[users@httpd] Apache HTTP Server 2.2.21 Released

The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.2.21 of the Apache HTTP Server ("Apache"). This version of Apache is principally a security and bug fix release: * SECURITY: CVE-2011-3348 (cve.mitre.org) mod

[users@httpd] Re: VN: VU#405811 / TN:JPCERT#96552408

Here are some questions posted to the security list, bcc'ing the reporter, but perhaps of general interest. On 9/14/2011 10:45 AM, [...] wrote: > > We have noticed that official notification was released via > mailing list. > > And we have received another inquiry from a vendor and system > admi

Re: [users@httpd] Apache Gui - opinions please

On 9/14/2011 7:19 PM, Joshua Stoutenburg wrote: > http://www.apache-gui.com/ My opinion is that this was a transparent attempt at clickthrough spam. - The official User-To-User support forum of the Apache HTTP Server Project.

Re: [users@httpd] Apache Gui - opinions please

On 9/15/2011 12:14 AM, Joshua Stoutenburg wrote: > I'm looking for a GUI tool to manage my servers, and wanted to see > what response this one would get. Then, we assume as a user who is willing to do a bit of homework up front, you would have posted some of the pros and cons of what you had uncov

Re: [users@httpd] Re: mod_proxy SSL forward proxy

On 9/21/2011 5:32 PM, mortee wrote: > > Any ideas about this topic? > > On 09/08/2011 11:41, mortee wrote: >> >> Hello, >> >> Is there a way to enable both SSLEngine and plain HTTP forward proxying >> on the same port / virtual host? >> >> To be specific, I want my Apache to serve usual HTTPS on

Re: [users@httpd] httpd Will Not Start ....

On 10/1/2011 1:33 PM, Wang, Mary Y wrote: > I'm confused. > I issued the following command to start httpd, but no error and informational > message > displayed. Of course, there is no httpd process. > > '/opt/csvn/bin/httpd -f /opt/csvn/data/conf/httpd.conf -k start' > > When I looked at the

Re: [users@httpd] httpd Will Not Start ....

On 10/1/2011 7:30 PM, Wang, Mary Y wrote: > Oops. The httpd version is Apache/2.2.15. > > Any ideas on what I can do next? My head is spinnning. Everything used to > work until we have a system upgrade. All the files are the same as before > (that was what I was told), except we moved to a

Re: [users@httpd] Apache stops responding until being reloaded.

On 10/6/2011 8:22 AM, stal...@locum.ru wrote: > > Some time Apache stops responding until being reloaded. on server work > mod_php5 and wsgi > for django app. os debian 6.0.2. kernel 2.6.32-5-amd64 > > apache2 -v > Server version: Apache/2.2.16 (Debian) > Server built: Aug 8 2011 14:38:30

Re: [users@httpd] vulnerabilities-oval.xml

On 10/11/2011 2:49 AM, Pascal HERAUD wrote: > Hello, > > Such a shame that Apache Http does not maintain this file anymore. > It allows main security vulnerabilities aggregators to publish thoses > advisories... Canonical path is now; http://svn.apache.org/repos/asf/httpd/site/trunk/xdocs/secur

Re: [users@httpd] Fw: favicon.ico

On 10/14/2011 3:56 PM, Steve Swift wrote: > It is surprising that the installation of apache does not install a sample > favicon.ico > (the apache "feather", perhaps). Wouldn't happen. Take a look at the modern rendition of 'it worked'. It works! The arbitrary user installs a server, why shoul

Re: [users@httpd] Apache 2.2.1 does not want to run on my machine

On 10/15/2011 9:33 AM, Guillaume wrote: > Hello, > I hope that I'm on the right forum and that my question has sense. > I m not at all a specialist and please forgive my english, it's not my > language. No hassle, it's more efficient than my tiny bit of French or Italian :) > [Sat Oct 15 15:35:2

Re: [users@httpd] Apache 2.2.1 does not want to run on my machine

On 10/18/2011 3:38 AM, Guillaume Roul wrote: > In that case, it seems to be my firewall (Online armor) that blocked Apache. > I've turned > it off, started Wamp and it worked. Now I don't even have to stop OA, it > works perfectly. > The strange think is that nothing said that OA blocked Apache o

Re: [users@httpd] Intermittent access to web address

On 10/25/2011 9:36 PM, Yehuda Katz wrote: > In the error log that you supplied, your server has the address > 192.168.1.102, which is in the address range usually assigned > automatically by your router. > If the computer does not have a fixed IP address, it is not possible > for your router to for

Re: [users@httpd] apr_off_t mismatch

On 11/9/2011 3:07 PM, Asaf Dalet wrote: Hi everyone, i have a problem which is bugging me for a couple of days now: i have a module written for apache 2.2.x and compiled as 32-bit on solaris 9 SPARC 64-bit. i have a precompiled apache core on a different solaris 9 (also 64-bit). the problem: s

Re: [users@httpd] apr_off_t mismatch

On 11/9/2011 11:52 PM, Asaf Dalet wrote: the precompiled apache version is definitely 2.2.0 (according to httpd -V) and there is definitely some mismatch between request_rec size between it and my compiled module. Of course i don't know it for sure because i don't know the exact sizeof(request

Re: [users@httpd] ldap authentication works for a while then starts failing

On 11/15/2011 8:00 AM, Mr Jerry J wrote: Hello, I have upgraded to httpd 2.2.21, but am still having the same problem. Does anyone have any ideas on why LDAP authentication against Active Directory works fine for a while and then stops working, giving the error message below? Can't tell you f

Re: [users@httpd] apr_off_t mismatch

On 11/21/2011 9:48 AM, Asaf Dalet wrote: Hi all, some interesting news: I downloaded apr-1.2.2-sol9-sparc-local from sunfreeware.com and installed it. the file apr/include/apr-1/apr.h contains this line: typedef long apr_off_t; does this mean apr 1.2.2 does n

Re: [users@httpd] php.net is directing windows users to Apache Lounge

On 12/13/2011 10:50 AM, Paul Simon wrote: > Hi All, > > PHP.net [http://windows.php.net/download/] is directing folks to > download apache for windows from Apache Lounge > [http://apachelounge.com/]. It says the apache from apache.org is > compiled with the legacy Visual Studio 6 compiler instead

Re: [users@httpd] How are requested URIs translated into local resource names? (where is the "ap_run_translate_name" function?)

On 1/4/2012 12:47 AM, Tianyin Xu wrote: > > Could anyone tell me how can I find the implementation of the function > "ap_run_translate_name" and "ap_run_map_to_storage"? Please jump on over to modules-...@httpd.apache.org list - that's really the best place to get an answer to your question. ---

Re: [users@httpd] can not send

On 1/9/2012 6:13 AM, Luisa Ester Navarro wrote: > you reject my messages Try sending in plain text, rather than html email. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/

Re: [users@httpd] Error during the Compile step while upgrading the Apache from 1.3.34 to 2.0.59

On 1/16/2012 11:54 PM, Sandeep Bhatia wrote: > Hi All , > > We are upgrading the Apache Web Server from 1.3.34 to 2.0.59 on AIX 5.3 Tl12 > > During the compile step we are getting the follwoing error. > > ld: 0711-738 ERROR: Input file strings/.libs/apr_cpystrn.o: > XCOFF32 object files

Re: [users@httpd] Question regarding OS support for Apache version 2.2.21....

On 1/26/2012 4:12 PM, Mark Hamer wrote: > > That is what I was askingif it will install and run without trouble. I > plan on > uprading it. Currently I have the following Apache version installed and > running. If you aren't installing an rpm (and you can try the current source rpms for

Re: [users@httpd] How to make Apache mod_deflate and Transfer-encoding : Chunked work together?

On 1/27/2012 2:50 PM, sameer shah wrote: > As you can see in above 2 headers chunking is working only if the compression > is turned > off. Chunking is not a feature that the client gets to choose. Your client code is badly written if it is that fragile. It has to be able to tolerate either of

Re: [users@httpd] How to make Apache mod_deflate and Transfer-encoding : Chunked work together?

On 1/30/2012 8:30 AM, Matus UHLAR - fantomas wrote: >> On 1/27/2012 2:50 PM, sameer shah wrote: >>> As you can see in above 2 headers chunking is working only if the >>> compression is turned >>> off. > > On 27.01.12 15:37, William A. Rowe Jr. wrote: >&

Re: [users@httpd] How to make Apache mod_deflate and Transfer-encoding : Chunked work together?

On 1/31/2012 9:37 AM, Matus UHLAR - fantomas wrote: >>>> On 1/27/2012 2:50 PM, sameer shah wrote: >>>>> As you can see in above 2 headers chunking is working only if the >>>>> compression is >>>>> turned off. >>> >>> O

[users@httpd] Apache HTTP Server 2.2.22 Released

Apache HTTP Server 2.2.22 Released The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.2.22 of the Apache HTTP Server ("Apache"). This version of Apache is principally a security and bug fix release,

Re: [users@httpd] How to make Apache mod_deflate and Transfer-encoding : Chunked work together?

On 2/1/2012 3:48 AM, Matus UHLAR - fantomas wrote: > > Of course. But the original question was, why is chunking not used, even when > Content-Length was not sent? I don't know HTTP/1.1 enough to answwer this > question, do you? Yes; because the entire C-L is known and the overhead for C-L plus

Re: [users@httpd] Advice on Apache 2.2.22

On 2/21/2012 2:08 AM, Gadi Katsovich wrote: > Hello all users, > > We are currently working with Apache 2.2.16 and are considering the option of > upgrading to > Apache 2.2.22. > > I was wondering if Apache 2.2.22 is common enough to be verified as a stable > version. > > Has anyone come acros

Re: [users@httpd] Re: [ANNOUNCEMENT] Apache HTTP Server 2.4.1 Released

On 2/21/2012 8:16 PM, DW wrote: > > Thanks for the info. Windows binaries are still not available so > wondered if these would be ready tomorrow. Nope. Although httpd-2.4 is 'baked', the dependent libraries expat 2.0.2, zlib 1.2.7, openssl 1.0.1 aren't yet released. Once that's done I expect t

[users@httpd] Re: Any suggestions for a presentation at ApacheConNA2012?

On 3/2/2012 6:29 PM, Daniel Ruggeri wrote: > All; >I'm hoping I can make it to ApacheCon NA again this year. I had a lot > of fun presenting 'The mod_proxy_balancer cookbook' in 2010 and would > like to submit to present again. Since I didn't get a lot of feedback > one way or the other last ti

Re: [users@httpd] apache 2.2 can't keep up with apache 1.3

On 3/13/2012 12:25 PM, Tom Evans wrote: > On Tue, Mar 13, 2012 at 5:19 PM, William Taylor > wrote: >> I wouldn't say it's silly, but definitely not the norm and obviously a >> low priority >> for everyone else. > > I would say that forking an entire new process to handle a single > request and t

Re: [users@httpd] mod_fcgid 2.3.6 not loading with Apache 2.4

On 3/20/2012 10:15 AM, Pablo wrote: > > I have compiled Apache 2.4.1 with mod_fcgid-2.3.6 under CenOS 5.6 without > problem > (latest versions on website). 2.4 arrived after fcgid 2.3.6 was published. The code in subversion should be correct, I think. If you have a subversion client, you

Re: [users@httpd] mod_fcgid 2.3.6 causes Apache 2.4.1 not to start with undefined symbol: ap_unixd_setup_child message

On 3/21/2012 11:33 AM, Richard Westebbe wrote: > Hi Pablo, > > thank you for your answer! :-) I guess you refer to your mail: > > "mod_fcgid 2.3.6 not loading with Apache 2.4" > > Actually I had already tried the given solution, as I had written before. I > downloaded the > trunk version and c

Re: [users@httpd] mod_fcgid 2.3.6 causes Apache 2.4.1 not to start with undefined symbol: ap_unixd_setup_child message

On 3/22/2012 3:25 AM, Tianyin Xu wrote: > Hi, Richard, > > The problem you found is really interesting to me. I would like to take a > look at it. > > But it seems that the module "mod_fcgid" is not an official Apache module? > Since I cannot > find it in the manual of Apache httpd-2.4.1 (see t

Re: [users@httpd] accessing named pipe files from apache web server

On 3/22/2012 8:56 AM, Mysterious Mose wrote: > > I just want a plain named pipe as a file on the web server. I will > write information to the pipe, and when a web browser accesses the > pipe, it will read the information. Simple, right? But whenever I try > to access the pipe through the web,

Re: [users@httpd] GZip compression

You can also programmatically inject a filter. Several modules inject one filter or another. You probably wanted our modules-dev@httpd authors list to share ideas about module authoring. It's a bit beyond the typical discussion here at the user list. On 4/18/2012 11:31 PM, Igor Cicimov wrote:

Re: [users@httpd] Conversion 2.2.14 -> 2.4.1 still problems

On 4/19/2012 1:01 PM, John Iliffe wrote: > After factoring in the suggestions from a number of folks here (thanks!) I > still have problems getting a working configuration. > > Many pages depend on PHP and I upgraded PHP to version 5.4.0, compiled it > as an apxs module PHP fans everywhere will

Re: [users@httpd] Conversion 2.2.14 -> 2.4.1 still problems

As mentioned on this list, 2.4.2 was just released. You will want to pick up that update. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] mod_lua segfault in httpd-2.4.1

On 2/24/2012 6:19 AM, Marco van Tol wrote: > Goodday, > > I have tried to make a setup using mod_lua using version 2.4.1 of the > apache httpd server and noticed that requests involving lua render a > segfault message in the error log like this one: > > [Fri Feb 24 11:42:41.410706 2012] [core:not

Re: [users@httpd] PHP doesn't process pages

On 4/22/2012 6:08 AM, Noel Butler wrote: > John, > > On Sun, 2012-04-22 at 17:34 +1000, Noel Butler wrote: > >> >> I note your using php 5.4.0 - all my testing has been with 5.3.10 and is >> done on >> Slackware, but I do have one RHEL 5.2 >> I'll throw 5.4 on the dev box if I get a chance later

Re: [users@httpd] Upgrading OpenSSL without upgrading Apache. Can it be done???

On 4/24/2012 3:09 PM, TFML wrote: > I'm assuming you're using some sort of Windows operating system. I haven't > done one in a > few years, but I would assume the 1.0 version > from http://slproweb.com/products/Win32OpenSSL.html should work like > installing any other > Windows Installer. If so

Re: [users@httpd] Upgrading OpenSSL without upgrading Apache. Can it be done???

On 4/24/2012 4:05 PM, bfinkel...@aaamissouri.com wrote: > > Great thanks for the info! > > Where can I find out when apache.org will be bundling the latest version of > OpenSSL with > apache? PCI compliance calls for using level "u" as of today. If you had read the notices from the OpenSSL pro

Re: [users@httpd] How to differentiate between Graceful restart and stop in apache extended module

On 5/7/2012 6:37 AM, vk.indushekar VK wrote: > Hi, > We developed a apache module mod_xx.so. We have a requirement where in we > need to differentiate between apache graceful restart and normal stop. We > need to execute certain part of the code for graceful restart only. > > So how do we differen

Re: [users@httpd] mod_fcgid + daemon implemented in C

On 5/9/2012 8:41 AM, Henrik Strand wrote: > > I want to use mod_fcgid (http://httpd.apache.org/mod_fcgid/) with a > daemon implemented in C. Is there a lib available like the one from the > FastCGI project (http://www.fastcgi.com/) to use for a fcgi_accept() > function? Or do I have to implement o

Re: [users@httpd] Denial of Service due to multiplication of httpd running

On 5/22/2012 12:02 PM, Bill Unruh wrote: > > Eg, here is one entry from the ps auxww list > > apache 18137 0.0 0.5 26844 5744 ?S09:34 0:00 > /usr/sbin/httpd -f > /etc/httpd/conf/httpd.conf -DAPACHE2 -DHAVE_PERL -DHAVE_PHP5 -DHAVE_ACTIONS > -DHAVE_ALIAS > -DHAVE_ASIS -DHAVE_

Re: [users@httpd] Denial of Service due to multiplication of httpd running

On 5/22/2012 6:00 PM, Bill Unruh wrote: > On Tue, 22 May 2012, William A. Rowe Jr. wrote: > >> On 5/22/2012 12:02 PM, Bill Unruh wrote: >> >>> At that time in the access_log I have a whole bunch of entries like >>> ::1 - - [22/May/2012:09:34:22 -0700] "O

Re: [users@httpd] LD_LIBRARY_PATH issue in 2.2.22 and earlier

On 5/24/2012 12:05 PM, Luke Lozier wrote: > One of the PCI scanning companies is demanding an upgrade to 2.4.2 due to the > issues > described in this CVE: > > Changes with Apache 2.2.23 > > *) SECURITY: CVE-2012-0883 (cve.mitre.org ) > envvars: Fix insecure handling

Re: [users@httpd] Segmentation fault error

You didn't dump the offending stack, you dumped the first stack. It's highly unlikely there was a segfault in _read. You need to dump all the thread stacks, and work out the offending one; this is usuallly designated <<< FAULT or some other indication of where the fault occured. On 5/30/2012 10

Re: [users@httpd] Win32 Binary without crypto (no mod_ssl) (MSI Installer): httpd-2.2.23-win32-x86-no_ssl.msi

On 10/22/2012 1:18 PM, Yehuda Katz wrote: > Any idea what would be required for someone who wanted to volunteer to manage > windows builds? Binaries are created/distributed only by httpd committers as a matter of policy (irrespective of platform). This is due to the ASF's own liabilities and web

[users@httpd] Re: Festina Lente - Nóirín Plunkett / Shirley

On Wed, Jul 29, 2015 at 2:05 PM, Jim Jagielski wrote: > If you have ever read the httpd doccos, there are many people who > made them what they are, and are deserving of thanks. But today we > have lost one of the main and core talents behind them. > > Nóirín was a bright light and a festive soul

[users@httpd] Re: merging Apache context

unbox and re-box the managed data when passing it back and forth from unmanaged httpd "C" code. That source code lives http://sourceforge.net/p/mod-aspdotnet/code/HEAD/tree/mod_aspdotnet2/trunk/ if it is of some help to compare how I handled similar issues. Enjoy your weekend... You

[users@httpd] Re: FAQ?

On Sun, Nov 15, 2015 at 11:09 AM, yousuf sharief wrote: > Hi All, > > Please share the FAQ's to update my skills on Apache. > At this time there isn't an actively maintained FAQ, but the historical one is editable at http://wiki.apache.org/httpd/FAQ If folks on users@ wanted to start maintainin

Re: [users@httpd] how to compile apache httpd 2.4.17

On Nov 16, 2015 17:21, "David Long" wrote: > > I download Apache httpd 2.4.17 and want compile on Solaris 10 Sparc. > > It ask me to install APR. > > So I download APR 1.5.2 and try to configure it and following error. > > > > root@kiana# cd /www/apachesrc/apr-1.5.2 > > root@kiana# ./configure --p

RE: [users@httpd] how to compile apache httpd 2.4.17

. > > > > Thanks for your help. > > > > David Long > > > > *From:* William A Rowe Jr [mailto:wr...@rowe-clan.net] > *Sent:* Tuesday, November 17, 2015 11:36 AM > *To:* users@httpd.apache.org > *Subject:* Re: [users@httpd] how to compile apache httpd

Re: [users@httpd] Apache modules built as .a and .la instead of .so libraries

Go back to how you initially built apr, that is going to be the origin of the libtool used by httpd. On Fri, Nov 20, 2015 at 8:23 AM, spggwp7q wrote: > Hi guys, > > I'm building apache 2.4.x (latest) for Solaris on Intel. I've built a > cross compiler for this, which seems to be working fine. Th

Re: [users@httpd] Is there a shell environment variable to direct httpd to a httpd.conf ?

On Fri, Nov 20, 2015 at 4:03 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > Gary, > > On 11/20/15 4:44 PM, Gary M wrote: > > I'm in a unique configuration dilemma where I need to place the location > > of httpd.conf in a "soft" location. eg the shell environment variable. > > > >

Re: [users@httpd] Apache2 and Tomcat : Simultaneously running both servers and Virtual Hosting.

Pretty simple answer, you either, 1. Change the Tomcat port, E.g. 8080 so it doesn't collide with httpd, or 2. Listen (IPaddr1):80 to httpd and bind (IPaddr2):80 to Tomcat. The second can be more confusing, since if you bind localhost:80 to Tomcat, httpd won't respond unless you make a request t

Re: [users@httpd] explicitly including other ciphers for use with https

On Mon, Dec 7, 2015 at 2:39 PM, Ron Croonenberg wrote: > Hello, > > I a building a storage system, using HTTP/HTTPS for ingesting data. > > I would like to use the authentication over HTTPS, while after that I want > no encryption on the data because of peformance. > Then you probably don't unde

Re: [users@httpd] explicitly including other ciphers for use with https

On Mon, Dec 7, 2015 at 7:40 PM, Jacob Champion wrote: > On 12/07/2015 05:06 PM, William A Rowe Jr wrote: > >> On Mon, Dec 7, 2015 at 2:39 PM, Ron Croonenberg > <mailto:r...@lanl.gov>> wrote: >> >> Hello, >> >> I a building a sto

Re: [users@httpd] explicitly including other ciphers for use with https

On Dec 7, 2015 11:36 PM, "Marat Khalili" wrote: >> >> Everything *after* that handshake, in cleartext, is open for inspection or for manipulation > > Are you sure about the manipulation part? Why do you think encryption helps here then? To turn the question around, what gives you the suggestion t

Re: [users@httpd] explicitly including other ciphers for use with https

On Tue, Dec 8, 2015 at 10:45 AM, Ron Croonenberg wrote: > I forgot, is there a "standard way" to create an rpm so I can install the > binaries somewhere? > Well, all the major linux distributions have their own forks, their own 'one right way' to package rpm/deb/etc, but have a look in the buil

Re: [users@httpd] Apache2 does not properly start

It's been too many years since I and others have looked at 2.4.7, if you can try this on a modern release of httpd and share those error logs, be glad to review. Bill On Dec 10, 2015 10:40 AM, "LVDave" wrote: > I have an Apache2 install (v2.4.7) running on Ubuntu 14.04 (32bit) > that had been wo

Re: [users@httpd] Buffer overrun in Apache 2.4.7-2.4.17

On Tue, Dec 15, 2015 at 2:34 PM, Mike Pastore wrote: > Hi folks, > > I believe I've found a buffer overrun affecting (at least) Apache 2.4.7 > and 2.4.17. I don't know enough about this sort of thing to determine how > serious it is and whether or not it is a potential security vulnerability. > I

Re: [users@httpd] ProxyPass + Redirect

On Wed, Dec 16, 2015 at 4:34 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > >RedirectMatch ^/foo(/)?$ /foo/someplace_specific.html >RedirectMatch ^/foo/index.html$ /foo/someplace_specific.html >ProxyPass /foo/index.html ! >ProxyPass /foo/ http://localhost:8009/foo

Re: [users@httpd] Circumstances when mod_php would run faster than PHP-FPM?

Mod_proxy_fcgi + php-fpm or mod_fcgid with php fcgi sapi should both be equivalent when tuned correctly. Your only option for running php in process efficiently is to use the non-threadsafe php in the httpd preform module. Your only option for running httpd efficiently is the event, or at least t

Fwd: [users@httpd] Possible virus via httpd server

anish, there is an offer for new translations of httpd that we would love proof-reading help with, if you are interested. Please join up with d...@httpd.apache.org if you would like to help review translated docs pages! Cheers, Bill -- Forwarded message -- From: William A Ro

Re: [users@httpd] Blocking of users [was: Apache Server Access]

Precisely. We are likely to be switching mailing list mgmt platforms very soon, with luck we can preserve the subscribed address in such a way that unsubscribing users is less of a hassle. Right now the embedded list-unsubscribe fails to suggest the specific email address that needs to be unlinke

Re: [users@httpd] SNI SSL per domain?

Sounds like you have mis-structured the config. Per servername - each can and should have its own cert and will be selected via SNI. If there are subadmins beneath each vhost section #include those snippets and they all still fall within the given host name. On Feb 1, 2016 11:21 AM, "Felipe Gaspe

Re: [users@httpd] Apache fails to start after updating openssl from 1.0.1j to 1.0.2g

There was a well-documented binary breakage in 1.0.2g that has already been fixed in their source repository for the next openssl upgrades. That fix is here; https://github.com/openssl/openssl/commit/133138569f37d149ed1d7641fe8c75a93fded445 On Mon, Mar 14, 2016 at 12:05 PM, Ron Hawkins wrote:

Re: [users@httpd] rpmbuild for httpd-2.4.23 failed missing mod_proxy_fdpass.so

This is a dev@ level regression, sharing with that list. Please confirm you are using httpd's own rpm. If not, the specific --enable-modules provided for your rpm.spec file may be at issue. On Jul 17, 2016 3:45 AM, "kohmoto" wrote: > I tried to rpmbuild the former version httpd-2.4.20.tar.bz2 in

[users@httpd] [Advisory] Apache Software Foundation Projects and "httpoxy" CERT VU#797896

Advisory: Apache Software Foundation Projects and "httpoxy" CERT VU#797896 Canonical URL: https://www.apache.org/security/asf-httpoxy-response.txt Publication: v1.0 18 July 2016 Audience This Advisory is directed to HTTP web server administrators and users of the software indicated b

Re: [users@httpd] Install and Configure Apache on Windows Server

There is a very recent skeleton on the wiki... https://wiki.apache.org/httpd/WindowsTrunkCompilation Aside from obtaining a release tarball, it is more straightforward than using the msvc studio build schema. On Nov 3, 2016 15:42, "Robert Ramoutar" wrote: > > Hello all, > > > I have been tasked

Re: [users@httpd] HTTPOxy vulnerability not posted to announce list?

https://lists.apache.org/list.html?annou...@httpd.apache.org:lte=1y:Httpoxy was the first release addressing the question by httpd project. Announce@ lists are used to broadcast release availability, making them less than ideal channels for this foundation-wide response; https://www.apache.org/s

Re: [users@httpd] Apache upgrade on Aix

There is a wealth of information in the build/ and build-1/ (APR) subdirectories about the compiler and linker choices that were used to create a build, if they are preserved. On Tue, Feb 7, 2017 at 8:38 AM, Chunduru, Krishnachaithanya wrote: > Hi Eric, > > Thanks for your reply. > > Actually th

Re: [users@httpd] URG:DocumentRoot relate query on WIndows

What you are seeing is correct behavior, DocumentRoot is an absolute path, whether you have specified this or not. If httpd sees an incomplete path, it is going to work out an absolute path from the ServerRoot If it appends the default and cannot establish a full path, you will receive the indicate

Re: [users@httpd] Error nghttp2 version is too old

You really need to approach your package maintainer, I picked up nghttp2 around that same point a year ago and never had an issue. Anything to do with rpm installs is on the maintainer, and has nothing to do with this project, sorry we can't be of more help. On Sun, Mar 12, 2017 at 3:12 PM, John

Re: [users@httpd] What is preferred PHP interface?

There is little activity on mod_fcgid because it works. There has been talk of tagging 2.3.10 at some point for very minor fixes. Mod_proxy_fcgi is a viable alternative, and offers the ability to load balance, but managing the process pool of available fcgi workers is offloaded from httpd and beco

RE: [users@httpd] Building httpd2.4.25 on powerpc-ibm-aix7.1.0.0

You'll need to provision libuuid and rebuild apr[-util] - a required prerequisite for httpd. On May 31, 2017 2:25 PM, "Joseph, Anselm" wrote: > Thank you all for your replies. > > So I got back on the horse and installed latest APRs and PCRE, then ran > configure again as follows: > > CC='gcc' C

Re: [users@httpd] if directive not being respected in Apache 2.4.6

On Wed, Jun 21, 2017 at 10:39 AM, Eric Covener wrote: > On Fri, Jun 9, 2017 at 12:36 PM, Day, Chuck wrote: >>Define locale1 fr-FR > > It is not currently documented or rejected, but "Define" can't be > wrapped in any of the normal configuration sections (only ifdefine, > ifmodule, etc. ca

Re: [users@httpd] Problems building httpd-2.4.26 with apr-1.6.2 and apr-util-1.6.0

On Fri, Jun 23, 2017 at 11:22 AM, Eric Covener wrote: > On Fri, Jun 23, 2017 at 10:55 AM, Martin Knoblauch wrote: >> Apparently apr-util no longer bundles "expat". So my question: what is the >> correct/intended way to work around this? > > > apr-util accepts a --with-expat. If you build apr-ut

[users@httpd] [Announcement] Apache HTTP Server 2.2.34 Released

July 11, 2017 The Apache Software Foundation and the Apache HTTP Server Project announce the release of version 2.2.34 of the Apache HTTP Server ("Apache"), the final maintenance release of the 2.2 series. No further 2.2 releases are anticipated. This version of Apache is principa

Re: [users@httpd] [ANNOUNCEMENT] Apache HTTP Server 2.4.27 Released

On Tue, Jul 11, 2017 at 9:13 AM, Hajo Locke wrote: > > Am 11.07.2017 um 15:58 schrieb Eric Covener: >> >> On Tue, Jul 11, 2017 at 9:41 AM, David Copeland >> wrote: o HTTP/2 will not be negotiated when using the Prefork MPM >>> >>> I'm wondering what the reason for this is? >> >> In the

[users@httpd] CVE-2017-9789: Read after free in mod_http2

CVE-2017-9789: Read after free in mod_http2 Severity: Important Vendor: The Apache Software Foundation Versions Affected: httpd 2.4.26 Description: When under stress, closing many connections, the HTTP/2 handling code would sometimes access memory after it has been freed, resulting in potential

[users@httpd] CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest

CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest Severity: Important Vendor: The Apache Software Foundation Versions Affected: all versions through 2.2.33 and 2.4.26 Description: The value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or rese

Re: [users@httpd] How to use binary to run httpd in different location

On Wed, Aug 2, 2017 at 6:24 AM, Eric Covener wrote: > On Wed, Aug 2, 2017 at 5:21 AM, Hemant Chaudhary > wrote: >> Hi >> >> I have ported apache on my machine. I have copied bin,lib.conf,modules, >> htdocs,logs to another location. Now I want to run my apache in new location >> with these things

[users@httpd] Flood 0.4 status? (was: flood 0.4 was never signed for?)

What's our position on this? Is it time to declare flood abandoned? Are there any users of this tool who want to contribute to maintaining it? Offhand, I expect it does not support TLS/SNI. Nor HTTP/2. If abandoned, we can simply remove www.a.o/dist/httpd/flood to resolve Daniel's issue. If not

[users@httpd] [Announcment] Apache HTTP Server 2.2.27 Released

Apache HTTP Server 2.2.27 Released The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.2.27 of the Apache HTTP Server ("Apache"). This version of Apache is principally a security and bug fix maintena

[users@httpd] Fwd: Flood 0.4 status? (was: flood 0.4 was never signed for?)

Copying users@ in case some of you are Flood subproject users, please make your voices heard. Thanks, Bill -- Forwarded message -- From: William A Rowe Jr Date: Thu, Sep 14, 2017 at 10:48 AM Subject: Re: Flood 0.4 status? (was: flood 0.4 was never signed for?) To: httpd I

[users@httpd] Fwd: [Announcement] Apache HTTP Server 2.4.28 Released

For anyone not subscribed to announce@, sorry I hadn't passed this on... -- Forwarded message -- From: "William A Rowe Jr" Date: Oct 5, 2017 13:48 Subject: [Announcement] Apache HTTP Server 2.4.28 Released To: Cc: Apache HTTP Server 2.4.28 Release

Re: [users@httpd] [ANNOUNCE] Apache HTTP Server 2.4.29 Released

On Mon, Oct 23, 2017 at 11:45 AM, Jim Jagielski wrote: > Apache HTTP Server 2.4.29 Released > > October 23, 2017 > > The Apache Software Foundation and the Apache HTTP Server Project > are pleased to announce the release of version 2.4.29 of the Apache > HTTP Server ("Apache"). This

Re: [users@httpd] [ANNOUNCE] Apache HTTP Server 2.4.29 Released

On Mon, Oct 23, 2017 at 11:53 AM, William A Rowe Jr wrote: > On Mon, Oct 23, 2017 at 11:45 AM, Jim Jagielski wrote: >> Apache HTTP Server 2.4.29 Released >> >> October 23, 2017 >> >> The Apache Software Foundation and the Apache HTTP Server Proje

Re: [users@httpd] RE: [ANNOUNCE] Apache HTTP Server 2.4.29 Released

Actually, that was in APR-util 1.6.1, see the APR release announcement and Craig's users@httpd post. On Wed, Oct 25, 2017 at 4:02 PM, Craig Young wrote: > I’m not sure if this is what is referred to in the Apache 2.4.29 > announcement, but please note that the Apache Portable Runtime v1.6.3 re

Re: [users@httpd] Is httpd 2.4.x is supported on CentOs6?

According to my notes, that is 2.2.15. As noted previously, turn to RH for support. The EOL was back in July and we will stop making public comments or security advisories once we have fewer than three active project members attending to this legacy version. On Nov 28, 2017 06:47, "chetan jain"

[users@httpd] Re: [REQUEST] Httpd Webserver Training in French

Hi Sharan, it's usually more efficient to ask the community directly about project-specific asks. I've gone ahead and forwarded your note to the users and dev lists where we are more likely to find the right resources. I personally know at least a half dozen httpd committers proficient in French,

[users@httpd] [Appeal] zh Reviewers wanted (was: Attempting translating Chinese documentation)

On Sun, May 13, 2018 at 8:24 AM, CodeingBoy wrote: > Hello William, thanks for your information. I have completed the > translation progress of error messages. > I have translated these message to both Simplified Chinese(zh-cn) and > Traditional Chinese(zh-tw). One thing should be noticed is that

Re: [users@httpd] Apache as a Mutual SSL enabled Forward Proxy

Your next thing to test, from a vanilla/completely reset browser, would be to load up these corresponding cert+key and ca chain files into that blank slate, and ensure that these credentials actually work against your backend; * SSLProxyMachineCertificateFile D:\sys-projects\aaa\Apache24\Apache24

Re: [users@httpd] APR Table vs. Hash & Array vs. Skip List vs. Ring

On Sun, May 27, 2018 at 10:00 PM, Simon Walter wrote: > On 05/27/2018 05:49 PM, Nick Kew wrote: > >> On 27 May 2018, at 03:40, Simon Walter wrote: > >> > >> Hi everyone, > >> > >> First of all, I am not sure if this is the right place to ask this. > >> Please send me to the appropriate mailing l

Re: [users@httpd] "Permissions" lost after upgrade to 2.4.33

On Mon, Jul 16, 2018 at 4:53 PM, James Moe wrote: > > After the upgrade from v2.4.23 to v2.4.33, https requests yield error > 403: > Access forbidden! > You don't have permission to access the requested directory. There is > either no index document or the directory is read-protected. > Likely

Re: [users@httpd] configuring mod_proxy_ftp for client ip logging

If I understand your question, mod_proxy_ftp does not speak ftp to the client; only between the httpd server and backend. So the only data channel is the one established by httpd to shuttle the data. On Tue, Jul 24, 2018, 12:28 Harbo, Peter wrote: > The mod_proxy_ftp module is working fine for

Re: [users@httpd] configuring mod_proxy_ftp for client ip logging

ns of other posts asking the same question. It's an entirely reasonable extension of FTP, which if it existed, mod_proxy_ftp could be enhanced to support. On Jul 25, 2018 23:34, "William A Rowe Jr" wrote: If I understand your question, mod_proxy_ftp does not speak ftp to the

<    4   5   6   7   8   9   10   >