apache – 421 Misdirected request on shared host

421 is returned when the browser tries to reuse the connection for another site. This is allowed under HTTP / 2 to save the cost of opening another connection since, in most cases, it is better to use fewer connections under HTTP / 2.

The browser should only reuse a connection that is assigned to the same IP address and where the certificate used covers both sites (which is the case of its three sites).

Despite these conditions, occasionally the browser will try to reuse a connection when it shouldn't. Apache's main case is if different SSL / TLS settings are configured for each vhost. Looking at ssllabs.com for each of its three domains, the settings look the same, making it difficult to see why Apache is returning this. You should contact your hosting provider and ask them to verify this.

In these cases, Firefox will see response 421, establish a new connection, and request the resource again. However, unlike a 301 or 302, it appears that this won't show up as a separate request in the developer tools.

The alternatives to solve this are:

  1. Have the hosting provider identify the cause and allow the connections to be reused.
  2. Use different certificates for each domain (so that the browser does not try to reuse the connection).
  3. Use a different IP address for the other domains, even if they are assigned to the same server (so that the browser does not try to reuse the connection).
  4. Stop using http / 2, which seems a shame as it generally provides good performance.
  5. Stop using other domains, at least for HTTP / 2.

I think you should seriously look at the last one. The benefit of using other domains (called sharding) is often overstated in my opinion for HTTP / 1 and shouldn't be necessary under HTTP / 2.

Fragmentation is done for two reasons:

  1. To allow 6 lower HTTP / 1.1 connections as browsers, the typical maximum is 6 simultaneous connections per domain. However, unless those seventh, eighth connections … etc. used a lot, the cost of setting them up may not be worth it. And under HTTP / 2, the limit is much higher (generally at least 100 simultaneous streams per connection).
  2. Domains without cookies to save in request sizes. But under HTTP / 2, the HTTP headers are compressed, so you're less concerned about this (and again, in my opinion, the value of this was overstated: how big cookies really are).

Looking at the web page test for your home page, you're loading the main page over the www domain, and then 6 assets over one static subdomain and 6 assets over the following subdomain and a few more on each:

Waterfall view

Here you can see the real cost of your 421s, as almost all connections need to be reestablished with one connection and SSL negotiation. Ignoring this for a moment, you can see that yes, you are downloading more than 6 resources at the same time in your two static subdomains. So if it is an HTTP / 1.1 connection, you would benefit from breaking the 6 connection limit for a moment. But you are also wasting the www connection which is down after the first request. This is made more obvious from the Connection View:

Connection view

So you can get rid of one of those subdomains and serve those assets for the www domain to get utilization of that first connection.

For HTTP / 2, you can also get rid of the other domain as it shouldn't be necessary. Then it can provide different results to HTTP / 2 and HTTP / 1.1 users, but that's tricky, all major browsers support HTTP / 2 and for 24 requests in total it won't even be a huge performance load going to a domain for those who don't.

In short, stop sharing domains without cookies unless you have a good reason to do so, as a quick glance at your homepage is not helping your performance anyway, and while you're addressing this issue 421, you it is hindering considerably.

python – Django Hosting on Apache

I try to host Django in Apache using mod_wsgi and following a good tutorial. I have a Windows 7 OP, and had everything set up as described in the tutorial, however I get this Error 500 for which I paste the ErrorLogs below:

(Mon Apr 06 14:37:28.669698 2020) (wsgi:error) (pid 7784:tid 1048) (client 95.47.51.217:48374) mod_wsgi (pid=7784): Failed to exec Python script file 'D:/Backup/Learning Python/Organized and important file/Learning files and sheets/Django_ Learning_ 1/weblog_app/weblog_app/wsgi.py'.
(Mon Apr 06 14:37:28.669698 2020) (wsgi:error) (pid 7784:tid 1048) (client 95.47.51.217:48374) mod_wsgi (pid=7784): Exception occurred processing WSGI script 'D:/Backup/Learning Python/Organized and important file/Learning files and sheets/Django_ Learning_ 1/weblog_app/weblog_app/wsgi.py'.
(Mon Apr 06 14:37:28.669698 2020) (wsgi:error) (pid 7784:tid 1048) (client 95.47.51.217:48374) Traceback (most recent call last):r
(Mon Apr 06 14:37:28.669698 2020) (wsgi:error) (pid 7784:tid 1048) (client 95.47.51.217:48374)   File "D:/Backup/Learning Python/Organized and important file/Learning files and sheets/Django_ Learning_ 1/weblog_app/weblog_app/wsgi.py", line 16, in r
(Mon Apr 06 14:37:28.669698 2020) (wsgi:error) (pid 7784:tid 1048) (client 95.47.51.217:48374)     application = get_wsgi_application()r
(Mon Apr 06 14:37:28.669698 2020) (wsgi:error) (pid 7784:tid 1048) (client 95.47.51.217:48374)   File "c:\users\adwy\appdata\local\programs\python\python35\lib\site-packages\django\core\wsgi.py", line 12, in get_wsgi_applicationr
(Mon Apr 06 14:37:28.669698 2020) (wsgi:error) (pid 7784:tid 1048) (client 95.47.51.217:48374)     django.setup(set_prefix=False)r
(Mon Apr 06 14:37:28.669698 2020) (wsgi:error) (pid 7784:tid 1048) (client 95.47.51.217:48374)   File "c:\users\adwy\appdata\local\programs\python\python35\lib\site-packages\django\__init__.py", line 19, in setupr
(Mon Apr 06 14:37:28.669698 2020) (wsgi:error) (pid 7784:tid 1048) (client 95.47.51.217:48374)     configure_logging(settings.LOGGING_CONFIG, settings.LOGGING)r
(Mon Apr 06 14:37:28.669698 2020) (wsgi:error) (pid 7784:tid 1048) (client 95.47.51.217:48374)   File "c:\users\adwy\appdata\local\programs\python\python35\lib\site-packages\django\conf\__init__.py", line 79, in __getattr__r
(Mon Apr 06 14:37:28.669698 2020) (wsgi:error) (pid 7784:tid 1048) (client 95.47.51.217:48374)     self._setup(name)r
(Mon Apr 06 14:37:28.669698 2020) (wsgi:error) (pid 7784:tid 1048) (client 95.47.51.217:48374)   File "c:\users\adwy\appdata\local\programs\python\python35\lib\site-packages\django\conf\__init__.py", line 66, in _setupr
(Mon Apr 06 14:37:28.669698 2020) (wsgi:error) (pid 7784:tid 1048) (client 95.47.51.217:48374)     self._wrapped = Settings(settings_module)r
(Mon Apr 06 14:37:28.669698 2020) (wsgi:error) (pid 7784:tid 1048) (client 95.47.51.217:48374)   File "c:\users\adwy\appdata\local\programs\python\python35\lib\site-packages\django\conf\__init__.py", line 157, in __init__r
(Mon Apr 06 14:37:28.669698 2020) (wsgi:error) (pid 7784:tid 1048) (client 95.47.51.217:48374)     mod = importlib.import_module(self.SETTINGS_MODULE)r
(Mon Apr 06 14:37:28.669698 2020) (wsgi:error) (pid 7784:tid 1048) (client 95.47.51.217:48374)   File "c:\users\adwy\appdata\local\programs\python\python35\lib\importlib\__init__.py", line 126, in import_moduler
(Mon Apr 06 14:37:28.669698 2020) (wsgi:error) (pid 7784:tid 1048) (client 95.47.51.217:48374)     return _bootstrap._gcd_import(name(level:), package, level)r
(Mon Apr 06 14:37:28.669698 2020) (wsgi:error) (pid 7784:tid 1048) (client 95.47.51.217:48374)   File "", line 986, in _gcd_importr
(Mon Apr 06 14:37:28.669698 2020) (wsgi:error) (pid 7784:tid 1048) (client 95.47.51.217:48374)   File "", line 969, in _find_and_loadr
(Mon Apr 06 14:37:28.669698 2020) (wsgi:error) (pid 7784:tid 1048) (client 95.47.51.217:48374)   File "", line 944, in _find_and_load_unlockedr
(Mon Apr 06 14:37:28.669698 2020) (wsgi:error) (pid 7784:tid 1048) (client 95.47.51.217:48374)   File "", line 222, in _call_with_frames_removedr
(Mon Apr 06 14:37:28.669698 2020) (wsgi:error) (pid 7784:tid 1048) (client 95.47.51.217:48374)   File "", line 986, in _gcd_importr
(Mon Apr 06 14:37:28.669698 2020) (wsgi:error) (pid 7784:tid 1048) (client 95.47.51.217:48374)   File "", line 969, in _find_and_loadr
(Mon Apr 06 14:37:28.669698 2020) (wsgi:error) (pid 7784:tid 1048) (client 95.47.51.217:48374)   File "", line 956, in _find_and_load_unlockedr
(Mon Apr 06 14:37:28.669698 2020) (wsgi:error) (pid 7784:tid 1048) (client 95.47.51.217:48374) ImportError: No module named 'weblog_app'r

basically i don't know if the problem is in the mod_wsgi version i am using or in the CONFIG i used:

here I copy the CONFIG that I used for Apache

LoadModule wsgi_module "c:/users/adwy/appdata/local/programs/python/python35/lib/site-packages/mod_wsgi/server/mod_wsgi.cp35-win_amd64.pyd"
WSGIScriptAlias / "D:/Backup/Learning Python/Organized and important file/Learning files and sheets/Django_ Learning_ 1/weblog_app/weblog_app/wsgi.py"
WSGIPythonHome "c:/users/adwy/appdata/local/programs/python/python35"
WSGIPythonPath "D:/Backup/Learning Python/Organized and important file/Learning files and sheets/Django_ Learning_ 1/weblog_app/weblog_app"

Alias "/static/" "C:/Users/Adwy/Adwy/Django_ Learning_ 1/Lib/site-packages/django/contrib/admin/static"
Alias "/templates/" "C:/Users/Adwy/Adwy/Django_ Learning_ 1/Lib/site-packages/django/contrib/admin/templates"



    Require all granted



    Require all granted



   
      Require all granted
   

Can someone with some experience here help me,

Thanks a lot,

apache2: can I use snap to install nextcloud on a server that is already running Apache?

Nextcloud is an open source cloud data server. On operating systems with snapd you can install everything in an instant:
sudo snap install nextcloud

That seems magical, but I'm stuck there. My server was already hosting multiple domains using Apache, and I don't even know where to look for the nextcloud home page. All instructions / manuals I can find do not explain where the site is or how the plugin will interact with existing Apache.
Now I suspect that I can't use a plugin if I already have Apache running? But this was not clear from what I read.

I have a separate IP domain for the nextcloud server, so I only need the plugin to handle requests for a domain name.

Can I use snap to install nextcloud on a server that is already running Apache?

Apache: redirect directory to another root site

I want to redirect everything from a certain subdirectory to the root of another site, i.e. without the subdirectories:
See the following example:

company.com/jobs should be redirected to jobs.site.com. Then again, all the way behind /jobs should be omitted like this: company.com/jobs/foo should also be redirected to jobs.site.com

This last part is the most difficult as with redirect 301 /jobs jobs.site.com the way/foo not omitted like this company.com/jobs/foo redirects to jobs.site.com/foo which throws a 404 error since this page doesn't exist.

How can I get the route to be skipped in a redirect?

SELinux and Semanage to customize Apache SSL certificate and key path

I want to create a custom path for the SSL certificate and write apache for each user, for example:

user1 will have the SSL path like this:

/home/user1/ssl/certificate.cer
/home/user1/ssl/ca_certificate.cer
/home/user1/ssl/certificate.key

SELinux does not allow Apache to start when I use the custom SSL directive in the httpd.conf file. Is there a week command that I can use to tell SELinux my custom SSL certificate and key path for Apache?

apache 2.2 – Download PHP file uses high CPU and RAM

My Apache server statistics

RAM 4GB
CPU 2-core
PHP 7.3
Centos 7 64bit

File upload settings in Php.ini

max_execution_time = 300;
max_input_time = 60 ;
memory_limit = 1000M ;
post_max_size = 2000M
upload_max_filesize = 1500M

I use this PHP code to download files.

   File Not Found");
        }
        $this->size = filesize($file);
        $this->file = fopen($file, "r");
        $this->boundary = md5($file);
        $this->delay = $delay;
        $this->name = basename($file);
    }
    public function process() {
        $ranges = NULL;
        $t = 0;
        if ($_SERVER('REQUEST_METHOD') == 'GET' && isset($_SERVER('HTTP_RANGE')) && $range = stristr(trim($_SERVER('HTTP_RANGE')), 'bytes=')) {
            $range = substr($range, 6);
            $ranges = explode(',', $range);
            $t = count($ranges);
        }
        header("Accept-Ranges: bytes");
        header("Content-Type: application/octet-stream");
        header("Content-Transfer-Encoding: binary");
        header(sprintf('Content-Disposition: attachment; filename="%s"', $this->name));
        if ($t > 0) {
            header("HTTP/1.1 206 Partial content");
            $t === 1 ? $this->pushSingle($range) : $this->pushMulti($ranges);
        } else {
            header("Content-Length: " . $this->size);
            $this->readFile();
        }
        flush();
    }
    private function pushSingle($range) {
        $start = $end = 0;
        $this->getRange($range, $start, $end);
        header("Content-Length: " . ($end - $start + 1));
        header(sprintf("Content-Range: bytes %d-%d/%d", $start, $end, $this->size));
        fseek($this->file, $start);
        $this->readBuffer($end - $start + 1);
        $this->readFile();
    }
    private function pushMulti($ranges) {
        $length = $start = $end = 0;
        $output = "";
        $tl = "Content-type: application/octet-streamrn";
        $formatRange = "Content-range: bytes %d-%d/%drnrn";
        foreach ( $ranges as $range ) {
            $this->getRange($range, $start, $end);
            $length += strlen("rn--$this->boundaryrn");
            $length += strlen($tl);
            $length += strlen(sprintf($formatRange, $start, $end, $this->size));
            $length += $end - $start + 1;
        }
        $length += strlen("rn--$this->boundary--rn");
        header("Content-Length: $length");
        header("Content-Type: multipart/x-byteranges; boundary=$this->boundary");
        foreach ( $ranges as $range ) {
            $this->getRange($range, $start, $end);
            echo "rn--$this->boundaryrn";
            echo $tl;
            echo sprintf($formatRange, $start, $end, $this->size);
            fseek($this->file, $start);
            $this->readBuffer($end - $start + 1);
        }
        echo "rn--$this->boundary--rn";
    }
    private function getRange($range, &$start, &$end) {
        list($start, $end) = explode('-', $range);
        $fileSize = $this->size;
        if ($start == '') {
            $tmp = $end;
            $end = $fileSize - 1;
            $start = $fileSize - $tmp;
            if ($start < 0)
                $start = 0;
        } else {
            if ($end == '' || $end > $fileSize - 1)
                $end = $fileSize - 1;
        }
        if ($start > $end) {
            header("Status: 416 Requested range not satisfiable");
            header("Content-Range: */" . $fileSize);
            exit();
        }
        return array(
                $start,
                $end
        );
    }
    private function readFile() {
        while ( ! feof($this->file) ) {
            echo fgets($this->file);
            flush();
            usleep($this->delay);
        }
    }
    private function readBuffer($bytes, $size = 1024) {
        $bytesLeft = $bytes;
        while ( $bytesLeft > 0 && ! feof($this->file) ) {
            $bytesLeft > $size ? $bytesRead = $size : $bytesRead = $bytesLeft;
            $bytesLeft -= $bytesRead;
            echo fread($this->file, $bytesRead);
            flush();
            usleep($this->delay);
        }
    }
}
$file = '/home/file.zip';
set_time_limit(0);
$download = new ResumeDownload($file, 50000); //delay about in microsecs 
$download->process();

it is working perfectly but the problem is that. when several files download our RAM and CPU 100%.
Any solution to solve it.

Apache + JavaScript security cookie for a certain file

I have an Apache server with many WordPress installations, and I want to secure wp-login.php with a simple JavaScript cookie solution. I saw such … | Read the rest of https://www.webhostingtalk.com/showthread.php?t=1802982&goto=newpost

Server and network administration for $ 100

My honored clients who want to configure Ubuntu VPS server with Apache and phpMyAdmin. I will be very happy to help my clients.

by: fxmn
Created: –
Category: VPS
Views: 94


.

apache – modest 2.9.2 – response body: transformed: decrypted

I would appreciate if someone can point me the correct way to solve this

Have a POST for a refresh token and modsec closes the connection (?): The browser goes into an endless loop from one side to the other; using apache 2.4.6 and modsec 2.9.2 in centos 7.

  1. Can I completely disable the modsec engine for this request?

  2. It doesn't say "matching rule" in heading H and section K in audit lists, there are so many rules to post here (but you can post if anyone needs it)

Thanks in advance!

–522ec87e-F–
HTTP / 1.1 400 Bad Request
X frame options: SAMEORIGIN
Cache control: no store
Pragma: no cache
X frame options: SAMEORIGIN
Access-Control-Expose-Headers: Access-Control-Allow-Methods
Access-Control-Allow-Origin: https://mysite.com
Access-Control-Allow-Credentials: true
Content type: application / json
Content Length: 69
X-XSS protection: 1; mode = block
Connection: close

–522ec87e-H–
Apache-Handler: proxy server
Stopwatch: 1585504125443097 26443 (- – -)
Stopwatch2: 1585504125443097 26443; combined = 7503, p1 = 367, p2 = 6899, p3 = 71, p4 = 124, p5 = 41, sr = 64, sw = 1, l = 0, gc = 0
Response transformed body: debarked
Producer: ModSecurity for Apache / 2.9.2 (http://www.modsecurity.org/); OWASP_CRS / 3.0.0.
Server: Apache
Engine mode: "ENABLED"

–522ec87e-Z–

load balancing: nginx http (from Android app) doesn't work. Https is working fine, and http was / is working fine in apache

I have a laravel / php application that worked fine in apache, but I thought it would be better to switch to nginx to support larger concurrent users.

I have installed we will encrypt SSL certificates and it is working fine over https. When I try http it doesn't work. The problem is that I am planning to use Amazon load balancers and encrypting would be difficult on individual instances. So I guess I need http to work with the load balancer.

When trying through http, the nginx access log is completely blank and the error log shows a single line warning that the signal process has started. Laravel's record is also blank.

2020/03/29 07:03:28 (notice) 21522#21522: signal process started

When I try SSL enabled, there is nothing in the error log and this is what the access log shows

IP ADDRESS HERE - - (29/Mar/2020:08:08:38 +0000) "GET /api/profile HTTP/1.1" 200 383 "-" "okhttp/3.10.0"
IP ADDRESS HERE - - (29/Mar/2020:08:08:38 +0000) "GET /api/shortlisted?page=1 HTTP/1.1" 200 204 "-" "okhttp/3.10.0"
IP ADDRESS HERE - - (29/Mar/2020:08:08:38 +0000) "GET /api/overview HTTP/1.1" 200 160 "-" "okhttp/3.10.0"

The funny thing is that when I try through the browser (even with http), I get the default page of laravel (I can't check the app itself as it is only mobile). The app is using okhttp for the connection, so it might have something to do with it. curl -v it shows a similar answer and an html page too.

After accessing through the browser, I get the following two entries in access.log and nothing in error.log.

IP ADDRESS HERE - - (29/Mar/2020:07:50:33 +0000) "GET / HTTP/1.1" 200 879 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:66.0) Gecko/20100101 Firefox/66.0"
IP ADDRESS HERE - - (29/Mar/2020:07:50:33 +0000) "GET /favicon.ico HTTP/1.1" 200 0 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:66.0) Gecko/20100101 Firefox/66.0"

I thought it could be because ipv6 is not configured correctly, and I configured it correctly and the ipv6 test (https://ipv6-test.com) shows that the domain is ipv6 ready. But it could still be something related.

This is my configuration file (domain / folder modified. I rebooted the server and tried several times after the changes). The default nginx configuration file is unlinked.

server {
    root /var/www/appFolder/public;
    index index.php index.html index.htm index.nginx-debian.html;
    server_name domain.com www.domain.com;

    location / {
            try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ .php$ {
            fastcgi_index index.php;
            fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
    }

    location ~ /.ht {
            deny all;
    }
    #error_log /var/log/nginx/error.log debug;
    #access_log /var/log/nginx/access.log;


    gzip on;
    gzip_types text/plain application/json text/xml application/xml;


#listen (::):443 ssl; # managed by Certbot
#listen 443 ssl; # managed by Certbot
#Other SSL info here, ssl currently commented out for testing # managed by Certbot

    listen 80;
    listen (::):80 ipv6only=on; # Tested ipv6only=on & off and completely removing that part

}

I don't have apache installed on this server. But my other server that has apache works fine. Not tried SSL over there.

Any ideas what the problem might be or how to solve it?