Ulrich.Herbst | 27 Nov 01:20 2014

RewriteRules vs ProxyRemote

Hi all,
 
we have apache-2.4.10 in use.
 
We have a forwarding proxy, that should do some rewrite rules (we need some decisions about client addresses and such) and then forward everything else to some target proxy with RemoteProxy.
 
Apparently (from logs with LogLevel Trace3), the rewrite-Rules are never used, apache just goes straight to the RemoteProxy –config.
 
Any idea, how we can work on our rewrite rules before the RemoteProxy config ?
 
Uli
 
nik600 | 26 Nov 11:13 2014
Picon

core dump with No symbol table info available.

Dear all

i'm not able to debug some core dump on a debian6 server.

- i've installed 

ii  apache2-dbg                         2.2.16-6+squeeze14           Apache debugging symbols
ii  libapr1-dbg                         1.4.2-6+squeeze4             The Apache Portable Runtime Library - Debugging Symbols
ii  libaprutil1-dbg                     1.3.9+dfsg-5                 The Apache Portable Runtime Utility Library - Debugging Symbols

i use the command:
gdb /usr/sbin/apache2 -c core.20141126

but when i do a 

gdb>thread apply all bt full
gdb>bt full

i have only messages with No symbol table info available.

ulimit command gives me "unlimited".

Any hint or suggestion?

Thanks to all in advance.

Bye

/*************/
nik600
http://www.kumbe.it
Deepak Angeswar | 26 Nov 10:34 2014

Query on Apache Http Server for WebDAV

 

 

All,

I am attempting to use WebDAV ('Web-based Distributed Authoring and Versioning') functionality for Apache Http.

I have installed Http server. The httpd.conf has been modified as

DavLockDB /usr/local/apache2/var/DavLock

<Directory /usr/local/apache2/htdocs/CREF>

Require all granted

Dav On

 

AuthType Basic

AuthName "Restricted Files"

AuthBasicProvider file

AuthUserFile /usr/local/apache/passwd/passwords

AuthGroupFile /usr/local/apache/passwd/groups

Require group GroupName

</Directory>

User/Passwords are stored in passwords file, multiple users are added under groups.

After starting the Http server, I can see the designated folder

http://{FQDN}:8080/CREF/

However when I access the above link in browser - I can see that I am able to access the directory /CREF.

I am also able to map this to a network drive in my Windows machine.

However I see the following issues

1.     I am not asked to authenticate - i.e. I am not asked to enter username/password

2.     I can get files out of the folder /CREF but not able to copy into the folder /CREF

3.    

 

Can someone review the httpd.conf changes I had mentioned above?

regards,

D

 

 

This e-mail together with any attachments (the "Message") is confidential and may contain privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this Message from your system. Any unauthorized copying, disclosure, distribution or use of this Message is strictly forbidden.
Kristian Rink | 26 Nov 10:22 2014
Picon

mod_proxy / ProxyPass: 400 Bad Request?

Folks;

trying to track down a strange error, I am ending up here. Situation: We 
run a web application built on top of Java and Jetty exposed through an 
apache2 + mod_proxy reverse proxy.

Generally, this works fine. However, some of our users experience 
troubles doing file uploads this way. In those situations, in example 
while using an upload Java applet such as JUpload, there are three 
things to be seen:

- the upload component on the Java server complains about an EOF / empty 
request and guesses the client stopped sending data,

- the user client stops upload after throwing a SocketException - 
"connection reset by peer",

- on the mod_proxy machine, I see the request in the log files obviously 
returning a 400 Bad Request:

xx.x.xx.xx - - [26/Nov/2014:09:24:51 +0100] "POST 
/webprojekt/tasks/upload HTTP/1.1" 400 4533 ....

... but why? So far I have been playing with configuration options on 
both sides (apache2 ProxyPass parameters, configuration options in the 
Jetty running the backend applications) but didn't really manage to get 
these things resolved. So, two questions:

- Is there any way to make apache2 / mod_proxy provide more logging 
output in these situations? I'd not just like to know that it actually 
does return a 400, I'd also like to know _why_ it does so. This would be 
of great help but I fail to see how to set a log level to debug just for 
mod_proxy.

- In case someone has experience with mod_proxy: What could probably 
cause a 400 in such a setup? Temporary connection issues? Resource 
limitations in the backend? Client stuff?

TIA and all the best,
Kristian
nik600 | 25 Nov 20:41 2014
Picon

How to use shared memory btw mpm workers in custom module

Hi

I've implemented a custom module to handle some translate hooks.

I'd like to add some stats info so i need some shared memory between all the workers.

Can you point me to the right resources/documentation/example about it?

Basically i'd like to increment some counters and then show them if i receive a specific request.

Thanks to all in advance

Marc Patermann | 24 Nov 12:13 2014
Picon

require valid-user with ldap

Hi,

I using the following .htaccess

AuthBasicProvider ldap file
AuthType Basic
AuthzLDAPAuthoritative off
Authname "..."
AuthUserFile /srv/www/.htusers-mf
AuthLDAPURL 
"ldap://ldapserver/ou=humans,ou=foo,c=de?mail??(mail=* <at> ofd-*.foo.de)"
<Limit PROPFIND OPTIONS GET>
  #Require ldap-group ou=Benutzer-Opst,ou=gruppen,ou=humans,ou=foo,c=de
  #Require user k1-st-01
  Require valid-user
</Limit>
...

The "require valid-user" does not work for ldap users. I get the 
following message in error_log:

/var/log/apache2/error_log:[Thu Nov 21 09:40:48 2014] [error] [client 
10.49.64.85] access to /documents/ failed, reason: user 'user <at> foo.de' 
does not meet 'require'ments for user/valid-user to be allowed access

Apache is version 2.2.10

If I set it to "require ldap-user user <at> foo.de" or "require ldap-group 
..." it is all fine, so the ldap part does it's thing.

Marc
nik600 | 23 Nov 00:22 2014
Picon

set up a 302 Location in ap_hook_translate_name

Dear all

i'm using a ap_hook_translate_name custom module to process some custom logic and decide the final name of the request.

in some situation i'm putting a Location: http://foo.com/mypage header with 

apr_table_add(r->headers_out, "Location", "http://foo.com/mypage");

but the HTTP_STATUS returned is  200, so the client doesn't handle correcty the request.

So, i've got 3 question:

- is possible to set-up in this hook a REDIRECT_STATUS 302
- if yes, how ?
- if no, what is the hook to use and how can i set the http status?

Thanks to all in advance

--
/*************/
nik600
http://www.kumbe.it
Sławomir Kluz | 22 Nov 12:09 2014
Picon

apache 2.4 on windows and mod_proxy_ajp tcp connection pool confusion

Hi,

I'm using the latest windows apache 2.4 (provided by apachelounge)
together with tomcat 7 connected using mod_proxy_ajp. No custom
configuration, just enabling mod_proxy, mod_proxy_ajp and define:

ProxyPass / ajp://127.0.0.1:8009/
ProxyPassReverse / ajp://127.0.0.1:8009/

After opening http://localhost/ by browser, I see on console (netstat
-an) that few TCP connections with TIME_WAIT status are listed (from
httpd to tomcat, ie. 127.0.0.1:56233->127.0.0.1:8009). After
refreshing the page again, new connections appears. And after 4
minutes (windows default timeout: TcpTimedWaitDelay), there are
destroyed. In extreme, number of TCP connection will exceed windows
limit (by default it's ~14K). I confirmed that by sending lots of
request to apache one by one.

I have check the same scenario using apache 2.2 on windows, and with
apache 2.4 on linux. It works it different way. Httpd creates few
connections to tomcat and reuse them. They have ESTABLISHED status.

Is it a bug in windows apache 2.4? How to force it to use the poll? I
have tried with different ProxyPass parameters but without success.

Cheers!

s.
Bu Xiaobing | 21 Nov 08:48 2014

Access control with source IP addresses

Hi All,

I want to do the httpd URL access control through visitors' IP addresses 
as the following :

all source IP address can visit  ^/action.php?login
and only specified IP addresses can visit ^/action.php?manage

Anyone can give me some advises?

Thanks.
Don Cohen | 20 Nov 19:31 2014

questions and suggestions related to authentication


Looking at http://httpd.apache.org/docs/current/howto/auth.html
I am able to at least use file authentication.
I tried using dbd with DBDriver mysql but that reports
 Can't load driver file apr_dbd_mysql.so 
and it's not obvious where to get that (using fedora 19).

So one question is where to find that, or how to find out.
Yum whatprovides is not helping so far.

In any case it's not really what I want.
What I really wanted seems to have been in mod_auth_mysql but that
seems to be no longer supported.

So another question is whether there's some other way to get that
functionality that I'm just not seeing.

This could have been supported by dbd if the user query were not 
required to produce the password.  It would have made more sense to me
for the query to accept both the user and password and return at least
one row possibly containing other data if the user and password "match".
Then the query could have been something like
 select 1 from mysql.user where user=x and password=password(y)

So my next question is why that is not supported.
Alternatively, my first suggestion is that dbd should support that.

However, I also am surprised that I don't see some more general module
that allows the user to write his own script for authentication.
For instance, one could simply replace the dbd query with a url to 
retrieve, again taking user and password parameters (either as get or
post parameters).
This proposed module would then be used something like this:
 AuthBasicProvider script
 AuthScriptURL http://localhost/authenticate.php?user=%s&pass=%s

which would seem to provide all the capability of all of the
other authentication modules (at the cost of writing a small amount
of code).

So my last question is why there isn't something like that.
Or alternatively, my last suggestion is that something like that be
provided.
Ulrich.Herbst | 19 Nov 09:28 2014

Load balancing with load detection on backend servers ?

Hi all,
 
I know the load_balancing-policies bybusyness, byrequests, bytraffic and heartbeat.
 
We have a frontend apache, that acts as forwarding proxy to 8 backend servers.
BUT: We want do route the next request to that backend server with least load.
 
Is there any apache module, that can do this ?
(We use linux and apache 2.4)
 
Heartbeat is not usable, because our backends do not run apache, but something else.
 
Uli
 

Gmane