You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Harald Falkenberg <ha...@desy.de> on 2009/02/11 17:24:52 UTC
[users@httpd] Redirection from http to https and sslrequiressl in .htaccess
Hi,
I'm looking for a way to redirect parts of a url tree from a http talking
virtual host to a https talking virtual host. RedirectMatch or ReWrite
Rules work in principal, but I have also a .htaccess file with the rule
sslrequiressl
rule on the non https vh server, which is checked before a redirect or
rewrite rule starts its work. This is to prevent sending pws in clear
text.
Is there a workaround for this problem?
Thanks in advance
Harald
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] observed delay for changing process owner
Posted by Eric Covener <co...@gmail.com>.
On Mon, Feb 15, 2010 at 11:11 AM, Harald Falkenberg
<ha...@desy.de> wrote:
> Hi,
>
> yes, we use nis/pam on the machine, but the mentioned user and group is
> placed local in /etc/passwd and /etc/group. Also I configured the system to
> lookup first in files and then in nis.
>
> I observed this behaviour simple via running several times ps and saw, that
> it took quite a while that the ownership changes from root to the configured
> user in httpd.conf.
>
Try pstack a few times during the delay and pastebin + link the results here.
I still think getgroups() could hang like this, since it can't take a
shortcut and not consult NIS.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] observed delay for changing process owner
Posted by Harald Falkenberg <ha...@desy.de>.
Hi,
yes, we use nis/pam on the machine, but the mentioned user and group is
placed local in /etc/passwd and /etc/group. Also I configured the system
to lookup first in files and then in nis.
I observed this behaviour simple via running several times ps and saw,
that it took quite a while that the ownership changes from root to the
configured user in httpd.conf.
regards
Harald
On Mon, 15 Feb 2010, Eric Covener wrote:
> On Mon, Feb 15, 2010 at 10:43 AM, Harald Falkenberg
> <ha...@desy.de> wrote:
>> Hello,
>>
>> I use apache 1.3.41 on a solaris sparc system.
>>
>> Since quite a while I was wondering, why the httpd processes startup very
>> quickly, but do not serve any request for 60 until 90 seconds.
>>
>> Now I observed, that it takes a long time to change the onwership of the
>> processes, which I set via the 'user' and 'grou' derictives in httpd.conf.
>> After the ownership changed, the processes serve immediately the requests.
>>
>> Did anybody observe something simular and has an idea what might cause this
>> long delay in changing the ownership? Is it possible to to debug the startup
>> phase of the apache, to see were the processes spend their time?
>
> Are you using something like LDAP or NIS for your systems user/group info?
>
> --
> Eric Covener
> covener@gmail.com
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] observed delay for changing process owner
Posted by Eric Covener <co...@gmail.com>.
On Mon, Feb 15, 2010 at 10:43 AM, Harald Falkenberg
<ha...@desy.de> wrote:
> Hello,
>
> I use apache 1.3.41 on a solaris sparc system.
>
> Since quite a while I was wondering, why the httpd processes startup very
> quickly, but do not serve any request for 60 until 90 seconds.
>
> Now I observed, that it takes a long time to change the onwership of the
> processes, which I set via the 'user' and 'grou' derictives in httpd.conf.
> After the ownership changed, the processes serve immediately the requests.
>
> Did anybody observe something simular and has an idea what might cause this
> long delay in changing the ownership? Is it possible to to debug the startup
> phase of the apache, to see were the processes spend their time?
Are you using something like LDAP or NIS for your systems user/group info?
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] observed delay for changing process owner
Posted by Scott Gifford <sg...@suspectclass.com>.
On Mon, Feb 15, 2010 at 10:43 AM, Harald Falkenberg <
harald.falkenberg@desy.de> wrote:
[ ... ]
> Now I observed, that it takes a long time to change the onwership of the
> processes, which I set via the 'user' and 'grou' derictives in httpd.conf.
> After the ownership changed, the processes serve immediately the requests.
>
I am not sure how you have observed this, but my suspiction is you are
observing a side-effect of the delay, not the cause of the delay itself.
One possibility is that your configuration requires a large number of DNS
resolutions; others have suggested other possibilities.
Apart from educated guessing, I unfortunately don't know of a better way to
debug this than to comment out parts of the configuration to see what is
causing the delay. I suspect if you start with a minimal configuration you
will find that the process user and group are changed very quickly.
> Did anybody observe something simular and has an idea what might cause this
> long delay in changing the ownership? Is it possible to to debug the startup
> phase of the apache, to see were the processes spend their time?
>
A tool to debug this would be extremely useful, but unfortunately I'm not
aware of any.
-----Scott.
[users@httpd] observed delay for changing process owner
Posted by Harald Falkenberg <ha...@desy.de>.
Hello,
I use apache 1.3.41 on a solaris sparc system.
Since quite a while I was wondering, why the httpd processes startup very
quickly, but do not serve any request for 60 until 90 seconds.
Now I observed, that it takes a long time to change the onwership of the
processes, which I set via the 'user' and 'grou' derictives in httpd.conf.
After the ownership changed, the processes serve immediately the requests.
Did anybody observe something simular and has an idea what might cause
this long delay in changing the ownership? Is it possible to to debug the
startup phase of the apache, to see were the processes spend their time?
Many thanks in advance
Harald
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Redirection from http to https and sslrequiressl in
.htaccess
Posted by Eric Covener <co...@gmail.com>.
On Wed, Feb 11, 2009 at 11:24 AM, Harald Falkenberg
<ha...@desy.de> wrote:
> Hi,
>
> I'm looking for a way to redirect parts of a url tree from a http talking
> virtual host to a https talking virtual host. RedirectMatch or ReWrite
> Rules work in principal, but I have also a .htaccess file with the rule
> sslrequiressl
> rule on the non https vh server, which is checked before a redirect or
> rewrite rule starts its work. This is to prevent sending pws in clear
> text.
>
Don't use htaccess for things you really want restricted to a specific
virtualhost, or don't share a directory in the filesystem with your
http vhost if you don't want to server it.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Redirection from http to https and sslrequiressl in .htaccess
Posted by "Anthony J. Biacco" <ab...@formatdynamics.com>.
You don't need the sslrequiressl in .htaccess anymore if in the http
vhost you're redirecting it to the https one all the time with a
redirect or whatever. It should never end up in the dir with http.
-Tony
---------------------------
Manager, IT Operations
Format Dynamics, Inc.
303-573-1800x27
abiacco@formatdynamics.com
http://www.formatdynamics.com
-----Original Message-----
From: Harald Falkenberg [mailto:harald.falkenberg@desy.de]
Sent: Wednesday, February 11, 2009 9:25 AM
To: users@httpd.apache.org
Subject: [users@httpd] Redirection from http to https and sslrequiressl
in .htaccess
Hi,
I'm looking for a way to redirect parts of a url tree from a http
talking
virtual host to a https talking virtual host. RedirectMatch or ReWrite
Rules work in principal, but I have also a .htaccess file with the rule
sslrequiressl
rule on the non https vh server, which is checked before a redirect or
rewrite rule starts its work. This is to prevent sending pws in clear
text.
Is there a workaround for this problem?
Thanks in advance
Harald
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org