Raffael Luthiger's questions

I have here a certificate with the subject "server01.department.company.com" and two subject alternative names "app1" and "app2". When I connect with app1 or app2 to the server all is fine. But when I connect with the real name of the server (the subject) the browsers tell me that the certificate is not valid. I looked now in some certificates by digicert and they mention the subject in the SAN list as well. It looks to me like the subject is not checked any more by the browsers as soon as there are some SAN. I was reading now RFC 5280 but I couldn't find anything that would confirm this.

Can someone give me some more information if my assumption is correct and why it is like this?

I have here a very strange problem with mod_proxy_html. The HTML code which gets parsed looks like this:

<a href="/old/something.html" style="background-image:url('/old/images/background.png')">link</a>

Our configuration looks like this:

ProxyPass /  ajp://localhost:9000/webapp/
<Location />
SetOutputFilter INFLATE;proxy-html;DEFLATE
ProxyPassReverse /
ProxyHTMLExtended On

ProxyHTMLURLMap /old/ /new/

RequestHeader unset Accept-Encoding
</Location>

And in the module config file I added this:

ProxyHTMLLinks  a               href style

From my understanding this should now filter the HREF and the STYLE attribute. But it only filters the HREF. Can anybody explain me why?

It is the httpd version 2.4.6.

Since one of our customers updated their server courier does not handle IMAP connections properly any more. POP3 works without any problems.

When I try to test IMAP with telnet then it is always like this:

$ telnet domain.com 143
Trying 188.40.46.214...
Connected to domain.com.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2011 Double Precision, Inc.  See COPYING for distribution information.
01 LOGIN [email protected] test
Connection closed by foreign host.

I enabled debugging in the authdaemond but the output does not really help much:

Apr 12 23:10:04 servername authdaemond: received auth request, service=imap, authtype=login
Apr 12 23:10:04 servername authdaemond: authmysql: trying this module
Apr 12 23:10:04 servername authdaemond: SQL query: SELECT login, password, "", uid, gid, homedir, maildir, quota, "", concat('disableimap=',disableimap,',disablepop3=',disablepop3) FROM mail_user WHERE login = '[email protected]' 
Apr 12 23:10:04 servername authdaemond: password matches successfully
Apr 12 23:10:04 servername authdaemond: authmysql: sysusername=<null>, sysuserid=5000, sysgroupid=5000, homedir=/var/vmail, [email protected], fullname=<null>, maildir=/var/vmail/domain.com/test, quota=0, options=disableimap=n,disablepop3=n
Apr 12 23:10:04 servername authdaemond: Authenticated: sysusername=<null>, sysuserid=5000, sysgroupid=5000, homedir=/var/vmail, [email protected], fullname=<null>, maildir=/var/vmail/domain.com/test, quota=0, options=disableimap=n,disablepop3=n

Right after the "Authenticated" line the output stops. There is no other message. And in no other log file I've checked I could find any other related message.

The system was updated from Ubuntu 10.10 to 12.04.

How could I get more information? Or does anybody have an idea what could go wrong here?

I would like to optimize APC some more but I am not sure where I could do something. First here is the screenshot after one week of running with the current configuration:

I have now the following points that I am unsure of:

1. Do I see it correctly that the fragmentation happens because the cache is used as an user cache too?
2. Why does the fragmentation bar tell me 100% of only 5.8MB when I allocated 192MB in total?
3. Is this just a rendering problem that the circle under "Memory Usage" is not fully closed? Because the MB values below do add up. (To say is that the circle looks nice after a restart it just becomes like this when the cache gets more and more fragmented.)
4. Since the hit rate is really good I am not sure if the fragmentation is a big problem or not. Do you think that I can still optimize it?

I am mostly interested in getting those questions answered. Only then I can understand APC better and make adjustments myself.

Some detail information: On this server is Drupal and Magento running. Drupal is using it as a user cache too.

The question for me is now how I could optimize it. I could allocate more RAM but I am not sure if this really helps a lot.

UPDATE: Here is the configuration:

; The size of each shared memory segment in MB.
apc.shm_size = 192M

; Prevent files larger than this value from getting cached. Defaults to 1M. 
apc.max_file_size = 2M

; The number of seconds a cache entry is allowed to idle in a slot in case
; this cache entry slot is needed by another entry.
apc.ttl = 3600

As you can see it is pretty minimal at the moment.

In order to test my PHP projects on errors I normally use this command:

find ./ -type f -name \*.php -exec php -l '{}' \; | grep -v "No syntax errors detected"

I would like to extend the part php -l '{}' \; with some parameters so it will use a custom error_reporting level and not the one defined in php.ini. Is this possible?

(I know that the question is somewhat coding related. On the other side it is more about shell commands. If you think it should be better on stackoverflow then feel free to move it. I was not sure where the question fits better.)

I am searching for a firewall product (appliance or software) for an hosting/housing environment. The biggest problem is that the rules get very complex as more customers are behind the firewall. Some have only one server, others have a whole subnet. Some need NAT, some a VPN endpoint. Some customers want to only allow port http, others ssh as well. So the device needs to be able to support VLANs and it should be possible to group the rules per customer.

Speed is another important point. And being able to manage redundant devices easily.

I am searching for something that doesn't have all the extras like spam filter etc. I was searching a lot on the net but either they had all those extras as well (and with is an overloaded configuration interface) or they missed some of the features I need (e.g. VLAN).

The VPN endpoint is not the an important criteria. We were thinking about a separate machine for it.