Web Server Upgraded to Apache 2.4.7

The web server has been upgraded to Apache 2.4.7, Apr has been upgraded to 1.5.0, and Apr-Util to 1.5.3

 
Changes with Apache 2.4.7

*) APR 1.5.0 or later is now required for the event MPM.
Apr has been upgraded to 1.5.0, Event MPM is being used.

*) slotmem_shm: Error detection. [Jim Jagielski]

*) event: Use skiplist data structure. [Jim Jagielski]

*) mpm_unix: Add ap_mpm_podx_* implementation to avoid code duplication
and align w/ trunk. [Jim Jagielski]

*) Fix potential rejection of valid MaxMemFree and ThreadStackSize
directives. [Mike Rumph ]

*) mod_proxy_fcgi: Remove 64K limit on encoded length of all envvars.
An individual envvar with an encoded length of more than 16K will be
omitted. [Jeff Trawick]

*) mod_proxy_fcgi: Handle reading protocol data that is split between
packets. [Jeff Trawick]

*) mod_ssl: Improve handling of ephemeral DH and ECDH keys by
allowing custom parameters to be configured via SSLCertificateFile,
and by adding standardized DH parameters for 1024/2048/3072/4096 bits.
Unless custom parameters are configured, the standardized parameters
are applied based on the certificate’s RSA/DSA key size. [Kaspar Brand]

*) mod_ssl, configure: Require OpenSSL 0.9.8a or later. [Kaspar Brand]

*) mod_ssl: drop support for export-grade ciphers with ephemeral RSA
keys, and unconditionally disable aNULL, eNULL and EXP ciphers
(not overridable via SSLCipherSuite). [Kaspar Brand]

*) Add experimental cmake-based build system for Windows. [Jeff Trawick,
Tom Donovan]

*) event MPM: Fix possible crashes (third party modules accessing c->sbh)
or occasional missed mod_status updates for some keepalive requests
under load. [Eric Covener]

*) mod_authn_socache: Support optional initialization arguments for
socache providers. [Chris Darroch]

*) mod_session: Reset the max-age on session save. PR 47476. [Alexey
Varlamov ]

*) mod_session: After parsing the value of the header specified by the
SessionHeader directive, remove the value from the response. PR 55279.
[Graham Leggett]

*) mod_headers: Allow for format specifiers in the substitution string
when using Header edit. [Daniel Ruggeri]

*) mod_dav: dav_resource->uri is treated as unencoded. This was an
unnecessary ABI changed introduced in 2.4.6. PR 55397.

*) mod_dav: Don’t require lock tokens for COPY source. PR 55306.

*) core: Don’t truncate output when sending is interrupted by a signal,
such as from an exiting CGI process. PR 55643. [Jeff Trawick]

*) WinNT MPM: Exit the child if the parent process crashes or is terminated.
[Oracle Corporation]

*) Windows: Correct failure to discard stderr in some error log
configurations. (Error message AH00093) [Jeff Trawick]

*) mod_session_crypto: Allow using exec: calls to obtain session
encryption key. [Daniel Ruggeri]

*) core: Add missing Reason-Phrase in HTTP response headers.
PR 54946. [Rainer Jung]

*) mod_rewrite: Make rewrite websocket-aware to allow proxying.
PR 55598. [Chris Harris ]

*) mod_ldap: When looking up sub-groups, use an implicit objectClass=*
instead of an explicit cn=* filter. [David Hawes ]

*) ab: Add wait time, fix processing time, and output write errors only if
they occured. [Christophe Jaillet]

*) worker MPM: Don’t forcibly kill worker threads if the child process is
exiting gracefully. [Oracle Corporation]

*) core: apachectl -S prints wildcard name-based virtual hosts twice.
PR54948 [Eric Covener]

*) mod_auth_basic: Add AuthBasicUseDigestAlgorithm directive to
allow migration of passwords from digest to basic authentication.
[Chris Darroch]

*) ab: Add a new -l parameter in order not to check the length of the responses.
This can be usefull with dynamic pages.
PR9945, PR27888, PR42040 []

*) Suppress formatting of startup messages written to the console when
ErrorLogFormat is used. [Jeff Trawick]

*) mod_auth_digest: Be more specific when the realm mismatches because the
realm has not been specified. [Graham Leggett]

*) mod_proxy: Add a note in the balancer manager stating whether changes
will or will not be persisted and whether settings are inherited.
[Daniel Ruggeri, Jim Jagielski]

*) mod_cache: Avoid a crash with strcmp() when the hostname is not provided.
[Graham Leggett]

*) core: Add util_fcgi.h and associated definitions and support
routines for FastCGI, based largely on mod_proxy_fcgi.
[Jeff Trawick]

*) mod_headers: Add ‘Header note header-name note-name’ for copying a response
headers value into a note. [Eric Covener]

*) mod_headers: Add ‘setifempty’ command to Header and RequestHeader.
[Eric Covener]

*) mod_logio: new format-specifier %S (sum) which is the sum of received
and sent byte counts.
PR54015 [Christophe Jaillet]

*) mod_deflate: Improve error detection when decompressing request bodies
with trailing garbage: handle case where trailing bytes are in
the same bucket. [Rainer Jung]

*) mod_authz_groupfile, mod_authz_user: Reduce severity of AH01671 and AH01663
from ERROR to DEBUG, since these modules do not know what mod_authz_core
is doing with their AUTHZ_DENIED return value. [Eric Covener]

*) mod_ldap: add TRACE5 for LDAP retries. [Eric Covener]

*) mod_ldap: retry on an LDAP timeout during authn. [Eric Covener]

*) mod_ldap: Change “LDAPReferrals off” to actually set the underlying LDAP
SDK option to OFF, and introduce “LDAPReferrals default” to take the SDK
default, sans rebind authentication callback.
[Jan Kaluza ]

*) core: Log a message at TRACE1 when the client aborts a connection.
[Eric Covener]

*) WinNT MPM: Don’t crash during child process initialization if the
Listen protocol is unrecognized. [Jeff Trawick]

*) modules: Fix some compiler warnings. [Guenter Knauf]

*) Sync 2.4 and trunk
– Avoid some memory allocation and work when TRACE1 is not activated
– fix typo in include guard
– indent
– No need to lower the string before removing the path, it is just a waste of time…
– Save a few cycles
[Christophe Jaillet ]

*) mod_filter: Add “change=no” as a proto-flag to FilterProtocol
to remove a providers initial flags set at registration time.
[Eric Covener]

*) core, mod_ssl: Enable the ability for a module to reverse the sense of
a poll event from a read to a write or vice versa. This is a step on
the way to allow mod_ssl taking full advantage of the event MPM.
[Graham Leggett]

*) Makefile.win: Install proper pcre DLL file during debug build install.
PR 55235. [Ben Reser ]

*) mod_ldap: Fix a potential memory leak or corruption. PR 54936.
[Zhenbo Xu ]

*) ab: Fix potential buffer overflows when processing the T and X
command-line options. PR 55360.
[Mike Rumph ]

*) fcgistarter: Specify SO_REUSEADDR to allow starting a server
with old connections in TIME_WAIT. [Jeff Trawick]

*) core: Add open_htaccess hook which, in conjunction with dirwalk_stat
and post_perdir_config (introduced in 2.4.5), allows mpm-itk to be
used without patches to httpd core. [Stefan Fritsch]

*) support/htdbm: fix processing of -t command line switch. Regression
introduced in 2.4.4
PR 55264 [Jo Rhett ]

Last Night’s Maintenance – MySQL

Because I managed to secure the file server so well that even I couldn’t get into it, I was forced to take the server down ungracefully last night.

After we finished working on it (Carl and Raymond, my sons, were there with me), I thought everything was up, however, due to the unclean shutdown, MySQL did not start.

I corrected this just after noon today.  My apologies.  I’m still working on correcting some configuration issues so this won’t happen again however these corrections should not be service affecting.

Christmas

First, I’d like to wish everyone a Merry Christmas.

On Christmas, I won’t be at the phones all day, but I will probably be within earshot of the phone between about 12 noon and 4pm and I’ll periodically check for voice mail and make sure things are up and running.

So, if you need to talk to me live, please call between noon and 4pm, otherwise, leave a voice mail and I’ll call you back.

PayPal Scam

There is someone sending e-mails alleging to be from PayPal stating that your account is limited and telling you to click on a link and fill out a form to get it reinstated.  These are bogus.  They are trying to get your PayPal credentials so they can raid your account.  Never click on a link in e-mail that alleges to be your bank, etc.  If you are seriously concerned, put the bank URL in your browser and go there directly, NOT from an e-mail link.

Drupal – Memcache

If you install Drupal here, one module you will want to install is the Memcache module.

Just as with the Tribe Object Cache plugin for WordPress, this module uses Memcached to cache rendered pages and other objects and can speed up page loading by as much as 100 times.  It won’t speed up every page but if a page has already been visited and is using the same data, it can speed it up several hundred times.  It can also speed up pages where common content is on multiple pages.

Outage Saturday December 14th, 2013

I apologize for the downtime Saturday December 14th evening.

A new server failed earlier in the day. It wasn’t in use yet except
as a backup but because file systems were NFS mounted from it, anytime a
customer used something that referenced those file systems such as ‘df’ or
‘quota’, the process hung waiting for it to respond eventually cluttering
up memory on shellx.

To stop this, I had to unmount the file systems from that machine but
I needed to reboot the file server which has users home directories on it
in order to do that. I should have used the force option because
otherwise the reboot also is going to wait for the machine that is dead to
respond and I forgot to do that.

The whole mess necessitated a trip to the co-location facility to
restore, and while I was there I fixed some start-up script errors and
applied some updates which required a few more reboots to apply and test.

On another note, if anyone is considering content management systems
like Drupal, Concrete5, Joomla, or WordPress, they will all run fine on
our platform. If you need help getting them running please e-mail support
and I’ll be glad to help you get them setup.

The same is true for Coppermine, Gallery, MyBB, phpBB, or other PHP
applications.

Thank you for your patience and I apologize for the interruption.