Category Archives: apache2-module

How can I disable the switch back to mpm_prefork by Apache Security update?

my Apache2 on Ubuntu 16.04 runs mpm_event, but on every Security Update Apache switch back to mpm_prefork. Why and how can I disable this, so mpm_event is still configured?

I found this: https://ubuntu101.co.za/apache-web-server/fix-apache-2-4-loading-wrong-mpm-worker-module/

But this don't work for me. After a security update I get the error message: "No MPM is configured". So my Apache don't run.

Did you have an idea?

Threading in Apache2.2

I am using threading to post data on server.threading is working fine and Data is receiving at the server but Every time i am getting Segmentation Fault/core dump exception for every request.

My thread function

void* APR_THREAD_FUNC thread_init(apr_thread_t *thd,void *data)
{
DATA_INFO_SOCK *dt=(DATA_INFO_SOCK*)data;
apr_status_t result;
result=apr_socket_sendto(dt->new_sock,dt->addr,0,dt->payload,dt->len);
if(result==APR_SUCCESS)
{
 result=apr_socket_recvfrom(dt->addr,dt->new_sock,0,dt->resp,dt->rec_len);
}
result=apr_socket_close(dt->new_sock);
apr_thread_exit(thd, APR_SUCCESS);
}

My thread initiating C code

int post_data_async(request_rec *r, char *host,char *encoded_data,int timout)
{
apr_status_t result;
apr_thread_t *thrd;
apr_threadattr_t *thrdattr;
char *final_msg;
apr_socket_t *new_sock;
apr_sockaddr_t *addr;
DATA_INFO_SOCK *dt=apr_palloc(r->pool,sizeof(DATA_INFO_SOCK));
char *hostname=host;
char *msg = "POST /getRequestData HTTP/1.1\r\n"\
            "HOST: %s\r\n" \
            "Accept: */*\r\n"\
            "Connection: keep-alive\r\n"\
            "Content-Length: %d\r\n"\
            "Content-Type: application/x-www-form-urlencoded\r\n\n%s";
apr_port_t port_no=80;
apr_interval_time_t tmout=timout;
apr_size_t *size=apr_palloc(r->pool,sizeof(apr_size_t));
apr_size_t *rcv=apr_palloc(r->pool,sizeof(apr_size_t));
final_msg=apr_psprintf(r->pool,msg,host,strlen(encoded_data),encoded_data);
result=apr_socket_create(&dt->new_sock,APR_INET,SOCK_STREAM,APR_PROTO_TCP,r->pool);
result=apr_sockaddr_info_get(&dt->addr,hostname,APR_INET,port_no,0,r->pool);
result=apr_socket_connect(dt->new_sock,dt->addr);
//result=apr_socket_timeout_set(dt->new_sock,tmout);
*size=strlen(final_msg);
//data preparation for thread
dt->r=r;
dt->resp=apr_palloc(r->pool,sizeof(char)*1024);
dt->payload=final_msg;
dt->len=size;
dt->rec_len=rcv;
result=apr_thread_create(&thrd,NULL,thread_init,(void*)dt,r->pool);
ap_rputs("resule after thread",r);
return 0;
}

How to add Apache module configuration directives?

How can I create configuration directives in apache2.conf file for my module or create separate configuration file for module configurations for these setting:

static const command_rec module_directives[] =
{
AP_INIT_FLAG("modsecurity", ap_set_flag_slot(void*)APR_OFFSETOF(apache_http_modsecurity_loc_conf_t,enable), OR_OPTIONS, "The argument must be either 'On' or 'Off'"),
AP_INIT_TAKE1("modsecurity_rules_file", ap_set_string_slot, (void*)APR_OFFSETOF(apache_http_modsecurity_loc_conf_t,rules_file), OR_OPTIONS, "Load ModSecurity rules from a file"),
AP_INIT_TAKE2("modsecurity_rules_remote", apache_http_modsecurity_set_remote_server, NULL, OR_OPTIONS, "Load ModSecurity rules from a remote server"),
AP_INIT_TAKE1("modsecurity_rules", ap_set_string_slot, (void*)APR_OFFSETOF(apache_http_modsecurity_loc_conf_t,rules), OR_OPTIONS, "Please ensure that the arugment is specified correctly, including line continuations."),
AP_INIT_FLAG("IOInput", enable_input, NULL, RSRC_CONF, "Enable Input Data"),
AP_INIT_FLAG("IOOutput", enable_output, NULL, RSRC_CONF, "Enable Output Data"),
{ NULL }
};

exclude path from ProxyPass

I created a virtualHost host.com. And I need to proxy all requests to localhost:3000. Also on host.com/api/v1/* I have bunch of api endpoints for this app. So since my server is appache I started with these lines in my virtualHost config:

ProxyPassMatch ^(/.*\.jpg)$ !
ProxyPassMatch ^/api/v1(.*)$ !

ProxyPass / http://0.0.0.0:3000/
ProxyPassReverse / http://0.0.0.0:3000/

So this way i can request for host.com/images/image.jpg and it proxies me images, also main host.com proxy work. But request like host.com/api/v1/users answers with error 503 and Service Temporarily Unavailable. Any guess how can I achieve api/v1/* endpoints?

Apache2 virtual hosts links in website no working

I installed apache2 server and enabled a2ensite for my domain name. I followed link - https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-14-04-lts to setup virtual hosts.

Now when I type my domain name, the site homepage shows up but the links in website are not working. I get "Not found" with message "requested URL was not found on this server"

My mydomian.com.conf file is as below in /etc/apache2/sites-enabled folder

<VirtualHost *:80>
   ServerAdmin [email protected]
   ServerName mydomain.com
   ServerAlias www.mydomain.com
   DocumentRoot /var/www/html/mydomain.com/public_html
   ErrorLog ${APACHE_LOG_DIR}/error.log
   CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

All the code is present in path - /var/www/html/mydomain.com/public_html

Please let me know how I can make the links on my website working.

Thanks

mod_cloudflare is not passing real IPs to my apache2 logs even though it appears to be installed and enabled

I can't figure this out at all. I've tried everything I can think of. I still get bizarre IP addresses in my log files. It's making it very difficult to protect against attacks because I cannot see the real IPs of the attackers unless I screw around with tcpdump.

Although installed and enabled mod_cloudflare is not passing the correct IP addresses to apache2 log files at all.

I am seeing a lot of IP addresses like; 54.217.28.68 which I know are not correct. My test method is to use 'curl' with long easily identifiable URLs that no regular visitor (or attacker) would be likely to visit and then check my log files. At the same time as my tests I'm getting bizare IP addresses that have nothing to do with the hosts I'm performing the tests from. Why is this happening?

mod_cloudflare is definitely installed on ubuntu 14.04 running apache2. I have never seen this before.

The strange, unrecognized IP addresses are often coming from Amazon data centers - I guess CloudFlare servers are often located in Amazon data centers?

Here what I'm getting when I verify that the cloudflare module is enabled:

[email protected]:/var/log/apache2# apache2ctl -M | grep cloud
cloudflare_module (shared)

I tried using tcpdump looked for a packet containing an HTTP header. It looks like it works but I am not getting legit IPs in my logs still...

Host: www.mysite.com
User-Agent: Podcasts/1075.33 CFNetwork/758.1.6 Darwin/15.0.0 X-Middleton/1
Accept: */*
Accept-Language: en-us
CF-Connecting-IP: 2602:306:8b00:64b0:6596:26d9:496b:156b
Cf-Ipcountry: US
Cf-Ray: 24f1ce001b002828-SJC
Cf-Visitor: {"scheme":"http"}
Cookie: __cfduid=dcd6e93c799b853cb0f57c6bb3a91cd891449138442; ezouid=1146425940; l$
If-Modified-Since: Mon, 30 Nov 2015 11:28:06 GMT
X-Forwarded-For: 2602:306:8b00:64b0:6596:26d9:496b:156b, 2602:306:8b00:64b0:6596:2$
X-Middleton: 1
X-Middleton-Ip: 2602:306:8b00:64b0:6596:26d9:496b:156b
X-Real-Ip: 2602:306:8b00:64b0:6596:26d9:496b:156b
Accept-Encoding: gzip
Connection: close

That one looks like it has an IPv6 address. I never saw IPv6 in my logs before but otherwise it looks right to me. I continued looking and I found one with a regular IP and it also looks right. But somehow I am not getting the correct IP addresses in my logs. How can this be?

CF-Connecting-IP: 66.249.73.228
Cf-Ipcountry: US
Cf-Ray: 24f1d3f9c892271d-DFW
Cf-Visitor: {"scheme":"http"}
Cookie: ezouid=1006370956; lp=http://www.mysite.com.com/about
From: googlebot(at)googlebot.com
X-Forwarded-For: 66.249.73.228, 66.249.73.228
X-Middleton: 1
X-Middleton-Ip: 66.249.73.228
X-Real-Ip: 66.249.73.228

In this second case it definitely appears to be correct because the user agent is google bot and the IP is owned by google and infosniper.net recognizes it as a google bot IP.

So what can be going on here? I just grepped my access log for the second IP, 66.249.73.228 and it's nowhere to be found.

I repeated my own test while running tcpdump. I can see my real IP in the tcpdump. I can find the same request exact request in the access log but it does NOT have my real IP attached to it. How can this be?

www.mysite.com:80 54.215.93.69 - - [03/Dec/2015:22:05:44 +0300] "GET /this_is_a_long_testing_URL_for_capturing_packets_HA4

54.215.93.69 is definitely not my IP. It doesn't appear in any of the cloudflare headers at all. It also deosn't appear anywhere in the packet capture dump either.

Can anyone describe how to further troubleshoot or fix this?

Thanks!

How to prevent IndexOrderDefault IndexOptions inheritance?

I'm having a problem with apache2 on Ubuntu. I don't know how to stop the sub-directories to inherit the IndexOptions config of the parent directory.

This is my configuration:

<Directory "/home/user/Documents/">
   AllowOverride None
   Options Indexes FollowSymLinks MultiViews
   IndexOptions FancyIndexing
   IndexOrderDefault Descending Name
   Require all granted
   allow from all
</Directory>`

What I'd like to do is to set a reverse order for the files in the Documents/Test dir and keep all the rest (inside Documents/Test/*/ or Documents/) unchanged.

Thanks!!

How to filter based on request URL in Apache HTTP server

I want to have a apache http server in between my application and client.

A query parameter has to be passed on accessing by client. For example, if my client is running in http://myhost:myport/myapp then it has to be accessed only by passing the parameter myparam. Like http://myhost:myport/myapp?myparam=123.

So in my apache http server I want to filter the requests which does not contain the query parameter myparam.

I tried using filters. It has some predefined filters but none of the filters satisfy my requirement. I tried using mod_ext_filter. But it seems the entire content being passed to my program, not the URL. Since I need to filter based on the parameter present in URL I don't think it satisfy my requirement.

Is there any http server module which can be be used to filter based on parameter being passed in URL?

EDIT

In addition, I need to get the value from query param and validate it as well. The validation is a REST service call