[us...@httpd] Apache suddenly stops serving requests, recv() returns -1/errno=EAGAIN forever
Dear Apache users, I'm forced to write yet another program that downloads HTTP files from an Apache server, and I'm facing a problem that is new to Google: First, to ensure that my application stays responsive, I enabled a timeout with setsockopt(sockid,SOL_SOCKET,SO_RCVTIMEO right after the successful connect(). Things work fine, but every once in a while (especially when downloading larger files), the recv() call suddenly returns -1, and errno is EAGAIN. That's still fine, and I would expect that the download continues normally with the next call to recv(), but unfortunately not: All subsequent calls to recv() return -1/errno=EAGAIN, and this continues for an hour, then errno becomes ECONRESET (one hour is the timeout I configured in Apache). So the question is: Is this behavior still OK according to TCP/IP, HTTP, Apache specifications? What can cause Apache to suddenly stop serving data, and then terminate the connection after an hour? There are no special entries in Apaches error_log I found someone with a similar problem at this location: http://mail-archives.apache.org/mod_mbox/httpd-users/200705.mbox/%3c009b01c797ca$784675a0$2200a...@laptop%3e My Apache is the one in RHEL 5, Linux 2.6.18-92.1.22.el5 #1 SMP Tue Dec 16 06:45:03 EST 2008 x86_64 x86_64 x86_64 GNU/Linux Clients with the problem are running Linux or MacOSX. Many thanks in advance for any insight you can provide, Elmar - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Apache suddenly stops serving requests, recv() returns -1/errno=EAGAIN forever
Elmar Krieger wrote: Dear Apache users, I'm forced to write yet another program that downloads HTTP files from an Apache server, ... Naive question : why would you do that, when there are probably at least 10 existing libraries/utilities that already do that, and do it right ? I mean that downloading a file from a webserver is not just a matter of opening a socket and reading bytes from it. There are such things as status codes, HTTP headers, encoding, transfer-encoding, etc.. Do you really want to re-invent the wheel ? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [us...@httpd] Apr_bucket_read() failed when uploading files
-Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: dinsdag 23 juni 2009 9:32 To: users@httpd.apache.org Subject: Re: [us...@httpd] Apr_bucket_read() failed when uploading files Mark wrote: > > So, needless to say, this is quite serious. Like I said, I even got > > an admin (not a silly helpdesk clerk) to admit that it's a bug; > > but they're not gonna fix it. That's why I was looking for a way > > around it. > > Well then, I'm afraid that all I can tell you is to look for another > hosting site. And I'm afraid it will have to come to this. Not after I demand a full refund, though. > As I mentioned earlier, I (and many others) have the same kind of thing > working flawlessly at umpteen sites, with umpteen versions of Apache > and Perl. I have this working on many other sites too. It's all pretty straightforward, basic upload methodology. > If the script fails to do the "new CGI", plus this apr message you get > in the logs, then there is undoubtedly something wrong in the host > configuration, or a software mismatch, or whatever Yep, something's seriously screwed up. They wrote me: "We are sorry to inform you that the problem is being caused by the current version of the Apache server. Unfortunately update of the Apache configuration is not scheduled yet as the service is stabilized at it's best." Stabilized at its best, eh? LOL. I guess awardspace and I have different definitions of stable. > Incidentally, how much are you paying for hosting this? Well, the price is right: only $10 a month. They offer a lot for that. But if half of it isn't working... > I'm just curious, since you seem to be in the US, N.Y. and I'm in > Europe. I'm in Europe too. :) - Mark - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Apache suddenly stops serving requests, recv() returns -1/errno=EAGAIN forever
>> Dear Apache users, >> >> I'm forced to write yet another program that downloads HTTP files from >> an >> Apache server, > ... > Naive question : why would you do that, when there are probably at least > 10 existing libraries/utilities that already do that, and do it right ? > > I mean that downloading a file from a webserver is not just a matter of > opening a socket and reading bytes from it. There are such things as > status codes, HTTP headers, encoding, transfer-encoding, etc.. > Do you really want to re-invent the wheel ? I did of course start with code from the web, but that was not reliable enough. For example the download routines of Firefox and Safari are not satisfactory, because they also hang forever occasionally, and don't automatically restart the transfer with a new request. I need it 100% fool-proof. Anyway, could you point me to the most reliable public domain (not GNU GPL) library you know, that compiles in Linux, Windows and MacOSX? Then I can compare the code.. And any idea under which circumstances a recv() from a socket connection to Apache can report -1/errno=EAGAIN for an hour without progress would still be appreciated. It's a server side problem, because it happens from clients all over the world ;-) Thanks for your help, Elmar - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] How can I secure my apache server from DoS attack ?
On 23 Jun 2009, at 13:25, Neelesh Gurjar wrote: MaxClients 150 So slowloris only needs to make 150 connections to tie up your server! A simple raise to, say, 1500, would prevent a single slowloris machine bringing you down[1]. Though of course you're still vulnerable to DDoS: for that you might want to raise it higher and use traffic management. [1] for any of the machines I've tried it on - http://bahumbug.wordpress.com/2009/06/21/slowloris/ -- Nick Kew - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] vhost limit module
Apache 2.2.11 Has anyone worked with vhost limit module? I can't find tutorial or manual to read about it. Is there one? Is it possible to set customized message for clients that are being turned away? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Apache suddenly stops serving requests, recv() returns -1/errno=EAGAIN forever
On Wed, 2009-06-24 at 08:09 -0500, Elmar Krieger wrote: > >> Dear Apache users, > >> > >> I'm forced to write yet another program that downloads HTTP files from > >> an > >> Apache server, > > ... > > Naive question : why would you do that, when there are probably at least > > 10 existing libraries/utilities that already do that, and do it right ? > > > > I mean that downloading a file from a webserver is not just a matter of > > opening a socket and reading bytes from it. There are such things as > > status codes, HTTP headers, encoding, transfer-encoding, etc.. > > Do you really want to re-invent the wheel ? > > I did of course start with code from the web, but that was not reliable > enough. For example the download routines of Firefox and Safari are not > satisfactory, because they also hang forever occasionally, and don't > automatically restart the transfer with a new request. I need it 100% > fool-proof. > > Anyway, could you point me to the most reliable public domain (not GNU > GPL) library you know, that compiles in Linux, Windows and MacOSX? Then I > can compare the code.. > > And any idea under which circumstances a recv() from a socket connection > to Apache can report -1/errno=EAGAIN for an hour without progress would > still be appreciated. It's a server side problem, because it happens from > clients all over the world ;-) > > Thanks for your help, > Elmar > > I can download all sorts of large files from apache, it truly Works For Me, so this certainly sounds like a naive client app rather than a server side bug. Any reason why you aren't using curl/libcurl/wget/libfetch? When there are BSD licensed wheels out there, don't design your own.. Eg: http://curl.haxx.se/ (MIT) http://curl.haxx.se/libcurl/ (MIT) http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libfetch/ (BSD) Curl has a list of the FOSS http libraries: http://curl.haxx.se/libcurl/competitors.html HTH Tom - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Weird problem with SSL and Google Chrome and IE7/8.
Apache 2.2.11 w/Openssl 0.9.8k
I'm having a weird problem with Apache and Chrome and IE7/8. The problem
only seems to happen with SSL connections. On some requests, I get exactly
30 second delays. Firefox gets no delays. Since it seems to be
consistently
30 seconds when it happens, it seems like some sort of timeout. It doesn't
happen on every request, but it happens a lot.
This is a development server, so I didn't want to bother buying a proper
certificate for it. At first, I used another server's certificate.
Then I tried
a self signed certificate that matched the server. I still have the
problem.
No errors in the error log.
My SSLCipherSuite from httpd-ssl.conf:
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
I use this in the access logs for SSL requests: %{SSL_PROTOCOL}x
%{SSL_CIPHER}x
For Firefox, SSL requests log that as: TLSv1 DHE-RSA-AES256-SHA
For Chrome/IE7, SSL requests log that as: TLSv1 RC4-MD5
Any ideas?
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Re: Weird problem with SSL and Google Chrome and IE7/8.
I forgot to mention, I also have this, in httpd-ssl.conf BrowserMatch ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 Not sure if that matters. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Re: Weird problem with SSL and Google Chrome and IE7/8.
Bill Davidson wrote: I forgot to mention, I also have this, in httpd-ssl.conf BrowserMatch ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 Not sure if that matters. Good point. I believe it well may. Did you try commenting that line out ? After all, it's pretty old as I recall. The MS guys may have fixed this in the meantime, one never knows. You'd probably have to be more specific in the match, because there's still a lot of inconsistent versions of IE out there. Another thing is the "nokeepalive" aspect. As far as I know, MS-HTTP stuff tends to keep a lot of stuff at the connection level, in terms of authentication, because with NTLM, it's quite expensive to have to do it by request (even if it worked, which it doesn't). Maybe the same extends here ? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] global variable use in mod_proxy_http.c
Hi. All. In mod_proxy_http.c, I globally declared a variable, like unsiged int count = 0; And I make it increase whenever the proxy gets a new http request. I expect it increases like 1, 2, 3, 4,... but it is always same 1. Does anydoby know why this happens? How can I use a global variable in mod_proxy_http? I am really new to this proxy stuff. I hope somebody can anwser to my simple question. Thanks. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] global variable use in mod_proxy_http.c
On Jun 24, 2009, at 12:47 PM, Brian Kim wrote: In mod_proxy_http.c, I globally declared a variable, like unsiged int count = 0; And I make it increase whenever the proxy gets a new http request. You mean when your httpd child processes get a new http request. I expect it increases like 1, 2, 3, 4,... but it is always same 1. How many test requests did you use, did you touch all the children? Does anydoby know why this happens? How can I use a global variable in mod_proxy_http? Declare it as shared memory, or extend the existing Scoreboard. See mod_example_ipc.c for the former. http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/examples/mod_example_ipc.c?view=co I am really new to this proxy stuff. I hope somebody can anwser to my simple question. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [us...@httpd] global variable use in mod_proxy_http.c
Brian Kim wrote: Hi. All. In mod_proxy_http.c, I globally declared a variable, like unsiged int count = 0; And I make it increase whenever the proxy gets a new http request. I expect it increases like 1, 2, 3, 4,... but it is always same 1. Does anydoby know why this happens? How can I use a global variable in mod_proxy_http? Not a simple answer, but read this : http://marc.info/?l=apache-httpd-users&m=124467015611975&w=2 The basic point is : when it starts, Apache is a single process. That one loads mod_proxy, with your variable initialised to 0. Then that main Apache forks into children. Each child is an exact copy, thus also with the variable = 0. The main Apache does not serve requests, so its copy always remains 0. But it distributes requests, 1 per child, as they come in. So probably your first request gets handled by child #1. It serves the request, and increments the variable, which for this child is now 1. Then your next request comes in, and is handled by child #2. Its variable is still 0. So it serves the request and increments the variable. Then your next request comes in and is served by child #3. And so on. Until... enough requests have come in, that a child that has been used before, gets re-used. Then the variable is at 1, and now becomes 2. But only in that child. And so on. Got it ? If you start your Apache with a maximum of 3 children e.g., then after 4 requests you are guaranteed to see a 2. Morality : you have to find a place to store your counter, that is common to all children (or threads). And of course synchronise access to it. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] global variable use in mod_proxy_http.c
Thanks to Sander & André, I clearly understood why it happened and how I can get it over. Now I am looking at an example,.mod_example_ipc.c, to use a shared memory space. Thanks again. On Wed, Jun 24, 2009 at 5:31 PM, André Warnier wrote: > Brian Kim wrote: >> >> Hi. All. >> >> In mod_proxy_http.c, I globally declared a variable, like unsiged int >> count = 0; >> >> And I make it increase whenever the proxy gets a new http request. >> >> I expect it increases like 1, 2, 3, 4,... but it is always same 1. >> >> Does anydoby know why this happens? How can I use a global variable in >> mod_proxy_http? >> > Not a simple answer, but read this : > http://marc.info/?l=apache-httpd-users&m=124467015611975&w=2 > > The basic point is : when it starts, Apache is a single process. That one > loads mod_proxy, with your variable initialised to 0. > Then that main Apache forks into children. Each child is an exact copy, > thus also with the variable = 0. > The main Apache does not serve requests, so its copy always remains 0. > But it distributes requests, 1 per child, as they come in. > So probably your first request gets handled by child #1. It serves the > request, and increments the variable, which for this child is now 1. > Then your next request comes in, and is handled by child #2. > Its variable is still 0. So it serves the request and increments the > variable. > Then your next request comes in and is served by child #3. > And so on. > Until... enough requests have come in, that a child that has been used > before, gets re-used. Then the variable is at 1, and now becomes 2. > But only in that child. > And so on. > > Got it ? > > If you start your Apache with a maximum of 3 children e.g., then after 4 > requests you are guaranteed to see a 2. > > Morality : you have to find a place to store your counter, that is common to > all children (or threads). And of course synchronise access to it. > > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Apache monitor tray icon says "running none of 1 Apache service" even through it's actually running
Hi, I'm running Apache 2.2.11, PHP 5.2.9-2, and MySQL Server 5.1 in 32-bit Windows XP Professional in a VM installed inside VMWare Workstation 6.5.2. I've noticed after booting up the VM, often even through the Apache service is up and running and http://localhost and http://localhost/phptest.php is successful, the tray icon for the Apache monitor says (when I hover over) "running none of 1 Apache service", and the tray icon has a red arrow, not a green arrow. If I manually stop and restart the service ; then the message changes to "Running all Apache services" and the arrow turns to green. I don't see in the drop-down menu for compatibility an entry for "Windows XP". Anyway, it's merely cosmetic since the service is up and running and everything is working OK, but what wondering what the root cause, fix is for this so the tray icon reflects the correct status of whether the Apache service is running or not. Thanks in advance for your responses.
[us...@httpd] Setting the Timeout directive to refrain a DoS attacks
Hi, http://httpd.apache.org/docs/2.2/mod/core.html#timeout says: The TimeOut directive currently defines the amount of time Apache will wait for three things 1. The total amount of time it takes to receive a GET request ... 1. seems to be misleading, tests with "Timeout 3" does not appear very effective. For example: GET / HTTP/1.1 Host: foo X-a: b ... Such requests are not rejected after 3 seconds as expected. Are we missing in Apache a timer for the header to complete ~ HeaderTimeout 1? Kind regards - Fred -- View this message in context: http://www.nabble.com/Setting-the-Timeout-directive-to-refrain-a-DoS-attacks-tp24194473p24194473.html Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Performing Internal Certificate Checks
Hi, I am using Apache reverse proxy. I want to perform the following and wondering if it is possible: 1) Extract a field (Subject Name) from a client certificate sent over SSL and compare it to a local list I have 2) Add parts of the certificate to headers or parameters in the HTTP request to the backend server Will appreciate any help with this. Thanks! Eldad
