OXXus.net: Web Hosting » I am having load troubles with my server at the moment and I think I have found one of the reasons a truckload

I am having load troubles with my server at the moment and I think I have found one of the reasons a truckload

September 20, 2007 at 12:33 am · Filed under Unix HELP

E looks nice
PFE looks horrible

well, it was 10+ years ago.
luckily haven’t had to use windows this decade.

then I can safely say you have never used Windows at all

I dunno… he could have used WIndows 95.

and win3.1

I don’t call that Windows

win NT is far better than that crap

crap it may be, but Windows it still is.

windows NT, 2000, xp, etc are as far beyond windows 95/98/me as Linux is beyond Windows nt,2000, xp, etc.

XP is based on 2000 is based on NT

that’s rather skewed
except they’re all pretty much incomparable, you’ve got that part right

Vista on the other hand is based upon XP, but has a completely different API based on UNIX. it is werid.
It’s a wonder it even works half the time.

vista is badly broken
I kept wanting to ctrl-alt-backspace when it acted up

hehe…
sorry, but what does this have to do with apache?

apache rules!!!!

Good evening.

if it is a good evening, which niq doubts

I am having load troubles with my server at the moment and I think I have found one of the reasons; a truckload of TCP/IP connections at TIME_WAIT status all connected to Apache, “netstat -anp | grep :80 | grep TIME_WAIT | wc -l” gives over 700 or 800, is this normal or?
The tomcat server hosting isn’t this busy, 14 requests per second.
I’ve seen a few people with more than me and generally have ~15-20 TIME_WAIT connections.

decrease your timeouts, twiddle your TCP socket options
a few hundred open connections is not strange when using normal (300 sec) timeouts on HTTP connnections

My timeout is set to 60 (at Apache)
“Timeout 60″ in httpd.conf
Too high or?

anyone around?
sweet
hey does apache have uh. etc/passwd etc
or is that another webserver

O_o

explain

ie. does apache store variables in etc/passwd and etc/security etc

only the UID it runs as
but that should be a regular user account (with no login shell)

well i’ve managed to load my etc/passwd file
by including it into my page
but i’m trying to load the etc/security/passwd as well but it’s not found

why would you want to serve /etc/passwd as html content?

not for customers. it’s for myself

my question still stands

oh to check if my changes have worked

a slash at the beginning so it can be an absolute path

say again?

can apache server be used as a proxy server on my computer?

mod_proxy

mod_proxy is http://httpd.apache.org/docs-2.0/mod/mod_proxy.html or http://httpd.apache.org/docs/mod/mod_proxy.html http://httpd.apache.org/docs/2.2/mod/mod_proxy.html

although squid would be better

i tried downloading squid but i didnt understand what to do and the documentation was no help
all im trying to do is make it so that when someone uses myip:80 in their browsers proxy settings, they will be viewing sites from my ip address
80 can be changed to any port
whatever is needed

again…
mod_proxy

mod_proxy is http://httpd.apache.org/docs-2.0/mod/mod_proxy.html or http://httpd.apache.org/docs/mod/mod_proxy.html http://httpd.apache.org/docs/2.2/mod/mod_proxy.html

install squid, change the listen address from 3125 to 80 and enjoy

if you need something immensely more complicatedly dense like putting /etc/passwd in your webpage, i’m sure Samsonn could help you there…

squid-cache.org?

should be standard in your distro

where do i find it?

you may need to modify an ACL rule, but thats trivial

alright security/passwd doesnt exist i’ve established on my server
how do i locate the authent information then

you install it the same way you install any other package for your Operating System
what end-state are you aiming for?

pwnage

viewing my authent info!

you are overestimating me

i dont know what the same way as other packages is
i usually just download stuff from online and run the installer

i’m writing an account management script for php to update accounts

what operating system are you using?
umm, why not use one of the 10,000 existing ones you can find on google?
or use webmin

winxp

oh dear
Squid is for Unix

ugh
so i will have to use apache

apparently so

because i like to make my own lol

im lookin at this mod_proxy thing but i dont get it

well, I think ##php is the better place to ask these questions

gah

i just cant figure out where the passwords file is located. because etc/passwd contains entries like this: root:x:0:0:root:/root:/bin/bash
so the password is just x and not displayed !

no, the x means its in /etc/shadow
do you really want to set yourself up as an anonymous proxy?

shadow

shadow is for linux host

ah ok

yea i wanna let my friend use it
i have one set up on my website
but they have to view everything by typing it in my site

you sure? etc/shadow returns an error
An appropriate representation of the requested resource could not be found

i want them to set it up in their browser

/etc/shadow is no readable by any user other than root

but feel free to chmod it 777

even if i do a DIR listing with php?

:-/

php run through apache doesn’t run as root

ah ok
well in my DIR listing of etc/ i see shadow-

there’s actually a good reason why /etc/shadow is only readable by root
you should really think three times before changing that

sure, why not fopen while you’re at it, and setuid some exec()able script that does rm -rf / – make it a big button that says CLICK ME!

do you understand what im tryin to do?

i wonder why that is…
yes, although I’m not sure *why* you want to do it

so that a friend can view a site and the site sees it as me viewing

so limit it to his IP

he already can by using my proxy that is enabled on my website but its slower like that
i cant even get this running let alone limit access

it sounds decidely dodgy
squid takes a few minutes to set up

im on WinXP

my condoleances

squid would be overkill to proxy a single connection

!ssl

ssl

ssl is *Secure Sockets Layer. Ask me about mod_ssl or ssl vhosts see also http://httpd.apache.org/docs/2.2/ssl/

try it without the ‘!’

ssl!

ssl is *Secure Sockets Layer. Ask me about mod_ssl or ssl vhosts see also http://httpd.apache.org/docs/2.2/ssl/

heh

¡ssl!

its the #debian way dont you know

doesn’t punctuate in spanish.

how can i do it without overkill?

I think I need to buy an ssl certificate

Could multiple users downloading a same file which is ~800MB in size cause hgih load or iowait; multiple as in 16 (not including other Apache connections)..
dont have to if it’s “just for you”, i guess.

i see.

depends on the throughput of the storage

well i mean if i don’t access shadow- what alternative do i have then

sam`: Not too sure of what that means?

whats wrong with modifying it anyway

nvm g2g
thanks for the help

vrooom

i will try more later

does the 16 simultaneous reads exceeds the read speed of the drive?

online shops

gotcha; sam`.

is CAcert any good

cacert is not in most browsers

machine load is (partly) based on the IO usage of the machine, including the IDE/S-ATA buses

but the price is right and their verifications procedures cannot be worse than verisign’s

if you want instant clickety, you need to pay verisign a few hundred $

+1
or thwate or godaddy
etc…

rici how can free ever not be right ?

isn’t there a free certification authority out there?

bwahahaha

sam`: I see, this server has some kinda load in it and it’s due/because of high iowait and it’s soemwhere in Apache.

i said the price is right
Sam`: cacert

ok, that’s the one then

but it’s not installed on most browsers
so teh users will get teh warnings

yeah, i doubt it’s in IE or Opera

it’s not in opera, IE, or firefox

not even firefox?

or safari

safari is a bastard child

nope

so that’s definitely most browsers

i though that would have been the first to include it
so, who has it ?

megaspaz you can always offer clients to install the cacert root ca cert on you rweb site

sure
it’s up to him though
and most users probably don’t care.
i would care though

OK, I need a little help with RewriteRule. I have it working so domain.com/## is the “alias” for domain.com/view.php?id=##. But now I need it to do this: domain.com/##?pkey=(24 char alpha numeric string) is the “alias” for domain.com/view.php?id=##&passkey=(24 char alpha numeric
string)

but most people don’t have a single clue, and will worry

*shrugs*

Sam`: the cacert on mozilla saga is one of the longest running bugzilla/soap operathreads going
read it and weep

why ?

because

shhh

its true
cos they wnt down the pan innit
wikipedia says so

i see

it shows pretty well everyone in the worst possible light

sam`: Any idea if a SATA RAID10 array would be “slower” than a 10mbps of bandwidth, I doubt it?

it’s a clear demonstration of the ugliness of the ca business

I can get a turbo ssl certificates cert from godaddy for 15 USD

doubt it, especially on reads

reading it, you should also check to see which participants on the moz board had involvements with which ca companies
i won’t go any further than that, but it’s easy to check

I thought they cost hundreds of dollars

nvez you’d have to be reading with 100 threads and not caching any of it

Could it be the contrary that the bandwidth is too slow?

spheard you won’t have all the options for it, prolly

so whats the alternative to accessing shadow or is that the only way to do account management

ok, 4 years of discussions

what options do I need?

nvez 10mbit guaranteed ?

kind of ridiculous for moz

yes

I just want to run e-commerce stuff

spheard there’s different options for shortest path, wildcards, MX SSL.. some more stuff

Because when viewing the server status (mod_status), I see a lot of “waiting” however on different sites.

anyone know I would format that RewriteRule?

So it’s not like there is a specific site being hit

I think I need a shared certificate
well I do
I want to run several online shops on my server, all on different domains

nvez how long are your timeoputs, and do you have live graphs of your network load
spheard one cert per domain, simple

Apache timeout is at 60 and no, however I have iftop installed here.

salut, Lenaud01.

you might want to quickly set up ntop or something, see how the Bandwidth hosting is actually used

I cant get .php pages to display on my server they keep trying to download

doing that atm.

I added AddType application/x-httpd-php .php
and AddType application/x-httpd-php-source .phps

did you restart apache; Lenaud01?

and added inxed.php to directoryindex
yes nvez

nvez is grep TIME_WAIT

i just started ntop, not sure what exactly to do with it.

http://hostname:3000

index.php to directoryindex is what I ment to say

unless your default is different

http://74.52.179.2/

nvez look around in it, it has tons of things to play with

do you have the php web hosting module loaded in httpd.conf?

let me check bryanculver
im not seeing it bryanculver

Ah, there we have your problem
do you see a line like “LoadModule php5_module modules/libphp5.so”

you have php installed correct?

IfModule !mpm_netware_module
that was only one I had
yes I have php installed
php-4.4.7

So you have no other LoadModule lines in your httpd.conf?

let me double check
no others bryanculver

Wow. You should. Hmm… I have no idea then.

messed around but to no avail; nothing that shows anything odd/excessive anywhere.

and the bandwidth isnt totally used by apache ?

most of it is
# lynx –dump http://localhost/whm-server-status/ | grep PTR | wc -l
37

I have just under 50 lines of LoadModule Lenaud01 so that’s why yours is throwing me off

37 simul. connections to the _same_ file.
And a whole load of apache processes “waiting”
for different sites; so it’s not a DDOS.

I’m looking for some info about apache hadoop is there a chan for it?

could you copy your httpd.conf to a text file and send me it? I would like to take a look at what we are dealing with.
Who here can help me with mod_rewrite stuff?

ask?

If you have an apache related question, please go ahead and ask it. We will not beat it out of you. We won’t bite you either, at least until we get to know you better

I have, twice
here:
I need a little help with RewriteRule. I have it working so domain.com/## is the “alias” for domain.com/view.php?id=##. But now I need it to do this: domain.com/##?pkey=(24 char alpha numeric string) is the “alias” for domain.com/view.php?id=##&passkey=(24 char alpha numeric string)

woo

bryanculver, so notice how your existing rewriterule is like ^/(.*) ?

RewriteRule ^([0-9]+)/?$ view.php?id=$1[NC,L] yes

bryanculver, do you know much about regular expressions?

Used to, but after neglect, it’s rusty.

I am not able to sorry bryanculver

if this helps
this is how I did the install

? is a meta-character, you’ll need to escape it.

http://lamphowto.com/lamp.html
for php and apache I did ./configure
and then make && make install

did you put anything after configure Lenaud01?

bryanculver, also, RewriteRule doesn’t see the query string as passed to it, so you’ll need to use a RewriteCond
rewritecond?

rewritecond is http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html#rewritecond

no bryanculver
did ./configure
and it ran a compile
then did make && make install

well if you read in the tutorial, it tells you to add stuff afterward
*after ./configure

when I did that
it said apache version error

try again and give me the exact error message please

why do I need the cond again?

because RewriteRule doesn’t see anything after the ?

ooh

the rewritecond page says that it creates backreferences like %1 %2 …, so it may work

now its running though it ol
one sec
error: Cannot use an external APR-util with the bundled APR

h/o

http://www.phpmac.com/articles.php?view=23 try this place

does Apache 2 come with the SAPI-module?

servertokens shop2.outpost.com

Couldn’t get a useful value for http://shop2.outpost.com

servertokens lericson.se

Apache

you’re said because it’s accessible? :-/
s/said/sad/

I’m sad because my house just burnt down

oh well that sucks

for your inforatiom: frys means freezer in SWEDSH

yes
it’s also a computer store chain

mmhmm
fry’s++

but it is more oftee
I’m drynk
drynk yeah

their website appaears to be having problems

well, yeah… the fry’s website was never anything to write home to about
but they got a crapload of stuff

why would you write home a bout a website

figure of speech

I’m drynk

note also

Im tring to run using php a program using sudo, I have this line in my /etc/sudoers apache ALL = (ALL) NOPASSWD: /sbin/cbq.init,/sbin/tc,/sbin/ip
But it returns me 1 and not 0

Can someone tell me how to rewrite http://screen.mickens.us to http://screen.mickens.us/screenshot.png without the URL changing?

DirectoryIndex screenshot.png index.html

rewrite

rewrite is one of the crustiest bits of code out there, but also the most useful see also mod_rewrite

mod_rewrite

mod_rewrite is http://httpd.apache.org/docs-2.0/mod/mod_rewrite.html or http://httpd.apache.org/docs/mod/mod_rewrite.html or see http://rewrite.drbacchus.com/

hmmm i’m having a problem when trying to set up mod_dav_svn on apache 2.2
afaik i’ve configured everything correctly, and the server starts up without erroring out
but when i try and access the svn repository via web browser, i get a “the connection to the server was reset while the page was loading.” message in browser
im on windows server 2k3 sp1

ok. thanks fajita and toxik

i can’t wrap my head around davlockDB
Forcing reload of web server (apache2)…Syntax error on line 17 of /etc/apache2/sites-enabled/webdav.markscudder.org:
DAVLockDB not allowed here
failed!

davlockdb context

davlockdb context is tomcat server hosting config, virtual host

huh? you mean it’s either or? because it’s in a virtual host config

blocks

what do you mean blocks?

depends on where you put it in

ok well i have a vhost that will be doing webdav, and that’s it, so where would i put it?
apache docs aren’t clear

… not fine

depends on the scope

ok so outside the directory block…

not in another block except the vhost block right?

in the same scope as errorlog, customlog, serversignature?

the only other thing is you might not have all the dav modules loaded…

i do
it reads just fine

i couldn’t tell you. i don’t know where you specified the those things
davlockdb

davlockdb is http://httpd.apache.org/docs/2.0/mod/mod_dav_fs.html#davlockdb

so you have mod_dav_fs loaded?

well it’s debian etch, so i symlinked dav and fav_fs from the modules-available directory to the modules-enabled directory

hi
apache2 is redirect users to /var/www instead of public_html

eh?

user_dir module is not found

elaborate

You make no sense, try to rephrase your question and elaborate on what you want, what you tried, and what didn’t work (paste the error message you see in the error log, usually named error_log or error.log). Also tell us what platform you are on and what version of apache you are
using.

how to set it to redirect to /home/users/public_html

userdir

userdir is http://httpd.apache.org/docs/2.2/howto/public_html.html or http://httpd.apache.org/docs/2.2/mod/mod_userdir.html or See userdir without ~

what distro are you on?

ubunt 7 server

pastebin your vhost
apc

Try using http://apache.pastebin.ca – It’s a good pastebin, and is even set up to highlight Apache ’stuff’. or Alternative PHP Cache and does what php refuses to do: Optimize fajita’s PHP code. http://pecl.php.net/package/APC

I instaled with synapitc

so did you do a2enmod userdir as root?

a2enmod?

a2enmod is a script available on debian and ubuntu systems that enables modules by symlinking files from mods-available to mods-enabled. there’s a2dismod too.

megaspaz http://pastebin.com/d59919969

yess
i saw sites-enable
apache2 folder

it’d be in mods-enabled for the module to be loaded

What causes a 403 forbidden error when I am 100% sure the htdocs directory is correct, and is chmod 777 ?

i don’t see where you put it…

user_dir?

i’m still trying to figure out where to put it!
that’s why i’m here

i suppose right under the docroot would work out

if that’s what’s in there then yes
so now how are you trying to access this userdir site?

localhost/user

I need a lil help.. when i ot to http://localhost it just loads but nothing happens

apache is working

3 2007] [crit] (22)Invalid argument: unable to replace stderr with
3 2007] [crit] (2)No such file or directory: unable to replace stderr with
what does that mean?

but it’s not redirectin to public-html
how to do it without user_dir

it’s localhost/~user
userdir

neither it

userdir is http://httpd.apache.org/docs/2.2/howto/public_html.html or http://httpd.apache.org/docs/2.2/mod/mod_userdir.html or See userdir without ~

userdir without ~

http://rewrite.drbacchus.com/rewritewiki/UserDir

(13)Permission denied: access to / denied

(13)

(13) indicates a file permissions problem. Make sure that Apache can read the file(s) and directories being accessed. See also http://wiki.apache.org/httpd//13PermissionDenied

403 Forbidden

(22)

Invalid command ‘UserDir’, perhaps misspelled or defined by a module not include

fajita, (22)?

no idea

what os CapaH

FreeBSD

FreeBSD is hot

(2)

so again. are you sure you seen conf files for userdir in mods-enabled?

Now when it says Access to / — is it meaning “whatever the root directory is set to” — or is it literally trying to access “/” ?

try accessing a file that is in /

hmm

i.e. is / a synonym for: /usr/www/htdocs —- or is it really meaning that it is trying to access “/” ?

dunno
depends on how you set things up

I’m not sure because I saw in a forum to make ln -s /etc/apache2/mods-available/userdir.conf userdir.conf and I did

I copied the exact same configurations from another identical server

if you’re using relative paths, it would be relative to your serverroot
if you’re using full fs paths, it’d be referring to a fs path

Hmm

but right now, there is a userdir.conf in mods-avaliable

and the actual / root dir

one second

ok it needs to be loaded
as i told you before, a2enmod userdir

DocumentRoot /usr/web/website/pub

that will put the symlink to that file in mods-enabled

I need a lil help.. when i ot to http://localhost it just loads but nothing happens

I did

without further info, check firewall has port 80 open
what’s in mods-enabled

i disabled firewall

userdir is there now

ok restart apache

apachectl restart

and its working

whoopie!

god dami.. I spent four hours here and you solve my problem in 10 minutes

could’ve installed in less time… .

thank you

still nothing happens
i tried different browsers

what do you mean by nothing happens? do you get a timeout error?

same resul
no

but

did you check your error log?

I got character error

mebbe apache failed to start

“waiting for 127.0.0.1

did you check your error log?

it says started

where are ç or ã

um… i can’t see that

instead of ã é

i don’t have fancy utf-8 on my term

i dunno if anything is wrong on the error log

and its not following .htm, .html

i have no idea what a character error is…
so check
there might be something in the error log

is an a with accent

should the davlockdb be a file or a directory?

latin characters you know

good question
Davlockdb

Davlockdb is http://httpd.apache.org/docs/2.0/mod/mod_dav_fs.html#davlockdb

DocumentRoot /usr/web/website/pub — This directory is chmod 777 — get I still get “Permission denied to /” — ideas?

yep that’s the page i was looking at.

i want to say file

i guess it says ‘file-path’ let me try that

since it says file-path in the syntax

http://h1.ripway.com/dave10/errorlog.txt
thats what in error log

why its not following index.htm files

it’s windows
it could be a enablesendfile issue

hmm

could be a misconfigured network

how can i fix it?

i mean you could try
enablesendfile off
in your config

in your config is a string “listen”

hush

what config?

config is http://httpd.apache.org/docs/2.2/configuring.html#syntax

your httpd.conf

your httpd.conf is not empty

hush

ok lemme check

so edit your httpd.conf file. right under the last loadmodule line, put in: EnableSendfile Off
restart apache and see what happens

guys

I guess you want the rest of us to ignore you then, AnarkiNet

if it isn’t that, then it’s some network issue

works now, it’s a file, and it needs to be pre-created and chown’ed to www-data:www-data, or i guess add enough permissions to the folder so it can create it
thanks for the help

good deal

hmm still not working

what was your question?

im having trouble with mod_dav_svn

try doing http://127.0.0.1

“the connection was reset”

if i try and access a svn repository over http

have you set the LogLevel to debug?
loglevel

loglevel is http://httpd.apache.org/docs/2.2/mod/core.html#loglevel or http://httpd.apache.org/docs/mod/core.html#loglevel

same result

loglevel debug

Use loglevel debug to increase the logging level of Apache. This will typically generate very large log files, and should only be used for short periods. Using this should also help you diagnose one’s problems.

if not, do it and lets have a look at the error log after a failed attempt

not a clue then. i still think you might not have turned off your firewall… or mebbe it’s a cheap router thing…

hmm
u mean my router wont let me access localhost?

iv’e got a guy just this minute httracking my website (wget’ing or mirroring, what have you), is there something quick i can stick in the vhost config for this site to reject requests from a particular useragent?

possibly… don’t know though

i see
well thansk anyway
thanks*

iptables -A INPUT -s hisiphere -j DROP

he’s using windows

HAH

ill try later on my linux

that’s why i had to tell him i don’t know…

lol

arreyder, http://pastebin.ca/653110

g2g bye all thanks for help

is there an easy way to reject requests based on useragent?

yeah

how

you can use the same principles as image theft
stealing images

stealing images is http://www.serverwatch.com/tutorials/article.php/1132731 or http://httpd.apache.org/docs/misc/FAQ.html#image-theft http://rewrite.drbacchus.com/rewritewiki/ImageTheft http://wiki.apache.org/httpd/Recipes/DisableImageHotLinking

so the last thing in that paste is a crash?

these seem to deal with referrer, not useragent

either use a rewrite or setenv to get the useragent

What is the easiest way to confirm what CONFIG file httpd is using?

leaves the server dead, not just a thread?

I think it may be using the wrong one

yeah, but you can get the useragent the same way

arreyder, no i shut the server down
the server turns on okay
its just that i cant access the repository

hey, i’m trying to use NameVirtualHosts is there any way to get them to only listen on certain buy dedicated ip addressES like, more than one.. but not a 3rd?

I was hoping the last thing in the log would be the failed request. This makes it kinda hard to find it.

i get a “connection was reset” error in whatever browser i try

so the env var, instead of REFERRER, is USER-AGENT?

is this SSL?

something like that

arreyder no

i can’t find it anywhere

look at rewritecond
rewritecond

rewritecond is http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html#rewritecond

all the env vars i think are the same

so you can use them…
or it might be sentenvif useragent ^blahfooblah
not sure really
but yeah, the docs could be better

do requests to all vhosts fail or just the ones handled by svn?

arreyder this is my vhosts.conf: http://pastebin.ca/653114
arreyder, everything to that vhost is handled by svn (or supposed to)
other requests work

ok, good info.

like if i access as “localhost” or by the LAN ip

so the log you pasted was from : ErrorLog logs/svn.serenityproject.net-error_log.log ?

How can I be sure that the httpd.conf file I am editing is the one Apache is actually using?

http://httpd.apache.org/docs/2.2/mod/mod_setenvif.html#setenvif
Host, User-Agent, Referer, and Accept-Language

if not, I’d like to see that log please.

arreyder, no it was from error.log
svn.serenityproject.net-error_log.log is blank (0KB)

ok
lets get an error caught then, and pasted where it’s the last thing in the log please. I was not able to find much in what you have already shown.

the error is in the browser
open http://svn.serenityproject.net/ in any browser and you should get a “the connection was reset while the page was loading” message
or similar
apache is killing the connection before its responded to, or something
but it’s not logging it down, even with LogLevel debug

with log level debug though, I’ll see what’s happeing and what’s handling the request
it’s not just for errors when in debug mode
I want to see the request being handed off from module to module, etc…

so, i’m trying to set up this deny, and i’m no good with regex, i have ^HTTrack*$ and that’s not working

arreyder, uh
the log i pasted the first time

thanks

that *WAS* debug log

but if you’re doing that, get rid of *$
“^HTTrack” will work just as well
since it’s a regex

ok so, ^HTTrack.*

here’s how this works, you want my help, you do what I ask

“^HTTrack” will work just as well

still doesn’t work

Look buddy, doesn’t work is a strong statement. Does it sit on the couch all day? Does it want more money? Is it on IRC all the time? Be specific! Examples of what doesn’t work (or the URL) tend to help too, or pastebin the config if that’s the problem

wow that bot of yours is a prick.

arreyder, access.log is blank as well
if thats what you’re after

As I said, I want the last thing in the log to be the request that fails. Dont stop the server, just send me the log.
no, just error_log

Try… SetEnvIfNoCase User-Agent “^HTTrack” userenv=1

the requests have slowed not
hang on

and then in your dir block that you want to deny, use Deny from userenv

huh ok
let’s see…

http://pastebin.ca/653121

thanks

there you go arreyder

nope, still coming…

http://apache.pastebin.ca/653122

it’s order allow, deny; then allow from all, deny from usernev

well if you spelt your env. var right
if you meant userenv, then no…

so it never sees the request, according to this at least.

iv’e got what you’ve got

apparently
hence the whole reason for me asking

reqs might have stopped

if there were anything i could work with in the logs i’d have it fixed already

check your error log

okay, i guess “allow” is different than “Allow”

what browser or client are you using?

shouldn’t be… :-/

i’m watching my logs, nothing in error.log

tried both firefox 2.0 and IE7

looks like the requests stopped.

and trying to checkout via TortoiseSVN fails as well

try adding to that regex… like something your browser uses
“^(HTTrack|Opera)”

i think we’re good at this point… no requests from this jerk since the last restart

at the same time though the server will serve other requests on port 80 for other vhosts?

for example

arreyder, yes

and you try to access something from your browser
like if you were using opera and had opera set to use it’s opera useragent string

yep, works for me in firefox

so you get denied, right?

oh i didn’t put that in yet, but the httrack requests have stopped cold, so i think we’re good

whats one that works? vhost?

just because he stopped, doesn’t mean it’s working

ok then i will try

if you don’t see 403’s in the error log you won’t know

arreyder, accessing via IP or as “localhost”

but none by name?

viewsvn vhost should work too but i dont have that set up as a subdomain

basically find out the useragent string of some browser and put that in the regex like in the example i did above. and then try to access the resource with that browser

so none by name can be shown to actually work?

strangely when i put “Mozilla” in there it sends me over to some page that says “It Works!”

not yet

some default thing that i get when i misconfigure something

im adding a subdomain right now, dns should propogate in 1-5 minutes

ok so it’s working… i’m guessing your distro has some funky redirect going for errors

lets see what httpd.exe -s yields please

or you’ve misconfigured the vhost

yeah or i borked something… anyway it works… thanks!

http://viewsvn.serenityproject.net/
that works

doesnt from here.

thanks for all the great help tonight megaspaz

im running on windows btw

mmhmm

I know, hence the .exe

http://pastebin.ca/653128
im starting to think this is an apache or mod_dav_svn bug

I’m not convinced of that yet.

ok
hmm

to Location /repo

then accessing “svn.serenityproject.net/” works, but not if i request /repo
*then* it fails with the same problem as before

ok, good test.
I was just reading up on some bugs, trying to find some clues
access_log and error_log and the vhost logs still empty?

yea

toss a LogLevel Debug right in that vhost please.
and see if we can get any freaking feedback
if that gets us nothing, start apache from command line with the -F for “run main process in foreground” and see if you get anything in the cmd.exe window when the connection fails
assuming that’s the same switch On windows, I dont really know.

[notice] Parent: child process exited with status 3221225477 — Restarting.
the child process restarts while trying to respond to the request
hence the connection to the server being reset while the page is loading message

yeah, not a lot of info there though
did you try the -F to see if we get anything on stdout during the failure?

grr

does it matter what current directory i start it from
?

I’ve loaded the module of mod_status
and done http://apache.pastebin.ca/653141
yet no worky

nah, most you should have to do is -f pathtohttpd.conf in addition to the -F

Is apache stupid or something I run beta versions of lighttpd and other httpd’s, I run other things mysql, php, etc fine yet every thing I’ve tried to do to apache doesn’t work, even on servers I dont own

what does -f do?

I get You don’t have permission to access /server-status on this server. btw.
-f loads the conf..

it says both -F and -f are not valid

megaspaz makes a good point, enablesendfile is a known windows problem. we should kill it just to make sure it’s not adding to the issue
enablesendfile

a way to disable sendfile() for when you serve off a NFS/SMB share. More info at http://httpd.apache.org/docs/2.0/mod/core.html#enablesendfile. Works badly with some peoples windows systems: when in doubt, disable it.
Broken with IPv6 on Linux in most configurations.

and what does the error log say?
i’m betting you used a default config that only allows access on the localhost

but im not using php

give it the –help and see what the switches are, I dont use windows so I’m not sure
it effects more than php.

is it just me, or does the vhost log example in the apache docs not log the requesting IP? (apologies for such a simple question)

running apache in foreground doesnt show anything

well the sendfile thing is all I have left then, sorry.
I just dont know anough about windows and what tools are available to debug it further.

um… which particular page?

its already set to ff
off*
should i turn it on?

nah

Is it possible that Apache just doesn’t like me?

yes
i don’t like you

likely to just burn you later

to be fair, i don’t like anyone
what page in particular are you referring to?

but but but you told me you loved me?!

just so you’d cook for me

in either the 1.3, 2.0, or 2.2 docs…. http://httpd.apache.org/docs/2.2/logs.html#virtualhost
in either the 1.3, 2.0, or 2.2 docs…. a href=”http://httpd.apache.org/docs/2.2/logs.html#virtualhost”http://httpd.apache.org/docs/2.2/logs.html#virtualhost/a

I didn’t put anythign else this guide didnt say to

12.9% us, 2.2% sy, 0.0% ni, 59.3% id, 25.6% wa, 0.0% hi, 0.0% si” — Crapload of IOWAIT; it’s from Apache for sure; but .. what website, that’s another story; mod_status doesn’t show much either
No excessive “Req” or “SS” or CPU time noted.

(for example)

all your content on the same partition?

arreyder could the problem be that i’m using apache 2.2 (from xampp) instead of 2.0?

looks like it doesn’t
just add it in

megaspaz, I read http://www.onlamp.com/pub/a/apache/2000/04/21/wrangler.html

and you’re using apache1.3?

I really dont know, 2.2 should be the better choice, but your modules need to match the version

well this is xampp

okay-was curious more than anything… especially considering %l is listed as “unreliable information”… just a thought

im *assuiming* they wouldnt bundle crap that wasnt compatible but i dunno

%h is the remote host

seems a fair assumption.

paste your config. and actually try out an allow from all as well
see if allow from all let’s you in

*nod* thanks

Late answer, but yes.
However; I think a RAID10 SATA drive array can do the job.

I cant paste the config its very long and has stuff I’d have to comment it out.

logging to the same partition as well?
soft raid?

I loaded the module since my friend already compiled it into apache.

um… so how are you trying to access it? and from which machine?
basically, are you trying to access it from a machine that resolves to domain.com?
and did you try to set the allow from in the server-status location block to allow from all?

yeah

what file system and what mount options on it?

wait
I set it up as in the paste bin
http://apache.pastebin.ca/653141

so the machine you’re using to access this server-status page is a .xxx.com machine?
basically i’m trying to rule this situation out…
for example…

yes

you set up server status on your home machine for it’s fqdn blah.com… you’re trying to access server-status from your work machine… that woudln’t work
unless you did an allow from all…

ahh ic

or an allow from the ip/fqdn of the machine doing the requesting…

can I remove deny?

well not really
because you’re only allow for a specific domain
you need to change the allow from to be less restrictive
now what you can do is password protect that location
and do an allow from all
or you can add your machine your requesting from in the allow from list

i dont want it password protected
I just want to type in

then do an allow from all
*shrugs*

kk
What do i put for deny?

you can delete it now

I did and it said
something bout order
I removed deny from order too, just remove order?

since you’re going to do an allow from all and your order, iirc, allow last
oh no
you don’t delete it from order
you delete the deny from all line
keep your order line the same
it was order deny,allow right?
leave that

yeah
Then it was
deny all

delete deny from all
and change allow from xxx.com to allow from all
it’s actually not good to not protect this page though
it gives lots of clues to attackers

I’m not gonna use this setup for long my friend is the apache user but i wanted to see how much request sec we are pushing these days

oh… shoot
just use apachebench then
apachebench

apachebench is http://httpd.apache.org/docs/2.2/programs/ab.html or better known as ‘ab’ or comes with apache or not very good to test with according to chipig.

should come with most apache packages
depends on the packager though
command line tool thing though

some call it ab2

I use apachebench to show how much reqs i can handle…it shows how many the server is pushing at the moment?

well it’s on a vhost basis since you have to supply it with a url

server status will give you all the vhosts though, if you turn on extendedstatus

but otherwise its just per this site?

yah
just put in the global scope of the conf, ExtendedServerStatus On
extendedserverstatus

i’m not following you…

13 per this site thats alot more then last month the global ammount was 17 or so

extendedstatus

extendedstatus is http://httpd.apache.org/docs-2.0/mod/mod_status.html#extendedstatus or http://httpd.apache.org/docs/mod/mod_status.html#extendedstatus

extendedstatus context

Server config

that should about cover you

i have mount a dvd install iso over loop0 and want to share it to do an install

ah thanks

nothing i do seems to work. apache always permission denies

permission denied

When it says “permission denied” in the browser, there will always be a related entry in the error log. Look there. For more information, look at http://wiki.apache.org/httpd/13PermissionDenied

the mount is /mnt/centis-dvd.iso

^^
error log

Look for the ErrorLog directive in your configuration file. Common locations include /var/log/apache/error_log, /var/log/httpd/error_log, /usr/local/apache/logs/error_log, and “C:/Program Files/Apache Software Foundation/Apache/[version]/logs/error.log”

must… have… error… log…
niq fact

Nick Kew doesn’t read. He just looks at a book and it dictates the contents to him.

chuck norris fact

Chuck Norris doesn’t throw up if he drinks too much. Chuck Norris throws down!
Chuck Norris doesn’t throw up if he drinks too much. Chuck Norris throws down!

/var/www/html/mnt” already
i added “Alias /centos5.0 “/mnt/centos-dvd.iso”

and extra ” ” recovery.

and you’re accessing http://blah.com/centos5.0?
but file does not exist is not a permission denied

yes

so that’s the wrong error line

niq fact

Nick Kew’s programs don’t have bugs. He beard-whips bugs dead and buries them in his beard.

niq fact

Einstein didn’t die. That was just one of the identities used by Nick Kew because Nick Kew is immortal.

niq fact

Nick Kew doesn’t need banks. He puts his money in his beard and out of fear, the money accrues interest.

bah, the good ones not wanting to come out.
niq fact

The source code for Nick Kew’s mod_proxy_html module only says, “if (false == HTML.correct(url)) {BEARD_WHIP;}”. Needless to say, the URL fixes itself.

http://apache.pastebin.ca/653165

my guess it’s your mount umask
*shrugs*

http://ishikawa-rs.blogspot.com/2007/07/pxecentos.html

i’ve never heard of this guy. and i can’t read that, so i don’t believe you when you say it’s correct
*shrugs*
summon arreyder

ARREYDER ARREYDER ARREYDER ARREYDER ARREYDER ARREYDER ARREYDER COME TO ME!!!!!!

whut?! huh?! whoa
loooking
selinux

selinux is The New Universal Scapegoat! http://www.nsa.gov/selinux/ httpd FAQ: http://fedora.redhat.com/docs/selinux-apache-fc3/ TIP: Use ’setenforce 0′ to set permissive and test, man the
following: chcon, getsebool, setsebool, fixfiles – Use `ls -alZ` to see context; More: http://fedoraproject.org/wiki/SELinux

is my guess!
ooh this is ISO mounted -o loop?
lemmie seeee
what parms on mount point please?

mount /isos/CentOS-5.0-i386-bin-DVD.iso /mnt/cent-dvd.iso -o loop=/dev/loop0
/isos/CentOS-5.0-i386-bin-DVD.iso on /mnt/centos-dvd.iso type iso9660 (ro,loop=/dev/loop0)

/mnt/cent-dvd.iso is a directory? what are parms on it?
perms

perms is -the easiest things to set up for apache…

umount /mnt/centos-dvd.iso
ls -ld /mnt/centos-dvd.iso =
5

how about /mnt ?

/mnt is not magic

Directory /mnt/centos-dvd.iso
Options MultiViews Indexes FollowSymLinks
Order deny,allow
Deny from all
Allow from 10.98.35.0/24 127.0.0.1
/Directory

Order deny,allow is The Deny directives are evaluated before the Allow directives. Access is allowed by default. Any client which does not match a Deny directive or does match an Allow directive will be allowed access to the server
Deny from all is Denies access to the resource. See also Order, Allow, and Satisfy.

6 2007] [error] [client 10.98.35.153] File does not exist:
9 2007] [error] [client 10.98.35.153] File does not exist:
5 2007] [error] [client 10.98.35.153] (13)Permission denied: access to /centos5.0/
sorry

You will be!!

mouse droppings

tis ok, not really busy tonight

http://apache.pastebin.ca/653174

ls -al /mnt
pls

nope.
was it mounted when you started apache?

selinux

I tried that…

did he do it?

twas my first guess
dunno

Well you’re just ignorant!

yes

lets see more of config please?

“ls -Z” shows nothing

something superceding the Alias me thinks.

sections are run through once before aliases are performed, so they will apply.)

…….
hmmmmmm
loooks like you tried to do that

http://apache.pastebin.ca/653177

ditch the quotes ?
for lack of other ideas yet

ditch quotes?
#

in the alias statements I never use em, should matter but who theheck knows..

Alias /centos5.0 /mnt/centos-dvd.iso

looking at paste
yeah
shouldnt I mean

what’s the problem?

the problem is that the environment apache is running in doesn’t have the krb config

http://apache.pastebin.ca/653174

You don’t have permission to access /centos5.0/ on this server.

rici ^^

forget the problem

I forgot problem

krb?

krb is #very low overhead; dunno about AFS.

what url generated that error?

You don’t have permission to access /centos5.0/ on this server.

oh sure ask the obvious question we forgot…
to.

also a “pkill in.tftpd
service dhcpd start
service xinetd start
service httpd restart” between them

eeek

To earn a living upon which not even a mouse could survive

also “Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.”

that’s sadly normal
but unrelated
are you still getting the odd file not found errors in the log, or just a permissions error?

did it twice in a row to see if there were more than one error:
8 2007] [error] [client 127.0.0.1] (13)Permission denied: access to /centos5.0/
9 2007] [error] [client 127.0.0.1] (13)Permission denied: access to /centos5.0/

ok, so it’s a permssions error

“/mnt/centos-4-dvd.iso” is a directory that is a mount point for the actual cd image, right? just catching rici up

let me go read that 13 perm web site

what are the perms on /mnt and on /mnt/centos5.0
i guess that, yeah

he never answred me on /mnt
unless I missed it

you missed it

what was it?
sorry, i joined late.

it never made it to my screen
er damned tcp not gonna let me use that excuse.

Mouse has out-of-cheese-error

the mount-point perms look fine, unless selinux is getting in the way.

please resend permssions on /mnt

i suppose you’ve gone through selinux already

yeah
first guess

first guess is httpd_config.h

http://apache.pastebin.ca/653186

darn, looks fine.

that looks fine, too.

forget first guess

I forgot first guess

wow, it was selinnux!!!!!

hey?! grrr
you said you tried that….

shoot, now how is that fixable

even asked a second time…

no i didn’t say i tried it

selinux–
selinux?

ummmmm, communication break down

i didn’t bother for the obvious reason

first thing I suggested was selinux

I tried that…

did he do it?

twas my first guess
dunno

Well you’re just ignorant!

yes

….
grrrr

yes to something else

away with ye!

oh yeah, that was so obvious it was to something else

NEXT!

You’re done. Who’s next?

DO NOT set files or directories to mode 777, even “just to test”, even if “it’s just a test server”. The purpose of a test server is to get things right in a safe environment, not to get away with doing it wrong.
uDO NOT set files or directories to mode 777, even “just to test”, even if “it’s just a test server”. The purpose of a test server is to get things right in a safe environment, not to get away with doing it wrong./u
setenforce 0 can be used to test

wtf?

that’s the quick way to turn off selinux
which is in FAJITA’S REPLY
selinux

^^
which is what we pasted like a hundred billion times for you

there really should be an option to namei that gets it to run once as you and once as though it were apache
i don’t think i know enough about selinux to write that.

create an apache user with a home dir
i suppose
that’s just bad on a lot counts though…

there ought to be another way

but it would allow you to su… *shrugs*

it ought to be possible without su’ing

the only way currently i can think of is to extend namei to allow user switching… but it’d have to be run as root in that particular case…
like how apache does it… spawn the actual process as the user apache runs as…
*shrugs*

mount -o fscontext=system_u:object_r:httpd_sys_content_t /isos/CentOS-5.0-i386-bin-DVD.iso /mnt/centos-dvd.iso -o loop=/dev/loop0

la la la la la la la la la… /me not listening…

if i’m reading this right, you can associate the httpd_t context to a copy of namei
or you could use the selinux system calls which i haven’t found docs for yet to set that context
if permitted
looks doable
a red hat certified engineer should be able to do it

heh
damaestro just left

Any ideas folks? http://apache.pastebin.ca/653201

he’s a smart cookie…
looks pretty?
what is it that’s not happening?

There is a question there on top, just above the code.

can someone with the perms update http://wiki.apache.org/httpd/13PermissionDenied to remove the “setenforce 0″ nosense advice and add “mount -o fscontext=system_u:object_r:httpd_sys_content_t /isos/CentOS-5.0-i386-bin-DVD.iso
/mnt/centos-dvd.iso -o loop=/dev/loop0″ and “chcon -R -h -t httpd_sys_content_t /path/to/webcontent/not/under/var_www_html”

ah
description

description is there

s/permission/permissions/

namei -m /home/user/public_html
run it

description is where?

not talking to you

http://apache.pastebin.ca/653205

yeah
the path permissions are deficient
chmod 711 /home/me

that ought to be a faq, since so many systems now ship with those perms

permissions

Files need to be readable by the Apache user (e.g. 644). Directories and scripts need the X bit too (e.g. 755). That includes *all* parent directories of a resource. If you have a symlink, check both the source and target. If you have AllowOverride for an unreadable directory, the error
message will refer to .htaccess. See also selinux

specifically about userdir, i mean

*shrugs*
it’s not like userdir is really special in the realm of file permissions
follows the same rules as everything else…

It’s not, I just didn’t think of the whole path.
Just don’t get stressed out about it
That did it – thank you very mucH!

userdir?

userdir is http://httpd.apache.org/docs/2.2/howto/public_html.html or http://httpd.apache.org/docs/2.2/mod/mod_userdir.html or See userdir without ~

userdir perms?

to fix this.

userdir perms?
hmph

to fix this.

userdir perms?

looks like there’s something that needs backwhacking…
try If it’s

to fix this.

userdir perms?

address fajita

fajita?

yes, rici?

to fix this.

hrm…

is there some literal format?

userdir perms is replyTry ls -ld /home/[user]. If you see drwx—— then apache will not be able to server user files. Use chmod 711 /home/[user] to fix this.
dunno

Neither do I

you needs to be quoted now that i look at it
fajita, summon your master

YOUR MASTER YOUR MASTER YOUR MASTER YOUR MASTER YOUR MASTER YOUR MASTER YOUR MASTER COME TO ME!!!!!!

but what needs quotes?
oh
i think it’s the /’s
well actually no i don’t…
think so… that is…
userdir perms is replyTry ls -ld \/home\/[user]. If you see drwx—— then apache will not be able to serve user files. Use chmod 711 \/home\/[user] to fix this.
bleh
*shrugs*

oh, well. we tried

megaspaz, happen to know what this means? “[crit] (22)Invalid argument: unable to replace stderr with error_log”

that’s on startup, right?

running a cgi?

no
trying to do svn over http
been trying to get this piece of shit working for 5 hours

is that in an apache log?

yes
every time i try to do anything, apache forcibly closes the connection
every time it forcibly closes the connection, that shows up

ah
sec.
you using 2.2.4?

yes
and i have the 2.2.x svn binaries

ah, the call must be from svn

and nothing is wrong with my config
so this is a svn bug?

that error message is from ap_replace_stderr_log() but it’s not called from any standard apache module
i can’t quite see why the svn mod would call it either

it’s stupid?
i dunno
i’ve been trying to solve this for 5 hours

What could be the reason for a lot of Apache processes at “Waiting” status?
“WWWW_WW_WWW___WWWW___WWWWWWW_WR_.W.W” in mod_scoreboard/mod_status

well, it’s trying to open your error log for writing at that point. it can’t do that, i presume, because it is not running as root
but i don’t know why it would even try to do that.

funny cause im running windows

you’d normally only do that at startup

and i’m running as Administrator

you’re running apache as administrator?

hmm.

yes
btw

Let’s make it sound more shocking; are you running Apache as root, AnarkiNet?!

[notice] Parent: child process exited with status 3221225477 — Restarting.
nvez, yeah
thats actually the way apache is supposed to run

Ehh.
Apache is supposed to run on a seperate user.
Which shell is set to a nologin shell for security.
Running Apache as root is like asking for a bomb to explode.

uh yeah whatever
i dont care about linux

Oh, Windows, my bad then, I have no idea.

i’m running windows server 2003

does that child process exited message come just before the cannot replace message?

rici yes

Back to my troubles; anyone would know what is the definition of a lot of waiting processes in Apache?

ah, ok, so it’s trying to reinitialize a child process.

so maybe it is “on startup” because the process is restarting?

right
so the question is, why can’t it open the error log file?

no no

i’d work on that

the question is
why is it exiting in the middle of responding to a request?

well, it told you that. status 3221225477

i know and i googled that
people are getting that error with php and apache 2.0.59 as well
see the ironic thing is that the repository i’m trying to get set up is for my own web apache geronimo server hosting software which is a direct competitor to apache
and will eventually strangle both apache and IIS
and gain market dominance

yes, that would be ironic
naturally, you’ll be putting #apache in the credits

i already outperform apache by a large margin

the install seems to be going now so thank you all

but i dont have WebDAV support integrated yet
bleh i probably could have coded webdav support in the 5 hours its taken me to try and figure this apache problem out

i vaguely remember that error message from a couple of years ago
i’d try googling for c0000005 if i were you
that’s what it is in hex, which i believe is the way it’s often reported
try the msdn

is there a way to determine what “vars” server used to build apache , specifically –enable-so

httpd -M

httpd -M lists both statically and dynamically loaded modules for apache version 2.2 and higher

config.nice

config.nice is ~a file with all the arguments that you passed to ./configure when building Apache. or installed to ${prefix}/build/config.nice

fajita moo

huh?

moo bitch!

httpd -M = illegal option
there isnt an -M option I can see in the list..

heh

Hello.

you didn’t read them factoids, did you”?
la la la la la la la /me not listening anymore

folks, I am afraid i bring you terrible news (for me). News of a terrible catastrophe (for me).
any help and rescue would be greatly appreciated (by me)
you know when you run “whereis apache2″ and you get a list of all the dirs it occurs in ?
well I deleted them
now no install (apt-get ) of apache2 or apache2-common replaces the missing /usr/lib/apache/modules
all my installs and uninstalls and purges of apache2 , don’t solve the problem
what do i do ?

go to #debian
or #ubuntu

#ubuntu is thataway -

how do you know i’m talking about ubuntu or debian ?

you said apache2 and apt-ge

yes
ok
thanks
sniff

this is a debian/ubuntu apt-get packaging issue. ain’t an apache issue. this channel’s pretty distro packaging agnostic. we don’t really deal much with particular distro’s apache layout or packaging tools or package managers
of course a debian/ubuntu user might be on this channel and could attempt to help you out…
but you’d probably get quicker answers in #your-distro

yes thank you

You have enabled Apache 2 support while your server is Apache 1.3. Any ideas anyone please ?

–with-apxs2 instead of –with-apxs
or you have multiple versions of apache installed with an apxs system found in the path that apache used when you compiled apache….

join #debian

dpkg -x libapache2-mod-* / && dpkg -i libapache2-mod-*
no such packages
dpkg -x apache2-common.deb no such package

Permalink

Security code (Required)*
To prove that you're not a bot, enter this code
Anti-Spam Image

Comments are closed.

I am having load troubles with my server at the moment and I think I have found one of the reasons a truckload

Categories

Meta

Blog Archives

Search