Guitar Man | 25 May 22:35 2015
Picon

Apache + HTTP/2 + SPDY

Hello Developers!

Someone knows if Apache Foundation is working to include the SPDY in the new Apache version for HTTP/2?

The Apache WebServer is the most used application and everyone needs a solution about this issue.

I am paying CPANEL with Apache, and all my website that are using SSL/HTTPS, the SSL Negotiation is very slow.

Thanks for the opportunity for discussion.

Good day for everyone!

--

Att,
Andre Luis de Andrade
Music Online Records <at> since 1998
Curitiba, Paraná, Brazil
* Help to heal the world before its too late!
karl karloff | 22 May 23:08 2015
Picon

SSLOpenSSLConfCmd DHParameters and 2048-bit groups in Apache httpd 2.2.29 (current)

In light of the recent publicity of the "logjam attack" (e.g. https://weakdh.org/) Diffie-Hellman key
exchange has come under some scrutiny.

Industry wisdom seems to suggest that to prevent possible nation-state decryption an httpd server should
generate a 2048-bit group of parameters (for Diffie-Hellman key exchange).

This is a trivial task to complete using OpenSSL using a command such as the following:

        openssl dhparam -out dhparams.pem 2048

Apache httpd 2.4.8+ (including 2.4.12 -- current) appear to have support for this using the a
configuration entry similar to this one:

        SSLOpenSSLConfCmd DHParameters "/PATH/dhparams.pem"

It has also been reported that Apache httpd 2.4.7+ can support this by appending the DH PARAMETERS to the end
of the ssl certificate file, e.g.:

        -----BEGIN CERTIFICATE-----
        CERTIFICATE_DATA_HERE
        -----END CERTIFICATE-----
        -----BEGIN DH PARAMETERS-----
        GENERATED_DH_PARAMETERS_HERE
        -----END DH PARAMETERS-----

This has been noted in the httpd SSL FAQ documentation (https://httpd.apache.org/docs/current/ssl/ssl_faq.html#javadh)

I am unable to find any documentation on this feature set for anything in the httpd 2.2.x branch including
the 2.2.29 (current) release.

I have attempted to use both of these methods in httpd 2.2.29, but have been unable to do so successfully.

Are 2048-bit Diffie-Hellman groups supported in the Apache httpd 2.2.x branch?  Is it possible that this
feature will be ported to the 2.2.x branch?  Has anyone already done so?

Thanks,
Karl
 		 	   		  
Leander Schäfer | 22 May 18:33 2015
Picon

Apache 24 & DAViCal issue with mod_rewrite

Hi

I have a fully functional DAViCal installation. Clients can connect the 
regular way via URL like:

https://DAViCal.Hostname.MyDomain.Local/caldav.php/username/collection

while "collection" stands for a calendar or addressbook name. Now I also 
need to make it possible that clients can provide the information 
"username" and "collection" via subdomain instead of directories in the 
end. So a URL like this:

https://calendar.username.davical.hostname.mydomain.local

should be converted to this:

https://davical.hostname.mydomain.local/caldav.php/username/collection

I thought this should be quite easy to be done. So this is the solution 
I came up with. Clients can successfully authenticate with it, but no 
read nor write to collections seems possible. So somewhere the data 
transfer gets stuck and I could se a 405 error (method not allowd) in 
httpd-error.log. So somehow I'm missing something?! I just can't figure 
out what.

# ========================= relevant part of vHost.conf

AcceptPathInfo On

<IfModule mod_fcgid.c>
   FcgidPassHeader Authorization
</IfModule>

<IfModule mod_proxy.c>
   SSLProxyEngine on
   <ifModule mod_rewrite.c>
     <If "(%{SERVER_NAME} =~ m#^.*\..*\.DaviCal\..*$#i)">
       RewriteEngine on
       RewriteCond %{HTTP_HOST} ^(.*)\.(.*)\.(DaviCal\..*)/?(.*) [NC]
       RewriteRule ^(.*)$ https://%3/htdocs/caldav.php/%2/%1/%4 
[E=WEBDAV:true,E=REDIRECT_WEBDAV:true,E=REMOTE_USER:%{HTTP:Authorization},NC,QSA,L,P]
     </If>
   </IfModule>
</IfModule>

# ========================= LogLevel warn rewrite:trace3

This is after opening a new calendar through Thunderbird

[Fri May 22 15:50:48.577071 2015] [rewrite:trace2] [pid 69540:tid 
34540184576] mod_rewrite.c(475): [client 192.168.10.233:57662] 
192.168.10.233 - - 
[calendar.username.davical.hostname.mydomain.local/sid#802a19438][rid#80b03e0a0/initial] 
init rewrite engine with requested uri /
[Fri May 22 15:50:48.577162 2015] [rewrite:trace1] [pid 69540:tid 
34540184576] mod_rewrite.c(475): [client 192.168.10.233:57662] 
192.168.10.233 - - 
[calendar.username.davical.hostname.mydomain.local/sid#802a19438][rid#80b03e0a0/initial] 
pass through /
[Fri May 22 15:50:48.577769 2015] [rewrite:trace3] [pid 69540:tid 
34540184576] mod_rewrite.c(475): [client 192.168.10.233:57662] 
192.168.10.233 - - 
[calendar.username.davical.hostname.mydomain.local/sid#802a19438][rid#80b03e0a0/initial] 
[perdir *If/] applying pattern '^(.*)$' to uri 
'/usr/local/www/davical.hostname.mydomain.local/sites/'
[Fri May 22 15:50:48.577826 2015] [rewrite:trace2] [pid 69540:tid 
34540184576] mod_rewrite.c(475): [client 192.168.10.233:57662] 
192.168.10.233 - - 
[calendar.username.davical.hostname.mydomain.local/sid#802a19438][rid#80b03e0a0/initial] 
[perdir *If/] rewrite 
'/usr/local/www/davical.hostname.mydomain.local/sites/' -> 
'https://davical.hostname.mydomain.local/htdocs/caldav.php/username/calendar/'
[Fri May 22 15:50:48.577851 2015] [rewrite:trace2] [pid 69540:tid 
34540184576] mod_rewrite.c(475): [client 192.168.10.233:57662] 
192.168.10.233 - - 
[calendar.username.davical.hostname.mydomain.local/sid#802a19438][rid#80b03e0a0/initial] 
[perdir *If/] escaped URI in per-dir context for proxy, 
https://davical.hostname.mydomain.local/htdocs/caldav.php/username/calendar/ 
-> 
https://davical.hostname.mydomain.local/htdocs/caldav.php/username/calendar/
[Fri May 22 15:50:48.577868 2015] [rewrite:trace2] [pid 69540:tid 
34540184576] mod_rewrite.c(475): [client 192.168.10.233:57662] 
192.168.10.233 - - 
[calendar.username.davical.hostname.mydomain.local/sid#802a19438][rid#80b03e0a0/initial] 
[perdir *If/] forcing proxy-throughput with 
https://davical.hostname.mydomain.local/htdocs/caldav.php/username/calendar/
[Fri May 22 15:50:48.577884 2015] [rewrite:trace1] [pid 69540:tid 
34540184576] mod_rewrite.c(475): [client 192.168.10.233:57662] 
192.168.10.233 - - 
[calendar.username.davical.hostname.mydomain.local/sid#802a19438][rid#80b03e0a0/initial] 
[perdir *If/] go-ahead with proxy request 
proxy:https://davical.hostname.mydomain.local/htdocs/caldav.php/username/calendar/ 
[OK]
[Fri May 22 15:50:48.577967 2015] [rewrite:trace2] [pid 69540:tid 
34540184576] mod_rewrite.c(475): [client 192.168.10.233:57662] 
192.168.10.233 - - 
[calendar.username.davical.hostname.mydomain.local/sid#802a19438][rid#80b10e0a0/subreq] 
init rewrite engine with requested uri /index.html
[Fri May 22 15:50:48.577986 2015] [rewrite:trace1] [pid 69540:tid 
34540184576] mod_rewrite.c(475): [client 192.168.10.233:57662] 
192.168.10.233 - - 
[calendar.username.davical.hostname.mydomain.local/sid#802a19438][rid#80b10e0a0/subreq] 
pass through /index.html
[Fri May 22 15:50:48.578261 2015] [rewrite:trace3] [pid 69540:tid 
34540184576] mod_rewrite.c(475): [client 192.168.10.233:57662] 
192.168.10.233 - - 
[calendar.username.davical.hostname.mydomain.local/sid#802a19438][rid#80b10e0a0/subreq] 
[perdir *If/] applying pattern '^(.*)$' to uri 
'/usr/local/www/davical.hostname.mydomain.local/sites/index.html'
[Fri May 22 15:50:48.578305 2015] [rewrite:trace2] [pid 69540:tid 
34540184576] mod_rewrite.c(475): [client 192.168.10.233:57662] 
192.168.10.233 - - 
[calendar.username.davical.hostname.mydomain.local/sid#802a19438][rid#80b10e0a0/subreq] 
[perdir *If/] rewrite 
'/usr/local/www/davical.hostname.mydomain.local/sites/index.html' -> 
'https://davical.hostname.mydomain.local/htdocs/caldav.php/username/calendar/'
[Fri May 22 15:50:48.578336 2015] [rewrite:trace2] [pid 69540:tid 
34540184576] mod_rewrite.c(475): [client 192.168.10.233:57662] 
192.168.10.233 - - 
[calendar.username.davical.hostname.mydomain.local/sid#802a19438][rid#80b10e0a0/subreq] 
[perdir *If/] escaped URI in per-dir context for proxy, 
https://davical.hostname.mydomain.local/htdocs/caldav.php/username/calendar/ 
-> 
https://davical.hostname.mydomain.local/htdocs/caldav.php/username/calendar/
[Fri May 22 15:50:48.578391 2015] [rewrite:trace2] [pid 69540:tid 
34540184576] mod_rewrite.c(475): [client 192.168.10.233:57662] 
192.168.10.233 - - 
[calendar.username.davical.hostname.mydomain.local/sid#802a19438][rid#80b10e0a0/subreq] 
[perdir *If/] forcing proxy-throughput with 
https://davical.hostname.mydomain.local/htdocs/caldav.php/username/calendar/
[Fri May 22 15:50:48.578409 2015] [rewrite:trace1] [pid 69540:tid 
34540184576] mod_rewrite.c(475): [client 192.168.10.233:57662] 
192.168.10.233 - - 
[calendar.username.davical.hostname.mydomain.local/sid#802a19438][rid#80b10e0a0/subreq] 
[perdir *If/] go-ahead with proxy request 
proxy:https://davical.hostname.mydomain.local/htdocs/caldav.php/username/calendar/ 
[OK]
[Fri May 22 15:50:54.720025 2015] [rewrite:trace2] [pid 69540:tid 
34540184576] mod_rewrite.c(475): [client 192.168.10.233:57666] 
192.168.10.233 - - 
[calendar.username.davical.hostname.mydomain.local/sid#802a19438][rid#80b0fc0a0/initial] 
init rewrite engine with requested uri /
[Fri May 22 15:50:54.720082 2015] [rewrite:trace1] [pid 69540:tid 
34540184576] mod_rewrite.c(475): [client 192.168.10.233:57666] 
192.168.10.233 - - 
[calendar.username.davical.hostname.mydomain.local/sid#802a19438][rid#80b0fc0a0/initial] 
pass through /
[Fri May 22 15:50:54.720640 2015] [rewrite:trace3] [pid 69540:tid 
34540184576] mod_rewrite.c(475): [client 192.168.10.233:57666] 
192.168.10.233 - - 
[calendar.username.davical.hostname.mydomain.local/sid#802a19438][rid#80b0fc0a0/initial] 
[perdir *If/] applying pattern '^(.*)$' to uri 
'/usr/local/www/davical.hostname.mydomain.local/sites/'
[Fri May 22 15:50:54.720695 2015] [rewrite:trace2] [pid 69540:tid 
34540184576] mod_rewrite.c(475): [client 192.168.10.233:57666] 
192.168.10.233 - - 
[calendar.username.davical.hostname.mydomain.local/sid#802a19438][rid#80b0fc0a0/initial] 
[perdir *If/] rewrite 
'/usr/local/www/davical.hostname.mydomain.local/sites/' -> 
'https://davical.hostname.mydomain.local/htdocs/caldav.php/username/calendar/'
[Fri May 22 15:50:54.720721 2015] [rewrite:trace2] [pid 69540:tid 
34540184576] mod_rewrite.c(475): [client 192.168.10.233:57666] 
192.168.10.233 - - 
[calendar.username.davical.hostname.mydomain.local/sid#802a19438][rid#80b0fc0a0/initial] 
[perdir *If/] escaped URI in per-dir context for proxy, 
https://davical.hostname.mydomain.local/htdocs/caldav.php/username/calendar/ 
-> 
https://davical.hostname.mydomain.local/htdocs/caldav.php/username/calendar/
[Fri May 22 15:50:54.720738 2015] [rewrite:trace2] [pid 69540:tid 
34540184576] mod_rewrite.c(475): [client 192.168.10.233:57666] 
192.168.10.233 - - 
[calendar.username.davical.hostname.mydomain.local/sid#802a19438][rid#80b0fc0a0/initial] 
[perdir *If/] forcing proxy-throughput with 
https://davical.hostname.mydomain.local/htdocs/caldav.php/username/calendar/
[Fri May 22 15:50:54.720755 2015] [rewrite:trace1] [pid 69540:tid 
34540184576] mod_rewrite.c(475): [client 192.168.10.233:57666] 
192.168.10.233 - - 
[calendar.username.davical.hostname.mydomain.local/sid#802a19438][rid#80b0fc0a0/initial] 
[perdir *If/] go-ahead with proxy request 
proxy:https://davical.hostname.mydomain.local/htdocs/caldav.php/username/calendar/ 
[OK]
[Fri May 22 15:50:54.720828 2015] [rewrite:trace2] [pid 69540:tid 
34540184576] mod_rewrite.c(475): [client 192.168.10.233:57666] 
192.168.10.233 - - 
[calendar.username.davical.hostname.mydomain.local/sid#802a19438][rid#80b17f0a0/subreq] 
init rewrite engine with requested uri /index.html
[Fri May 22 15:50:54.720847 2015] [rewrite:trace1] [pid 69540:tid 
34540184576] mod_rewrite.c(475): [client 192.168.10.233:57666] 
192.168.10.233 - - 
[calendar.username.davical.hostname.mydomain.local/sid#802a19438][rid#80b17f0a0/subreq] 
pass through /index.html
[Fri May 22 15:50:54.721113 2015] [rewrite:trace3] [pid 69540:tid 
34540184576] mod_rewrite.c(475): [client 192.168.10.233:57666] 
192.168.10.233 - - 
[calendar.username.davical.hostname.mydomain.local/sid#802a19438][rid#80b17f0a0/subreq] 
[perdir *If/] applying pattern '^(.*)$' to uri 
'/usr/local/www/davical.hostname.mydomain.local/sites/index.html'
[Fri May 22 15:50:54.721165 2015] [rewrite:trace2] [pid 69540:tid 
34540184576] mod_rewrite.c(475): [client 192.168.10.233:57666] 
192.168.10.233 - - 
[calendar.username.davical.hostname.mydomain.local/sid#802a19438][rid#80b17f0a0/subreq] 
[perdir *If/] rewrite 
'/usr/local/www/davical.hostname.mydomain.local/sites/index.html' -> 
'https://davical.hostname.mydomain.local/htdocs/caldav.php/username/calendar/'
[Fri May 22 15:50:54.721210 2015] [rewrite:trace2] [pid 69540:tid 
34540184576] mod_rewrite.c(475): [client 192.168.10.233:57666] 
192.168.10.233 - - 
[calendar.username.davical.hostname.mydomain.local/sid#802a19438][rid#80b17f0a0/subreq] 
[perdir *If/] escaped URI in per-dir context for proxy, 
https://davical.hostname.mydomain.local/htdocs/caldav.php/username/calendar/ 
-> 
https://davical.hostname.mydomain.local/htdocs/caldav.php/username/calendar/
[Fri May 22 15:50:54.721227 2015] [rewrite:trace2] [pid 69540:tid 
34540184576] mod_rewrite.c(475): [client 192.168.10.233:57666] 
192.168.10.233 - - 
[calendar.username.davical.hostname.mydomain.local/sid#802a19438][rid#80b17f0a0/subreq] 
[perdir *If/] forcing proxy-throughput with 
https://davical.hostname.mydomain.local/htdocs/caldav.php/username/calendar/
[Fri May 22 15:50:54.721243 2015] [rewrite:trace1] [pid 69540:tid 
34540184576] mod_rewrite.c(475): [client 192.168.10.233:57666] 
192.168.10.233 - - 
[calendar.username.davical.hostname.mydomain.local/sid#802a19438][rid#80b17f0a0/subreq] 
[perdir *If/] go-ahead with proxy request 
proxy:https://davical.hostname.mydomain.local/htdocs/caldav.php/username/calendar/ 
[OK]

And this is after I deleted an appointment from the calendar through 
Thunderbird.

[Fri May 22 15:55:10.493019 2015] [rewrite:trace2] [pid 80493:tid 
34540184576] mod_rewrite.c(475): [client 192.168.10.233:57691] 
192.168.10.233 - - 
[calendar.username.davical.hostname.mydomain.local/sid#802a19438][rid#80b03e0a0/initial] 
init rewrite engine with requested uri 
/f64399b7-54e4-ea4b-81aa-8bcb9765b21e.ics
[Fri May 22 15:55:10.493101 2015] [rewrite:trace1] [pid 80493:tid 
34540184576] mod_rewrite.c(475): [client 192.168.10.233:57691] 
192.168.10.233 - - 
[calendar.username.davical.hostname.mydomain.local/sid#802a19438][rid#80b03e0a0/initial] 
pass through /f64399b7-54e4-ea4b-81aa-8bcb9765b21e.ics
[Fri May 22 15:55:10.493656 2015] [rewrite:trace3] [pid 80493:tid 
34540184576] mod_rewrite.c(475): [client 192.168.10.233:57691] 
192.168.10.233 - - 
[calendar.username.davical.hostname.mydomain.local/sid#802a19438][rid#80b03e0a0/initial] 
[perdir *If/] applying pattern '^(.*)$' to uri 
'/usr/local/www/davical.hostname.mydomain.local/sites/f64399b7-54e4-ea4b-81aa-8bcb9765b21e.ics'
[Fri May 22 15:55:10.493710 2015] [rewrite:trace2] [pid 80493:tid 
34540184576] mod_rewrite.c(475): [client 192.168.10.233:57691] 
192.168.10.233 - - 
[calendar.username.davical.hostname.mydomain.local/sid#802a19438][rid#80b03e0a0/initial] 
[perdir *If/] rewrite

'/usr/local/www/davical.hostname.mydomain.local/sites/f64399b7-54e4-ea4b-81aa-8bcb9765b21e.ics' 
-> 
'https://davical.hostname.mydomain.local/htdocs/caldav.php/username/calendar/'
[Fri May 22 15:55:10.493736 2015] [rewrite:trace2] [pid 80493:tid 
34540184576] mod_rewrite.c(475): [client 192.168.10.233:57691] 
192.168.10.233 - - 
[calendar.username.davical.hostname.mydomain.local/sid#802a19438][rid#80b03e0a0/initial] 
[perdir *If/] escaped URI in per-dir context for proxy, 
https://davical.hostname.mydomain.local/htdocs/caldav.php/username/calendar/ 
-> 
https://davical.hostname.mydomain.local/htdocs/caldav.php/username/calendar/
[Fri May 22 15:55:10.493752 2015] [rewrite:trace2] [pid 80493:tid 
34540184576] mod_rewrite.c(475): [client 192.168.10.233:57691] 
192.168.10.233 - - 
[calendar.username.davical.hostname.mydomain.local/sid#802a19438][rid#80b03e0a0/initial] 
[perdir *If/] forcing proxy-throughput with 
https://davical.hostname.mydomain.local/htdocs/caldav.php/username/calendar/
[Fri May 22 15:55:10.493768 2015] [rewrite:trace1] [pid 80493:tid 
34540184576] mod_rewrite.c(475): [client 192.168.10.233:57691] 
192.168.10.233 - - 
[calendar.username.davical.hostname.mydomain.local/sid#802a19438][rid#80b03e0a0/initial] 
[perdir *If/] go-ahead with proxy request 
proxy:https://davical.hostname.mydomain.local/htdocs/caldav.php/username/calendar/ 
[OK]
[Fri May 22 15:55:11.064046 2015] [fcgid:warn] [pid 80494:tid 
34540184576] [client 192.168.50.101:38438] mod_fcgid: stderr: davical: 
LOG: :Response status 405 for PUT /htdocs/caldav.php/username/calendar/
[Fri May 22 15:55:11.064155 2015] [fcgid:warn] [pid 80494:tid 
34540184576] [client 192.168.50.101:38438] mod_fcgid: stderr: davical: 
LOG: :***************** Response Header ****************
[Fri May 22 15:55:11.064168 2015] [fcgid:warn] [pid 80494:tid 
34540184576] [client 192.168.50.101:38438] mod_fcgid: stderr: davical: 
LOG: headers:-->Server: 1.1
[Fri May 22 15:55:11.064179 2015] [fcgid:warn] [pid 80494:tid 
34540184576] [client 192.168.50.101:38438] mod_fcgid: stderr: davical: 
LOG: headers:-->DAV: 1, 2, 3, access-control, calendar-access, 
calendar-schedule
[Fri May 22 15:55:11.064190 2015] [fcgid:warn] [pid 80494:tid 
34540184576] [client 192.168.50.101:38438] mod_fcgid: stderr: davical: 
LOG: headers:-->DAV: extended-mkcol, bind, addressbook, 
calendar-auto-schedule, calendar-proxy
[Fri May 22 15:55:11.064200 2015] [fcgid:warn] [pid 80494:tid 
34540184576] [client 192.168.50.101:38438] mod_fcgid: stderr: davical: 
LOG: headers:-->X-DAViCal-Version: DAViCal/1.1.2; DB/1.2.11
[Fri May 22 15:55:11.064211 2015] [fcgid:warn] [pid 80494:tid 
34540184576] [client 192.168.50.101:38438] mod_fcgid: stderr: davical: 
LOG: headers:-->Content-type: text/plain; charset="utf-8"
[Fri May 22 15:55:11.064221 2015] [fcgid:warn] [pid 80494:tid 
34540184576] [client 192.168.50.101:38438] mod_fcgid: stderr: davical: 
LOG: :******************** Response ********************
[Fri May 22 15:55:11.064267 2015] [fcgid:warn] [pid 80494:tid 
34540184576] [client 192.168.50.101:38438] mod_fcgid: stderr: davical: 
LOG: response:-->

Best regards
Leander
robert | 22 May 16:48 2015
Picon

preventing acting as open relay

Hi there,

I try to harden a virtual host against acting as proxy relay.
However running the command:

curl --proxy http://slovensko.ch:80 http://yahoo.com

does return the yahoos site, so I assume, that I failed.

Can anybody please point me to any mistake in the following configuration.

The site itself is generated using the zope/plone framework.

thanks
robert

#
# slovensko
# -------------------
#_robert_
<VirtualHost *:80>
     DocumentRoot /var/www

     ServerAdmin robert <at> redcor.net
     ServerName  www.slovensko.ch
     ServerAlias slovensko.ch
     CustomLog     /var/log/apache2/slovensko-access.log combined
     ErrorLog      /var/log/apache2/slovensko-error.log
     LogLevel warn

     ServerSignature On

     Header set X-Frame-Options "SAMEORIGIN"
     Header set Strict-Transport-Security "max-age=15768000; 
includeSubDomains"
     Header set X-XSS-Protection "1; mode=block"
     Header set X-Content-Type-Options "nosniff"
     Header set Content-Security-Policy-Report-Only "default-src 'self'; 
img-src *; style-src 'unsafe-inline'; script-src 'unsafe-inline' 
'unsafe-eval'"

     ProxyVia On

     # prevent your web server from being used as global HTTP proxy
     <LocationMatch "^[^/]">
       Deny from all
     </LocationMatch>

     <Proxy *>
         Order deny,allow
         Allow from all
     </Proxy>

     RewriteEngine On
     RewriteRule "^proxy:[a-z]*://[^/]*:25(/|$)" "-" [F,NC,L]

     # Normalize URLs by removing trailing /'s
     RewriteRule /(.*)/$

http://127.0.0.1:9680/VirtualHostBase/http/www.slovensko.ch:80/slovensko/slovensko/VirtualHostRoot/$1 
[L,P]
     RewriteRule ^/(.*)

http://127.0.0.1:9680/VirtualHostBase/http/www.slovensko.ch:80/slovensko/slovensko/VirtualHostRoot/$1 
[L,P]

</VirtualHost>
Sylvain Goulmy | 22 May 14:49 2015
Picon

Warning at startup while using a variable set by rewrite rule in the ProxyPassReverseCookieDomain directive

Hi all,

Since i migrate from Apache 2.2.22 to 2.4.10 i have the following warning when i launch Apache :

[core:warn] [pid 26605:tid 140610782807808] AH00111: Config variable ${B2C_DOMAIN} is not defined

This variable is set using a rewrite rule :

    ProxyPassInterpolateEnv On
    RewriteCond %{HTTP_HOST}        ^.+\.mycompany\.(.+)$
    RewriteRule ^/othercompany/.*$ - [E=B2C_DOMAIN:.mycompany.%1]

and is used it in the following directive :

   ProxyPassReverseCookieDomain .othercompany.com ${B2C_DOMAIN} interpolate

Is there any specific interpolation syntax to use or an alternate solution to get rid of this warning ? I haven't found such thing in the documentation.

Thanks in advance for your support.

Sylvain



Bob | 21 May 14:23 2015
Picon

Removing query string through .htaccess

Hello All,

I have already gone through a no. of links for removing query strings and till now all are going back to domain.
The one I'm using presently is

``````````````
RewriteCond %{QUERY_STRING} .
RewriteRule ^$ /? [R=302,L]

`````````````````````

As obvious the above goes back to homepage, but is there any rule set which just remove the query string and
keep the url intact ?

like http://mywxample.com/any_page/?xyz should be changed as http://mywxample.com/any_page

Any help is very much appreciated.

with regards,
Bob
MOKRANI Rachid | 21 May 13:23 2015
Picon

SessionCryptoPassphrase

Hi,

 

 

About the following documentation I understand that I can set a “SessionCryptoPassphrase” for protect my session with a cookie. And if I change my SessionCryptoPassphrase from “my_secret_phrase” to “my_NEW_secret_phrase” and restart my server, the client browser should lost his session.

 

http://httpd.apache.org/docs/2.4/fr/mod/mod_session_crypto.html

 

 

May be I forget something, because when I change the SessionCryptoPassphrase to everything, I never lost the session.

 

Any help ?

 

 

 

<Location />

…..

…..

        SetHandler form-login-handler

        Session On

        SessionCookieName MY_Cookie path=/my_url;domain=exemple.com;httponly;secure;version=1;

        SessionCryptoPassphrase my_secret_phrase

….

….

</Location>

 

Change to and restart

 

<Location />

…..

…..

        SetHandler form-login-handler

        Session On

        SessionCookieName  MY_Cookie  path=/my_url;domain=exemple.com;httponly;secure;version=1;

        SessionCryptoPassphrase my_NEW_secret_phrase

….

….

</Location>

 

 

Regards.

 

 

 

 

__________________________

Avant d'imprimer, pensez à l'environnement ! Please consider the environment before printing ! 
Ce message et toutes ses pièces jointes sont confidentiels et établis à l'intention exclusive de ses destinataires. Toute utilisation non conforme à sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite, sauf autorisation expresse. IFP Energies nouvelles décline toute responsabilité au titre de ce message. This message and any attachments are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited. IFP Energies nouvelles should not be liable for this message.

__________________________

Rubén Toribio Aldeguer | 21 May 10:42 2015

(unknown)

Hi 

we are working with a mod_maxminddb and apache 2.410.

mod_maxminddb is configured to set de env variable GEOIP_COUNTRY_CODE

The problem is that if we do:

   RequestHeader set GEOIP_COUNTRY_CODE %{GEOIP_COUNTRY_CODE}e 

We see correctly set the header. (is set to "ES", as we expected)

But,in this rewrite rules, GEOIP_COUNTRY_CODE seems to don't be seted, and applies the alternative value "en" on the RewirteRule:

   RewriteMap locale-to-pub txt:conf/rewrites/locale_to_pub_b2c_v61.txt
   RewriteRule ^\/((index|home)(\.php|\.jsp))?$ /${locale-to-pub:%{ENV:GEOIP_COUNTRY_CODE}|en}/home.jsp [R=301,NC,L,E=nocache:1]

This are ERROR TRACES from rewrite_mod, where we can see "key=" as void.

    applying pattern '^\\/((index|home)(\\.php|\\.jsp))?$' to uri '/'
    cache lookup FAILED, forcing new map lookup
    map lookup FAILED: map=locale-to-pub[txt] key=
    rewrite '/' -> '/en/home.jsp'


After some research, and tests, we know that if we force the variable whit

  SetEnIf GEOIP_COUNTRY_CODE=ES

it works. It is because SetEnIf sets the variable at the begining of the request, before mod_rewrite take acction. In this way, seems like mod_maxmiddb is taking acction after mod_rewrite.

How can we confirm it? How can we workaround it?

--

Rubén Toribio Aldeguer
Técnico Sistemas DataCenter
Informática Área Sistemas
(+34) 971743030
www.riu.com / www.riuplaza.com

                     
 

This e-mail and its attachments, if any, are confidential and may be legally privileged. If you have received it in error, you are on notice of this status. Please do not copy or use it for any other purpose or disclose its contents to any other person: to do so could be a breach of confidence. You may contact us at +34 971 74 30 30 or at sender's e-mail address.

Jauhari, Sachin | 21 May 10:27 2015

Query on Apache Webserver Server

Hi,

 

I want to use Apache Webserver with mod_jk module for HTTP load balancing with JBoss application server.

 

However, Apache HTTP Server Project itself does not provide binary releases of software for Windows, only source code is available. The option is either to compile the Apache HTTP Server, else download a binary package from numerous binary distributions available on the Internet.

 

Could anyone suggest if this combination can be recommended for use in the customers in production system ?  Will this have any security risk/concerns since Apache is open source tool and application binaries either need to be compiled/downloaded?

 

Thanks for the help.

 

Regards,

Sachin Jauhari

 

 

Ivan Voras | 21 May 10:06 2015
Picon

Composing filters?

hello,

On a virtual host I want to process every content going out with the SSI
/ INCLUDES filter. This content may be static files, may be coming from
PHP or other tools (it's a mixed environment). Let's assume all content
is text/html. What I thought I should do is simply:

SetOutputFilter INCLUDES

on the VirtualHost level... but it doesn't work. The SSI directives are
simply not processed.

I've then used the tracebefore / traceafter example from
http://httpd.apache.org/docs/2.2/mod/mod_ext_filter.html to see what
comes into the filter and what comes out of it and it appears correct,
the filter simply doesn't do anything:

SetOutputFilter tracebefore;INCLUDES;traceafter

Any ideas why, and how to do it?
Bill Moseley | 19 May 20:27 2015

How to use ScoreBoardFile?

I'm running Apache/2.2.15 (Unix) as prefork.

In my httpd.conf I have:

LoadModule status_module modules/mod_status.so
ExtendedStatus On
ScoreBoardFile /home/bill/scoreboard.score

<Location /server-status>
    SetHandler server-status
    Allow from All
</Location>

I can then go to /server-status and see the scoreboard data just fine.

I'm running httpd as my own user, and it is creating a file, but it's only 8 bytes:

$ ls -l ~/scoreboard.score
-rw-rw-rw- 1 bill bill 8 May 19 11:11 /home/bill/scoreboard.score

And the file contains:

$ od -b ~/scoreboard.score
0000000 040 130 001 000 000 000 000 000
0000010

Which does not seem like it contains the scoreboard data.   And lsof on either the parent or any child process doesn't show an open file to the scoreboard.score file.

So, it appears that file is not being used.


The reason I want to do this is because at times the web server is at MaxClients and can't access /server-status to see what request are using up all the child processes.

I was looking to see if this Perl module would read the scoreboard file:






--

Gmane