[users@httpd] Strange entries in error_log
Hi, I use CentOS 5.x with Apache 2.2., and have came across strange error in error_log: tr: write error: Broken pipe tr: write error There is no timestamp, it happens periodically with no apparent reason. I have NameVirtualHost in place, and PHP, so I really don't get it why is this error logged in general log, and there is nothing in the access_log. I have no idea why this happens. Any help appreciated! -- Jakov Sosic www.srce.unizg.hr - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Strange entries in error_log
On Wed, Dec 14, 2011 at 10:08 AM, Jakov Sosic wrote: > Hi, > > I use CentOS 5.x with Apache 2.2., and have came across strange error in > error_log: > > tr: write error: Broken pipe > tr: write error > > > There is no timestamp, it happens periodically with no apparent reason. > I have NameVirtualHost in place, and PHP, so I really don't get it why > is this error logged in general log, and there is nothing in the access_log. > > I have no idea why this happens. Any help appreciated! > The error log is literally stderr for the apache process. Anything run in Apache (mod_php) or any process launched by Apache (mod_php invoking tr) that prints to stderr will appear in the error log without a timestamp, just like that. So the real question is, what bit of your PHP app is invoking tr. Cheers Tom - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] OpenSSL and apache2 wildcard self-signed certificate for nested subdomain
Hello users :) I try to ask a "smart" question on my problem... I have some problem with nested subdomain and wildcard openssl certificate.. perhaps, i don't know, this is because the subdomain type is : site1.parisgeo.cnrs.fr, or site2.parisgeo.cnrs.fr, or other subdomain like .parisgeo.cnrs.fr When i create the self signed certificate, i enter CN = *.parisgeo.cnrs.fr, but it's seems it's impossible to connect on this site for example partage.parisgeo.cnrs.fr with this configuration ! Arg. My virtualhost and my apache2 conf *work* with no wildcard cerficate, so the problem is not here i think : The port.conf | NameVirtualHost *:443 Listen 443 | An example virtualhost i have : | ServerName partage.parisgeo.cnrs.fr ServerAliaswww.partage.parisgeo.cnrs.Fr DocumentRoot /var/www/owncloud Options -Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny Allow from all SSLEngine on SSLCertificateFile/etc/ssl/parisgeo.cnrs.fr.crt SSLCertificateKeyFile /etc/ssl/parisgeo.cnrs.fr.key | I generate my certificate like this (CN = *.parisgeo.cnrs.fr) : |openssl genrsa -des3 -out ca.key 2048 openssl req -new -x509 -days 3650 -key ca.key -out ca.crt openssl req -newkey rsa:1024 -nodes -keyout parisgeo.cnrs.fr.key -out parisgeo.cnrs.fr.csr openssl x509 -req -days 3650 -in parisgeo.cnrs.fr.csr -CA ca.crt -CAcreateserial -CAkey ca.key -out parisgeo.cnrs.fr.crt | The right for my generate key file : |-rw-r--r-- 1 root root 1424 14 déc. 11:51 ca.crt -rw-r--r-- 1 root root 1743 14 déc. 11:50 ca.key -rw-r--r-- 1 root root17 14 déc. 12:13 ca.srl -rw-r--r-- 1 root root 981 14 déc. 12:13 parisgeo.cnrs.fr.crt -rw-r--r-- 1 root root 627 14 déc. 12:08 parisgeo.cnrs.fr.csr -rw-r--r-- 1 root root 891 14 déc. 12:08 parisgeo.cnrs.fr.key | When i try to connect and test the certificate with openssl : |root@:/etc/ssl# openssl s_client -connect partage.parisgeo.cnrs.fr:443 CONNECTED(0003) depth=0 /C=FR/ST=IDF/L=PARIS/O=CNRS/CN=*.parisgeo.cnrs.fr verify error:num=18:self signed certificate verify return:1 depth=0 /C=FR/ST=IDF/L=PARIS/O=CNRS/CN=*.parisgeo.cnrs.fr verify return:1 --- Certificate chain 0 s:/C=FR/ST=IDF/L=PARIS/O=CNRS/CN=*.parisgeo.cnrs.fr i:/C=FR/ST=IDF/L=PARIS/O=CNRS/CN=*.parisgeo.cnrs.fr --- Server certificate BEGIN CERTIFICATE- . blabla . -BEGIN CERTIFICATE- subject=/C=FR/ST=IDF/L=PARIS/O=CNRS/CN=*.parisgeo.cnrs.fr issuer=/C=FR/ST=IDF/L=PARIS/O=CNRS/CN=*.parisgeo.cnrs.fr --- No client certificate CA names sent --- SSL handshake has read 1253 bytes and written 319 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher: DHE-RSA-AES256-SHA Session-ID: 7642C70A1E358CAA5901C060A26655DE3AF0BA683C9A598BA7C4B14FF108ADD7 Session-ID-ctx: Master-Key: 65184165198498498484 6516511321584831181468469431688132138498 Key-Arg : None Start Time: 1323862629 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- closed| The firefox error when i try to connect to the site is : |An error occurred during a connection to partage.parisgeo.cnrs.fr. Peer's certificate has an invalid signature. (Error code: sec_error_bad_signature) | If you have any idea to help me resolving this problem .. Thanks a lot ! SR.
Re: [users@httpd] OpenSSL and apache2 wildcard self-signed certificate for nested subdomain
On Wed, Dec 14, 2011 at 12:43 PM, rey sebastien wrote: > Hello users :) > I try to ask a "smart" question on my problem... > > I have some problem with nested subdomain and wildcard openssl certificate.. > perhaps, i don't know, this is because the subdomain type is : > site1.parisgeo.cnrs.fr, or site2.parisgeo.cnrs.fr, or other subdomain like > .parisgeo.cnrs.fr > … > I generate my certificate like this (CN = *.parisgeo.cnrs.fr) : > > openssl genrsa -des3 -out ca.key 2048 > openssl req -new -x509 -days 3650 -key ca.key -out ca.crt > openssl req -newkey rsa:1024 -nodes -keyout parisgeo.cnrs.fr.key -out > … > root@:/etc/ssl# openssl s_client -connect partage.parisgeo.cnrs.fr:443 > … > Verify return code: 18 (self signed certificate) > --- > closed > > The firefox error when i try to connect to the site is : > > An error occurred during a connection to partage.parisgeo.cnrs.fr. > Peer's certificate has an invalid signature. > (Error code: sec_error_bad_signature) > Firefox will not trust a self signed certificate unless you install the CA certificate into your browser's keychain. Other browsers will ask if you want to accept a self signed certificate. Cheers Tom - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] OpenSSL and apache2 wildcard self-signed certificate for nested subdomain
Le mer. 14 déc. 2011 13:49:54 CET, Tom Evans a écrit : On Wed, Dec 14, 2011 at 12:43 PM, rey sebastien wrote: Hello users :) I try to ask a "smart" question on my problem... I have some problem with nested subdomain and wildcard openssl certificate.. perhaps, i don't know, this is because the subdomain type is : site1.parisgeo.cnrs.fr, or site2.parisgeo.cnrs.fr, or other subdomain like .parisgeo.cnrs.fr … I generate my certificate like this (CN = *.parisgeo.cnrs.fr) : openssl genrsa -des3 -out ca.key 2048 openssl req -new -x509 -days 3650 -key ca.key -out ca.crt openssl req -newkey rsa:1024 -nodes -keyout parisgeo.cnrs.fr.key -out … root@:/etc/ssl# openssl s_client -connect partage.parisgeo.cnrs.fr:443 … Verify return code: 18 (self signed certificate) --- closed The firefox error when i try to connect to the site is : An error occurred during a connection to partage.parisgeo.cnrs.fr. Peer's certificate has an invalid signature. (Error code: sec_error_bad_signature) Firefox will not trust a self signed certificate unless you install the CA certificate into your browser's keychain. Other browsers will ask if you want to accept a self signed certificate. Cheers Tom - The official User-To-User support forum of the Apache HTTP Server Project. Seehttp://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org Thanks for yout great explain, I try to connect with chrome, and it's possible to access the website, so you're right ... Is there any solution to bypass this problem ? With another type of self signed certificate wich need no CA ? or contain the Ca i don't know ? Cheers, SR. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] OpenSSL and apache2 wildcard self-signed certificate for nested subdomain
- Original Message - > Le mer. 14 déc. 2011 13:49:54 CET, Tom Evans a écrit : > > On Wed, Dec 14, 2011 at 12:43 PM, rey sebastien > > wrote: > >> Hello users :) > >> I try to ask a "smart" question on my problem... > >> > >> I have some problem with nested subdomain and wildcard openssl > >> certificate.. > >> perhaps, i don't know, this is because the subdomain type is : > >> site1.parisgeo.cnrs.fr, or site2.parisgeo.cnrs.fr, or other > >> subdomain like > >> .parisgeo.cnrs.fr > >> … > >> I generate my certificate like this (CN = *.parisgeo.cnrs.fr) : > >> > >> openssl genrsa -des3 -out ca.key 2048 > >> openssl req -new -x509 -days 3650 -key ca.key -out ca.crt > >> openssl req -newkey rsa:1024 -nodes -keyout parisgeo.cnrs.fr.key > >> -out > >> … > >> root@:/etc/ssl# openssl s_client -connect > >> partage.parisgeo.cnrs.fr:443 > >> … > >> Verify return code: 18 (self signed certificate) > >> --- > >> closed > >> > >> The firefox error when i try to connect to the site is : > >> > >> An error occurred during a connection to partage.parisgeo.cnrs.fr. > >> Peer's certificate has an invalid signature. > >> (Error code: sec_error_bad_signature) > >> > > > > Firefox will not trust a self signed certificate unless you install > > the CA certificate into your browser's keychain. Other browsers > > will > > ask if you want to accept a self signed certificate. > > > > Cheers > > > > Tom > > > > Thanks for yout great explain, > I try to connect with chrome, and it's possible to access the > website, > so you're right ... > > Is there any solution to bypass this problem ? With another type of > self signed certificate wich need no CA ? or contain the Ca i don't > know ? cacert.org will issue free certificates, and, IIRC, also wildcard certificates. They are available in *most* browsers. > Cheers, > SR. i -- Igor Galić Tel: +43 (0) 664 886 22 883 Mail: i.ga...@brainsware.org URL: http://brainsware.org/ GPG: 6880 4155 74BD FD7C B515 2EA5 4B1D 9E08 A097 C9AE - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Strange entries in error_log
- Original Message - > On Wed, Dec 14, 2011 at 10:08 AM, Jakov Sosic > wrote: > > Hi, > > > > I use CentOS 5.x with Apache 2.2., and have came across strange > > error in > > error_log: > > > > tr: write error: Broken pipe > > tr: write error > > > > > > There is no timestamp, it happens periodically with no apparent > > reason. > > I have NameVirtualHost in place, and PHP, so I really don't get it > > why > > is this error logged in general log, and there is nothing in the > > access_log. > > > > I have no idea why this happens. Any help appreciated! > > > > The error log is literally stderr for the apache process. Anything > run > in Apache (mod_php) or any process launched by Apache (mod_php > invoking tr) that prints to stderr will appear in the error log > without a timestamp, just like that. > > So the real question is, what bit of your PHP app is invoking tr. Or any kind of CGI, for that matter. But I'm wondering if this couldn't also be caused by a piped log gone.. very wrong. Anyway, the mod_php/CGI stuff is a good start. > Cheers > > Tom i -- Igor Galić Tel: +43 (0) 664 886 22 883 Mail: i.ga...@brainsware.org URL: http://brainsware.org/ GPG: 6880 4155 74BD FD7C B515 2EA5 4B1D 9E08 A097 C9AE - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] OpenSSL and apache2 wildcard self-signed certificate for nested subdomain
Le mer. 14 déc. 2011 14:19:09 CET, Igor Galić a écrit : - Original Message - Le mer. 14 déc. 2011 13:49:54 CET, Tom Evans a écrit : On Wed, Dec 14, 2011 at 12:43 PM, rey sebastien wrote: Hello users :) I try to ask a "smart" question on my problem... I have some problem with nested subdomain and wildcard openssl certificate.. perhaps, i don't know, this is because the subdomain type is : site1.parisgeo.cnrs.fr, or site2.parisgeo.cnrs.fr, or other subdomain like .parisgeo.cnrs.fr … I generate my certificate like this (CN = *.parisgeo.cnrs.fr) : openssl genrsa -des3 -out ca.key 2048 openssl req -new -x509 -days 3650 -key ca.key -out ca.crt openssl req -newkey rsa:1024 -nodes -keyout parisgeo.cnrs.fr.key -out … root@:/etc/ssl# openssl s_client -connect partage.parisgeo.cnrs.fr:443 … Verify return code: 18 (self signed certificate) --- closed The firefox error when i try to connect to the site is : An error occurred during a connection to partage.parisgeo.cnrs.fr. Peer's certificate has an invalid signature. (Error code: sec_error_bad_signature) Firefox will not trust a self signed certificate unless you install the CA certificate into your browser's keychain. Other browsers will ask if you want to accept a self signed certificate. Cheers Tom Thanks for yout great explain, I try to connect with chrome, and it's possible to access the website, so you're right ... Is there any solution to bypass this problem ? With another type of self signed certificate wich need no CA ? or contain the Ca i don't know ? cacert.org will issue free certificates, and, IIRC, also wildcard certificates. They are available in *most* browsers. Cheers, SR. i Thanks for information Igor, I find the cacert.org site, but not the IIRC site, can you give me more information ? I'm not the owner of parisgeo.cnrs.fr because the root domain is the french institution cnrs.fr, so can i create this type of certificate ? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] OpenSSL and apache2 wildcard self-signed certificate for nested subdomain
> > cacert.org will issue free certificates, and, IIRC, also wildcard > > certificates. They are available in *most* browsers. > > > >> Cheers, > >> SR. > > > > i > > > > Thanks for information Igor, > I find the cacert.org site, but not the IIRC site, can you give me > more > information ? Commas, commas, and, more, commas: IIRC == If I remember correctly So, in context: "cacert.org will issue free certificates, and, if I remember correctly, also (free) wildcard certificates." > I'm not the owner of parisgeo.cnrs.fr because the root domain is the > french institution cnrs.fr, so can i create this type of certificate > ? But in that case the owner of cnrs.fr must request those certificates. -- Igor Galić Tel: +43 (0) 664 886 22 883 Mail: i.ga...@brainsware.org URL: http://brainsware.org/ GPG: 6880 4155 74BD FD7C B515 2EA5 4B1D 9E08 A097 C9AE - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] OpenSSL and apache2 wildcard self-signed certificate for nested subdomain
Le mer. 14 déc. 2011 15:03:28 CET, Igor Galić a écrit : cacert.org will issue free certificates, and, IIRC, also wildcard certificates. They are available in *most* browsers. Cheers, SR. i Thanks for information Igor, I find the cacert.org site, but not the IIRC site, can you give me more information ? Commas, commas, and, more, commas: IIRC == If I remember correctly So, in context: "cacert.org will issue free certificates, and, if I remember correctly, also (free) wildcard certificates." I'm not the owner of parisgeo.cnrs.fr because the root domain is the french institution cnrs.fr, so can i create this type of certificate ? But in that case the owner of cnrs.fr must request those certificates. Ok, thanks for answer :) I try to get an answer on this point from my organisation ! Perhaps they have protocol to obtain valid certificate. Thanks a lot, Sorry for misunderstand of IIRC :) SR. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] OpenSSL and apache2 wildcard self-signed certificate for nested subdomain
And what do you think of this solution, a self-signed certificates without CA, it's better than nothing isn't it ? /Self signed certificates/ // /This creates a private key and self-signed certificate. / // /openssl req -x509 -newkey rsa:1024 -days 3650 -nodes -keyout key.pem -out cert.pem/ // /We can then use cert.pem is both the server certificate and the CA certificate. Note that -nodes prevents the key from being encrypted./ No protection from *man in the middle*, but, it allow encryption between server and browser no ? Le 14/12/2011 15:03, Igor Galić a écrit : cacert.org will issue free certificates, and, IIRC, also wildcard certificates. They are available in *most* browsers. Cheers, SR. i Thanks for information Igor, I find the cacert.org site, but not the IIRC site, can you give me more information ? Commas, commas, and, more, commas: IIRC == If I remember correctly So, in context: "cacert.org will issue free certificates, and, if I remember correctly, also (free) wildcard certificates." I'm not the owner of parisgeo.cnrs.fr because the root domain is the french institution cnrs.fr, so can i create this type of certificate ? But in that case the owner of cnrs.fr must request those certificates.
Re: [users@httpd] OpenSSL and apache2 wildcard self-signed certificate for nested subdomain
On Wed, Dec 14, 2011 at 02:04:37PM +0100, rey sebastien wrote: [browsers don't trust certificates they haven't been told to trust] > Is there any solution to bypass this problem ? With another type of > self signed certificate wich need no CA ? or contain the Ca i don't > know ? That would be like taking the front door off of your house because you're tired of unlocking it every day. A self-signed certficate is, essentially, its own CA. (Every "root" CA certificate is self-signed.) Browsers come with lists of CAs' certificates which they are "told" to trust out-of-the-box. If the browser encounters a certificate which is not in that list, and which is not signed by some unbroken chain of certificates which leads back to a certificate in that list, then it complains, because it has no way to know that you trust that certificate. If you tell the browser to trust that certificate, the browser will thereafter assume that you know your own business and will not complain about it anymore. The dialog is asking: whom do you trust? If it were possible for a website to evade this, SSL/TLS would be useless for verifying that you are talking to the website you think you are. The conversation would still be encrypted, but having an encrypted conversation with an unknown party doesn't sound secure to me. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart. pgpBsuZ3mGCW6.pgp Description: PGP signature
Re: [users@httpd] RAM problem with apache and PHP on default centos configuration
On 12/12/2011 12:17, Enrico Daga wrote: > Hi all, > > I send this mail to both httpd and php lists. > I experienced the following problem running php scripts on httpd. > The RAM fills gradually until the system starts swapping, then, if I > don't restart the server, swap fills and everything goes down. > After some try/check tests, I realized that the memory used by a > single request is never released when the process is complete. This > makes the RAM to be gradually filled. > I thought in the beginning was a problem with the php application and > circular references on objects (I found some posts about this) then I > tried with a simple script (just populating a single array) but the > problem still occurs. > Our production environments are on Centos 4.9 - we have some legacy > applications that prevented us to upgrade the servers before. > For this sake I tried on fresh systems and more recent versions, and > experienced the same problem on Centos 4.9, 5.5 / PHP 5.1.6 and Centos > 6 / PHP 5.3.6, with distributed packages for both httpd and php and > default configuration. Httpd uses the Prefork MPM module. > I also noticed that this _do not_ happen on Ubuntu 11.10 server. I had > a look at the configuration of both httpd and php, but in both cases > (Centos and Ubuntu) I could not noticed a difference on parameters > regarding memory usage. > > Since this is the first time we run PHP applications on our httpd > servers I guess there is some configuration I should modify to have > the system behave correctly (free the memory when it is not needed). > The only workaround would be to move the MaxRequestsPerChild parameter > to 1, then killing the sub-process that hold the request, but I don't > believe this is the right solution. > Finally, I am not so sure that the issue I describe here belong to the > httpd or php lists, in this case please apologies, I would be very > happy if you can point me to a red-hat list (found a lot of lists, but > no sure which is related to httpd/php issues). > > Thank you very much for any hint. > > Best regards, > Enrico > Attach your configs when asking help, to have better performance (memory/cpu usage) dont use mod_php, instead try running php as cgi application (cgid). -- Simone Caruso IT Consultant +39 349 65 90 805 - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] RAM problem with apache and PHP on default centos configuration
- Original Message - > On 12/12/2011 12:17, Enrico Daga wrote: > > Hi all, > > > > I send this mail to both httpd and php lists. > > I experienced the following problem running php scripts on httpd. > > The RAM fills gradually until the system starts swapping, then, if > > I > > don't restart the server, swap fills and everything goes down. > > After some try/check tests, I realized that the memory used by a > > single request is never released when the process is complete. This > > makes the RAM to be gradually filled. > > I thought in the beginning was a problem with the php application > > and > > circular references on objects (I found some posts about this) then > > I > > tried with a simple script (just populating a single array) but the > > problem still occurs. > > Our production environments are on Centos 4.9 - we have some legacy > > applications that prevented us to upgrade the servers before. > > For this sake I tried on fresh systems and more recent versions, > > and > > experienced the same problem on Centos 4.9, 5.5 / PHP 5.1.6 and > > Centos > > 6 / PHP 5.3.6, with distributed packages for both httpd and php and > > default configuration. Httpd uses the Prefork MPM module. > > I also noticed that this _do not_ happen on Ubuntu 11.10 server. I > > had > > a look at the configuration of both httpd and php, but in both > > cases > > (Centos and Ubuntu) I could not noticed a difference on parameters > > regarding memory usage. > > > > Since this is the first time we run PHP applications on our httpd > > servers I guess there is some configuration I should modify to have > > the system behave correctly (free the memory when it is not > > needed). > > The only workaround would be to move the MaxRequestsPerChild > > parameter > > to 1, then killing the sub-process that hold the request, but I > > don't > > believe this is the right solution. > > Finally, I am not so sure that the issue I describe here belong to > > the > > httpd or php lists, in this case please apologies, I would be very > > happy if you can point me to a red-hat list (found a lot of lists, > > but > > no sure which is related to httpd/php issues). > > > > Thank you very much for any hint. > > > > Best regards, > > Enrico > > > > Attach your configs when asking help, to have better performance > (memory/cpu > usage) dont use mod_php, instead try running php as cgi application > (cgid). or rather, mod_fcgid > -- > Simone Caruso > IT Consultant > +39 349 65 90 805 > > - > The official User-To-User support forum of the Apache HTTP Server > Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >" from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > -- Igor Galić Tel: +43 (0) 664 886 22 883 Mail: i.ga...@brainsware.org URL: http://brainsware.org/ GPG: 6880 4155 74BD FD7C B515 2EA5 4B1D 9E08 A097 C9AE - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Apache on Windows
Do I have to be an administrator to install and run as a service on windows. I have tried to install the service and keep getting an error. a check of the apache logs do not show a problem. I have read all the documentation I can find and am still at a loss. Help Dcs - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [users@httpd] Apache on Windows
Short answer, yes Al Customer Software Sustaining Sr. Development Support Engineer -Original Message- From: David [mailto:dsu...@tlso.net] Sent: Wednesday, December 14, 2011 1:52 PM To: users@httpd.apache.org Subject: [users@httpd] Apache on Windows Do I have to be an administrator to install and run as a service on windows. I have tried to install the service and keep getting an error. a check of the apache logs do not show a problem. I have read all the documentation I can find and am still at a loss. Help Dcs - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] URResourceFactory
Can anyone tell me if there is an equivalent of URLResourceFactory in that
apache API?
public class URLResourceFactory implements ObjectFactory {
public Object getObjectInstance(Object obj, Name name, Context
nameCtx,
Hashtable environment) throws
Exception {
Reference ref = (Reference) obj;
Resource resource = null;
String urlString = (String)
ref.get("url").getContent();
try{
return new
URL(urlString).getContent();
}catch (Exception e) {
System.err.println("JNDI Look
up failed");
return null;
}
}
}
Re: [users@httpd] httpd - Get 200 but no data.
Thank you James, it was an issue with the JSessionId. The shared memory file was not gettng created correctly, as a result the JSessionId was not being updated with node information. On Fri, Dec 9, 2011 at 8:57 AM, Rapp, James wrote: > I would examine the request using Fiddler (or another HTTP proxy then). > If the Request Headers do not contain a JSESSIONID, or other identifier you > can use in the mod_jk configuration, it will not respect the session > stickiness parameter and may be load balanced to another node. You would > need to identify some header value on the request, such as: > > ** ** > > JSESSIONID=E085302BC98A73177D99D0DC9DADA54B. > > ** ** > > So, if my JBOSS nodes are Machine1 and Machine2 the JSESSIONID should look > like: > > ** ** > > JSESSIONID=E085302BC98A73177D99D0DC9DADA54B.Machine1 > > ** ** > > Per the documentation I provided earlier. I do not believe session > stickiness can be implemented in mod_jk without this. > > ** ** > > *James Rapp* > > Senior Ecosystem Quality Manager, Global Ecosystem and Delivery > Partners, AGS Primary Support > > ** ** > > ** ** > > *From:* R J [mailto:rjoshi.subscripti...@gmail.com] > *Sent:* Friday, December 09, 2011 9:32 AM > > *To:* users@httpd.apache.org > *Subject:* Re: [users@httpd] httpd - Get 200 but no data. > > ** ** > > Hi Jim, > > No I am not setting it as a part of the request. > > Rajesh > > On Thu, Dec 8, 2011 at 2:22 PM, Rapp, James wrote:*** > * > > Hi RJ, > > Are you setting a JSESSIONID cookie as part of the request? I had this > problem in the past with an application that did not support cookie based > session affinity. In this case I ended up with several requests missing > the JSESSIONID and they were being routed in round-robin fashion. > > You can check the directives session_cookie and session_path in the > workers reference: > > http://tomcat.apache.org/connectors-doc/reference/workers.html > > Regards, > Jim > > James Rapp > Senior Ecosystem Quality Manager, Global Ecosystem and Delivery > Partners, AGS Primary Support > > > From: R J [mailto:rjoshi.subscripti...@gmail.com] > Sent: Thursday, December 08, 2011 1:15 PM > To: users@httpd.apache.org > Subject: Re: [users@httpd] httpd - Get 200 but no data. > > > Hi Wade, > > The httpd server is v2.2 and JBoss is 4.5. I am enclosing a copy of the > workers.properties. There are 2 nodes in the cluster. I am enclosing copies > of httpd.conf and workers.properties. > > Some additional information that I just debugged into - looks like the > rendering is being sent to node 2 (instead of sending to node1). The > following is the image url - > http://10.38.188.9:8080/ReportBirtViewerWeb/preview?__sessionId=20111208_111922_807&__imageid=custom4fcb6c1341ebef5b74.png, > and every time I access this url from browser, the rendering flip flops i.e > it renders on first run, does not on second, then again renders on third, > which leads me to believe that this could be switching between 2 different > servers. Again this is just my guess, might be wrong. > > RJ > On Thu, Dec 8, 2011 at 11:49 AM, Wade Evans > wrote: > RJ, > > > What am I doing wrong in the configuration? > Can you share with us a bit of your configuration? > > Thanks > > - Wade > > On Thu, Dec 8, 2011 at 11:16 AM, R J > wrote: > Hi, > > I am new to httpd. I am using httpd and mod_jk for load balancing. I am > running it under sticky bit configuration. I have a page that renders image > and data. The http response to the image request returns HTTP code 200, > however the data is 0 bytes. Instead when I directly connect to any of the > servers, the image renders correctly. What am I doing wrong in the > configuration? > > The application that I am trying to load balance is a BIRT reporting > engine (v 2.6). > > Appreciate any help or pointers. > > Thank you. > RJ > > > > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > ** ** >
[users@httpd] Question on ApacheBench - Modifying POST Data between runs.
Hi Everyone, I am using ApacheBench to for load testing. First time user. One of the tests is to POST data to the Web Server. I have the post file, with post data that I provide to the bench. Between calls I need to modify the post data. How can I do this? For example: Login POST has "username=admin&password=admin". How can I change this to "username=admin1&password=admin123" during test? Thank you. RJ
Re: [users@httpd] Question on ApacheBench - Modifying POST Data between runs.
On Thu, Dec 15, 2011 at 8:44 AM, R J wrote: > Hi Everyone, > > I am using ApacheBench to for load testing. First time user. One of the > tests is to POST data to the Web Server. I have the post file, with post > data that I provide to the bench. Between calls I need to modify the post > data. How can I do this? > > For example: > Login POST has "username=admin&password=admin". How can I change this to > "username=admin1&password=admin123" during test? You will likely have to move up to a more advanced load tool to vary this kind of thing. ab is pretty primitive. > > Thank you. > > RJ -- Eric Covener cove...@gmail.com - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Question on ApacheBench - Modifying POST Data between runs.
Jmeter is a great tool for benchmarking -- Simone Caruso IT Consultant +39 349 65 90 805 - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Cross-site scripting implementation
Inspite of the http server being cross-site scripting(xss) safe for most cases, need confirmation if xss filtering/prevention measures still need to be implemented on the application end.. Regards, SaeedAhmed Subedar, BSLI The information contained in this electronic communication is intended solely for the individual(s) or entity to which it is addressed. It may contain proprietary, confidential and/or legally privileged information. Any review, retransmission, dissemination, printing, copying or other use of, or taking any action in reliance on the contents of this information by person(s) or entities other than the intended recipient is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us by responding to this email or telephone and immediately and permanently delete all copies of this message and any attachments from your system(s). The contents of this message do not necessarily represent the views or policies of Aditya Birla Group. Computer viruses can be transmitted via email. Aditya Birla Group Companies attempts to sweep e-mails and attachments for viruses, it does not guarantee that either are virus free. The recipient should check this email and any attachments for the presence of viruses. Aditya Birla Group does not accept any liability for any damage sustained as a result of viruses.
Re: [users@httpd] Cross-site scripting implementation
On Thu, Dec 15, 2011 at 2:17 PM, Saeedahmed Subedar wrote: > Inspite of the http server being cross-site scripting(xss) safe for most > cases, need confirmation if xss filtering/prevention measures still need to > be implemented on the application end.. Yes. Your 99% of the time your application reads input and creates output, so it needs to be where you're concerned with XSS. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
