Nabble - Apache HTTP Server - Users

mod_deflate working on all vhosts except port 80

2008-12-04T10:23:55Z

Hi. I've gotten mod_deflate to deflate files as intended for all
vhosts except for the primary site on port 80. I've even duplicated
the files under one vhost to 80, and they still wont deflate. I've
included a good amount of detail about configuration, headers, and
results below. If you have any ideas, please let me know.

- David

Here are the details.

Current Setup: Apache/2.2.10 (Win32) PHP/5.2.6 mod_jk/1.2.27

=== BEGIN Deflate block at the very end of httpd.conf ===

<IfModule deflate_module>
SetOutputFilter DEFLATE
DeflateFilterNote Input instream
DeflateFilterNote Output outstream
DeflateFilterNote Ratio ratio
LogFormat '[%>s](%{ratio}n%%) %h %t "%r" %{outstream}n/%{instream}n' deflate
CustomLog logs/deflate.log deflate
Header append Vary User-Agent env=!dont-vary
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/atom_xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/x-httpd-php
AddOutputFilterByType DEFLATE application/x-httpd-fastphp
AddOutputFilterByType DEFLATE application/x-httpd-eruby
AddOutputFilterByType DEFLATE text/html
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.zip$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.swf$ no-gzip dont-vary
BrowserMatch \bMSIE\s7 !no-gzip !gzip-only-text/html
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
</IfModule>

=== END Deflate block at the very end of httpd.conf ===

=== BEGIN Two sample blocks from vhosts.conf ===

NameVirtualHost *:80
NameVirtualHost *:8060
<VirtualHost *:80>
ServerAdmin me@...
DocumentRoot "E:\Apache Group\Apache2.2\htdocs\ic_dev"
JKMount /*.jsp worker1
</VirtualHost>

<VirtualHost *:8060>
ServerAdmin me@...
DocumentRoot "E:\Apache Group\Apache2.2\htdocs\documentation"
</VirtualHost>

=== END two sample blocks from vhosts.conf ===

=== BEGIN Deflate Log from a request to port 8060 ===

[200](13%) 10.230.137.95 [04/Dec/2008:13:13:09 -0500] "GET / HTTP/1.1"
6024/45003
[200](23%) 10.230.137.95 [04/Dec/2008:13:13:09 -0500] "GET
/javascript/jul08/global.js HTTP/1.1" 1424/6031
[200](26%) 10.230.137.95 [04/Dec/2008:13:13:09 -0500] "GET
/javascript/jul08/api.js?V=n HTTP/1.1" 1605/5986
[200](21%) 10.230.137.95 [04/Dec/2008:13:13:09 -0500] "GET
/stylesheets/jul08/global.css?V=n HTTP/1.1" 3334/15658
[200](69%) 10.230.137.95 [04/Dec/2008:13:13:09 -0500] "GET
/stylesheets/jul08/print.css?V=n HTTP/1.1" 102/147
[200](19%) 10.230.137.95 [04/Dec/2008:13:13:09 -0500] "GET
/stylesheets/jul08/legacy.css?V=n HTTP/1.1" 5209/26771
[200](17%) 10.230.137.95 [04/Dec/2008:13:13:09 -0500] "GET
/stylesheets/jul08/master.css?V=n HTTP/1.1" 4171/24516
[200](26%) 10.230.137.95 [04/Dec/2008:13:13:09 -0500] "GET
/stylesheets/jul08/hover.css?V=n HTTP/1.1" 1216/4629
[200](33%) 10.230.137.95 [04/Dec/2008:13:13:09 -0500] "GET
/javascript/jul08/sortable.js HTTP/1.1" 3244/9830
[200](18%) 10.230.137.95 [04/Dec/2008:13:13:09 -0500] "GET
/stylesheets/jul08/flexigrid/flexigrid.css HTTP/1.1" 2634/14021
[200](49%) 10.230.137.95 [04/Dec/2008:13:13:09 -0500] "GET
/javascript/jul08/jquery/jquery.js HTTP/1.1" 14799/29825
[200](24%) 10.230.137.95 [04/Dec/2008:13:13:10 -0500] "GET
/javascript/jul08/jquery/flexigrid.js HTTP/1.1" 9695/39149

=== END Deflate Log from a request to port 8060 ===

=== BEGIN Deflate Log from a request to port 80 ===

[200](-%) 10.230.137.95 [04/Dec/2008:13:14:58 -0500] "GET / HTTP/1.1" -/-
[200](-%) 10.230.137.95 [04/Dec/2008:13:14:58 -0500] "GET
/index_files/index.css HTTP/1.1" -/-
[200](-%) 10.230.137.95 [04/Dec/2008:13:14:58 -0500] "GET
/index_files/api.js HTTP/1.1" -/-
[200](-%) 10.230.137.95 [04/Dec/2008:13:14:58 -0500] "GET
/index_files/icn_arrow_blue_nav.gif HTTP/1.1" -/-
[200](-%) 10.230.137.95 [04/Dec/2008:13:14:58 -0500] "GET
/index_files/1.gif HTTP/1.1" -/-
[200](-%) 10.230.137.95 [04/Dec/2008:13:14:58 -0500] "GET
/index_files/color_date_key.gif HTTP/1.1" -/-

=== END Deflate Log from a request to port 80 ===

=== BEGIN Headers for a file (HTML) loaded from port 80 ===

GET / HTTP/1.1
Host: {machine.domain}
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:1.8.1.18) Gecko/20081029 Firefox/2.0.0.18
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: defaultHome=global_home|1227113075081;
__utma=269858409.1919455299.1219178860.1219178860.1219178860.1;
__utmz=269858409.1219178860.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none);
WT_FPC=id=153.2.246.30-1296959216.29945229:lv=1228165072826:ss=1228165072826
Cache-Control: max-age=0

HTTP/1.x 200 OK
Date: Thu, 04 Dec 2008 18:15:50 GMT
Server: Apache/2.2.10 (Win32) PHP/5.2.6 mod_jk/1.2.27
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html

=== END Headers for a file (HTML) loaded from port 80 ===

=== BEGIN Headers for a file (HTML) loaded from port 8060 ===

GET / HTTP/1.1
Host: {machine.domain}:8060
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:1.8.1.18) Gecko/20081029 Firefox/2.0.0.18
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: defaultHome=global_home|1227113075081;
__utma=269858409.1919455299.1219178860.1219178860.1219178860.1;
__utmz=269858409.1219178860.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none);
WT_FPC=id=153.2.246.30-1296959216.29945229:lv=1228165072826:ss=1228165072826

HTTP/1.x 200 OK
Date: Thu, 04 Dec 2008 18:18:24 GMT
Server: Apache/2.2.10 (Win32) PHP/5.2.6 mod_jk/1.2.27
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 6042
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html

=== END Headers for a file (HTML) loaded from port 8060 ===

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@...
" from the digest: users-digest-unsubscribe@...
For additional commands, e-mail: users-help@...

Re: TRACE and TRACK methods

2008-12-04T10:10:35Z

Ravindra wrote:
> Hi,
>
> Does Apache 2.2.10 support TRACE and TRACK methods by default ?

TRACK (DEBUG etc) are not RFC 2616, they aren't implemented.

TRACE is active by default, see the TraceEnable directive.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@...
" from the digest: users-digest-unsubscribe@...
For additional commands, e-mail: users-help@...

RE: TRACE and TRACK methods

2008-12-04T10:01:39Z

Very cool tool, thanks for sharing it!

At 09:45 AM 12/4/2008, Hollie Hollis wrote:

>Here's a nifty little Web site that will let you test your various URLs for
>Trace.
>http://web-sniffer.net/
>
>-----Original Message-----
>From: Gene LeDuc [mailto:gleduc@...]
>Sent: Thursday, December 04, 2008 11:37 AM
>To: users@...; users@...
>Subject: Re: [users@httpd] TRACE and TRACK methods
>
>Don't know about TRACK, but TRACE is enabled by default.
>
>At 08:15 AM 12/4/2008, Ravindra wrote:
> >Does Apache 2.2.10 support TRACE and TRACK methods by default ?
> >
> >How do I test if these are enabled on my Apache ?
> >
> >Thanks,
> >Ravindra

--
Gene LeDuc, GSEC
Security Analyst
San Diego State University

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@...
" from the digest: users-digest-unsubscribe@...
For additional commands, e-mail: users-help@...

RE: TRACE and TRACK methods

2008-12-04T09:45:56Z

Here's a nifty little Web site that will let you test your various URLs for
Trace.
http://web-sniffer.net/

-----Original Message-----
From: Gene LeDuc [mailto:gleduc@...]
Sent: Thursday, December 04, 2008 11:37 AM
To: users@...; users@...
Subject: Re: [users@httpd] TRACE and TRACK methods

Don't know about TRACK, but TRACE is enabled by default.

At 08:15 AM 12/4/2008, Ravindra wrote:
>Hi,
>
>Does Apache 2.2.10 support TRACE and TRACK methods by default ?
>
>How do I test if these are enabled on my Apache ?
>
>Thanks,
>Ravindra

--
Gene LeDuc, GSEC
Security Analyst
San Diego State University

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@...
" from the digest: users-digest-unsubscribe@...
For additional commands, e-mail: users-help@...

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@...
" from the digest: users-digest-unsubscribe@...
For additional commands, e-mail: users-help@...

Re: TRACE and TRACK methods

2008-12-04T09:36:32Z

Don't know about TRACK, but TRACE is enabled by default.

At 08:15 AM 12/4/2008, Ravindra wrote:
>Hi,
>
>Does Apache 2.2.10 support TRACE and TRACK methods by default ?
>
>How do I test if these are enabled on my Apache ?
>
>Thanks,
>Ravindra

--
Gene LeDuc, GSEC
Security Analyst
San Diego State University

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@...
" from the digest: users-digest-unsubscribe@...
For additional commands, e-mail: users-help@...

Re: Run Apache as Non Root user on port other than 80

2008-12-04T08:53:08Z

Hello;

One other possibility is, if your administrators don't want to manage
your Apache setup, perhaps they can be persuaded to manage their own
Apache, a very simple one (which you could build, configure, and deliver
to them). This additional server instance would do nothing except
forward all requests on to your 9080/alternate-443 instance, either via
mod_proxy or mod_rewrite or plain old 'RedirectMatch permanent'. The
reluctant admins have a fairly static, minimalist web server instance to
deal with (no CGI, no htdocs, and so forth), people can use the
un-port-labeled URLs to get in, and you still get to control all the
rest; Andre's suggestions below would still be applicable.

Good luck with your administrative group!

hugh

André Warnier wrote:

> Vasanth Kumar ravi wrote:
>> So i have changed the Listen port as 9080 and defined Virtual hosts
>> for 9080
>> and 443.
>> I tried to access the application using the url's above, but it failed.
>>
>> Now the question is.
>>
>> How can I access the application using the same url without
>> mentioning the
>> port number on the url.
>> I m not using any firewall here, so I cannot do a port fwd of 80 to
>> 9080.
>>
>> Is there any configuration which can be done at the Apache, so that I
>> can
>> run it as non root user and access the url without ports mentioned in
>> it.
>>
> Hi.
> Apart from the correct answers which other people already gave you,
> going back for a minute to your basic question :
>
> You cannot do the above without having something in-between, for the
> following reason :
>
> When you type a URL like "http://www.myserver.com" in a browser, it is
> *the browser* which adds the ":80" automatically (*), because that is
> the default port for the HTTP protocol.
> Similarly, if you type a URL like "https://www.myserver.com", the
> browser will automatically add ":443", because that is the default
> port for the HTTPS protocol.
>
> So now, the browser tries to connect to the IP address of the host
> "www.myserver.com", on port 80. If on that host, nothing is listening
> on that port, the browser is not able to connect.
>
> Since you cannot "tell" all the browsers that access your site, that
> they should use another default port for HTTP and HTTPS, there is no
> way to change that part.
>
> But note :
> If your application is entirely located on that one server, the fact
> of having to add ":9080" to the hostname concerns only the *first* URL
> link to your site. Once your clients have connected once to
> "http://www.myserver.com:9080" and received the Home page, then as
> long as all the links in your application pages do not contain the
> "http://www.myserver.com:9080" part anymore, the browser will
> automatically continue to access this same host:port.
> (e.g. the links in your Home page are like
> <a href="/submenu1.html">Accounting</a>
> and not like
> <a href="http://www.myserver.com:9080/submenu1.html">Accounting</a>
> )
> This may, or may not, be acceptable to you. You will have to be a bit
> careful in designing your site, but it can work.
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@...
> " from the digest: users-digest-unsubscribe@...
> For additional commands, e-mail: users-help@...
>
>

--
Hugh Williams "More men are killed by overwork than the
hugh_williams@... importance of the world justifies."
Agilent Technologies - Rudyard Kipling
Santa Rosa 4US-R "The Phantom Rickshaw", 1888
(707)-577-4941

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@...
" from the digest: users-digest-unsubscribe@...
For additional commands, e-mail: users-help@...

TRACE and TRACK methods

2008-12-04T08:15:13Z

Hi,

Does Apache 2.2.10 support TRACE and TRACK methods by default ?

How do I test if these are enabled on my Apache ?

Thanks,
Ravindra

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@...
" from the digest: users-digest-unsubscribe@...
For additional commands, e-mail: users-help@...

Denis Peuziat is on sickness leave.

2008-12-04T07:13:46Z

I will be out of the office starting 04/12/2008 and will not return until 08/12/2008.

For any issues, contact Office Automation hotline on 6400

RE: SSLCipherSuite not disabling export ciphers?

2008-12-04T06:14:20Z

We have a few different renditions of Apache installed, a Red Hat rpm
version and a manually compiled version, and here's how ours are listed:
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

Thus far this set-up has passed PCI compliance scanning.

-----Original Message-----
From: David Hubbard [mailto:dhubbard@...]
Sent: Thursday, December 04, 2008 2:40 AM
To: users@...
Subject: [users@httpd] SSLCipherSuite not disabling export ciphers?

Can someone tell me if the SSLCipherSuite directive has
any known issues with not fully adhering to what it is
given? I've been trying to make a server pci compliant
by disabling all weak SSL ciphers and whatever I try is
not disabling the export grade ciphers. I'm using:

SSLCipherSuite HIGH:MEDIUM

yet even after doing that, these six continue to work fine
when I test them:

EDH-RSA-DES-CBC-SHA 56 bit
DES-CBC-SHA 56 bit
EXP-EDH-RSA-DES-CBC-SHA 40 bit
EXP-DES-CBC-SHA 40 bit
EXP-RC2-CBC-MD5 40 bit
EXP-RC4-MD5 40 bit

I've altered my directive to have !EXP and even to have
each of those six ciphers above explicitly excluded yet
they remain enabled.

Thanks,

David

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@...
" from the digest: users-digest-unsubscribe@...
For additional commands, e-mail: users-help@...

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@...
" from the digest: users-digest-unsubscribe@...
For additional commands, e-mail: users-help@...

SSLCipherSuite not disabling export ciphers?

2008-12-04T00:40:29Z

Can someone tell me if the SSLCipherSuite directive has
any known issues with not fully adhering to what it is
given? I've been trying to make a server pci compliant
by disabling all weak SSL ciphers and whatever I try is
not disabling the export grade ciphers. I'm using:

SSLCipherSuite HIGH:MEDIUM

yet even after doing that, these six continue to work fine
when I test them:

EDH-RSA-DES-CBC-SHA 56 bit
DES-CBC-SHA 56 bit
EXP-EDH-RSA-DES-CBC-SHA 40 bit
EXP-DES-CBC-SHA 40 bit
EXP-RC2-CBC-MD5 40 bit
EXP-RC4-MD5 40 bit

I've altered my directive to have !EXP and even to have
each of those six ciphers above explicitly excluded yet
they remain enabled.

Thanks,

David

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@...
" from the digest: users-digest-unsubscribe@...
For additional commands, e-mail: users-help@...

Re: Run Apache as Non Root user on port other than 80

2008-12-03T23:49:12Z

Vasanth Kumar ravi wrote:

> So i have changed the Listen port as 9080 and defined Virtual hosts for 9080
> and 443.
> I tried to access the application using the url's above, but it failed.
>
> Now the question is.
>
> How can I access the application using the same url without mentioning the
> port number on the url.
> I m not using any firewall here, so I cannot do a port fwd of 80 to 9080.
>
> Is there any configuration which can be done at the Apache, so that I can
> run it as non root user and access the url without ports mentioned in it.
>

Hi.
Apart from the correct answers which other people already gave you,
going back for a minute to your basic question :

You cannot do the above without having something in-between, for the
following reason :

When you type a URL like "http://www.myserver.com" in a browser, it is
*the browser* which adds the ":80" automatically (*), because that is
the default port for the HTTP protocol.
Similarly, if you type a URL like "https://www.myserver.com", the
browser will automatically add ":443", because that is the default port
for the HTTPS protocol.

So now, the browser tries to connect to the IP address of the host
"www.myserver.com", on port 80. If on that host, nothing is listening on
that port, the browser is not able to connect.

Since you cannot "tell" all the browsers that access your site, that
they should use another default port for HTTP and HTTPS, there is no way
to change that part.

But note :
If your application is entirely located on that one server, the fact of
having to add ":9080" to the hostname concerns only the *first* URL link
to your site. Once your clients have connected once to
"http://www.myserver.com:9080" and received the Home page, then as long
as all the links in your application pages do not contain the
"http://www.myserver.com:9080" part anymore, the browser will
automatically continue to access this same host:port.
(e.g. the links in your Home page are like
<a href="/submenu1.html">Accounting</a>
and not like
<a href="http://www.myserver.com:9080/submenu1.html">Accounting</a>
)
This may, or may not, be acceptable to you. You will have to be a bit
careful in designing your site, but it can work.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@...
" from the digest: users-digest-unsubscribe@...
For additional commands, e-mail: users-help@...

Re: Run Apache as Non Root user on port other than 80

2008-12-03T23:29:08Z

Well sudo is not allowed in our complaince/audit policy even for Dev boxes.
so i will either run it on non standard ports and ask the app guys to access by mentioning the port for Dev environment or ask the sys admin to manage the apache(which they wont accept).
thanks folks.

On Thu, Dec 4, 2008 at 2:50 PM, Krist van Besien <krist.vanbesien@...> wrote:

On Thu, Dec 4, 2008 at 7:28 AM, William A. Rowe, Jr.

<wrowe@...> wrote:

> Vasanth Kumar ravi wrote:
>> Well the problem is here is the root access.
>> I am an application administrator and the root passwd is owned by the
>> system administrator team.
>> since this a dev setup, i got the root passwd but for production they
>> would not give it.
>> so either I have to go for a port forward in production or ask the
>> system admin to manage the apache.
>
> Or you ask for sudo access to a script which kicks off, starts and stops
> apache. This requires you to have nobody's password except your own.

Anybody who has the privileges to edit the apache config file and to
start and stop apache using sudo can become root. So if system
administrators don't want you to have root access to should be
prepared to manage apache themselves.
Basically the best practise is to develop your apache config on a dev
server, and delvier the result to the production server's admin with
instructions on how to install and manage it.

Krist

--
krist.vanbesien@...
krist@...
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@...
" from the digest: users-digest-unsubscribe@...
For additional commands, e-mail: users-help@...

--
Regards&Thanks,
Vasanth Kumar Ravi

Re: Run Apache as Non Root user on port other than 80

2008-12-03T22:50:00Z

On Thu, Dec 4, 2008 at 7:28 AM, William A. Rowe, Jr.
<wrowe@...> wrote:

> Vasanth Kumar ravi wrote:
>> Well the problem is here is the root access.
>> I am an application administrator and the root passwd is owned by the
>> system administrator team.
>> since this a dev setup, i got the root passwd but for production they
>> would not give it.
>> so either I have to go for a port forward in production or ask the
>> system admin to manage the apache.
>
> Or you ask for sudo access to a script which kicks off, starts and stops
> apache. This requires you to have nobody's password except your own.

Anybody who has the privileges to edit the apache config file and to
start and stop apache using sudo can become root. So if system
administrators don't want you to have root access to should be
prepared to manage apache themselves.
Basically the best practise is to develop your apache config on a dev
server, and delvier the result to the production server's admin with
instructions on how to install and manage it.

Krist

--
krist.vanbesien@...
krist@...
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@...
" from the digest: users-digest-unsubscribe@...
For additional commands, e-mail: users-help@...

Re: Run Apache as Non Root user on port other than 80

2008-12-03T22:28:41Z

Vasanth Kumar ravi wrote:
> Well the problem is here is the root access.
> I am an application administrator and the root passwd is owned by the
> system administrator team.
> since this a dev setup, i got the root passwd but for production they
> would not give it.
> so either I have to go for a port forward in production or ask the
> system admin to manage the apache.

Or you ask for sudo access to a script which kicks off, starts and stops
apache. This requires you to have nobody's password except your own.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@...
" from the digest: users-digest-unsubscribe@...
For additional commands, e-mail: users-help@...

Re: Run Apache as Non Root user on port other than 80

2008-12-03T22:23:25Z

Well the problem is here is the root access.
I am an application administrator and the root passwd is owned by the system administrator team.
since this a dev setup, i got the root passwd but for production they would not give it.
so either I have to go for a port forward in production or ask the system admin to manage the apache.

Tks.

On Thu, Dec 4, 2008 at 2:20 PM, William A. Rowe, Jr. <wrowe@...> wrote:

Vasanth Kumar ravi wrote:
> Ok so the only way to run them using the ports 80/443 is to run as Root
> user .

You *start* as root. The user and group directives have Apache change the
context for serving all of the requests coming into the server, so they are
NOT running in a root context (but as restricted a context as you want to
create for your requirements).

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@...
" from the digest: users-digest-unsubscribe@...
For additional commands, e-mail: users-help@...

--
Regards&Thanks,
Vasanth Kumar Ravi

Re: Run Apache as Non Root user on port other than 80

2008-12-03T22:20:53Z

Vasanth Kumar ravi wrote:
> Ok so the only way to run them using the ports 80/443 is to run as Root
> user .

You *start* as root. The user and group directives have Apache change the
context for serving all of the requests coming into the server, so they are
NOT running in a root context (but as restricted a context as you want to
create for your requirements).

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@...
" from the digest: users-digest-unsubscribe@...
For additional commands, e-mail: users-help@...

Re: Run Apache as Non Root user on port other than 80

2008-12-03T22:16:08Z

Ok so the only way to run them using the ports 80/443 is to run as Root user .

Thanks.

On Thu, Dec 4, 2008 at 2:11 PM, William A. Rowe, Jr. <wrowe@...> wrote:

Vasanth Kumar ravi wrote:
> Now the question is.
>
> How can I access the application using the same url without mentioning
> the port number on the url.
> I m not using any firewall here, so I cannot do a port fwd of 80 to 9080.

You can't. The port assignment is the port used, the default is 80 for http
and 443 for https.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@...
" from the digest: users-digest-unsubscribe@...
For additional commands, e-mail: users-help@...

--
Regards&Thanks,
Vasanth Kumar Ravi

Re: Run Apache as Non Root user on port other than 80

2008-12-03T22:11:24Z

Vasanth Kumar ravi wrote:
> Now the question is.
>
> How can I access the application using the same url without mentioning
> the port number on the url.
> I m not using any firewall here, so I cannot do a port fwd of 80 to 9080.

You can't. The port assignment is the port used, the default is 80 for http
and 443 for https.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@...
" from the digest: users-digest-unsubscribe@...
For additional commands, e-mail: users-help@...

Run Apache as Non Root user on port other than 80

2008-12-03T22:02:48Z

All,

Running Apache HTTP Server on port 80.
Have defined 2 virtual hosts on 80/443.
Currently running the apache under root user.
my application url's are http://test.ap.com/Web/neo and https://test.ap.com/Web/neo
I am able to access the url's mentioned above.
***********************
Now we have created an id/group as apache/apache and changed the httpd.conf to run as this user/group.
I would not be using root user to administer apache from now.
So i have changed the Listen port as 9080 and defined Virtual hosts for 9080 and 443.
I tried to access the application using the url's above, but it failed.

Now the question is.

How can I access the application using the same url without mentioning the port number on the url.
I m not using any firewall here, so I cannot do a port fwd of 80 to 9080.

Is there any configuration which can be done at the Apache, so that I can run it as non root user and access the url without ports mentioned in it.

Thanks.

--
Regards&Thanks,
Vasanth Kumar Ravi

Re: Apache On Multi Core/Multi Processors

2008-12-03T16:26:58Z

On Dec 3, 2008, at 3:45 PM, Bruno - e-comBR wrote:

> I want to know how much Apache's HTTPD takes the advantages of
> multiple CPUs. Is there any difference about performance betwen using
> worker or prefork as MPM??

Depends on your operating system architecture. However, in any
situation the design of the most popular Apache MPMs has each worker
handling a particular connection from beginning to end. This is the
case whether workers are pre-forked processes, or whether they are
threads in a child process (worker, Windows MPM). Effectively this
means that most of the time, workers are waiting for something to do:
waiting to read something from the network, for the backend to return
data, etc. This means that you usually run many more workers than you
have CPU cores.

> Being a little "out of topic", let me ask you... On a Linux SMP
> system, does a n Core processor works like n processors?? Is there any
> differences taking performance advantages of multiple CPUs betwen
> using multiple threads or multiple processes??

On Linux specifically, you have two factors at work:

1) Linux process structures are relatively lighweight
2) As far as the Linux kernel is concerned, each thread is mapped onto
a process structure

The last one means you don't win performance by going to threads
instead of staying with processes, and the first one means that the
penalty of context-switching between many processes is smaller on
Linux than on some other systems (like Solaris).

> Just to make you understand the issue, I'm want to setup a dedicated
> web server with two Quad Core processors, and I can't use worker(which
> is multi-threaded) because I'm using mod_php. So, what I really want
> to know: it's a fact that many CPU's(2 processors x 4 cores = 8) will
> improve the processing performance??

Actually, I believe the core of PHP is now threadsafe and re-entrant.
However, the PHP group can't make any assumptions or claims about
threadsafety of the libraries PHP uses, so they won't state PHP runs
under multithreaded MPMs. And, because of the circumstances discussed
above, there is no practical gain from running threads on Linux so PHP
has little motivation to improve this situation.

HtH,

S.

--
Sander Temme
sctemme@...
PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF

smime.p7s (3K) Download Attachment

Apache On Multi Core/Multi Processors

2008-12-03T15:45:20Z

Hello all,

I want to know how much Apache's HTTPD takes the advantages of
multiple CPUs. Is there any difference about performance betwen using
worker or prefork as MPM??

Being a little "out of topic", let me ask you... On a Linux SMP
system, does a n Core processor works like n processors?? Is there any
differences taking performance advantages of multiple CPUs betwen
using multiple threads or multiple processes??

Just to make you understand the issue, I'm want to setup a dedicated
web server with two Quad Core processors, and I can't use worker(which
is multi-threaded) because I'm using mod_php. So, what I really want
to know: it's a fact that many CPU's(2 processors x 4 cores = 8) will
improve the processing performance??

Thank you all!!

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@...
" from the digest: users-digest-unsubscribe@...
For additional commands, e-mail: users-help@...

Re: help with mod_authn_dbd and oracle

2008-12-03T13:23:33Z

Just for the record... With guidance from the list, I got mod_dbd and mod_authn_dbd working.

I installed Oracle Client 11g (win32_11gR1_client.zip) and Apache 2.2.10. I had to
take a few guesses at what DBDParams was supposed to be. I ended up with
"user=test pass=test server=db9i". I then followed the configuration example in the docs
for mod_authn_dbd. That did it.

Using a tool like ngrep, to see the exchanges between oracle
and apache, helped a lot too.

I appreciate the help.

Paul

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@...
" from the digest: users-digest-unsubscribe@...
For additional commands, e-mail: users-help@...

Re: Compiling Apache 2.2.10 with static linking on Linux

2008-12-03T01:43:52Z

On Wed, 2008-12-03 at 11:52 +0530, Ravindra wrote:

> Hi,
>
> I want to build Apache 2.2.10 with static linking instead of default
> shared linking. I just want one httpd binary.
>
> Old versions used to have "--disable-shared" option in configure
> script, this does not seem to exist now in new version.
>
> Any clues how do I get statically linked Apache ?
>
> Thanks in advance,
> Ravindra
>

LDFLAGS="-static" ./configure ...

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@...
" from the digest: users-digest-unsubscribe@...
For additional commands, e-mail: users-help@...

Re: Compiling Apache 2.2.10 with static linking on Linux

2008-12-03T01:42:00Z

"--disable-shared" seems to be working even with new configure, just
that it is not documented in configure help.

Should I not use it ?

On Wed, Dec 3, 2008 at 11:52 AM, Ravindra <kravindra@...> wrote:

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@...
" from the digest: users-digest-unsubscribe@...
For additional commands, e-mail: users-help@...

Compiling Apache 2.2.10 with static linking on Linux

2008-12-02T22:22:03Z

Hi,

I want to build Apache 2.2.10 with static linking instead of default
shared linking. I just want one httpd binary.

Old versions used to have "--disable-shared" option in configure
script, this does not seem to exist now in new version.

Any clues how do I get statically linked Apache ?

Thanks in advance,
Ravindra

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@...
" from the digest: users-digest-unsubscribe@...
For additional commands, e-mail: users-help@...

RE: Apache + sites loading slow in IE only

2008-12-02T14:40:04Z

Hey Eric

I changed

#Timeout 120

#MaxKeepAliveRequests 100

#<IfModule prefork.c>

#StartServers 8

#MinSpareServers 5

#MaxSpareServers 20

#ServerLimit 256

#MaxClients 256

#MaxRequestsPerChild 4000

#</IfModule>

to:

Timeout 300

MaxKeepAliveRequests 0

StartServers 30

MinSpareServers 5

MaxSpareServers 50

ServerLimit 2000

MaxClients 1800

MaxRequestsPerChild 0

</IfModule>

That was the only changes i did on the httpd.conf file

I disabled eaccelerator now i havent seen much difference.

Download today! Free Windows Live software. Chat, search, share pics and more.

Re: Apache + sites loading slow in IE only

2008-12-02T14:14:16Z

Tom Belmount wrote:

> Hey guys, Im having a problem where my websites are loading slow in IE only.

Might IE be the cause then, rather than the effect ?

It started doing this after i made changes to my httpd.conf file.

Such as ? come on, give us a clue ..

At the same time i also installed eaccelerator.

Which is ? considering the effect you indicate above, you may have been
had..

Not all of the virtual hosts run slow how-ever. Only one of them does.

Should we guess ?

There really isn't much difference between them.

Is there any tweaks i can make to my .conf file to fix this?

You could always try to revert to the situation before the changes..

A copy of my .conf file can be found
here:http://www.insidiousfix.net/httpd.txtthanks

Hmm. No.

Not Found
The requested URL /httpd.txtthanks was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use
an ErrorDocument to handle the request.

Seems you have indeed some problems.

;-)

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@...
" from the digest: users-digest-unsubscribe@...
For additional commands, e-mail: users-help@...

Re: Apache + sites loading slow in IE only

2008-12-02T14:08:32Z

On Tue, Dec 2, 2008 at 5:01 PM, Tom Belmount <tombelmount@...> wrote:
> Hey guys,
>
> Im having a problem where my websites are loading slow in IE only. It
> started doing this after i made changes to my httpd.conf file. At the same
> time i also installed eaccelerator.

What did you change?

Have you disabled the eaccelerator?

--
Eric Covener
covener@...

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@...
" from the digest: users-digest-unsubscribe@...
For additional commands, e-mail: users-help@...

Apache + sites loading slow in IE only

2008-12-02T14:01:32Z

Hey guys,

Im having a problem where my websites are loading slow in IE only. It started doing this after i made changes to my httpd.conf file. At the same time i also installed eaccelerator.

I'm finding it hard to find/fix the problem. Im still very new with this.

Not all of the virtual hosts run slow how-ever. Only one of them does. There really isn't much difference between them.

Is there any tweaks i can make to my .conf file to fix this? A copy of my .conf file can be found here:

http://www.insidiousfix.net/httpd.txt

thanks

Start searching now Rental properties galore.

Re: mod_proxy: 302 redirect makes Apache ignore some headers

2008-12-02T10:55:55Z

On Fri, Nov 28, 2008 at 5:14 PM, Nick Kew wrote:
> Upgrade. 2.0.x mod_proxy is ancient and had lots of bugs. Correct
> handling of response headers was fixed just over a year ago (though
> that was principally down to protocol niceties, and I think cookies
> in 2.2 may have been fixed much earlier).

Thanks for that.

Unfortunately, I am not able to upgrade Apache (yet), but I managed to
write a work around. For anyone's interest: after having sent the
request, the back-end server checks whether it has sent a redirect
with Set-cookie headers. If that is the case, these cookies are stored
in a session variable. On any request, the back-end server checks for
the existence of such a session variable; if it exists it sends the
remembered cookies to the user and empties the variable.

Martijn.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@...
" from the digest: users-digest-unsubscribe@...
For additional commands, e-mail: users-help@...

Re: File upload to Apache server without third party software

2008-12-02T05:37:49Z

Brian Mearns wrote:
[...]
Thanks Brian, I agree with what you wrote.

Prasanth, maybe the correct place to start is here :
http://www.faqs.org/rfcs/rfc2616.html

The various HTTP "methods" are described in section 9.2 and later.
I suggest to start reading from the beginning however.
The way in which Apache and some of its modules work (or any other web
server for that matter), are only understandable when you have at least
a basic understanding of the HTTP protocol.
By telling you that, we are trying to help you. The questions you are
asking, and the way you are asking them, makes us think that you are
missing some basic parts of the puzzle.

For example, Brian mentioned WebDav.
You will find how to set it up in Apache here :
http://httpd.apache.org/docs/2.2/mod/mod_dav.html#dav
Installing Dav in Apache will allow you to send PUT requests, including
a file to upload to your server. It will do that right out-of-the-box,
which is what you seem to want.

But, do you notice the red box in the middle of the page ?

It tells you that unless you know exactly what you are doing, anybody
having access to your webserver is going to be able to download any file
from your computer, or upload any file to it. For example, /etc/passwd.
It is much like making the C:\ directory of your PC into a network
share, with read/write permission to Everyone.
I am quite sure you do not want that.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@...
" from the digest: users-digest-unsubscribe@...
For additional commands, e-mail: users-help@...

Re: File upload to Apache server without third party software

2008-12-02T04:54:44Z

Well, It's very possible you know something I don't, but based on my
understanding on POST, it sounds like you're confused about how it
works. The use case I'm familiar with is to create a cgi script, or a
server side script like PHP that receives the POST data and saves it
to a file. And you're right, it is just like GET, the content of the
URL you specified will be returned by the server. The only difference
I know of between GET and POST is that with GET, the client sends data
encoded in the URL, and with POST, the data is included as the body of
the HTTP request.. That's why post is used for uploading files.

However---and again, this is just my understanding of it---POST is not
intended to just arbitrarily create or change files on the server, you
have to use some server side mechanism (again, a cgi or php or
something) to actually receive the POSTed data and write it to a file.

It sounds like what you may be interested in is some sort of WebDAV
method. This is an extension to the HTTP standard that's meant for
sharing files over an HTTP connection, and it has more powerful
methods than standard HTTP. I'm not sure if it has something you're
looking for, but it might be worth a look.

Hope that helps,
-Brian

--
Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from: https://keyserver.pgp.com

On Mon, Dec 1, 2008 at 1:09 PM, <prasanthgs@...> wrote:

> Hi All,
>
> First of all, sorry for the long mail. To give a gist of the mail, I want to know how to use the POST method for Apache server without installing Tomcat or anything.
>
> I have a "Server version: Apache/2.0.54" installed in my system. I have configured it to act as a server as well as a proxy server; which means the Apache is working fine.
>
> Now I try to do some configuration so that the Apache server will support uploading of files (i.e. POST method).
>
> For that I created a folder "public" and the configuration in httpd.conf for the same is as follows:
>
> <Directory "/var/www/html/public">
> AllowOverride None
> Options None
> <Limit POST GET HEAD DELETE>
> Order allow,deny
> Allow from all
> </Limit>
> </Directory>
>
> Then "/etc/init.d/httpd restart".
>
> Then POST command is executed to create a new file "NotExists.txt" in "/var/www/html/public":
>
> User :$> POST "http://127.0.0.1/public/NotExists.txt"
> Reply :$> Please enter content (application/x-www-form-urlencoded) to be POSTed:
> User :$> helloooooooooooooooo
> User :$> Ctrl D
> Reply :$> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> <html><head>
> <title>404 Not Found</title>
> </head><body>
> <h1>Not Found</h1>
> <p>The requested URL /public/hello.txt was not found on this server.</p>
> <hr>
> <address>Apache/2.0.54 (Fedora) Server at 127.0.0.1 Port 80</address>
> </body></html>
>
> [
> "User" is the User Input given by the user.
> "Reply" is the reply printed out on to the terminal.
> ]
>
> And in case, the POST is done for a file which already exists in the server, the content of the file is given back (i.e., it behaves as if a GET request is sent!).
>
> Also, would like to know whether the DELETE method is supported by Apache. If so, what should be the configuration.
>
> Regards,
> prasanth
>
>
> India's first Indian Language Mailing System,Now in a New Look and Feel.Open your FREE e-mail account today!!!
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@...
> " from the digest: users-digest-unsubscribe@...
> For additional commands, e-mail: users-help@...
>
>

Re: Clearing cache selectively on Apache + mod_cache

2008-12-02T04:40:58Z

André Warnier wrote:
> Indeed.
> So either you create a sript/program that goes directly in the cache and
> clears the document (which would mean you can recalculate the hash that
> mod_cache uses for a given URL), or else you find another clever way.
>
This is yet another idea.
I just downloaded the source code for the latest Apache, and had a look
at the hashkeys related stuff.
That is
support/htcacheclean.c
modules/cache/cache_hash.h
modules/cache/cache_hash.c

I am not a C programmer, but the impression I get, is that it would not
be so difficult to modify htcacheclean to add another command-line
option to it.
This command-line option would take the URL of a cached object, and go
off and delete it from the cache.

Since that could be considered a useful addition "in general" to
htcacheclean, maybe one of the mod_cache developers would be interested ?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@...
" from the digest: users-digest-unsubscribe@...
For additional commands, e-mail: users-help@...

Re: Load Module Directive in Virtual host block

2008-12-02T04:21:42Z

On Tue, Dec 2, 2008 at 2:24 AM, Vinay Purohit <Vinay.Purohit@...> wrote:

> Hi,
>
> I have created my own apache connector and would like to load this on
> virtual server level in Apache 2.2.10 i.e. different connector in different
> virtual server host block.
>
> Since I can not place LoadModule directive inside the virtual server
> host block Is there any way i can get the same affect i.e. placing my module
> inside one virtual server host block should not be any way related to other
> virtual servers

Load it in the base config, and configure it (with your own logic) to
only operate in specific vhosts.

--
covener@...

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@...
" from the digest: users-digest-unsubscribe@...
For additional commands, e-mail: users-help@...

Re: Clearing cache selectively on Apache + mod_cache

2008-12-02T03:47:32Z

Indeed.
So either you create a sript/program that goes directly in the cache and
clears the document (which would mean you can recalculate the hash that
mod_cache uses for a given URL), or else you find another clever way.

Let's say that for Tomcat, the expensive part of the operation is to
re-generate the PDF response. But since this seems to be some kind of
database-based application, I imagine that :
- when your application on Tomcat gets a request for an item, it goes
off into the database to retrieve the information, then formats this
into a PDF and sends this as a response. That's expensive.
- but the information in the database must have some kind of timestamp,
since you can determine when the response would need to be regenerated
and when not.
- so what about your application checking first if the information is
really "new", and if not returning some other kind of response to the
caller (in this case the caller would be Apache/mod_cache).

What I mean is a bit complicated to explain, but roughly :
- when mod_cache examines a request, it can find that the document is
not in the cache, and then the request goes through to Tomcat. The
response from Tomcat is then stored in the cache, by a filter set up by
mod_cache for this request and for this purpose. I imagine that in this
case, the request as it goes to Tomcat is "unconditional", meaning that
it tells Tomcat "give me this document, no matter what".
- on the other hand, when mod_cache finds the document already in the
cache, it must still, under certain circumstances, let a request go
through to Tomcat, to verify that the cached document is still valid.

I am not quite clear myself on which combination of circumstances and
request and response headers control this behaviour, but I have a
feeling somehow that it must be possible to play with this, to avoid the
Tomcat application having to unnecessarily generate those expensive PDF
answers. It would still get calls, and would still need to interrogate
the database, but in many cases it could answer with something like a
"Not modified" status instead of a new PDF.

Any real guru available here ?

Karim Zaki wrote:

> Seems I'm back at square 1. The idea of using max-age=0 did not work, which, on second thought, makes sense. CacheIgnoreCacheControl should ignore the "cache-control" header regardless of its value. The virtual host solution did not work either. It created new cache entries for the vhost.
>
> -----Original Message-----
> From: André Warnier [mailto:aw@...]
> Sent: Monday, December 01, 2008 6:20 PM
> To: users@...
> Subject: Re: [users@httpd] Clearing cache selectively on Apache + mod_cache
>
> Eric Covener wrote:
>> On Mon, Dec 1, 2008 at 11:09 AM, André Warnier <aw@...> wrote:
>>> Which leads me to believe that, as such, the scheme proposed with the
>>> separate VirtualHost will not work as simply as expected.
>> Yep, it looks like you'd need to jump through hoops to have a vhost
>> that was able to nuke these requests (using the same hostname on a
>> separate interface).
>
> Just intellectual curiosity : other than going through the source code
> of mod_cache, is there a description somewhere of the algorithm used by
> mod_cache to calculate this hashcode ?
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@...
> " from the digest: users-digest-unsubscribe@...
> For additional commands, e-mail: users-help@...
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@...
> " from the digest: users-digest-unsubscribe@...
> For additional commands, e-mail: users-help@...
>
>