TCH-James Posted December 19, 2007 Posted December 19, 2007 Greetings TCH Family, We have been evaluating the roll out of Apache 2.2 on TotalChoice servers. At the present time, we do not have a roll out date as we are still finishing up testing with various software and php modules. Apache2 will provide TCH customers benefits in performance and security while still providing the reliability that everyone expects from Apache 1. Along with Apache2, we will be enabling new features such as MySQL PDO and SOAP that have been the most requested features thus far. During the rollout we will also be updating servers to the latest PHP5 revision which is mainly a security release. As we finish up testing I wanted to solicit feedback from any customers looking to utilize features specific to the latest version of Apache2 or the new modules. Good, bad or indifferent to Apache2 I'd like to hear your opinion.
LISH-Josh Posted December 19, 2007 Posted December 19, 2007 Apache2 - yummy! You guys should enable "mod_nerd" asap.
TCH-Vivek Posted January 8, 2008 Posted January 8, 2008 We have tested Apache2 upgrade on our test servers and confirmed that everything works smooth as intended. We will now continue with the test by taking three live servers to study any real world issues that might occur. Following servers have been scheduled for 9th Jan, Wednesday, 11:30PM EST for the upgrade : naboo matra server125 In the meanwhile let's continue with the discussion about additional modules needed etc. Josh, can you just get us a link to the mod_nerd page. We will take a look
telcor Posted January 10, 2008 Posted January 10, 2008 Are you looking for modules over and above those preselected in the cPanel EA3 (EasyApache 3) profiles? Are you going to deploy suPHP or Suhosin? What about mod_security 2? Final question for this post: will you be offering support for ASP.NET, now that it's available via EA3?
TCH-Vivek Posted January 10, 2008 Posted January 10, 2008 Apache on the servers listed above has been successfully upgraded to 2.2. We have spent some time checking logs and websites for errors and everything looks fine. If any of you are experiencing problems with your websites please raise a trouble ticket. Are you looking for modules over and above those preselected in the cPanel EA3 (EasyApache 3) profiles? Are you going to deploy suPHP or Suhosin? What about mod_security 2? Final question for this post: will you be offering support for ASP.NET, now that it's available via EA3? Yes, we have created a custom profile and this will be used to build Apache and PHP on other servers. Mod_security 2 out of those requested by you will be enabled. We are reviewing Suhosin.
pkrohnert Posted January 10, 2008 Posted January 10, 2008 Apache on the servers listed above has been successfully upgraded to 2.2. We have spent some time checking logs and websites for errors and everything looks fine. If any of you are experiencing problems with your websites please raise a trouble ticket. One of the sites I host was not working this morning, but I tracked down the problem and fixed it, so I thought I would share what I learned. If you have the following line in your .htaccess file, it is apparently not supported by Apache 2.2, and it must be removed for your site to load: SecFilterEngine Off This is a common .htaccess tweak that is required to fix FrontPage publishing issues, and is recommended in other TCH forum threads. I'm not sure what impact removing it will have on the ability to publish but at least the site is up again. I'm also not sure if this setting is used for anything else. Before upgrading any more sites to Apache 2.2, this probably needs to be investigated and users with this setting will need to be warned. PK
TCH-Bruce Posted January 10, 2008 Posted January 10, 2008 It's used in some WordPress installations. I know I use it on several of my sites. I don't remember which plugin requires it but I use which ever one it is.
TCH-James Posted January 10, 2008 Author Posted January 10, 2008 One of the sites I host was not working this morning, but I tracked down the problem and fixed it, so I thought I would share what I learned. If you have the following line in your .htaccess file, it is apparently not supported by Apache 2.2, and it must be removed for your site to load: SecFilterEngine Off .... This is actually due to the newer version of mod_security. There appears to be a new method for disabling it or certain portions to prevent conflicts, but they don't seem to work out of the box. I'll see what I can come up with and post it here.
dcumpian Posted January 10, 2008 Posted January 10, 2008 This is actually due to the newer version of mod_security. There appears to be a new method for disabling it or certain portions to prevent conflicts, but they don't seem to work out of the box. I'll see what I can come up with and post it here. This is also commonly used for PHPBB. Thanks, Dan
TCH-James Posted January 10, 2008 Author Posted January 10, 2008 After doing some research, it appears that the latest version of mod_security removes the ability to make changes via an .htaccess file. It can be done through the apache configuration file, but this means that we would need to add this in. We are currently looking at the needed changes for our custom rules set with modSecurity2, so the defaults should not interfere with your site. If you do run into issues, please open a ticket with the help desk and we'll take a look.
telcor Posted January 11, 2008 Posted January 11, 2008 It looks like >SecRuleEngine Off would suffice for disabling mod_sec in .htaccess : http://www.modsecurity.org/documentation/m...ves.html#N106ED As for Suhosin, I'm not requesting it, just curious as its use (or mis-use) can greatly affect PHP applications. No one addressed my last question, so I'll re-phrase it Will TCH be offering support for mod_mono?
MikeJ Posted January 11, 2008 Posted January 11, 2008 It looks like >SecRuleEngine Off would suffice for disabling mod_sec in .htaccess : http://www.modsecurity.org/documentation/m...ves.html#N106ED Except ModSecurity 2.x disabled the ability to use those settings in .htaccess. They can only be used in the Apache configuration file now.
TCH-James Posted January 11, 2008 Author Posted January 11, 2008 Will TCH be offering support for mod_mono? We have no plans at this time to support mod_mono.
telcor Posted January 11, 2008 Posted January 11, 2008 Except ModSecurity 2.x disabled the ability to use those settings in .htaccess. They can only be used in the Apache configuration file now. Understandable. Really, the last thing a sys admin wants is a user disabling security. I understand, however, that the cPanel devs have reviewed the mod_security rules, removing those that break common applications.
TCH-James Posted January 11, 2008 Author Posted January 11, 2008 Understandable. Really, the last thing a sys admin wants is a user disabling security. I understand, however, that the cPanel devs have reviewed the mod_security rules, removing those that break common applications. We normally don't use the cPanel ruleset, instead we use a custom ruleset. We're currently reviewing both to come up with a revised version for our servers.
cpanelkenneth Posted January 15, 2008 Posted January 15, 2008 We normally don't use the cPanel ruleset, instead we use a custom ruleset. We're currently reviewing both to come up with a revised version for our servers. Just a little information about the ruleset. We don't provide our own ruleset, rather we use a 'honed' down version of the core rules. As telcor mentioned earlier we test the ruleset against both our own product and some common web applications. However, since we are not a web host provider, the ruleset we provide will, understandably, not be a 'perfect' fit for all, more of a starting point. Of course, we are always open to suggestions for rule additions, via the normal channels. My apologies for delving off-topic with this.
LATH Posted January 19, 2009 Posted January 19, 2009 Is server92 locked in the "stoneage". I see this discussion, but notice that server92 is still Apache version 1.3.39 (Unix) .
TCH-Carl Posted January 19, 2009 Posted January 19, 2009 server92 is on the list of servers that will be migrated to TCH NOC. Once done it will have apache2. Kindly bear with us for some more time, as you can see we have already kick started migration this month. PS. Let us give Ryan some breathing space. He is already on to the 5th migration this week.
LATH Posted January 19, 2009 Posted January 19, 2009 No problem. I only noticed this topic for the first time while looking for information about SOAP. Take the time and do it right. Believe me I understand.
Recommended Posts