The Apache Haus Forum

Advanced search  


Welcome to Apache Haus Distribution Forum

Pages: 1 ... 8 9 [10]
 on: February 16, 2020, 12:18:13 AM 
Started by Gene - Last post by Gene
Hi folks,

I would like to enable my 32-bit Apache web server to support HTTP/2.  Currently my server support https.

I tried using both OpenSSL and Libre SSL 32-bit builds:

The connection to the server is successful, but it is only using HTTP/1.2.

Here's the output from curl:

curl -k --http2 -v https://<my server>:9300
*   Trying <my server>:9300...
* Connected to <my server> port 9300 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / AES128-SHA
* ALPN, server did not agree to a protocol
> GET / HTTP/1.1
> Host: <my server>:9300
> User-Agent: curl/7.68.0
> Accept: */*
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK

Does anybody have any suggestions?

Thanks in advance.

 on: February 15, 2020, 05:46:26 AM 
Started by JC - Last post by Gregg
We have Apache 2.4.41 with openssl 1.1.1d on our download page.
Edit: I see that is not correct, we're at 1.1.1c. I remember that the CVE didn't effect Apache but sclient but

About that CVE. Methinks (I may be wrong) that this is also yours;

But let's look at that post, at the bottom
Quote from: franklin.watson
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Upgrade to OpenSSL version 1.1.1e-dev or later.

So, Nessus is blindly suggesting to upgrade to a dev version. But not just that, the fact that they are not even testing for (because no one yet knows how to screw you with it but the reporter & devs working on the fix) but are relying solely "only on the application's self-reported version number" is shameful and they just want to look like you're getting your moneys worth.

That tells me I could just change the numbers in the source of 1.1.1d and they'd shut up. It would be the same exact code but changing the numbers in 1 file (opensslv.h) would be enough to satisfy them.  ::) They're crying WOLF WOLF WOLF! but haven't bothered to actually see if it is indeed around.

If that post isn't yours, we don't do dev releases except for dev purposes, that's why they are "dev versions," certainly not for production severs. If you 'just have to fix this it probably is a production server.

Compiling OpenSSL in and of itself is two lines at the command line and not that hard. Just replace the DLLs in Apache24/bin. You only need Perl, NASM & the free version of visual studio that matches your Apache.

Code: [Select]
perl Configure VC-WIN64A --prefix=/Apache24 --openssldir=/Apache24/conf enable-camellia no-idea no-mdc2 no-ssl2 no-ssl3 no-zlib

That way you can have the fix for any other low severity, not very likely to be abused, vulnerability that doesn't warrant an actual release for next time the boy cries wolf.

 on: February 14, 2020, 09:08:59 PM 
Started by JC - Last post by JC
Need the latest Apache 2.4.41 with below OpenSSL fixes.

OpenSSL 1.1.1C < 1.1.1e-dev Procedure Overflow Vulnerability
CVE-2019-1551 (OpenSSL advisory) [Low severity] 06 December 2019:
   -Fixed in OpenSSL 1.1.1e-dev (git commit) (Affected 1.1.1-1.1.1d)
   -This issue was also addressed in OpenSSL 1.0.2u

OpenSSL 1.1.1C < 1.1.1d Multiple Vulnerabilities
CVE-2019-1563 (OpenSSL advisory) [Low severity] 10 September 2019:
   -Fixed in OpenSSL 1.1.1d (git commit) (Affected 1.1.1-1.1.1c)
   -This issue was also addressed in OpenSSL 1.1.0l, OpenSSL 1.0.2t


 on: February 14, 2020, 08:06:45 PM 
Started by unnikrishnan - Last post by unnikrishnan
For my project, I need to compile and build (create deb file) apache2.4.1 with some custom configurations, I googled for help. but nothing seems to be working fine. I hope you guys can help me, it will be very helpful. Please, someone, direct me on how to properly compile and build apache from the source file.

 on: January 30, 2020, 09:43:04 AM 
Started by AugustZellmer - Last post by mario
I also uploaded the old readme file from Apachehaus

 on: January 30, 2020, 09:25:50 AM 
Started by AugustZellmer - Last post by mario
Hi August,
mod_dav_fs is missing.

Code: [Select]
LoadModule dav_module modules/
LoadModule dav_fs_module modules/

LoadModule auth_digest_module modules/
LoadModule dav_svn_module modules/
LoadModule authz_svn_module modules/

<Location /svn/>
  DAV svn

  SVNListParentPath on
  SVNParentPath /Repositories/
  SVNIndexXSLT "/svnindex.xsl"
  SVNPathAuthz on
  AuthzSVNAccessFile "C:/Repositories/authz"

  AuthName "Subversion Repositories"
  AuthType Basic
  AuthUserFile "C:/Repositories/htpasswd"

  require valid-user

It is enabled via single httpd.conf directive, DontDoThatConfigFile:

Code: [Select]
<Location /svn>
DAV svn
SVNParentPath /path/to/repositories
DontDoThatConfigFile /path/to/config.file
DontDoThatDisallowReplay off

The file you give to DontDoThatConfigFile is a Subversion configuration file that contains the following sections.

Code: [Select]
/*/trunk = allow
/ = deny
/* = deny
/*/tags = deny
/*/branches = deny
/*/* = deny
/*/*/tags = deny
/*/*/branches = deny

 on: January 29, 2020, 04:56:41 PM 
Started by AugustZellmer - Last post by AugustZellmer
I have an Apache webserver. Currently it's serving a live website, and everything works great. Now, I need it to serve a SVN repo as well. However, every time I call LoadModule dav_svn_module "C:/[directory]/modules/", I get the error Syntax error on line 12 of C:/[directory]/conf/httpd.conf: Cannot load C:/[directory]/modules/ into server: The specified module could not be found. (Of course I'm not actually using "[directory]", I just wanted to scrub my folder structure for this post.)

Here's what I've done to try to get it working:
First, I installed the newest version of Microsoft Visual C++ Redistributable. Therefore, I now have all of the following installed:
  • Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
  • Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
  • Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
  • Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660
  • Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127
Secondly, I updated Apache to the newest version obtained from Apache Haus. I'm using version "".
Third, I downloaded the module binaries from Nono303's GitHub repo. I wasn't completely sure how to install them, so I simply copied the following 6 files from nono303/win-svn/vc15/x64 into C:/[directory]/modules.
  • mod_authz_svn.pdb
  • mod_dav_svn.dpb
  • mod_dontdothat.pdb
At this point, I confirmed that the server was still serving my website correctly, and everything was working as expected.
Finally, I added LoadModule dav_svn_module "C:/[directory]/modules/" to my configuration file, so it looks like this:
Code: [Select]
Define SRVROOT C:/[directory]/

ServerRoot "${SRVROOT}"

LoadModule access_compat_module modules/
LoadModule alias_module modules/
LoadModule authz_core_module modules/
LoadModule cache_module modules/
LoadModule cache_disk_module modules/
LoadModule cgi_module modules/
LoadModule dav_module modules/
LoadModule dav_svn_module "C:/[directory]/modules/"
LoadModule dir_module modules/
LoadModule include_module modules/
LoadModule isapi_module modules/
LoadModule log_config_module modules/
LoadModule mime_module modules/
LoadModule negotiation_module modules/
LoadModule rewrite_module modules/
LoadModule socache_shmcb_module modules/
LoadModule ssl_module modules/
LoadModule vhost_alias_module modules/

# PHP specific setup.
PHPIniDir "C:/[phpDirectory]"
LoadModule php7_module "C:/[phpDirectory]/php7apache2_4.dll"

[other configuration follows]

Now, every time I run httpd.exe, I get the error mentioned above.

What am I doing wrong? Did I miss a step? Are my versions incompatible?

 on: January 29, 2020, 04:17:03 PM 
Started by xeon - Last post by AugustZellmer
Cool thanks guys.

 on: January 29, 2020, 09:55:43 AM 
Started by xeon - Last post by mario
And y'all can confirm that nono303's binaries are legit and don't have any malware in them?

Virustotal showed no issues with it.

 on: January 29, 2020, 12:58:32 AM 
Started by rr908 - Last post by Gregg
With very minor modification it's HTML/4.01 compliant.;verbose=1

That test only allows html 5.

Pages: 1 ... 8 9 [10]