Christopher Schultz | 12 Feb 16:18 2016
Picon

Proxy logging


All,

I'm using mod_proxy_http as a reverse-proxy to another origin server.
It seems that httpd doesn't record access logs for stuff going over to
the proxy.

Is there a way to write an access log for requests handles by
mod_proxy? Or is the best practice to aggregate the logs from the
origin server and the reverse proxy? (In this case, I have complete
control over both servers).

Apache httpd 2.4 everywhere.

Thanks,
-chris
Toomas Aas | 11 Feb 22:56 2016

Block access to "OPTIONS *"

Hello!

An external party performed "security scan" against our web server which 
is running version 2.2.29. One of the findings is that OPTIONS directive 
is not blocked and I am tasked with fixing this.

Google turns out two popular approaches:

Approach 1:
-------------------------------------
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule .* - [R=405,L]
-------------------------------------

Approach 2:
--------------------
<Location />
<Limit OPTIONS>
         Order allow,deny
         Deny from all
</Limit>
</Location>
--------------------

I have tried them both, and they nicely block requests such as "OPTIONS 
/" or "OPTIONS /whatever". However, the security scan software performs 
request "OPTIONS *". To that, Apache still responds with error code 200.

It is obvious why this happens with second method, so I tried 
<LocationMatch .*> instead of <Location />. No difference.
(Continue reading)

Melissa Warnkin | 11 Feb 19:23 2016

ApacheCon NA 2016 - Important Dates!!!

Hello everyone!

I hope this email finds you well.  I hope everyone is as excited about ApacheCon as I am!

I'd like to remind you all of a couple of important dates, as well as ask for your assistance in spreading the word! Please use your social media platform(s) to get the word out! The more visibility, the better ApacheCon will be for all!! :)

CFP Close: February 12, 2016
CFP Notifications: February 29, 2016
Schedule Announced: March 3, 2016



Apache: Big Data North America 2016 Registration Fees:

Attendee Registration Fee: US$599 through March 6, US$799 through April 10, US$999 thereafter
Committer Registration Fee: US$275 through April 10, US$375 thereafter
Student Registration Fee: US$275 through April 10, $375 thereafter

Planning to attend ApacheCon North America 2016 May 11 - 13, 2016? There is an add-on option on the registration form to join the conference for a discounted fee of US$399, available only to Apache: Big Data North America attendees.

So, please tweet away!!

I look forward to seeing you in Vancouver! Have a groovy day!!

~Melissa
on behalf of the ApacheCon Team


Rose, John B | 11 Feb 17:03 2016
Picon

Options for setting up Apache server cluster ...

Looking for recommendations for a good guide for setting up an Apache web server cluster

Thanks

Rajesh Tammineni | 11 Feb 13:21 2016
Picon

Query on number of child process created for worker MPM

Hi,

I am running apache 2.2 version on Linux OS and there is no configuration values defined in my apache configuration.

I believe it takes all below default values.

ServerLimit 16
 StartServers 2
MaxClients 400
MinSpareThreads 75
MaxSpareThreads 250
ThreadsPerChild 25
ListenBacklog 511


I am observing sometimes child process are reaching 30 to 32.

I was in an impression the child process can create only 16 as per above default ServerLimit value. Could you please clarify on this?

Also I am seeing MaxClients reached when I restart apache server. So that means it will error MaxClients reached only once in server life?

Thanks,
Raj
Raja | 10 Feb 10:57 2016

Renaming localhost

Hello,

I sometimes work in remote sites with no network. I have the same setup
on different machines and I need the server name to know dynamically
where to do changes, etc. 

I edited /etc/hosts to show
127.0.0.1 localhost somename

Now, with my Wifi off I am trying `http://somename` and it is not
connecting. If I turn my wifi on, it works. But I need it to work with
no connection. How can I resolve this?

Thanks!
Regards, Raja.
Michael Renner | 9 Feb 13:29 2016
Picon
Picon
Gravatar

Support for http return code 451?

Moin,

are there plans to support the new return code 451 (Unavailable For 
Legal Reasons)?

Thanks
--

-- 
|Michael Renner      E-mail: michael.renner <at> gmx.de  |
|81541 Munich        Twitter:  <at> dd0ul                |
|Germany             Don't drink as root!      ESC:wq
Medan Gavril | 9 Feb 10:38 2016

Apache 2.4 Certificate Verification: Error (18): self signed certificate

HI all,

I have configured my apache 2.4 to work on https. I generated a self signed certificate for myclient with openssl (ootb config) and  this works fine.

However my goal is have add few extensions to the self signed certificate.(principal name) Therefore I added few changes in openssl.cnf file

[ v3_req]
...
subjectAltName= <at> principal_names

[ principal_names]
DNS.1 = test.com
otherName= 1.3.6.1.4.1.311.20.2.3;UTF8:test

When I import the certificate in IE I can properly see the fields that I added. Also if I set SSLVerifyClient optional_no_ca in apache config it will work. The goal is to work with SSLVerifyClient require

These are the commands I run to generate the certificate.
openssl genrsa -out key.pem 2048
openssl req -new -sha256  -key key.pem -out csr.pem
openssl req -x509 -days 365 -sha256 -key key.pem -in csr.pem -out cert.pem
openssl pkcs12 -export -in cert.pem -inkey key.pem -out server.p12

In error log I get
AH02275: Certificate Verification, depth 0, CRL checking mode: none [subject: 
AH02276: Certificate Verification: Error (18): self signed certificate [subject: 
 core_output_filter: flushing because of FLUSH bucket
OpenSSL: Write: SSLv3 read client certificate B
OpenSSL: Exit: error in error
 AH02008: SSL library error 1 in handshake 
SSL Library Error: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed

I have enabled trace8 logging.  Can you point me to the direction to overcome this issue or enable more debugging

Best Regards,
Gabi


cloud force | 8 Feb 21:25 2016
Picon

How to build Apache with FIPS mode capable?

Hi All:

From the mod_ssl doc, it mentioned: "If httpd was compiled against an SSL library which did not support the FIPS_mode flag, SSLFIPS on will fail."

How do I compile apache (version 2.2) with FIPS capable OpenSSL library?

Thanks,
Rich
Rudy | 7 Feb 18:08 2016
Picon
Picon

Newbie

I know nothing of Apache, but, I wish to setup an older iSeries as a web
server using Apache.  My iSeries is a 520 running V7R1 and I connect to it
using a Windows 10 PC.  I am a long time RPG programmer but have no
experience with HTTP or web hosting.  I am looking for step by step
instructions (for dummies) to install and setup the most appropriate version
of Apache that fits my needs.  This will be a learning experience for me so
I will not need to support high traffic nor are a lot of bells and whistles
required.  

My initial questions: 
Where should I start?
Is there a specific set of step by step install and setup instructions
available for my scenario?  
What version of Apache might be appropriate for me?  

Thanks,
Rudy Schutter
rudy386 <at> comcast.net
954.494.3148
Christopher Schultz | 5 Feb 22:04 2016
Picon

Expiring DAV file locks with mod_dav


All,

I've been searching for a bit and mostly people are having the
opposite problem I'm having: they are having file locks expire too early
.

I have a lock on a file on the DAV that looks like it's no longer
valid, but LibreOffice Writer won't open a document on by WebDAV
server because it says it's locked by another user (and names the user).

Are there any tools to investigate and/or tweak the locks held by mod_da
v?

I tried "dbmmanage DAVLocks view" just to see if anything would work,
and it dumped-out some stuff, but didn't look like dbmmanage could
really interpret the DAVLocks file.

Any ideas? I'm sure that rm DAVLocks && /etc/init.d/apache2 restart"
would do the trick, but I'd like to keep any other legitimate file
locks in place if possible.

Thanks,
-chris

Gmane