The Apache Haus Forum

Advanced search  


Welcome to Apache Haus Distribution Forum

Pages: [1] 2 3 ... 10
 on: September 24, 2020, 09:12:17 PM 
Started by Gregg - Last post by Gregg
Without much fanfare, both the OpenSSL and LibreSSL releases have been updated.

I've had the LibreSSL releases a few weeks and lagged on getting them out with all the fires around this area.
Now is as good a time as any to put them up.


 Changes between OpenSSL 1.1.1g and 1.1.1h [22 Sep 2020]

  *) Certificates with explicit curve parameters are now disallowed in
     verification chains if the X509_V_FLAG_X509_STRICT flag is used.
     [Tomas Mraz]

  *) The 'MinProtocol' and 'MaxProtocol' configuration commands now silently
     ignore TLS protocol version bounds when configuring DTLS-based contexts, and
     conversely, silently ignore DTLS protocol version bounds when configuring
     TLS-based contexts.  The commands can be repeated to set bounds of both
     types.  The same applies with the corresponding "min_protocol" and
     "max_protocol" command-line switches, in case some application uses both TLS
     and DTLS.
     SSL_CTX instances that are created for a fixed protocol version (e.g.
     TLSv1_server_method()) also silently ignore version bounds.  Previously
     attempts to apply bounds to these protocol versions would result in an
     error.  Now only the "version-flexible" SSL_CTX instances are subject to
     limits in configuration files in command-line options.
     [Viktor Dukhovni]

  *) Handshake now fails if Extended Master Secret extension is dropped
     on renegotiation.
     [Tomas Mraz]

  *) The Oracle Developer Studio compiler will start reporting deprecated APIs

Changes between LibreSSL 3.1.3 and 3.1.4  [17 Aug 2020]

    * Improve client certificate selection to allow EC certificates
      instead of only RSA certificates.

    * Do not error out if a TLSv1.3 server requests an OCSP response as
      part of a certificate request.

    * Fix SSL_shutdown behavior to match the legacy stack.  The previous
      behaviour could cause a hang.

    * Fix a memory leak and add a missing error check in the handling of
      the key update message.

    * Fix a memory leak in tls13_record_layer_set_traffic_key.

    * Avoid calling freezero with a negative size if a server sends a
      malformed plaintext of all zeroes.

    * Ensure that only PSS may be used with RSA in TLSv1.3 in order
      to avoid using PKCS1-based signatures.

    * Add the P-521 curve to the list of curves supported by default
      in the client.

As always, you can get your copy of the updated Apache HTTP Server from our download page.

 on: September 14, 2020, 02:45:19 AM 
Started by AyrA - Last post by sympl
I'll try this. Sounds pretty cool

 on: September 09, 2020, 08:36:16 AM 
Started by maxboyer - Last post by mario
Do you believe the KeepAlive would keep the worker busy?

Hi Max,
that can be an option why it is that way.

 on: September 09, 2020, 02:50:39 AM 
Started by maxboyer - Last post by maxboyer
Do you believe the KeepAlive would keep the worker busy?

Yeah, I'll test the logging on our test server.


 on: September 04, 2020, 08:28:40 AM 
Started by maxboyer - Last post by mario
For debuging you can adjust the log level

Code: [Select]
LogLevel warn proxy:debug



Be aware that both settings will flood your log files a lot!

 on: September 04, 2020, 08:23:15 AM 
Started by maxboyer - Last post by mario
The KeepAlive is set by default between Apache and the backend server, since it uses HTTP/1.1

You can disable KeepAlive with

Code: [Select]
SetEnv proxy-nokeepalive 1
Code: [Select]
<Location "/">
  ProxyPass "http:/appserver:8080/"
  SetEnv force-proxy-request-1.0 1
  SetEnv proxy-nokeepalive 1

 on: September 03, 2020, 08:51:45 PM 
Started by maxboyer - Last post by maxboyer
Hello from Canada!

I'm looking for some assistance. We're running Apache 2.4.46 (httpd-2.4.46-o111g-x64-vc15) on Windows Server 2012R2 as a reverse proxy load balancer.

Sometimes, the balancer workers report a busyness count greater than 0 (usually 1) on the balancer-manager status page, even though not seemingly serving any request. As a result, the requests are unevenly distributed between the 2 workers.

Restarting Apache clears the count, and it also clears itself after a while. What could cause this? KeepAlive?

I tried to debug the process, but the instructions for Windows seems to be outdated:
I can't find the * download.

Is there instructions to build and debug Apache on Windows? What could I do to troubleshoot this further?

Thank you,

Our environment:
    - OS: Windows Server 2012 R2 (x64)
    - Server Version: Apache/2.4.46 (Win64) OpenSSL/1.1.1g mod_h264_streaming/2.2.7
    - Server MPM: WinNT
    - Server Built: Aug 1 2020 13:21:32
    - Distributed by: The Apache Haus
    - Compiled with: Visual Studio 2017

Our configuration:
    - Single process (winnt mpm)
    - ThreadsPerChild 15000
    - Virtual host with proxy_balancer (HTTP/1.1 TLS 1.2)
    - 2 balancer workers (https to the 2 application servers)
        - lbmethod=bybusyness
        - stickysession=JSESSIONID

 on: August 06, 2020, 08:38:09 AM 
Started by notatechwizz - Last post by mario
You can block some stuff

Code: [Select]
RewriteRule .* - [R=405,L]

RewriteCond %{HTTP_USER_AGENT}  ^.*python-requests.*$
RewriteCond %{HTTP_USER_AGENT}  ^.*opensiteexplorer.*$
RewriteRule . - [R=403,L]

RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
RewriteRule ^(.*\.php)$ $1 [L]

 on: August 06, 2020, 08:27:41 AM 
Started by Gregg - Last post by mario
Thank you for the build!

 on: August 05, 2020, 09:08:29 PM 
Started by notatechwizz - Last post by notatechwizz
WORDPRESS : 5.4.2 / MY PHP : 7.4.8 / SERVER : APACHE / MYSQL : 5. 7. 28 / HOSTING : 1&1 IONOS (on sharing, mutual hosting) / PROTOCOLE SSL : ENABLE

Hi everyone !
I'm a travelling photographer building a website (contain pictures, YouTube movie, donation plateform and woo commerce) to establish social aid towards some of the causes which have moved me on my travels. and need all the help I can get.
I am the only administrator and a beginner in web development, i would like to make a heartfelt plea to all the IT Tech gurus out there: can you please, please check my .htaccess files . I have been struggling with this for a while and any advice to help me out of this tangle would be so absolutely appreciated.
My domain look like i have redirection for people come in (I want keep this configuration for endpoint)
Another question, my website actually works with this .htaccess, i am not sure but i feel i have a redirection problem, can you check this code please, and if you have suggestions for optimization, security... it would be greatly appreciated !!!
I have replace my url website by : for privacy If you need my url website I can send it to you in a private message.
# BEGIN WordPress
# Les directives (lignes) entre 'BEGIN WordPress' et 'END WordPress' sont
# généré dynamiquement, et ne doivent uniquement être modifiées via les filtres WordPress.
# Toute modification des directives entre ces marqueurs sera outrepassée.
Code: [Select]
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress
ExpiresActive On
ExpiresByType image/jpg "access 1 year"
ExpiresByType image/jpeg "access 1 year"
ExpiresByType image/gif "access 1 year"
ExpiresByType image/png "access 1 year"
ExpiresByType image/svg "access 1 year"
ExpiresByType text/css "access 1 month"
ExpiresByType application/pdf "access 1 month"
ExpiresByType application/javascript "access 1 month"
ExpiresByType application/x-javascript "access 1 month"
ExpiresByType application/x-shockwave-flash "access 1 month"
ExpiresByType image/x-icon "access 1 year"
ExpiresDefault "access 2 days"

# Make PHP code look like unknown types
AddType application/x-httpd-php .bop .foo .133t
<IfModule mod_rewrite.c>
RewriteEngine on
# HSTS preload
RewriteCond %{HTTP_HOST} !^www\.[^.]+\.[^.]+$
# Then redirect http to https (if necessary)
RewriteCond %{HTTPS} on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,L,R=301]

# BEGIN wccp_pro_image_protection
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} (
RewriteRule ^.*$ [R=301,L]
RewriteCond %{HTTP_COOKIE} (wccpprocookie=excludethispage)
RewriteRule ^(.*)\.(jpg|png|jpeg|gif)$ - [NC,L]
RewriteCond %{QUERY_STRING} (wccp_pro_watermark_pass) [NC,OR]
RewriteCond %{REQUEST_URI} (wp-content/plugins) [NC,OR]
RewriteCond %{REQUEST_URI} (wp-content/themes) [NC,OR]
RewriteCond %{REQUEST_URI} (logo|background|150x150) [NC,OR]
RewriteCond %{REQUEST_URI} (this_is_just_not_any_wanted_image_size) [NC]
RewriteRule ^(.*)\.(jpg|png|jpeg|gif)$ - [NC,L]
# What happen to images on my site
#RewriteCond %{HTTP_ACCEPT} (image|png) [NC]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)? [NC,OR]
RewriteCond %{HTTP_REFERER} ^(.*) [NC]
RewriteRule ^.*$ - [NC,L]
#Save as or Click on View image after right click or without any referer
RewriteCond %{REQUEST_URI} ( [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ( [NC,OR]
RewriteCond %{HTTP_ACCEPT} (text|html|application|image|png) [NC]
RewriteRule ^(.*)\.(jpg|png|jpeg)$$1.$2&w=1 [R=301,NC,L]
RewriteCond %{REQUEST_URI} \.(jpg|jpeg|png)$ [NC]
RewriteCond %{REMOTE_ADDR} !^(|$ [NC]
RewriteCond %{REMOTE_ADDR} !^66.6.(32|33|36|44|45|46|40). [NC]
RewriteCond %{HTTP_USER_AGENT} !(this_is_just_not_any_wanted_service_name) [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?(this_is_just_not_any_wanted_service_name) [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?(|||||||||| [NC]
RewriteCond %{HTTP_USER_AGENT} !(|googlebot|msnbot|baiduspider|slurp|webcrawler|teoma|photon|facebookexternalhit|facebookplatform|pinterest|feedfetcher|ggpht) [NC]
RewriteCond %{HTTP_USER_AGENT} !(photon||akamai|cloudfront|netdna|bitgravity|maxcdn|edgecast|limelight|tineye) [NC]
RewriteCond %{HTTP_USER_AGENT} !(developers|gstatic|googleapis|googleusercontent|google|ytimg) [NC]
RewriteRule ^(.*)\.(jpg|png|jpeg)$$1.$2&w=1 [R=301,NC,L]
# END wccp_pro_image_protection

# BEGIN HttpHeaders
# Les directives (lignes) entre 'BEGIN HttpHeaders' et 'END HttpHeaders' sont
# généré dynamiquement, et ne doivent uniquement être modifiées via les filtres WordPress.
# Toute modification des directives entre ces marqueurs sera outrepassée.
# END HttpHeaders

# BEGIN WP-Optimize Gzip compression
<IfModule mod_filter.c>
<IfModule mod_deflate.c>
# Compress HTML, CSS, JavaScript, Text, XML and fonts
AddType application/ .eot
AddType font/ttf .ttf
AddType font/otf .otf
AddType font/x-woff .woff
AddType image/svg+xml .svg
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/
AddOutputFilterByType DEFLATE application/x-font
AddOutputFilterByType DEFLATE application/x-font-opentype
AddOutputFilterByType DEFLATE application/x-font-otf
AddOutputFilterByType DEFLATE application/x-font-truetype
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/x-font-woff
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE font/otf
AddOutputFilterByType DEFLATE font/ttf
AddOutputFilterByType DEFLATE font/woff
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/x-icon
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml
# Remove browser bugs (only needed for really old browsers)
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
Header append Vary User-Agent

# END WP-Optimize Gzip compression
# BEGIN WP-Optimize Browser Cache
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType text/css "access 28 days"
ExpiresByType text/html "access 28 days"
ExpiresByType image/gif "access 28 days"
ExpiresByType image/png "access 28 days"
ExpiresByType image/jpg "access 28 days"
ExpiresByType image/jpeg "access 28 days"
ExpiresByType image/webp "access 28 days"
ExpiresByType image/x-icon "access 28 days"
ExpiresByType application/pdf "access 28 days"
ExpiresByType application/javascript "access 28 days"
ExpiresByType text/x-javascript "access 28 days"
ExpiresByType application/x-shockwave-flash "access 28 days"
ExpiresDefault "access 28 days"

<IfModule mod_headers.c>
<filesMatch "\.(ico|jpe?g|png|gif|webp|swf)$">
Header set Cache-Control "public"

<filesMatch "\.(css)$">
Header set Cache-Control "public"

<filesMatch "\.(js)$">
Header set Cache-Control "private"

<filesMatch "\.(x?html?|php)$">
Header set Cache-Control "private, must-revalidate"

#Disable ETag
FileETag None
# END WP-Optimize Browser Cache
# BEGIN HttpHeadersCookieSecurity
# Les directives (lignes) entre 'BEGIN HttpHeadersCookieSecurity' et 'END HttpHeadersCookieSecurity' sont
# généré dynamiquement, et ne doivent uniquement être modifiées via les filtres WordPress.
# Toute modification des directives entre ces marqueurs sera outrepassée.
# END HttpHeadersCookieSecurity
# Wordfence WAF

<Files ".user.ini">
<IfModule mod_authz_core.c>
Require all denied

<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all

# END Wordfence WAF
Thank you again so much for going through it. Again, I’m in over my head, and any advice at all on this would be appreciated.
Wishing you a wonderful day !

Pages: [1] 2 3 ... 10