Ian Winter » apache

Log response headers in apache

Ian — Thu, 18 Nov 2010 13:44:10 +0000

I’ve been working on tweaking some apache logging on a few servers and one of the things I needed to log was a response header. The response header in question is an identifier with information about where the request was served from.

A quick look through the apache log docs doesn’t give any clue on how to do this. I details request header logging but not response. A google search also didn’t really come up with anything that useful until I stumbled on an article over on the apache week site.

A quick modification of the httpd.conf to duplicate the “common” log entry left me with this:

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{HEADER_NAME}o\"" common2

The key element is the “o”, if you have %{HEADER_NAME}i you’ll get the request header, if you have %{HEADER_NAME}o you’ll get the response header.

This results in the following entry in the log file:

127.0.0.1 - - [18/Nov/2010:13:37:39 +0000] "GET / HTTP/1.1" 200 31006 "HEADER_VALUE"

Disable SSLv2

Ian — Tue, 16 Nov 2010 13:45:10 +0000

If you’re running a site with SSL you really need to turn SSLv2 off. The file you’ll want to edit is /etc/httpd/conf.d/ssl.conf – it might be in a different location, but, shouldn’t be hard to find. The two lines you want to make sure you have are:

SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

You can also test this once you’ve made the changes:

openssl s_client –ssl2 –connect virtualhost:443
openssl s_client –ssl3 –connect virtualhost:443

Misleading PHP Error

Ian — Sun, 05 Sep 2010 19:53:33 +0000

Having done some upgrades to my server (PHP, apache) I noticed I was getting some odd errors in the apache log and one of my PHP based sites wasn’t loading. The error in the log was:

[Sun Sep 05 20:23:40 2010] [error] [client X.X.X.X] Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.

Now having done some digging everything suggested the rewrite rule was wrong, or, behaving differently after the upgrade but it turned out that the problem was in fact PHP short_open_tag related.

My php.ini had short_open_tag = Off (which it should, but the site in question was a quick one). Changing that to On and giving apache a restart made the problem go away. When I get a chance I will make the

For more on short_open_tag check the manual.

MSIE SSL Oddness

Ian — Fri, 16 Oct 2009 14:09:41 +0000

Internet Explorer strikes again, sometimes. In Chrome, Firefox and Safari the problem doesn’t present. On a couple of webservers in a cluster we recently noticed the following type of error being returned randomly on images, CSS and JavaScript files when calling the page via SSL.

GET ERROR_INTERNET_SECURITY_CHANNEL_ERROR image/gif https://www.domain.com/path/to/image.gif

Now the majority of our SSL certificates for the site in question are server out via a SSL accelerator on our Cisco LBAL’s but this site wasn’t. It was still using a cert on the local box. Having dug deeper I noticed that a couple of the servers had the following lines of code in whereas all the others didn’t. Due to the load balancing that solves the randomness side of it.

AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) SSLSessionCacheTimeout 300 SSLMutex default SSLRandomSeed startup file:/dev/urandom 256 SSLRandomSeed connect builtin SSLCryptoDevice builtin

Something in those lines of code causes the issues, I’m stabbing in the dark that it’s the session cache as none of the others would seem to be causing the problem. I’ve not tried line by line to find the offender.

Hopefully that will help someone out as I found lots of results in Google but not many solutions!

Railo, Resin, Caucho and me

Ian — Fri, 12 Jun 2009 22:06:40 +0000

I’ve finally got resin, railo and caucho playing together in a nice, no longer ripping each other’s hair, out kind of way. I have to say my biggest comment (and probably one of the more tricky things to do) is that for Railo to become a big player in trying to take away Adobe’s CF user base installers are going to be essential. That said railo does seem quicker on processing CFML (need to do more tests to verify that).

I’ve got apache 2.2.3 running on CentOS 5.3. I have railo 3.1.0.015 (not updated to 016 yet) and caucho.

My resin.conf has this addition (multiple times for the different domains):

www.domain.co.uk domain.co.uk

The apache virtual hosts are just normal vhosts. No extras.

My caucho.conf (in /etc/httpd/conf.d) looks like this:

LoadModule caucho_module /usr/lib64/httpd/modules/mod_caucho.so ResinConfigServer localhost 6800 CauchoConfigCacheDirectory /tmp CauchoStatus yes SetHandler caucho-status

Hopefully that might help someone out. I’m going to try and do a from scratch CentOS build guide for The Rackspace Cloud sometime next week. I’ve started migrating some sites over to the cloud server and so far not hit any issues.

Rails Setup

Ian — Mon, 23 Mar 2009 21:39:20 +0000

Been playing with Rails 2.3.2.1 and Passenger 2.1.2 but had some problems upgrading from the two respective earlier versions. The key was in the fact I probably didn’t RTFM. Following the guides.rubyonrails.org I’d got as far as section 4, changing the default index but whenever I did this or tried to view the controller directly on my Mac (10.5.6) it just 500 errored. The key was something that a friend (@neilmiddleton) alluded to was that the app was running in production mode. There was no errors in the log files also aiding the diagnosis.

Solution? Pretty simple, just add an environment variable.

ServerName rortest.local DocumentRoot "/Users/ian/Sites/rortest/public" RailsEnv development

Now I’ve got to try and write something useful rather than hello world or a blog post/view page.

mod_gzip is your friend

Ian — Thu, 25 Jan 2007 13:15:00 +0000

To save bandwidth on one off the servers I look after I decided to implement mod_gzip.

The server in questions is running RedHat ES3, apache 1.3.37, Coldfusion 7.0.2 and has the cPanel/WHM control panel.

First off was to get mod_gzip compiled, now this can be done manually, download a pre compiled one or in my case just go into WHM and rebuild apache with the mod_gzip box checked. The version it puts in is 1.3.26.1a.

As I’d already got Coldfusion running on this webserver the resulting httpd.conf file it creates became invalid so I had to move a few things about. To cut to the chase the order in which modules load is crucial with Coldfusion due to the was the mod_gzip and mod_jrun modules work intercepting requests. The following is my httpd.conf (abbriviated) with the relevant sections.

LoadModule ... --snip-- LoadModule jrun_module /usr/local/coldfusionmx7/runtime/lib/wsconfig/1/mod_jrun.so JRunConfig Verbose false JRunConfig Apialloc false JRunConfig Ssl false JRunConfig Ignoresuffixmap false JRunConfig Serverstore /usr/local/coldfusionmx7/runtime/lib/wsconfig/1/jrunserver.store JRunConfig Bootstrap 127.0.0.1:51011 #JRunConfig Errorurl #JRunConfig ProxyRetryInterval 600 #JRunConfig ConnectTimeout 15 #JRunConfig RecvTimeout 300 #JRunConfig SendTimeout 15 AddHandler jrun-handler .jsp .jws .cfm .cfml .cfc .cfr .cfswf LoadModule gzip_module libexec/mod_gzip.so mod_gzip_on Yes mod_gzip_can_negotiate Yes mod_gzip_static_suffix .gz AddEncoding gzip .gz mod_gzip_update_static No mod_gzip_command_version '/mod_gzip_status' mod_gzip_temp_dir /tmp mod_gzip_keep_workfiles No mod_gzip_minimum_file_size 500 mod_gzip_maximum_file_size 500000 mod_gzip_maximum_inmem_size 60000 mod_gzip_min_http 1000 mod_gzip_handle_methods GET POST mod_gzip_item_exclude file .js$ mod_gzip_item_exclude file .css$ mod_gzip_item_exclude file .swf$ mod_gzip_item_exclude mime ^image/ mod_gzip_item_include file .php$ mod_gzip_item_include file .cfm$ mod_gzip_item_include file .jsp$ mod_gzip_item_exclude file .pdf$ mod_gzip_item_include file .fic$ mod_gzip_item_include file .html$ mod_gzip_item_include file .htm$ mod_gzip_item_include mime ^text/html mod_gzip_item_include mime ^text/plain mod_gzip_item_include mime ^text/xml #mod_gzip_item_include mime ^application/force_download$ #mod_gzip_item_include mime ^application/pdf$ mod_gzip_item_include handler type-coldfusion mod_gzip_item_include handler jrun-handler mod_gzip_dechunk Yes #then the logging directives LogFormat "%h %l %u %t "%V %r" % d_gzip_input_size}n -< Out:%{mod_gzip_output_size}n = %{mod_gzip_compression_rat io}n pct." common_with_mod_gzip_info2 CustomLog "logs/mod_gzip.log" common_with_mod_gzip_info2 mod_gzip_add_header_count Yes mod_gzip_send_vary On AddType type-coldfusion .fic --snip-- ClearModuleList AddModule ... --snip-- AddModule mod_jrun.c AddModule mod_gzip.c

In my test case I had a page show as 18224 bytes originally which compressed down to 3956 bytes a saving of 14268 bytes or 79%! To test the compression I was using the port80software.com compression check. You can also see this site’s report.

More Information (stuff I read):

owensperformance.com – cheers Irvin!

mod_gzip on sourceforge

How to install mod_gzip