Jump to content
TCH-James

Apache2 Announcement

Recommended Posts

Greetings TCH Family,

 

We have been evaluating the roll out of Apache 2.2 on TotalChoice servers. At the present time, we do not have a roll out date as we are still finishing up testing with various software and php modules.

 

Apache2 will provide TCH customers benefits in performance and security while still providing the reliability that everyone expects from Apache 1. Along with Apache2, we will be enabling new features such as MySQL PDO and SOAP that have been the most requested features thus far. During the rollout we will also be updating servers to the latest PHP5 revision which is mainly a security release.

 

As we finish up testing I wanted to solicit feedback from any customers looking to utilize features specific to the latest version of Apache2 or the new modules. Good, bad or indifferent to Apache2 I'd like to hear your opinion.

Share this post


Link to post
Share on other sites

We have tested Apache2 upgrade on our test servers and confirmed that everything works smooth as intended. We will now continue with the test by taking three live servers to study any real world issues that might occur. Following servers have been scheduled for 9th Jan, Wednesday, 11:30PM EST for the upgrade :

 

naboo

matra

server125

 

In the meanwhile let's continue with the discussion about additional modules needed etc. Josh, can you just get us a link to the mod_nerd page. We will take a look :)

Share this post


Link to post
Share on other sites

Are you looking for modules over and above those preselected in the cPanel EA3 (EasyApache 3) profiles?

 

Are you going to deploy suPHP or Suhosin? What about mod_security 2?

 

Final question for this post: will you be offering support for ASP.NET, now that it's available via EA3?

Share this post


Link to post
Share on other sites

Apache on the servers listed above has been successfully upgraded to 2.2. We have spent some time checking logs and websites for errors and everything looks fine. If any of you are experiencing problems with your websites please raise a trouble ticket.

 

Are you looking for modules over and above those preselected in the cPanel EA3 (EasyApache 3) profiles?

 

Are you going to deploy suPHP or Suhosin? What about mod_security 2?

 

Final question for this post: will you be offering support for ASP.NET, now that it's available via EA3?

 

Yes, we have created a custom profile and this will be used to build Apache and PHP on other servers. Mod_security 2 out of those requested by you will be enabled. We are reviewing Suhosin.

Share this post


Link to post
Share on other sites
Apache on the servers listed above has been successfully upgraded to 2.2. We have spent some time checking logs and websites for errors and everything looks fine. If any of you are experiencing problems with your websites please raise a trouble ticket.

 

One of the sites I host was not working this morning, but I tracked down the problem and fixed it, so I thought I would share what I learned. If you have the following line in your .htaccess file, it is apparently not supported by Apache 2.2, and it must be removed for your site to load:

 

SecFilterEngine Off

 

This is a common .htaccess tweak that is required to fix FrontPage publishing issues, and is recommended in other TCH forum threads. I'm not sure what impact removing it will have on the ability to publish but at least the site is up again. I'm also not sure if this setting is used for anything else.

 

Before upgrading any more sites to Apache 2.2, this probably needs to be investigated and users with this setting will need to be warned.

 

PK

Share this post


Link to post
Share on other sites

It's used in some WordPress installations. I know I use it on several of my sites. I don't remember which plugin requires it but I use which ever one it is.

Share this post


Link to post
Share on other sites
One of the sites I host was not working this morning, but I tracked down the problem and fixed it, so I thought I would share what I learned. If you have the following line in your .htaccess file, it is apparently not supported by Apache 2.2, and it must be removed for your site to load:

 

SecFilterEngine Off

 

....

 

This is actually due to the newer version of mod_security. There appears to be a new method for disabling it or certain portions to prevent conflicts, but they don't seem to work out of the box. I'll see what I can come up with and post it here.

Share this post


Link to post
Share on other sites
This is actually due to the newer version of mod_security. There appears to be a new method for disabling it or certain portions to prevent conflicts, but they don't seem to work out of the box. I'll see what I can come up with and post it here.

 

This is also commonly used for PHPBB.

 

Thanks,

Dan

Share this post


Link to post
Share on other sites

After doing some research, it appears that the latest version of mod_security removes the ability to make changes via an .htaccess file. It can be done through the apache configuration file, but this means that we would need to add this in. We are currently looking at the needed changes for our custom rules set with modSecurity2, so the defaults should not interfere with your site. If you do run into issues, please open a ticket with the help desk and we'll take a look.

Share this post


Link to post
Share on other sites

It looks like

>SecRuleEngine Off

 

would suffice for disabling mod_sec in .htaccess : http://www.modsecurity.org/documentation/m...ves.html#N106ED

 

As for Suhosin, I'm not requesting it, just curious as its use (or mis-use) can greatly affect PHP applications.

 

No one addressed my last question, so I'll re-phrase it :)

 

Will TCH be offering support for mod_mono?

Share this post


Link to post
Share on other sites
Except ModSecurity 2.x disabled the ability to use those settings in .htaccess. They can only be used in the Apache configuration file now.

 

Understandable. Really, the last thing a sys admin wants is a user disabling security.

 

I understand, however, that the cPanel devs have reviewed the mod_security rules, removing those that break common applications.

Share this post


Link to post
Share on other sites
Understandable. Really, the last thing a sys admin wants is a user disabling security.

 

I understand, however, that the cPanel devs have reviewed the mod_security rules, removing those that break common applications.

 

We normally don't use the cPanel ruleset, instead we use a custom ruleset. We're currently reviewing both to come up with a revised version for our servers.

Share this post


Link to post
Share on other sites
We normally don't use the cPanel ruleset, instead we use a custom ruleset. We're currently reviewing both to come up with a revised version for our servers.

 

Just a little information about the ruleset. We don't provide our own ruleset, rather we use a 'honed' down version of the core rules. As telcor mentioned earlier we test the ruleset against both our own product and some common web applications. However, since we are not a web host provider, the ruleset we provide will, understandably, not be a 'perfect' fit for all, more of a starting point. Of course, we are always open to suggestions for rule additions, via the normal channels.

 

My apologies for delving off-topic with this.

Share this post


Link to post
Share on other sites

Is server92 locked in the "stoneage". I see this discussion, but notice that server92 is still Apache version 1.3.39 (Unix) .

Share this post


Link to post
Share on other sites

server92 is on the list of servers that will be migrated to TCH NOC. Once done it will have apache2. Kindly bear with us for some more time, as you can see we have already kick started migration this month.

 

PS. Let us give Ryan some breathing space. He is already on to the 5th migration this week. :flex:

Share this post


Link to post
Share on other sites

No problem. I only noticed this topic for the first time while looking for information about SOAP.

 

Take the time and do it right. Believe me I understand. :flex:

Share this post


Link to post
Share on other sites

×