[users@httpd] Editing Cookies in Apache HTTP Server.

Hi experts. This is my first post in apache mailing list. Ubuntu Apache : 2.4 I am trying to make every cookie generated by app or apache http server secure, httponly with domain set to site domain name Example: There is a cookie called MyCookie1=12345; it should be set to Mycookie=12345;secur

Re: [users@httpd] Unable to fork new process

Hi, On Wed, Jan 25, 2017 at 10:33 PM, Michele Mase' wrote: > = 0x00090805f) +ERR_free_strings(); +#endif +sk_SSL_COMP_free(SSL_COMP_get_compression_methods()); + /* Also don't call CRYPTO_cleanup_all_ex_data here; any registered * ex_data indices may have been cached in static

Re: [users@httpd] directive not having any effect

Hello Rainer, Thanks for your suggestion: I checked, and apache appears to handle multiple leading slashes properly without having to specify the regex as “^/+wp-login.php.*” And it appears to be consistent using safari, chrome, and firefox. —jason Jason BrooksSystems Administrator eROI

Re: [users@httpd] Unable to fork new process

Try it yourself (change the location of error log as needed), tomorrow I will try with an apche 2.4.x version on redhat system. To test it is quite simple. Start an apache on a test server; 10 virtualhosts, 100k reloads and it hangs. 260vhosts, 1k reloads and it hangs. Let me know. Tomorro

Re: [users@httpd] directive not having any effect

Am 25.01.2017 um 20:57 schrieb Jason Brooks: Ok, that’s exactly what did it: I put in two locationmatches: one being: and the other: Thank you for your fast response! What about multiple leading slashes, e.g. ///wp-login.php ? Check and if those are not yet covered use something like

Re: [users@httpd] directive not having any effect

Ok, that’s exactly what did it: I put in two locationmatches: one being: and the other: Thank you for your fast response! —jason Jason BrooksSystems Administrator eROIPerformance is Art. m: 505 nw couch #300 w: eroi.com t: 5

Re: [users@httpd] directive not having any effect

Yep On Wed, Jan 25, 2017 at 2:41 PM, Jason Brooks wrote: > Ah: I am using a proxypassmatch for *.php. > > Will work? > > —jason > > > Jason Brooks Systems Administrator > eROI Performance is Art. > > m: 505 nw couch #300 w: eroi.com > t: 503.290.3105 <(503)%20290-3105> f: 503.228.4249 <(503)%20

Re: [users@httpd] directive not having any effect

Ah: I am using a proxypassmatch for *.php. Will work? —jason Jason BrooksSystems Administrator eROIPerformance is Art. m: 505 nw couch #300 w: eroi.com t: 503.290.3105f: 503.228.4249 fb: fb.com/eROI

Re: [users@httpd] directive not having any effect

On Wed, Jan 25, 2017 at 2:32 PM, Jason Brooks wrote: > What’s going on? > ​If it's proxied, won't match. ​ -- Eric Covener cove...@gmail.com

[users@httpd] directive not having any effect

Hello, I am trying to lock out wp-admin.php to all but a whitelist of ip addresses. require ip www.xxx.yyy.zzz This is ubuntu 16.04 LTS running apache 2.4.18, and php-fpm. The "require ip www.xxx.yyy.zzz” all by itself blocks access for everyone except for the ip address, so THAT pa

RE: [users@httpd] Unable to fork new process

I would look at /etc/security/limits.conf and /etc/security/limits.d and see if there is a special memory entry for the user httpd is running as. If there is you could change it but this just moves the point of failure. Have you opened a ticket with Red Hat? They may be able to find a the fix f

Re: [users@httpd] Unable to fork new process

I've tried with httpd.event, same result. Using a demo host with 260 vhosts, the httpd hangs after "only" 1000 reloads. The relationship seems to be the following: number of virtualhosts = x/number of reloads 10 virtualhosts = 10 reloads 100 virtualhosts = 1000 reloads Tomorrow I 'll try to tes

RE: [users@httpd] Unable to fork new process

The Red Hat software collection are Red Hat rpms they are just in a non-default repository. The have all the same support from Red Hat as the defaults. I’ve included a link to the latest version but Apache 2.4 has been in there since the very first release. https://www.redhat.com/en/about/press

Re: [users@httpd] Unable to fork new process

On Wed, Jan 25, 2017 at 3:39 PM, Darryl Philip Baker < darryl.ba...@northwestern.edu> wrote: > e Due to redhat subscription, we must use redhat's rpms. Now I'm trying the php loop against another web server. Then I will try with apache 2.4.x in a offline env. My question is the same: After xx re

RE: [users@httpd] Unable to fork new process

My first suggestion remains, is it possible for you upgrade to the Apache httpd 2.4 from the Red Hat Software Collections? It means adding a new repo to your yum configuration but you would still have Red Hat support as with the default httpd installation. They even put the whole tree in /opt/rh

Re: [users@httpd] Unable to fork new process

Ok. Now I try again with a smaller set of modules. Anyone could help me? Should I ask redhat to solve my problem? The question is quite simple: After xx reloads under yy load average in zz time the error will appears "every time". Any smarter suggestion? B.R. On Wed, Jan 25, 2017 at 12:22 PM, Eric

Re: [users@httpd] Fwd: Patches for CVE-2016-8743 (apache 2.4.18)

Hi, On Wed, Jan 25, 2017 at 9:17 AM, Rashmi Srinivasan wrote: > We are trying to port the fix for CVE (CVE-2016-8743) to 2.4.18. Tried > checking the revision on git for the list of files fixed for this CVE. > There are lots of changes related to RFC7320 and was difficult to figure out > the f

Re: [users@httpd] Unable to fork new process

On Wed, Jan 25, 2017 at 5:29 AM, Michele Mase' wrote: > Any better suggestion? Anyone ever will correct the httpd code? Not without a more specific/realistic bug report on a recent release, and even then it's unlikely to show up in the 2.2.15 based server distributed by redhat. One PD step would

Re: [users@httpd] Unable to fork new process

There is the possibility of a memory leak: following an old post about the same problem https://ubuntuforums.org/showthread.php?t=1505539, I tried the experiment: using the php script to keep reloading apache until apache logs an error (a simple loop that reloads apache), after 100883 reloads and 7

[users@httpd] Fwd: Patches for CVE-2016-8743 (apache 2.4.18)

Hi, We are trying to port the fix for CVE (CVE-2016-8743) to 2.4.18. Tried checking the revision on git for the list of files fixed for this CVE. There are lots of changes related to RFC7320 and was difficult to figure out the files changed for this CVE as We couldnt find the CVE-2016-8743 in the