Glenn Slaven's questions

I've got a location block with an auth_request like this

location /somepath {
    auth_request /authorize;
    auth_request_set $header_variable $upstream_http_custom_header;

    proxy_path http://backendaddress;
}

What I want to do is, if the $header_variable doesn't match a particular regex I want to return a 403 code.

if isn't going to work because it runs too early. Is there anything else that would let me do this?

In the documentation for the ngx_http_limit_req_module it says

A client IP address serves as a key. Note that instead of $remote_addr, the $binary_remote_addr variable is used here, that allows decreasing the state size down to 64 bytes. One megabyte zone can keep about 16 thousand 64-byte states. If the zone storage is exhausted, the server will return the 503 (Service Temporarily Unavailable) error to all further requests.

Unfortunately it fails to say how big it will be if you don't use the binary version of the ip address. I need to use $http_x_forwarded_for as the key, how big will each state be in this case?

I'm running multiple ubuntu (precise) boxes & I've got collectd pushing data up to a central logstash box, which is then sending it to carbon (graphite).

I'm running the processes plugin for collectd, which gives CPU time with a 10 second interval. What I want to be able to chart in graphite is the cpu usage (either in jiffies or preferably in a percentage, but I realise that can be problematic) for each process.

I'm just not grokking how to take the process CPU time metric which is a ever-increasing counter of the cpu time used by the process and turn that into a gauge of how much cpu the process is using over time.

Can I do this, and if so, how?

We're proxying a backend that we don't control & the backend is requesting a client certificate when connecting on https.

When we request these pages through the proxy the connection times out with no response from the backend, however the pages work fine if we bypass the proxy. Is this a problem with nginx handling the client certificate or should we be looking elsewhere?

Nginx config:

server {
        listen 443 ssl;

        ssl on;
        ssl_certificate /etc/nginx/ssl/webserver.pem;
        ssl_certificate_key /etc/nginx/ssl/webserver.key;

        location / {
                 proxy_pass https://www.backendsite.com;
                 proxy_set_header X-Forwarded-For $http_x_forwarded_for;
        }
}

I'm getting intermittent guru meditations in varnish (as in I fire 50 requests off and 3 come back bad). In varnishlog it says

   15 VCL_return   c hash
   15 HitPass      c 1394372109
   15 VCL_call     c pass pass
   15 Backend      c 17 default default
   15 TTL          c 1394372164 RFC 0 -1 -1 1384590297 0 1384590291 0 0
   15 VCL_call     c fetch
   15 TTL          c 1394372164 VCL 120 -1 -1 1384590297 -0
   15 VCL_return   c hit_for_pass
   15 ObjProtocol  c HTTP/1.1
   15 ObjResponse  c OK
   15 ObjHeader    c Date: Sat, 16 Nov 2013 08:24:51 GMT
   15 ObjHeader    c Server: Apache
   15 ObjHeader    c Accept-Ranges: bytes
   15 ObjHeader    c Cache-Control: max-age=0, no-cache
   15 ObjHeader    c Vary: Accept-Encoding
   15 ObjHeader    c X-Mod-Pagespeed: 1.5.27.2-2912
   15 ObjHeader    c Content-Encoding: gzip
   15 ObjHeader    c Content-Type: text/html; charset=utf-8
   15 Gzip         c u F - 3755 13624 80 0 0
   15 FetchError   c TestGunzip error at the very end
   15 VCL_call     c error deliver
   15 VCL_call     c deliver deliver
   15 TxProtocol   c HTTP/1.1
   15 TxStatus     c 503
   15 TxResponse   c Service Unavailable

You can see the 15 FetchError c TestGunzip error at the very end which is the problem. I'm not sure how to interpret the line above Gzip c u F - 3755 13624 80 0 0 and I can't see why this is a problem. The site did not have any reported problem loading pages before we put varnish in front.

In an assumption that varnish is just being more strict about gzip than the browsers are, I attempted to turn off the gzip handling, so I set http_gzip_support to off in /etc/defaults/varnish:

DAEMON_OPTS="-a :80 \
             -T localhost:6082 \
             -f /etc/varnish/default.vcl \
             -S /etc/varnish/secret \
             -s malloc,256m \
             -p http_gzip_support=off"

This has failed to make any difference. I've now run out of ideas, any help would be greatly appreciated.

I have a misbehaving origin that when it has an error page it is not setting a content-type header. This is then a problem as we're sitting behind Edgecast and they default to application/octet-stream which causes browsers to try and download the file. Is there any way I can get apache to set a content type response header if there isn't one?

I have an apache2.2 server with mod_proxy and mod_headers installed. On a request running with a ProxyPass directive, none of the Header set directives work, ie the header's aren't set in the response.

However if I remove the ProxyPass directive the headers are set. Is there some configuration that disables setting headers when using mod_proxy?

I have a server running mod_proxy and I need to essentially rename a request header. A proxy closer to the origin is stripping off the X-Forwarded-For header, but we need that data to persist, so I want to add the value to a different header to allow the origin to pick it up.

From my reading of the doco there is no way to rename a header and I can't see how to pass in values into RequestHeader add in mod_headers.

I have an Apache 2.2 server running mod_proxy. We had a scenario where a response came through from the origin corrupted, it didn't have any content-type or cache-control headers. This meant that downstream proxies and clients cached the dodgy response.

What I would like to do is if the response doesn't have a content-type and cache-control header to insert a Cache-Control:max-age=0, no-cache header

I need to do multi-line replacement in apache2, an mod-substitute only does single line matching AFAIK.

I need to be able to do something like this:

replace

<script>
foo = x;
bar = y;
alert(x + y);
</script>

with

<script>
alert("I'm someone else!");
</script>

Is there a way to do this with apache?

So I have mod_proxy setup pointing at

ProxyPass / http://www.mydomain.com/
ProxyPassReverse / http://www.mydomain.com/

and www.mydomain.com has 4 A records (ie DNS load balancing) will mod_proxy pick 1 ip from that list for all it's worker processes and expire on the ttl of the DNS record, or will each worker process pick its own IP from that list?

I'm setting up a proxy sitting in front of a web server that is using this DNS load balancing, and I don't want to have to hard-code their IP addresses into BalancerMember directives as then they can't add & remove IP addresses without changing the proxy too.

I'm getting a lot of requests turning up in our apache logs that look like this

www.example.com:80 10.240.1.8 - - [06/Mar/2013:00:39:19 +0000] "-" 408 0 "-" "-" -

There seems to be no request and no user agent. Has anyone seen this before?

I've setup Squid on windows (Win7) and it works fine, but I want to be able to have the conf files portable. Is it possible for the paths in squid.conf to be relative to the squid working directory rather than absolute?

I've got cygwin installed on a windows machine & I'm trying to run squid. But when I run /usr/sbin/squid -i it does nothing, no response, no log files, nothing. I've tried searching for solutions but all I've found is one particularly hostile thread on the squid maling list. The doco just says to run with the -i to install as a windows service

I'm trying to track down when a user on our system was created, is there any way to tell this in Windows Server 2003?

This happens on a number of PCs (WinXP SP3), where an application will simply lock up. It may be the browser (usually Firefox in our case) or it may be Visual Studio, or something else, but every time it seems the same, the application locks up, sometimes for minutes. There is no spike in CPU usage. Usually the other applications that are open at the time continue to work fine, but other times it takes the explorer.exe process with it.

Given the lack of CPU spike, or any other metric I can see, how can I diagnose what is causing this issue?

Seeing as Vista didn't have a really high uptake rate amongst businesses, are you planning to roll Windows 7 out to your Windows XP network and if so, how do you plan on doing it?

This question is mostly due to the fact that there isn't an upgrade path from XP to 7, so it would seem that the nuke & pave approach is all that's available & this seems like it's going to be a pain for larger (or even smaller) networks. Is Microsoft releasing a way to install Windows 7 without wiping out the whole Windows XP install?

I'm trying to start an IIS website & I keep getting the error

Unexpected error 0x8ffe2740 occurred

Investigating in the system log displays this error

The service could not bind instance 1. The data is the error code. For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.

I have had WAMP running on this machine, but I shut it down & I can't see anything else that could be bound to port 80. If I change the port to something else it works fine, so I am assuming it is because something else was bound to 80 and it hasn't been released, but I can't see what it is

eg bin, sbin, proc, lib, boot, usr, etc...

Is there a standard list somewhere, does it depend on the distro?

This is essentially to answer the common question I have "I'm installing X or putting Y on the server, what folder should I put it in?"

So, not sure if this is a Stack Overflow or a Server Fault question. If I have a .NET website that I want to deploy to the production environment, what's the best way to do so. Should I package it as an MSI & install? Use nant to push the needed files up. Just FTP the files up using Beyond Compare?

How do you deploy production code? This is a Windows specific case that I'm looking at here.