>
> > The permissions in the /apache/logs directory are all
>
> Lower case A? No 2?
>
> See below.
>
> > -rw-rw-r--
> >
> > however, in my attempt (temporarily) to get things working, i did
> > chmod 777 on all directories - and this still didn't work (i got the
> > rewrite lock error still).
> [snip]
>
> > >
> > > RewriteLog "/Library/Apache2/logs/
>
> /Library? Upper case A? 2?
>
> > > rewrite.log"
> > > RewriteLogLevel 0
>
> >From the docs, http://127.0.0.1/manual/mod/mod_rewrite.html#rewritelog
> it says: 'The RewriteLog directive sets the name of the file...'
>
> So
> 1) It's a file name not a dir name
> 2) Ensure all components of the path are meaningful
> 3) Patch httpd.conf and restart the server
>
> --
> Ron Savage
> [EMAIL PROTECTED]
> http://savage.net.au/index.html
>
>
>
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>   "   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

[EMAIL PROTECTED] Apache 1.3.41 on SunSolaris 10: htppd -F returns setsid error if started by a controlprocess

[Haas, Patrik]

Hi folks

I currently have a problem with Apache 1.3.41 running on SunSolaris 10.
We have to use 
the version 1.3.41 because of a dependency to a third party product
which doesn't support 
Apache 2.0 and higher.


What I want to do:
==
I want to start/stop the apache (httpd) by a program called 'sapcontrol'
which is part of a SAP Installation.


Codeline, how httpd is being called:

httpd -F -f /usr/sap/HAP/SYS/global/pa/conf/httpd.conf


My problem:
===
Although 'sapcontrol' calls the httpd with the option "-F", which causes
the mother process (sapcontrol) to 
not fork&detach, the httpd process doesn't start.  Instead I find in the
logfile following error message:
setsid: Not owner
wspa.sapHAP_DXPPW00: setsid failed
setsid() failed probably because you aren't running under a process
management tool like daemontools
(wspa.sapHAP_DXPPW00 is a link pointing to httpd)


What I already tried:
=
- start httpd with the option "-X" (debug mode) but without "-F":
  httpd was able to be started and stopped by sapcontrol and was running
properly; but in the debug mode it doesen't fork
  (but we need the fork feature)
- httpd of Apache 2.2.9 with the command line option "-DNO_DETACH"
behaves exactly how I want it to: does not 
  detach and forks itself and could be started and stopped by sapcontrol
- the option "-DNO_DETACH" has no affect on httpd of Apache 1.3.41.
httpd started but forked of it's mother process
  (sapcontrol) what I don't want
- the option "-DFOREGROUND" in Apache 1.3.41: the same affect as the
option "-DNO_DETACH"
- the option "-F" combined with the option "-DNO_DETACH" in Apache
1.3.41: the same error message as started
  with the option "-F" only:
  setsid: Not owner
  wspa.sapHAP_DXPPW00: setsid failed
  setsid() failed probably because you aren't running under a process
management tool like daemontools
- the option "-F" combined with the option "-DFOREGROUND" in Apache
1.3.41: the same error message as started
  with the option "-F" only:
  setsid: Not owner
  wspa.sapHAP_DXPPW00: setsid failed
  
I was also searching the web and scanning this mailing list but I didn't
found an entry with a similar problem neither
a hint how to handle this problem.
  
Does anybody of you may know how to solve my problem? Thanks in advance
for your help!
Best regards and thanks for your time!
Patrik

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Apache2 rewrite_log_lock

[Sam Wootton]

Hi,

I think this could be the issue with the mod_rewrite: Could not set
permissions on rewrite_log_lock bug i am having:

http://www.mail-archive.com/[EMAIL PROTECTED]/msg17461.html

Regards, Sam

2008/8/28 Sam Wootton <[EMAIL PROTECTED]>

> Hi,
>
> Thanks for your reply and advice. Much appreciated.
>
> I have this in my conf:
>
> RewriteLog "logs/rewrite.log"
>
> I think i was just being lazy when i typed the sentence: RewriteLog
> "logs/rewrite.log"
>
> However, i still do not get things working, and still get the same error.
>
> I'm not so sure the error (of permissions and logs) is actually 100% the
> way to solve this (i could well be wrong on that), but i cannot see why it
> would be complaining. This is my conf:
>
> RewriteLog "logs/rewrite.log"
> RewriteLogLevel 0
> RewriteEngine Off
>
> The logs is has /Library/Apache/ prepended to it.
>
> Regards, Sam
>
>
>
> 2008/8/28 Ron Savage <[EMAIL PROTECTED]>
>
> Hi Sam
>>
>>
>> > The permissions in the /apache/logs directory are all
>>
>> Lower case A? No 2?
>>
>> See below.
>>
>> > -rw-rw-r--
>> >
>> > however, in my attempt (temporarily) to get things working, i did
>> > chmod 777 on all directories - and this still didn't work (i got the
>> > rewrite lock error still).
>> [snip]
>>
>> > >
>> > > RewriteLog "/Library/Apache2/logs/
>>
>> /Library? Upper case A? 2?
>>
>> > > rewrite.log"
>> > > RewriteLogLevel 0
>>
>> >From the docs, http://127.0.0.1/manual/mod/mod_rewrite.html#rewritelog
>> it says: 'The RewriteLog directive sets the name of the file...'
>>
>> So
>> 1) It's a file name not a dir name
>> 2) Ensure all components of the path are meaningful
>> 3) Patch httpd.conf and restart the server
>>
>> --
>> Ron Savage
>> [EMAIL PROTECTED]
>> http://savage.net.au/index.html
>>
>>
>>
>> -
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>   "   from the digest: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>

[EMAIL PROTECTED] Apache module compatibility

[Steve Wong]

Hi,
Assume I developed a module, compiled and tested with Apache 2.2.6. When I
release the binary to others, what kind of compatibility may I claim in
terms of Apache HTTP server version. May I say something like:

Compiled with Apache 2.2.6
Tested with Apache 2.2.6
In theory ccompatible with all 2.2.* Apache servers

If there exist a good guild line/doc regarding release binary and describing
compatibility, I would appreciate if someone can point me there.
Thanks,
-Steve

Re: [EMAIL PROTECTED] limiting user?

[Matus UHLAR - fantomas]

On 27.08.08 17:08, Zach Uram wrote:
> I wish to add a user account for my friend on my Apache2 webserver
> (running in Debian).
> 
> How can I limit how much disk space he can use

quota system, independent on apache. However it can be avoided when he'll be
able to upload files using apache (cgi or php or whatever) under apache user

> and limit how much bandwidth?

I think mod_bandwidth does that.

> Also I would like it so he cannot explore the filesystem and is
> limited to his $HOME directory only.

you should better ask in debian mailng lists...

-- 
Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I don't have lysdexia. The Dog wouldn't allow that.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] mod_rewrite question

[Jason Pruim]

Hi Everyone,

Just recently joined this list so I apologize upfront for the toes  
that I'm about to stomp on!


I am trying to understand mod rewrite, and not having much luck... I  
am looking to do what I feel would be a simple rewrite but have not  
found the answer or could not understand it


What I want to do is to rewrite this url:
HTTP://www.raoset.com/purl/customer/index.php?purl=jasonpruim112

To something more like:

HTTP://www.raoset.com/jasonpruim112

Now... I can easily move the original if it makes it easier, I just  
didn't want a ton of files in my root folder if I could avoid it.  
Also, currently I'm hosting my own website with Apache 1.3.33 so I can  
make any changes that make sense to help the configuration.


Ultimately what I need is the working solution... Ideally... I want to  
understand mod rewrite so I don't have to ask more questions about it :)


thanks for taking the time to help out a newbie with a little system  
administration!



--

Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
11287 James St
Holland, MI 49424
www.raoset.com
[EMAIL PROTECTED]





-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] How to start Apache automatically with certificate?

[Tan, Liao]

Folks,
 Pls gimme some direction on how to start apache (already with the https 
certificate installed)automatically,that means, without informing manually the 
passwords, phrase?

Thank you

Ingrid 



-Original Message-
From: Jason Pruim [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 28, 2008 9:41 AM
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] mod_rewrite question


Hi Everyone,

Just recently joined this list so I apologize upfront for the toes  
that I'm about to stomp on!

I am trying to understand mod rewrite, and not having much luck... I  
am looking to do what I feel would be a simple rewrite but have not  
found the answer or could not understand it

What I want to do is to rewrite this url:
HTTP://www.raoset.com/purl/customer/index.php?purl=jasonpruim112

To something more like:

HTTP://www.raoset.com/jasonpruim112

Now... I can easily move the original if it makes it easier, I just  
didn't want a ton of files in my root folder if I could avoid it.  
Also, currently I'm hosting my own website with Apache 1.3.33 so I can  
make any changes that make sense to help the configuration.

Ultimately what I need is the working solution... Ideally... I want to  
understand mod rewrite so I don't have to ask more questions about it :)

thanks for taking the time to help out a newbie with a little system  
administration!


--

Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
11287 James St
Holland, MI 49424
www.raoset.com
[EMAIL PROTECTED]





-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] mod_rewrite question

[Krist van Besien]

On Thu, Aug 28, 2008 at 14:41, Jason Pruim <[EMAIL PROTECTED]> wrote:

> What I want to do is to rewrite this url:
> HTTP://www.raoset.com/purl/customer/index.php?purl=jasonpruim112
>
> To something more like:
>
> HTTP://www.raoset.com/jasonpruim112

In what direction do you want the rewrite? Do you want:

1) Browser sends HTTP://www.raoset.com/jasonpruim112 and you want your
server to answer with the content at
HTTP://www.raoset.com/purl/customer/index.php?purl=jasonpruim112

or
2) Browser sends
HTTP://www.raoset.com/purl/customer/index.php?purl=jasonpruim112 and
you want your server to answer with the content at
HTTP://www.raoset.com/jasonpruim112

For case 1) you could do something like:

RewriteRule  /(.*)   /purl/customer/index.php?purl=$1

Krist


-- 
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] How to start Apache automatically with certificate?

[Tan, Liao]

another information: when I created the certificate, I didnt know about that it 
would prompt me for passphrase, and now that everything´s installed, would like 
to know how do I make it start without prompting me ...? creating another 
certificate, and doing all over again (my application, apache, tomcat settings) 
is not an option.

Thank you
Ingrid



-Original Message-
From: Tan, Liao [CMB-IT] 
Sent: Thursday, August 28, 2008 10:10 AM
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] How to start Apache automatically with
certificate? 


Folks,
 Pls gimme some direction on how to start apache (already with the https 
certificate installed)automatically,that means, without informing manually the 
passwords, phrase?

Thank you

Ingrid 



-Original Message-
From: Jason Pruim [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 28, 2008 9:41 AM
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] mod_rewrite question


Hi Everyone,

Just recently joined this list so I apologize upfront for the toes  
that I'm about to stomp on!

I am trying to understand mod rewrite, and not having much luck... I  
am looking to do what I feel would be a simple rewrite but have not  
found the answer or could not understand it

What I want to do is to rewrite this url:
HTTP://www.raoset.com/purl/customer/index.php?purl=jasonpruim112

To something more like:

HTTP://www.raoset.com/jasonpruim112

Now... I can easily move the original if it makes it easier, I just  
didn't want a ton of files in my root folder if I could avoid it.  
Also, currently I'm hosting my own website with Apache 1.3.33 so I can  
make any changes that make sense to help the configuration.

Ultimately what I need is the working solution... Ideally... I want to  
understand mod rewrite so I don't have to ask more questions about it :)

thanks for taking the time to help out a newbie with a little system  
administration!


--

Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
11287 James St
Holland, MI 49424
www.raoset.com
[EMAIL PROTECTED]





-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] How to start Apache automatically with certificate?

[Davide Bianchi]

Tan, Liao wrote:
> Folks,
> Pls gimme some direction on how to start apache (already with the
https certificate installed)automatically,that means, without informing
manually the passwords, phrase?

You either use an empty passphrase or you'll have to figure some system
to automatically type the passphrase. On the other hand, it shouldn't
die on his own, so if it does dies on his own, maybe you don't want it
to start on his own too without any information.

Davide


-- 
Windows: an Unrecoverable Acquisition Error!

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] How to start Apache automatically with certificate?

[Krist van Besien]

On Thu, Aug 28, 2008 at 15:10, Tan, Liao <[EMAIL PROTECTED]> wrote:
> Folks,
>  Pls gimme some direction on how to start apache (already with the https 
> certificate installed)automatically,that means, without informing manually 
> the passwords, phrase?

The easiest way is to remove the passphrase from the private key.
http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#removepassphrase

Krist

-- 
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] How to start Apache automatically with certificate?

[Davide Bianchi]

Tan, Liao wrote:
> another information: when I created the certificate, I didnt know about that 
> it would prompt me for passphrase, and now that everything´s installed, would 
> like to know how do I make it start without prompting me ...? creating 
> another certificate, and doing all over again (my application, apache, tomcat 
> settings) is not an option.

See point 3 of http://www.akadia.com/services/ssh_test_certificate.html

Davide

-- 
Bugs come in through open Windows.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] How to start Apache automatically with certificate?

[Tan, Liao]

Ok, ic I can simply remove the passphrase, and provided the new key be 
readabale by root only, I should not have any security problems... is it simply 
remove it? or any other settings, configuratios, re-installation?

Thanks
Ingrid 



-Original Message-
From: Davide Bianchi [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 28, 2008 10:26 AM
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] How to start Apache automatically with
certificate?


Tan, Liao wrote:
> another information: when I created the certificate, I didnt know about that 
> it would prompt me for passphrase, and now that everything´s installed, would 
> like to know how do I make it start without prompting me ...? creating 
> another certificate, and doing all over again (my application, apache, tomcat 
> settings) is not an option.

See point 3 of http://www.akadia.com/services/ssh_test_certificate.html

Davide

-- 
Bugs come in through open Windows.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] How to start Apache automatically with certificate?

[Tan, Liao]

saw a link, indicating that I can change the user interaction on apache startup:

http://docs.sun.com/source/817-3693-10/6_SSL_Apache.html#51644

did anybody try this way in the past? how it was?

Txs,
Ingrid



-Original Message-
From: Davide Bianchi [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 28, 2008 10:26 AM
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] How to start Apache automatically with
certificate?


Tan, Liao wrote:
> another information: when I created the certificate, I didnt know about that 
> it would prompt me for passphrase, and now that everything´s installed, would 
> like to know how do I make it start without prompting me ...? creating 
> another certificate, and doing all over again (my application, apache, tomcat 
> settings) is not an option.

See point 3 of http://www.akadia.com/services/ssh_test_certificate.html

Davide

-- 
Bugs come in through open Windows.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] too many open files

[Michael Sutter]

Hello Arnab,

thanks for your. I've checked ant the limit is set correct.
Nevertheless, during my debugging I found out, that I interpreted
the error wrong. I use a Java client to query the service and I always
got a AxisFault exception. So I interpreted that the exception is from
the service, but the client is producing it. So I have to increment the
limit on client side and everything works fine.

Again thank you for your help
Michael

Arnab Ganguly wrote:

Hi Michael,
Did you tried the following "ulimit -S -n `ulimit -H -n` ?
This will assign the max open file hard limits value to your soft limit.
Can you check the output of ulimit -H -n and ulimit -S -n?Former gives 
your hard and the latter gives your soft limits respectively.
Even if the above step is giving problem then increase the hard limit 
to max value as per ur system should be something like 99.So put 
this value to ur soft limit by the above procedure in the apachectl 
script and try out.You print the value of ulimit -S -n in you 
apachectl script just to make sure the change is taking place.Make 
sure the shell which runs the apachectl gets the incremented FDS.

Thanks
Arnab

On Wed, Aug 27, 2008 at 12:40 AM, Michael Sutter 
<[EMAIL PROTECTED] > wrote:


Hello Arnab,

sorry for answering so late, but it took some time to test it.
At the beginning of the apachectl script I put
ulimit -n 5
and restarted the daemon with the apachectl script.

Nevertheless, it don't changed the behavior. The service
was running for about  7 - 8 hours and after that I error
message.

Maybe you have another hint for me?

Kind regards
Michael

Arnab Ganguly wrote:

Can you try assigning the soft limit value to hard limit value
and restart the server.You can put this in apachectl script so
that it gets affected for the shell used for Apache.
Thanks
Arnab

On Mon, Aug 25, 2008 at 6:47 PM, Michael Sutter
<[EMAIL PROTECTED] > wrote:

Hello list,

I have a strange problem with my httpd daemon and hopefully
somebody can help me.
I'm running a Apache 2.0.49 on a Suse 9.1 and have the
mod_axis2 deployed. Inside
Axis2 I'm running a service which is queried every ten seconds.

After running for some hours, sometimes 2, sometimes 4,
sometimes more I always got
a exception: Too many open files. The exception is not
written to the error log, it is the
return value of my service. I also have no entry at the
corresponding time in my access.log,
so I think it is thrown before the service is accessed.

I searched through the list and found, that normally the
solution is  to increase the limit
of open files. So I added in /etc/security/limits.conf
*  softnofile  8192
*  hardnofile  5
logged out and in again.

For my understanding this should increase the number of open
files for every user.
Nevertheless, this don't changed the behaviour. I always got
the exception. So I also
added ulimit -n 8192 to my init script, which shows the same
behaviour.

I also monitored the number of open files on the system. It
is always about 2000 - much
less then I have declared in the configuration. The httpd
daemon normally has 10 process
and every process has opened about 90 - 95 files. So I'm also
not on the configured limit.

Has anybody some idea what I'm doing wrong or how I can solve
the problem?

Kind regards
Michael

-
The official User-To-User support forum of the Apache HTTP
Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]

 "   from the digest:
[EMAIL PROTECTED]

For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] how to setup ssl certificate for apache httpd 2.2 + tomcat 6

[Plant More Tree]

Hi guys,

   I am currently using mod_jk to redirect all the *.html request from
apache httpd 2.2 to tomcat6. But the actual in tomcat6 server is .xhtml.
just fyi, I am using appfuse 1.9.6. I need to setup SSL certificate to
enable SSL for a few pages (in tomcat6) only like signup.html etc. Can
anyone pls guide me on this?

Thanks & Regards,
Mark
-- 
View this message in context: 
http://www.nabble.com/how-to-setup-ssl-certificate-for-apache-httpd-2.2-%2B-tomcat-6-tp19202608p19202608.html
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] how to setup ssl certificate for apache httpd 2.2 + tomcat6

[Plant More Tree]

Hi guys,

   I am currently using mod_jk to redirect all the *.html request from
apache httpd 2.2 to tomcat6. But the actual in tomcat6 server is .xhtml.
just fyi, I am using appfuse 1.9.6. I need to setup SSL certificate to
enable SSL for a few pages (in tomcat6) only like signup.html etc. Can
anyone pls guide me on this?

Thanks & Regards,
Mark
-- 
View this message in context: 
http://www.nabble.com/how-to-setup-ssl-certificate-for-apache-httpd-2.2-%2B-tomcat6-tp19202617p19202617.html
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] mod_rewrite question

[Jason Pruim]

On Aug 28, 2008, at 9:21 AM, Krist van Besien wrote:


On Thu, Aug 28, 2008 at 14:41, Jason Pruim <[EMAIL PROTECTED]> wrote:


What I want to do is to rewrite this url:
HTTP://www.raoset.com/purl/customer/index.php?purl=jasonpruim112

To something more like:

HTTP://www.raoset.com/jasonpruim112


In what direction do you want the rewrite? Do you want:

1) Browser sends HTTP://www.raoset.com/jasonpruim112 and you want your
server to answer with the content at
HTTP://www.raoset.com/purl/customer/index.php?purl=jasonpruim112

or
2) Browser sends
HTTP://www.raoset.com/purl/customer/index.php?purl=jasonpruim112 and
you want your server to answer with the content at
HTTP://www.raoset.com/jasonpruim112

For case 1) you could do something like:

RewriteRule  /(.*)   /purl/customer/index.php?purl=$1



Hi Krist,

It is case 1 that I want. I want people to be able to type in: HTTP://www.raoset.com/jasonpruim112 
 and have my script at: HTTP://www.raoset.com/purl/purl.php?purl=jasonpruim112 
 take over control.


I tried the rewrite rule you supplied in a .htaccess file with no  
luck...


To make things more simple since I'm starting as a baby in mod_rewrite  
I have setup this .htaccess file on the root of the website:


Options +FollowSymLinks
Options +Indexes
RewriteEngine On
RewriteRule ^index.rewrite$ thankyou.html [L]

But no luck... index.rewrite page does not exist, but thankyou.html  
does.


Also, I don't know if it makes a difference, but I have been  
restarting apache after each change but with success.


mod_rewrite is enabled in my http conf file. but I haven't been able  
to get any redirects to work yet...Would seeing my httd conf file help  
at all?


Thanks again for your help on this!


--

Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
11287 James St
Holland, MI 49424
www.raoset.com
[EMAIL PROTECTED]





-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] How to install SSL certificate for virtual server?

[bfb21]

I have an apache 1.3x server which utilizes SSL.  Lets say the name is
www.myserver1.com.  I use apachectl startssl to start the server, and can
access it using https://www.myserver1.com.  Now I have a second virtual
server named www.myserver2.com using the same IP, which I want to secure.
When I attempt to access it, I get the following error in Firefox:

   Secure Connection Failed
   www.myserver2.com uses an invalid security certificate.
   The certificate is only valid for www.myserver1.com
   (Error code: ssl_error_bad_cert_domain)

Here's an excerpt of my virtual host configuration:


ServerName www.myserver2.com

SSLCipherSuite 
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/apache/conf/ssl.crt/www.myserver2.com.crt
SSLCertificateKeyFile 
/usr/local/apache-1.3.37/conf/ssl.key/www.myserver2.com.key


SSLOptions +StdEnvVars


SetEnvIf User-Agent ".*MSIE.*" \
 nokeepalive ssl-unclean-shutdown \
 downgrade-1.0 force-response-1.0

CustomLog /usr/local/apache/logs/ssl_request_log \
  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"



How do you secure a second virtual host with an SSL certificate, so I can then
access https://www.myserver2.com?

-Thanks 

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Apache module compatibility

[Dragon]

Steve Wong did speak thusly:

Hi,
Assume I developed a module, compiled and tested with Apache 
2.2.6. When I release the binary to others, what kind 
of compatibility may I claim in terms of Apache HTTP server version. 
May I say something like:


Compiled with Apache 2.2.6
Tested with Apache 2.2.6
In theory ccompatible with all 2.2.* Apache servers

If there exist a good guild line/doc regarding release binary and 
describing compatibility, I would appreciate if someone can point me there.

Thanks,
-Steve

 End original message. -

No, you really can't claim any such thing because there are a bunch 
of system libraries involved on any platform on which Apache runs. 
Unless the OS and system libraries and processor architecture are the 
same, you can only claim that it will work on the exact same environment.


Any other environment may be incompatible in any number of ways.

Dragon

~~~
 Venimus, Saltavimus, Bibimus (et naribus canium capti sumus)
~~~

Re: [EMAIL PROTECTED] Apache module compatibility

[Steve Wong]

Thanks for your reply. I do expect the binary releases are tied to platform
specific information (OS, processor architecture, dependent libraries). If
the only thing change is Apache server version, does it work? Or I should be
prepared to add a dimension to my binary release matrix. The grid for the
new dimension is the last part of the version number of Apache.

So, let me ask my question specific to a single platform again. Is Apache
a.b.y backward compatible with a.b.x in terms of loading modules previously
compiled with a.b.y? Do I have to recompile my modules for every single
minor releases?
Thanks

On Thu, Aug 28, 2008 at 1:34 PM, Dragon <[EMAIL PROTECTED]> wrote:

> Steve Wong did speak thusly:
>
> Hi,
> Assume I developed a module, compiled and tested with Apache 2.2.6. When I
> release the binary to others, what kind of compatibility may I claim in
> terms of Apache HTTP server version. May I say something like:
>
> Compiled with Apache 2.2.6
> Tested with Apache 2.2.6
> In theory ccompatible with all 2.2.* Apache servers
>
> If there exist a good guild line/doc regarding release binary and
> describing compatibility, I would appreciate if someone can point me there.
> Thanks,
> -Steve
>
>  End original message. -
>
> No, you really can't claim any such thing because there are a bunch of
> system libraries involved on any platform on which Apache runs. Unless the
> OS and system libraries and processor architecture are the same, you can
> only claim that it will work on the exact same environment.
>
> Any other environment may be incompatible in any number of ways.
>
>
> Dragon
>
> ~~~
>  Venimus, Saltavimus, Bibimus (et naribus canium capti sumus)
> ~~~
>

Re: [EMAIL PROTECTED] Apache module compatibility

[Dragon]

Steve Wong did speak thusly:
Thanks for your reply. I do expect the binary releases are tied to 
platform specific information (OS, processor architecture, dependent 
libraries). If the only thing change is Apache server version, does 
it work? Or I should be prepared to add a dimension to my binary 
release matrix. The grid for the new dimension is the last part of 
the version number of Apache.


So, let me ask my question specific to a single platform again. Is 
Apache a.b.y backward compatible with a.b.x in terms of loading 
modules previously compiled with a.b.y? Do I have to recompile my 
modules for every single minor releases?

 End original message. -

I am not an expert on that but I would say that it is possible it 
might work but to be safe, you should compile against each particular 
version of Apache you wish to support.


The other option is to make your source code available so people can 
compile it against their own environment.


Dragon

~~~
 Venimus, Saltavimus, Bibimus (et naribus canium capti sumus)
~~~


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] lower cpu priority to perl scripts

[Richard de Vries]

I found the following on google; you should be able to taylor it to your needs:
http://techtasks.com/code/viewbookcode/567
# This code sets the priority of a process

# ---
# Adapted from VBScript code contained in the book:
#  "Windows Server Cookbook" by Robbie Allen
# ISBN: 0-596-00633-0
# ---

use Win32::OLE;
$Win32::OLE::Warn = 3;

use constant NORMAL => 32;
use constant IDLE => 64;
use constant HIGH_PRIORITY => 128;
use constant REALTIME => 256;
use constant BELOW_NORMAL => 16384;
use constant ABOVE_NORMAL => 32768;

# -- SCRIPT CONFIGURATION --
$strComputer = '.';
$intPID = 2880; # set this to the PID of the target process
$intPriority = ABOVE_NORMAL; # Set this to one of the constants above
# -- END CONFIGURATION -
print "Process PID: $intPID\n";
$objWMIProcess = Win32::OLE->GetObject('winmgmts:' . $strComputer . 
'\\root\\cimv2:Win32_Process.Handle=\'' . $intPID . '\'');
print 'Process name: ' . $objWMIProcess->Name, "\n";
$intRC = $objWMIProcess->SetPriority($intPriority);
if ($intRC == 0) {
print "Successfully set priority.\n";
}
else {
print 'Could not set priority. Error code: ' . $intRC, "\n";
}




- Original Message 
From: david <[EMAIL PROTECTED]>
To: users@httpd.apache.org
Sent: Wednesday, August 27, 2008 5:31:15 PM
Subject: Re: [EMAIL PROTECTED] lower cpu priority to perl scripts

Audio Phile:

Do you have a comparable example for ActiveState Perl on Windows?


At 03:12 PM 8/27/2008, you wrote:
>If you are running on unix, the easiest way to probably do this is 
>by calling the "setpriority" from within your perl script like this:
>setpriority(WHICH,WHO,PRIORITY);
>To set your current running perlscript to the lowest priority, you 
>would call setpriority(0, $$, 20);
>$$ is your script's process ID, and "20" denotes the priority. (as 
>you know, -20 is highest priority and 20 the lowest priority).
>Cheers,
>    R.
>
>- Original Message 
>From: Audio Phile <[EMAIL PROTECTED]>
>To: users@httpd.apache.org
>Sent: Wednesday, August 27, 2008 2:18:53 PM
>Subject: Re: [EMAIL PROTECTED] lower cpu priority to perl scripts
>
>Tamer,
>
>Thank you very much for the reply.  I googled around for the proper 
>syntax of your suggestion as well as which config file I need to 
>edit with it, but I came up with a big fat 0.  Can you provide a few 
>more details for me?  Apologies in advance, I am a newbie with apache2 :)
>
>Tamer Embaby wrote:
>Audio,
>
>You can always start your scripts with [re]nice() syscall to lower
>your process (perl script in this case) priority.
>
>Regards,
>Tamer
>
>-Original Message-
>From: Audio Phile [mailto:[EMAIL PROTECTED]
>Sent: Tuesday, August 26, 2008 8:57 PM
>To: users@httpd.apache.org
>Subject: [EMAIL PROTECTED] lower cpu priority to perl scripts
>
>I'd like to adjust the priority of /usr/bin/perl such that it will 
>always run with very low priority.  The PC that I'm using isn't very 
>powerful.  I'm running rrdweather on it and when a user hits the 
>weather.cgi about 10 processes of perl scripts run,
>which totally throttles foreground applications until they finish.
>
>How can I assign /usr/bin/perl to always run with a really low CPU 
>priority (a really high nice value) for any script it executes? Is 
>this an apache2 setting or...?
>
>
>
>
>-
>The official User-To-User support forum of the Apache HTTP Server Project.
>See http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>  "  from the digest: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
>
>-
>The official User-To-User support forum of the Apache HTTP Server Project.
>See http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>    "  from the digest: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "  from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] How to start Apache automatically with certificate?

[Joseph S D Yao]

On Thu, Aug 28, 2008 at 10:31:42AM -0300, Tan, Liao  wrote:
> Ok, ic I can simply remove the passphrase, and provided the new key be 
> readabale by root only, I should not have any security problems... is it 
> simply remove it? or any other settings, configuratios, re-installation?
> 


It should not be owned by root, because you should not be running your
server as root.  You should be running your servers as some other user,
say, "apache", and so the uncloaked cert files should be stored as
read-only by "apache".

Nothing should ever be owned by or done as root.  Nothing.  Absolutely
nothing.  Ever.  Unless you absolutely have to, and then it's still a
good idea to stop and think how to do it without being root.

Why should nothing be owned by root?  Because then manipulating it must
be done by root.

We should nothing be done by root?  Because you're human and are capable
of making mistakes, such as:

cd /
rm -rf /tmp/cruftdir. *

and because people cracking into systems LOVE to find daemon processes
running as "root", because then if they own that one daemon process,
they own the whole system.

YES, there is a bare minimum of things that must run as root.  The trick
is to find out how to approach that bare minimum.  No application
daemons should be running as root.


-- 
/*\
**
** Joe Yao  [EMAIL PROTECTED] - Joseph S. D. Yao
**
\*/

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] lower cpu priority to perl scripts

[Audio Phile]

Thanks to all who replied.  Richard, your solution works great.  I
didn't realize this was a script-specific mod.  I thought there would
be a setting in an apache2.conf or something on the FS.  I'm very glad
to have learned this.  Thanks again!

Richard de Vries wrote: 
If you are running on unix, the easiest way to probably do this is by calling 
the "setpriority" from within your perl script like this:
setpriority(WHICH,WHO,PRIORITY);
To set your current running perlscript to the lowest priority, you would call 
setpriority(0, $$, 20);
$$ is your script's process ID, and "20" denotes the priority. (as you know, 
-20 is highest priority and 20 the lowest priority). 
Cheers,
   R.


  

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] How to start Apache automatically with certificate?

[Eric Covener]

On Thu, Aug 28, 2008 at 2:53 PM, Joseph S D Yao <[EMAIL PROTECTED]> wrote:
> On Thu, Aug 28, 2008 at 10:31:42AM -0300, Tan, Liao  wrote:
>> Ok, ic I can simply remove the passphrase, and provided the new key be 
>> readabale by root only, I should not have any security problems... is it 
>> simply remove it? or any other settings, configuratios, re-installation?
>>
>
> It should not be owned by root, because you should not be running your
> server as root.  You should be running your servers as some other user,
> say, "apache", and so the uncloaked cert files should be stored as
> read-only by "apache".

root-owned private key sure sounds wiser to me.

> Why should nothing be owned by root?  Because then manipulating it must
> be done by root.

There are lots of files you don't want to be owned, or modifiable, by
non-root users.  This is a good thing.

-- 
Eric Covener
[EMAIL PROTECTED]

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] How to start Apache automatically with certificate?

[William A. Rowe, Jr.]

Joseph S D Yao wrote:

On Thu, Aug 28, 2008 at 10:31:42AM -0300, Tan, Liao  wrote:

Ok, ic I can simply remove the passphrase, and provided the new key be 
readabale by root only, I should not have any security problems... is it simply 
remove it? or any other settings, configuratios, re-installation?


It should not be owned by root, because you should not be running your
server as root.  You should be running your servers as some other user,
say, "apache", and so the uncloaked cert files should be stored as
read-only by "apache".


Yes, and the server should be *started* as root, User/Group modified to
a limited access account (e.g. apache, or nobody), all system resources
initially created and owned by root (e.g. logs/, certs etc), and the
appropriate access control granted to the apache/nobody user (no write
access to logs/, no read access to keys).

There are logs that are dynamically created, give your apache user write
access to a logs/safe/ directory to put those into.  But the logs/ dir
should never be modifiable by the apache user.  Similarly the certs dir
should never be readable by the apache user.

If you start your server (e.g. launch it) from the 'apache' user account,
it's impossible to keep the running server from manipulating the logs/
directory etc, or accessing keys files, etc.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] access.log question

[Howard, Chris]

I see in my access log requests for web pages which
I do not serve, some of which appear to have a 200 status.

That doesn't seem right.

I've tried to post a piece of my log but it keeps coming
back as spam.

Chris Howard


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] access.log question

[Frank Gingras]

Chris,

You should use a pastebin, and give us the direct link instead.

Howard, Chris wrote:

I see in my access log requests for web pages which
I do not serve, some of which appear to have a 200 status.

That doesn't seem right.

I've tried to post a piece of my log but it keeps coming
back as spam.

Chris Howard


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

  



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Apache module compatibility

[Nick Kew]

On Thu, 28 Aug 2008 07:57:24 -0400
"Steve Wong" <[EMAIL PROTECTED]> wrote:

> Hi,
> Assume I developed a module, compiled and tested with Apache 2.2.6.
> When I release the binary to others, what kind of compatibility may I
> claim in terms of Apache HTTP server version. May I say something
> like:
> 
> Compiled with Apache 2.2.6
> Tested with Apache 2.2.6
> In theory ccompatible with all 2.2.* Apache servers

It will work with all Apache 2.2.n for n >= 6.

Unless you use an API that's extended in 2.2.6 since some earlier
2.2, it will also work with n < 6 releases.

> If there exist a good guild line/doc regarding release binary and
> describing compatibility, I would appreciate if someone can point me
> there. Thanks,

See ap_mmn.h.  Modules will refuse to load in an incompatible version
of apache.

-- 
Nick Kew

Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] How to start Apache automatically with certificate?

[Joseph S D Yao]

On Thu, Aug 28, 2008 at 05:42:59PM -0400, Eric Covener wrote:
...
> root-owned private key sure sounds wiser to me.
...


Tell me three good reasons why.  Bad ones don't count.

There is nothing special about a file that is owned by root vs. another
UID.  There is a PROBLEM, that you must be root to do anything with that
file.

If 'httpd' is run as user "apache", as it should be on any
well-regulated system, then a file that is readable only by root will
not be usable by it.  It will be USELESS.


> There are lots of files you don't want to be owned, or modifiable, by
> non-root users.  This is a good thing.


By non-root USERS, yes, absolutely.  Who said anything about users?  I'm
talking about a SYSTEM account.

Again, there is ABSOLUTELY NOTHING SPECIAL about a file that is owned by
root, except that to do anything with it, you have to have super-user
powers, which YOU SHOULD NEVER DO!  They are DANGEROUS.


-- 
/*\
**
** Joe Yao  [EMAIL PROTECTED] - Joseph S. D. Yao
**
\*/

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] How to start Apache automatically with certificate?

[Joseph S D Yao]

On Thu, Aug 28, 2008 at 04:53:05PM -0500, William A. Rowe, Jr. wrote:
> Joseph S D Yao wrote:
> > On Thu, Aug 28, 2008 at 10:31:42AM -0300, Tan, Liao  wrote:
> >> Ok, ic I can simply remove the passphrase, and provided the new key be 
> >> readabale by root only, I should not have any security problems... is it 
> >> simply remove it? or any other settings, configuratios, re-installation?
> > 
> > It should not be owned by root, because you should not be running your
> > server as root.  You should be running your servers as some other user,
> > say, "apache", and so the uncloaked cert files should be stored as
> > read-only by "apache".
> 
> Yes, and the server should be *started* as root, User/Group modified to
> a limited access account (e.g. apache, or nobody), all system resources
> initially created and owned by root (e.g. logs/, certs etc), and the
> appropriate access control granted to the apache/nobody user (no write
> access to logs/, no read access to keys).
> 
> There are logs that are dynamically created, give your apache user write
> access to a logs/safe/ directory to put those into.  But the logs/ dir
> should never be modifiable by the apache user.  Similarly the certs dir
> should never be readable by the apache user.
> 
> If you start your server (e.g. launch it) from the 'apache' user account,
> it's impossible to keep the running server from manipulating the logs/
> directory etc, or accessing keys files, etc.


Sorry, yes, of course, it is almost always started [or re-started] as
root, and then chowns itself.  I was thinking that it read the cert
after the chown, but I don't remember with certainty.  I need to go
re-read the code anyway, I'll look next time so I can give a good cite
if this thread is still running.  ;-)


-- 
/*\
**
** Joe Yao  [EMAIL PROTECTED] - Joseph S. D. Yao
**
\*/

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] How to start Apache automatically with certificate?

[William A. Rowe, Jr.]

Joseph S D Yao wrote:

On Thu, Aug 28, 2008 at 05:42:59PM -0400, Eric Covener wrote:
...

root-owned private key sure sounds wiser to me.

...

Tell me three good reasons why.  Bad ones don't count.


I owe you one and that's all my time you'll waste.

A root owned private key perms 400 is going to be visible to a cgi if
you are foolish enough to make it readable.  And once there, any trivial
MTM or DNS hole is going to allow your users to impersonate your business.

If starting as root and changing to apache/nobody user, that key will not
be visible if there's a local code execution vulnerability.

Please folks, treat Yao's security advise with the appropriate caution.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Using Servlets in Apache HTTPD Server

[zooo doush]

Hi,

 I have 2 project I'm working on, one of them is built using PHP the other is 
built using Servlets. Currently they run on 2 separate servers Apache HTTPD and 
Tomcat. But I want to integrate the 2 projects and to make the work run faster 
I need to run both of them in 1 server if possible (that serves both PHP and 
Servlets).

  I was searching for a way to make Apache HTTPD server work with servlets 
without sending requests into any other server (i.e. Tomcat). I found most of 
the people using mod_proxy_ajp or mod_jk as modules in HTTPD server and this 
will pass servlets requests into Tomcat server. But I think that will make my 
implementation much slower (sending and receiving requests between the 2 
servers will have communication overhead). 

Is there a way to make Servlets work in Apache without sending requests into 
Tomcat? my main concern is the slowness that will happened because of the 
communication between the 2 servers.

 Thanks,

    Iyad



  

Re: [EMAIL PROTECTED] How to start Apache automatically with certificate?

[Joseph S D Yao]

On Fri, Aug 29, 2008 at 01:39:06AM -0400, Joseph S D Yao wrote:
> On Thu, Aug 28, 2008 at 05:42:59PM -0400, Eric Covener wrote:
> ...
> > root-owned private key sure sounds wiser to me.
> ...
> 
> 
> Tell me three good reasons why.  Bad ones don't count.
> 
> There is nothing special about a file that is owned by root vs. another
> UID.  There is a PROBLEM, that you must be root to do anything with that
> file.
> 
> If 'httpd' is run as user "apache", as it should be on any
> well-regulated system, then a file that is readable only by root will
> not be usable by it.  It will be USELESS.


Even if 'httpd' is still running as root when reading the cert, and so
able to use it, it is still a bad idea to have it OWNED by root - you
still have to have super-user powers to maintain it.  Bad, bad, bad,
bad, bad.


-- 
/*\
**
** Joe Yao  [EMAIL PROTECTED] - Joseph S. D. Yao
**
\*/

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] How to install SSL certificate for virtual server?

[Krist van Besien]

On Thu, Aug 28, 2008 at 17:46,  <[EMAIL PROTECTED]> wrote:

> How do you secure a second virtual host with an SSL certificate, so I can then
> access https://www.myserver2.com?

The usual answer to this question is: You can't. See:
http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts2

There is an experimental extension to the SSL protocol, called SNI,
which would make virtualhosts possible. As far as I can see this
requires a recompile of both apache and openssl...

Krist


-- 
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] How to start Apache automatically with certificate?

[Krist van Besien]

On Fri, Aug 29, 2008 at 08:05, Joseph S D Yao <[EMAIL PROTECTED]> wrote:

> Even if 'httpd' is still running as root when reading the cert, and so
> able to use it, it is still a bad idea to have it OWNED by root - you
> still have to have super-user powers to maintain it.  Bad, bad, bad,
> bad, bad.

You need super user powers to maintain a webserver anyway.
Doesn't mean you need to become root. You can use sudo. And putting in
place a key is something you're not going to do often anyway.

Krist


-- 
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] access.log question

[Davide Bianchi]

Howard, Chris wrote:
> I see in my access log requests for web pages which
> I do not serve, some of which appear to have a 200 status.
> 
> That doesn't seem right.

It depends if you use any kind of rewrite or CMS. If you do, chances are
that the result code (200) is because of the rewrite and the page
returned is your 'error' or 'home' page all the time. Check the size
returned. If it is always the same and (incidentally) exactly the same
size returned for the 'home' or 'error' page, then you have it.

Davide

-- 
Clues seem to seep out of lusers faster than you can LART them back in.
--Simon Burr

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]