In the new apache 2.4 it is pretty cool to configure the logging via module.
LogLevel warn ssl:error auth_digest:error socache_shmcb:warn mpm_worker:warn fcgid:info
Archive for category apache
Apache 2.4 log level config
Dec 20
With apache 2.3.15 I had kinda the same issue with mod_fcgidon ubuntu 8.04 as on windows. With -k restart or -k graceful the server did not die like on windows, but the server delivered than only a 200 OK response header, but nothing more. Switching from worker mpm to event mpm seemed to solve this, but the server died later :-/
Since it has talmost the same issues like on windows I could make a patch that fixes this. Grab the patch (patched against trunk) for the patch for 2.3.6
The bug 50309 is now longer than a year listet. Bad that none applied it yet.
During the summer rumours about a new attack against SSL started circulating (CVE-2011-3389).
As it turns out, the attack itself was conceived years ago, deemed impractical, but it was nevertheless fixed in TLS 1.1. The new attack technique introduced a few optimizations to make it practical.
In terms of mitigation, I expect this problem will be largely addressed on the client side, despite a potential compatibility problem that may cause some TLS sites to stop working.
With this config you can avoid that attack.
SSLProtocol all -SSLv2 SSLHonorCipherOrder On SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM:!SSLV2:!eNULL SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
vserver ubuntu IPv6 network
Sep 22
Since some days there is IPv6 available for my server. But I noticed it just today. Editing /etc/network/interfaces and adding a new virtual interface didn’t work at all. The /etc/init.d/networking restart just showed errors. And ifconfig venet0 wasn’t satisfying.
What works is /etc/network/interfaces just adding the loopbback
iface lo inet6 loopback
adress ::1
netmask 128
gateway fe80::1
Now the trick is to add /etc/rc.local and add this before exit 0
ip addr add 2a01:238:40ab:cd12:dead:beef:dead:beef/128 dev venet0 ip route add default via fe80::1 dev venet0
Than execute /etc/rc.local
Wonder o wonder. Ifconfig works and also ping6 ipv6.example.com
Than I had to add the new ipv6 adress to my apache config
Listen [2a01:238:40ab:cd12:dead:beef:dead:beef]:80
Don’t forget a to create a symlink from rc.local to /etc/rc2.d/S21rc2.local
if you wanna use the last SDK, but own only the express version you can do it this way:
Run as Administrator
C:\Windows\System32\cmd.exe /E:ON /V:ON /T:0E /K "C:\Program Files\Microsoft SDKs\Windows\v7.0\Bin\SetEnv.cmd" /Release
copy paste:
WindowsSdkVer.exe -version:v7.0
done!
To switch back for any reasons use
WindowsSdkVer.exe -version:v6.0A
YSlow Etag misconfigured
Sep 5
YSlow hat gemeckert, dass der Etag misconfigured / falsch gesetzt sei.
Um das zu ändern muss man
FileEtag All
ändern zu
FileETag MTime Size
Wenn dann noch bei einzelnen Dateien fehler auftreten, wie z.B. dem favicon.ico fehlt der korrekte mime type.
Addtype font/truetype .ttf
AddType image/x-icon .ico
Apache AJP reverse proxy
Jul 13
With apache it is possible to have a reverse proxy with AJP instead of http. With the use of mod_proxy_ajp it is very simple to set up and faster than just plain http protocol
<VirtualHost *:80>
ServerName jenkins
DocumentRoot "/mario/Apache22/htdocs"
<Directory "/mario/Apache22/htdocs">
Options Indexes Includes FollowSymLinks
AllowOverride All
Order Allow,Deny
Allow from all
Deny from none
</Directory>
<Location />
ProxyPass ajp://localhost:8009/
ProxyPassReverse ajp://localhost:8009/
</Location>
SetEnv vhostname jenkins
Header add X-Server-Name %{vhostname}e
</virtualhost>
Than start the backend server, in this case only with AJP and listen only on localhost
java -jar jenkins.war --httpPort=-1 --ajp13ListenAddress=127.0.0.1
I had issues with the zend framework and its implementation of lucene. It saved the values from my UTF-8 database in the lucene files with characters like UTF-8 in ISO 8859-1 like on the search result page. And I wasn’t able to search case insensitive.
I noticed that the apache header (zend server CE) wasn’t sending UTF-8. So I added AddDefaultCharset utf-8 to my httpd.conf. Didn’t help.
What helped: In the Bootstrap.php adding to the init of the search
Zend_Search_Lucene_Analysis_Analyzer::setDefault(new Zend_Search_Lucene_Analysis_Analyzer_Common_Utf8());
Zend_Search_Lucene_Search_QueryParser::setDefaultEncoding('utf-8');
Zend_Search_Lucene_Analysis_Analyzer::setDefault(new Zend_Search_Lucene_Analysis_Analyzer_Common_Utf8_CaseInsensitive());
In the model it is needed to decode it to ISO 8859-1 and than save it as UTF-8. Sounds insane, but it was the only thing that works for me.
$doc->addField(Zend_Search_Lucene_Field::Text('lucene_DB_CLOUMN_NAME',utf8_decode($db_apater_result['DB_CLOUMN_NAME']),'UTF-8'));
WTF Zend Lucene!
If you try to do an ajax request on a different domain. You’ll get nothing. Looking a bit deeper into the request I noticed that the status code isn’t 200 or 403 nor 404 like expected. Nope it is 0. (jquery ajax statusCode 0). This means the browser doesn’t allow a crossdomain request. The easiest way for me to solve this was to create a proxy php script. Now I can send my ajax request to a url on my server while the PHP script does the real request to the other server.
This is the php script
/**
* GetFromHost()
*
* @param string $host
* @param int $port
* @param string $path
* @param string $referer
* @param bool $keepalive
* @return
*/
function GetFromHost($host, $port, $path, $referer,$keepalive=false) {
$fsocket = fsockopen($host, 80, $errno, $errstr, 30);
if($fsocket){
$request = "GET $path HTTP/1.1\r\n";
$request .= "Host: $host\r\n";
$request .= "Referer: $referer\r\n";
$request .= 'User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) ';
$request .= "Gecko/20021204\r\n";
$request .= 'Accept: text/xml,application/xml,application/xhtml+xml,';
$request .= 'text/html;q=0.9,text/plain;q=0.8,video/x-mng,image/png,';
$request .= "image/jpeg,image/gif;q=0.2,text/css,*/*;q=0.1\r\n";
$request .= "Accept-Language: en-us, en;q=0.50\r\n";
//$request .= "Accept-Encoding: gzip, deflate, compress;q=0.9\r\n";
$request .= "Accept-Charset: ISO-8859-1, utf-8;q=0.66, *;q=0.66\r\n";
if($keepalive==true){
$request .= "Keep-Alive: 300\r\n";
$request .= "Connection: keep-alive\r\n";
}
else
{
$request .= "Connection: close\r\n";
}
//$request .= "Content-Type: application/x-www-form-urlencoded\r\n";
//$request .= "Content-length: ". strlen($data_to_send) ."\r\n";
$request .= "\r\n";
//$request .= $data_to_send;
fputs($fsocket, $request);
$res ='';
while(!feof($fsocket)) {
$res .= fgets($fsocket, 1024);
}
fclose($fsocket);
return $res;
}
else
{
return false;
//echo "Fehlgeschlagen: ".$fsocket . $host .':'. $port;
}
}
$x = GetFromHost("www.example", "80", "/deep/url/kinda/", "");
$x = explode('Content-Type: text/html',$x);
$output = preg_replace('/\s+(\r\n|\r|\n)/', '$1', $x['1']);//remove white space and tabs at the line ends
echo $output;
maybe you have to edit the explode part for server to separate the header fom the real content.
Building 2.3.12 beta
Jun 1
./configure –prefix=/opt/apache2 –enable-pie –enable-mods-shared=all –enable-so –disable-include –enable-deflate –enable-headers –enable-expires –enable-ssl=shared –enable-mpms-shared=all –with-mpm=worker –enable-rewrite –with-z=/home/mario/apache24/httpd-2.3.12-beta/srclib/zlib –enable-module=ssl –enable-fcgid
make
sudo make install
cd ../fcgid
APXS=/opt/apache2/bin/apxs ./configure.apxs
make
sudo make install
Archives by Subject:
- Categories
Archives by Month:
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009