‘apache’ Archive

Log response headers in apache

18 November 2010 13:44

I’ve been working on tweaking some apache logging on a few servers and one of the things I needed to log was a response header. The response header in question is an identifier with information about where the request was served from.

A quick look through the apache log docs doesn’t give any clue on how to do this. I details request header logging but not response. A google search also didn’t really come up with anything that useful until I stumbled on an article over on the  apache week site.

A quick modification of the httpd.conf to duplicate the “common” log entry left me with this:

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{HEADER_NAME}o\"" common2

The key element is the “o”, if you have %{HEADER_NAME}i you’ll get the request header, if you have %{HEADER_NAME}o you’ll get the response header.

This results in the following entry in the log file:

127.0.0.1 - - [18/Nov/2010:13:37:39 +0000] "GET / HTTP/1.1" 200 31006 "HEADER_VALUE"

Filed: Technology // Tagged: , , , // 3 Comments

Disable SSLv2

16 November 2010 13:45

If you’re running a site with SSL you really need to turn SSLv2 off. The file you’ll want to edit is /etc/httpd/conf.d/ssl.conf – it might be in a different location, but, shouldn’t be hard to find. The two lines you want to make sure you have are:

SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

You can also test this once you’ve made the changes:

openssl s_client –ssl2 –connect virtualhost:443
openssl s_client –ssl3 –connect virtualhost:443

Filed: Technology // Tagged: , , // 2 Comments

Misleading PHP Error

5 September 2010 20:53

Having done some upgrades to my server (PHP, apache) I noticed I was getting some odd errors in the apache log and one of my PHP based sites wasn’t loading. The error in the log was:

[Sun Sep 05 20:23:40 2010] [error] [client X.X.X.X] Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.

Now having done some digging everything suggested the rewrite rule was wrong, or, behaving differently after the upgrade but it turned out that the problem was in fact PHP short_open_tag related.

My php.ini had short_open_tag = Off (which it should, but the site in question was a quick one). Changing that to On and giving apache a restart made the problem go away. When I get a chance I will make the <? tags <?php but it’s not a biggy right now.

For more on short_open_tag check the manual.

Filed: Technology // Tagged: , , // No Comments

MSIE SSL Oddness

16 October 2009 15:09

Internet Explorer strikes again, sometimes. In Chrome, Firefox and Safari the problem doesn’t present. On a couple of webservers in a cluster we recently noticed the following type of error being returned randomly on images, CSS and JavaScript files when calling the page via SSL.

GET ERROR_INTERNET_SECURITY_CHANNEL_ERROR image/gif https://www.domain.com/path/to/image.gif

Now the majority of our SSL certificates for the site in question are server out via a SSL accelerator on our Cisco LBAL’s but this site wasn’t. It was still using a cert on the local box. Having dug deeper I noticed that a couple of the servers had the following lines of code in whereas all the others didn’t. Due to the load balancing that solves the randomness side of it.

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin

Something in those lines of code causes the issues, I’m stabbing in the dark that it’s the session cache as none of the others would seem to be causing the problem. I’ve not tried line by line to find the offender.

Hopefully that will help someone out as I found lots of results in Google but not many solutions!

Filed: Technology, Work // Tagged: , , , , // No Comments

Railo, Resin, Caucho and me

12 June 2009 23:06

I’ve finally got resin, railo and caucho playing together in a nice, no longer ripping each other’s hair, out kind of way. I have to say my biggest comment (and probably one of the more tricky things to do) is that for Railo to become a big player in trying to take away Adobe’s CF user base installers are going to be essential. That said railo does seem quicker on processing CFML (need to do more tests to verify that).

I’ve got apache 2.2.3 running on CentOS 5.3. I have railo 3.1.0.015 (not updated to 016 yet) and caucho.

My resin.conf has this addition (multiple times for the different domains):

<host id="www.domain.co.uk" root-directory="/home/domain/public_html">
<host-name>www.domain.co.uk</host-name>
<host-alias>domain.co.uk</host-alias>
<web-app id="/" document-directory="."/>
</host>

The apache virtual hosts are just normal vhosts. No extras.

My caucho.conf (in /etc/httpd/conf.d) looks like this:

LoadModule caucho_module /usr/lib64/httpd/modules/mod_caucho.so
ResinConfigServer localhost 6800
CauchoConfigCacheDirectory /tmp
CauchoStatus yes
<Location /caucho-status>
SetHandler caucho-status
</Location>

Hopefully that might help someone out. I’m going to try and do a from scratch CentOS build guide for The Rackspace Cloud sometime next week. I’ve started migrating some sites over to the cloud server and so far not hit any issues.

Filed: Technology // Tagged: , , , , // 1 Comment

Rails Setup

23 March 2009 21:39

Been playing with Rails 2.3.2.1 and Passenger 2.1.2 but had some problems upgrading from the two respective earlier versions. The key was in the fact I probably didn’t RTFM. Following the guides.rubyonrails.org I’d got as far as section 4, changing the default index but whenever I did this or tried to view the controller directly on my Mac (10.5.6) it just 500 errored. The key was something that a friend (@neilmiddleton) alluded to was that the app was running in production mode. There was no errors in the log files also aiding the diagnosis.

Solution? Pretty simple, just add an environment variable.

ServerName rortest.local
DocumentRoot "/Users/ian/Sites/rortest/public"
RailsEnv development

Now I’ve got to try and write something useful rather than hello world or a blog post/view page.

Filed: General // Tagged: , , // No Comments

mod_gzip is your friend

25 January 2007 13:15

To save bandwidth on one off the servers I look after I decided to implement mod_gzip.

The server in questions is running RedHat ES3, apache 1.3.37, Coldfusion 7.0.2 and has the cPanel/WHM control panel.

First off was to get mod_gzip compiled, now this can be done manually, download a pre compiled one or in my case just go into WHM and rebuild apache with the mod_gzip box checked. The version it puts in is 1.3.26.1a.

As I’d already got Coldfusion running on this webserver the resulting httpd.conf file it creates became invalid so I had to move a few things about. To cut to the chase the order in which modules load is crucial with Coldfusion due to the was the mod_gzip and mod_jrun modules work intercepting requests. The following is my httpd.conf (abbriviated) with the relevant sections.

LoadModule ...
--snip--
LoadModule jrun_module /usr/local/coldfusionmx7/runtime/lib/wsconfig/1/mod_jrun.so
<IfModule mod_jrun.c>
JRunConfig Verbose false
JRunConfig Apialloc false
JRunConfig Ssl false
JRunConfig Ignoresuffixmap false
JRunConfig Serverstore /usr/local/coldfusionmx7/runtime/lib/wsconfig/1/jrunserver.store
JRunConfig Bootstrap 127.0.0.1:51011
#JRunConfig Errorurl <optionally redirect to this URL on errors>
#JRunConfig ProxyRetryInterval 600
#JRunConfig ConnectTimeout 15
#JRunConfig RecvTimeout 300
#JRunConfig SendTimeout 15
AddHandler jrun-handler .jsp .jws .cfm .cfml .cfc .cfr .cfswf
</IfModule>
LoadModule gzip_module libexec/mod_gzip.so
<IfModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_can_negotiate Yes
mod_gzip_static_suffix .gz
AddEncoding gzip .gz
mod_gzip_update_static No
mod_gzip_command_version '/mod_gzip_status'
mod_gzip_temp_dir /tmp
mod_gzip_keep_workfiles No
mod_gzip_minimum_file_size 500
mod_gzip_maximum_file_size 500000
mod_gzip_maximum_inmem_size 60000
mod_gzip_min_http 1000
mod_gzip_handle_methods GET POST
mod_gzip_item_exclude file .js$
mod_gzip_item_exclude file .css$
mod_gzip_item_exclude file .swf$
mod_gzip_item_exclude mime ^image/
mod_gzip_item_include file .php$
mod_gzip_item_include file .cfm$
mod_gzip_item_include file .jsp$
mod_gzip_item_exclude file .pdf$
mod_gzip_item_include file .fic$
mod_gzip_item_include file .html$
mod_gzip_item_include file .htm$
mod_gzip_item_include mime ^text/html
mod_gzip_item_include mime ^text/plain
mod_gzip_item_include mime ^text/xml
#mod_gzip_item_include mime ^application/force_download$
#mod_gzip_item_include mime ^application/pdf$
mod_gzip_item_include handler type-coldfusion
mod_gzip_item_include handler jrun-handler
mod_gzip_dechunk Yes
#then the logging directives
LogFormat "%h %l %u %t "%V %r" %<s %b mod_gzip: %{mod_gzip_result}n In:%{mo
d_gzip_input_size}n -< Out:%{mod_gzip_output_size}n = %{mod_gzip_compression_rat
io}n pct." common_with_mod_gzip_info2
CustomLog "logs/mod_gzip.log" common_with_mod_gzip_info2
mod_gzip_add_header_count Yes
mod_gzip_send_vary On
</IfModule>
AddType type-coldfusion .fic
--snip--
ClearModuleList
AddModule ...
--snip--
AddModule mod_jrun.c
AddModule mod_gzip.c

In my test case I had a page show as 18224 bytes originally which compressed down to 3956 bytes a saving of 14268 bytes or 79%! To test the compression I was using the port80software.com compression check. You can also see this site’s report.

More Information (stuff I read):

Filed: Technology // Tagged: , , , , // No Comments

 
Twitter   •   About   •   Contact
©2017 Ian Winter. All Rights Reserved.   •   Powered by WordPress   •   Hosted at Memset