Tomcat autodeploy doesn’t return actual files via HTTP

Old file is:

$ curl http://localhost:8084
First file 

I mean - war-file contains only one index.jsp page with text "First page":

$ jar tf ../app-application/APP.war
META-INF/
META-INF/MANIFEST.MF
index.jsp

Tomcat's server.xml has next components config:

    <Host
      name="localhost"
      appBase="/home/user/APP/app-application/"
      unpackWARs="false"
      autoDeploy="true"
      deployOnStartup="false">

      <Context
        path=""
        docBase="APP.war"
        reloadable="true"
      />

Then - I copied new war-file:

$ cat ../tmp/1/index.jsp
Second file

$ cd ../tmp/1/ && jar cf APP.war index.jsp

$ cp APP.war ../../app-application/
cp: overwrite `../../app-application/APP.war'? y

And see in log:

 INFO: Undeploying context [/APP]
 Jun 3, 2014 1:16:40 PM org.apache.catalina.startup.HostConfig deployWAR
 INFO: Deploying web application archive /home/user/APP/app-application/APP.war

Buit - when I'm trying open it with browser - I got old file again:

$ curl http://localhost:8084/
First file

And only after full Tomcat's reboot - I see new file;

$ curl http://localhost:8084
Second file

Why? Am I missed something? Tomcat keep it in some cache?

www to non-www .htaccess not working

EDIT: The problem was that the domain was purchased at GoDaddy, but hosted at Endurance Internation Group (they own Hostgator and a few other small web hosts). Endurance doesn't have mod_rewrite activated by default, which is why this wasn't working.

I have hosted the site on GoDaddy and now everything works 100%.


I have a website that Google is indexing the www and non-www version of. I only want the non-www version. This is my current .htaccess code. The 301 redirects of individual files at the bottom work, but the www to non-www code at the top does not work.

What am I doing wrong?

RewriteEngine On 
RewriteBase / 
RewriteCond % ^www.example.com [NC] 
RewriteRule ^(.*)$ http://example.com/$1 [L,R=301]

# Redirect old file path to new file path
Redirect 301 /aboutcarytreeservice.html http://example.com/about.html
Redirect 301 /carytreeservice.html http://example.com/services.html
Redirect 301 /treeremovaldurhamnc.html http://example.com/durham.html
Redirect 301 /treeservicedurhamnc.html http://example.com/durham.html
Redirect 301 /treeremovalraleighnc.html http://example.com/

www to non-www .htaccess not working

EDIT: The problem was that the domain was purchased at GoDaddy, but hosted at Endurance Internation Group (they own Hostgator and a few other small web hosts). Endurance doesn't have mod_rewrite activated by default, which is why this wasn't working.

I have hosted the site on GoDaddy and now everything works 100%.


I have a website that Google is indexing the www and non-www version of. I only want the non-www version. This is my current .htaccess code. The 301 redirects of individual files at the bottom work, but the www to non-www code at the top does not work.

What am I doing wrong?

RewriteEngine On 
RewriteBase / 
RewriteCond % ^www.example.com [NC] 
RewriteRule ^(.*)$ http://example.com/$1 [L,R=301]

# Redirect old file path to new file path
Redirect 301 /aboutcarytreeservice.html http://example.com/about.html
Redirect 301 /carytreeservice.html http://example.com/services.html
Redirect 301 /treeremovaldurhamnc.html http://example.com/durham.html
Redirect 301 /treeservicedurhamnc.html http://example.com/durham.html
Redirect 301 /treeremovalraleighnc.html http://example.com/

Bug? Cannot set persistent booleans without managed policy

I have an installation of Magneto, and it couldn't send any emails. Upon investigation, httpd_can_sendmail was turned off. This can be shown by getsebool -a | grep mail.

First I tried setsebool -P httpd_can_sendmail on, which gave me an error Cannot set persistent booleans without managed policy.

Then I read this article, and it's saying this is a bug and that it should really complain that you need root privileges. So sudo setsebool -P httpd_can_sendmail on turned it on.. The bug report is 4 years old, and this site is on Red Hat Enterprise Linux Server release 6.5 (Santiago) hosted on AWS. Is this error message simply just mis-worded? Should I have run that command as root?

Bug? Cannot set persistent booleans without managed policy

I have an installation of Magneto, and it couldn't send any emails. Upon investigation, httpd_can_sendmail was turned off. This can be shown by getsebool -a | grep mail.

First I tried setsebool -P httpd_can_sendmail on, which gave me an error Cannot set persistent booleans without managed policy.

Then I read this article, and it's saying this is a bug and that it should really complain that you need root privileges. So sudo setsebool -P httpd_can_sendmail on turned it on.. The bug report is 4 years old, and this site is on Red Hat Enterprise Linux Server release 6.5 (Santiago) hosted on AWS. Is this error message simply just mis-worded? Should I have run that command as root?

Openssl and Wamp server setup

Hey I'm running into an issue setting up ssl in my WAMP server. I changed the path of the certificate. So i don't know why its not recognize int it. or perhaps I'm not changing the right path.

This is the message I'm getting:

              C:\wamp\bin\apache\apache2.4.9\bin>httpd -t
              AH00112: Warning: DocumentRoot [C:/Apache24/htdocs] does not exist
              AH00526: Syntax error on line 103 of C:/wamp/bin/apache/apache2.4.9/conf/extra/h
              ttpd-ssl.conf:
              SSLCertificateFile: file 'C:/Apache24/conf/server.crt' does not exist or is empty

              C:\wamp\bin\apache\apache2.4.9\bin></pre> </code>

This is my my httpd-ssl.conf

# This is the Apache server configuration file providing SSL support. # It contains the configuration directives to instruct the server how to # serve pages over an https connection. For detailed information about these # directives see <URL:http://httpd.apache.org/docs/2.4/mod/mod_ssl.html> # # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. # # Required modules: mod_log_config, mod_setenvif, mod_ssl, # socache_shmcb_module (for default value of SSLSessionCache) # # Pseudo Random Number Generator (PRNG): # Configure one or more sources to seed the PRNG of the SSL library. # The seed data should be of good random quality. # WARNING! On some platforms /dev/random blocks if not enough entropy # is available. This means you then cannot use the /dev/random device # because it would lead to very long connection times (as long as # it requires to make more entropy available). But usually those # platforms additionally provide a /dev/urandom device which doesn't # block. So, if available, use this one instead. Read the mod_ssl User # Manual for more details. # #SSLRandomSeed startup file:/dev/random 512 #SSLRandomSeed startup file:/dev/urandom 512 #SSLRandomSeed connect file:/dev/random 512 #SSLRandomSeed connect file:/dev/urandom 512 # # When we also provide SSL we have to listen to the # standard HTTP port (see above) and to the HTTPS port # Listen 443 ## ## SSL Global Context ## ## All SSL configuration in this context applies both to ## the main server and all SSL-enabled virtual hosts. ## # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 # Speed-optimized SSL Cipher configuration: # If speed is your main concern (on busy HTTPS servers e.g.), # you might want to force clients to specific, performance # optimized ciphers. In this case, prepend those ciphers # to the SSLCipherSuite list, and enable SSLHonorCipherOrder. # Caveat: by giving precedence to RC4-SHA and AES128-SHA # (as in the example below), most connections will no longer # have perfect forward secrecy - if the server's key is # compromised, captures of past or future traffic must be # considered compromised, too. #SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 #SSLHonorCipherOrder on # Pass Phrase Dialog: # Configure the pass phrase gathering process. # The filtering dialog program (`builtin' is an internal # terminal dialog) has to provide the pass phrase on stdout. SSLPassPhraseDialog builtin # Inter-Process Session Cache: # Configure the SSL Session Cache: First the mechanism # to use and second the expiring timeout (in seconds). #SSLSessionCache "dbm:c:/Apache24/logs/ssl_scache" SSLSessionCache "shmcb:c:/Apache24/logs/ssl_scache(512000)" SSLSessionCacheTimeout 300 ## ## SSL Virtual Host Context ## <VirtualHost _default_:443> # General setup for the virtual host DocumentRoot "c:/wamp/www/" ServerName www.example.com:443 ServerAdmin [email protected] ErrorLog "c:/Apache24/logs/sslerror.log" TransferLog "c:/Apache24/logs/sslaccess.log" # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on # Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If # the certificate is encrypted, then you will be prompted for a # pass phrase. Note that a kill -HUP will prompt again. Keep # in mind that if you have both an RSA and a DSA certificate you # can configure both in parallel (to also allow the use of DSA # ciphers, etc.) # Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt) # require an ECC certificate which can also be configured in # parallel. SSLCertificateFile "C:\wamp\bin\apache\apache2.4.9\conf\ssl.crt" #SSLCertificateFile "c:/Apache24/conf/server-dsa.crt" #SSLCertificateFile "c:/Apache24/conf/server-ecc.crt" # Server Private Key: # If the key is not combined with the certificate, use this # directive to point at the key file. Keep in mind that if # you've both a RSA and a DSA private key you can configure # both in parallel (to also allow the use of DSA ciphers, etc.) # ECC keys, when in use, can also be configured in parallel SSLCertificateKeyFile "c:/Apache24/conf/server.key" #SSLCertificateKeyFile "c:/Apache24/conf/server-dsa.key" #SSLCertificateKeyFile "c:/Apache24/conf/server-ecc.key" # Server Certificate Chain: # Point SSLCertificateChainFile at a file containing the # concatenation of PEM encoded CA certificates which form the # certificate chain for the server certificate. Alternatively # the referenced file can be the same as SSLCertificateFile # when the CA certificates are directly appended to the server # certificate for convenience. #SSLCertificateChainFile "c:/Apache24/conf/server-ca.crt" # Certificate Authority (CA): # Set the CA certificate verification path where to find CA # certificates for client authentication or alternatively one # huge file containing all of them (file must be PEM encoded) # Note: Inside SSLCACertificatePath you need hash symlinks # to point to the certificate files. Use the provided # Makefile to update the hash symlinks after changes. #SSLCACertificatePath "c:/Apache24/conf/ssl.crt" #SSLCACertificateFile "c:/Apache24/conf/ssl.crt/ca-bundle.crt" # Certificate Revocation Lists (CRL): # Set the CA revocation path where to find CA CRLs for client # authentication or alternatively one huge file containing all # of them (file must be PEM encoded). # The CRL checking mode needs to be configured explicitly # through SSLCARevocationCheck (defaults to "none" otherwise). # Note: Inside SSLCARevocationPath you need hash symlinks # to point to the certificate files. Use the provided # Makefile to update the hash symlinks after changes. #SSLCARevocationPath "c:/Apache24/conf/ssl.crl" #SSLCARevocationFile "c:/Apache24/conf/ssl.crl/ca-bundle.crl" #SSLCARevocationCheck chain # Client Authentication (Type): # Client certificate verification type and depth. Types are # none, optional, require and optional_no_ca. Depth is a # number which specifies how deeply to verify the certificate # issuer chain before deciding the certificate is not valid. #SSLVerifyClient require #SSLVerifyDepth 10 # TLS-SRP mutual authentication: # Enable TLS-SRP and set the path to the OpenSSL SRP verifier # file (containing login information for SRP user accounts). # Requires OpenSSL 1.0.1 or newer. See the mod_ssl FAQ for # detailed instructions on creating this file. Example: # "openssl srp -srpvfile c:/Apache24/conf/passwd.srpv -add username" #SSLSRPVerifierFile "c:/Apache24/conf/passwd.srpv" # Access Control: # With SSLRequire you can do per-directory access control based # on arbitrary complex boolean expressions containing server # variable checks and other lookup directives. The syntax is a # mixture between C and Perl. See the mod_ssl documentation # for more details. #<Location /> #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ #</Location> # SSL Engine Options: # Set various options for the SSL engine. # o FakeBasicAuth: # Translate the client X.509 into a Basic Authorisation. This means that # the standard Auth/DBMAuth methods can be used for access control. The # user name is the `one line' version of the client's X.509 certificate. # Note that no password is obtained from the user. Every entry in the user # file needs this password: `xxj31ZMTZzkVA'. # o ExportCertData: # This exports two additional environment variables: SSL_CLIENT_CERT and # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the # server (always existing) and the client (only existing when client # authentication is used). This can be used to import the certificates # into CGI scripts. # o StdEnvVars: # This exports the standard SSL/TLS related `SSL_*' environment variables. # Per default this exportation is switched off for performance reasons, # because the extraction step is an expensive operation and is usually # useless for serving static content. So one usually enables the # exportation for CGI and SSI requests only. # o StrictRequire: # This denies access when "SSLRequireSSL" or "SSLRequire" applied even # under a "Satisfy any" situation, i.e. when it applies access is denied # and no other module can change it. # o OptRenegotiate: # This enables optimized SSL connection renegotiation handling when SSL # directives are used in per-directory context. #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "c:/wamp/www/"> SSLOptions +StdEnvVars AllowOveride All Order allow deny allow from all </Directory> # SSL Protocol Adjustments: # The safe and default but still SSL/TLS standard compliant shutdown # approach is that mod_ssl sends the close notify alert but doesn't wait for # the close notify alert from client. When you need a different shutdown # approach you can use one of the following variables: # o ssl-unclean-shutdown: # This forces an unclean shutdown when the connection is closed, i.e. no # SSL close notify alert is sent or allowed to be received. This violates # the SSL/TLS standard but is needed for some brain-dead browsers. Use # this when you receive I/O errors because of the standard approach where # mod_ssl sends the close notify alert. # o ssl-accurate-shutdown: # This forces an accurate shutdown when the connection is closed, i.e. a # SSL close notify alert is send and mod_ssl waits for the close notify # alert of the client. This is 100% SSL/TLS standard compliant, but in # practice often causes hanging connections with brain-dead browsers. Use # this only for browsers where you know that their SSL implementation # works correctly. # Notice: Most problems of broken clients are also related to the HTTP # keep-alive facility, so you usually additionally want to disable # keep-alive for those clients, too. Use variable "nokeepalive" for this. # Similarly, one has to force some clients to use HTTP/1.0 to workaround # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and # "force-response-1.0" for this. BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 # Per-Server Logging: # The home of a custom SSL log file. Use this when you want a # compact non-error SSL logfile on a virtual host basis. CustomLog "c:/Apache24/logs/ssl_request.log" \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost>

Openssl and Wamp server setup

Hey I'm running into an issue setting up ssl in my WAMP server. I changed the path of the certificate. So i don't know why its not recognize int it. or perhaps I'm not changing the right path.

This is the message I'm getting:

              C:\wamp\bin\apache\apache2.4.9\bin>httpd -t
              AH00112: Warning: DocumentRoot [C:/Apache24/htdocs] does not exist
              AH00526: Syntax error on line 103 of C:/wamp/bin/apache/apache2.4.9/conf/extra/h
              ttpd-ssl.conf:
              SSLCertificateFile: file 'C:/Apache24/conf/server.crt' does not exist or is empty

              C:\wamp\bin\apache\apache2.4.9\bin></pre> </code>

This is my my httpd-ssl.conf

# This is the Apache server configuration file providing SSL support. # It contains the configuration directives to instruct the server how to # serve pages over an https connection. For detailed information about these # directives see <URL:http://httpd.apache.org/docs/2.4/mod/mod_ssl.html> # # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. # # Required modules: mod_log_config, mod_setenvif, mod_ssl, # socache_shmcb_module (for default value of SSLSessionCache) # # Pseudo Random Number Generator (PRNG): # Configure one or more sources to seed the PRNG of the SSL library. # The seed data should be of good random quality. # WARNING! On some platforms /dev/random blocks if not enough entropy # is available. This means you then cannot use the /dev/random device # because it would lead to very long connection times (as long as # it requires to make more entropy available). But usually those # platforms additionally provide a /dev/urandom device which doesn't # block. So, if available, use this one instead. Read the mod_ssl User # Manual for more details. # #SSLRandomSeed startup file:/dev/random 512 #SSLRandomSeed startup file:/dev/urandom 512 #SSLRandomSeed connect file:/dev/random 512 #SSLRandomSeed connect file:/dev/urandom 512 # # When we also provide SSL we have to listen to the # standard HTTP port (see above) and to the HTTPS port # Listen 443 ## ## SSL Global Context ## ## All SSL configuration in this context applies both to ## the main server and all SSL-enabled virtual hosts. ## # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 # Speed-optimized SSL Cipher configuration: # If speed is your main concern (on busy HTTPS servers e.g.), # you might want to force clients to specific, performance # optimized ciphers. In this case, prepend those ciphers # to the SSLCipherSuite list, and enable SSLHonorCipherOrder. # Caveat: by giving precedence to RC4-SHA and AES128-SHA # (as in the example below), most connections will no longer # have perfect forward secrecy - if the server's key is # compromised, captures of past or future traffic must be # considered compromised, too. #SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 #SSLHonorCipherOrder on # Pass Phrase Dialog: # Configure the pass phrase gathering process. # The filtering dialog program (`builtin' is an internal # terminal dialog) has to provide the pass phrase on stdout. SSLPassPhraseDialog builtin # Inter-Process Session Cache: # Configure the SSL Session Cache: First the mechanism # to use and second the expiring timeout (in seconds). #SSLSessionCache "dbm:c:/Apache24/logs/ssl_scache" SSLSessionCache "shmcb:c:/Apache24/logs/ssl_scache(512000)" SSLSessionCacheTimeout 300 ## ## SSL Virtual Host Context ## <VirtualHost _default_:443> # General setup for the virtual host DocumentRoot "c:/wamp/www/" ServerName www.example.com:443 ServerAdmin [email protected] ErrorLog "c:/Apache24/logs/sslerror.log" TransferLog "c:/Apache24/logs/sslaccess.log" # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on # Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If # the certificate is encrypted, then you will be prompted for a # pass phrase. Note that a kill -HUP will prompt again. Keep # in mind that if you have both an RSA and a DSA certificate you # can configure both in parallel (to also allow the use of DSA # ciphers, etc.) # Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt) # require an ECC certificate which can also be configured in # parallel. SSLCertificateFile "C:\wamp\bin\apache\apache2.4.9\conf\ssl.crt" #SSLCertificateFile "c:/Apache24/conf/server-dsa.crt" #SSLCertificateFile "c:/Apache24/conf/server-ecc.crt" # Server Private Key: # If the key is not combined with the certificate, use this # directive to point at the key file. Keep in mind that if # you've both a RSA and a DSA private key you can configure # both in parallel (to also allow the use of DSA ciphers, etc.) # ECC keys, when in use, can also be configured in parallel SSLCertificateKeyFile "c:/Apache24/conf/server.key" #SSLCertificateKeyFile "c:/Apache24/conf/server-dsa.key" #SSLCertificateKeyFile "c:/Apache24/conf/server-ecc.key" # Server Certificate Chain: # Point SSLCertificateChainFile at a file containing the # concatenation of PEM encoded CA certificates which form the # certificate chain for the server certificate. Alternatively # the referenced file can be the same as SSLCertificateFile # when the CA certificates are directly appended to the server # certificate for convenience. #SSLCertificateChainFile "c:/Apache24/conf/server-ca.crt" # Certificate Authority (CA): # Set the CA certificate verification path where to find CA # certificates for client authentication or alternatively one # huge file containing all of them (file must be PEM encoded) # Note: Inside SSLCACertificatePath you need hash symlinks # to point to the certificate files. Use the provided # Makefile to update the hash symlinks after changes. #SSLCACertificatePath "c:/Apache24/conf/ssl.crt" #SSLCACertificateFile "c:/Apache24/conf/ssl.crt/ca-bundle.crt" # Certificate Revocation Lists (CRL): # Set the CA revocation path where to find CA CRLs for client # authentication or alternatively one huge file containing all # of them (file must be PEM encoded). # The CRL checking mode needs to be configured explicitly # through SSLCARevocationCheck (defaults to "none" otherwise). # Note: Inside SSLCARevocationPath you need hash symlinks # to point to the certificate files. Use the provided # Makefile to update the hash symlinks after changes. #SSLCARevocationPath "c:/Apache24/conf/ssl.crl" #SSLCARevocationFile "c:/Apache24/conf/ssl.crl/ca-bundle.crl" #SSLCARevocationCheck chain # Client Authentication (Type): # Client certificate verification type and depth. Types are # none, optional, require and optional_no_ca. Depth is a # number which specifies how deeply to verify the certificate # issuer chain before deciding the certificate is not valid. #SSLVerifyClient require #SSLVerifyDepth 10 # TLS-SRP mutual authentication: # Enable TLS-SRP and set the path to the OpenSSL SRP verifier # file (containing login information for SRP user accounts). # Requires OpenSSL 1.0.1 or newer. See the mod_ssl FAQ for # detailed instructions on creating this file. Example: # "openssl srp -srpvfile c:/Apache24/conf/passwd.srpv -add username" #SSLSRPVerifierFile "c:/Apache24/conf/passwd.srpv" # Access Control: # With SSLRequire you can do per-directory access control based # on arbitrary complex boolean expressions containing server # variable checks and other lookup directives. The syntax is a # mixture between C and Perl. See the mod_ssl documentation # for more details. #<Location /> #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ #</Location> # SSL Engine Options: # Set various options for the SSL engine. # o FakeBasicAuth: # Translate the client X.509 into a Basic Authorisation. This means that # the standard Auth/DBMAuth methods can be used for access control. The # user name is the `one line' version of the client's X.509 certificate. # Note that no password is obtained from the user. Every entry in the user # file needs this password: `xxj31ZMTZzkVA'. # o ExportCertData: # This exports two additional environment variables: SSL_CLIENT_CERT and # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the # server (always existing) and the client (only existing when client # authentication is used). This can be used to import the certificates # into CGI scripts. # o StdEnvVars: # This exports the standard SSL/TLS related `SSL_*' environment variables. # Per default this exportation is switched off for performance reasons, # because the extraction step is an expensive operation and is usually # useless for serving static content. So one usually enables the # exportation for CGI and SSI requests only. # o StrictRequire: # This denies access when "SSLRequireSSL" or "SSLRequire" applied even # under a "Satisfy any" situation, i.e. when it applies access is denied # and no other module can change it. # o OptRenegotiate: # This enables optimized SSL connection renegotiation handling when SSL # directives are used in per-directory context. #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "c:/wamp/www/"> SSLOptions +StdEnvVars AllowOveride All Order allow deny allow from all </Directory> # SSL Protocol Adjustments: # The safe and default but still SSL/TLS standard compliant shutdown # approach is that mod_ssl sends the close notify alert but doesn't wait for # the close notify alert from client. When you need a different shutdown # approach you can use one of the following variables: # o ssl-unclean-shutdown: # This forces an unclean shutdown when the connection is closed, i.e. no # SSL close notify alert is sent or allowed to be received. This violates # the SSL/TLS standard but is needed for some brain-dead browsers. Use # this when you receive I/O errors because of the standard approach where # mod_ssl sends the close notify alert. # o ssl-accurate-shutdown: # This forces an accurate shutdown when the connection is closed, i.e. a # SSL close notify alert is send and mod_ssl waits for the close notify # alert of the client. This is 100% SSL/TLS standard compliant, but in # practice often causes hanging connections with brain-dead browsers. Use # this only for browsers where you know that their SSL implementation # works correctly. # Notice: Most problems of broken clients are also related to the HTTP # keep-alive facility, so you usually additionally want to disable # keep-alive for those clients, too. Use variable "nokeepalive" for this. # Similarly, one has to force some clients to use HTTP/1.0 to workaround # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and # "force-response-1.0" for this. BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 # Per-Server Logging: # The home of a custom SSL log file. Use this when you want a # compact non-error SSL logfile on a virtual host basis. CustomLog "c:/Apache24/logs/ssl_request.log" \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost>

Legacy Perl Code and Apache2

I have to maintain a prehistoric web site with tons of Perl code. After moving to a new Server things got fuzzy:

When multiple requests from the same Client are running on a page (generating images with GD), those scripts overwrite each others variables, leading to strange results.

As a quick workaround I set MaxRequestsPerChild=1 in Apache, which fixes this, but now things are slowed down to a crawl ...

Is there a way to separate the requests ? Any mod_perl or Apache parameters that could help me ?

Apache:

Server version: Apache/2.2.15 (Unix)
Server built:   Apr  3 2014 23:56:16
Server's Module Magic Number: 20051115:25
Server loaded:  APR 1.3.9, APR-Util 1.3.9
Compiled using: APR 1.3.9, APR-Util 1.3.9
Architecture:   64-bit
Server MPM:     Prefork
  threaded:     no
    forked:     yes (variable process count)

perl -v

This is perl, v5.10.1 (*) built for x86_64-linux-thread-multi

Any solution for this would be greatly appreciated :)


EDIT: I could not find a proper way to fix things with mod_perl, but the following workaround works:

  • Disable mod_perl
  • Enable mod_cgi
  • AddHandler cgi-script .pl
  • Disable suEXEC

The last one was necessary because it gave me 'premature end of script headers' when suEXEC was enabled.

Just another Blog Hosting Sites site