Re: [users@httpd] CVE-2023-38709: Apache HTTP Server: HTTP response splitting

https://nvd.nist.gov/vuln/detail/CVE-2023-38909 MEDIUM Otis DeWitt Contractor with Concept Plus, LLC in support of NOAA Fisheries NMFS / ST6 | U.S. Department of Commerce Office: ‪(302) 648-7481 | otis.dew

Re: [users@httpd] question on CVE-2023-36760

If you are not using "*Apache JServ Protocol (AJP)" *then the CVE does not pertain to your Apache server. On Mon, Feb 6, 2023 at 5:46 PM Thao, Pashia wrote: > PWEB server is running a version of Apache affected. > > > > Our prod web server is running a version of the Apache affected by by > CVE-

Re: [users@httpd] Httpd is hanging intermittently

nks Dewitt for very thorough and insightful explanation. We are using > Yocto packaged linux version with openssl version being OpenSSL 1.1.1k-fips > 25 Mar 2021. > > With Regards, > Venkatesh > > On Fri, Sep 24, 2021 at 12:11 AM Otis Dewitt - NOAA Affiliate > wrote: > >&g

Re: [users@httpd] Httpd is hanging intermittently

this issue. > > Do you know, how to generate more entropy in system or via apache so that > it can never be deprived of entropy? > > With Regards, > Venkatesh > > On Thu, Sep 23, 2021 at 8:46 PM Otis Dewitt - NOAA Affiliate > wrote: > >> Hmm I see, I not sure why yo

Re: [users@httpd] Httpd is hanging intermittently

inux OS and openssl version is 1.1.1k-fips. I not yet explored > with SSLRandomSeed changes. > Yes, we upgraded openssl few months back to 1.1.1k, but we are seeing > this httpd hangs issue from last month. > > *@otis Dewitt*, Since its production code in systems, I cant install >

Re: [users@httpd] Httpd is hanging intermittently

I don't think "insufficient entropy" has anything to do with Apache, but you could try installing "haveged" rpm. That may solve your problem. On Wed, Sep 22, 2021 at 2:11 PM alchemist vk wrote: > Hi All, > We are using httpd version 2.4.46 and its working fine for a long time. > But recently, w

Re: [users@httpd] mod_ssl: http to https ErrorDocument redirect stops working when only TLSv1.2 specified

GCM-SHA256 (128/128 bits) > [Thu Jun 24 08:07:11.478503 2021] [ssl:debug] [pid 2773:tid 27] > ssl_engine_kernel.c(415): [client 10.175.18.160:60710] AH02034: Initial > (No.1) HTTPS request received for child 344 (server 127.0.0.1:443) > [Thu Jun 24 08:07:11.478634 2021] [authz_core:debug] [pid 2

Re: [users@httpd] mod_ssl: http to https ErrorDocument redirect stops working when only TLSv1.2 specified

What does the /var/log/httpd/error_log say? Paste that. On Wed, Jun 23, 2021 at 8:06 PM Pavel Heimlich, a.k.a. hajma < tropikha...@gmail.com> wrote: > st 23. 6. 2021 v 23:06 odesílatel Otis Dewitt - NOAA Affiliate > napsal: > >> Check your Openssl ciphers to see if it su

Re: [users@httpd] mod_ssl: http to https ErrorDocument redirect stops working when only TLSv1.2 specified

Check your Openssl ciphers to see if it supports TLS 1.2 Try: SSLProtocol -ALL -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 +TLSv1.2 SSLCipherSuite HIGH:!aNULL:!eNULL:!kECDH:!aDH:!RC4:!3DES:!CAMELLIA:!MD5:!AES256-SHA:!AES128-SHA256:!AES256-SHA256:!AES256-GCM-SHA384:!AES128-SHA:!AES128-SHA:!AES128-GCM-SHA256:!A

Re: [users@httpd] Expose my server to internet

You are being firewalld, those ports are not available from outside. On Tue, Jan 14, 2020 at 3:23 PM Larry Irwin (work) < larry.ir...@ccamedical.com> wrote: > nmap shows all ports as filtered: > > # nmap -Pn padmahasa.ddns.net > > Starting Nmap 7.01 ( https://nmap.org ) at 2020-01-14 15:17 EST >

Re: [users@httpd] Web sockets & proxypass - No protocol handler was valid for the URL

You can also check this URL: http://blog.revathskumar.com/2015/09/proxy-websocket-via-apache.html Thanks, Otis On Tue, Dec 27, 2016 at 9:07 AM, Adam Teale wrote: > ​Hi Daniel, > > Yes in the http_server_app.conf file it is activated: > LoadModule ssl_module libexec/apache2/mod_ssl.so > > It is

Re: [users@httpd] Web sockets & proxypass - No protocol handler was valid for the URL

Check this link out. http://stackoverflow.com/questions/17889676/apache-2-4-6-reverseproxy-mod-proxy-wstunnel-for-secure-websocket-wss-fails Thanks, Otis On Tue, Dec 27, 2016 at 8:55 AM, Daniel wrote: > Silly question perhaps, are you also loading mod_ssl? > > 2016-12-27 14:39 GMT+01:00 Adam T

Re: [users@httpd] Apache says "It works" but also "Requested URL could not be found"

Try changing all your directories to lower case and check permissions and check selinux. Thanks, Otis On Fri, Nov 18, 2016 at 9:13 AM, Roparzh Hemon wrote: > Apache says "It works" but also "Requested URL could not be found" > > This problem seems to have jumped out of nowhere when I returned

Re: [users@httpd] Mod_Status : Empty Client / Protocol / Vhost / Request Columns

I would check the error.log file for errors. Did you have a module compile on on the previous version that is not in 2.4.20? Also inspect the web page, by right clicking on the empty spot and choose inspect then refresh your page and see what RED errors you get in the console if any. Sent from

Re: [users@httpd] TLSv1.2

Start with only TLSv1.0 As your compile of 2.4 may not support 1.2 Sent from my iPhone > On Mar 25, 2016, at 12:23 PM, Leonay Wynn wrote: > > HI, > > I'm running RHEL 5.3. I upgraded my httpd version to Apache 2.4.18. > configured with this: $ ./configure --prefix=/apps/httpd --enable-ssl

Re: [users@httpd] Apache ldaps ceritificate directive issue

[image: top] LDAPTrustedCA DirectiveDescription: Sets the file containing the trusted Certificate Authority certificate or databaseSyntax:

Re: [users@httpd] How to enable TLSV1.1 or above on Apache

Greetings, For httpd version 2.2.22 and older, only specify TLSv1. This is treated as a wildcard for all TLS versions. SSLProtocol TLSv1 ​ Thanks, Otis

Re: [users@httpd] ProxyReverse Issue on - httpd-2.2.29

Everything works on this site except this url: https://www.docu.com/class/page/createpdf.jsp?requestId=7 weird problem. Thanks, Otis On Mon, Feb 23, 2015 at 1:15 PM, Otis Dewitt - NOAA Affiliate < otis.dew...@noaa.gov> wrote: > oops yeah missed adding that to the email. >

Re: [users@httpd] ProxyReverse Issue on - httpd-2.2.29

oops yeah missed adding that to the email. Its in the config: # Class Directive (443) #EXAMPLE RewriteRule ^/class$(.*) https://www.docu.com/class$1 [L,NC] ProxyPass /class https://example.com:20201/class SetOutputFilter proxy-html ProxyPassReverse https://example.com:20

[users@httpd] ProxyReverse Issue on - httpd-2.2.29

Can someone please tell what I am doing wrong here, I am using Apache reverse proxy. I have been having this issue for sometime. #WORKS 1. If I use the Internal url directly to the server. a. https://example.com:20201/class/page/createpdf.jsp?requestId=7 b. I get a pdf to download. # FAILS 2.

Re: [users@httpd] Proxy problems when using subdirectory

Try adding: RewriteRule ^(.*)$ http://www.domain.com/$1 [R=301,L] Sent from my iPhone > On Nov 18, 2014, at 8:38 PM, H Plato wrote: > > I’m having problems getting a reverse proxy to work as a subdirectory. Using > the following configuration, Apache can full proxy an internal site: >

Re: [users@httpd] Re: Keeping an archive of httpd processes

Greetings Rose, You could use SNMP MRTG or Catci. Thanks, Otis On Mon, Jul 21, 2014 at 3:40 PM, Rose, John B wrote: > This is on Solaris 10 > > From: , John Rose > Date: Monday, July 21, 2014 2:47 PM > To: "users@httpd.apache.org" > Subject: Keeping an archive of httpd processes > > An

Re: [users@httpd] Hiding Query Strings

Greetings Paul, You could use code (php,ruby,asp . . .) to query the database without actually being on the page. I will try to use re-capture to prevent such actions. Thanks, Otis On Thu, Jul 10, 2014 at 2:00 PM, Stormy wrote: > At 01:16 PM 7/10/2014 -0400, Otis Dewitt - NOAA Affili

[users@httpd] Hiding Query Strings

Greetings, I am having a problem hiding query strings: Example: Change: http://www.fishfry.gov/pls/webpls/car_1.data_in?jtype=IMP&jmnth=01&jyear=2014&jcountry=USA&joutput=TABLE To Show: http://www.fishfry.gov on query return instead of showing the complete URL as above to help mitigate the publ

Re: [users@httpd] Change from ~username to /username questions

Greetings Yehuda, 1.) You can try something likfe this for one url: RewriteRule ^~blog/(.*)$ /site/legacy/users/blog/$1 [R=301,L] 2.) You can also play with this rewrite to make fit for you: RewriteEngine On #RewriteLog logs/rewrite.log # Uncomment for rewrite logging #RewriteLogLevel 3 # unc

Re: [users@httpd] php fpm and ProxyPass

Thanks for that update. On Sun, May 4, 2014 at 9:36 PM, Eric Covener wrote: > On Sun, May 4, 2014 at 9:03 PM, Otis Dewitt - NOAA Affiliate > wrote: > > Something you should know about mod_proxy_fcgi is that currently it > doesn’t > > support UNIX sockets, >

Re: [users@httpd] php fpm and ProxyPass

Greetings Lennsen, Something you should know about mod_proxy_fcgi is that currently it doesn’t support UNIX sockets, so you must start your PHP-FPM process using a TCP port, which is default when you install it. Daniel Garajau wrote a interesting document on this subject: http://garajau.com.br/bl

Re: [users@httpd] localhost Forbidden

Greetings Eric, Try this: DocumentRoot /www/default/Site AuthType None Options FollowSymLinks AllowOverride None Order allow,deny Allow from all Require all granted Thanks, Otis On Sun, May 4, 2014 at 9:58 AM, Eric Covener wrote: > On S

Re: [users@httpd] Apache commercial support

Greetings Joe, Understand your frustration, had similar problems in the past. The price can vary depending on infrastructure setup. Please email at odew...@linusoft.com so we can talk further. Thanks, Otis On Wed, Apr 2, 2014 at 1:08 PM, Joe Jensen (ConAgra Foods) < joe.jen...@conagrafoods.com

Re: [users@httpd] virtualhost redirects to root on mobiles

> Allow from all > > > ErrorLog ${APACHE_LOG_DIR}/error.log > > # Possible values include: debug, info, notice, warn, error, crit, > # alert, emerg. > LogLevel warn > > CustomLog ${APACHE_LOG_DIR}/access.log combined > > > > > On Thu, Jan 30, 2014 at 1

Re: [users@httpd] virtualhost redirects to root on mobiles

ce, warn, error, crit, > # alert, emerg. > LogLevel warn > > CustomLog ${APACHE_LOG_DIR}/access.log combined > > > > > On Thu, Jan 30, 2014 at 10:26 AM, Otis DeWitt wrote: > >> Try creating a server alias and restart apache. >> >> >> DocumentRoot /w

Re: [users@httpd] virtualhost redirects to root on mobiles

Try creating a server alias and restart apache. DocumentRoot /www/server1 ServerName example.com ServerAlias www.example.com Sent from my iPhone > On Jan 30, 2014, at 1:04 PM, Josh Stratton wrote: > > I setup an apache server a while back without a virtualhost and got > everything working f

[users@httpd] Reverse Proxy Issue on Apache version 2.0.65

Greetings, I am constantly getting this error below in my log file: *[error] (20014)Error string not specified yet: proxy: pass request body failed to 172.16.11.212:7705 (www.example.com ) from 192.168.100.34 ()* [Thu Jan 09 15:52:47 2014] [err

[users@httpd] Reverse Proxy Issue on Apache version 2.0.65

Greetings, I am constantly getting this error below in my log file: *[error] (20014)Error string not specified yet: proxy: pass request body failed to 172.16.11.212:7705 (www.example.com ) from 192.168.100.34 ()* [Thu Jan 09 15:52:47 2014] [err

Re: [users@httpd] Access controls

t; http://myurl.com/sitec -> user3. > http://myurl.com/sited -> user1, user2 and user3. > > Using the require is allowing everyone in the LDAP, which we don't > want it. Hope its clear now? > > Thanks > Ramesh > > On Mon, Dec 16, 2013 at 2:32 PM, Otis Dewitt - N

Re: [users@httpd] Access controls

What do you mean? * "Since our requirement is to control access based on a path.*" AuthType basic AuthName "Example 1 use your LDAP login." AuthBasicProvider ldap AuthLDAPURL "ldaps:// example-ldap.example.com:636/o=example.com?uid??(&(objectClass=inetOrgPerson)(g

Re: [users@httpd] #error mod_ssl requires OpenSSL 0.9.8a or later

Try: First make sure openssl-devel-1.0.1e is installed. --with-ssl= Example: --with-ssl=/usr/include/openssl Thanks, Otis On Mon, Dec 16, 2013 at 1:58 AM, Abdul Anshad wrote: > Hello All, > > I'm trying to compile httpd-2.4.7 from source, but i get the following > error "#error mod_ssl r

Re: [users@httpd] diagnosing an httpd memory "leak"

Very weird scenario, I can only think of a couple of reason's this can be happening. 1. Enable debug on loglevel and see what happens in that 15mins. 2. Try removing the httpd.conf and put a default httpd.conf in place and start it to see if the same thing happens. if not then you know it's in the

Re: [users@httpd] Only garbage was found in the patch input - httpd-2.4.7-sslsninotreq.patch

his issue. > > Could you please guide me ? > <http://koji.fedoraproject.org/koji/buildinfo?buildID=483947> > > Regards, > Abdul > > On 12/12/2013 12:32 PM, Otis Dewitt - NOAA Affiliate wrote: > > This patch is corrupt, it is missing content . > > contact t

Re: [users@httpd] Web Site Testing

Take a look at awstats. On Thu, Dec 12, 2013 at 1:51 AM, Jim Barchuk wrote: > > On Wed, 11 Dec 2013, Roman Gelfand wrote: > > I think I was misunderstood. I am looking for a web site monitoring >> software that periodically downloads a page from that site and records >> statistics like how m

Re: [users@httpd] Can not Find Apache 2.4 Installable Version (Binary or .msi)

Try: http://www.anindya.com/apache-http-server-2-4-2-x86-and-x64-windows-installers/ On Thu, Dec 12, 2013 at 1:35 AM, Yogesh patel wrote: > HI > > I am not able to find apache 2.4 installable version. Apache official site > provides source code of it. Can i anywhere find binary file or .msi file

Re: [users@httpd] Only garbage was found in the patch input - httpd-2.4.7-sslsninotreq.patch

This patch is corrupt, it is missing content . contact the submitter of the patch. On Thu, Dec 12, 2013 at 12:23 AM, Abdul Anshad wrote: > Hello All, > > I can't apply a patch named *httpd-2.4.7-sslsninotreq**.patch*, when i > try to build the package httpd-2.4.7 it throws out the error as "O

[users@httpd] Mod_Proxy Bug in Apache 2.0.65

Greetings, I am using Apache 2.0.65 with mod_proxy as a reverse proxy, this proxy sits in the DMZ and serves to the backend servers. I am getting constant errors in the log file stating whats below. *[Tue Dec 10 12:33:17 2013] [error] (20014)Error string not specified yet: proxy: pass request bod

[users@httpd] Mod_Proxy Bug in Apache 2.0.65

Greetings, I am using Apache 2.0.65 with mod_proxy as a reverse proxy, this proxy sits in the DMZ and serves to the backend servers. I am getting constant errors in the log file stating whats below. *[Tue Dec 10 12:33:17 2013] [error] (20014)Error string not specified yet: proxy: pass request bod