Search Results

Search found 2291 results on 92 pages for 'webserver'.

Page 92/92 | < Previous Page | 88 89 90 91 92 

  • IIS Strategies for Accessing Secured Network Resources

    - by ErikE
    Problem: A user connects to a service on a machine, such as an IIS web site or a SQL Server database. The site or the database need to gain access to network resources such as file shares (the most common) or a database on a different server. Permission is denied. This is because the user the service is running under doesn't have network permissions in the first place, or if it does, it doesn't have rights to access the remote resource. I keep running into this problem over and over again and am tired of not having a really solid way of handling it. Here are some workarounds I'm aware of: Run IIS as a custom-created domain user who is granted high permissions If permissions are granted one file share at a time, then every time I want to read from a new share, I would have to ask a network admin to add it for me. Eventually, with many web sites reading from many shares, it is going to get really complicated. If permissions are just opened up wide for the user to access any file shares in our domain, then this seems like an unnecessary security surface area to present. This also applies to all the sites running on IIS, rather than just the selected site or virtual directory that needs the access, a further surface area problem. Still use the IUSR account but give it network permissions and set up the same user name on the remote resource (not a domain user, a local user) This also has its problems. For example, there's a file share I am using that I have full rights to for sharing, but I can't log in to the machine. So I have to find the right admin and ask him to do it for me. Any time something has to change, it's another request to an admin. Allow IIS users to connect as anonymous, but set the account used for anonymous access to a high-privilege one This is even worse than giving the IIS IUSR full privileges, because it means my web site can't use any kind of security in the first place. Connect using Kerberos, then delegate This sounds good in principle but has all sorts of problems. First of all, if you're using virtual web sites where the domain name you connect to the site with is not the base machine name (as we do frequently), then you have to set up a Service Principal Name on the webserver using Microsoft's SetSPN utility. It's complicated and apparently prone to errors. Also, you have to ask your network/domain admin to change security policy for both the web server and the domain account so they are "trusted for delegation." If you don't get everything perfectly right, suddenly your intended Kerberos authentication is NTLM instead, and you can only impersonate rather than delegate, and thus no reaching out over the network as the user. Also, this method can be problematic because sometimes you need the web site or database to have permissions that the connecting user doesn't have. Create a service or COM+ application that fetches the resource for the web site Services and COM+ packages are run with their own set of credentials. Running as a high-privilege user is okay since they can do their own security and deny requests that are not legitimate, putting control in the hands of the application developer instead of the network admin. Problems: I am using a COM+ package that does exactly this on Windows Server 2000 to deliver highly sensitive images to a secured web application. I tried moving the web site to Windows Server 2003 and was suddenly denied permission to instantiate the COM+ object, very likely registry permissions. I trolled around quite a bit and did not solve the problem, partly because I was reluctant to give the IUSR account full registry permissions. That seems like the same bad practice as just running IIS as a high-privilege user. Note: This is actually really simple. In a programming language of your choice, you create a class with a function that returns an instance of the object you want (an ADODB.Connection, for example), and build a dll, which you register as a COM+ object. In your web server-side code, you create an instance of the class and use the function, and since it is running under a different security context, calls to network resources work. Map drive letters to shares This could theoretically work, but in my mind it's not really a good long-term strategy. Even though mappings can be created with specific credentials, and this can be done by others than a network admin, this also is going to mean that there are either way too many shared drives (small granularity) or too much permission is granted to entire file servers (large granularity). Also, I haven't figured out how to map a drive so that the IUSR gets the drives. Mapping a drive is for the current user, I don't know the IUSR account password to log in as it and create the mappings. Move the resources local to the web server/database There are times when I've done this, especially with Access databases. Does the database have to live out on the file share? Sometimes, it was just easiest to move the database to the web server or to the SQL database server (so the linked server to it would work). But I don't think this is a great all-around solution, either. And it won't work when the resource is a service rather than a file. Move the service to the final web server/database I suppose I could run a web server on my SQL Server database, so the web site can connect to it using impersonation and make me happy. But do we really want random extra web servers on our database servers just so this is possible? No. Virtual directories in IIS I know that virtual directories can help make remote resources look as though they are local, and this supports using custom credentials for each virtual directory. I haven't been able to come up with, yet, how this would solve the problem for system calls. Users could reach file shares directly, but this won't help, say, classic ASP code access resources. I could use a URL instead of a file path to read remote data files in a web page, but this isn't going to help me make a connection to an Access database, a SQL server database, or any other resource that uses a connection library rather than being able to just read all the bytes and work with them. I wish there was some kind of "service tunnel" that I could create. Think about how a VPN makes remote resources look like they are local. With a richer aliasing mechanism, perhaps code-based, why couldn't even database connections occur under a defined security context? Why not a special Windows component that lets you specify, per user, what resources are available and what alternate credentials are used for the connection? File shares, databases, web sites, you name it. I guess I'm almost talking about a specialized local proxy server. Anyway, so there's my list. I may update it if I think of more. Does anyone have any ideas for me? My current problem today is, yet again, I need a web site to connect to an Access database on a file share. Here we go again...

    Read the article

  • IIS Strategies for Accessing Secured Network Resources

    - by Emtucifor
    Problem: A user connects to a service on a machine, such as an IIS web site or a SQL Server database. The site or the database need to gain access to network resources such as file shares (the most common) or a database on a different server. Permission is denied. This is because the user the service is running as doesn't have network permissions in the first place, or if it does, it doesn't have rights to access the remote resource. I keep running into this problem over and over again and am tired of not having a really solid way of handling it. Here are some workarounds I'm aware of: Run IIS as a custom-created domain user who is granted high permissions If permissions are granted one file share at a time, then every time I want to read from a new share, I would have to ask a network admin to add it for me. Eventually, with many web sites reading from many shares, it is going to get really complicated. If permissions are just opened up wide for the user to access any file shares in our domain, then this seems like an unnecessary security surface area to present. This also applies to all the sites running on IIS, rather than just the selected site or virtual directory that needs the access, a further surface area problem. Still use the IUSR account but give it network permissions and set up the same user name on the remote resource (not a domain user, a local user) This also has its problems. For example, there's a file share I am using that I have full rights to for sharing, but I can't log in to the machine. So I have to find the right admin and ask him to do it for me. Any time something has to change, it's another request to an admin. Allow IIS users to connect as anonymous, but set the account used for anonymous access to a high-privilege one This is even worse than giving the IIS IUSR full privileges, because it means my web site can't use any kind of security in the first place. Connect using Kerberos, then delegate This sounds good in principle but has all sorts of problems. First of all, if you're using virtual web sites where the domain name you connect to the site with is not the base machine name (as we do frequently), then you have to set up a Service Principal Name on the webserver using Microsoft's SetSPN utility. It's complicated and apparently prone to errors. Also, you have to ask your network/domain admin to change security policy for the web server so it is "trusted for delegation." If you don't get everything perfectly right, suddenly your intended Kerberos authentication is NTLM instead, and you can only impersonate rather than delegate, and thus no reaching out over the network as the user. Also, this method can be problematic because sometimes you need the web site or database to have permissions that the connecting user doesn't have. Create a service or COM+ application that fetches the resource for the web site Services and COM+ packages are run with their own set of credentials. Running as a high-privilege user is okay since they can do their own security and deny requests that are not legitimate, putting control in the hands of the application developer instead of the network admin. Problems: I am using a COM+ package that does exactly this on Windows Server 2000 to deliver highly sensitive images to a secured web application. I tried moving the web site to Windows Server 2003 and was suddenly denied permission to instantiate the COM+ object, very likely registry permissions. I trolled around quite a bit and did not solve the problem, partly because I was reluctant to give the IUSR account full registry permissions. That seems like the same bad practice as just running IIS as a high-privilege user. Note: This is actually really simple. In a programming language of your choice, you create a class with a function that returns an instance of the object you want (an ADODB.Connection, for example), and build a dll, which you register as a COM+ object. In your web server-side code, you create an instance of the class and use the function, and since it is running under a different security context, calls to network resources work. Map drive letters to shares This could theoretically work, but in my mind it's not really a good long-term strategy. Even though mappings can be created with specific credentials, and this can be done by others than a network admin, this also is going to mean that there are either way too many shared drives (small granularity) or too much permission is granted to entire file servers (large granularity). Also, I haven't figured out how to map a drive so that the IUSR gets the drives. Mapping a drive is for the current user, I don't know the IUSR account password to log in as it and create the mappings. Move the resources local to the web server/database There are times when I've done this, especially with Access databases. Does the database have to live out on the file share? Sometimes, it was just easiest to move the database to the web server or to the SQL database server (so the linked server to it would work). But I don't think this is a great all-around solution, either. And it won't work when the resource is a service rather than a file. Move the service to the final web server/database I suppose I could run a web server on my SQL Server database, so the web site can connect to it using impersonation and make me happy. But do we really want random extra web servers on our database servers just so this is possible? No. Virtual directories in IIS I know that virtual directories can help make remote resources look as though they are local, and this supports using custom credentials for each virtual directory. I haven't been able to come up with, yet, how this would solve the problem for system calls. Users could reach file shares directly, but this won't help, say, classic ASP code access resources. I could use a URL instead of a file path to read remote data files in a web page, but this isn't going to help me make a connection to an Access database, a SQL server database, or any other resource that uses a connection library rather than being able to just read all the bytes and work with them. I wish there was some kind of "service tunnel" that I could create. Think about how a VPN makes remote resources look like they are local. With a richer aliasing mechanism, perhaps code-based, why couldn't even database connections occur under a defined security context? Why not a special Windows component that lets you specify, per user, what resources are available and what alternate credentials are used for the connection? File shares, databases, web sites, you name it. I guess I'm almost talking about a specialized local proxy server. Anyway, so there's my list. I may update it if I think of more. Does anyone have any ideas for me? My current problem today is, yet again, I need a web site to connect to an Access database on a file share. Here we go again...

    Read the article

  • web.config inheritance problem

    - by abszero
    Hello everyone, I am having an issue when I try and prevent inhertiance from a parent web.config down to a child specifically related to the node. My parent web.config contains about a dozen appSettings values while my child web.config contains none. Now, I originally began wrapping around only my system.net, web, etc nodes however when I ran my child application I recieved the following error: The configuration section 'appSettings' cannot be read because it is missing a section declaration I really wasn't sure what this meant and a google search didn't yield me any decent results so I attempted to move the location node to also encompass the field in my parent web.config but to no avail. My child web.config is pretty vanilla so I am not sure what the problem is. Any help you can provide would be greatly appreciated! Thanks. The child config is completely vanilla except for the addition of an Xml Namespace and a 'clear' in the config sections as follows: <configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0"> <configSections> <clear /> <sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"> <sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"> <section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/> <sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"> <section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere" /> <section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" /> <section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" /> <section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" /> </sectionGroup> </sectionGroup> </sectionGroup> </configSections> The error in question is thrown at The parent web.config is far from vanilla as it is part of an Umbraco install. Here is the corrosponding section from the parent config <configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0"> <configSections> <section name="urlrewritingnet" restartOnExternalChanges="true" requirePermission="false" type="UrlRewritingNet.Configuration.UrlRewriteSection, UrlRewritingNet.UrlRewriter" /> <!-- ASPNETAJAX --> <sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"> <sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"> <section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="MachineToApplication" /> <sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"> <section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="Everywhere" /> <section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="MachineToApplication" /> <section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="MachineToApplication" /> </sectionGroup> </sectionGroup> </sectionGroup> <sectionGroup name="applicationSettings" type="System.Configuration.ApplicationSettingsGroup, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"> <section name="umbraco.presentation.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" /> </sectionGroup> </configSections> The next line after the ConfigSections is: <location path="." inheritInChildApplications="false"> AppSettings, CnxStrings, System.Web, Net, WebServer settings </location>

    Read the article

  • Ruby (Rack) application could not be started - Passenger (3.0.9) error for rails 3.1.0 app on ubuntu and nginx (1.0.6) after deploying

    - by user938363
    Here is the error saying bcrypt was not loaded. The rails app is not using the Devise for authentication and gem bcrypt is not in Gemfile. Sometime, the webserver throws out the error saying spawn server can not start. gem list shows that both bcrypt-ruby 3.0.1 and 3.0.0 were installed. Ruby (Rack) application could not be started A source file that the application requires, is missing. * It is possible that you didn't upload your application files correctly. Please check whether all your application files are uploaded. * A required library may not installed. Please install all libraries that this application requires. Further information about the error may have been written to the application's log file. Please check it in order to analyse the problem. Error message: no such file to load -- bcrypt Exception class: LoadError Application root: /vol/www/emclab/current Backtrace: # File Line Location 0 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/activesupport-3.1.0/lib/active_support/dependencies.rb 240 in `require' 1 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/activesupport-3.1.0/lib/active_support/dependencies.rb 240 in `block in require' 2 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/activesupport-3.1.0/lib/active_support/dependencies.rb 225 in `load_dependency' 3 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/activesupport-3.1.0/lib/active_support/dependencies.rb 240 in `require' 4 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/activemodel-3.1.0/lib/active_model/secure_password.rb 1 in `' 5 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/activerecord-3.1.0/lib/active_record/base.rb 2160 in `block in ' 6 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/activerecord-3.1.0/lib/active_record/base.rb 2140 in `class_eval' 7 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/activerecord-3.1.0/lib/active_record/base.rb 2140 in `' 8 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/activerecord-3.1.0/lib/active_record/base.rb 31 in `' 9 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/activerecord-3.1.0/lib/active_record/session_store.rb 77 in `' 10 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/activerecord-3.1.0/lib/active_record/session_store.rb 51 in `' 11 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/activerecord-3.1.0/lib/active_record/session_store.rb 1 in `' 12 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/railties-3.1.0/lib/rails/application/configuration.rb 123 in `session_store' 13 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/railties-3.1.0/lib/rails/application.rb 168 in `block in default_middleware_stack' 14 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/railties-3.1.0/lib/rails/application.rb 142 in `tap' 15 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/railties-3.1.0/lib/rails/application.rb 142 in `default_middleware_stack' 16 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/railties-3.1.0/lib/rails/engine.rb 445 in `app' 17 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/railties-3.1.0/lib/rails/application/finisher.rb 37 in `block in ' 18 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/railties-3.1.0/lib/rails/initializable.rb 25 in `instance_exec' 19 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/railties-3.1.0/lib/rails/initializable.rb 25 in `run' 20 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/railties-3.1.0/lib/rails/initializable.rb 50 in `block in run_initializers' 21 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/railties-3.1.0/lib/rails/initializable.rb 49 in `each' 22 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/railties-3.1.0/lib/rails/initializable.rb 49 in `run_initializers' 23 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/railties-3.1.0/lib/rails/application.rb 92 in `initialize!' 24 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/railties-3.1.0/lib/rails/railtie/configurable.rb 30 in `method_missing' 25 /vol/www/emclab/releases/20111115184804/config/environment.rb 5 in `' 26 config.ru 3 in `require' 27 config.ru 3 in `block in ' 28 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/rack-1.3.2/lib/rack/builder.rb 51 in `instance_eval' 29 /vol/www/emclab/shared/bundle/ruby/1.9.1/gems/rack-1.3.2/lib/rack/builder.rb 51 in `initialize' 30 config.ru 1 in `new' 31 config.ru 1 in `' 32 /home/dtt/.rvm/gems/ruby-1.9.2-p290/gems/passenger-3.0.9/lib/phusion_passenger/rack/application_spawner.rb 222 in `eval' 33 /home/dtt/.rvm/gems/ruby-1.9.2-p290/gems/passenger-3.0.9/lib/phusion_passenger/rack/application_spawner.rb 222 in `load_rack_app' 34 /home/dtt/.rvm/gems/ruby-1.9.2-p290/gems/passenger-3.0.9/lib/phusion_passenger/rack/application_spawner.rb 156 in `block in initialize_server' 35 /home/dtt/.rvm/gems/ruby-1.9.2-p290/gems/passenger-3.0.9/lib/phusion_passenger/utils.rb 572 in `report_app_init_status' 36 /home/dtt/.rvm/gems/ruby-1.9.2-p290/gems/passenger-3.0.9/lib/phusion_passenger/rack/application_spawner.rb 153 in `initialize_server' 37 /home/dtt/.rvm/gems/ruby-1.9.2-p290/gems/passenger-3.0.9/lib/phusion_passenger/abstract_server.rb 204 in `start_synchronously' 38 /home/dtt/.rvm/gems/ruby-1.9.2-p290/gems/passenger-3.0.9/lib/phusion_passenger/abstract_server.rb 180 in `start' 39 /home/dtt/.rvm/gems/ruby-1.9.2-p290/gems/passenger-3.0.9/lib/phusion_passenger/rack/application_spawner.rb 128 in `start' 40 /home/dtt/.rvm/gems/ruby-1.9.2-p290/gems/passenger-3.0.9/lib/phusion_passenger/spawn_manager.rb 253 in `block (2 levels) in spawn_rack_application' 41 /home/dtt/.rvm/gems/ruby-1.9.2-p290/gems/passenger-3.0.9/lib/phusion_passenger/abstract_server_collection.rb 132 in `lookup_or_add' 42 /home/dtt/.rvm/gems/ruby-1.9.2-p290/gems/passenger-3.0.9/lib/phusion_passenger/spawn_manager.rb 246 in `block in spawn_rack_application' 43 /home/dtt/.rvm/gems/ruby-1.9.2-p290/gems/passenger-3.0.9/lib/phusion_passenger/abstract_server_collection.rb 82 in `block in synchronize' 44 prelude> 10:in `synchronize' 45 /home/dtt/.rvm/gems/ruby-1.9.2-p290/gems/passenger-3.0.9/lib/phusion_passenger/abstract_server_collection.rb 79 in `synchronize' 46 /home/dtt/.rvm/gems/ruby-1.9.2-p290/gems/passenger-3.0.9/lib/phusion_passenger/spawn_manager.rb 244 in `spawn_rack_application' 47 /home/dtt/.rvm/gems/ruby-1.9.2-p290/gems/passenger-3.0.9/lib/phusion_passenger/spawn_manager.rb 137 in `spawn_application' 48 /home/dtt/.rvm/gems/ruby-1.9.2-p290/gems/passenger-3.0.9/lib/phusion_passenger/spawn_manager.rb 275 in `handle_spawn_application' 49 /home/dtt/.rvm/gems/ruby-1.9.2-p290/gems/passenger-3.0.9/lib/phusion_passenger/abstract_server.rb 357 in `server_main_loop' 50 /home/dtt/.rvm/gems/ruby-1.9.2-p290/gems/passenger-3.0.9/lib/phusion_passenger/abstract_server.rb 206 in `start_synchronously' 51 /home/dtt/.rvm/gems/ruby-1.9.2-p290/gems/passenger-3.0.9/helper-scripts/passenger-spawn-server 99 in `' cap deploy:check returns: You appear to have all necessary dependencies installed Any thoughts about the problem? thanks!

    Read the article

  • HttpWebRequest Cookie weirdness

    - by Lachman
    I'm sure I must be doing something wrong. But can't for the life of me figure out what is going on. I have a problem where it seems that the HttpWebRequest class in the framework is not correctly parsing the cookies from a web response. I'm using Fiddler to see what is going on and after making a request, the headers of the response look as such: HTTP/1.1 200 Ok Connection: close Date: Wed, 14 Jan 2009 18:20:31 GMT Server: Microsoft-IIS/6.0 P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI" Set-Cookie: user=v.5,0,EX01E508801E$97$2E401000t$1BV6$A1$EC$104$A1$EC$104$A1$EC$104$21O001000$1E31!90$7CP$AE$3F$F3$D8$19o$BC$1Cd$23; Domain=.thedomain.com; path=/ Set-Cookie: minfo=v.4,EX019ECD28D6k$A3$CA$0C$CE$A2$D6$AD$D4!2$8A$EF$E8n$91$96$E1$D7$C8$0F$98$AA$ED$DC$40V$AB$9C$C1$9CF$C9$C1zIF$3A$93$C6$A7$DF$A1$7E$A7$A1$A8$BD$A6$94c$D5$E8$2F$F4$AF$A2$DF$80$89$BA$BBd$F6$2C$B6$A8; expires=Sunday, 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/ Set-Cookie: accttype=v.2,3,1,EX017E651B09k$A3$CA$0C$DB$A2$CB$AD$D9$8A$8C$EF$E8t$91$90$E1$DC$C89$98$AA$E0$DC$40O$A8$A4$C1$9C; expires=Sunday, 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/ Set-Cookie: tpid=v.1,20001; expires=Sunday, 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/ Set-Cookie: MC1=GUID=541977e04a341a2a4f4cdaaf49615487; expires=Sunday, 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/ Set-Cookie: linfo=v.4,EQC|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1; expires=Sunday, 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/ Set-Cookie: group=v.1,0; expires=Sunday, 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/ Content-Type: text/html But when I look at the response.Cookies, I see far more cookies that I am expecting, with values of different cookies being split up into different cookies. Manually getting the headers seems to result in more wierdness eg: the code foreach(string cookie in response.Headers.GetValues("Set-Cookie")) { Console.WriteLine("Cookie found: " + cookie); } produces the output: Cookie found: user=v.5 Cookie found: 0 Cookie found: EX01E508801E$97$2E401000t$1BV6$A1$EC$104$A1$EC$104$A1$EC$104$21O00 1000$1E31!90$7CP$AE$3F$F3$D8$19o$BC$1Cd$23; Domain=.thedomain.com; path=/ Cookie found: minfo=v.4 Cookie found: EX019ECD28D6k$A3$CA$0C$CE$A2$D6$AD$D4!2$8A$EF$E8n$91$96$E1$D7$C8$0 F$98$AA$ED$DC$40V$AB$9C$C1$9CF$C9$C1zIF$3A$93$C6$A7$DF$A1$7E$A7$A1$A8$BD$A6$94c$ D5$E8$2F$F4$AF$A2$DF$80$89$BA$BBd$F6$2C$B6$A8; expires=Sunday Cookie found: 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/ Cookie found: accttype=v.2 Cookie found: 3 Cookie found: 1 Cookie found: EX017E651B09k$A3$CA$0C$DB$A2$CB$AD$D9$8A$8C$EF$E8t$91$90$E1$DC$C89 $98$AA$E0$DC$40O$A8$A4$C1$9C; expires=Sunday Cookie found: 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/ Cookie found: tpid=v.1 Cookie found: 20001; expires=Sunday Cookie found: 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/ Cookie found: MC1=GUID=541977e04a341a2a4f4cdaaf49615487; expires=Sunday Cookie found: 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/ Cookie found: linfo=v.4 Cookie found: EQC|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1; expires=Sunday Cookie found: 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/ Cookie found: group=v.1 Cookie found: 0; expires=Sunday Cookie found: 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/ as you can see - the first cookie in the list raw response: Set-Cookie: user=v.5,0,EX01E508801 is getting split into: Cookie found: user=v.5 Cookie found: 0 Cookie found: EX01E508801E$.......... So - what's going on here? Am I wrong? Is the HttpWebRequest class incorrectly parsing the http headers? Is the webserver that it spitting out the requests producing invalid http headers?

    Read the article

  • When I mix JSTL 1.0 and JSTL 1.1 taglib declarations, it causes a ParseException on some of my serve

    - by sangfroid
    Hello all, When I mix JSTL 1.0 and JSTL 1.1 taglib declarations, it causes a ParseException on some of my servers, but not all of them. Here is the block of code that's giving me trouble : <%@ taglib prefix="c" uri="http://java.sun.com/jstl/core"%> <%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions"%> <c:set var="TEXTVARIABLE">|STRINGOFTEXT|</c:set> <c:set var="OTHERTEXTVARIABLE">${fn:contains(TEXTVARIABLE, '|STRINGOFTEXT|')}</c:set> And here is the exception : javax.servlet.jsp.JspException: com.caucho.jsp.JspLineParseException: /WEB-INF/jsp/online/system/modules/com.MYCOMPANY.marketing/templates/common/MY_JSP_PAGE.jsp:1: tag = 'out' / attribute = 'value': An error occurred while parsing custom action attribute "value" with value "${fn:contains(TEXTVARIABLE, '|STRINGOFTEXT|')}": org.apache.taglibs.standard.lang.jstl.parser.ParseException: EL functions are not supported. However, everything works fine if I change the URI for the core declaration to http://java.sun.com/jsp/jstl/core So here's the really weird part : for some reason, mixing 1.0 and 1.1 taglib declarations only causes an exception on two of my servers -- my staging server and my production server. It causes no problems at all on my local machine or my development server. Why is this? What could possibly be causing this difference in behavior? The three servers are extremely similar in setup and configuration. The JSP page is being served up by OpenCMS, and I'm using the Caucho's Resin webserver. I understand that you don't know how my servers or CMS are set up, but really, what I'm looking for is ideas. Any ideas at all would help -- this problem has been driving me absolutely batty. Even if you don't know what could be causing the problem, if you have any suggestions at all for how I could approach the problem, that would be extremely helpful. I just don't understand what could cause this difference in behavior between my servers. For reference, here's the full stack trace : javax.servlet.jsp.JspException: com.caucho.jsp.JspLineParseException: /WEB-INF/jsp/online/system/modules/com.MYCOMPANY.marketing/templates/common/MY_JSP_PAGE.jsp:1: tag = 'out' / attribute = 'value': An error occurred while parsing custom action attribute "value" with value "${fn:contains(TEXTVARIABLE, '|STRINGOFTEXT|')}": org.apache.taglibs.standard.lang.jstl.parser.ParseException: EL functions are not supported. at org.opencms.jsp.CmsJspTagInclude.includeActionWithCache(CmsJspTagInclude.java:369) at org.opencms.jsp.CmsJspTagInclude.includeTagAction(CmsJspTagInclude.java:241) at org.opencms.jsp.CmsJspTagInclude.doEndTag(CmsJspTagInclude.java:472) at _jsp._WEB_22dINF._jsp._online._system._modules.com_MYCOMPANY__marketing._templates._MAIN_0PAGE__jsp._jspService(_MAIN_0PAGE__jsp.java:153) at com.caucho.jsp.JavaPage.service(JavaPage.java:60) at com.caucho.jsp.Page.pageservice(Page.java:579) at com.caucho.server.dispatch.PageFilterChain.doFilter(PageFilterChain.java:179) at shared.filter.RemoteAddrFilterBase.doFilter(RemoteAddrFilterBase.java:57) at com.caucho.server.dispatch.FilterFilterChain.doFilter(FilterFilterChain.java:70) at com.caucho.server.webapp.DispatchFilterChain.doFilter(DispatchFilterChain.java:115) at com.caucho.server.cache.CacheFilterChain.doFilter(CacheFilterChain.java:175) at com.caucho.server.dispatch.ServletInvocation.service(ServletInvocation.java:229) at com.caucho.server.webapp.RequestDispatcherImpl.include(RequestDispatcherImpl.java:485) at com.caucho.server.webapp.RequestDispatcherImpl.include(RequestDispatcherImpl.java:350) at org.opencms.flex.CmsFlexRequestDispatcher.includeExternal(CmsFlexRequestDispatcher.java:194) at org.opencms.flex.CmsFlexRequestDispatcher.include(CmsFlexRequestDispatcher.java:169) at org.opencms.loader.CmsJspLoader.service(CmsJspLoader.java:1193) at org.opencms.flex.CmsFlexRequestDispatcher.includeInternalWithCache(CmsFlexRequestDispatcher.java:423) at org.opencms.flex.CmsFlexRequestDispatcher.include(CmsFlexRequestDispatcher.java:173) at org.opencms.loader.CmsJspLoader.dispatchJsp(CmsJspLoader.java:1227) at org.opencms.loader.CmsJspLoader.load(CmsJspLoader.java:1171) at org.opencms.loader.A_CmsXmlDocumentLoader.load(A_CmsXmlDocumentLoader.java:232) at org.opencms.loader.CmsXmlContentLoader.load(CmsXmlContentLoader.java:52) at org.opencms.loader.CmsResourceManager.loadResource(CmsResourceManager.java:964) at org.opencms.main.OpenCmsCore.showResource(OpenCmsCore.java:1498) at org.opencms.main.OpenCmsServlet.doGet(OpenCmsServlet.java:152) at javax.servlet.http.HttpServlet.service(HttpServlet.java:115) at javax.servlet.http.HttpServlet.service(HttpServlet.java:92) at com.caucho.server.dispatch.ServletFilterChain.doFilter(ServletFilterChain.java:106) at com.caucho.filters.CmsGzipFilter.doFilter(CmsGzipFilter.java:177) at com.caucho.server.dispatch.FilterFilterChain.doFilter(FilterFilterChain.java:70) at shared.filter.RemoteAddrFilterBase.doFilter(RemoteAddrFilterBase.java:57) at com.caucho.server.dispatch.FilterFilterChain.doFilter(FilterFilterChain.java:70) at com.caucho.server.webapp.DispatchFilterChain.doFilter(DispatchFilterChain.java:115) at com.caucho.server.dispatch.ServletInvocation.service(ServletInvocation.java:229) at com.caucho.server.webapp.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:277) at com.caucho.server.webapp.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:106) at com.caucho.server.dispatch.ForwardFilterChain.doFilter(ForwardFilterChain.java:80) at com.caucho.server.cache.CacheFilterChain.doFilter(CacheFilterChain.java:207) at com.caucho.server.webapp.WebAppFilterChain.doFilter(WebAppFilterChain.java:173) at com.caucho.server.dispatch.ServletInvocation.service(ServletInvocation.java:229) at com.caucho.server.http.HttpRequest.handleRequest(HttpRequest.java:274) at com.caucho.server.port.TcpConnection.run(TcpConnection.java:514) at com.caucho.util.ThreadPool.runTasks(ThreadPool.java:520) at com.caucho.util.ThreadPool.run(ThreadPool.java:442) at java.lang.Thread.run(Thread.java:595) Caused by: com.caucho.jsp.JspLineParseException: /WEB-INF/jsp/online/system/modules/com.MYCOMPANY.marketing/templates/common/MY_JSP_PAGE.jsp:1: tag = 'out' / attribute = 'value': An error occurred while parsing custom action attribute "value" with value "${fn:contains(TEXTVARIABLE, '|STRINGOFTEXT|')}": org.apache.taglibs.standard.lang.jstl.parser.ParseException: EL functions are not supported. at com.caucho.jsp.java.JspNode.error(JspNode.java:1489) at com.caucho.jsp.java.JspNode.error(JspNode.java:1480) at com.caucho.jsp.java.JavaJspGenerator.validate(JavaJspGenerator.java:466) at com.caucho.jsp.JspCompilerInstance.generate(JspCompilerInstance.java:475) at com.caucho.jsp.JspCompilerInstance.compile(JspCompilerInstance.java:373) at com.caucho.jsp.JspManager.compile(JspManager.java:233) at com.caucho.jsp.JspManager.createPage(JspManager.java:177) at com.caucho.jsp.JspManager.createPage(JspManager.java:157) at com.caucho.jsp.PageManager.getPage(PageManager.java:248) at com.caucho.jsp.PageManager.getPage(PageManager.java:166) at com.caucho.jsp.QServlet.getSubPage(QServlet.java:292) at com.caucho.jsp.QServlet.getPage(QServlet.java:210) at com.caucho.server.dispatch.PageFilterChain.compilePage(PageFilterChain.java:206) at com.caucho.server.dispatch.PageFilterChain.doFilter(PageFilterChain.java:133) at shared.filter.RemoteAddrFilterBase.doFilter(RemoteAddrFilterBase.java:57) at com.caucho.server.dispatch.FilterFilterChain.doFilter(FilterFilterChain.java:70) at com.caucho.server.webapp.DispatchFilterChain.doFilter(DispatchFilterChain.java:115) at com.caucho.server.cache.CacheFilterChain.doFilter(CacheFilterChain.java:175) at com.caucho.server.dispatch.ServletInvocation.service(ServletInvocation.java:229) at com.caucho.server.webapp.RequestDispatcherImpl.include(RequestDispatcherImpl.java:485) at com.caucho.server.webapp.RequestDispatcherImpl.include(RequestDispatcherImpl.java:350) at org.opencms.flex.CmsFlexRequestDispatcher.includeExternal(CmsFlexRequestDispatcher.java:194) at org.opencms.flex.CmsFlexRequestDispatcher.include(CmsFlexRequestDispatcher.java:169) at org.opencms.loader.CmsJspLoader.service(CmsJspLoader.java:1193) at org.opencms.flex.CmsFlexRequestDispatcher.includeInternalWithCache(CmsFlexRequestDispatcher.java:423) at org.opencms.flex.CmsFlexRequestDispatcher.include(CmsFlexRequestDispatcher.java:173) at org.opencms.jsp.CmsJspTagInclude.includeActionWithCache(CmsJspTagInclude.java:364) ... 45 more Thanks for the help!

    Read the article

  • Content Management for WebCenter Installation Guide

    - by Gary Niu
    Overvew As we known, there are two way to install Content Management for WebCenter. One way is install it by WebCenter installer wizard, another way is to install it use their own installer. This guide is for the later one. For SSO purpose, I also mentioned how to config OID identity store for Content Management for WebCenter. Content Management for WebCenter( 10.1.3.5.1) Oracle Enterprise Linux R5U4 Basic Installation -bash-3.2$ ./setup.sh Please select your locale from the list.           1. Chinese-Simplified           2. Chinese-Traditional           3. Deutsch          *4. English-US           5. English-UK           6. Español           7. Français           8. Italiano           9. Japanese          10. Korean          11. Nederlands          12. Português-Brazil Choice? Throughout the install, when entering a text value, you can press Enter to accept the default that appears between square brackets ([]). When selecting from a list, you can select the choice followed by an asterisk by pressing Enter. Select installation type from the list.         *1. Install new server          2. Update a server Choice? Content Server Installation Directory Please enter the full pathname to the installation directory. Content Server Core Folder [/oracle/ucm/server]:/opt/oracle/ucm/server Create Directory         *1. yes          2. no Choice? Java virtual machine         *1. Sun Java 1.5.0_11 JDK          2. Specify a custom Java virtual machine Choice? Installing with Java version 1.5.0_11. Enter the location of the native file repository. This directory contains the native files checked in by contributors. Content Server Native Vault Folder [/opt/oracle/ucm/server/vault/]: Create Directory         *1. yes          2. no Choice? Enter the location of the web-viewable file repository. This directory contains files that can be accessed through the web server. Content Server Weblayout Folder [/opt/oracle/ucm/server/weblayout/]: Create Directory         *1. yes          2. no Choice? This server can be configured to manage its own authentication or to allow another master to act as an authentication proxy. Configure this server as a master or proxied server.         *1. Configure as a master server.          2. Configure as server proxied by a local master server. Choice? During installation, an admin server can be installed and configured to manage this server. If there is already an admin server on this system, you can have the installer configure it to administrate this server instead. Select admin server configuration.         *1. Install an admin server to manage this server.          2. Configure an existing admin server to manage this server.          3. Don't configure an admin server. Choice? Enter the location of an executable to start your web browser. This browser will be used to display the online help. Web Browser Path [/usr/bin/firefox]: Content Server System locale           1. Chinese-Simplified           2. Chinese-Traditional           3. Deutsch          *4. English-US           5. English-UK           6. Español           7. Français           8. Italiano           9. Japanese          10. Korean          11. Nederlands          12. Português-Brazil Choice? Please select the region for your timezone from the list.         *1. Use the timezone setting for your operating system          2. Pacific          3. America          4. Atlantic          5. Europe          6. Africa          7. Asia          8. Indian          9. Australia Choice? Please enter the port number that will be used to connect to the Content Server. This port must be otherwise unused. Content Server Port [4444]: Please enter the port number that will be used to connect to the Admin Server. This port must be otherwise unused. Admin Server Port [4440]: Enter a security filter for the server port. Hosts which are allowed to communicate directly with the server port may access any resources managed by the server. Insure that hosts which need access are included in the filter. See the installation guide for more details. Incoming connection address filter [127.0.0.1]:*.*.*.* *** Content Server URL Prefix The URL prefix specified here is used when generating HTML pages that refer to the contents of the weblayout directory within the installation. This prefix must be mapped in the web server Additional Document Directories section of the Content Management administration menu to the physical location of the weblayout directory. For example, "/idc/" would be used in your installation to refer to the URL http://ucm.company.com/idc which would be mapped in the web server to the physical location /oracle/ucm/server/weblayout. Web Server Relative Root [/idc/]: Enter the name of the local mail server. The server will contact this system to deliver email. Company Mail Server [mail]: Enter the e-mail address for the system administrator. Administrator E-Mail Address [sysadmin@mail]: *** Web Server Address Many generated HTML pages refer to the web server you are using. The address specified here will be used when generating those pages. The address should include the host and domain name in most cases. If your webserver is running on a port other than 80, append a colon and the port number. Examples: www.company.com, ucm.company.com:90 Web Server HTTP Address [yekki]:yekki.cn.oracle.com:7777 Enter the name for this instance. This name should be unique across your entire enterprise. It may not contain characters other than letters, numbers, and underscores. Server Instance Name [idc]: Enter a short label for this instance. This label is used on web pages to identify this instance. It should be less than 12 characters long. Server Instance Label [idc]: Enter a long description for this instance. Server Description [Content Server idc]: Web Server         *1. Apache          2. Sun ONE          3. Configure manually Choice? Please select a database from the list below to use with the Content Server. Content Server Database         *1. Oracle          2. Microsoft SQL Server 2005          3. Microsoft SQL Server 2000          4. Sybase          5. DB2          6. Custom JDBC settings          7. Skip database configuration Choice? Manually configure JDBC settings for this database          1. yes         *2. no Choice? Oracle Server Hostname [localhost]: Oracle Listener Port Number [1521]: *** Database User ID The user name is used to log into the database used by the content server. Oracle User [user]:YEKKI_OCSERVER *** Database Password The password is used to log into the database used by the content server. Oracle Password []:oracle Oracle Instance Name [ORACLE]:orcl Configure the JVM to find the JDBC driver in a specific jar file          1. yes         *2. no Choice? The installer can attempt to create the database tables or you can manually create them. If you choose to manually create the tables, you should create them now. Attempt to create database tables          1. yes         *2. no Choice? Select components to install.          1. ContentFolios: Collect related items in folios          2. Folders_g: Organize content into hierarchical folders          3. LinkManager8: Hypertext link management support          4. OracleTextSearch: External Oracle 11g database as search indexer support          5. ThreadedDiscussions: Threaded discussion management Enter numbers separated by commas to toggle, 0 to unselect all, F to finish: 1,2,3,4,5         *1. ContentFolios: Collect related items in folios         *2. Folders_g: Organize content into hierarchical folders         *3. LinkManager8: Hypertext link management support         *4. OracleTextSearch: External Oracle 11g database as search indexer support         *5. ThreadedDiscussions: Threaded discussion management Enter numbers separated by commas to toggle, 0 to unselect all, F to finish: F Checking configuration. . . Configuration OK. Review install settings. . . Content Server Core Folder: /opt/oracle/ucm/server Java virtual machine: Sun Java 1.5.0_11 JDK Content Server Native Vault Folder: /opt/oracle/ucm/server/vault/ Content Server Weblayout Folder: /opt/oracle/ucm/server/weblayout/ Proxy authentication through another server: no Install admin server: yes Web Browser Path: /usr/bin/firefox Content Server System locale: English-US Content Server Port: 4444 Admin Server Port: 4440 Incoming connection address filter: *.*.*.* Web Server Relative Root: /idc/ Company Mail Server: mail Administrator E-Mail Address: sysadmin@mail Web Server HTTP Address: yekki.cn.oracle.com:7777 Server Instance Name: idc Server Instance Label: idc Server Description: Content Server idc Web Server: Apache Content Server Database: Oracle Manually configure JDBC settings for this database: false Oracle Server Hostname: localhost Oracle Listener Port Number: 1521 Oracle User: YEKKI_OCSERVER Oracle Password: 6GP1gBgzSyKa4JW10U8UqqPznr/lzkNn/Ojf6M8GJ8I= Oracle Instance Name: orcl Configure the JVM to find the JDBC driver in a specific jar file: false Attempt to create database tables: no Components: ContentFolios,Folders_g,LinkManager8,OracleTextSearch,ThreadedDiscussions Proceed with install         *1. Proceed          2. Change configuration          3. Recheck the configuration          4. Abort installation Choice? Finished install type Install with warnings at 4/2/10 12:32 AM. Run Scripts -bash-3.2$ ./wc_contentserverconfig.sh /opt/oracle/ucm/server /mnt/hgfs/SOFTWARE/ofm_ucm_generic_10.1.3.5.1_disk1_1of1/ContentServer/webcenter-conf Installing '/mnt/hgfs/SOFTWARE/ofm_ucm_generic_10.1.3.5.1_disk1_1of1/ContentServer/webcenter-conf/CS10gR35UpdateBundle.zip' Service 'DELETE_DOC' Extended Service 'DELETE_BYREV_REVISION' Extended Installing '/mnt/hgfs/SOFTWARE/ofm_ucm_generic_10.1.3.5.1_disk1_1of1/ContentServer/webcenter-conf/ContentAccess/ContentAccess-linux.zip' (internal)      04.02 00:40:38.019      main    updateDocMetaDefinitionV11: adding decimal column Installing '/opt/oracle/ucm/server/custom/CS10gR35UpdateBundle/extras/Folders_g.zip' Installing '/opt/oracle/ucm/server/custom/CS10gR35UpdateBundle/extras/FusionLibraries.zip' Installing '/opt/oracle/ucm/server/custom/CS10gR35UpdateBundle/extras/JpsUserProvider.zip' Installing '/mnt/hgfs/SOFTWARE/ofm_ucm_generic_10.1.3.5.1_disk1_1of1/ContentServer/webcenter-conf/WcConfigure.zip' Apr 2, 2010 12:41:24 AM oracle.security.jps.internal.core.util.JpsConfigUtil getPasswordCredential WARNING: A password credential is expected; instead found . Apr 2, 2010 12:41:24 AM oracle.security.jps.internal.idstore.util.IdentityStoreUtil getUnamePwdFromCredStore WARNING: The credential with map JPS and key ldap.credential does not exist. Apr 2, 2010 12:41:27 AM oracle.security.jps.internal.core.util.JpsConfigUtil getPasswordCredential WARNING: A password credential is expected; instead found . Apr 2, 2010 12:41:27 AM oracle.security.jps.internal.idstore.util.IdentityStoreUtil getUnamePwdFromCredStore WARNING: The credential with map JPS and key ldap.credential does not exist. Apr 2, 2010 12:41:28 AM oracle.security.jps.internal.core.util.JpsConfigUtil getPasswordCredential WARNING: A password credential is expected; instead found . Apr 2, 2010 12:41:28 AM oracle.security.jps.internal.idstore.util.IdentityStoreUtil getUnamePwdFromCredStore WARNING: The credential with map JPS and key ldap.credential does not exist. Restart Content Server to apply updates. Configuring Apache Web Server append the following lines at httpd.conf: include "/opt/oracle/ucm/server/data/users/apache22/apache.conf" Configuring the Identity Store( Optional ) 1.  Stop Oracle Content Server and the Admin Server 2.  Update the Oracle Content Server's JPS configuration file, jps-config.xml: a. add a service instance <serviceInstance provider="idstore.ldap.provider" name="idstore.oid"> <property name="subscriber.name" value="dc=cn,dc=oracle,dc=com"></property> <property name="idstore.type" value="OID"></property> <property name="security.principal.key" value="ldap.credential"></property> <property name="security.principal.alias" value="JPS"></property> <property name="ldap.url" value="ldap://yekki.cn.oracle.com:3060"></property> <extendedProperty> <name>user.search.bases</name> <values> <value>cn=users,dc=cn,dc=oracle,dc=com</value> </values> </extendedProperty> <extendedProperty> <name>group.search.bases</name> <values> <value>cn=groups,dc=cn,dc=oracle,dc=com</value> </values> </extendedProperty> <property name="username.attr" value="uid"></property> <property name="user.login.attr" value="uid"></property> <property name="groupname.attr" value="cn"></property> </serviceInstance> b. Ensure that the <jpsContext> entry in the jps-config.xml file refers to the new serviceInstance, that is, idstore.oid and not idstore.ldap: <jpsContext name="default"> <serviceInstanceRef ref="idstore.oid"/> 3. Run the new script to setup the credentials for idstore.oid in the credential store: cd CONTENT_SERVER_HOME/custom/FusionLibraries/tools -bash-3.2$ ./run_credtool.sh Buildfile: ./../tools/credtool.xml     [input] skipping input as property action has already been set.     [input] Alias: [JPS]     [input] Key: [ldap.credential]     [input] User Name: cn=orcladmin     [input] Password: welcome1     [input] JPS Config: [/opt/oracle/ucm/server/custom/FusionLibraries/tools/../../../config/jps-config.xml] manage-creds:      [echo] @@@ Help: run 'ant manage-creds' command to see the detailed usage      [java] Using default context in /opt/oracle/ucm/server/custom/FusionLibraries/tools/../../../config/jps-config.xml file for credential store.      [java] Credential store location : /opt/oracle/ucm/server/config      [java] Credential with map JPS key ldap.credential stored successfully!      [java]      [java]      [java]     Credential for map JPS and key ldap.credential is:      [java]             PasswordCredential name : cn=orcladmin      [java]             PasswordCredential password : welcome1 BUILD SUCCESSFUL Total time: 1 minute 27 seconds Testing 1. acces http://yekki.cn.oracle.com:7777/idc 2. login in with OID user, for example: orcladmin/welcome1 3. make sure your JpsUserProvider status is "good"

    Read the article

  • Windows Start Menu Not Staying on Top

    - by Jeff Rapp
    Hey everyone. I've had this problem since Windows Vista. I did a clean install with Windows 7 and hoped it would fix the problem. Also swapped out the video card just to rule out a strange driver issue. Here's what's happening. After running for some period of time (usually a few hours), the Start button/orb will loose it's "Chrome" and turn into a plain button that just says "Start." It will work fine for a while, but then the start menu will just stop showing. Additionally, when I hit Win+D to show the desktop, the entire taskbar completely disappears. I can get it back usually by moving/minimizing windows that may be overlapping where the start menu should show. Otherwise, it requires either a full reboot or I'll end up killing & restarting the explorer.exe process. I realize that this is a strange issue - I took a video of it http://www.youtube.com/watch?v=0B3WwT0uyr4 Thanks! --Edit-- Here's my HijackThis log: Logfile of Trend Micro HijackThis v2.0.3 (BETA) Scan saved at 4:19:00 PM, on 12/16/2009 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Pantone\hueyPRO\hueyPROTray.exe C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Java\jre6\bin\jusched.exe C:\Program Files (x86)\MagicDisc\MagicDisc.exe C:\Program Files (x86)\Trillian\trillian.exe C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\Ssms.exe C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe C:\Program Files (x86)\Common Files\Microsoft Shared\DevServer\9.0\WebDev.WebServer.EXE C:\Program Files (x86)\Notepad++\notepad++.exe C:\Program Files (x86)\Fiddler2\Fiddler.exe C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\mspdbsrv.exe C:\Program Files (x86)\iTunes\iTunes.exe C:\Program Files (x86)\Adobe\Adobe Illustrator CS4\Support Files\Contents\Windows\Illustrator.exe C:\Program Files (x86)\ColorPic 4.1\ColorPic.exe C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\dexplore.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\dexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe C:\Program Files (x86)\eBay\Blackthorne\bin\BT.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\CamStudio\Recorder.exe C:\Program Files (x86)\CamStudio\Playplus.exe C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 3\firefox.exe C:\Program Files (x86)\CamStudio\Playplus.exe C:\Program Files (x86)\PuTTY\putty.exe C:\Program Files (x86)\CamStudio\Playplus.exe C:\Program Files (x86)\CamStudio\Playplus.exe C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: ChatNowDesktop.appref-ms O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe O4 - Startup: Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe O4 - Global Startup: Digsby.lnk = C:\Program Files (x86)\Digsby\digsby.exe O4 - Global Startup: hueyPROTray.lnk = C:\Program Files (x86)\Pantone\hueyPRO\hueyPROTray.exe O4 - Global Startup: OfficeSAS.lnk = ? O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: S&end to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" (file missing) O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" (file missing) O13 - Gopher Prefix: O16 - DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} (RSClientPrint 2008 Class) - http://reportserver/Reports/Reserved.ReportViewerWebControl.axd?ReportSession=oxadkhfvfvt1hzf2eh3y1ay2&ControlID=b89e27f15e734f3faee1308eebdfab2a&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab&Arch=X86 O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = LapkoSoft.local O17 - HKLM\System\CCS\Services\Tcpip\..\{5992B87A-643B-4385-A914-249B98BF7129}: NameServer = 192.168.1.10 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = LapkoSoft.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = LapkoSoft.local O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    Read the article

  • Converting Lighttpd config to NginX with php-fpm

    - by Le Dude
    Having so much issue with NginX configuration since I'm new with NginX. Been using Lighttpd for quite sometime. Here are the base info. New Machine - CentOS 6.3 64 Bit - NginX 1.2.4-1.e16.ngx - Php-FPM 5.3.18-1.e16.remi Old Machine - CentOS 6.2 64Bit - Lighttpd 1.4.25-3.e16 Original Lighttpd config file: ####################################################################### ## ## /etc/lighttpd/lighttpd.conf ## ## check /etc/lighttpd/conf.d/*.conf for the configuration of modules. ## ####################################################################### ####################################################################### ## ## Some Variable definition which will make chrooting easier. ## ## if you add a variable here. Add the corresponding variable in the ## chroot example aswell. ## var.log_root = "/var/log/lighttpd" var.server_root = "/var/www" var.state_dir = "/var/run" var.home_dir = "/var/lib/lighttpd" var.conf_dir = "/etc/lighttpd" ## ## run the server chrooted. ## ## This requires root permissions during startup. ## ## If you run Chrooted set the the variables to directories relative to ## the chroot dir. ## ## example chroot configuration: ## #var.log_root = "/logs" #var.server_root = "/" #var.state_dir = "/run" #var.home_dir = "/lib/lighttpd" #var.vhosts_dir = "/vhosts" #var.conf_dir = "/etc" # #server.chroot = "/srv/www" ## ## Some additional variables to make the configuration easier ## ## ## Base directory for all virtual hosts ## ## used in: ## conf.d/evhost.conf ## conf.d/simple_vhost.conf ## vhosts.d/vhosts.template ## var.vhosts_dir = server_root + "/vhosts" ## ## Cache for mod_compress ## ## used in: ## conf.d/compress.conf ## var.cache_dir = "/var/cache/lighttpd" ## ## Base directory for sockets. ## ## used in: ## conf.d/fastcgi.conf ## conf.d/scgi.conf ## var.socket_dir = home_dir + "/sockets" ## ####################################################################### ####################################################################### ## ## Load the modules. include "modules.conf" ## ####################################################################### ####################################################################### ## ## Basic Configuration ## --------------------- ## server.port = 80 ## ## Use IPv6? ## #server.use-ipv6 = "enable" ## ## bind to a specific IP ## #server.bind = "localhost" ## ## Run as a different username/groupname. ## This requires root permissions during startup. ## server.username = "lighttpd" server.groupname = "lighttpd" ## ## enable core files. ## #server.core-files = "disable" ## ## Document root ## server.document-root = server_root + "/lighttpd" ## ## The value for the "Server:" response field. ## ## It would be nice to keep it at "lighttpd". ## #server.tag = "lighttpd" ## ## store a pid file ## server.pid-file = state_dir + "/lighttpd.pid" ## ####################################################################### ####################################################################### ## ## Logging Options ## ------------------ ## ## all logging options can be overwritten per vhost. ## ## Path to the error log file ## server.errorlog = log_root + "/error.log" ## ## If you want to log to syslog you have to unset the ## server.errorlog setting and uncomment the next line. ## #server.errorlog-use-syslog = "enable" ## ## Access log config ## include "conf.d/access_log.conf" ## ## The debug options are moved into their own file. ## see conf.d/debug.conf for various options for request debugging. ## include "conf.d/debug.conf" ## ####################################################################### ####################################################################### ## ## Tuning/Performance ## -------------------- ## ## corresponding documentation: ## http://www.lighttpd.net/documentation/performance.html ## ## set the event-handler (read the performance section in the manual) ## ## possible options on linux are: ## ## select ## poll ## linux-sysepoll ## ## linux-sysepoll is recommended on kernel 2.6. ## server.event-handler = "linux-sysepoll" ## ## The basic network interface for all platforms at the syscalls read() ## and write(). Every modern OS provides its own syscall to help network ## servers transfer files as fast as possible ## ## linux-sendfile - is recommended for small files. ## writev - is recommended for sending many large files ## server.network-backend = "linux-sendfile" ## ## As lighttpd is a single-threaded server, its main resource limit is ## the number of file descriptors, which is set to 1024 by default (on ## most systems). ## ## If you are running a high-traffic site you might want to increase this ## limit by setting server.max-fds. ## ## Changing this setting requires root permissions on startup. see ## server.username/server.groupname. ## ## By default lighttpd would not change the operation system default. ## But setting it to 2048 is a better default for busy servers. ## ## With SELinux enabled, this is denied by default and needs to be allowed ## by running the following once : setsebool -P httpd_setrlimit on server.max-fds = 2048 ## ## Stat() call caching. ## ## lighttpd can utilize FAM/Gamin to cache stat call. ## ## possible values are: ## disable, simple or fam. ## server.stat-cache-engine = "simple" ## ## Fine tuning for the request handling ## ## max-connections == max-fds/2 (maybe /3) ## means the other file handles are used for fastcgi/files ## server.max-connections = 1024 ## ## How many seconds to keep a keep-alive connection open, ## until we consider it idle. ## ## Default: 5 ## #server.max-keep-alive-idle = 5 ## ## How many keep-alive requests until closing the connection. ## ## Default: 16 ## #server.max-keep-alive-requests = 18 ## ## Maximum size of a request in kilobytes. ## By default it is unlimited (0). ## ## Uploads to your server cant be larger than this value. ## #server.max-request-size = 0 ## ## Time to read from a socket before we consider it idle. ## ## Default: 60 ## #server.max-read-idle = 60 ## ## Time to write to a socket before we consider it idle. ## ## Default: 360 ## #server.max-write-idle = 360 ## ## Traffic Shaping ## ----------------- ## ## see /usr/share/doc/lighttpd/traffic-shaping.txt ## ## Values are in kilobyte per second. ## ## Keep in mind that a limit below 32kB/s might actually limit the ## traffic to 32kB/s. This is caused by the size of the TCP send ## buffer. ## ## per server: ## #server.kbytes-per-second = 128 ## ## per connection: ## #connection.kbytes-per-second = 32 ## ####################################################################### ####################################################################### ## ## Filename/File handling ## ------------------------ ## ## files to check for if .../ is requested ## index-file.names = ( "index.php", "index.rb", "index.html", ## "index.htm", "default.htm" ) ## index-file.names += ( "index.xhtml", "index.html", "index.htm", "default.htm", "index.php" ) ## ## deny access the file-extensions ## ## ~ is for backupfiles from vi, emacs, joe, ... ## .inc is often used for code includes which should in general not be part ## of the document-root url.access-deny = ( "~", ".inc" ) ## ## disable range requests for pdf files ## workaround for a bug in the Acrobat Reader plugin. ## $HTTP["url"] =~ "\.pdf$" { server.range-requests = "disable" } ## ## url handling modules (rewrite, redirect) ## #url.rewrite = ( "^/$" => "/server-status" ) #url.redirect = ( "^/wishlist/(.+)" => "http://www.example.com/$1" ) ## ## both rewrite/redirect support back reference to regex conditional using %n ## #$HTTP["host"] =~ "^www\.(.*)" { # url.redirect = ( "^/(.*)" => "http://%1/$1" ) #} ## ## which extensions should not be handle via static-file transfer ## ## .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi ## static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".scgi" ) ## ## error-handler for status 404 ## #server.error-handler-404 = "/error-handler.html" #server.error-handler-404 = "/error-handler.php" ## ## Format: <errorfile-prefix><status-code>.html ## -> ..../status-404.html for 'File not found' ## #server.errorfile-prefix = "/srv/www/htdocs/errors/status-" ## ## mimetype mapping ## include "conf.d/mime.conf" ## ## directory listing configuration ## include "conf.d/dirlisting.conf" ## ## Should lighttpd follow symlinks? ## server.follow-symlink = "enable" ## ## force all filenames to be lowercase? ## #server.force-lowercase-filenames = "disable" ## ## defaults to /var/tmp as we assume it is a local harddisk ## server.upload-dirs = ( "/var/tmp" ) ## ####################################################################### ####################################################################### ## ## SSL Support ## ------------- ## ## To enable SSL for the whole server you have to provide a valid ## certificate and have to enable the SSL engine.:: ## ## ssl.engine = "enable" ## ssl.pemfile = "/path/to/server.pem" ## ## The HTTPS protocol does not allow you to use name-based virtual ## hosting with SSL. If you want to run multiple SSL servers with ## one lighttpd instance you must use IP-based virtual hosting: :: ## ## $SERVER["socket"] == "10.0.0.1:443" { ## ssl.engine = "enable" ## ssl.pemfile = "/etc/ssl/private/www.example.com.pem" ## server.name = "www.example.com" ## ## server.document-root = "/srv/www/vhosts/example.com/www/" ## } ## ## If you have a .crt and a .key file, cat them together into a ## single PEM file: ## $ cat /etc/ssl/private/lighttpd.key /etc/ssl/certs/lighttpd.crt \ ## > /etc/ssl/private/lighttpd.pem ## #ssl.pemfile = "/etc/ssl/private/lighttpd.pem" ## ## optionally pass the CA certificate here. ## ## #ssl.ca-file = "" ## ####################################################################### ####################################################################### ## ## custom includes like vhosts. ## #include "conf.d/config.conf" #include_shell "cat /etc/lighttpd/vhosts.d/*.conf" ## ####################################################################### ####################################################################### ### Custom Added by me #url.rewrite-once = (".*\.(js|ico|gif|jpg|png|css|jar|class)$" => "$0", "" => "/index.php") url.rewrite-once = ( ".*\?(.*)$" => "/index.php?$1", "^/js/.*$" => "$0", "^.*\.(js|ico|gif|jpg|png|css|swf |jar|class)$" => "$0", "" => "/index.php" ) # expire.url = ( "" => "access 1 days" ) include "myvhost-vhosts.conf" ####################################################################### Here is my Vhost file for lighttpd $HTTP["host"] =~ "192.168.8.35$" { server.document-root = "/var/www/lighttpd/qc41022012/public" server.errorlog = "/var/log/lighttpd/error.log" accesslog.filename = "/var/log/lighttpd/access.log" server.error-handler-404 = "/e404.php" } and here is my nginx.conf file user nginx; worker_processes 5; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/testsite/logs/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 65; #gzip on; # include /etc/nginx/conf.d/*.conf; ## I added this ## include /etc/nginx/sites-available/*; } Here is my NginX Vhost file server { server_name 192.168.8.91; access_log /var/log/nginx/myapps/logs/access.log; error_log /var/log/nginx/myapps/logs/error.log; root /var/www/html/myapps/public; location / { index index.html index.htm index.php; } location = /favicon.ico { return 204; access_log off; log_not_found off; } # location ~ \.php$ { # try_files $uri /index.php; # include /etc/nginx/fastcgi_params; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # fastcgi_param SCRIPT_NAME $fastcgi_script_name; location ~ \.php.*$ { rewrite ^(.*.php)/ $1 last; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # fastcgi_intercept_errors on; # fastcgi_param SCRIPT_FILENAME $document_root/index.php; # fastcgi_param PATH_INFO $uri; # fastcgi_pass 127.0.0.1:9000; # include fastcgi_params; } } We have a custom apps that we created that works great with lighttpd. I went through some headache also when we were trying to figure out how to make it work with lighttpd. this is the line that helps make it work in lighttpd. url.rewrite-once = ( ".*\?(.*)$" => "/index.php?$1", "^/js/.*$" => "$0", "^.*\.(js|ico|gif|jpg|png|css|swf |jar|class)$" => "$0", "" => "/index.php" ) but I couldn't figure out how to make it works in NginX. The webserver run just fine when we use the phpinfo.php test file. However as soon as I point it to my apps, nothing comes up. Check the error.log file and there's no error. Very mind boggling. I spent over 1 week trying to figure it out with no luck.. Please help?

    Read the article

  • Can ping IP address and nslookup hostname but cannot ping hostname

    - by jao
    On a windows 2003 server I can nslookup www.google.com which returns Server: localhost Address: 127.0.0.1 Non-authoritative answer: Name: www.l.google.com Addresses: 74.125.79.104, 74.125.79.147, 74.125.79.99 Aliases: www.google.com I can then ping 74.125.79.104: Pinging 74.125.79.104 with 32 bytes of data: Reply from 74.125.79.104: bytes=32 time=16ms TTL=54 Reply from 74.125.79.104: bytes=32 time=32ms TTL=54 Reply from 74.125.79.104: bytes=32 time=15ms TTL=54 Reply from 74.125.79.104: bytes=32 time=15ms TTL=54 Ping statistics for 74.125.79.104: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 15ms, Maximum = 32ms, Average = 19ms But I cannot ping www.google.com: Ping request could not find host www.google.com. Please check the name and try again. (this one is different from the other question in that this one has a TLD, it is not a local domain.) Update: I am running a dns server at localhost (127.0.0.1). Even when I change it to use for example opendns, it still can nslookup hostname and ping ip address, but not ping hostname. So what is wrong? Update 2: here is the ipconfig /all result: Windows IP Configuration Host Name . . . . . . . . . . . . : SERVER Primary Dns Suffix . . . . . . . : NETWORK.local Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : NETWORK.local Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet #2 Physical Address. . . . . . . . . : 00-0F-1F-56-3B-AA DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.7.2 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.7.1 DNS Servers . . . . . . . . . . . : 127.0.0.1 Update 3: Thanks everyone for their help and suggestions. I appreciate that. Ipconfig /flushdns returns: Sucessfully flushed the DNS resolver cache Ipconfig /displaydns returns: 2.7.168.192.in-addr.arpa ---------------------------------------- Record Name . . . . . : 2.7.168.192.in-addr.arpa. Record Type . . . . . : 12 Time To Live . . . . : 0 Data Length . . . . . : 4 Section . . . . . . . : Answer PTR Record . . . . . : webserver.mydomainname.com 1.0.0.127.in-addr.arpa ---------------------------------------- Record Name . . . . . : 1.0.0.127.in-addr.arpa. Record Type . . . . . : 12 Time To Live . . . . : 0 Data Length . . . . . : 4 Section . . . . . . . : Answer PTR Record . . . . . : localhost Update 4: Wireshark shows the following: 3 11.540542 208.67.220.220 192.168.7.2 DNS Standard query response A 74.125.79.99 A 74.125.79.104 A 74.125.79.147 6 42.056794 192.168.7.2 192.168.7.255 NBNS Name query NB WWW.GOOGLE.COM<00> which is weird: when I ping, it sends a packet to 192.168.7.255 instead of asking the DNS server for an address

    Read the article

  • I need advices: small memory footprint linux mail server with spam filtering

    - by petermolnar
    I have a VPS which is originally destined to be a webserver but some minimal mail capabilities are needed to be deployed as well, including sending and receiving as standalone server. The current setup is the following: Postfix reveices the mail, the users are in virtual tables, stored in MySQL on connection all servers are tested with policyd-weight service against some DNSBLs all mail is runs through SpamAssassin spamd with the help of spamc client the mail is then delivered with Dovecot 2' LDA (local delivery agent), virtual users as well As you saw... there's no virus scanner running, and that's for a reason: clamav eats all the memory possible and also, virus mails are all filtered out with this setup (I've tested the same with ClamAV enabled for 1,5 years, no virus mail ever got even to ClamAV) I don't use amavisd and I really don't want to. You only need that monster if you have plenty of memory and lots of simultaneous scanners. It's also a nightmare to fine tune by hand. I run policyd-weight instead of policyd and native DNSBLs in postfix. I don't like to send someone away because a single service listed them. Important statement: everything works fine. I receive very small amount of spam, nearly never get a false positive and most of the bad mail is stopped by policyd-weight. The only "problem" that I feel the services at total uses a bit much memory alltogether. I've already cut the modules of spamassassin (see below), but I'd really like to hear some advices how to cut the memory footprint as low as possible, mostly: what plugins SpamAssassin really needs and what are more or less useless, regarding to my current postfix & policyd-weight setup? SpamAssassin rules are also compiled with sa-compile (sa-update runs once a week from cron, compile runs right after that) These are some of the current configurations that may matter, please tell me if you need anything more. postfix/master.cf (parts only) dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/bin/spamc -e /usr/lib/dovecot/deliver -d ${recipient} -f {sender} postfix/main.cf (parts only) smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, permit smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, check_policy_service inet:127.0.0.1:12525, permit policyd-weight.conf (parts only) $REJECTMSG = "550 Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs"; $REJECTLEVEL = 4; $DEFER_STRING = 'IN_SPAMCOP= BOGUS_MX='; $DEFER_ACTION = '450'; $DEFER_LEVEL = 5; $DNSERRMSG = '450 No DNS entries for your MTA, HELO and Domain. Contact YOUR administrator'; # 1: ON, 0: OFF (default) # If ON request that ALL clients are only checked against RBLs $dnsbl_checks_only = 0; # 1: ON (default), 0: OFF # When set to ON it logs only RBLs which affect scoring (positive or negative) $LOG_BAD_RBL_ONLY = 1; ## DNSBL settings @dnsbl_score = ( # host, hit, miss, log name 'dnsbl.ahbl.org', 3, -1, 'dnsbl.ahbl.org', 'dnsbl.njabl.org', 3, -1, 'dnsbl.njabl.org', 'dnsbl.sorbs.net', 3, -1, 'dnsbl.sorbs.net', 'bl.spamcop.net', 3, -1, 'bl.spamcop.net', 'zen.spamhaus.org', 3, -1, 'zen.spamhaus.org', 'pbl.spamhaus.org', 3, -1, 'pbl.spamhaus.org', 'cbl.abuseat.org', 3, -1, 'cbl.abuseat.org', 'list.dsbl.org', 3, -1, 'list.dsbl.org', ); # If Client IP is listed in MORE DNSBLS than this var, it gets REJECTed immediately $MAXDNSBLHITS = 3; # alternatively, if the score of DNSBLs is ABOVE this level, reject immediately $MAXDNSBLSCORE = 9; $MAXDNSBLMSG = '550 Az levelezoszerveruk IP cime tul sok spamlistan talahato, kerjuk ellenorizze! / Your MTA is listed in too many DNSBLs; please check.'; ## RHSBL settings @rhsbl_score = ( 'multi.surbl.org', 4, 0, 'multi.surbl.org', 'rhsbl.ahbl.org', 4, 0, 'rhsbl.ahbl.org', 'dsn.rfc-ignorant.org', 4, 0, 'dsn.rfc-ignorant.org', # 'postmaster.rfc-ignorant.org', 0.1, 0, 'postmaster.rfc-ignorant.org', # 'abuse.rfc-ignorant.org', 0.1, 0, 'abuse.rfc-ignorant.org' ); # skip a RBL if this RBL had this many continuous errors $BL_ERROR_SKIP = 2; # skip a RBL for that many times $BL_SKIP_RELEASE = 10; ## cache stuff # must be a directory (add trailing slash) $LOCKPATH = '/var/run/policyd-weight/'; # socket path for the cache daemon. $SPATH = $LOCKPATH.'/polw.sock'; # how many seconds the cache may be idle before starting maintenance routines #NOTE: standard maintenance jobs happen regardless of this setting. $MAXIDLECACHE = 60; # after this number of requests do following maintenance jobs: checking for config changes $MAINTENANCE_LEVEL = 5; # negative (i.e. SPAM) result cache settings ################################## # set to 0 to disable caching for spam results. To this level the cache will be cleaned. $CACHESIZE = 2000; # at this number of entries cleanup takes place $CACHEMAXSIZE = 4000; $CACHEREJECTMSG = '550 temporarily blocked because of previous errors'; # after NTTL retries the cache entry is deleted $NTTL = 1; # client MUST NOT retry within this seconds in order to decrease TTL counter $NTIME = 30; # positve (i.,e. HAM) result cache settings ################################### # set to 0 to disable caching of HAM. To this number of entries the cache will be cleaned $POSCACHESIZE = 1000; # at this number of entries cleanup takes place $POSCACHEMAXSIZE = 2000; $POSCACHEMSG = 'using cached result'; #after PTTL requests the HAM entry must succeed one time the RBL checks again $PTTL = 60; # after $PTIME in HAM Cache the client must pass one time the RBL checks again. #Values must be nonfractal. Accepted time-units: s, m, h, d $PTIME = '3h'; # The client must pass this time the RBL checks in order to be listed as hard-HAM # After this time the client will pass immediately for PTTL within PTIME $TEMP_PTIME = '1d'; ## DNS settings # Retries for ONE DNS-Lookup $DNS_RETRIES = 1; # Retry-interval for ONE DNS-Lookup $DNS_RETRY_IVAL = 5; # max error count for unresponded queries in a complete policy query $MAXDNSERR = 3; $MAXDNSERRMSG = 'passed - too many local DNS-errors'; # persistent udp connection for DNS queries. #broken in Net::DNS version 0.51. Works with Net::DNS 0.53; DEFAULT: off $PUDP= 0; # Force the usage of Net::DNS for RBL lookups. # Normally policyd-weight tries to use a faster RBL lookup routine instead of Net::DNS $USE_NET_DNS = 0; # A list of space separated NS IPs # This overrides resolv.conf settings # Example: $NS = '1.2.3.4 1.2.3.5'; # DEFAULT: empty $NS = ''; # timeout for receiving from cache instance $IPC_TIMEOUT = 2; # If set to 1 policyd-weight closes connections to smtpd clients in order to avoid too many #established connections to one policyd-weight child $TRY_BALANCE = 0; # scores for checks, WARNING: they may manipulate eachother # or be factors for other scores. # HIT score, MISS Score @client_ip_eq_helo_score = (1.5, -1.25 ); @helo_score = (1.5, -2 ); @helo_score = (0, -2 ); @helo_from_mx_eq_ip_score= (1.5, -3.1 ); @helo_numeric_score= (2.5, 0 ); @from_match_regex_verified_helo= (1,-2 ); @from_match_regex_unverified_helo = (1.6, -1.5 ); @from_match_regex_failed_helo = (2.5, 0 ); @helo_seems_dialup = (1.5, 0 ); @failed_helo_seems_dialup= (2, 0 ); @helo_ip_in_client_subnet= (0,-1.2 ); @helo_ip_in_cl16_subnet = (0,-0.41 ); #@client_seems_dialup_score = (3.75, 0 ); @client_seems_dialup_score = (0, 0 ); @from_multiparted = (1.09, 0 ); @from_anon= (1.17, 0 ); @bogus_mx_score = (2.1, 0 ); @random_sender_score = (0.25, 0 ); @rhsbl_penalty_score = (3.1, 0 ); @enforce_dyndns_score = (3, 0 ); spamassassin/init.pre (I've put the .pre files together) loadplugin Mail::SpamAssassin::Plugin::Hashcash loadplugin Mail::SpamAssassin::Plugin::SPF loadplugin Mail::SpamAssassin::Plugin::Pyzor loadplugin Mail::SpamAssassin::Plugin::Razor2 loadplugin Mail::SpamAssassin::Plugin::AutoLearnThreshold loadplugin Mail::SpamAssassin::Plugin::MIMEHeader loadplugin Mail::SpamAssassin::Plugin::ReplaceTags loadplugin Mail::SpamAssassin::Plugin::Check loadplugin Mail::SpamAssassin::Plugin::HTTPSMismatch loadplugin Mail::SpamAssassin::Plugin::URIDetail loadplugin Mail::SpamAssassin::Plugin::Bayes loadplugin Mail::SpamAssassin::Plugin::BodyEval loadplugin Mail::SpamAssassin::Plugin::DNSEval loadplugin Mail::SpamAssassin::Plugin::HTMLEval loadplugin Mail::SpamAssassin::Plugin::HeaderEval loadplugin Mail::SpamAssassin::Plugin::MIMEEval loadplugin Mail::SpamAssassin::Plugin::RelayEval loadplugin Mail::SpamAssassin::Plugin::URIEval loadplugin Mail::SpamAssassin::Plugin::WLBLEval loadplugin Mail::SpamAssassin::Plugin::VBounce loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody spamassassin/local.cf (parts) use_bayes 1 bayes_auto_learn 1 bayes_store_module Mail::SpamAssassin::BayesStore::MySQL bayes_sql_dsn DBI:mysql:db:127.0.0.1:3306 bayes_sql_username user bayes_sql_password pass bayes_ignore_header X-Bogosity bayes_ignore_header X-Spam-Flag bayes_ignore_header X-Spam-Status ### User settings user_scores_dsn DBI:mysql:db:127.0.0.1:3306 user_scores_sql_password user user_scores_sql_username pass user_scores_sql_custom_query SELECT preference, value FROM _TABLE_ WHERE username = _USERNAME_ OR username = '$GLOBAL' OR username = CONCAT('%',_DOMAIN_) ORDER BY username ASC # for better speed score DNS_FROM_AHBL_RHSBL 0 score __RFC_IGNORANT_ENVFROM 0 score DNS_FROM_RFC_DSN 0 score DNS_FROM_RFC_BOGUSMX 0 score __DNS_FROM_RFC_POST 0 score __DNS_FROM_RFC_ABUSE 0 score __DNS_FROM_RFC_WHOIS 0 UPDATE 01 As adaptr advised I remove policyd-weight and configured postfix postscreen, this resulted approximately -15-20 MB from RAM usage and a lot faster work. I'm not sure it's working at full capacity but it seems promising.

    Read the article

  • Filtering bad requests from Apache -> logger -> rsyslog to syslog-ng on a remote logging server possible?

    - by zeyus
    EDIT: Thanks for the help Here is a quick idea of the setup: webserver X In apache httpd.conf: LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vcombined CustomLog "|/usr/bin/logger -p local6.info -t access " vcombined In rsyslog.conf: *.* @logserver Logserver syslog-ng.conf: ... parser p_apache {csv-parser(columns( "APACHE.VIRTUAL_HOST", "APACHE.CLIENT_IP", "APACHE.IDENT_NAME", "APACHE.USER_NAME", "APACHE.TIMESTAMP", "APACHE.REQUEST_URL", "APACHE.REQUEST_STATUS", "APACHE.CONTENT_LENGTH", "APACHE.REFERER", "APACHE.USER_AGENT", "APACHE.PROCESS_TIME", "APACHE.SERVER_NAME") # flags: # escape-none,escape-backslash,escape-double-char, # strip-whitespace flags(escape-double-char,strip-whitespace) delimiters(" ") quote-pairs('""[]') );}; ... source s_net { udp(ip(0.0.0.0) port(514) so_rcvbuf(1048576)); }; destination hosts_acc { file("/var/log/hosts/$HOST/${APACHE.VIRTUAL_HOST}_acc.log"); }; filter f_apacheacc { facility(local6); }; log { source(s_net); parser(p_apache); filter(f_apacheacc); destination(hosts_acc); }; ... The log's get there just fine, but there are a LOT of logs like the following: -rw------- 1 root root 5726 Apr 6 01:02 xc3\x9d\xc3\x9ed$yA;_acc.log -rw------- 1 root root 23435 Apr 6 01:06 \xc3\x9ed$yA;_acc.log -rw------- 1 root root 745 Apr 6 00:57 xc3\x9ed$yA;_acc.log -rw------- 1 root root 8440 Apr 5 22:50 \xc3\xaf_F\xc3\x95$yA;_acc.log -rw------- 1 root root 3112 Apr 6 00:58 xe2\x80\x94w\xe2\x80\x98\xc3\x9d\xc3\x9ed$yA;_acc.log -rw------- 1 root root 4220 Apr 5 22:03 xe2\x80\x98\twd\xc2\xa2\xc2\xb0\xc3\x96$yA;_acc.log -rw------- 1 root root 1055 Apr 5 22:03 xe2\x80\x98\xc2\x9dw\xc3\x94\xc3\xb4T\xc5\x93$yA;_acc.log -rw------- 1 root root 1821 Apr 6 00:58 \xe2\x80\x98\xc3\x9d\xc3\x9ed$yA;_acc.log -rw------- 1 root root 2875 Apr 6 01:02 xe2\x80\x98\xc3\x9d\xc3\x9ed$yA;_acc.log -rw------- 1 root root 3165 Apr 5 22:48 \xe2\x80\x99-w\xc3\xaf_F\xc3\x95$yA;_acc.log -rw------- 1 root root 3165 Apr 5 22:40 \xe2\x80\x99\xe2\x80\x9aw\xe2\x82\xac\xc2\xbd\xe2\x80\x9d($yA;_acc.log -rw------- 1 root root 15825 Apr 5 22:50 xe2\x80\x99\xe2\x80\x9aw\xe2\x82\xac\xc2\xbd\xe2\x80\x9d($yA;_acc.log -rw------- 1 root root 1055 Apr 5 22:39 \xe2\x80\x9aw\xe2\x82\xac\xc2\xbd\xe2\x80\x9d($yA;_acc.log -rw------- 1 root root 2110 Apr 5 22:50 xe2\x80\x9aw\xe2\x82\xac\xc2\xbd\xe2\x80\x9d($yA;_acc.log -rw------- 1 root root 2034 Apr 5 22:50 \xe2\x80\x9d($yA;_acc.log -rw------- 1 root root 4066 Apr 5 22:45 xe2\x80\x9d($yA;_acc.log -rw------- 1 root root 7212 Apr 6 13:30 \xe2\x80\xb9>$yA;_acc.log -rw------- 1 root root 3000 Apr 6 13:25 xe2\x80\xb9>$yA;_acc.log My question is where, and how can I filter these out, I don't want them on the filesystem (But actually I guess it wouldn't be a bad idea to keep them logged, but in their correct VHost file) Here is an example VHost <VirtualHost *:80> ServerAdmin [email protected] ServerName xxx.xx DocumentRoot /var/www/vhosts/xxx <Directory /var/www/vhosts/xxx> AllowOverride All Options All RewriteEngine on </Directory> </VirtualHost> And the default "catch-all" vhost at the bottom of the vhosts config file: <VirtualHost *:80> ServerName default ServerAlias * ServerAlias catchall.xxx.xx DocumentRoot /var/www/vhosts/nodomain <Directory "/var/www/vhosts/nodomain"> Options Indexes FollowSymLinks AllowOverride none Allow from All </Directory> CustomLog /dev/null combined ErrorLog /dev/null </VirtualHost> I had posted this in a related question but It's better in it's own question. Here are some examples from inside the log files r_acc.log: Apr 7 11:16:27 xxxxx access: r PC 5.0; eSobiSubscriber 2.0.4.16; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)" Apr 7 11:16:28 xxxxx access: r PC 5.0; eSobiSubscriber 2.0.4.16; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)" ######################## D46-28E2-0FBC95-78798EV\xe2\x80\x94w\xe2\x80\x98\xc3\x9d\xc3\x9ed$yA;_acc.log: Apr 7 14:54:06 xxxxx access: D46-28E2-0FBC95-78798EV\xe2\x80\x94w\xe2\x80\x98\xc3\x9d\xc3\x9ed$yA; B557000E-F20D-35DD-021A-9824EC-17A4AFV\xe2\x80\x94w\xe2\x80\x98\xc3\x9d\xc3\x9ed$yA; 3BD03D7B-EEFD-83FF-7599-B751AD-6F0A2EV\xe2\x80\x94w\xe2\x80\x98\xc3\x9d\xc3\x9ed$yA; 9CAE0724-D455-0B31-3378-871C11-BBD0A4V\xe2\x80\x94w\xe2\x80\x98\xc3\x9d\xc3\x9ed$yA; C1E24799-3979-2452-81-3BAA0FFD361F5A; 0E701CBC-5832-5AB6-D5-CFBF9BDE863EAA; 464714B1-B3E2-774A-A4-FEA612A46CEE06; 74C817B0-D081-D2CC-6D-C4EF0F1B4F49BB; 1338B1DE-67CD-977C-B35D-1F2C4441DD6A; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; .NET4.0C; BRI/2)" ######################## V\xe2\x80\x94w\xe2\x80\x98\xc3\x9d\xc3\x9ed$yA;_acc.log: Apr 7 14:55:04 xxxxx access: V\xe2\x80\x94w\xe2\x80\x98\xc3\x9d\xc3\x9ed$yA; FEEACE4F-092A-1D46-28E2-0FBC95-78798EV\xe2\x80\x94w\xe2\x80\x98\xc3\x9d\xc3\x9ed$yA; B557000E-F20D-35DD-021A-9824EC-17A4AFV\xe2\x80\x94w\xe2\x80\x98\xc3\x9d\xc3\x9ed$yA; 3BD03D7B-EEFD-83FF-7599-B751AD-6F0A2EV\xe2\x80\x94w\xe2\x80\x98\xc3\x9d\xc3\x9ed$yA; 9CAE0724-D455-0B31-3378-871C11-BBD0A4V\xe2\x80\x94w\xe2\x80\x98\xc3\x9d\xc3\x9ed$yA; C1E24799-3979-2452-81-3BAA0FFD361F5A; 0E701CBC-5832-5AB6-D5-CFBF9BDE863EAA; 464714B1-B3E2-774A-A4-FEA612A46CEE06; 74C817B0-D081-D2CC-6D-C4EF0F1B4F49BB; 1338B1DE-67CD-977C-B35D-1F2C4441DD6A; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; .NET4.0C; BRI/2)" ################### xc2\x90\xc3\x91\xc3\x94\xc2\xab$yA;_acc.log: Apr 7 19:48:39 xxxxx access: xc2\x90\xc3\x91\xc3\x94\xc2\xab$yA; 3C12D25C-9D40-91CF-1F40-AC-B1A083426DV-w\xc2\x90\xc3\x91\xc3\x94\xc2\xab$yA; D4713FA8-0142-A0C2-4812-BA-E03221005BV-w\xc2\x90\xc3\x91\xc3\x94\xc2\xab$yA; 199BAF2A-ECD5-39FA-65C3-E8-B107FAFF08V-w\xc2\x90\xc3\x91\xc3\x94\xc2\xab$yA; 384BDA70-9954-7744-05A0-C4-C7D9FEA685V-w\xc2\x90\xc3\x91\xc3\x94\xc2\xab$yA; EE7292A9-333C-AF70-5A7F-55-CAA7D0BA39V-w\xc2\x90\xc3\x91\xc3\x94\xc2\xab$yA; -AD7D48FA3A55-2A33-D10B-B4B66276D8B8; -166A9C6A2E71-24DF-A192-C8258AA4DE14; -00077C6C84E0-A302-4954-3D6D17C54D31; 3F56C318-EC3C-432B-680F-7E4BB2B852C4; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.21022; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)" Apr 7 19:48:39 xxxxx access: xc2\x90\xc3\x91\xc3\x94\xc2\xab$yA; 3C12D25C-9D40-91CF-1F40-AC-B1A083426DV-w\xc2\x90\xc3\x91\xc3\x94\xc2\xab$yA; D4713FA8-0142-A0C2-4812-BA-E03221005BV-w\xc2\x90\xc3\x91\xc3\x94\xc2\xab$yA; 199BAF2A-ECD5-39FA-65C3-E8-B107FAFF08V-w\xc2\x90\xc3\x91\xc3\x94\xc2\xab$yA; 384BDA70-9954-7744-05A0-C4-C7D9FEA685V-w\xc2\x90\xc3\x91\xc3\x94\xc2\xab$yA; EE7292A9-333C-AF70-5A7F-55-CAA7D0BA39V-w\xc2\x90\xc3\x91\xc3\x94\xc2\xab$yA; -AD7D48FA3A55-2A33-D10B-B4B66276D8B8; -166A9C6A2E71-24DF-A192-C8258AA4DE14; -00077C6C84E0-A302-4954-3D6D17C54D31; 3F56C318-EC3C-432B-680F-7E4BB2B852C4; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.21022; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)" Thanks

    Read the article

  • CodePlex Daily Summary for Sunday, August 10, 2014

    CodePlex Daily Summary for Sunday, August 10, 2014Popular ReleasesWinForms MVP: WinForms MVP v1.0.1008.2014: Issues Fixed Issue 1 New Added MessageBus and AppState features. Added tests in support of the MessageBus and AppState features Added dependency injection support for Ninject. Added tests in support of the NinjectPresenterFactory.WP8 Native Access Webserver: Version alpha 0.5.3: Figured I should post a newer version. This build includes pretty broad registry browsing (especially if you can use the AllCapabilities version) and (in the AC version) also fairly broad file system access. It also includes the ability to download .REG files. There have been tons of bugfixes and performance improvements as well, plus a slightly better UI in both the app and the web interface. For more info, please read the forum post here: http://forum.xda-developers.com/showthread.php?t=23...ClosedXML - The easy way to OpenXML: ClosedXML 0.74.0: Many updates. See history.SEToolbox: SEToolbox 01.042.019 Release 1: Added RadioAntenna broadcast name to ship name detail. Added two additional columns for Asteroid material generation for Asteroid Fields. Added Mass and Block number columns to main display. Added Ellipsis to some columns on main display to reduce name confusion. Added correct SE version number in file when saving. Re-added in reattaching Motor when drag/dropping or importing ships (KeenSH have added RotorEntityId back in after removing it months ago). Added option to export and r...Instant Beautiful Browsing: IBB 14.3 Alpha: An alpha release of IBB. After 3 years of the last release this version is made from scratch, with tons of new features like: Make your own IBB aps. HTML 5. Better UI. Extreme Windows 8 resemblance. Photos. Store. Movement TONS of times smother compared to previous versions. Remember that this is AN ALPHA release, I hope I will have "IBB 14" finished by December. The documentation on how to create a new application for IBB will come next monthjQuery List DragSort: jQuery List DragSort 0.5.2: Fixed scrollContainer removing deprecated use of $.browser so should now work with latest version of jQuery. Added the ability to return false in dragEnd to revert sort order Project changes Added nuget package for dragsort https://www.nuget.org/packages/dragsort Converted repository from SVN to MercurialCRM 2013 One Click Navigation: CRM2013OneClickNavigation_1_0_0_4_managed.zip: Fixed some minor issues and added support for the following languages Spanish German French Italian Portuguese Russian Arabic Chinese Japanese Hindi Hebrew Korean Polish ThaiBraintree Client Library: Braintree 2.32.0: Allow credit card verification options to be passed outside of the nonce for PaymentMethod.create Allow billingaddress parameters and billingaddress_id to be passed outside of the nonce for PaymentMethod.create Add Subscriptions to paypal accounts Add PaymentMethod.update Add failonduplicatepaymentmethod option to PaymentMethod.create Add support for dispute webhooksThe Mario Kart 8 App: V1.0.2.1: First Codeplex release. WINDOWS INSTALLER ONLYAspose Java for Docx4j: Aspose.Words vs Docx4j - v 1.0: Release contain the Code Comparison for Features in Docx4j SDK and Aspose.Words What's New ?Following Examples: Accessing Document Properties Add Bookmarks Convert to Formats Delete Bookmarks Working with Comments Feedback and Suggestions Many more examples are available at Aspose Docs. Raise your queries and suggest more examples via Aspose Forums or via this social coding site.File System Security PowerShell Module: NTFSSecurity 2.4.1: Add-Access and Remove-Access now take multiple accoutsYourSqlDba: YourSqlDba 5.2.1.: This version improves alert message that comes a while after you install the script. First it says to get it from YourSqlDba.CodePlex.com If you don't want to update now, just-rerun the script from your installed version. To get actual version running just execute install.PrintVersionInfo. . You can go to source code / history and click on change set 72957 to see changes in the script.Manipulator: Manipulator: manipulatorXNB filetype plugin for Paint.NET: Paint.NET XNB plugin v0.4.0.0: CHANGELOG Reverted old incomplete changes. Updated library for compatibility with Paint .NET 4. Updated project to NET 4.5. Updated version to 0.4.0.0. INSTALLATION INSTRUCTIONS Extract the ZIP file to your Paint.NET\FileTypes folder.EdiFabric: Release 4.1: Changed MessageContextWix# (WixSharp) - managed interface for WiX: Release 1.0.0.0: Release 1.0.0.0 Custom UI Custom MSI Dialog Custom CLR Dialog External UIMath.NET Numerics: Math.NET Numerics v3.2.0: Linear Algebra: Vector.Map2 (map2 in F#), storage-optimized Linear Algebra: fix RemoveColumn/Row early index bound check (was not strict enough) Statistics: Entropy ~Jeff Mastry Interpolation: use Array.BinarySearch instead of local implementation ~Candy Chiu Resources: fix a corrupted exception message string Portable Build: support .Net 4.0 as well by using profile 328 instead of 344. .Net 3.5: F# extensions now support .Net 3.5 as well .Net 3.5: NuGet package now contains pro...Virto Commerce Enterprise Open Source eCommerce Platform (asp.net mvc): Virto Commerce 1.11: Virto Commerce Community Edition version 1.11. To install the SDK package, please refer to SDK getting started documentation To configure source code package, please refer to Source code getting started documentation This release includes many bug fixes and minor improvements. More details about this release can be found on our blog at http://blog.virtocommerce.com.BoxStarter: Boxstarter 2.4.80: Running the Setup.bat file will install Chocolatey if not present and then install the Boxstarter modules.ProjkyAddin ssms addin script shortcut ssmsaddin: projkyaddin source code and msi files.: projkyaddin source code and msi files.New ProjectsBolos: BolosBWQS - The BitWise Query Service: Generic object queries with a bitwise syntax.DocX Razor: A DocX scaffolding engine with Razor syntaxJQuery Simple Logger: Its a very simple jQuery extension for logging client side events. There are four levels of logging: Error, Warning, Info, Debug ???????: ???????QQ:2281595668,?????,????,????  ?????????????????????,??1998?7??????,??????????,?????????,?????????????,????????????????????????. ????????????????????,????????: ?????QQ:2281595668,?????,????,????。???????????????????,??????????????,????,?????????????????????,??????。???????,??????????????????????。????????,????????????,?????????: ???????????: ?????QQ:2281595668,?????,????,????。????????????????????????,????????????,??????98???????????,????,??????????,?????????.   ?????????,????????????????,????????????????: ?????QQ:2281595668,?????,????,????。??????????????,?????????????????????,???????????????????????!?????????????????????????????????????????????、?????????、??????、???????: ???????????: ?????QQ:2281595668,?????,????,????。???????????????????,??1998?7??????,??????????,?????????,?????????????,??????????????????????. ????????????????????,????????????????: ????????????: ???????????: ?????QQ:2281595668,?????,????,????。???????????????????,??????????????,????,?????????????????????,??????。??,??????????????????????。????????,????????????,??????,???????: ??????QQ:2281595668,?????,????,????。??????????????????,????????。????????????????、???????。??????????????。?????????????????,??????,??????,??????,??????????????,????????: ??????QQ:2281595668,?????,????,????  ????????????????????,????????。????????????????、???????。??????????????。???????????????????,??????,??????,??????,??????????????????: ???????????: ??????????: ?????QQ:2281595668,?????,????,????。???????????????????,??1998?7??????,??????????,?????????,?????????????,??????????????????????. ????????????????????,????????????????: ??????QQ:2281595668,?????,????,????   ????????????????????,??1998?7??????,??????????,??????? ????????,?????????????, ???????????????????????. ???????????????????????: ?????QQ:2281595668,?????,????,????。??????????????,??????、????、?????????????????????????,???????????? ??。???????????,??????????,???????????,????2000?,??????????,??????: ????????????: ??????QQ:2281595668,?????,????,????  ?????2004?,??????????????,??????????????????。?????? ?????,????????????????,????????????。????,????????????,????,??“??????”????????: ??????QQ:2281595668,?????,????,????。??????????????????????????,????????????!??????????????????????????????????????????、???????、????、??????、??????????。???????????????: ?????QQ:2281595668,?????,????,????。??????????????,?????????????????????,???????????????????????!?????????????????????????????????????????????、?????????、??????、???????: ???????????: ?????QQ:2281595668,?????,????,????。?????????????????,????????。????????????????、???????。??????????????。????????????????,??????,??????,??????,??????????????,????,?????: ?????QQ:2281595668,?????,????,????。  ??????98???????????,???????????????????,????????????,????,??????????,?????????,?????????,????????????????,???????????,??????????: ??????????QQ:2281595668,?????,????,????  ?????2004?,??????????????,??????????????????。?????? ?????,????????????????,????????????。????,???????????,????,??“???????????: ?????QQ:2281595668,?????,????,????。??????????????,??????、????、?????????????????????????,???????????? ??。???????????,??????????,???????????,????2000?,??????????,?????: ?????QQ:2281595668,?????,????,????。??????????????,?????????????????????????,????????????!?????????????????????????????????????????、???????、????、??????、???????????????: ????????????: ???????????: ?????QQ:2281595668,?????,????,????。???????????????????,??1998?7??????,??????????,?????????,?????????????,??????????????????????. ????????????????????,???????????????: ?????QQ:2281595668,?????,????,????。?????????????????,????????。????????????????、???????。??????????????。????????????????,??????,??????,??????,??????????????,????,?????: ?????QQ:2281595668,?????,????,????。  ??????98???????????,???????????????????,????????????,????,??????????,?????????,?????????,????????????????,???????????,??????????: ?????QQ:2281595668,?????,????,????。?????????????????!????????????????????????????????????????????、?????????、??????、????????、????????????。??????????,???????????,???????: ??????????????QQ:2281595668,?????,????,????  ????? ????????、??、??、??????????????????,???????,???????,?????????????,??????????????,?????、??????????、??、???,???????????: ?????QQ:2281595668,?????,????,????。??????????????????????????,??????????,???????????????????????,???????:????,????;?????????????;??;??;????;????????;????;????;??????: ?????QQ:2281595668,?????,????,????。??????????????,?????????????????????????,????????????!?????????????????????????????????????????、???????、????、??????、??????????????: ???????????: ????????????: ????????????: ????????????: ????????????QQ:2281595668,?????,????,????  ???????????1998?????????。????????????,???????????????,?????????????,???????????,?2003?????????????,????????????????????????: ?????????????: ???????QQ:2281595668,?????,????,????。???????????????????!????????????????????????????????????????????、?????????、??????、????????、????????????。??????????,??????????????: ??????QQ:2281595668,?????,????,????。???????????????????????????,???????????,???????????????????????,???????:????,????;?????????????;??;??;????;????????;????;????????: ?????QQ:2281595668,?????,????,????。??????????1998?????????。????????????,???????????????,?????????????,???????????,?2003?????????????,????????????????????????????????: ?????QQ:2281595668,?????,????,????。????????????????????????,????????????,??????98???????????,????,??????????,?????????.   ?????????,????????????????,????????????????: ?????QQ:2281595668,?????,????,????。?????????????????,????????。????????????????、???????。??????????????。????????????????,??????,??????,??????,??????????????,????,?????: ?????QQ:2281595668,?????,????,????。??????????????,?????????????????????,???????????????????????!?????????????????????????????????????????????、?????????、??????、??????: ?????QQ:2281595668,?????,????,????。??????????????,??????、????、?????????????????????????,???????????? ??。???????????,??????????,???????????,????2000?,??????????,?????: ?????QQ:2281595668,?????,????,????。???????????????????,??1998?7??????,??????????,?????????,?????????????,??????????????????????. ????????????????????,???????????????: ?????QQ:2281595668,?????,????,????  ????????????????????,????????。????????????????、???????。??????????????。???????????????????,??????,??????,??????,??????????????????: ?????QQ:2281595668,?????,????,????。??????????1998?????????。????????????,???????????????,?????????????,???????????,?2003?????????????,?????????????????????????????????: ???????????: ?????QQ:2281595668,?????,????,????。??????????????,??????、????、?????????????????????????,???????????? ??。???????????,??????????,???????????,????2000?,??????????,??????: ???????????: ?????QQ:2281595668,?????,????,????。??????????1998?????????。????????????,???????????????,?????????????,???????????,?2003?????????????,????????????????????????????????: ?????QQ:2281595668,?????,????,????。???????????????????,??????????????,????,?????????????????????,??????。??,??????????????????????。????????,????????????,??????,??????: ?????QQ:2281595668,?????,????,????。??????????????????????????,??????????,???????????????????????,???????:????,????;?????????????;??;??;????;????????;????;????;??????: ?????QQ:2281595668,?????,????,????。????????????????????????,????????????,??????98???????????,????,??????????,?????????.   ?????????,????????????????,?????????????????: ??????QQ:2281595668,?????,????,????  ????? ????????、??、??、??????????????????,???????,???????,?????????????,??????????????,?????、??????????、??、???,???????? ????????????: ?????????????QQ:2281595668,?????,????,????  ???????????????????,????????????,???????98???????????,????,??????????,?????????.   ?????????,????????????????,???????????: ?????QQ:2281595668,?????,????,????。??????????????????????????,??????????,???????????????????????,???????:????,????;?????????????;??;??;????;????????;????;????;??????: ?????QQ:2281595668,?????,????,????  ?????2004?,??????????????,??????????????????。?????? ?????,????????????????,????????????。????,???????????,????,??“??????”?????????: ?????QQ:2281595668,?????,????,????。???????????????????,??????????????,????,?????????????????????,??????。???????,??????????????????????。????????,????????????,????????: ?????QQ:2281595668,?????,????,????。???????????????????,??????????????,????,?????????????????????,??????。??,??????????????????????。????????,????????????,??????,???????: ??????QQ:2281595668,?????,????,????。?????????????????????????,????????????,???????98???????????,????,??????????,?????????.   ?????????,????????????????,?????????????: ?????QQ:2281595668,?????,????,????。???????????????????,??????????????,????,?????????????????????,??????。??,??????????????????????。????????,????????????,??????,??????: ?????QQ:2281595668,?????,????,????。??????????????,?????????????????????,???????????????????????!?????????????????????????????????????????????、?????????、??????、??????: ??????????: ?????QQ:2281595668,?????,????,????。?????????????????,????????。????????????????、???????。??????????????。????????????????,??????,??????,??????,??????????????,????,??????: ???????????: ?????QQ:2281595668,?????,????,????。???????????????????,??????????????,????,?????????????????????,??????。??,??????????????????????。????????,????????????,??????,??????: ?????QQ:2281595668,?????,????,????  ???????????????????,????????????,??????98???????????,????,??????????,?????????.   ?????????,????????????????,???????????,????????: ?????QQ:2281595668,?????,????,????。??????????????,?????????????????????????,????????????!?????????????????????????????????????????、???????、????、??????、??????????????: ?????QQ:2281595668,?????,????,????。??????????????,??????、????、?????????????????????????,???????????? ??。???????????,??????????,???????????,????2000?,??????????,??????: ???????????: ?????QQ:2281595668,?????,????,????。??????????????,?????????????????????,???????????????????????!?????????????????????????????????????????????、?????????、??????、???????: ?????????????: ??????????????QQ:2281595668,?????,????,????  ?????????????????????,??1998?7??????,??????????,?????????,?????????????,????????????????????????. ??????????????????????: ???????????: ????????????: ??????QQ:2281595668,?????,????,????  ???????????????????????????,???????????,???????????????????????,???????:????,????;?????????????;??;??;????;????????;????;???????: ?????QQ:2281595668,?????,????,????。?????????,??????????????????。?????? ?????,????????????????,????????????。????,???????????,????,??“??????”???? ?????,???????????????: ?????QQ:2281595668,?????,????,????  ??????????????????????????,??????????,???????????????????????,???????:????,????;?????????????;??;??;????;????????;????;????;?????: ?????QQ:2281595668,?????,????,????。?????????????????????????,????????????!?????????????????????????????????????????、???????、????、??????、??????????。??????????????????: ?????QQ:2281595668,?????,????,????。?????????,??????????????????。?????? ?????,????????????????,????????????。????,???????????,????,??“??????”???? ?????,???????????????: ??????????: ?????QQ:2281595668,?????,????,????  ?????2004?,??????????????,??????????????????。?????? ?????,????????????????,????????????。????,???????????,????,??“??????”??????????: ??????QQ:2281595668,?????,????,????。???????????????,??????、????、?????????????????????????,???????????? ??。???????????,??????????,???????????,????2000?,??????????????: ?????QQ:2281595668,?????,????,????。?????????,??????????????????。?????? ?????,????????????????,????????????。????,???????????,????,??“??????”???? ?????,????????????????: ????????????QQ:2281595668,?????,????,????  ????? ????????、??、??、??????????????????,???????,???????,?????????????,??????????????,?????、??????????、??、???,?????????????: ?????QQ:2281595668,?????,????,????。?????????????、??、??、??????????????????,???????,???????,?????????????,??????????????,?????、??????????、??、???,?????????????,????????: ?????QQ:2281595668,?????,????,????。  ??????98???????????,???????????????????,????????????,????,??????????,?????????,?????????,????????????????,???????????,??????????: ?????QQ:2281595668,?????,????,????  ??????????????,?????????????????????,???????????????????????!?????????????????????????????????????????????、?????????、??????、??????: ??????QQ:2281595668,?????,????,????  ???????????????????,????????????,???????98???????????,????,??????????,?????????.   ?????????,????????????????,???????????,???????: ????????????: ?????????????: hhhtbjzjgh??????: ??????QQ:2281595668,?????,????,????。??????????????????!????????????????????????????????????????????、?????????、??????、????????、????????????。??????????,???????????????: ?????QQ:2281595668,?????,????,????。??????????????,?????????????????????,???????????????????????!?????????????????????????????????????????????、?????????、??????、??????: ?????QQ:2281595668,?????,????,????。???????????????????,??????????????,????,?????????????????????,??????。??,??????????????????????。????????,????????????,??????,???????: ???????????: ?????QQ:2281595668,?????,????,????。??????????????,??????、????、?????????????????????????,???????????? ??。???????????,??????????,???????????,????2000?,??????????,?????: ?????QQ:2281595668,?????,????,????。  ?????????????、??、??、??????????????????,???????,???????,?????????????,??????????????,?????、??????????、??、???,?????????????,???????: ??????QQ:2281595668,?????,????,????。??????????????????!????????????????????????????????????????????、?????????、??????、????????、????????????。??????????,????????????????: ??????QQ:2281595668,?????,????,????  ???????????????????????????,???????????,???????????????????????,???????:????,????;?????????????;??;??;????;????????;????;????????: ??????QQ:2281595668,?????,????,????  ???????????????????????????,???????????,???????????????????????,???????:????,????;?????????????;??;??;????;????????;????;???????: ?????QQ:2281595668,?????,????,????。???????????????????,??????????????,????,?????????????????????,??????。??,??????????????????????。????????,????????????,??????,???????: ??????QQ:2281595668,?????,????,????。???????????1998?????????。????????????,???????????????,?????????????,???????????,?2003?????????????,??????????????????????????????: ?????QQ:2281595668,?????,????,????。?????????????????!????????????????????????????????????????????、?????????、??????、????????、????????????。??????????,???????????,??????: ??????QQ:2281595668,?????,????,????。???????????????,??????、????、?????????????????????????,???????????? ??。???????????,??????????,???????????,????2000?,??????????????: ?????QQ:2281595668,?????,????,????。??????????????????????????,??????????,???????????????????????,???????:????,????;?????????????;??;??;????;????????;????;????;???????: ??????QQ:2281595668,?????,????,????。???????????????,?????????????????????,????????????????????????!??????????????????????????????????????????????、?????????、??????????: ????????????QQ:2281595668,?????,????,????  ???????????????,?????????????????????,????????????????????????!??????????????????????????????????????????????、?????????????: ???????????: ?????QQ:2281595668,?????,????,????。?????????????????,????????。????????????????、???????。??????????????。????????????????,??????,??????,??????,??????????????,????,?????: ?????QQ:2281595668,?????,????,????。?????????????????!????????????????????????????????????????????、?????????、??????、????????、????????????。??????????,???????????,?????: ?????QQ:2281595668,?????,????,????。???????????????????,??1998?7??????,??????????,?????????,?????????????,??????????????????????. ????????????????????,???????????????: ?????QQ:2281595668,?????,????,????  ??????????1998?????????。????????????,???????????????,?????????????,???????????,?2003?????????????,???????????????????????????????: tybjza?????: ?????QQ:2281595668,?????,????,????。?????????,??????????????????。?????? ?????,????????????????,????????????。????,???????????,????,??“??????”???? ?????,????????????????: ??????QQ:2281595668,?????,????,????。  ??????????????、??、??、??????????????????,???????,???????,?????????????,??????????????,?????、??????????、??、???,??????????????????: ?????QQ:2281595668,?????,????,????。?????????????????,????????。????????????????、???????。??????????????。????????????????,??????,??????,??????,??????????????,????,????????: ????????QQ:2281595668,?????,????,????  ?????????????????????????????,?????????????,???????????????????????,???????:????,????;?????????????;??;??;????;????????;??????: ?????QQ:2281595668,?????,????,????。??????????????????????????,??????????,???????????????????????,???????:????,????;?????????????;??;??;????;????????;????;????;??????: ?????QQ:2281595668,?????,????,????。??????????????,??????、????、?????????????????????????,???????????? ??。???????????,??????????,???????????,????2000?,??????????,?????: ?????QQ:2281595668,?????,????,????。?????????????、??、??、??????????????????,???????,???????,?????????????,??????????????,?????、??????????、??、???,?????????????,????????: ?????QQ:2281595668,?????,????,????。?????????????????,????????。????????????????、???????。??????????????。????????????????,??????,??????,??????,??????????????,????,??????: ????????????QQ:2281595668,?????,????,????  ???????????1998?????????。????????????,???????????????,?????????????,???????????,?2003?????????????,???????????????????????: ?????QQ:2281595668,?????,????,????。?????????????????????????,????????????!?????????????????????????????????????????、???????、????、??????、??????????。??????????????????: ?????QQ:2281595668,?????,????,????。?????????????????,????????。????????????????、???????。??????????????。????????????????,??????,??????,??????,??????????????,????,?????: ?????QQ:2281595668,?????,????,????。??????????1998?????????。????????????,???????????????,?????????????,???????????,?2003?????????????,????????????????????????????????: ?????QQ:2281595668,?????,????,????。???????????????????,??????????????,????,?????????????????????,??????。???????,??????????????????????。????????,????????????,????????: ?????QQ:2281595668,?????,????,????。?????????,??????????????????。?????? ?????,????????????????,????????????。????,???????????,????,??“??????”???? ?????,???????????????: ?????QQ:2281595668,?????,????,????。?????????????????!????????????????????????????????????????????、?????????、??????、????????、????????????。??????????,???????????,??????: ??????QQ:2281595668,?????,????,????。??????????????????????????,????????????!??????????????????????????????????????????、???????、????、??????、??????????。????????????????: ??????QQ:2281595668,?????,????,????。???????????????????????????,???????????,???????????????????????,???????:????,????;?????????????;??;??;????;????????;????;????????: ????? QQ:2281595668,?????,????,????。????? ???????????????????,????????????,????? ?98???????????,????,??????????,?????????.   ?????????,????????????????,?????????????: ?????QQ:2281595668,?????,????,????。???????????????????,??1998?7??????,??????????,?????????,?????????????,??????????????????????. ????????????????????,????????????????: ???????????: ????? QQ:2281595668,?????,????,????。????? ?????????,??????、????、?????????????????????????,???????????? ??。???????????,??????????,???????????,????2000?,???????????????: ??????QQ:2281595668,?????,????,????。??????????????????,????????。????????????????、???????。??????????????。?????????????????,??????,??????,??????,??????????????,???????: ?????QQ:2281595668,?????,????,????。??????????????,?????????????????????,???????????????????????!?????????????????????????????????????????????、?????????、??????、???????: ??????QQ:2281595668,?????,????,????  ????? ????????、??、??、??????????????????,???????,???????,?????????????,??????????????,?????、??????????、??、???,???????? ????????????: ???????QQ:2281595668,?????,????,????  ???????????????????,????????????,????????98???????????,????,??????????,?????????.   ?????????,????????????????,?????????????????: ??????QQ:2281595668,?????,????,????。??????????????????,????????。????????????????、???????。??????????????。?????????????????,??????,??????,??????,??????????????,???????: ??????????: ?????QQ:2281595668,?????,????,????。??????????1998?????????。????????????,???????????????,?????????????,???????????,?2003?????????????,?????????????????????????????????: ????????????QQ:2281595668,?????,????,????  ?????2004?,??????????????,??????????????????。?????? ?????,????????????????,????????????。????,????????????,????,??“????????: ?????QQ:2281595668,?????,????,????。?????????????????,????????。????????????????、???????。??????????????。????????????????,??????,??????,??????,??????????????,????,??????: ???????????: ??????????: ?????QQ:2281595668,?????,????,????。??????????????,?????????????????????,???????????????????????!?????????????????????????????????????????????、?????????、??????、??????: ?????QQ:2281595668,?????,????,????  ????????????????????,????????。????????????????、???????。??????????????。???????????????????,??????,??????,??????,??????????????????: ?????QQ:2281595668,?????,????,????。??????????????????????????,??????????,???????????????????????,???????:????,????;?????????????;??;??;????;????????;????;????;??????: ?????QQ:2281595668,?????,????,????。??????????1998?????????。????????????,???????????????,?????????????,???????????,?2003?????????????,?????????????????????????????????: ????????????: ??????QQ:2281595668,?????,????,????  ???????????????????????????,???????????,???????????????????????,???????:????,????;?????????????;??;??;????;????????;????;???????: ?????QQ:2281595668,?????,????,????。??????????????,??????、????、?????????????????????????,???????????? ??。???????????,??????????,???????????,????2000?,??????????,??????: ??????QQ:2281595668,?????,????,????。???????????????,??????、????、?????????????????????????,???????????? ??。???????????,??????????,???????????,????2000?,??????????????: ?????QQ:2281595668,?????,????,????。?????????????????????????,????????????!?????????????????????????????????????????、???????、????、??????、??????????。???????????????????: ????????????: ??????QQ:2281595668,?????,????,????。??????????????????,????????。????????????????、???????。??????????????。?????????????????,??????,??????,??????,??????????????,????????: ????????????QQ:2281595668,?????,????,????  ????????????????????,????????。????????????????、???????。??????????????。???????????????????,??????,??????,??????,????????????: ??????QQ:2281595668,?????,????,????。??????????????????,????????。????????????????、???????。??????????????。?????????????????,??????,??????,??????,??????????????,???????: ?????QQ:2281595668,?????,????,????。?????????????????!????????????????????????????????????????????、?????????、??????、????????、????????????。??????????,???????????,??????: ???????????: ?????QQ:2281595668,?????,????,????。???????????????????,??????????????,????,?????????????????????,??????。??,??????????????????????。????????,????????????,??????,???????: ??????QQ:2281595668,?????,????,????。???????????1998?????????。????????????,???????????????,?????????????,???????????,?2003?????????????,???????????????????????????????: ????????????QQ:2281595668,?????,????,????  ?????2004?,??????????????,??????????????????。?????? ?????,????????????????,????????????。????,????????????,????,??“?????????: ???????????: ?????QQ:2281595668,?????,????,????。?????????????????,????????。????????????????、???????。??????????????。????????????????,??????,??????,??????,??????????????,????,?????: ??????????: ??????  ??????  ??????  ??????  ??????  ?????  ?????  ??????  ?????  ????????????: ??????QQ:2281595668,?????,????,????。??????????????????!????????????????????????????????????????????、?????????、??????、????????、????????????。??????????,????????????????: ??????QQ:2281595668,?????,????,????。  ??????????????、??、??、??????????????????,???????,???????,?????????????,??????????????,?????、??????????、??、???,??????????????????: ?????QQ:2281595668,?????,????,????。?????????????、??、??、??????????????????,???????,???????,?????????????,??????????????,?????、??????????、??、???,?????????????,?????????: ??????QQ:2281595668,?????,????,????。  ??????????????、??、??、??????????????????,???????,???????,?????????????,??????????????,?????、??????????、??、???,??????????????????: ?????QQ:2281595668,?????,????,????。?????????????????!????????????????????????????????????????????、?????????、??????、????????、????????????。??????????,???????????,??????: ???????????: ?????QQ:2281595668,?????,????,????。?????????????、??、??、??????????????????,???????,???????,?????????????,??????????????,?????、??????????、??、???,?????????????,????????: ???????????: ??????QQ:2281595668,?????,????,????。??????????????????????????,????????????!??????????????????????????????????????????、???????、????、??????、??????????。???????????????: ?????QQ:2281595668,?????,????,????。?????????????、??、??、??????????????????,???????,???????,?????????????,??????????????,?????、??????????、??、???,?????????????,?????????: ???????????: ?????QQ:2281595668,?????,????,????。??????????????????????????,??????????,???????????????????????,???????:????,????;?????????????;??;??;????;????????;????;????;???????: ????????????: ??????QQ:2281595668,?????,????,????  ????????????????????,????????。????????????????、???????。??????????????。???????????????????,??????,??????,??????,???????????????????: ??????????????QQ:2281595668,?????,????,????  ???????????????????,????????????,????????98???????????,????,??????????,?????????.   ?????????,????????????????,?????????: ??????????: ?????QQ:2281595668,?????,????,????。??????????????,?????????????????????????,????????????!?????????????????????????????????????????、???????、????、??????、??????????????: ???????????: ??????QQ:2281595668,?????,????,????  ?????2004?,??????????????,??????????????????。?????? ?????,????????????????,????????????。????,????????????,????,??“??????”????????: ???????????: ?????QQ:2281595668,?????,????,????。  ??????98???????????,???????????????????,????????????,????,??????????,?????????,?????????,????????????????,???????????,??????????: ?????QQ:2281595668,?????,????,????  ??????????????????????????,??????????,???????????????????????,???????:????,????;?????????????;??;??;????;????????;????;????;?????: ??????????QQ:2281595668,?????,????,????  ??????????1998?????????。????????????,???????????????,?????????????,???????????,?2003?????????????,??????????????????????????: ?????QQ:2281595668,?????,????,????。?????????????????!????????????????????????????????????????????、?????????、??????、????????、????????????。??????????,???????????,?????: ?????QQ:2281595668,?????,????,????  ????????????????????,????????。????????????????、???????。??????????????。???????????????????,??????,??????,??????,???????????????????: ??????QQ:2281595668,?????,????,????。???????????????????????????,???????????,???????????????????????,???????:????,????;?????????????;??;??;????;????????;????;?????????: ???????????: ?????QQ:2281595668,?????,????,????。??????????????,?????????????????????,???????????????????????!?????????????????????????????????????????????、?????????、??????、??????: ?????QQ:2281595668,?????,????,????。??????????????,?????????????????????,???????????????????????!?????????????????????????????????????????????、?????????、??????、???????: ??????QQ:2281595668,?????,????,????。??????????????????,????????。????????????????、???????。??????????????。?????????????????,??????,??????,??????,??????????????,???????: ?????QQ:2281595668,?????,????,????。???????????????????,??????????????,????,?????????????????????,??????。???????,??????????????????????。????????,????????????,?????????: ??????QQ:2281595668,?????,????,????。???????????????????????????,???????????,???????????????????????,???????:????,????;?????????????;??;??;????;????????;????;?????????: ????????????: ?????????????: ???????QQ:2281595668,?????,????,????  ????????????????????????????,????????????,???????????????????????,???????:????,????;?????????????;??;??;????;????????;??????????: ??????QQ:2281595668,?????,????,????。????????????????????,??????????????,????,?????????????????????,??????。????????,??????????????????????。????????,????????????,?????: ???????????: ?????? ??????: ??????QQ:2281595668,?????,????,????。????????????????????,??????????????,????,?????????????????????,??????。??,??????????????????????。????????,????????????,????????????: ??????QQ:2281595668,?????,????,????。?????????????????????????,????????????,???????98???????????,????,??????????,?????????.   ?????????,????????????????,?????????????: ?????QQ:2281595668,?????,????,????。???????????????????,??????????????,????,?????????????????????,??????。??,??????????????????????。????????,????????????,??????,???????: ????????????: ????????????QQ:2281595668,?????,????,????  ????????????????????,????????。????????????????、???????。??????????????。???????????????????,??????,??????,??????,????????????: ??????QQ:2281595668,?????,????,????  ?????2004?,??????????????,??????????????????。?????? ?????,????????????????,????????????。????,????????????,????,??“??????”???????: ?????QQ:2281595668,?????,????,????。?????????????????,????????。????????????????、???????。??????????????。????????????????,??????,??????,??????,??????????????,????,??????: ???????????: ?????QQ:2281595668,?????,????,????。??????????1998?????????。????????????,???????????????,?????????????,???????????,?2003?????????????,????????????????????????????????: ?????QQ:2281595668,?????,????,????。???????????????????,??????????????,????,?????????????????????,??????。???????,??????????????????????。????????,????????????,????????: ?????QQ:2281595668,?????,????,????。?????????????????!????????????????????????????????????????????、?????????、??????、????????、????????????。??????????,???????????,?????: ?????QQ:2281595668,?????,????,????。?????????????????!????????????????????????????????????????????、?????????、??????、????????、????????????。??????????,???????????,???????: ??????????????QQ:2281595668,?????,????,????  ????????????????????,????????。????????????????、???????。??????????????。???????????????????,??????,??????,??????,?????????: ?????QQ:2281595668,?????,????,????。?????????????、??、??、??????????????????,???????,???????,?????????????,??????????????,?????、??????????、??、???,?????????????,?????????: ????????????QQ:2281595668,?????,????,????  ???????????????,?????????????????????,????????????????????????!??????????????????????????????????????????????、?????????????: ???????????: ?????QQ:2281595668,?????,????,????。?????????,??????????????????。?????? ?????,????????????????,????????????。????,???????????,????,??“??????”???? ?????,????????????????: ????????????: ???????????: ?????QQ:2281595668,?????,????,????。??????????????,?????????????????????,???????????????????????!?????????????????????????????????????????????、?????????、??????、??????: ?????QQ:2281595668,?????,????,????。  ??????98???????????,???????????????????,????????????,????,??????????,?????????,?????????,????????????????,???????????,??????????: ?????QQ:2281595668,?????,????,????。?????????????、??、??、??????????????????,???????,???????,?????????????,??????????????,?????、??????????、??、???,?????????????,?????????: ??????QQ:2281595668,?????,????,????。???????????????,?????????????????????,????????????????????????!??????????????????????????????????????????????、?????????、?????????: ?????QQ:2281595668,?????,????,????。???????????????????,??????????????,????,?????????????????????,??????。??,??????????????????????。????????,????????????,??????,?????????: ????????????????QQ:2281595668,?????,????,????  ?????2004?,??????????????,??????????????????。?????? ?????,????????????????,????????????。????,??????????????,????,??????: ???????????: ?????QQ:2281595668,?????,????,????。?????????????????,????????。????????????????、???????。??????????????。????????????????,??????,??????,??????,??????????????,????,?????: ?????QQ:2281595668,?????,????,????。?????????????????,????????。????????????????、???????。??????????????。????????????????,??????,??????,??????,??????????????,????,?????: ?????QQ:2281595668,?????,????,????。??????????????????????????,??????????,???????????????????????,???????:????,????;?????????????;??;??;????;????????;????;????;??????: ??????????: ???????????: ????????????: ??????QQ:2281595668,?????,????,????。???????????????,?????????????????????,????????????????????????!??????????????????????????????????????????????、?????????、???????????: ???????QQ:2281595668,?????,????,????。  ???????????????、??、??、??????????????????,???????,???????,?????????????,??????????????,?????、??????????、??、???,?????????????????: ???????????: ?????QQ:2281595668,?????,????,????。???????????????????,??1998?7??????,??????????,?????????,?????????????,??????????????????????. ????????????????????,???????????????: ?????QQ:2281595668,?????,????,????。?????????????????,????????。????????????????、???????。??????????????。????????????????,??????,??????,??????,??????????????,????,??????: ??????QQ:2281595668,?????,????,????  ????????????????????,????????。????????????????、???????。??????????????。???????????????????,??????,??????,??????,??????????????????: ??????QQ:2281595668,?????,????,????  ????????????????????,????????。????????????????、???????。??????????????。???????????????????,??????,??????,??????,??????????????????: ??????QQ:2281595668,?????,????,????。?????????????????????????,????????????,???????98???????????,????,??????????,?????????.   ?????????,????????????????,?????????????: ?????QQ:2281595668,?????,????,????。?????????????????,????????。????????????????、???????。??????????????。????????????????,??????,??????,??????,??????????????,????,?????: ???????????: ???????????: ?????QQ:2281595668,?????,????,????  ????? ????????、??、??、??????????????????,???????,???????,?????????????,??????????????,?????、??????????、??、???,???????? ?????,?????: ?????QQ:2281595668,?????,????,????。??????????????,??????、????、?????????????????????????,???????????? ??。???????????,??????????,???????????,????2000?,??????????,??????: ??????QQ:2281595668,?????,????,????  ???????????????????????????,???????????,???????????????????????,???????:????,????;?????????????;??;??;????;????????;????;???????: ?????QQ:2281595668,?????,????,????。  ?????????????、??、??、??????????????????,???????,???????,?????????????,??????????????,?????、??????????、??、???,?????????????,??????: ?????QQ:2281595668,?????,????,????。??????????????????????????,??????????,???????????????????????,???????:????,????;?????????????;??;??;????;????????;????;????;???????: ??????QQ:2281595668,?????,????,????  ????????????????????,??1998?7??????,??????????,?????????,?????????????,???????????????????????. ????????????????????,????????????: ???????????: ?????QQ:2281595668,?????,????,????。??????????????,??????、????、?????????????????????????,???????????? ??。???????????,??????????,???????????,????2000?,??????????,?????: ?????QQ:2281595668,?????,????,????。?????????????、??、??、??????????????????,???????,???????,?????????????,??????????????,?????、??????????、??、???,?????????????,?????????: ????????????: ????????????QQ:2281595668,?????,????,????  ????????????????????,????????。????????????????、???????。??????????????。???????????????????,??????,??????,??????,???????????: ?????QQ:2281595668,?????,????,????。?????????????????????????,????????????!?????????????????????????????????????????、???????、????、??????、??????????。???????????????????: ???????????: ?????QQ:2281595668,?????,????,????。?????????????????,????????。????????????????、???????。??????????????。????????????????,??????,??????,??????,??????????????,????,??????: ??????QQ:2281595668,?????,????,????  ????????????????????,????????。????????????????、???????。??????????????。???????????????????,??????,??????,??????,??????????????????: ????????????: ??????QQ:2281595668,?????,????,????  ???????????????,?????????????????????,????????????????????????!??????????????????????????????????????????????、?????????、????????: ?????QQ:2281595668,?????,????,????。???????????????????,??????????????,????,?????????????????????,??????。??,??????????????????????。????????,????????????,??????,??????: ?????QQ:2281595668,?????,????,????。?????????????????,????????。????????????????、???????。??????????????。????????????????,??????,??????,??????,??????????????,????,?????: ?????QQ:2281595668,?????,????,????。??????????????????????????,??????????,???????????????????????,???????:????,????;?????????????;??;??;????;????????;????;????;??????: ?????QQ:2281595668,?????,????,????。??????????????,?????????????????????????,????????????!?????????????????????????????????????????、???????、????、??????、??????????????: ?????QQ:2281595668,?????,????,????。??????????????,??????、????、?????????????????????????,???????????? ??。???????????,??????????,???????????,????2000?,??????????,??????: ????????????QQ:2281595668,?????,????,????  ????? ????????、??、??、??????????????????,???????,???????,?????????????,??????????????,?????、??????????、??、???,?????????????: ?????QQ:2281595668,?????,????,????。  ??????98???????????,???????????????????,????????????,????,??????????,?????????,?????????,????????????????,???????????,??????????: ???????????: ????????????: ??????QQ:2281595668,?????,????,????。  ???????98???????????,???????????????????,????????????,????,??????????,?????????,?????????,????????????????,???????????,????????: ?????QQ:2281595668,?????,????,????  ????????????????????,????????。????????????????、???????。??????????????。???????????????????,??????,??????,??????,???????????????????: ????????????QQ:2281595668,?????,????,????  ????? ????????、??、??、??????????????????,???????,???????,?????????????,??????????????,?????、??????????、??、???,??????????????: ????????????QQ:2281595668,?????,????,????  ????? ????????、??、??、??????????????????,???????,???????,?????????????,??????????????,?????、??????????、??、???,???????????????: ???????QQ:2281595668,?????,????,????。?????????????????????,??????????????,????,?????????????????????,??????。??,??????????????????????。????????,????????????,??????????: ???????????: ?????QQ:2281595668,?????,????,????。?????????????????,????????。????????????????、???????。??????????????。????????????????,??????,??????,??????,??????????????,????,??????: ??????????????: ????????QQ:2281595668,?????,????,????  ?????????????1998?????????。????????????,???????????????,?????????????,???????????,?2003?????????????,?????????????????????????: ?????QQ:2281595668,?????,????,????。??????????????,??????、????、?????????????????????????,???????????? ??。???????????,??????????,???????????,????2000?,??????????,?????: ?????QQ:2281595668,?????,????,????。???????????????????,??????????????,????,?????????????????????,??????。??,??????????????????????。????????,????????????,??????,??????: ?????QQ:2281595668,?????,????,????。????????????????????????,????????????,??????98???????????,????,??????????,?????????.   ?????????,????????????????,?????????????????: ????????????: ?????QQ:2281595668,?????,????,????  ????????????????????,????????。????????????????、???????。??????????????。???????????????????,??????,??????,??????,??????????????????: ?????QQ:2281595668,?????,????,????。??????????????????????????,??????????,???????????????????????,???????:????,????;?????????????;??;??;????;????????;????;????;???????: ????????????QQ:2281595668,?????,????,????  ???????????????????????????,???????????,???????????????????????,???????:????,????;?????????????;??;??;????;????????;??????: ?????QQ:2281595668,?????,????,????。??????????????,?????????????????????,???????????????????????!?????????????????????????????????????????????、?????????、??????、??????: ?????QQ:2281595668,?????,????,????。  ?????????????、??、??、??????????????????,???????,???????,?????????????,??????????????,?????、??????????、??、???,?????????????,???????: ???????????: ?????QQ:2281595668,?????,????,????。  ??????98???????????,???????????????????,????????????,????,??????????,?????????,?????????,????????????????,???????????,??????????: ?????QQ:2281595668,?????,????,????。  ??????98???????????,???????????????????,????????????,????,??????????,?????????,?????????,????????????????,???????????,??????????: ?????QQ:2281595668,?????,????,????。?????????????????!????????????????????????????????????????????、?????????、??????、????????、????????????。??????????,???????????,??????: ????????????: ???????????: ?????QQ:2281595668,?????,????,????。?????????????????????????,????????????!?????????????????????????????????????????、???????、????、??????、??????????。???????????????????: ??????QQ:2281595668,?????,????,????  ???????????????,?????????????????????,????????????????????????!??????????????????????????????????????????????、?????????、??????????: ???????QQ:2281595668,?????,????,????  ????? ????????、??、??、??????????????????,???????,???????,?????????????,??????????????,?????、??????????、??、???,???????? ?????????: ?????QQ:2281595668,?????,????,????  ???????????????????,????????????,??????98???????????,????,??????????,?????????.   ?????????,????????????????,???????????,????????: ??????????: ?????QQ:2281595668,?????,????,????  ?????2004?,??????????????,??????????????????。?????? ?????,????????????????,????????????。????,???????????,????,??“??????”?????????: ?????QQ:2281595668,?????,????,????。???????????????????,??1998?7??????,??????????,?????????,?????????????,??????????????????????. ????????????????????,???????????????: ?????QQ:2281595668,?????,????,????  ????? ????????、??、??、??????????????????,???????,???????,?????????????,??????????????,?????、??????????、??、???,???????? ?????,??????: ???????????: ?????QQ:2281595668,?????,????,????。???????????????????,??????????????,????,?????????????????????,??????。??,??????????????????????。????????,????????????,??????,???????: ????????????: ??????QQ:2281595668,?????,????,????  ????????????????????,????????。????????????????、???????。??????????????。???????????????????,??????,??????,??????,??????????????????: ??????QQ:2281595668,?????,????,????。???????????????,??????、????、?????????????????????????,???????????? ??。???????????,??????????,???????????,????2000?,???????????????: ??????QQ:2281595668,?????,????,????  ????????????????????,??1998?7??????,??????????,?????????,?????????????,???????????????????????. ????????????????????,???????????: ?????QQ:2281595668,?????,????,????  ?????2004?,??????????????,??????????????????。?????? ?????,????????????????,????????????。????,???????????,????,??“??????”?????????: ?????????????????: ??????????????????: ????????????QQ:2281595668,?????,????,????  ????? ????????、??、??、??????????????????,???????,???????,?????????????,??????????????,?????、??????????、??、???,?????????????: ?????QQ:2281595668,?????,????,????。??????????????,??????、????、?????????????????????????,???????????? ??。???????????,??????????,???????????,????2000?,??????????,?????: ?????QQ:2281595668,?????,????,????。??????????????,??????、????、?????????????????????????,???????????? ??。???????????,??????????,???????????,????2000?,??????????,??????: ???????????: ?????QQ:2281595668,?????,????,????。?????????????????!????????????????????????????????????????????、?????????、??????、????????、????????????。??????????,???????????,??????: ????????????QQ:2281595668,?????,????,????  ?????2004?,??????????????,??????????????????。?????? ?????,????????????????,????????????。????,????????????,????,??“????????: ?????QQ:2281595668,?????,????,????。?????????????????????????,????????????!?????????????????????????????????????????、???????、????、??????、??????????。??????????????????: ?????QQ:2281595668,?????,????,????。?????????,??????????????????。?????? ?????,????????????????,????????????。????,???????????,????,??“??????”???? ?????,???????????????: ?????QQ:2281595668,?????,????,????。?????????????????,????????。????????????????、???????。??????????????。????????????????,??????,??????,??????,??????????????,????,??????: ????????????: ??????QQ:2281595668,?????,????,????  ????? ????????、??、??、??????????????????,???????,???????,?????????????,??????????????,?????、??????????、??、???,???????? ??????????: ?????QQ:2281595668,?????,????,????  ????? ????????、??、??、??????????????????,???????,???????,?????????????,??????????????,?????、??????????、??、???,???????? ?????,?????: ?????QQ:2281595668,?????,????,????。??????????????,?????????????????????,???????????????????????!?????????????????????????????????????????????、?????????、??????、???????: ??????QQ:2281595668,?????,????,????  ???????????????????????????,???????????,???????????????????????,???????:????,????;?????????????;??;??;????;????????;????;????????: ??????QQ:2281595668,?????,????,????  ???????????????????????????,???????????,???????????????????????,???????:????,????;?????????????;??;??;????;????????;????;????????: ??????QQ:2281595668,?????,????,????  ????? ????????、??、??、??????????????????,???????,???????,?????????????,??????????????,?????、??????????、??、???,???????? ??????????: ?????QQ:2281595668,?????,????,????。??????????????,?????????????????????????,????????????!?????????????????????????????????????????、???????、????、??????、???????????????: ??????QQ:2281595668,?????,????,????。???????????????????????????,???????????,???????????????????????,???????:????,????;?????????????;??;??;????;????????;????;?????????: ????????????: ???????????: ?????QQ:2281595668,?????,????,????。??????????????,??????、????、?????????????????????????,???????????? ??。???????????,??????????,???????????,????2000?,??????????,?????: ?????QQ:2281595668,?????,????,????。?????????????????,????????。????????????????、???????。??????????????。????????????????,??????,??????,??????,??????????????,????,?????: ??????????: ????????????: ????????????: ??????????: ????? QQ:2281595668,?????,????,????。????? ?????????,??????、????、?????????????????????????,???????????? ??。???????????,??????????,???????????,????2000?,???????????????: ??????QQ:2281595668,?????,????,????。????????????????????,??????????????,????,?????????????????????,??????。????????,??????????????????????。????????,????????????,??????: ??????QQ:2281595668,?????,????,????  ???????????????????????????,???????????,???????????????????????,???????:????,????;?????????????;??;??;????;????????;????;???????: ?????QQ:2281595668,?????,????,????。?????????????????!????????????????????????????????????????????、?????????、??????、????????、????????????。??????????,???????????,??????: ??????QQ:2281595668,?????,????,????  ???????????????????,????????????,???????98???????????,????,??????????,?????????.   ?????????,????????????????,???????????,??????: ?????QQ:2281595668,?????,????,????。???????????????????,??????????????,????,?????????????????????,??????。??,??????????????????????。????????,????????????,??????,???????: ??????QQ:2281595668,?????,????,????。????????????????????,??????????????,????,?????????????????????,??????。????????,??????????????????????。????????,????????????,????????: ????????QQ:2281595668,?????,????,????  ????????????????????,????????。????????????????、???????。??????????????。???????????????????,??????,??????,??????,??????????????????: ????????QQ:2281595668,?????,????,????  ?????2004?,??????????????,??????????????????。?????? ?????,????????????????,????????????。????,??????????????,????,??“???????????: ???????????: ?????QQ:2281595668,?????,????,????。??????????????,??????、????、?????????????????????????,???????????? ??。???????????,??????????,???????????,????2000?,??????????,??????: ????????????: ??????QQ:2281595668,?????,????,????。????????????????????,??1998?7??????,??????????,?????????,?????????????,???????????????????????. ????????????????????,?????????????: ???????????: ?????QQ:2281595668,?????,????,????  ??????????1998?????????。????????????,???????????????,?????????????,???????????,?2003?????????????,???????????????????????????????: ?????QQ:2281595668,?????,????,????。??????????????????????????,??????????,???????????????????????,???????:????,????;?????????????;??;??;????;????????;????;????;???????: ????????????QQ:2281595668,?????,????,????  ????? ????????、??、??、??????????????????,???????,???????,?????????????,??????????????,?????、??????????、??、???,??????????????: ??????QQ:2281595668,?????,????,????。??????????????????,????????。????????????????、???????。??????????????。?????????????????,??????,??????,??????,??????????????,????????: ????????????: ????????????QQ:2281595668,?????,????,????  ?????2004?,??????????????,??????????????????。?????? ?????,????????????????,????????????。????,????????????,????,??“????????: ???????????: ?????????????: ???????QQ:2281595668,?????,????,????。????????????????,?????????????????????,?????????????????????????!???????????????????????????????????????????????、?????????、??????: ??????QQ:2281595668,?????,????,????。???????????????,??????、????、?????????????????????????,???????????? ??。???????????,??????????,???????????,????2000?,??????????????: ?????QQ:2281595668,?????,????,????。??????????????,??????、????、?????????????????????????,???????????? ??。???????????,??????????,???????????,????2000?,??????????,??????: ???????????: ?????QQ:2281595668,?????,????,????。???????????????????,??????????????,????,?????????????????????,??????。???????,??????????????????????。????????,????????????,?????????: ??????QQ:2281595668,?????,????,????。??????????????????????????,????????????!??????????????????????????????????????????、???????、????、??????、??????????。????????????????: ??????QQ:2281595668,?????,????,????。????????????????????,??????????????,????,?????????????????????,??????。????????,??????????????????????。????????,????????????,??????: ??????QQ:2281595668,?????,????,????。?????????????????????????,????????????,???????98???????????,????,??????????,?????????.   ?????????,????????????????,??????????????: ????????????: ???????????: ?????QQ:2281595668,?????,????,????。??????????????????????????,??????????,???????????????????????,???????:????,????;?????????????;??;??;????;????????;????;????;???????: ????????????: ????????????: ??????QQ:2281595668,?????,????,????  ???????????????????,????????????,???????98???????????,????,??????????,?????????.   ?????????,????????????????,???????????,???????: ??????QQ:2281595668,?????,????,????。???????????????,??????、????、?????????????????????????,???????????? ??。???????????,??????????,???????????,????2000?,???????????????: ??????QQ:2281595668,?????,????,????。???????????????,?????????????????????,????????????????????????!??????????????????????????????????????????????、?????????、?????????: ?????QQ:2281595668,?????,????,????。??????????????,?????????????????????????,????????????!?????????????????????????????????????????、???????、????、??????、??????????????: ?????QQ:2281595668,?????,????,????。??????????????,?????????????????????????,????????????!?????????????????????????????????????????、???????、????、??????、???????????????: ??????QQ:2281595668,?????,????,????。???????????????????????????,???????????,???????????????????????,???????:????,????;?????????????;??;??;????;????????;????;????????: ?????QQ:2281595668,?????,????,????  ????????????????????,????????。????????????????、???????。??????????????。???????????????????,??????,??????,??????,??????????????????: ?????QQ:2281595668,?????,????,????。  ?????????????、??、??、??????????????????,???????,???????,?????????????,??????????????,?????、??????????、??、???,?????????????,???????: ??????QQ:2281595668,?????,????,????。??????????????????!????????????????????????????????????????????、?????????、??????、????????、????????????。??????????,????????????????: ???????????: ?????QQ:2281595668,?????,????,????。  ??????98???????????,???????????????????,????????????,????,??????????,?????????,?????????,????????????????,???????????,??????????: ?????QQ:2281595668,?????,????,????。??????????1998?????????。????????????,???????????????,?????????????,???????????,?2003?????????????,?????????????????????????????????: ????????????: ????????????: ??????QQ:2281595668,?????,????,????。????????????????????,??????????????,????,?????????????????????,??????。??,??????????????????????。????????,????????????,????????????: ????????????: ???????????: ?????QQ:2281595668,?????,????,????。?????????,??????????????????。?????? ?????,????????????????,????????????。????,???????????,????,??“??????”???? ?????,???????????????: ?????QQ:2281595668,?????,????,????  ??????????????????????????,??????????,???????????????????????,???????:????,????;?????????????;??;??;????;????????;????;????;?????: ?????QQ:2281595668,?????,????,????。??????????????,??????、????、?????????????????????????,???????????? ??。???????????,??????????,???????????,????2000?,??????????,??????: ??????

    Read the article

  • FreeBSD performance tuning. Sysctls, loader.conf, kernel

    - by SaveTheRbtz
    I wanted to share knowledge of tuning FreeBSD via sysctl.conf/loader.conf/KENCONF. It was initially based on Igor Sysoev's (author of nginx) presentation about FreeBSD tuning up to 100,000-200,000 active connections. Tunings are for FreeBSD-CURRENT. Since 7.2 amd64 some of them are tuned well by default. Prior 7.0 some of them are boot only (set via /boot/loader.conf) or does not exist at all. sysctl.conf: # No zero mapping feature # May break wine # (There are also reports about broken samba3) #security.bsd.map_at_zero=0 # If you have really busy webserver with apache13 you may run out of processes #kern.maxproc=10000 # Same for servers with apache2 / Pound #kern.threads.max_threads_per_proc=4096 # Max. backlog size kern.ipc.somaxconn=4096 # Shared memory // 7.2+ can use shared memory > 2Gb kern.ipc.shmmax=2147483648 # Sockets kern.ipc.maxsockets=204800 # Can cause this on older kernels: # http://old.nabble.com/Significant-performance-regression-for-increased-maxsockbuf-on-8.0-RELEASE-tt26745981.html#a26745981 ) kern.ipc.maxsockbuf=10485760 # Mbuf 2k clusters (on amd64 7.2+ 25600 is default) # For such high value vm.kmem_size must be increased to 3G kern.ipc.nmbclusters=262144 # Jumbo pagesize(_SC_PAGESIZE) clusters # Used as general packet storage for jumbo frames # can be monitored via `netstat -m` #kern.ipc.nmbjumbop=262144 # Jumbo 9k/16k clusters # If you are using them #kern.ipc.nmbjumbo9=65536 #kern.ipc.nmbjumbo16=32768 # For lower latency you can decrease scheduler's maximum time slice # default: stathz/10 (~ 13) #kern.sched.slice=1 # Increase max command-line length showed in `ps` (e.g for Tomcat/Java) # Default is PAGE_SIZE / 16 or 256 on x86 # This avoids commands to be presented as [executable] in `ps` # For more info see: http://www.freebsd.org/cgi/query-pr.cgi?pr=120749 kern.ps_arg_cache_limit=4096 # Every socket is a file, so increase them kern.maxfiles=204800 kern.maxfilesperproc=200000 kern.maxvnodes=200000 # On some systems HPET is almost 2 times faster than default ACPI-fast # Useful on systems with lots of clock_gettime / gettimeofday calls # See http://old.nabble.com/ACPI-fast-default-timecounter,-but-HPET-83--faster-td23248172.html # After revision 222222 HPET became default: http://svnweb.freebsd.org/base?view=revision&revision=222222 kern.timecounter.hardware=HPET # Small receive space, only usable on http-server, on file server this # should be increased to 65535 or even more #net.inet.tcp.recvspace=8192 # This is useful on Fat-Long-Pipes #net.inet.tcp.recvbuf_max=10485760 #net.inet.tcp.recvbuf_inc=65535 # Small send space is useful for http servers that serve small files # Autotuned since 7.x net.inet.tcp.sendspace=16384 # This is useful on Fat-Long-Pipes #net.inet.tcp.sendbuf_max=10485760 #net.inet.tcp.sendbuf_inc=65535 # Turn off receive autotuning # You can play with it. #net.inet.tcp.recvbuf_auto=0 #net.inet.tcp.sendbuf_auto=0 # This should be enabled if you going to use big spaces (>64k) # Also timestamp field is useful when using syncookies net.inet.tcp.rfc1323=1 # Turn this off on high-speed, lossless connections (LAN 1Gbit+) # If you set it there is no need in TCP_NODELAY sockopt (see man tcp) net.inet.tcp.delayed_ack=0 # This feature is useful if you are serving data over modems, Gigabit Ethernet, # or even high speed WAN links (or any other link with a high bandwidth delay product), # especially if you are also using window scaling or have configured a large send window. # Automatically disables on small RTT ( http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/tcp_subr.c?#rev1.237 ) # This sysctl was removed in 10-CURRENT: # See: http://www.mail-archive.com/[email protected]/msg06178.html #net.inet.tcp.inflight.enable=0 # TCP slowstart algorithm tunings # We assuming we have very fast clients #net.inet.tcp.slowstart_flightsize=100 #net.inet.tcp.local_slowstart_flightsize=100 # Disable randomizing of ports to avoid false RST # Before usage check SA here www.bsdcan.org/2006/papers/ImprovingTCPIP.pdf # (it's also says that port randomization auto-disables at some conn.rates, but I didn't checked it thou) #net.inet.ip.portrange.randomized=0 # Increase portrange # For outgoing connections only. Good for seed-boxes and ftp servers. net.inet.ip.portrange.first=1024 net.inet.ip.portrange.last=65535 # # stops route cache degregation during a high-bandwidth flood # http://www.freebsd.org/doc/en/books/handbook/securing-freebsd.html #net.inet.ip.rtexpire=2 net.inet.ip.rtminexpire=2 net.inet.ip.rtmaxcache=1024 # Security net.inet.ip.redirect=0 net.inet.ip.sourceroute=0 net.inet.ip.accept_sourceroute=0 net.inet.icmp.maskrepl=0 net.inet.icmp.log_redirect=0 net.inet.icmp.drop_redirect=1 net.inet.tcp.drop_synfin=1 # # There is also good example of sysctl.conf with comments: # http://www.thern.org/projects/sysctl.conf # # icmp may NOT rst, helpful for those pesky spoofed # icmp/udp floods that end up taking up your outgoing # bandwidth/ifqueue due to all that outgoing RST traffic. # #net.inet.tcp.icmp_may_rst=0 # Security net.inet.udp.blackhole=1 net.inet.tcp.blackhole=2 # IPv6 Security # For more info see http://www.fosslc.org/drupal/content/security-implications-ipv6 # Disable Node info replies # To see this vulnerability in action run `ping6 -a sglAac ::1` or `ping6 -w ::1` on unprotected node net.inet6.icmp6.nodeinfo=0 # Turn on IPv6 privacy extensions # For more info see proposal http://unix.derkeiler.com/Mailing-Lists/FreeBSD/net/2008-06/msg00103.html net.inet6.ip6.use_tempaddr=1 net.inet6.ip6.prefer_tempaddr=1 # Disable ICMP redirect net.inet6.icmp6.rediraccept=0 # Disable acceptation of RA and auto linklocal generation if you don't use them #net.inet6.ip6.accept_rtadv=0 #net.inet6.ip6.auto_linklocal=0 # Increases default TTL, sometimes useful # Default is 64 net.inet.ip.ttl=128 # Lessen max segment life to conserve resources # ACK waiting time in miliseconds # (default: 30000. RFC from 1979 recommends 120000) net.inet.tcp.msl=5000 # Max bumber of timewait sockets net.inet.tcp.maxtcptw=200000 # Don't use tw on local connections # As of 15 Apr 2009. Igor Sysoev says that nolocaltimewait has some buggy realization. # So disable it or now till get fixed #net.inet.tcp.nolocaltimewait=1 # FIN_WAIT_2 state fast recycle net.inet.tcp.fast_finwait2_recycle=1 # Time before tcp keepalive probe is sent # default is 2 hours (7200000) #net.inet.tcp.keepidle=60000 # Should be increased until net.inet.ip.intr_queue_drops is zero net.inet.ip.intr_queue_maxlen=4096 # Interrupt handling via multiple CPU, but with context switch. # You can play with it. Default is 1; #net.isr.direct=0 # This is for routers only #net.inet.ip.forwarding=1 #net.inet.ip.fastforwarding=1 # This speed ups dummynet when channel isn't saturated net.inet.ip.dummynet.io_fast=1 # Increase dummynet(4) hash #net.inet.ip.dummynet.hash_size=2048 #net.inet.ip.dummynet.max_chain_len # Should be increased when you have A LOT of files on server # (Increase until vfs.ufs.dirhash_mem becomes lower) vfs.ufs.dirhash_maxmem=67108864 # Note from commit http://svn.freebsd.org/base/head@211031 : # For systems with RAID volumes and/or virtualization envirnments, where # read performance is very important, increasing this sysctl tunable to 32 # or even more will demonstratively yield additional performance benefits. vfs.read_max=32 # Explicit Congestion Notification (see http://en.wikipedia.org/wiki/Explicit_Congestion_Notification) net.inet.tcp.ecn.enable=1 # Flowtable - flow caching mechanism # Useful for routers #net.inet.flowtable.enable=1 #net.inet.flowtable.nmbflows=65535 # Extreme polling tuning #kern.polling.burst_max=1000 #kern.polling.each_burst=1000 #kern.polling.reg_frac=100 #kern.polling.user_frac=1 #kern.polling.idle_poll=0 # IPFW dynamic rules and timeouts tuning # Increase dyn_buckets till net.inet.ip.fw.curr_dyn_buckets is lower net.inet.ip.fw.dyn_buckets=65536 net.inet.ip.fw.dyn_max=65536 net.inet.ip.fw.dyn_ack_lifetime=120 net.inet.ip.fw.dyn_syn_lifetime=10 net.inet.ip.fw.dyn_fin_lifetime=2 net.inet.ip.fw.dyn_short_lifetime=10 # Make packets pass firewall only once when using dummynet # i.e. packets going thru pipe are passing out from firewall with accept #net.inet.ip.fw.one_pass=1 # shm_use_phys Wires all shared pages, making them unswappable # Use this to lessen Virtual Memory Manager's work when using Shared Mem. # Useful for databases #kern.ipc.shm_use_phys=1 # ZFS # Enable prefetch. Useful for sequential load type i.e fileserver. # FreeBSD sets vfs.zfs.prefetch_disable to 1 on any i386 systems and # on any amd64 systems with less than 4GB of avaiable memory # For additional info check this nabble thread http://old.nabble.com/Samba-read-speed-performance-tuning-td27964534.html #vfs.zfs.prefetch_disable=0 # On highload servers you may notice following message in dmesg: # "Approaching the limit on PV entries, consider increasing either the # vm.pmap.shpgperproc or the vm.pmap.pv_entry_max tunable" vm.pmap.shpgperproc=2048 loader.conf: # Accept filters for data, http and DNS requests # Useful when your software uses select() instead of kevent/kqueue or when you under DDoS # DNS accf available on 8.0+ accf_data_load="YES" accf_http_load="YES" accf_dns_load="YES" # Async IO system calls aio_load="YES" # Linux specific devices in /dev # As for 8.1 it only /dev/full #lindev_load="YES" # Adds NCQ support in FreeBSD # WARNING! all ad[0-9]+ devices will be renamed to ada[0-9]+ # 8.0+ only #ahci_load="YES" #siis_load="YES" # FreeBSD 8.2+ # New Congestion Control for FreeBSD # http://caia.swin.edu.au/urp/newtcp/tools/cc_chd-readme-0.1.txt # http://www.ietf.org/proceedings/78/slides/iccrg-5.pdf # Initial merge commit message http://www.mail-archive.com/[email protected]/msg31410.html #cc_chd_load="YES" # Increase kernel memory size to 3G. # # Use ONLY if you have KVA_PAGES in kernel configuration, and you have more than 3G RAM # Otherwise panic will happen on next reboot! # # It's required for high buffer sizes: kern.ipc.nmbjumbop, kern.ipc.nmbclusters, etc # Useful on highload stateful firewalls, proxies or ZFS fileservers # (FreeBSD 7.2+ amd64 users: Check that current value is lower!) #vm.kmem_size="3G" # If your server has lots of swap (>4Gb) you should increase following value # according to http://lists.freebsd.org/pipermail/freebsd-hackers/2009-October/029616.html # Otherwise you'll be getting errors # "kernel: swap zone exhausted, increase kern.maxswzone" # kern.maxswzone="256M" # Older versions of FreeBSD can't tune maxfiles on the fly #kern.maxfiles="200000" # Useful for databases # Sets maximum data size to 1G # (FreeBSD 7.2+ amd64 users: Check that current value is lower!) #kern.maxdsiz="1G" # Maximum buffer size(vfs.maxbufspace) # You can check current one via vfs.bufspace # Should be lowered/upped depending on server's load-type # Usually decreased to preserve kmem # (default is 10% of mem) #kern.maxbcache="512M" # Sendfile buffers # For i386 only #kern.ipc.nsfbufs=10240 # FreeBSD 9+ # HPET "legacy route" support. It should allow HPET to work per-CPU # See http://www.mail-archive.com/[email protected]/msg03603.html #hint.atrtc.0.clock=0 #hint.attimer.0.clock=0 #hint.hpet.0.legacy_route=1 # syncache Hash table tuning net.inet.tcp.syncache.hashsize=1024 net.inet.tcp.syncache.bucketlimit=512 net.inet.tcp.syncache.cachelimit=65536 # Increased hostcache # Later host cache can be viewed via net.inet.tcp.hostcache.list hidden sysctl # Very useful for it's RTT RTTVAR # Must be power of two net.inet.tcp.hostcache.hashsize=65536 # hashsize * bucketlimit (which is 30 by default) # It allocates 255Mb (1966080*136) of RAM net.inet.tcp.hostcache.cachelimit=1966080 # TCP control-block Hash table tuning net.inet.tcp.tcbhashsize=4096 # Disable ipfw deny all # Should be uncommented when there is a chance that # kernel and ipfw binary may be out-of sync on next reboot #net.inet.ip.fw.default_to_accept=1 # # SIFTR (Statistical Information For TCP Research) is a kernel module that # logs a range of statistics on active TCP connections to a log file. # See prerelease notes http://groups.google.com/group/mailing.freebsd.current/browse_thread/thread/b4c18be6cdce76e4 # and man 4 sitfr #siftr_load="YES" # Enable superpages, for 7.2+ only # Also read http://lists.freebsd.org/pipermail/freebsd-hackers/2009-November/030094.html vm.pmap.pg_ps_enabled=1 # Usefull if you are using Intel-Gigabit NIC #hw.em.rxd=4096 #hw.em.txd=4096 #hw.em.rx_process_limit="-1" # Also if you have ALOT interrupts on NIC - play with following parameters # NOTE: You should set them for every NIC #dev.em.0.rx_int_delay: 250 #dev.em.0.tx_int_delay: 250 #dev.em.0.rx_abs_int_delay: 250 #dev.em.0.tx_abs_int_delay: 250 # There is also multithreaded version of em/igb drivers can be found here: # http://people.yandex-team.ru/~wawa/ # # for additional em monitoring and statistics use # sysctl dev.em.0.stats=1 ; dmesg # sysctl dev.em.0.debug=1 ; dmesg # Also after r209242 (-CURRENT) there is a separate sysctl for each stat variable; # Same tunings for igb #hw.igb.rxd=4096 #hw.igb.txd=4096 #hw.igb.rx_process_limit=100 # Some useful netisr tunables. See sysctl net.isr #net.isr.maxthreads=4 #net.isr.defaultqlimit=4096 #net.isr.maxqlimit: 10240 # Bind netisr threads to CPUs #net.isr.bindthreads=1 # # FreeBSD 9.x+ # Increase interface send queue length # See commit message http://svn.freebsd.org/viewvc/base?view=revision&revision=207554 #net.link.ifqmaxlen=1024 # Nicer boot logo =) loader_logo="beastie" And finally here is KERNCONF: # Just some of them, see also # cat /sys/{i386,amd64,}/conf/NOTES # This one useful only on i386 #options KVA_PAGES=512 # You can play with HZ in environments with high interrupt rate (default is 1000) # 100 is for my notebook to prolong it's battery life #options HZ=100 # Polling is goot on network loads with high packet rates and low-end NICs # NB! Do not enable it if you want more than one netisr thread #options DEVICE_POLLING # Eliminate datacopy on socket read-write # To take advantage with zero copy sockets you should have an MTU >= 4k # This req. is only for receiving data. # Read more in man zero_copy_sockets # Also this epic thread on kernel trap: # http://kerneltrap.org/node/6506 # Here Linus says that "anybody that does it that way (FreeBSD) is totally incompetent" #options ZERO_COPY_SOCKETS # Support TCP sign. Used for IPSec options TCP_SIGNATURE # There was stackoverflow found in KAME IPSec stack: # See http://secunia.com/advisories/43995/ # For quick workaround you can use `ipfw add deny proto ipcomp` options IPSEC # This ones can be loaded as modules. They described in loader.conf section #options ACCEPT_FILTER_DATA #options ACCEPT_FILTER_HTTP # Adding ipfw, also can be loaded as modules options IPFIREWALL # On 8.1+ you can disable verbose to see blocked packets on ipfw0 interface. # Also there is no point in compiling verbose into the kernel, because # now there is net.inet.ip.fw.verbose tunable. #options IPFIREWALL_VERBOSE #options IPFIREWALL_VERBOSE_LIMIT=10 options IPFIREWALL_FORWARD # Adding kernel NAT options IPFIREWALL_NAT options LIBALIAS # Traffic shaping options DUMMYNET # Divert, i.e. for userspace NAT options IPDIVERT # This is for OpenBSD's pf firewall device pf device pflog # pf's QoS - ALTQ options ALTQ options ALTQ_CBQ # Class Bases Queuing (CBQ) options ALTQ_RED # Random Early Detection (RED) options ALTQ_RIO # RED In/Out options ALTQ_HFSC # Hierarchical Packet Scheduler (HFSC) options ALTQ_PRIQ # Priority Queuing (PRIQ) options ALTQ_NOPCC # Required for SMP build # Pretty console # Manual can be found here http://forums.freebsd.org/showthread.php?t=6134 #options VESA #options SC_PIXEL_MODE # Disable reboot on Ctrl Alt Del #options SC_DISABLE_REBOOT # Change normal|kernel messages color options SC_NORM_ATTR=(FG_GREEN|BG_BLACK) options SC_KERNEL_CONS_ATTR=(FG_YELLOW|BG_BLACK) # More scroll space options SC_HISTORY_SIZE=8192 # Adding hardware crypto device device crypto device cryptodev # Useful network interfaces device vlan device tap #Virtual Ethernet driver device gre #IP over IP tunneling device if_bridge #Bridge interface device pfsync #synchronization interface for PF device carp #Common Address Redundancy Protocol device enc #IPsec interface device lagg #Link aggregation interface device stf #IPv4-IPv6 port # Also for my notebook, but may be used with Opteron device amdtemp # Same for Intel processors device coretemp # man 4 cpuctl device cpuctl # CPU control pseudo-device # Support for ECMP. More than one route for destination # Works even with default route so one can use it as LB for two ISP # For now code is unstable and panics (panic: rtfree 2) on route deletions. #options RADIX_MPATH # Multicast routing #options MROUTING #options PIM # Debug & DTrace options KDB # Kernel debugger related code options KDB_TRACE # Print a stack trace for a panic options KDTRACE_FRAME # amd64-only(?) options KDTRACE_HOOKS # all architectures - enable general DTrace hooks #options DDB #options DDB_CTF # all architectures - kernel ELF linker loads CTF data # Adaptive spining in lockmgr (8.x+) # See http://www.mail-archive.com/[email protected]/msg10782.html options ADAPTIVE_LOCKMGRS # UTF-8 in console (8.x+) #options TEKEN_UTF8 # FreeBSD 8.1+ # Deadlock resolver thread # For additional information see http://www.mail-archive.com/[email protected]/msg18124.html # (FYI: "resolution" is panic so use with caution) #options DEADLKRES # Increase maximum size of Raw I/O and sendfile(2) readahead #options MAXPHYS=(1024*1024) #options MAXBSIZE=(1024*1024) # For scheduler debug enable following option. # Debug will be available via `kern.sched.stats` sysctl # For more information see http://svnweb.freebsd.org/base/head/sys/conf/NOTES?view=markup #options SCHED_STATS If you are tuning network for maximum performance you may wish to play with ifconfig options like: # You can list all capabilities via `ifconfig -m` ifconfig [-]rxcsum [-]txcsum [-]tso [-]lro mtu In case you've enabled DDB in kernel config, you should edit your /etc/ddb.conf and add something like this to enable automatic reboot (and textdump as bonus): script kdb.enter.panic=textdump set; capture on; show pcpu; bt; ps; alltrace; capture off; call doadump; reset script kdb.enter.default=textdump set; capture on; bt; ps; capture off; call doadump; reset And do not forget to add ddb_enable="YES" to /etc/rc.conf Since FreeBSD 9 you can select to enable/disable flowcontrol on your NIC: # See http://en.wikipedia.org/wiki/Ethernet_flow_control and # http://www.mail-archive.com/[email protected]/msg07927.html for additional info ifconfig bge0 media auto mediaopt flowcontrol PS. Also most of FreeBSD's limits can be monitored by # vmstat -z and # limits PPS. variety of network counters can be monitored via # netstat -s In FreeBSD-9 netstat's -Q option appeared, try following command to display netisr stats # netstat -Q PPPS. also see # man 7 tuning PPPPS. I wanted to thank FreeBSD community, especially author of nginx - Igor Sysoev, nginx-ru@ and FreeBSD-performance@ mailing lists for providing useful information about FreeBSD tuning. FreeBSD WIP * Whats cooking for FreeBSD 7? * Whats cooking for FreeBSD 8? * Whats cooking for FreeBSD 9? So here is the question: What tunings are you using on yours FreeBSD servers? You can also post your /etc/sysctl.conf, /boot/loader.conf, kernel options, etc with description of its' meaning (do not copy-paste from sysctl -d). Don't forget to specify server type (web, smb, gateway, etc) Let's share experience!

    Read the article

  • ModSecurity compile error on nginx

    - by user146481
    I'm trying to install ModSecurity on nginx with the following instructions : wget https://github.com/SpiderLabs/ModSecurity/archive/master.zip unzip master cd ModSecurity-master ./autogen.sh ./configure --enable-standalone-module And i got the following error : Checking plataform... Identified as Linux configure: looking for Apache module support via DSO through APXS configure: error: couldn't find APXS After installing httpd-devel httpd-devel and running ./configure --enable-standalone-module --with-apxs=/usr/sbin/apxs ; make modsecurity compile workes but still have another error of nginx compilation : ./configure --add-module=/usr/local/src/john/ModSecurity-master/nginx/modsecurity and i got this error : gcc -c -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g -I src/core -I src/event -I src/event/modules -I src/os/unix -I /usr/include/apache2 -I /usr/include/apr-1.0 -I /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone -I /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2 -I /usr/include/libxml2 -I objs -I src/http -I src/http/modules -I src/mail \ -o objs/addon/modsecurity/ngx_http_modsecurity.o \ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:20:23: error: http_core.h: No such file or directory /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:21:26: error: http_request.h: No such file or directory In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:37, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_logging.h:41:23: error: apr_pools.h: No such file or directory In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:38, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_multipart.h:26:25: error: apr_general.h: No such file or directory /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_multipart.h:27:24: error: apr_tables.h: No such file or directory In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:38, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_multipart.h:44: error: expected specifier-qualifier-list before ‘apr_array_header_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_multipart.h:65: error: expected specifier-qualifier-list before ‘apr_array_header_t’ cc1: warnings being treated as errors /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_multipart.h:135: error: data definition has no type or storage class /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_multipart.h:135: error: type defaults to ‘int’ in declaration of ‘apr_status_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_multipart.h:135: error: expected ‘,’ or ‘;’ before ‘multipart_cleanup’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_multipart.h:137: error: expected declaration specifiers or ‘...’ before ‘apr_table_t’ In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:39, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_pcre.h:41: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_pcre.h:45: error: expected ‘)’ before ‘*’ token In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:40, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:19:27: error: apr_file_info.h: No such file or directory In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:41, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:29, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:40, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/persist_dbm.h:21: error: data definition has no type or storage class /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/persist_dbm.h:21: error: type defaults to ‘int’ in declaration of ‘apr_table_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/persist_dbm.h:21: error: expected ‘,’ or ‘;’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/persist_dbm.h:24: error: expected declaration specifiers or ‘...’ before ‘apr_table_t’ In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:42, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:29, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:40, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:20:19: error: httpd.h: No such file or directory /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:21:24: error: ap_release.h: No such file or directory /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:24:26: error: apr_optional.h: No such file or directory In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:42, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:29, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:40, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:30: error: expected declaration specifiers or ‘...’ before ‘modsec_register_tfn’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:30: error: expected declaration specifiers or ‘...’ before ‘(’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:30: error: data definition has no type or storage class /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:30: error: type defaults to ‘int’ in declaration of ‘APR_DECLARE_OPTIONAL_FN’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:31: error: expected declaration specifiers or ‘...’ before ‘modsec_register_operator’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:31: error: expected declaration specifiers or ‘...’ before ‘(’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:31: error: data definition has no type or storage class /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:31: error: type defaults to ‘int’ in declaration of ‘APR_DECLARE_OPTIONAL_FN’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:32: error: expected declaration specifiers or ‘...’ before ‘modsec_register_variable’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:33: error: expected declaration specifiers or ‘...’ before ‘(’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:32: error: data definition has no type or storage class /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:36: error: type defaults to ‘int’ in declaration of ‘APR_DECLARE_OPTIONAL_FN’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:37: error: expected declaration specifiers or ‘...’ before ‘modsec_register_reqbody_processor’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:37: error: expected declaration specifiers or ‘...’ before ‘(’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:37: error: data definition has no type or storage class /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:37: error: type defaults to ‘int’ in declaration of ‘APR_DECLARE_OPTIONAL_FN’ In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:42, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:29, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:40, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:56: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:58: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:65: error: data definition has no type or storage class /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:65: error: type defaults to ‘int’ in declaration of ‘apr_status_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:65: error: expected ‘,’ or ‘;’ before ‘input_filter’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:68: error: data definition has no type or storage class /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:68: error: type defaults to ‘int’ in declaration of ‘apr_status_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:68: error: expected ‘,’ or ‘;’ before ‘output_filter’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:70: error: data definition has no type or storage class /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:70: error: type defaults to ‘int’ in declaration of ‘apr_status_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:70: error: expected ‘,’ or ‘;’ before ‘read_request_body’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:77: error: data definition has no type or storage class /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:77: error: type defaults to ‘int’ in declaration of ‘apr_status_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:77: error: expected ‘,’ or ‘;’ before ‘send_error_bucket’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:83: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:85: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:93: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/apache2.h:95: error: expected ‘)’ before ‘*’ token In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:29, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:40, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:43:25: error: http_config.h: No such file or directory In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:29, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:40, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:59: error: expected declaration specifiers or ‘...’ before ‘apr_array_header_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:61: error: data definition has no type or storage class /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:61: error: type defaults to ‘int’ in declaration of ‘apr_status_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:61: error: expected ‘,’ or ‘;’ before ‘collection_original_setvar’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:63: error: expected declaration specifiers or ‘...’ before ‘apr_pool_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:67: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:70: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:75: error: expected declaration specifiers or ‘...’ before ‘apr_array_header_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:76: error: expected declaration specifiers or ‘...’ before ‘apr_pool_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:86: error: expected specifier-qualifier-list before ‘apr_pool_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:94: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:101: error: expected specifier-qualifier-list before ‘apr_pool_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:111: error: data definition has no type or storage class /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:111: error: type defaults to ‘int’ in declaration of ‘apr_status_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:111: error: expected ‘,’ or ‘;’ before ‘msre_ruleset_process_phase’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:113: error: data definition has no type or storage class /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:113: error: type defaults to ‘int’ in declaration of ‘apr_status_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:113: error: expected ‘,’ or ‘;’ before ‘msre_ruleset_process_phase_internal’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:115: error: expected declaration specifiers or ‘...’ before ‘apr_pool_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:143: error: expected specifier-qualifier-list before ‘apr_ipsubnet_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:149: error: expected specifier-qualifier-list before ‘apr_array_header_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:189: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:219: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:235: error: expected specifier-qualifier-list before ‘fn_tfn_execute_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:239: error: expected declaration specifiers or ‘...’ before ‘fn_tfn_execute_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:258: error: expected declaration specifiers or ‘...’ before ‘apr_table_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:258: error: expected declaration specifiers or ‘...’ before ‘apr_pool_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:285: error: expected specifier-qualifier-list before ‘apr_table_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:341: error: expected declaration specifiers or ‘...’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:341: error: type defaults to ‘int’ in declaration of ‘apr_status_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:341: error: ‘apr_status_t’ declared as function returning a function /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:341: error: ‘apr_status_t’ redeclared as different kind of symbol /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:113: note: previous declaration of ‘apr_status_t’ was here /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:342: error: expected declaration specifiers or ‘...’ before ‘apr_pool_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:342: error: ‘fn_action_execute_t’ declared as function returning a function /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:369: error: expected specifier-qualifier-list before ‘fn_action_init_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:399: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:403: error: expected declaration specifiers or ‘...’ before ‘apr_array_header_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:403: error: ‘msre_parse_vars’ declared as function returning a function /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/re.h:415: error: expected specifier-qualifier-list before ‘apr_size_t’ In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:40, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:54: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:62: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:66: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:68: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:70: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:74: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:76: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:82: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:88: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:90: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:92: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:100: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:102: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:104: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:106: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:108: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:110: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:112: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:114: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:128: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:132: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:136: error: expected ‘)’ before ‘*’ token /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:140: error: data definition has no type or storage class /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:140: error: type defaults to ‘int’ in declaration of ‘apr_fileperms_t’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:140: error: expected ‘,’ or ‘;’ before ‘mode2fileperms’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_util.h:144: error: expected declaration specifiers or ‘...’ before ‘apr_pool_t’ In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:41, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_xml.h:43: error: ‘xml_cleanup’ declared as function returning a function In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:42, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_geo.h:38:25: error: apr_file_io.h: No such file or directory In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:42, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_geo.h:58: error: expected specifier-qualifier-list before ‘apr_file_t’ In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:43, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_gsb.h:22:22: error: apr_hash.h: No such file or directory In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:43, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_gsb.h:25: error: expected specifier-qualifier-list before ‘apr_file_t’ In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:44, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_unicode.h:25: error: expected specifier-qualifier-list before ‘apr_file_t’ In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:46, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/msc_crypt.h:34: error: expected ‘)’ before ‘*’ token In file included from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../standalone/api.h:23, from /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:28: /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:48:23: error: ap_config.h: No such file or directory /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:49:21: error: apr_md5.h: No such file or directory /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:50:25: error: apr_strings.h: No such file or directory /usr/local/src/john/ModSecurity-master/nginx/modsecurity/../../apache2/modsecurity.h:54:22: error: http_log.h: No such file or directory /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:938: error: ‘ngx_http_modsecurity_ctx_t’ has no member named ‘req’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:938: error: too many arguments to function ‘ConvertNgxStringToUTF8’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:942: error: ‘ngx_http_modsecurity_ctx_t’ has no member named ‘req’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:944: error: ‘ngx_http_modsecurity_ctx_t’ has no member named ‘req’ /usr/local/src/john/ModSecurity-master/nginx/modsecurity/ngx_http_modsecurity.c:952: error: ‘modsecurity_read_body_cb’ undeclared (first use in this function) make[1]: *** [objs/addon/modsecurity/ngx_http_modsecurity.o] Error 1 make[1]: Leaving directory `/usr/local/src/john/nginx-1.2.5' make: *** [build] Error 2 Note : I'm using nginx as the only webserver and i do not have apache installed. OS : Centos 6 64bit How can i solve this problem And do you have another easy way to install modsecurity with nginx ?

    Read the article

  • How to solve "403 Forbidden" on CentOS6 with SELinux Disabled?

    - by André
    I have a machine on Linode that is driving me crazy. Linode does not have SELinux on CentOS6... I'm trying to configure to put my website in "/home/websites/public_html/mysite.com/public" As I don´t have SELinux enable, how can I avoid the "403 Forbidden" that I get when trying to access the webpage? Sorry for my english. Best Regards, Update1, ERROR_LOG [Mon Oct 17 14:04:16 2011] [error] [client 127.0.0.1] (13)Permission denied: access to / denied [Mon Oct 17 14:08:07 2011] [error] [client 127.0.0.1] (13)Permission denied: access to / denied [Mon Oct 17 14:10:25 2011] [error] [client 127.0.0.1] (13)Permission denied: access to / denied [Mon Oct 17 14:10:41 2011] [error] [client 127.0.0.1] (13)Permission denied: access to / denied [Mon Oct 17 14:32:35 2011] [error] [client 127.0.0.1] (13)Permission denied: access to / denied [Mon Oct 17 14:34:45 2011] [error] [client 58.218.199.227] (13)Permission denied: access to /proxy-1.php denied [Mon Oct 17 15:32:25 2011] [error] [client 127.0.0.1] (13)Permission denied: access to / denied [Mon Oct 17 15:37:26 2011] [error] [client 127.0.0.1] (13)Permission denied: access to / denied [Mon Oct 17 15:37:43 2011] [error] [client 127.0.0.1] (13)Permission denied: access to / denied [Mon Oct 17 15:38:32 2011] [error] [client 127.0.0.1] (13)Permission denied: access to / denied [Mon Oct 17 15:42:56 2011] [crit] [client 127.0.0.1] (13)Permission denied: /home/websites/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable [Mon Oct 17 15:43:12 2011] [crit] [client 127.0.0.1] (13)Permission denied: /home/websites/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable [Mon Oct 17 15:45:34 2011] [crit] [client 127.0.0.1] (13)Permission denied: /home/websites/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable [Mon Oct 17 15:51:25 2011] [crit] [client 127.0.0.1] (13)Permission denied: /home/websites/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable Upadate2, /home/websites directory drwx------ 3 websites websites 4096 Oct 17 14:52 . drwxr-xr-x. 3 root root 4096 Oct 17 13:42 .. -rw------- 1 websites websites 372 Oct 17 14:52 .bash_history -rw-r--r-- 1 websites websites 18 May 30 11:46 .bash_logout -rw-r--r-- 1 websites websites 176 May 30 11:46 .bash_profile -rw-r--r-- 1 websites websites 124 May 30 11:46 .bashrc drwxrwxr-x 3 websites apache 4096 Oct 17 13:45 public_html Update3, httpd.conf ### Section 1: Global Environment ServerTokens OS ServerRoot "/etc/httpd" PidFile run/httpd.pid Timeout 60 KeepAlive Off MaxKeepAliveRequests 100 KeepAliveTimeout 15 <IfModule prefork.c> StartServers 8 MinSpareServers 5 MaxSpareServers 20 ServerLimit 256 MaxClients 256 MaxRequestsPerChild 4000 </IfModule> <IfModule worker.c> StartServers 4 MaxClients 300 MinSpareThreads 25 MaxSpareThreads 75 ThreadsPerChild 25 MaxRequestsPerChild 0 </IfModule> #Listen 12.34.56.78:80 Listen 80 LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule auth_digest_module modules/mod_auth_digest.so LoadModule authn_file_module modules/mod_authn_file.so LoadModule authn_alias_module modules/mod_authn_alias.so LoadModule authn_anon_module modules/mod_authn_anon.so LoadModule authn_dbm_module modules/mod_authn_dbm.so LoadModule authn_default_module modules/mod_authn_default.so LoadModule authz_host_module modules/mod_authz_host.so LoadModule authz_user_module modules/mod_authz_user.so LoadModule authz_owner_module modules/mod_authz_owner.so LoadModule authz_groupfile_module modules/mod_authz_groupfile.so LoadModule authz_dbm_module modules/mod_authz_dbm.so LoadModule authz_default_module modules/mod_authz_default.so LoadModule ldap_module modules/mod_ldap.so LoadModule authnz_ldap_module modules/mod_authnz_ldap.so LoadModule include_module modules/mod_include.so LoadModule log_config_module modules/mod_log_config.so LoadModule logio_module modules/mod_logio.so LoadModule env_module modules/mod_env.so LoadModule ext_filter_module modules/mod_ext_filter.so LoadModule mime_magic_module modules/mod_mime_magic.so LoadModule expires_module modules/mod_expires.so LoadModule deflate_module modules/mod_deflate.so LoadModule headers_module modules/mod_headers.so LoadModule usertrack_module modules/mod_usertrack.so LoadModule setenvif_module modules/mod_setenvif.so LoadModule mime_module modules/mod_mime.so LoadModule dav_module modules/mod_dav.so LoadModule status_module modules/mod_status.so LoadModule autoindex_module modules/mod_autoindex.so LoadModule info_module modules/mod_info.so LoadModule dav_fs_module modules/mod_dav_fs.so LoadModule vhost_alias_module modules/mod_vhost_alias.so LoadModule negotiation_module modules/mod_negotiation.so LoadModule dir_module modules/mod_dir.so LoadModule actions_module modules/mod_actions.so LoadModule speling_module modules/mod_speling.so LoadModule userdir_module modules/mod_userdir.so LoadModule alias_module modules/mod_alias.so LoadModule substitute_module modules/mod_substitute.so LoadModule rewrite_module modules/mod_rewrite.so LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_balancer_module modules/mod_proxy_balancer.so LoadModule proxy_ftp_module modules/mod_proxy_ftp.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule proxy_ajp_module modules/mod_proxy_ajp.so LoadModule proxy_connect_module modules/mod_proxy_connect.so LoadModule cache_module modules/mod_cache.so LoadModule suexec_module modules/mod_suexec.so LoadModule disk_cache_module modules/mod_disk_cache.so LoadModule cgi_module modules/mod_cgi.so LoadModule version_module modules/mod_version.so Include conf.d/*.conf #ExtendedStatus On User apache Group apache ServerAdmin root@localhost #ServerName www.example.com:80 UseCanonicalName Off DocumentRoot "/var/www/html" # # Each directory to which Apache has access can be configured with respect # to which services and features are allowed and/or disabled in that # directory (and its subdirectories). # # First, we configure the "default" to be a very restrictive set of # features. # <Directory /> Options FollowSymLinks AllowOverride None </Directory> # # Note that from this point forward you must specifically allow # particular features to be enabled - so if something's not working as # you might expect, make sure that you have specifically enabled it # below. # # # This should be changed to whatever you set DocumentRoot to. # <Directory "/home/websites/public_html"> # # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews # # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn't give it to you. # # The Options directive is both complicated and important. Please see # http://httpd.apache.org/docs/2.2/mod/core.html#options # for more information. # Options Indexes FollowSymLinks # # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit # AllowOverride None # # Controls who can get stuff from this server. # Order allow,deny Allow from all </Directory> # # UserDir: The name of the directory that is appended onto a user's home # directory if a ~user request is received. # # The path to the end user account 'public_html' directory must be # accessible to the webserver userid. This usually means that ~userid # must have permissions of 711, ~userid/public_html must have permissions # of 755, and documents contained therein must be world-readable. # Otherwise, the client will only receive a "403 Forbidden" message. # # See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden # <IfModule mod_userdir.c> # # UserDir is disabled by default since it can confirm the presence # of a username on the system (depending on home directory # permissions). # UserDir disabled # # To enable requests to /~user/ to serve the user's public_html # directory, remove the "UserDir disabled" line above, and uncomment # the following line instead: # #UserDir public_html </IfModule> # # Control access to UserDir directories. The following is an example # for a site where these directories are restricted to read-only. # #<Directory /home/*/public_html> # AllowOverride FileInfo AuthConfig Limit # Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec # <Limit GET POST OPTIONS> # Order allow,deny # Allow from all # </Limit> # <LimitExcept GET POST OPTIONS> # Order deny,allow # Deny from all # </LimitExcept> #</Directory> # # DirectoryIndex: sets the file that Apache will serve if a directory # is requested. # # The index.html.var file (a type-map) is used to deliver content- # negotiated documents. The MultiViews Option can be used for the # same purpose, but it is much slower. # DirectoryIndex index.html index.html.var # # AccessFileName: The name of the file to look for in each directory # for additional configuration directives. See also the AllowOverride # directive. # AccessFileName .htaccess # # The following lines prevent .htaccess and .htpasswd files from being # viewed by Web clients. # <Files ~ "^\.ht"> Order allow,deny Deny from all Satisfy All </Files> # # TypesConfig describes where the mime.types file (or equivalent) is # to be found. # TypesConfig /etc/mime.types # # DefaultType is the default MIME type the server will use for a document # if it cannot otherwise determine one, such as from filename extensions. # If your server contains mostly text or HTML documents, "text/plain" is # a good value. If most of your content is binary, such as applications # or images, you may want to use "application/octet-stream" instead to # keep browsers from trying to display binary files as though they are # text. # DefaultType text/plain # # The mod_mime_magic module allows the server to use various hints from the # contents of the file itself to determine its type. The MIMEMagicFile # directive tells the module where the hint definitions are located. # <IfModule mod_mime_magic.c> # MIMEMagicFile /usr/share/magic.mime MIMEMagicFile conf/magic </IfModule> # # HostnameLookups: Log the names of clients or just their IP addresses # e.g., www.apache.org (on) or 204.62.129.132 (off). # The default is off because it'd be overall better for the net if people # had to knowingly turn this feature on, since enabling it means that # each client request will result in AT LEAST one lookup request to the # nameserver. # HostnameLookups Off #EnableMMAP off #EnableSendfile off # # ErrorLog: The location of the error log file. # If you do not specify an ErrorLog directive within a <VirtualHost> # container, error messages relating to that virtual host will be # logged here. If you *do* define an error logfile for a <VirtualHost> # container, that host's errors will be logged there and not here. # ErrorLog logs/error_log LogLevel warn # # The following directives define some format nicknames for use with # a CustomLog directive (see below). # LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent # "combinedio" includes actual counts of actual bytes received (%I) and sent (%O); this # requires the mod_logio module to be loaded. #LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio # # The location and format of the access logfile (Common Logfile Format). # If you do not define any access logfiles within a <VirtualHost> # container, they will be logged here. Contrariwise, if you *do* # define per-<VirtualHost> access logfiles, transactions will be # logged therein and *not* in this file. # #CustomLog logs/access_log common # # If you would like to have separate agent and referer logfiles, uncomment # the following directives. # #CustomLog logs/referer_log referer #CustomLog logs/agent_log agent # # For a single logfile with access, agent, and referer information # (Combined Logfile Format), use the following directive: # CustomLog logs/access_log combined ServerSignature On Alias /icons/ "/var/www/icons/" <Directory "/var/www/icons"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> # # WebDAV module configuration section. # <IfModule mod_dav_fs.c> # Location of the WebDAV lock database. DAVLockDB /var/lib/dav/lockdb </IfModule> # # ScriptAlias: This controls which directories contain server scripts. # ScriptAliases are essentially the same as Aliases, except that # documents in the realname directory are treated as applications and # run by the server when requested rather than as documents sent to the client. # The same rules about trailing "/" apply to ScriptAlias directives as to # Alias. # ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" # # "/var/www/cgi-bin" should be changed to whatever your ScriptAliased # CGI directory exists, if you have that configured. # <Directory "/var/www/cgi-bin"> AllowOverride None Options None Order allow,deny Allow from all </Directory> IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable Charset=UTF-8 AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip AddIconByType (TXT,/icons/text.gif) text/* AddIconByType (IMG,/icons/image2.gif) image/* AddIconByType (SND,/icons/sound2.gif) audio/* AddIconByType (VID,/icons/movie.gif) video/* AddIcon /icons/binary.gif .bin .exe AddIcon /icons/binhex.gif .hqx AddIcon /icons/tar.gif .tar AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip AddIcon /icons/a.gif .ps .ai .eps AddIcon /icons/layout.gif .html .shtml .htm .pdf AddIcon /icons/text.gif .txt AddIcon /icons/c.gif .c AddIcon /icons/p.gif .pl .py AddIcon /icons/f.gif .for AddIcon /icons/dvi.gif .dvi AddIcon /icons/uuencoded.gif .uu AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl AddIcon /icons/tex.gif .tex AddIcon /icons/bomb.gif core AddIcon /icons/back.gif .. AddIcon /icons/hand.right.gif README AddIcon /icons/folder.gif ^^DIRECTORY^^ AddIcon /icons/blank.gif ^^BLANKICON^^ # # DefaultIcon is which icon to show for files which do not have an icon # explicitly set. # DefaultIcon /icons/unknown.gif # # AddDescription allows you to place a short description after a file in # server-generated indexes. These are only displayed for FancyIndexed # directories. # Format: AddDescription "description" filename # #AddDescription "GZIP compressed document" .gz #AddDescription "tar archive" .tar #AddDescription "GZIP compressed tar archive" .tgz # # ReadmeName is the name of the README file the server will look for by # default, and append to directory listings. # # HeaderName is the name of a file which should be prepended to # directory indexes. ReadmeName README.html HeaderName HEADER.html # # IndexIgnore is a set of filenames which directory indexing should ignore # and not include in the listing. Shell-style wildcarding is permitted. # IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t # # DefaultLanguage and AddLanguage allows you to specify the language of # a document. You can then use content negotiation to give a browser a # file in a language the user can understand. # # Specify a default language. This means that all data # going out without a specific language tag (see below) will # be marked with this one. You probably do NOT want to set # this unless you are sure it is correct for all cases. # # * It is generally better to not mark a page as # * being a certain language than marking it with the wrong # * language! # # DefaultLanguage nl # # Note 1: The suffix does not have to be the same as the language # keyword --- those with documents in Polish (whose net-standard # language code is pl) may wish to use "AddLanguage pl .po" to # avoid the ambiguity with the common suffix for perl scripts. # # Note 2: The example entries below illustrate that in some cases # the two character 'Language' abbreviation is not identical to # the two character 'Country' code for its country, # E.g. 'Danmark/dk' versus 'Danish/da'. # # Note 3: In the case of 'ltz' we violate the RFC by using a three char # specifier. There is 'work in progress' to fix this and get # the reference data for rfc1766 cleaned up. # # Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) # English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) # Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) # Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) # Norwegian (no) - Polish (pl) - Portugese (pt) # Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) # Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW) # AddLanguage ca .ca AddLanguage cs .cz .cs AddLanguage da .dk AddLanguage de .de AddLanguage el .el AddLanguage en .en AddLanguage eo .eo AddLanguage es .es AddLanguage et .et AddLanguage fr .fr AddLanguage he .he AddLanguage hr .hr AddLanguage it .it AddLanguage ja .ja AddLanguage ko .ko AddLanguage ltz .ltz AddLanguage nl .nl AddLanguage nn .nn AddLanguage no .no AddLanguage pl .po AddLanguage pt .pt AddLanguage pt-BR .pt-br AddLanguage ru .ru AddLanguage sv .sv AddLanguage zh-CN .zh-cn AddLanguage zh-TW .zh-tw # # LanguagePriority allows you to give precedence to some languages # in case of a tie during content negotiation. # # Just list the languages in decreasing order of preference. We have # more or less alphabetized them here. You probably want to change this. # LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW # # ForceLanguagePriority allows you to serve a result page rather than # MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) # [in case no accepted languages matched the available variants] # ForceLanguagePriority Prefer Fallback # # Specify a default charset for all content served; this enables # interpretation of all content as UTF-8 by default. To use the # default browser choice (ISO-8859-1), or to allow the META tags # in HTML content to override this choice, comment out this # directive: # AddDefaultCharset UTF-8 # # AddType allows you to add to or override the MIME configuration # file mime.types for specific file types. # #AddType application/x-tar .tgz # # AddEncoding allows you to have certain browsers uncompress # information on the fly. Note: Not all browsers support this. # Despite the name similarity, the following Add* directives have nothing # to do with the FancyIndexing customization directives above. # #AddEncoding x-compress .Z #AddEncoding x-gzip .gz .tgz # If the AddEncoding directives above are commented-out, then you # probably should define those extensions to indicate media types: # AddType application/x-compress .Z AddType application/x-gzip .gz .tgz # # MIME-types for downloading Certificates and CRLs # AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl # # AddHandler allows you to map certain file extensions to "handlers": # actions unrelated to filetype. These can be either built into the server # or added with the Action directive (see below) # # To use CGI scripts outside of ScriptAliased directories: # (You will also need to add "ExecCGI" to the "Options" directive.) # #AddHandler cgi-script .cgi # # For files that include their own HTTP headers: # #AddHandler send-as-is asis # # For type maps (negotiated resources): # (This is enabled by default to allow the Apache "It Worked" page # to be distributed in multiple languages.) # AddHandler type-map var # # Filters allow you to process content before it is sent to the client. # # To parse .shtml files for server-side includes (SSI): # (You will also need to add "Includes" to the "Options" directive.) # AddType text/html .shtml AddOutputFilter INCLUDES .shtml # # Action lets you define media types that will execute a script whenever # a matching file is called. This eliminates the need for repeated URL # pathnames for oft-used CGI file processors. # Format: Action media/type /cgi-script/location # Format: Action handler-name /cgi-script/location # # # Customizable error responses come in three flavors: # 1) plain text 2) local redirects 3) external redirects # # Some examples: #ErrorDocument 500 "The server made a boo boo." #ErrorDocument 404 /missing.html #ErrorDocument 404 "/cgi-bin/missing_handler.pl" #ErrorDocument 402 http://www.example.com/subscription_info.html # # # Putting this all together, we can internationalize error responses. # # We use Alias to redirect any /error/HTTP_<error>.html.var response to # our collection of by-error message multi-language collections. We use # includes to substitute the appropriate text. # # You can modify the messages' appearance without changing any of the # default HTTP_<error>.html.var files by adding the line: # # Alias /error/include/ "/your/include/path/" # # which allows you to create your own set of files by starting with the # /var/www/error/include/ files and # copying them to /your/include/path/, even on a per-VirtualHost basis. # Alias /error/ "/var/www/error/" <IfModule mod_negotiation.c> <IfModule mod_include.c> <Directory "/var/www/error"> AllowOverride None Options IncludesNoExec AddOutputFilter Includes html AddHandler type-map var Order allow,deny Allow from all LanguagePriority en es de fr ForceLanguagePriority Prefer Fallback </Directory> # ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var # ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var # ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var # ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var # ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var # ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var # ErrorDocument 410 /error/HTTP_GONE.html.var # ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var # ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var # ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var # ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var # ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var # ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var # ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var # ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var # ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var # ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var </IfModule> </IfModule> # # The following directives modify normal HTTP response behavior to # handle known problems with browser implementations. # BrowserMatch "Mozilla/2" nokeepalive BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 BrowserMatch "RealPlayer 4\.0" force-response-1.0 BrowserMatch "Java/1\.0" force-response-1.0 BrowserMatch "JDK/1\.0" force-response-1.0 # # The following directive disables redirects on non-GET requests for # a directory that does not include the trailing slash. This fixes a # problem with Microsoft WebFolders which does not appropriately handle # redirects for folders with DAV methods. # Same deal with Apple's DAV filesystem and Gnome VFS support for DAV. # BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully BrowserMatch "MS FrontPage" redirect-carefully BrowserMatch "^WebDrive" redirect-carefully BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully BrowserMatch "^gnome-vfs/1.0" redirect-carefully BrowserMatch "^XML Spy" redirect-carefully BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully # # Allow server status reports generated by mod_status, # with the URL of http://servername/server-status # Change the ".example.com" to match your domain to enable. # #<Location /server-status> # SetHandler server-status # Order deny,allow # Deny from all # Allow from .example.com #</Location> # # Allow remote server configuration reports, with the URL of # http://servername/server-info (requires that mod_info.c be loaded). # Change the ".example.com" to match your domain to enable. # #<Location /server-info> # SetHandler server-info # Order deny,allow # Deny from all # Allow from .example.com #</Location> # # Proxy Server directives. Uncomment the following lines to # enable the proxy server: # #<IfModule mod_proxy.c> #ProxyRequests On # #<Proxy *> # Order deny,allow # Deny from all # Allow from .example.com #</Proxy> # # Enable/disable the handling of HTTP/1.1 "Via:" headers. # ("Full" adds the server version; "Block" removes all outgoing Via: headers) # Set to one of: Off | On | Full | Block # #ProxyVia On # # To enable a cache of proxied content, uncomment the following lines. # See http://httpd.apache.org/docs/2.2/mod/mod_cache.html for more details. # #<IfModule mod_disk_cache.c> # CacheEnable disk / # CacheRoot "/var/cache/mod_proxy" #</IfModule> # #</IfModule> # End of proxy directives. ### Section 3: Virtual Hosts # # VirtualHost: If you want to maintain multiple domains/hostnames on your # machine you can setup VirtualHost containers for them. Most configurations # use only name-based virtual hosts so the server doesn't need to worry about # IP addresses. This is indicated by the asterisks in the directives below. # # Please see the documentation at # <URL:http://httpd.apache.org/docs/2.2/vhosts/> # for further details before you try to setup virtual hosts. # # You may use the command line option '-S' to verify your virtual host # configuration. # # Use name-based virtual hosting. # NameVirtualHost *:80 # # NOTE: NameVirtualHost cannot be used without a port specifier # (e.g. :80) if mod_ssl is being used, due to the nature of the # SSL protocol. # # # VirtualHost example: # Almost any Apache directive may go into a VirtualHost container. # The first VirtualHost section is used for requests without a known # server name. # #<VirtualHost *:80> # ServerAdmin [email protected] # DocumentRoot /www/docs/dummy-host.example.com # ServerName dummy-host.example.com # ErrorLog logs/dummy-host.example.com-error_log # CustomLog logs/dummy-host.example.com-access_log common #</VirtualHost> # domain: mysite.com # public: /home/websites/public_html/mysite.com/ <VirtualHost *:80> # Admin email, Server Name (domain name) and any aliases ServerAdmin [email protected] ServerName mysite.com ServerAlias www.mysite.com # Index file and Document Root (where the public files are located) DirectoryIndex index.html DocumentRoot /home/websites/public_html/mysite.com/public # Custom log file locations LogLevel warn ErrorLog /home/websites/public_html/mysite.com/log/error.log CustomLog /home/websites/public_html/mysite.com/log/access.log combined </VirtualHost>

    Read the article

< Previous Page | 88 89 90 91 92