muthamilan Sargunaanandan | 20 Sep 05:45 2014
Picon

Open SSL upgradation doubt

Hello SME,

My Production environment webserver  Apache  httpd-2.2.22-win32-x86-openssl-0.9.8t having OpenSSL Multiple Remote Security Vulnerabilities.

As per the Vulnerability scan report , they suggested to upgrade the open ssl.

is it possible with out Apache upgrade, can I upgrade the open SSL verson? if yes, please let me know the procedure for the same.

Please guide me.


Thanks.
Muthamilan

On Fri, Sep 19, 2014 at 11:44 PM, muthamilan Sargunaanandan <muthamilan <at> gmail.com> wrote:
Hello SME,

My Production environment webserver  Apache  httpd-2.2.22-win32-x86-openssl-0.9.8t having OpenSSL Multiple Remote Security Vulnerabilities.

As per the Vulnerability scan report , they suggested to upgrade the open ssl.

is it possible with out Apache upgrade, can I upgrade the open SSL verson? if yes, please let me know the procedure for the same.

Please guide me.


Thanks.
Muthamilan

On Fri, Sep 12, 2014 at 5:53 PM, muthamilan Sargunaanandan <muthamilan <at> gmail.com> wrote:
Hello SMEs,

I'm having a Apache version httpd-2.2.22-win32-x86-openssl-0.9.8t.As per Vulnerability report, Compression algorithms should be disabled.

Please help me , how to disable it.

Thanks in Advance

Regards
Muthu


Issam Rahmouni | 19 Sep 02:25 2014

Please explain to me how to build a cgi or fastcgi application using C language‏

Hi;
I would like to make a simple static executable application written using C language. For which platform should i build my C language application to run for usage as CGI or FASTCGI static executable ? Is the i686 executable is most widely excepted because more compatible or there is a standard build rule for generating CGI or FASTCGI executables ?

Thank you
Regards

Issam
Jesús Pérez | 18 Sep 21:02 2014
Picon

DirectoryIndex not working with mod_disk_cache?

I have enabled mod_disk_cache and included 'index.php' in DirectoryIndex
directive.
I realized that when I enable disk caching, my '/' page is correctly
served from the index.php file for while and after a few requests I get
a 403 response.

So I went to the error log and found the "Directory index forbidden by
Options directive" message.

If I directly access '/index.php', put and index.html file or access '/'
bypassing cache by using Pragma: no-cache, everything works fine. So it
seems that mod_disk_cache is causing Apache to use an incorrect value
for DirectoryIndex.

But caching log shows that it actually tries to serve index.php file:

mod_cache.c(141): Adding CACHE_SAVE filter for /
mod_cache.c(148): Adding CACHE_REMOVE_URL filter for /
mod_disk_cache.c(493): disk_cache: Recalled cached URL info header
http://mysite.example.com:80/index.php?
mod_disk_cache.c(766): disk_cache: Recalled headers for URL
http://mysite.example.com:80/index.php?
Directory index forbidden by Options directive:
/var/www/mysite.example.com/htdocs/

Any idea?
Alexander Todorov | 18 Sep 15:24 2014
Picon

Can I change how mod_disk_cache stores content on disk?

Hi guys,
is it possible to use a different directory structure/file names for storing 
content from mod_disk_cache? I don't see anyway to configure this so I assume not.

I'm running an experiment which needs to collect http objects (html pages, 
images, CSS, JavaScript, etc) and store them in some easy to access/analyze 
structure. Something like:

.../device-mac-addr/timestamp/url-or-domain-would-be-nice/content/

under content/ goes
  * the actual content
  * the headers
  * any referenced content in a subdir if this is an HTML page

I was using Apache with mod_proxy and mod_disk_cache but it looks like I can't 
get the above structure easily. Please advise of any alternatives.

Thanks,
Alex
Vadim Blumkin | 18 Sep 15:06 2014
Picon

httpd leak

Hi,

We are using httpd as a reverse proxy on windows platform.

 

Recently we have noticed that memory allocated by httpd is not being released and the private bytes allocation for httpd keeps increasing when httpd is running for long periods of time.

Has anyone noticed this issue? Can it be related to a configuration setting?

 

we used umdh to compare memeory dumps of the process and there are a few suspicious areas where memory is allocated but not released.

Shouldn’t buffers be released and reused when httpd is working continuously?

 

We checked this using  httpd 2.4.10 compiled for windows x64, running on Windows server 2008 R2 and Windows server 2012.

 

Attached are memory comparisons by umdh that show suspicious stack traces where allocation are being accumulated.

 

Can anyone suggest a way to prove there is an actual memory leak, and pinpoint its location?

 

Thanks ,

Vadim

Attachment (logs.zip): application/zip, 22 KiB

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe <at> httpd.apache.org
For additional commands, e-mail: users-help <at> httpd.apache.org
Giovanni Bianchini | 18 Sep 12:45 2014
Picon

Help selecting an SQL Engine for Apache HTTP

Dear Group;

I may have asked this question once before and sorry for asking it again if I did.

I have an open office database (used to be Access) that contains thousands of records 
relating to ARTISTAMP creators and photos of created stamps.

I don't need a lot of horsepower because I will only be accessing it for further code 
development and not for production. I prefer to create and modify the tables in OpenOffice 
and modify, add and delete the records through html/sql queries.

I originally ran this from a hosted site that provided Coldfusion and all the SQL code is 
written in Coldfusion syntax. I am trying to find a suitable SQL server engine similar to 
ColdFusion (don't mind having to rewrite the code) that can be installed in concert with 
Apache 2.2.25 or whatever is the latest version. I have the http running on my Windows 8 
Dell Core i7 laptop and will ftp the code to a hosted site whenever code changes are made. 

Any help would be greatly appreciated.

Thanks
Giovanni
mmccarthy@tribloom.com | 16 Sep 20:50 2014

(36)File name too long

I am using RewriteRule and the proxy flag to proxy through Apache. When 
a long URL is passed through (longer than 255 characters), I get the 
error below (redacted). I understand that this is related to the maximum 
file name on the OS, in this case Ubuntu 14.04. My question is why is 
this happening when the URL is not related to a file on the file system? 
The URL is rewritten, then proxied to another server that works fine 
with long URLs.

[Mon Sep 15 11:42:04.211290 2014] [core:error] [pid 18302:tid 
140171735451392] (36)File name too long: [client xxx.xx.x.xxx:53717] 
AH00036: access to /<long file path>/_aliases failed (filesystem path 
'/<long file path>), referer: http://xx.xx.xx.xxx/index.html

Thanks,
--

-- 
Michael
mmccarthy@tribloom.com | 15 Sep 18:07 2014

How to Proxy and Rewrite URLs and responses with multiple instances to replace in URL

Hello.

I have been attempting to restrict access to Kibana/ElasticSearch using 
Apache 2.4. Kibana, ElasticSearch, and Apache are all on the same 
server. Kibana is on port 9292, ElasticSearch is on port 9200, Apache is 
on 80.

My approach has been to proxy request through Apache and rewrite URLs 
based on the current (basic) authenticated users. The URL's to 
ElasticSearch will be modified with the current user, which matches an 
index in ElasticSearch. There are 2 cases of URL that I need to deal with

1. http://54.68.74.245/logstash-2014.07.04,logstash-2014.07.05/_aliases
2. http://54.68.74.245/logstash-2014.07.04/_aliases

The 2nd is rather easy and is just a simple RewriteRule:
# If REMOTE_USER exists
RewriteCond %{LA-U:REMOTE_USER} !^$
# If the request is not of the form of URL 1
RewriteCond %{REQUEST_URI} !^/(.*)logstash-([0-9]+.[0-9]+.[0-9]+),(.*)$
# Find and replace "logstash" with "logstash-<REMOTE_USER>"
RewriteRule ^/(.*)logstash-([0-9]+.[0-9]+.[0-9]+)(.*)$ 
http://127.0.0.1:9200/$1logstash-%{LA-U:REMOTE_USER}-$2$3 [P]

Note that this rewrite proxies the request to the ElasticSearch server. 
I have a ProxyPassReverse setting for both ElasticSearch and Kibana and 
it is working as expected.

The 1st type of URL is much more difficult. There is an arbitrary number 
of indexes on the URL. My approach was to use a RewriteRule with the [N] 
(next) flag to "loop" and replace all occurrences in the URL:
RewriteCond %{LA-U:REMOTE_USER} !^$
RewriteRule ^/(.*)logstash-([0-9]+.[0-9]+.[0-9]+)(.*)$ 
/$1logstash-%{LA-U:REMOTE_USER}-$2$3 [N]

This actually works as expected also. The side effect is that the 
request becomes a subrequest and doesn't get proxied, which means that 
it looks to the local filesystem instead of the ElasticSearch server:
RewriteCond %{LA-U:REMOTE_USER} !^$
RewriteCond %{REQUEST_URI} ^/(.*)logstash(.*)$
RewriteRule (.*) http://127.0.0.1:9200$1 [P]

I have used a redirect ([R]) instead of a proxy ([P]) which works 
perfectly. My problem is that I also need to modify the responses from 
ElasticSearch, which doesn't work with redirects but does work with 
proxies. The response is JSON and contains the name of the index in the 
URL i.e. "logstash-<REMOTE_USER>-2014.07.04". Kibana was looking for the 
index "logstash-2014.07.04" and the JSON response needs to be changed to 
match:

AddOutputFilterByType SUBSTITUTE application/json
Substitute s/logstash-.*?-([0-9]+.[0-9]+.[0-9]+)/logstash-$1

Again, this works fine for URLs of form 2. For form 1, if I use a URL 
rewrite, the Substitute is not called. If I use a proxy, the request is 
not forwarded.

Can anyone please offer any advice on how I may be able to solve this 
problem and pass the right user restricted URL to ElasticSearch and 
transform the response back so that Kibana is not aware of the change? 
To reiterate, I need to transform the URL from Kibana to ElasticSearch, 
then I need to modify the response to reverse that transformation.

I have looked into RewriteMap, but I am unsure if this would replace all 
occurrences and I would have to maintain a mapping with all 
REMOTE_USERs. I've looked at using a RewriteMap with a program, but then 
I couldn't pass the REMOTE_USER parameter. I haven't been able to figure 
out a way to make a RewriteRule that replaces multiple occurrences in 
one pass, which if possible, would solve my problem. I have also tried 
searching the web, the #httpd IRC channel, and several days of 
experimentation and reading the documentation.

Thanks,

--

-- 
Michael
Hajo Locke | 15 Sep 11:30 2014
Picon
Picon

strange 32bit apache-problem

Hello,

one of my machines i upgraded tu ubuntu 14.04 32bit.
there is a apache 2.2.27 running on it (non ubuntu-repo).
i have a textfile which is 512byte long, it contains just some chars, 
just one long line with a linebreak at the end.

If i request this file by wget from the same machine, all is looking 
fine and readable.
If i request this file from a other machine, then file seems to be 
corrupted. response-header and filesize are still ok. file contents 
looks like i would have requested some binary content.
content looks like this (just first 8 bytes):
^ <at> ^ <at> ^ <at> ^ <at> 

if i reduce length of line, then at a point file is ok again and 
readable. What could be the problem here?
Other files with shorter lines are also ok. it seems to be special in 
here, that file is very long and only one linebreak at the end
i have other machines which are upgraded the same way with same 
software, only difference is that they are 64bit machines and they are 
working without problems.
Never had something like this, some other not upgraded 32bit machines 
still have no problem with original file.

What to do now?

Thanks,
Hajo
Simen Mangseth | 13 Sep 15:53 2014
Picon

SSI / .shtml expressions /

I have two questions regarding SSI and .shtml files.

1: I’m using Apache 2.4, and now I can’t write like this anymore:
<!--#if expr="$SERVER_NAME = /dans.no/ || $SERVER_NAME = /dd.no/" -->
I’ve read that there’s a new syntax, but on the website I don’t understand it, even after reading It many times. So the question is: How do I transform this simple expression into the new syntax?

2: When I’m creating a variable with #set like this:
<!--#set var="errormelding" value="<p><strong>Text…</strong></p>" -->
The HTML code appears in the output. I don’t get a paragraph, or bold text, as I want. How do I do this?

I’m sorry, but I’ve just started learning this, so I don’t know much yet.

Please help,
Simen Mangseth

Fra: Simen Mangseth
Sendt: ‎lørdag‎, ‎13‎. ‎september‎ ‎2014 ‎15‎:‎52
Til: users <at> httpd.apache.org

See message below.

Fra: Simen Mangseth
Sendt: ‎lørdag‎, ‎13‎. ‎september‎ ‎2014 ‎15‎:‎49
Til: users-help <at> httpd.apache.org

Hello,

I don’t think this is very user-friendly, but I hope I’ve come to the right place by now.

Does anybody reply to this? I need support.

Fra: users-help <at> httpd.apache.org
Sendt: ‎lørdag‎, ‎13‎. ‎september‎ ‎2014 ‎15‎:‎45
Til: Simen Mangseth

Hi! This is the ezmlm program. I'm managing the
users <at> httpd.apache.org mailing list.

PLEASE READ!  This message contains information specific to
this mailing list, and is not your standard form-letter
subscription acknowledgement.

I have added the address

   simi <at> live.no

to the users mailing list.

Welcome to users <at> httpd.apache.org!

Please save this message so that you know the address you are
subscribed under, in case you later want to unsubscribe or change your
subscription address.

This mailing list is maintained by the Apache Software Foundation
as a forum in which users of the Apache HTTP server can ask each
other questions, pose problems, and discuss issues.  It is NOT,
repeat NOT, an official support medium of the Foundation.  Please
take a look at

        <URL:http://httpd.apache.org/userslist.html

to see details about how this list is to be used.

Posting is only permitted by subscribed addresses as an anti-spam
measure.  The list is moderated by volunteers from the Apache Software
Foundation; moderation will mostly be notable by its absence.
However, blatant abuse of the forum's purpose or the sensibilities
of the subscribers will not be tolerated.  Any actions taken
by the moderators is final, solely at their discretion, and not
subject to formal appeal.

So.. be excellent to each other, and party on!

--- Administrative commands for the users list ---

I can handle administrative requests automatically. Please
do not send them to the list address! Instead, send
your message to the correct command address:

To subscribe to the list, send a message to:
   <users-subscribe <at> httpd.apache.org>

To remove your address from the list, send a message to:
   <users-unsubscribe <at> httpd.apache.org>

Send mail to the following for info and FAQ for this list:
   <users-info <at> httpd.apache.org>
   <users-faq <at> httpd.apache.org>

Similar addresses exist for the digest list:
   <users-digest-subscribe <at> httpd.apache.org>
   <users-digest-unsubscribe <at> httpd.apache.org>

To get messages 123 through 145 (a maximum of 100 per request), mail:
   <users-get.123_145 <at> httpd.apache.org>

To get an index with subject and author for messages 123-456 , mail:
   <users-index.123_456 <at> httpd.apache.org>

They are always returned as sets of 100, max 2000 per request,
so you'll actually get 100-499.

To receive all messages with the same subject as message 12345,
send a short message to:
   <users-thread.12345 <at> httpd.apache.org>

The messages should contain one line or word of text to avoid being
treated as sp <at> m, but I will ignore their content.
Only the ADDRESS you send to is important.

You can start a subscription for an alternate address,
for example "john <at> host.domain", just add a hyphen and your
address (with '=' instead of ' <at> ') after the command word:
<users-subscribe-john=host.domain <at> httpd.apache.org>

To stop subscription for this address, mail:
<users-unsubscribe-john=host.domain <at> httpd.apache.org>

In both cases, I'll send a confirmation message to that address. When
you receive it, simply reply to it to complete your subscription.

If despite following these instructions, you do not get the
desired results, please contact my owner at
users-owner <at> httpd.apache.org. Please be patient, my owner is a
lot slower than I am ;-)

--- Enclosed is a copy of the request I received.

Return-Path: <simi <at> live.no>
Received: (qmail 88895 invoked by uid 99); 13 Sep 2014 13:45:32 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 13 Sep 2014 13:45:32 +0000
X-ASF-Spam-Status: No, hits=2.5 required=5.0
        tests=HTML_FONT_FACE_BAD,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of simi <at> live.no designates 157.55.2.85 as permitted sender)
Received: from [157.55.2.85] (HELO DUB004-OMC4S10.hotmail.com) (157.55.2.85)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 13 Sep 2014 13:45:06 +0000
Received: from DUB404-EAS214 ([157.55.2.72]) by DUB004-OMC4S10.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.22724);
         Sat, 13 Sep 2014 06:45:05 -0700
X-TMN: [8eetpiHyBCvndgy9mS4MZnIiNMymxpo7]
X-Originating-Email: [simi <at> live.no]
Message-ID: <DUB404-EAS2146000803FE73826B1642BDDCA0 <at> phx.gbl>
MIME-Version: 1.0
From: Simen Mangseth <simi <at> live.no>
To: "=?utf-8?Q?users-sc.1410615846.fgbhebgnpdkfkjacikja-simi=3Dlive.no <at> httpd.a?=
 =?utf-8?Q?pache.org?="
        <users-sc.1410615846.fgbhebgnpdkfkjacikja-simi=live.no <at> httpd.apache.org>
Subject: =?utf-8?Q?Re:_confirm_subscribe_to_users <at> httpd.apache.org?=
Importance: Normal
Date: Sat, 13 Sep 2014 13:44:21 +0000
Content-Type: multipart/alternative;
        boundary="_15025A47-1AEF-42FA-AF4A-48ABBF6E3A03_"
X-OriginalArrivalTime: 13 Sep 2014 13:45:05.0128 (UTC) FILETIME=[ECA40E80:01CFCF58]
X-Virus-Checked: Checked by ClamAV on apache.org

Simen Mangseth | 13 Sep 15:50 2014
Picon

Fw: WELCOME to users <at> httpd.apache.org

See message below.

Fra: Simen Mangseth
Sendt: ‎lørdag‎, ‎13‎. ‎september‎ ‎2014 ‎15‎:‎49
Til: users-help <at> httpd.apache.org

Hello,

I don’t think this is very user-friendly, but I hope I’ve come to the right place by now.

Does anybody reply to this? I need support.

Fra: users-help <at> httpd.apache.org
Sendt: ‎lørdag‎, ‎13‎. ‎september‎ ‎2014 ‎15‎:‎45
Til: Simen Mangseth

Hi! This is the ezmlm program. I'm managing the
users <at> httpd.apache.org mailing list.

PLEASE READ!  This message contains information specific to
this mailing list, and is not your standard form-letter
subscription acknowledgement.

I have added the address

   simi <at> live.no

to the users mailing list.

Welcome to users <at> httpd.apache.org!

Please save this message so that you know the address you are
subscribed under, in case you later want to unsubscribe or change your
subscription address.

This mailing list is maintained by the Apache Software Foundation
as a forum in which users of the Apache HTTP server can ask each
other questions, pose problems, and discuss issues.  It is NOT,
repeat NOT, an official support medium of the Foundation.  Please
take a look at

        <URL:http://httpd.apache.org/userslist.html

to see details about how this list is to be used.

Posting is only permitted by subscribed addresses as an anti-spam
measure.  The list is moderated by volunteers from the Apache Software
Foundation; moderation will mostly be notable by its absence.
However, blatant abuse of the forum's purpose or the sensibilities
of the subscribers will not be tolerated.  Any actions taken
by the moderators is final, solely at their discretion, and not
subject to formal appeal.

So.. be excellent to each other, and party on!

--- Administrative commands for the users list ---

I can handle administrative requests automatically. Please
do not send them to the list address! Instead, send
your message to the correct command address:

To subscribe to the list, send a message to:
   <users-subscribe <at> httpd.apache.org>

To remove your address from the list, send a message to:
   <users-unsubscribe <at> httpd.apache.org>

Send mail to the following for info and FAQ for this list:
   <users-info <at> httpd.apache.org>
   <users-faq <at> httpd.apache.org>

Similar addresses exist for the digest list:
   <users-digest-subscribe <at> httpd.apache.org>
   <users-digest-unsubscribe <at> httpd.apache.org>

To get messages 123 through 145 (a maximum of 100 per request), mail:
   <users-get.123_145 <at> httpd.apache.org>

To get an index with subject and author for messages 123-456 , mail:
   <users-index.123_456 <at> httpd.apache.org>

They are always returned as sets of 100, max 2000 per request,
so you'll actually get 100-499.

To receive all messages with the same subject as message 12345,
send a short message to:
   <users-thread.12345 <at> httpd.apache.org>

The messages should contain one line or word of text to avoid being
treated as sp <at> m, but I will ignore their content.
Only the ADDRESS you send to is important.

You can start a subscription for an alternate address,
for example "john <at> host.domain", just add a hyphen and your
address (with '=' instead of ' <at> ') after the command word:
<users-subscribe-john=host.domain <at> httpd.apache.org>

To stop subscription for this address, mail:
<users-unsubscribe-john=host.domain <at> httpd.apache.org>

In both cases, I'll send a confirmation message to that address. When
you receive it, simply reply to it to complete your subscription.

If despite following these instructions, you do not get the
desired results, please contact my owner at
users-owner <at> httpd.apache.org. Please be patient, my owner is a
lot slower than I am ;-)

--- Enclosed is a copy of the request I received.

Return-Path: <simi <at> live.no>
Received: (qmail 88895 invoked by uid 99); 13 Sep 2014 13:45:32 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 13 Sep 2014 13:45:32 +0000
X-ASF-Spam-Status: No, hits=2.5 required=5.0
        tests=HTML_FONT_FACE_BAD,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of simi <at> live.no designates 157.55.2.85 as permitted sender)
Received: from [157.55.2.85] (HELO DUB004-OMC4S10.hotmail.com) (157.55.2.85)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 13 Sep 2014 13:45:06 +0000
Received: from DUB404-EAS214 ([157.55.2.72]) by DUB004-OMC4S10.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.22724);
         Sat, 13 Sep 2014 06:45:05 -0700
X-TMN: [8eetpiHyBCvndgy9mS4MZnIiNMymxpo7]
X-Originating-Email: [simi <at> live.no]
Message-ID: <DUB404-EAS2146000803FE73826B1642BDDCA0 <at> phx.gbl>
MIME-Version: 1.0
From: Simen Mangseth <simi <at> live.no>
To: "=?utf-8?Q?users-sc.1410615846.fgbhebgnpdkfkjacikja-simi=3Dlive.no <at> httpd.a?=
 =?utf-8?Q?pache.org?="
        <users-sc.1410615846.fgbhebgnpdkfkjacikja-simi=live.no <at> httpd.apache.org>
Subject: =?utf-8?Q?Re:_confirm_subscribe_to_users <at> httpd.apache.org?=
Importance: Normal
Date: Sat, 13 Sep 2014 13:44:21 +0000
Content-Type: multipart/alternative;
        boundary="_15025A47-1AEF-42FA-AF4A-48ABBF6E3A03_"
X-OriginalArrivalTime: 13 Sep 2014 13:45:05.0128 (UTC) FILETIME=[ECA40E80:01CFCF58]
X-Virus-Checked: Checked by ClamAV on apache.org


Gmane