I am using apache proxypass to proxy to 4 different ports (java/jsp applications) with the following configurations (for each):
ProxyPass / http://*****.org:8080/ retry=0
ProxyPassReverse / http://*****.org:8080/
Everything seems work fine until an awkward delay / connection timeout occurs. The web application hangs for about 5 to 15 seconds and starts working normally after that period. It's certainly not the application's issue because everything is fine when using IP address to access it.
When I enabled the debug log in apache, I found out that every time the server seems to hang, the following error appears in the apache error log and the number of apache child processes keep on increasing (ps aux | grep apache).
[Thu Apr 11 10:20:41 2013] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 4 in child 13208 for worker proxy:reverse
[Thu Apr 11 10:20:41 2013] [debug] proxy_util.c(1837): proxy: worker proxy:reverse already initialized
[Thu Apr 11 10:20:41 2013] [debug] proxy_util.c(1934): proxy: initialized single connection worker 4 in child 13208 for (*)
[Thu Apr 11 10:20:41 2013] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 3 in child 13208 for worker http://*****.org:8080/
Also, the access log (access.log) completely stops during that hang period.
This debug message keeps on repeating as long as Apache/web-application is not responding. The application starts to work normally after that duration and the number of apache child process decrease to the normal number.
Apache version : 2.2.16 (Debian)
OS : Debian GNU/Linux 6.0
root@server:~# apache2 -V
Server version: Apache/2.2.16 (Debian)
Server built: Nov 30 2012 08:58:36
I'm running Apache 2.4.4 Win32 on a Windows 2008 server. When trying to optimize a website I noticed a random reoccurring 2550ms delay in Time To First Byte. A file could have a TTFB of 200ms several times but suddenly it would get 2750ms. This could be a static file (image, html, js) or php. I've measured using ApacheBench (locally and remotely), webpagetest.org and bytecheck.com. After much trial and error I found the problem was with mod_rewrite. Disabling this and everything is fine.
I have setup a blank/new install with only basic config change (Listen, ServerRoot etc) to replicate result without anything else interfering. Following is the rewrite section I add to config.
Code: <IfModule mod_rewrite.c> RewriteEngine on RewriteRule (^/Pictures.*) /$1 [L] </IfModule>
After Apache has started I execute "ab http://my.example.com/Pictures/Thumbnails/tmb_400X400_FFFFFF_660.jpg" and always get the delay. If I execute again it's normal. If I wait at least 30 seconds I get the delay. Following is a section from error.log with trace8 logging.
Code: [Tue Mar 12 23:28:56.123519 2013] [rewrite:trace3] [pid 7624:tid 888] mod_rewrite.c(468): [client 69.x.y.90:36279] 69.x.y.90 - - [my.example.com/sid#42c748][rid#26df0d0/initial] applying pattern '(^/Pictures.*)' to uri '/Pictures/Thumbnails/tmb_400X400_FFFFFF_660.jpg'
As you see from line 3 to line 4 the time skips 2550ms. When the TTFB is normal then the log is identical except time doesn't change from line 3 to line 4. If I delete the rewrite section in config then TTFB is always normal, no matter what.
When I testet on the live server the time for fully loaded increase from 3800-4000ms to 8500-10500ms when mod_rewrite is enabled. And that is about 30 requests (php+css+js+images). So the impact is significant.
What can this be? I'm having a hard time believing it's a bug. Isn't mod_rewrite used a lot? I'm running Ubuntu (linux) at home, I'm going to install Apache there and see if I get the same result.
I have a dedicated server running CentOS which has been been running fine for a while now.
On the odd day Apache used to hang, I presume due to load so I installed SIM (System Integrity Manager) to check the status of httpd and to re-start when necessary.
Every now and again SIM would email saying that apache was re-started, no big deal.
Then this morning I got a email from SIM saying apache was down but couldn't be re-started. I then logged into the shell and tried to do a: service httpd restart
I then got a message saying something like: could not bind to port 80. I then tried to kill all httpd processes and re-start apache but the problem persisted. I then just rebooted my server and apache started fine.
Since then I have had hundreds of emails from SIM saying that it has had to re-start apache. Somehow it is detecting it as down and re-starting it. Apache seems to be up and fine. Re-installing SIM does not help.
The weird thing is when I logged in using Putty I got the "server's host key did not match the signature supplied" message like something had changed.
Rkhunter does not return anything just a couple of warnings.
Does anybody know what would cause sim to constantly detect Apache as down in this situation and also how this could happen with no changes being made?
I'm using the isapi rewrite module for iis 6 which uses the exact same syntax as mod_rewrite in apache. I'm not very well versed in apache and need getting this to work asap. Basically I have a directory in our website: URL....
I need to forward this to an IP address, for example to this address:220.127.116.11/folder.While keeping the original URL (www.xyz.edu/folder). I'm unsure of the apache syntax for this.
I want to setup a failover approach in which if after a particular timeout say 10secs the load shifts to some other website like Refer.com | The world. The timeout should be in Proxy Pass and if timeout occurs it shifts to Refer.com | The world
I m trying to setup a reverse proxy with several site that will redirect the request into several internal server.I wanted to do that with several VirtualHost (like shown below). Unfortunatly whatever I type on my browser testsupport.xxxx.com or support2.xxxx.com I m redirected at the first of the config file (in the exemple http://10.253.12.41/.Is it the ServerName key that will redirect to the right proxypass ?
I have a setup where Apache connects to a F5 load balancer which in turn balances between two jboss app servers.
Apache using mod_proxy -> F5 (hardware load balancer) -> 2 jboss application server
It uses jsessionid. I sometimes get 500 errors for the post methods. I think the request goes to the incorrect jboss server because of the F5 load balancer. Everything works just right when I shutdown one of the jboss app servers.
I'm trying to do a setup of alfresco.It has two basic sites. [URL]. Both use kerberos authentication. Alfresco has SSO and share has not. Both sites are on the same server (its just one site but different subs)
I want to put this behind a reverse proxy to eliminate the servername:port combination.
When I put it in a normal config with ajp everything works fine for the share website. I can login without problems. Not so however for the alfresco website. I get a browser login request (not the alfresco one) when i enter my credentials he asks them again and again and then he ends on the regular login page of alfresco at which point everything works. The username I entered is displayed at this point. When I do not enter my credentials correct I do not reach the page.
If I remove the SSO from the alfresco website everything is normal (but i have to login)
I have apache 2.2 on Linux going through the a firewall to a backend sharepoint server. My sharepoint application has anonymous and authenticated traffic. This works fine most of the time but we randomly get (104)Connection reset by peer: proxy: error reading status line from remote server. I was able to fix this by adding *SetEnv force-proxy-request-1.0 1 *SetEnv proxy-nokeepalive 1 *RequestHeader unset Expect early But after I added this I was then no longer able to log in. I would receive a *HTTP/1.1" 401 my understanding is KeepAlive is required for NTLM to work so making sure I can stop the connection resets which are unacceptable and still allow the authenticated users to log in.
I'm currently in the process of configuring a red hat linux server as a proxy server for a number of back end web servers. I set up reverse proxying to hide the web server url's, but I've run into a problem with the second web server, because some of the directory structures are identical on both servers.
I am having a little trouble getting a reverse proxy redirect to work. I have a Linux server running Apache2. I have installed SABnzbd+, Sickbeard, Couchpotato & Headphones onto this device. I want to access SABnzbd+, Sickbeard, Couchpotato & Headphones from the outside world (via a DYNDNS name).
I know that I could just forward the ports through the router, but I don't want all the extra ports opened. I was told that I can have Apache to do a revers proxy, but I can't get it to work. I basically want to be able to do type myname.dyndns.org/sickbeard instead of typing in myname.dyndns.org:8081.
I'm trying to fix a problem with open proxy on my website. It's running ubuntu & apache2. I also run pfsense for a firewall with snort. I have a SSL for the website, so I have regular port 80 redirect to https.
At first I did notice right away when I checked & saw this happen that proxy was turned on. So I got that turned off.
My firewall is still allowing these bad IPs to port 80. I would like to figure out what I could turn on the firewall or snort to stop those connections in addition to what needs fixing in apache. I've read the solution is to make the redirects go to a 403 error page.
I also tried adding a mod_security rule but ended up blocking all people from website, though I may have accidentally turned some other rules on too.
There are a few different problems it looks like.
First - It looks like they're trying to connect to my HTTPS then redirect to an ad through my domain name? Second - It looks like they're still trying to use my website for open proxy but directly accessing ib.adnxs.com through my port 80. My logs indicate I'm redirecting to a 301 page.
Have run through a bunch of threads on mod_proxy race conditions, possible causes, and potential solutions.
What is the status? Is there a fix for this, maybe in 2.4.7?
On 2.4.3 in production we literally have 10K errors in the past 2 months along the lines of:
Code : AH00898: Error reading from remote server returned by...
Application server (JVM webapp) issues no errors at the time of mod_proxy error occurring. It seems then that mod_proxy is sporadically broken, which is horrible for end users accessing an otherwise rock solid production application.
I am running a few different web servers on my home network and have found a way of binding each wb server (and any virtual hosts) to domain names and having a "central" web server rerouting a request to the appropriate server using reverse-proy. at the moment, this central web server is IIS (Windows Server 2008 R2) based and it works perfectly. I want to change the central server to an Apache based one.
As an example; I want the central server to see an incoming http request (e.g sub.domain.com) and reroute it using reverse-proxy to a different web server that wouldn't normaly be accessible from the Internet (e.g 192.168.1.122/index.html).
My question is how do you reverse-proxy to a different server on the LAN with mod_rewrite in Apache?
I'm running both Apache (on port 81) and Lighttpd (port 80) on my VPS. I would like to have Apache run CGI/Perl scripts only for virtual hosts in the Lighttpd.conf. My Lighttpd.conf already has fastCGI enabled though.
a question on mod_proxy. We're using mod_proxy as a simple reverse proxy (ProxyPass & ProxyPassReverse) to reverse-proxy various back-end PHP and Mono/.NET apps.
One problem we see is that when the back-end PHP app suffers an error (e.g. a 404 or 500) , then mod_proxy ignores the nicely-formatted custom error page served up by our PHP app, and instead serves a very plain generic mod_proxy 404 or 500 error page back to the client. Is there a way to configure mod_proxy to serve up the 500/404 error page content which is created by the back-end app ?
(We thought ProxyErrorOverride might work, but it seems to be intended for the opposite scenario, where I want to *ignore* the 404 page content from the back-end and show a mod_proxy-defined error page instead.We're using apache 2.2 on 64-bit CentOS 6.5 ( httpd-2.2.15-31.el6.centos.x86_64 )
I am trying to set up a reverse proxy to the application Surveillance Station on my Synology NAS. Altough the reverse proxy works ok for other apps like Webadmin, Download Station and such, parts of the Surveillance Station app do not work, particulary the Live View & Time Line.
From the logs, I suspect an authorisation problem (because of the 401), but I'm not sure. I have tried ProxyPreserveHost on, ProxyVia full, and some rewrite rules, but I'm not sure what I'm doing Direct access to the port of the app works (i.e. 83.xxx.x.xxx:9900), so i know it has something to do with the reverse proxy.
Some of websites like youtube and facebook are blocked in my country and we can't access them .in addition most of tunneling protocols like PPTP are blocked too . I want to create a website that tunnels between our network and this website like proxy or other ways. Scripts like phpProxy are not secure and many websites don't permit the visitors who come with this scripts. A very good sample for my idea is walww.com . This websites is like alternate for blocked addresses like facebook, but it's premium and require charging cash .
How can I create website like walww.com . I have my own VPS and Host for this issue. Is that possible to serve this blocked websites trough proxy by configuring apache settings?
Own Build Apache 2.4.4 (32bit) with IPv6 support Openssl 1.0.1e on Windows Server 2012.
We implemented this as a reverse proxy with Exchange 2010 behind it. We published Webmail out through Apache. Thought it was going well until users reported strange things. Exchange Web Services users were sending email and they arrived having been posted from another user's mailbox. Also, sometimes viewing the mailbox provides a view of somebody else's mailbox.
We checked out the logs on the Exchange CAS server and what appears to be happening is that the body of the post is being sent with the header of another post.
I've been working with the Apache server (primary under CentOS, but some under Red Hat and on XAMPP stacks as well) and have been tasked with a project.
Periodically, we need to have our web sites down for maintenance - updates, backups, etc. What I've been told to do is find a way to have a 'front end' to our web sites so that, when they are down for maintenance, that then end-users will receive a message 'This site is down for maintenance till XX:XX AM/PM' or such.
Here are my questions:
- What would you call what I am trying to setup? The reading I've done implies that what I really want to setup is a reverse proxy server. Is that what I want to do? - If it isn't a reverse proxy I want to set up, what do I want to setup? - Of the different types of solutions available, What I could use for this? I've read about using Nginx in front of Apache, I've heard of Squid, I've heard about Tomcat. - Is this a type of 'clustering/high availability' project I'm really looking at here? I've been hearing those terms thrown about as well.
In case it makes any kind of a difference, the Apache instances are pretty simple - PHP, MySQL and that's about it - not very involved (for now). I'm hoping that I can learn what/how to do this correctly and, when I'm ready to add more capabilities, that I'll be able to extrapolate out from there what I'd need to do.
-1 Public IP -Host Windows Server 2008 R2 AD/DNS/Hyper-V (server0) + VM Windows Server 2008 R2 Exchange 2010/IIS (server1) + VM Ubuntu server 13.11 Apache 2.4.6 with virtual hosts (server2) + VM Windows Server 2008 R2 Blackberry Enterprise Server running on a Jboss webserver (server3) -All port 80,443 requests points Ubuntu server 13.11 (server2)
Within Apache 2.4.6 I have virtualhost where the setup are as followed
For learning purpose I am configuring a blackberry enterprise server(bes) on server3. It's a clean installation with only the needed applications to run a bes. Because I only have 1 public ip I am trying to reverse proxy this webservice two like server1. The bes webservice is configured to accept connections on port 443. So my first web.conf setup was similar to the setup I used for server1 but I noticed that the webpage was displayed but I couldn't interact with the page because it was a java application. So digging deeper into this i found that the webpage that bes provided me to use isn't the real application but more like a iframe setup.
Example: BES Console address: https://server3.com/webconsole/login Real address: https://server3.com/websconsole/app
Unfortunately after finding this and editing my web.conf to proxypass reverse to this real address I encountered a other problem. The bes webconsole works with session is and parameters
I am using a Windows 7 and the proxy server is working fine. However, I need to run a web content filtering on the server. This should be able to replace or change specific words or phrases from an incoming html and deliver it to the client. I have searched the internet for days for a working configuration but none of them worked. Here is the current configuration I added on the httpd.conf file:
Behind a pfsense box we have a computer who act as a forward proxy with apache. At the end we have the family computer.This is the problem: i can't hide the forward proxy on internet, the forward proxy is reported "detected".
Currently i am trying to install an Apache 2.4.3 as a caching reverse proxy. I would like to use memcached as my cache backend. I figured out there is a mod_socache_memcache, which from my understanding, should do exactly that(in combination with mod_cache_socache). So i compiled mod_cache_socache from trunk, loaded mod_cache, mod_cache_socache and mod_socache_memcache, but now i am stuck with the configuration. Here is what i tried:
where do i configure the path to my memcached instance? The reason for memcached as chaching backend, is that the machine is a windows machine, and from my understanding mod_cache_disk is not as efficient on a NTFS filesystem as it is on EXT3/4.
Another reason is, that later on there should be a possibility to put a second Reverse Proxy machine which shares the cache with the first one by using the same memcached instance (is that possible at all?).