Archive for November, 2010

Log response headers in apache

18 November 2010 13:44

I’ve been working on tweaking some apache logging on a few servers and one of the things I needed to log was a response header. The response header in question is an identifier with information about where the request was served from.

A quick look through the apache log docs doesn’t give any clue on how to do this. I details request header logging but not response. A google search also didn’t really come up with anything that useful until I stumbled on an article over on the  apache week site.

A quick modification of the httpd.conf to duplicate the “common” log entry left me with this:

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{HEADER_NAME}o\"" common2

The key element is the “o”, if you have %{HEADER_NAME}i you’ll get the request header, if you have %{HEADER_NAME}o you’ll get the response header.

This results in the following entry in the log file:

127.0.0.1 - - [18/Nov/2010:13:37:39 +0000] "GET / HTTP/1.1" 200 31006 "HEADER_VALUE"

Filed: Technology // Tagged: , , , // 2 Comments

MAC apachectl ulimit error with 10.6.5

18 November 2010 13:23

If you’ve upgraded to the latest MAC release of Snow Leopard, 10.6.5, and you use apache you may have noticed a bug when you try to control apache with apachectl.

[ian@ian ~]$ sudo apachectl -t
/usr/sbin/apachectl: line 82: ulimit: open files: cannot modify limit: Invalid argument

The release notes detail that apache has been upgraded to 2.2.15 to fix some security holes, however by doing so causes this bug.

The fix is pretty easy and requires you to edit the /usr/sbin/apachectl file. The line you’re looking for is this:

ULIMIT_MAX_FILES="ulimit -S -n `ulimit -H -n`"

All you need to do is simply remove the actual ulimit command and leave this in place:

ULIMIT_MAX_FILES=""

Try apachectl again and it’ll work. In my case the offending line was in fact 64, not 82.

Filed: Technology // Tagged: , , // No Comments

Disable SSLv2

16 November 2010 13:45

If you’re running a site with SSL you really need to turn SSLv2 off. The file you’ll want to edit is /etc/httpd/conf.d/ssl.conf – it might be in a different location, but, shouldn’t be hard to find. The two lines you want to make sure you have are:

SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

You can also test this once you’ve made the changes:

openssl s_client –ssl2 –connect virtualhost:443
openssl s_client –ssl3 –connect virtualhost:443

Filed: Technology // Tagged: , , // 2 Comments

 
What's ianteresting?   •   Twitter   •   About   •   Contact
©2012 Ian Winter. All Rights Reserved.   •   Powered by WordPress   •   Hosted at Memset