Apache: Difference between revisions

From DWIKI
mNo edit summary
Line 56: Line 56:




=FAQ=
 
==AH01630: client denied by server configuration==
= FAQ =
 
== AH01630: client denied by server configuration ==
 
Probably using 2.2 config on 2.4, change
Probably using 2.2 config on 2.4, change
  Order allow,deny
  Order allow,deny
  Allow from all
  Allow from all


to
to
  Require all granted
  Require all granted


==NameVirtualHost *:80 has no VirtualHosts==
== [core:emerg] [pid 3317] (28)No space left on device: AH00023: Couldn't create the rewrite-map mutex ==
This means you're using <VirtualHost *> instead of <VirtualHost *:80>
Check
Or you have multiple declarations of NameVirtualHost *:80
ipcs -s
 
 
 
== NameVirtualHost *:80 has no VirtualHosts ==
 
This means you're using <VirtualHost *> instead of <VirtualHost *:80> Or you have multiple declarations of NameVirtualHost *:80
 
== Telnet session to webserver ==


==Telnet session to webserver==
  telnet www.example.com 80
  telnet www.example.com 80
  get / HTTP/1.1
  get / HTTP/1.1
  <enter>
  <enter>
  <enter>
  <enter>
For a virtual also pass host:
For a virtual also pass host:
  get / HTTP/1.1
  get / HTTP/1.1
  host: virtual.host.com
  host: virtual.host.com
  <enter>
  <enter>


&nbsp;
==Apache memory usage==
 
== Apache memory usage ==
 
  ps aux|grep http|awk '{sum+=$4} END {print sum}'
  ps aux|grep http|awk '{sum+=$4} END {print sum}'


&nbsp;
== Authentication ==


==Authentication==
Read:
Read:
*[http://www.askapache.com/htaccess/apache-authentication-in-htaccess.html Apache Authentication in htaccess]
 
*[http://weavervsworld.com/docs/other/passprotect.html Password Protection with .htaccess & .htpasswd]
*[http://www.askapache.com/htaccess/apache-authentication-in-htaccess.html Apache Authentication in htaccess]  
*http://httpd.apache.org/docs/2.2/howto/auth.html
*[http://weavervsworld.com/docs/other/passprotect.html Password Protection with .htaccess & .htpasswd]  
*https://httpd.apache.org/docs/2.4/howto/auth.html
*[http://httpd.apache.org/docs/2.2/howto/auth.html http://httpd.apache.org/docs/2.2/howto/auth.html]
*[https://httpd.apache.org/docs/2.4/howto/auth.html https://httpd.apache.org/docs/2.4/howto/auth.html]


In .htaccess or </Directory> section put:
In .htaccess or </Directory> section put:
  Authtype Basic
  Authtype Basic
  AuthUserFile /etc/apache/htusers
  AuthUserFile /etc/apache/htusers
Line 97: Line 117:
  AuthName "Protected"
  AuthName "Protected"


==Hide directories==
== Hide directories ==
 
  RedirectMatch 404 /\.svn(/|$)
  RedirectMatch 404 /\.svn(/|$)


  <FilesMatch \.(?i:gif|jpe?g|png)$>
  <FilesMatch \.(?i:gif|jpe?g|png)$>


&nbsp;


==Strange hang and not restarting==
== Strange hang and not restarting ==


  ipcs -s|grep apache
  ipcs -s|grep apache
  for i in `ipcs -s|grep apache|awk {'print $2'}`;do ipcrm sem $i;done;
  for i in `ipcs -s|grep apache|awk {'print $2'}`;do ipcrm sem $i;done;


==Get core dumps==
== Get core dumps ==
*http://wiki.apache.org/httpd/CoreDump
*/usr/share/doc/apache2.2-common/README.backtrace


*http://www.cyberciti.biz/tips/configure-apache-web-server-for-core-dump.html
*[http://wiki.apache.org/httpd/CoreDump http://wiki.apache.org/httpd/CoreDump]
*/usr/share/doc/apache2.2-common/README.backtrace


*[http://www.cyberciti.biz/tips/configure-apache-web-server-for-core-dump.html http://www.cyberciti.biz/tips/configure-apache-web-server-for-core-dump.html]


In apache configuration:
In apache configuration:
   CoreDumpDirectory /tmp/apache2-gdb-dump (make sure to have proper rights)
   CoreDumpDirectory /tmp/apache2-gdb-dump (make sure to have proper rights)


===On freebsd===
=== On freebsd ===


Set apache22limits_enable="YES in /etc/rc.conf
Set apache22limits_enable="YES in /etc/rc.conf


In apache configuration:
In apache configuration:
   CoreDumpDirectory /tmp/apache2-gdb-dump (make sure to have proper rights)
   CoreDumpDirectory /tmp/apache2-gdb-dump (make sure to have proper rights)


Line 130: Line 154:
  sysctl kern.coredumps=1
  sysctl kern.coredumps=1


===On Debian===
=== On Debian ===
  sysctl fs.suid_dumpable=2 ?
 
  ulimit -c unlimited ?
  sysctl fs.suid_dumpable=2&nbsp;?
  ulimit -c unlimited&nbsp;?
 
== Socket is not connected: core_output_filter: writing data to the network ==


==Socket is not connected: core_output_filter: writing data to the network==
Bug in some versions?
Bug in some versions?


==Connection refused: connect to listener on 0.0.0.0:80==
== Connection refused: connect to listener on 0.0.0.0:80 ==
Seems a jail problem, try setting  
 
Seems a jail problem, try setting
 
  Listen 12.33.44.55:80
  Listen 12.33.44.55:80


&nbsp;


== No such file or directory: Failed to enable the 'httpready' Accept Filter ==


==No such file or directory: Failed to enable the 'httpready' Accept Filter==
In /boot/loader.conf
In /boot/loader.conf
  accf_data_load="YES"
  accf_data_load="YES"
  accf_http_load="YES"
  accf_http_load="YES"


&nbsp;


==sorting apache logs==
== sorting apache logs ==
http://jehiah.cz/archive/sorting-apache-logs


[http://jehiah.cz/archive/sorting-apache-logs http://jehiah.cz/archive/sorting-apache-logs]


==unable to include potential exec==
&nbsp;


==Rewriting and redirecting==
== unable to include potential exec ==
http://www.aitechsolutions.net/apacheredirect.html
 
== Rewriting and redirecting ==
 
[http://www.aitechsolutions.net/apacheredirect.html http://www.aitechsolutions.net/apacheredirect.html]
 
=== redirect http to https ===


===redirect http to https===
  #this usually does the trick
  #this usually does the trick
  Redirect permanent / https://foo.com
  Redirect permanent / [https://foo.com https://foo.com]


  *http://www.whoopis.com/howtos/apache-rewrite.html
  *[http://www.whoopis.com/howtos/apache-rewrite.html http://www.whoopis.com/howtos/apache-rewrite.html]


&nbsp;


== debugging rewrites ==


==debugging rewrites==
== status codes ==


*[http://www.w3.org/Protocols/HTTP/HTRESP.html http://www.w3.org/Protocols/HTTP/HTRESP.html]


==status codes==
&nbsp;
*http://www.w3.org/Protocols/HTTP/HTRESP.html


== client denied by server configuration ==


==client denied by server configuration==
That's the Deny/Allow bits in config
That's the Deny/Allow bits in config


&nbsp;
=== AH00179: changing ServerLimit to 700 from original value of 512 not allowed during restart ===


===AH00179: changing ServerLimit to 700 from original value of 512 not allowed during restart===
Needs a real restart
Needs a real restart

Revision as of 10:08, 19 October 2020

From the apache homepage:

The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.

Links

Documentation
http://httpd.apache.org/ Apache homepage
http://httpd.apache.org/docs/2.2/ 2.2 Reference
http://httpd.apache.org/docs/2.0/ 2.0 Reference
http://httpd.apache.org/docs/1.3/ 1.3 Reference
Apache and SSL
Apache2, Debian and SSL
More Apache and SSL
Articles
vhosts explained "Simplify Your Life with Apache Virtual Hosts" Russell Dyer 07/24/2003
Tools
http://awstats.sourceforge.net/ Apache log analyzer

Documentation

Virtual hosts

Application & modules

Log analyzers


Notes

  • Don't use the CGI to present the data unless it is protected. Best use awstats_buildstaticpages.pl to build the static pages and present those. Save resources and is more secure.

Related Items

Web-based Single Sign-On

Applications

Comparisons


FAQ

AH01630: client denied by server configuration

Probably using 2.2 config on 2.4, change

Order allow,deny
Allow from all

to

Require all granted

[core:emerg] [pid 3317] (28)No space left on device: AH00023: Couldn't create the rewrite-map mutex

Check

ipcs -s


NameVirtualHost *:80 has no VirtualHosts

This means you're using <VirtualHost *> instead of <VirtualHost *:80> Or you have multiple declarations of NameVirtualHost *:80

Telnet session to webserver

telnet www.example.com 80
get / HTTP/1.1
<enter>
<enter>

For a virtual also pass host:

get / HTTP/1.1
host: virtual.host.com
<enter>

 

Apache memory usage

ps aux|grep http|awk '{sum+=$4} END {print sum}'

 

Authentication

Read:

In .htaccess or </Directory> section put:

Authtype Basic
AuthUserFile /etc/apache/htusers
Require valid-user
AuthName "Protected"

Hide directories

RedirectMatch 404 /\.svn(/|$)
<FilesMatch \.(?i:gif|jpe?g|png)$>

 

Strange hang and not restarting

ipcs -s|grep apache
for i in `ipcs -s|grep apache|awk {'print $2'}`;do ipcrm sem $i;done;

Get core dumps

In apache configuration:

 CoreDumpDirectory /tmp/apache2-gdb-dump (make sure to have proper rights)

On freebsd

Set apache22limits_enable="YES in /etc/rc.conf

In apache configuration:

 CoreDumpDirectory /tmp/apache2-gdb-dump (make sure to have proper rights)

Other stuff to try

sysctl kern.sugid_coredump=1
sysctl kern.coredumps=1

On Debian

sysctl fs.suid_dumpable=2 ?
ulimit -c unlimited ?

Socket is not connected: core_output_filter: writing data to the network

Bug in some versions?

Connection refused: connect to listener on 0.0.0.0:80

Seems a jail problem, try setting

Listen 12.33.44.55:80

 

No such file or directory: Failed to enable the 'httpready' Accept Filter

In /boot/loader.conf

accf_data_load="YES"
accf_http_load="YES"

 

sorting apache logs

http://jehiah.cz/archive/sorting-apache-logs

 

unable to include potential exec

Rewriting and redirecting

http://www.aitechsolutions.net/apacheredirect.html

redirect http to https

#this usually does the trick
Redirect permanent / https://foo.com
*http://www.whoopis.com/howtos/apache-rewrite.html

 

debugging rewrites

status codes

 

client denied by server configuration

That's the Deny/Allow bits in config

 

AH00179: changing ServerLimit to 700 from original value of 512 not allowed during restart

Needs a real restart