‘apache2’ Archive

Log response headers in apache

18 November 2010 13:44

I’ve been working on tweaking some apache logging on a few servers and one of the things I needed to log was a response header. The response header in question is an identifier with information about where the request was served from.

A quick look through the apache log docs doesn’t give any clue on how to do this. I details request header logging but not response. A google search also didn’t really come up with anything that useful until I stumbled on an article over on the  apache week site.

A quick modification of the httpd.conf to duplicate the “common” log entry left me with this:

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{HEADER_NAME}o\"" common2

The key element is the “o”, if you have %{HEADER_NAME}i you’ll get the request header, if you have %{HEADER_NAME}o you’ll get the response header.

This results in the following entry in the log file:

127.0.0.1 - - [18/Nov/2010:13:37:39 +0000] "GET / HTTP/1.1" 200 31006 "HEADER_VALUE"

Filed: Technology // Tagged: , , , // 3 Comments

MAC apachectl ulimit error with 10.6.5

18 November 2010 13:23

If you’ve upgraded to the latest MAC release of Snow Leopard, 10.6.5, and you use apache you may have noticed a bug when you try to control apache with apachectl.

[[email protected] ~]$ sudo apachectl -t
/usr/sbin/apachectl: line 82: ulimit: open files: cannot modify limit: Invalid argument

The release notes detail that apache has been upgraded to 2.2.15 to fix some security holes, however by doing so causes this bug.

The fix is pretty easy and requires you to edit the /usr/sbin/apachectl file. The line you’re looking for is this:

ULIMIT_MAX_FILES="ulimit -S -n `ulimit -H -n`"

All you need to do is simply remove the actual ulimit command and leave this in place:

ULIMIT_MAX_FILES=""

Try apachectl again and it’ll work. In my case the offending line was in fact 64, not 82.

Filed: Technology // Tagged: , , // No Comments

Disable SSLv2

16 November 2010 13:45

If you’re running a site with SSL you really need to turn SSLv2 off. The file you’ll want to edit is /etc/httpd/conf.d/ssl.conf – it might be in a different location, but, shouldn’t be hard to find. The two lines you want to make sure you have are:

SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

You can also test this once you’ve made the changes:

openssl s_client –ssl2 –connect virtualhost:443
openssl s_client –ssl3 –connect virtualhost:443

Filed: Technology // Tagged: , , // 2 Comments

apache2 issue on Leopard

10 November 2007 19:21

So last geek post on a Saturday night before I go out.

Trying to get a site running which uses a lot of rewrite rules. Enable the module in the /etc/apache2/httpd.conf file, configtest and restart. That should be it, erm, no. All I saw when browsing the site was a nice 404 page. Checking in the /var/log/apache2/error_log I see the following line:

[Sat Nov 10 19:13:24 2007] [error] [client 127.0.0.1] Negotiation: discovered file(s) matching request: /Users/ianwinter/Sites/domainname/public_html/content (None could be negotiated)., referer: http://www.domainname.co.uk.local/

Now I already knew that apache2 handles the Order directive for allow & deny differently so I’d already changed the main directory block to the following to allow everything:

<Directory />
Options FollowSymLinks
AllowOverride All
Order deny,allow
Allow from all
</Directory>

Turns out after unsuccessful Google searches and me going back to trying all sorts (good old chmod -R 777 included) that unless you specifically setup a directory block for the /Users/ianwinter/Sites path it doesn’t listen.

<Directory /Users/ianwinter/Sites/*>
Options All
AllowOverride All
Order deny,allow
Allow from all
</Directory>

It doesn’t do this on Windows but I seem to recall having to do something on a RedHat system before. Maybe it’s a *NIX thing.

Filed: Technology // Tagged: , , , // No Comments

 
Twitter   •   About   •   Contact
©2017 Ian Winter. All Rights Reserved.   •   Powered by WordPress   •   Hosted at Memset