[users@httpd] Timeout during ap_get_brigade execution
Hello:
We're using Apache/2.2.15 running on Centos 6
>From time to time, we see the next error log :
The timeout specified has expired: proxy: prefetch request body failed
to [::1]:8081 (localhost) from xx.xx.xx.xx()
Looking at mod_proxy_http.c source code , we can see that error is
thrown because ap_get_brigade function doesn't return
APR_SUCCESS code
This is the code
status = ap_get_brigade(r->input_filters, temp_brigade,
AP_MODE_READBYTES, APR_BLOCK_READ,
MAX_MEM_SPOOL - bytes_read);
if (status != APR_SUCCESS)
{
ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server,
"proxy: prefetch request body failed to %pI (%s)"
" from %s (%s)",
p_conn->addr, p_conn->hostname ? p_conn->hostname: "",
c->remote_ip, c->remote_host ? c->remote_host: "");
}
We don't understand Apache httpd code, but we think that
ap_get_brigade function executes filters
We guess that some filter is executed and a timeout is thrown . But we
can't know :
1) what filter is failing ? The error occurs randomly and we aren't
handling file uploads
2) we increased level debugging up to debug mode and we cannot see
anything about what filter is throwing a timeout , what should we do
to get this information ?
Thanks and regards
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Preventing address substitution
Hello, I have two servers, a development server call serverd.mycompany.com and a production server called serverp.mycompany.com. In the company's DNS, the Network Administrator has created an alias called intranet.mycompany.com, which currently resolves to serverd.mycompany.com. When I point my browser to http://intranet.mycompany.com, the Apache server on serverd displays the index page, and does not change the address in the server's address field from http://intranet.mycompany.com to http://serverd.mycompany.com. On the other hand, if I point my browser to intranet.mycompany.com/wp, wp being a sub-directory containing Wordpress, the address in my browser gets replaced by serverd.mycompany.com/wp. I can't figure out which program is responsible for the address substitution: Apache or Wordpress? If it is Apache, how can I prevent it from making the substitution? I have tried setting the ServerName variable in httpd.conf to intranet.mycompany.com, but to no avail. Many thanks. Philippe - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Problem compiling Apache httpd from source code on Linux
Today, I tired the httpd version 2.4.4 version with latest apr/apr-util source code in the srclib folder and this time as well it hanged while "checking for SCTP ". Is there any workaround/solution to this problem? -Sarbjit On Sun, Mar 3, 2013 at 6:24 PM, Sarbjit singh wrote: > Sorry for not providing the version of httpd. > > I am using httpd.2.2.24, I have downloaded the APR and APR-UTIL, but > didn't put in the srclib as this folder was already having these inside it. > > But I tried compiling the APR standalone and encountered the same problem. > Then I did at once tried putting inside the srclib folder and found this > issue. > > Please let me know if some more information is required. > > -Sarbjit > > > On Sun, Mar 3, 2013 at 5:57 PM, Noel Butler wrote: > >> ** >> On Sun, 2013-03-03 at 14:41 +0530, Sarbjit singh wrote: >> >> Hi All, >> >> I have been facing problem while compiling HTTPD on my linux machine. It >> hangs at the following location while configuration :- >> >> >> >> checking whether TCP_NODELAY and TCP_CORK can both be enabled... yes >> checking for TCP_CORK in netinet/tcp.h... yes >> checking for TCP_NOPUSH in netinet/tcp.h... no >> checking for SO_ACCEPTFILTER in sys/socket.h... no >> checking whether SCTP is supported... >> >> I am configuring it using the following switches :- >> >> ./configure --with-included-apr >> >> uname -r returns :- >> >> 2.6.18-194.el5 >> >> Can some one please suggest on how to build it ? >> >> Thanks >> Sarbjit >> >> >> You don't tell us what version of httpd. >> if it is 2.4.4, using --with-included-apr have you actually downloaded >> apr and apr-util and put them in srclib ? >> >> >
Re: [users@httpd] How to compile Apache without dynamic libraries
Hi Eric, Thank you for your concern. Unfortunately, I can't use your help. I mean, I don't fully understand what I'm supposed to do with *"use libgcc specific info for static usage"*. I found the switch *-static-libgcc* in gcc man page but I have no idea where to add it when compiling. I'm not using the command *gcc* itself but only *configure* and *make*. Hope I'm not asking a non-smart question ( http://www.catb.org/~esr/faqs/smart-questions.html). Just tell me. - *Santiago DIEZ* On Sat, Mar 2, 2013 at 1:14 AM, Eric Covener wrote: > > But what I would like to do is to re-compile Apache so that it includes > the > > library into the standalone program. > > How is that possible? > > > > libgcc_s is a special case, so you probably want to use the libgcc_s > specific info for static usage. >
[users@httpd] PHP script not executing with empty POST when using chunked encoding
Good afternoon,
We are using Apache and PHP to form a CWMP server for TR69 provisioning of
customer routers. We have two bits of kit we are looking to use, two ZyXEL
routers with model numbers AMG1202 and NBG1202.
To cut a long story short, we are able to communicate happily with the AMG1202,
but are running into a show-stopping issue with the NBG1202. After some
tracing, it seems to come down to the way that they send empty POST messages to
the server (this is done to denote to the server that they are awaiting a
command).
The AMG sends:
POST /{URL} HTTP/1.1
Host: {Host}
User-Agent: Allegro-Software-WebClient/4.07
Accept: */*
Content-Type: text/xml; charset=utf-8
Content-Length: 0
Cookie: PHPSESSID=sj810he8epc5hlqsautj96j1u0\r\n
\r\n
Which works fine. The script executes and returns a response.
The NBG on the other hand, sends the following:
POST /{URL} HTTP/1.1
HOST: {Host}
User-Agent: workssys.com
Transfer-Encoding: chunked
Content-Length: 0
Cookie2: $Version="1"
Cookie: PHPSESSID=l47r1bf2erk870i8n3m9sm4v65\r\n
\r\n
0\r\n
\r\n
This hangs with no reply. In a wireshark trace, I see the TCP ACK of the
message, but apache does not return anything. However, if I send the same code
in telnet, it works fine!
I can replicate this if I send the following:
POST /{URL} HTTP/1.1
HOST: {Host}
User-Agent: workssys.com
Transfer-Encoding: chunked
Content-Length: 0
Cookie2: $Version="1"
Cookie: PHPSESSID=l47r1bf2erk870i8n3m9sm4v65\r\n
\r\n
However the wireshark trace shows that the full packet has been received. I'm
relatively confident this is an issue with the ZyXEL NBG1202 and have logged a
ticket with them, but was wondering if there was anything I could do in the
meantime to get Apache to accept the request (it looks like it's waiting for
more input, and so isn't executing the PHP script. I'm wondering if it is
possible to set a timeout on the request, say 5 seconds or so?). It's worth
noting that the original message to the server goes through fine (this is a
POST message that is not empty).
Any help would be much appreciated! :)
Re: [users@httpd] PHP script not executing with empty POST when using chunked encoding
Hi Ashley,
Zitat von Ashly Pridmore :
[...]
The NBG on the other hand, sends the following:
POST /{URL} HTTP/1.1
HOST: {Host}
User-Agent: workssys.com
Transfer-Encoding: chunked
Content-Length: 0
Cookie2: $Version="1"
Cookie: PHPSESSID=l47r1bf2erk870i8n3m9sm4v65\r\n
\r\n
0\r\n
\r\n
What might be confusing the server is that the content actually isn't
empty, although Content-Length is set to 0.
Regards,
Jens
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
RE: [users@httpd] PHP script not executing with empty POST when using chunked encoding
Hmm, so the problem is sending "content-length: 0" with "transfer-encoding" set
to chunked?
I just find it odd that sending it through telnet works fine, this should be
the exact same as the code the ZyXEL is sending.
-Original Message-
From: Jens-U. Mozdzen [mailto:jmozd...@nde.ag]
Sent: 04 March 2013 12:27
To: users@httpd.apache.org
Subject: Re: [users@httpd] PHP script not executing with empty POST when using
chunked encoding
Hi Ashley,
Zitat von Ashly Pridmore :
> [...]
> The NBG on the other hand, sends the following:
>
> POST /{URL} HTTP/1.1
> HOST: {Host}
> User-Agent: workssys.com
> Transfer-Encoding: chunked
> Content-Length: 0
> Cookie2: $Version="1"
> Cookie: PHPSESSID=l47r1bf2erk870i8n3m9sm4v65\r\n
> \r\n
> 0\r\n
> \r\n
What might be confusing the server is that the content actually isn't empty,
although Content-Length is set to 0.
Regards,
Jens
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] PHP script not executing with empty POST when using chunked encoding
On Mon, Mar 4, 2013 at 7:42 AM, Ashly Pridmore wrote: > Hmm, so the problem is sending "content-length: 0" with "transfer-encoding" > set to chunked? The spec says T-E is ignored in this case. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] SSL session problem
On Sun, Mar 3, 2013 at 10:36 PM, Jens-U. Mozdzen wrote: > Zitat von Jens-Uwe Mozdzen : >> >> Zitat von "Jens-U. Mozdzen" : >>> >>> Hi list, >>> >>> I could use a helping hand with a SSL problem. >> >> [...] > > > Anything I should do differently to get at least an ack from this list? Or > is there some other, more appropriate list? I'd then be grateful for some > pointer... > ack. This is the appropriate list, but I haven't a clue about your in-depth SSL issue. > It's about a web mail site (running Horde5 on SLES11SP2 with latest Novell > updates, that's i.e. apache2-2.2.12-1.10.1 and openssl-0.9.8j-0.44.1) So, big companies love to stick on various versions of open source software. They may even go back and fold security fixes in to these older versions, but they are unlikely to fold new features or bug fixes back in. The very first thing that you should do is to uninstall those versions, install the latest versions of apache 2.2, and your choice of latest SSL version - either 0.9.8y or 1.0.1e, not some arbitrary choice - and see if that does fix your problem. If it does, go back to Novell and tell them. If it doesn't, at least you can tell the list a stock apache and stock SSL experienced this error, which may be more enticing than having to setup a vendor's old stack to find (potentially) old bugs. Cheers Tom - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] PHP script not executing with empty POST when using chunked encoding
On Mon, 4 Mar 2013 07:49:30 -0500 Eric Covener wrote: > On Mon, Mar 4, 2013 at 7:42 AM, Ashly Pridmore > wrote: > > Hmm, so the problem is sending "content-length: 0" with "transfer-encoding" > > set to chunked? > > The spec says T-E is ignored in this case. The spec actually says the reverse: 4.4 Message Length 3. ... If a message is received with both a Transfer-Encoding header field and a Content-Length header field, the latter MUST be ignored. Perhaps the OP is seeing something (PHP?) waiting for input when it shouldn't. Does it make any difference if you use mod_headers to inject a Connection: Close in the request and/or response? If identical headers work fine with telnet, then it has to be something other than headers, like holding the connection. -- Nick Kew - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [users@httpd] PHP script not executing with empty POST when using chunked encoding
Hi Nick, In the PHP script (before the session is established, which I had previously thought was related to this fault) I had a line to write to a file if the page was accessed. This is not done when this error occurs, leaving me to think the PHP script is not being executed (but works fine otherwise). Is there a better way to find out? -Original Message- From: Nick Kew [mailto:n...@webthing.com] Sent: 04 March 2013 13:19 To: users@httpd.apache.org Subject: Re: [users@httpd] PHP script not executing with empty POST when using chunked encoding On Mon, 4 Mar 2013 07:49:30 -0500 Eric Covener wrote: > On Mon, Mar 4, 2013 at 7:42 AM, Ashly Pridmore > wrote: > > Hmm, so the problem is sending "content-length: 0" with "transfer-encoding" > > set to chunked? > > The spec says T-E is ignored in this case. The spec actually says the reverse: 4.4 Message Length 3. ... If a message is received with both a Transfer-Encoding header field and a Content-Length header field, the latter MUST be ignored. Perhaps the OP is seeing something (PHP?) waiting for input when it shouldn't. Does it make any difference if you use mod_headers to inject a Connection: Close in the request and/or response? If identical headers work fine with telnet, then it has to be something other than headers, like holding the connection. -- Nick Kew - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] SSL session problem
Hi Tom, Zitat von Tom Evans : On Sun, Mar 3, 2013 at 10:36 PM, Jens-U. Mozdzen wrote: Zitat von Jens-Uwe Mozdzen : Zitat von "Jens-U. Mozdzen" : Hi list, I could use a helping hand with a SSL problem. [...] Anything I should do differently to get at least an ack from this list? Or is there some other, more appropriate list? I'd then be grateful for some pointer... ack. This is the appropriate list, but I haven't a clue about your in-depth SSL issue. thank you for the response :) [...] If it doesn't, at least you can tell the list a stock apache and stock SSL experienced this error, which may be more enticing than having to setup a vendor's old stack to find (potentially) old bugs. As I was able to show that a current Apache/openssl combo works, I'm taking this to the vendor support channels to get resolved. As this is a rather complicated issue indeed, in a code area which had stirred some dust earlier and the SuSE server is rather common, I wanted to get a first opinion from the list. Now that I have, I know whom to bug ;) With regards, Jens -- Jens-U. Mozdzen voice : +49-40-559 51 75 NDE Netzdesign und -entwicklung AG fax : +49-40-559 51 77 Postfach 61 03 15 mobile : +49-179-4 98 21 98 D-22423 Hamburg e-mail : jmozd...@nde.ag Vorsitzende des Aufsichtsrates: Angelika Mozdzen Sitz und Registergericht: Hamburg, HRB 90934 Vorstand: Jens-U. Mozdzen USt-IdNr. DE 814 013 983 - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Where are error logs created on windows?
On 3/3/2013 9:00 PM, Pranav Kumar Ojha wrote: > Alright, starting httpd as administrator helped creating the file and > resolved the issue. Thanks you! > > Thanks, > Pranav You're very welcome. For the sake of thoroughness, starting Apache as Administrator is necessary only when UAC (the User Account Control mechanism introduced with Windows Vista and present [in various forms] in all Windows operating systems thereafter) is enabled. Please note also that the Administrator requirement stems from the fact that Apache is installed to a "protected" directory (C:\Program Files). If you install Apache elsewhere, it will not necessarily require Administrator privileges to write to its logs. Enjoy! -Ben >> Date: Sun, 3 Mar 2013 15:20:25 -0500 >> From: b...@indietorrent.org >> To: users@httpd.apache.org >> Subject: Re: [users@httpd] Where are error logs created on windows? >> >> >> >> On 3/3/2013 11:40 AM, Pranav Kumar Ojha wrote: >> > Hi all, >> > >> > I have recently installed latest version of Apache2.2 on windows 7. I am >> > operating as an administrator with username as 'adminuser' on this >> > machine. The apache webserver is installed at this location: 'C:\Program >> > Files\Apache Software Foundation\Apache2.2\' on this computer and all >> > folders have write permission for 'adminuser'. >> > >> > After installing Apache 2.2 I made sure the basic "It works!" page was >> > shown properly and the sample script which shows environment variables >> > also works fine, but when I use a python-based simple CGI script, I get >> > 'Internal Server error', although this script works fine when run >> > standalone. This script only takes in a name in a text box and says >> > hello to that name on 'Submit'. >> > >> > The main problem is that in logs folder, I do not see any access logs or >> > error logs being created for this internal server error in the logs >> > directory. My current 'LogLevel' is defined as "debug" in httpd.conf. >> > >> > *Why are error/access logs not being written in apache's "logs" >> > directory ? * >> > Log dir location: 'C:\Program Files\Apache Software >> > Foundation\Apache2.2\logs' >> > * >> > * >> > Thanks, >> > Pranav >> >> How are you starting Apache? Are you running Apache as a service? Or are >> you starting it from the command-line? >> >> If you are running Apache as a service, then Apache will have the >> effective permissions of the account under which the service is running >> (not the permissions of your user account). >> >> If you are starting Apache from the command-line, then you need to be >> sure that you launch the command prompt (cmd.exe) with "Run as >> Administrator" and then start Apache, e.g., with "httpd --console". >> >> -Ben >> >> - >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Problem compiling Apache httpd from source code on Linux
On Mon, Mar 4, 2013 at 5:38 AM, Sarbjit singh wrote: > Today, I tired the httpd version 2.4.4 version with latest apr/apr-util > source code in the srclib folder and this time as well it hanged while > "checking for SCTP ". > > Is there any workaround/solution to this problem? This should work around the problem: Invoke configure with envvar apr_cv_sctp=no, as in export apr_cv_sctp=no ./configure ... or apr_cv_sctp=no ./configure ... "make distclean" before you invoke configure again > > -Sarbjit > > > On Sun, Mar 3, 2013 at 6:24 PM, Sarbjit singh wrote: > >> Sorry for not providing the version of httpd. >> >> I am using httpd.2.2.24, I have downloaded the APR and APR-UTIL, but >> didn't put in the srclib as this folder was already having these inside it. >> >> But I tried compiling the APR standalone and encountered the same >> problem. Then I did at once tried putting inside the srclib folder and >> found this issue. >> >> Please let me know if some more information is required. >> >> -Sarbjit >> >> >> On Sun, Mar 3, 2013 at 5:57 PM, Noel Butler wrote: >> >>> ** >>> On Sun, 2013-03-03 at 14:41 +0530, Sarbjit singh wrote: >>> >>> Hi All, >>> >>> I have been facing problem while compiling HTTPD on my linux machine. It >>> hangs at the following location while configuration :- >>> >>> >>> >>> checking whether TCP_NODELAY and TCP_CORK can both be enabled... yes >>> checking for TCP_CORK in netinet/tcp.h... yes >>> checking for TCP_NOPUSH in netinet/tcp.h... no >>> checking for SO_ACCEPTFILTER in sys/socket.h... no >>> checking whether SCTP is supported... >>> >>> I am configuring it using the following switches :- >>> >>> ./configure --with-included-apr >>> >>> uname -r returns :- >>> >>> 2.6.18-194.el5 >>> >>> Can some one please suggest on how to build it ? >>> >>> Thanks >>> Sarbjit >>> >>> >>> You don't tell us what version of httpd. >>> if it is 2.4.4, using --with-included-apr have you actually >>> downloaded apr and apr-util and put them in srclib ? >>> >>> >> > -- Born in Roswell... married an alien... http://emptyhammock.com/
Re: [users@httpd] Problem compiling Apache httpd from source code on Linux
Thanks Jeff. Workaround let me build httpd2.4.4. Just one question :- What would not work with installed httpd having SCTP not installed? On Mon, Mar 4, 2013 at 7:45 PM, Jeff Trawick wrote: > On Mon, Mar 4, 2013 at 5:38 AM, Sarbjit singh wrote: > >> Today, I tired the httpd version 2.4.4 version with latest apr/apr-util >> source code in the srclib folder and this time as well it hanged while >> "checking for SCTP ". >> >> Is there any workaround/solution to this problem? > > > This should work around the problem: > > Invoke configure with envvar apr_cv_sctp=no, as in > > export apr_cv_sctp=no > ./configure ... > > or > > apr_cv_sctp=no ./configure ... > > "make distclean" before you invoke configure again > > > >> >> -Sarbjit >> >> >> On Sun, Mar 3, 2013 at 6:24 PM, Sarbjit singh wrote: >> >>> Sorry for not providing the version of httpd. >>> >>> I am using httpd.2.2.24, I have downloaded the APR and APR-UTIL, but >>> didn't put in the srclib as this folder was already having these inside it. >>> >>> But I tried compiling the APR standalone and encountered the same >>> problem. Then I did at once tried putting inside the srclib folder and >>> found this issue. >>> >>> Please let me know if some more information is required. >>> >>> -Sarbjit >>> >>> >>> On Sun, Mar 3, 2013 at 5:57 PM, Noel Butler wrote: >>> ** On Sun, 2013-03-03 at 14:41 +0530, Sarbjit singh wrote: Hi All, I have been facing problem while compiling HTTPD on my linux machine. It hangs at the following location while configuration :- checking whether TCP_NODELAY and TCP_CORK can both be enabled... yes checking for TCP_CORK in netinet/tcp.h... yes checking for TCP_NOPUSH in netinet/tcp.h... no checking for SO_ACCEPTFILTER in sys/socket.h... no checking whether SCTP is supported... I am configuring it using the following switches :- ./configure --with-included-apr uname -r returns :- 2.6.18-194.el5 Can some one please suggest on how to build it ? Thanks Sarbjit You don't tell us what version of httpd. if it is 2.4.4, using --with-included-apr have you actually downloaded apr and apr-util and put them in srclib ? >>> >> > > > -- > Born in Roswell... married an alien... > http://emptyhammock.com/ >
Re: [users@httpd] Problem compiling Apache httpd from source code on Linux
On Mon, Mar 4, 2013 at 10:36 AM, Sarbjit singh wrote: > Thanks Jeff. Workaround let me build httpd2.4.4. > > Just one question :- What would not work with installed httpd having SCTP > not installed? > You won't miss anything. APR has some limited SCTP support, but nothing in httpd utilizes it. > > On Mon, Mar 4, 2013 at 7:45 PM, Jeff Trawick wrote: > >> On Mon, Mar 4, 2013 at 5:38 AM, Sarbjit singh wrote: >> >>> Today, I tired the httpd version 2.4.4 version with latest apr/apr-util >>> source code in the srclib folder and this time as well it hanged while >>> "checking for SCTP ". >>> >>> Is there any workaround/solution to this problem? >> >> >> This should work around the problem: >> >> Invoke configure with envvar apr_cv_sctp=no, as in >> >> export apr_cv_sctp=no >> ./configure ... >> >> or >> >> apr_cv_sctp=no ./configure ... >> >> "make distclean" before you invoke configure again >> >> >> >>> >>> -Sarbjit >>> >>> >>> On Sun, Mar 3, 2013 at 6:24 PM, Sarbjit singh wrote: >>> Sorry for not providing the version of httpd. I am using httpd.2.2.24, I have downloaded the APR and APR-UTIL, but didn't put in the srclib as this folder was already having these inside it. But I tried compiling the APR standalone and encountered the same problem. Then I did at once tried putting inside the srclib folder and found this issue. Please let me know if some more information is required. -Sarbjit On Sun, Mar 3, 2013 at 5:57 PM, Noel Butler wrote: > ** > On Sun, 2013-03-03 at 14:41 +0530, Sarbjit singh wrote: > > Hi All, > > I have been facing problem while compiling HTTPD on my linux machine. > It hangs at the following location while configuration :- > > > > checking whether TCP_NODELAY and TCP_CORK can both be enabled... yes > checking for TCP_CORK in netinet/tcp.h... yes > checking for TCP_NOPUSH in netinet/tcp.h... no > checking for SO_ACCEPTFILTER in sys/socket.h... no > checking whether SCTP is supported... > > I am configuring it using the following switches :- > > ./configure --with-included-apr > > uname -r returns :- > > 2.6.18-194.el5 > > Can some one please suggest on how to build it ? > > Thanks > Sarbjit > > > You don't tell us what version of httpd. > if it is 2.4.4, using --with-included-apr have you actually > downloaded apr and apr-util and put them in srclib ? > > >>> >> >> >> -- >> Born in Roswell... married an alien... >> http://emptyhammock.com/ >> > > -- Born in Roswell... married an alien... http://emptyhammock.com/
Re: [users@httpd] Re: mod_ssl help
One problem is almost solved!
Two issuer dn are similar but not the same, there is a capital letter in
the first dn and a normal letter in the other ...
But something with the authentication is wrong/missing ...
It complains about a refused renegotiation from the client side.
I'm confused, I don't know how to proceed.
On Mon, Mar 4, 2013 at 1:19 AM, Igor Cicimov wrote:
>
>
>
> On Mon, Mar 4, 2013 at 10:42 AM, Igor Cicimov wrote:
>
>> What I was trying to point to is this:
>>
>> # openssl x509 -noout -in
>> /etc/ssl/certs/TWCA_Root_Certification_Authority.pem -text
>> Certificate:
>> Data:
>> Version: 3 (0x2)
>> Serial Number: 1 (0x1)
>> Signature Algorithm: sha1WithRSAEncryption
>> *Issuer: C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root
>> Certification Authority*
>> Validity
>> Not Before: Aug 28 07:24:33 2008 GMT
>> Not After : Dec 31 15:59:59 2030 GMT
>> Subject: C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root
>> Certification Authority
>> Subject Public Key Info:
>> Public Key Algorithm: rsaEncryption
>> Public-Key: (2048 bit)
>> .
>> .
>> .
>>
>> as you can see the DN is coma separated not / separated
>>
>> On the other hand when tested with "openssl s_connect" for one of my
> certificates it comes out as "issuer=/C=AU/ST=NSW/L=Sydney/" so sorry
> for the confusion seams the / separator is correct.
>
> Any way, what does the test "openssl s_client -ssl3 -connect
> server_name:443" show in your case?
>
>
>>
>> On Mon, Mar 4, 2013 at 9:41 AM, Michele Mase' wrote:
>>
>>> The issuer dn is the same; the pem file is a ca bundle.
>>>
>>>
>>> On Sun, Mar 3, 2013 at 11:23 PM, Igor Cicimov wrote:
>>>
On 04/03/2013 7:33 AM, "Michele Mase'" wrote:
>
> Anyone?
>
>
> On Fri, Mar 1, 2013 at 7:39 PM, Michele Mase'
wrote:
>>
>> I'm testing a client authentication using:
>>
>> SSLCACertificateFile /path/to/pemfile.pem
>>
>> SSLVerifyClient require
>> SSLVerifyDepth 2
>> SSLOptions +StdEnvVars +ExportCertData
>> SSLRequire %{SSL_CLIENT_I_DN} eq
"/C=US/O=acme/OU=acme/CN=acme"
>> /LocationMatch>
>>
>>
>> I should use two different CA with the same DN (file
/path/to/pemfile.pem)
>> When i try to use this configuration I receive:
>> Access totest denied for 10.10.10.10 (requirement expression not
fulfilled)
>> Failed expression: %{SSL_CLIENT_I_DN} eq ...
>>
>> The only way it works is without the SSLRequire directive.
>> or
>> Using only one CA in the file (file /path/to/pemfile.pem)
>>
>> Some suggestions?
>>
>> Regards
>> Michele Masè
>
>
Please paste the output of
# openssl x509 -noout -in /path/to/pemfile.pem -text
so we know what are we talking about here. If multiple dn in the file
why are you trying to match one using eq then? Anyway, the above command
will show us the issuer dn string and you can see what are you doing wrong.
>>>
>>>
>>
>
[users@httpd] Limit/LimitExcept - access controls
This discussion is related to the bolded recommendation at: http://httpd.apache.org/docs/2.2/mod/core.html#limit stating that: "In the general case, access control directives should not be placed within a section." and further that... "A section should always be used in preference to a section when restricting access..." Albeit, the recommendation does say "In general", however for certain types of access control, it seems to me that the use of both the Limit and LimitExcept provide the perfect and perhaps the most appropriate means of access control. I can see in some cases a LimitExcept on its own can provide appropriate access control, but not in all and perhaps not even in most. For a simple example, I have in an .htaccess file: order deny,allow deny from all allow from 10.10.10.0/24 order deny,allow deny from all So, for the resources affected by that .htaccess I only want my users on 10.10.10.0/24 to have access to those resources and I only want those users to make GET and POST requests. In fact, I have seen this same type of access control configuration suggested in several places when searching on the subject, although none of them as authoritative as the Apache documentation. So a user on 10.10.10.0/24 can make a GET or POST request only and all other IP addresses can do nothing. I would suggest that recommendation in the Apache Limit docs to state: "In the general case, access control directives should not be placed within a section without an accompanying LimitExcept directive protecting the remaining methods. Am I not seeing something that would suggest that this is not an appropriate and very tight means of access control? Thank you. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] unknown 401 entity from apache
Environment: Platform- linux Apache version- 2.2 Modules enabled- deflate dir autoindex env mime negotiation custom_module reqtimeout setenvif As you can see, both auth and authz are disabled completely. httpd.conf and apache2.conf files reflect the same. In handling some proprietary authentication protocol in my custom_module, I do return 401 status code along with a custom entity which goes thro' fine to the client. But when I send a second 401 status return (required by my own auth protocol) along with a custom entity, client do get the 401 status but a different entity below which I don't send: 401 Authorization RequiredAuthorization RequiredThis server could not verify that youare authorized to access the documentrequested. Either you supplied the wrongcredentials (e.g., bad password), or yourbrowser doesn't understand how to supplythe credentials required. The entity I put doesn't get sent out the client but the above. I've not defined any ErrorDocument directive with the above message. Any clues?
Re: [users@httpd] unknown 401 entity from apache
On Mon, Mar 4, 2013 at 6:50 PM, Nce Rt wrote: > Environment: >Platform- linux >Apache version- 2.2 >Modules enabled- deflate dir autoindex env mime negotiation > custom_module reqtimeout setenvif > > As you can see, both auth and authz are disabled completely. httpd.conf and > apache2.conf files reflect the same. In handling some proprietary > authentication protocol in my custom_module, I do return 401 status code > along with a custom entity which goes thro' fine to the client. But when I > send a second 401 status return (required by my own auth protocol) along > with a custom entity, client do get the 401 status but a different entity > below which I don't send: > > 401 > Authorization RequiredAuthorization > RequiredThis server could not verify that youare authorized to > access the documentrequested. Either you supplied the wrongcredentials > (e.g., bad password), or yourbrowser doesn't understand how to supplythe > credentials required. > > The entity I put doesn't get sent out the client but the above. I've not > defined any ErrorDocument directive with the above message. Any clues? Better on modules-dev@. Does one call return 401 and another return DONE and set r->status=401? What hook and what do you return? - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Apache Crash
hello there i have apache2 running on centOS 6.3. all has been well untill the weekend when apache failed to start. this is the error i am getting [root@local josephk]# service httpd start Starting httpd: /bin/bash: line 1: 18934 Illegal instruction (core dumped) /usr/sbin/httpd [FAILED] [root@local josephk]# can anybody please shed some light regards -- KAY JAY
Re: [users@httpd] Apache Crash
On 05/03/2013 4:52 PM, "Joe Cajun" wrote: > > hello there > > i have apache2 running on centOS 6.3. all has been well untill the weekend when apache failed to start. this is the error i am getting > > [root@local josephk]# service httpd start > Starting httpd: /bin/bash: line 1: 18934 Illegal instruction (core dumped) /usr/sbin/httpd >[FAILED] > [root@local josephk]# > > can anybody please shed some light > > regards > > -- > KAY JAY First ask yourself what has changed on your system that might have caused the crash. Second use gdb to debug the core dump and see what exactly happened.
