Recent posts
#71
Apache 2.4 / Today with apache2 status.. p...
Last post by ozstar - January 03, 2023, 10:55:03 PMHi, Happy New Year.
Today with the apache2 status command on our home Linux VB server I see this for the first time and I do not know why.
Apache has been running 3 days with no touching.
There is one dom we have wordpress on and it has been fine and untouched for this to happen.
Any help please?
oz
In the URL I get..
192.168.20.83/rootsofausssie
Not Found
Not found apache Port 80
--------------------------
EDIT:
I have just done a apache2 status again and it says it us running but does not show the mysql or wordpress erros above.
It still does not resolve the wp site though.
Today with the apache2 status command on our home Linux VB server I see this for the first time and I do not know why.
Apache has been running 3 days with no touching.
There is one dom we have wordpress on and it has been fine and untouched for this to happen.
Any help please?
oz
Quoteapache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2023-01-03 11:22:01 AEDT; 21h ago
Docs: https://httpd.apache.org/docs/2.4/
Process: 630 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
Process: 3433 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=0/SUCCESS)
Main PID: 807 (apache2)
Tasks: 11 (limit: 10660)
Memory: 62.5M
CGroup: /system.slice/apache2.service
├─ 807 /usr/sbin/apache2 -k start
├─3437 /usr/sbin/apache2 -k start
├─3439 /usr/sbin/apache2 -k start
├─3440 /usr/sbin/apache2 -k start
├─3441 /usr/sbin/apache2 -k start
├─3547 /usr/sbin/apache2 -k start
├─3548 /usr/sbin/apache2 -k start
├─3549 /usr/sbin/apache2 -k start
├─3550 /usr/sbin/apache2 -k start
├─3551 /usr/sbin/apache2 -k start
└─3552 /usr/sbin/apache2 -k start
Jan 04 04:56:49 zorin162-VirtualBox phpMyAdmin[3437]: user denied: root (mysql-denied) from 134.122.19.42
Jan 04 04:56:50 zorin162-VirtualBox phpMyAdmin[3437]: user denied: root (mysql-denied) from 134.122.19.42
Jan 04 04:56:50 zorin162-VirtualBox phpMyAdmin[3437]: user denied: root (mysql-denied) from 134.122.19.42
Jan 04 04:56:51 zorin162-VirtualBox phpMyAdmin[3437]: user denied: root (mysql-denied) from 134.122.19.42
Jan 04 04:56:51 zorin162-VirtualBox phpMyAdmin[3437]: user denied: root (mysql-denied) from 134.122.19.42
Jan 04 04:56:52 zorin162-VirtualBox phpMyAdmin[3437]: user denied: root (mysql-denied) from 134.122.19.42
Jan 04 04:56:52 zorin162-VirtualBox phpMyAdmin[3437]: user denied: root (mysql-denied) from 134.122.19.42
Jan 04 04:56:53 zorin162-VirtualBox phpMyAdmin[3437]: user denied: root (mysql-denied) from 134.122.19.42
Jan 04 04:56:53 zorin162-VirtualBox phpMyAdmin[3437]: user denied: wordspress (mysql-denied) from 134.122.19.42
Jan 04 04:56:54 zorin162-VirtualBox phpMyAdmin[3437]: user denied: wordpress (mysql-denied) from 134.122.19.42
root@zorin162-VirtualBox:~#
In the URL I get..
192.168.20.83/rootsofausssie
Not Found
Not found apache Port 80
--------------------------
EDIT:
I have just done a apache2 status again and it says it us running but does not show the mysql or wordpress erros above.
It still does not resolve the wp site though.
#72
Apache 2.4 / Re: High CPU usage after Qualy...
Last post by Steffen - January 03, 2023, 08:38:08 PMYes the handle leak is fixed at Apachelounge VS16 2.9.5 and VS17 2,9.6.
Background see https://www.apachelounge.com/viewtopic.php?p=40768#40768
Not sure if Apachehause has also fixed IN APR.
Background see https://www.apachelounge.com/viewtopic.php?p=40768#40768
Not sure if Apachehause has also fixed IN APR.
#73
Apache 2.4 / Re: High CPU usage after Qualy...
Last post by proxyman - January 03, 2023, 07:23:17 PMThanks, Mario. When we had last evaluated mod_security, there was a handle leak issue which was reported to crash httpd.exe which is why we didn't include it. Has that issue been resolved in version 2.9.5? And also, this wasn't an issue reported in version 2.4.46.
#74
Apache 2.4 / Re: High CPU usage after Qualy...
Last post by mario - January 03, 2023, 03:36:37 PMHi!
mod_security is a valid option to stop such things.
mod_security is a valid option to stop such things.
#75
Apache 2.4 / High CPU usage after Qualys sc...
Last post by proxyman - January 03, 2023, 12:25:15 PMWhen we run a Qualys Vulnerability scan (Network scan), Apache HTTPD configured as a Reverse Proxy (ApacheHaus dist. v.2.4.54 w/LibreSSL) ramps up to 25 percent CPU utilization and stays at this until a reboot. If a scan is run again, this ramps up to 50 percent CPU utilization for httpd.exe.
This was not observed with version 2.4.46 w/LibreSSL, with the same loaded modules:
Loaded Modules: (static) core_module, win32_module, mpm_winnt_module, http_module, so_module
(shared) dir_module, alias_module, log_config_module, authn_core_module, authz_core_module, headers_module, lbmethod_byrequests_module, proxy_module, proxy_balancer_module, proxy_http_module, rewrite_module, slotmem_shm_module, socache_shmcb_module, ssl_module, include_module, status_module, proxy_wstunnel_module, env_module
How can we mitigate this behavior or fix it? Qualys itself does not report any Apache HTTPD specific vulnerabilities, but the system slows down after every scan(Server VMs - w/dedicated resources 32GB RAM + Xeon quad-core CPU). Apache's logs are clear without errors around re-negotiation (Ref: https://success.qualys.com/discussions/s/question/0D52L00004TnxccSAB/apache-threads-stuck-at-100-after-scan). The timeout period is 1 hour in the configuration (for some long-running operations), but as seen from the screenshot above, the CPU usage does not drop after an hour, so it's unlikely to be existing sessions which are waiting to timeout.
Rebooting the servers after a vulnerability scan is not an option as these are production systems running multiple critical services. Any help or pointers would be appreciated. Thank you.
This was not observed with version 2.4.46 w/LibreSSL, with the same loaded modules:
Loaded Modules: (static) core_module, win32_module, mpm_winnt_module, http_module, so_module
(shared) dir_module, alias_module, log_config_module, authn_core_module, authz_core_module, headers_module, lbmethod_byrequests_module, proxy_module, proxy_balancer_module, proxy_http_module, rewrite_module, slotmem_shm_module, socache_shmcb_module, ssl_module, include_module, status_module, proxy_wstunnel_module, env_module
How can we mitigate this behavior or fix it? Qualys itself does not report any Apache HTTPD specific vulnerabilities, but the system slows down after every scan(Server VMs - w/dedicated resources 32GB RAM + Xeon quad-core CPU). Apache's logs are clear without errors around re-negotiation (Ref: https://success.qualys.com/discussions/s/question/0D52L00004TnxccSAB/apache-threads-stuck-at-100-after-scan). The timeout period is 1 hour in the configuration (for some long-running operations), but as seen from the screenshot above, the CPU usage does not drop after an hour, so it's unlikely to be existing sessions which are waiting to timeout.
Rebooting the servers after a vulnerability scan is not an option as these are production systems running multiple critical services. Any help or pointers would be appreciated. Thank you.
#76
Apache Programming and Building / Re: Errors while compiling Apa...
Last post by EileenDover - December 23, 2022, 02:26:59 PMQuote from: Perrytonitus on December 23, 2022, 02:05:15 PMIm trying to install apache http server 2.4.9 on mac osx 10.9. I have downloaded the gcc compiler.thank you so much share your problem solve code
sh-3.2# gcc -v
Configured with: --prefix=/Applications/Xcode.app/Contents/Developer/usr --with-gxx-include-dir=/usr/include/c++/4.2.1
Apple LLVM version 5.1 (clang-503.0.40) (based on LLVM 3.4svn)
Target: x86_64-apple-darwin13.1.0
Thread model: posix.
#77
Apache Programming and Building / Re: Errors while compiling Apa...
Last post by Perrytonitus - December 23, 2022, 02:05:15 PMIm trying to install apache http server 2.4.9 on mac osx 10.9. I have downloaded the gcc compiler.
sh-3.2# gcc -v
Configured with: --prefix=/Applications/Xcode.app/Contents/Developer/usr --with-gxx-include-dir=/usr/include/c++/4.2.1
Apple LLVM version 5.1 (clang-503.0.40) (based on LLVM 3.4svn)
Target: x86_64-apple-darwin13.1.0
Thread model: posix.
sh-3.2# gcc -v
Configured with: --prefix=/Applications/Xcode.app/Contents/Developer/usr --with-gxx-include-dir=/usr/include/c++/4.2.1
Apple LLVM version 5.1 (clang-503.0.40) (based on LLVM 3.4svn)
Target: x86_64-apple-darwin13.1.0
Thread model: posix.
#78
Apache 2.4 / Re: Problem after Lets Encrypt...
Last post by ozstar - December 10, 2022, 08:40:26 AMThank you. I added that to the conf file and I think it looks good. As you say, now to the 443 headache :-)
I was directed to this but I'm not sure if it apples to my problem.
Redirect 443 to another port
Quoteroot@zorin162-VirtualBox:/etc/apache2/sites-enabled# /etc/init.d/apache2 restart
Restarting apache2 (via systemctl): apache2.service.
root@zorin162-VirtualBox:/etc/apache2/sites-enabled# systemctl status apache2
* apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2022-12-10 18:34:57 AEDT; 18s ago
Docs: https://httpd.apache.org/docs/2.4/
Process: 13643 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
Main PID: 13647 (apache2)
Tasks: 55 (limit: 10660)
Memory: 5.7M
CGroup: /system.slice/apache2.service
|-13647 /usr/sbin/apache2 -k start
|-13649 /usr/sbin/apache2 -k start
`-13650 /usr/sbin/apache2 -k start
Dec 10 18:34:57 zorin162-VirtualBox systemd[1]: Starting The Apache HTTP Server...
Dec 10 18:34:57 zorin162-VirtualBox systemd[1]: Started The Apache HTTP Server.
root@zorin162-VirtualBox:/etc/apache2/sites-enabled#
I was directed to this but I'm not sure if it apples to my problem.
Redirect 443 to another port
#79
Apache 2.4 / Re: Problem after Lets Encrypt...
Last post by mario - December 08, 2022, 09:46:34 AM> Now just have to work out why all the sites change from HTTP to HTTPS
Do you have any rewrite rules or is it the browsers that want to use HTTPS. For example Chrome and Firefox try https first before thinking of plan HTTP.
> why it lands at the front door of the router instead of going through to the site.
That seems more like a port forwarding issue or a provider issue (blocking the 443 port)
Do you have any rewrite rules or is it the browsers that want to use HTTPS. For example Chrome and Firefox try https first before thinking of plan HTTP.
> why it lands at the front door of the router instead of going through to the site.
That seems more like a port forwarding issue or a provider issue (blocking the 443 port)
#80
Apache 2.4 / Re: Problem after Lets Encrypt...
Last post by mario - December 08, 2022, 09:43:02 AMThe last error message can be solved by setting a Name in the glocal config
like
IIRC it is in /etc/apache2/apache2.conf on ubuntu
like
Code Select
ServerName localhostIIRC it is in /etc/apache2/apache2.conf on ubuntu