I just tried mod_qos, and I'm very impressed by the functinality.
But I stumble on a small issue...
When activating mod_qos, ssl (https) traffic stops working.
The site I'm trying to run mod_qos on is a SVN (subversion) site running apache2 on Linux SLES10 (s390x)
I compiled with apxs2 without major problems, and mod_qos works just fine.
The purpose and setup is for limiting the amount of requests over a period of time for each client, and I use the following config:
# don't allow a client IP to access /test.html 20 or
# more times within 10 minutes:
SetEnvIf Request_URI /test.html QS_Block=yes
QS_ClientEventBlockCount 20
Again, the mod_qos itself works flawless and does what it should do as far as I can see in behavior and logs, but for some reason, ssl breaks when activating it (of course ordinary http traffic works as expected - how could I test otherwise ;-)
Any ideas anyone?
feel free to send hints to kalle<at>hemmabruket.net - it would be very much appreciated :-)
Cheers,
Kalle Larsson
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Test the library dependencies of mod_qos and mod_ssl using ldd. Are they using the same libcrypto.so file?
2) In which order do you load your modules? Try to load mod_ssl before loading mod_qos (put the mod_ssl LoadModule directive abore mod_qos to your httpd.conf file).
3) What does "strace -f httpd -d ... 2>&1 | grep open(" show? What libraries are loaded into the Apache server?
Regards, Pascal
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Seems to work now (but I really don't know why ;-)
I recompiled with "/usr/sbin/apxs2-prefork -cia mod_qos.c" (prefork only) this time.
I recompiled on a machine without SVN installed and that seems to work better.
One problem is that mod_ssl is build-in into Apache2 on SLES10, so I dont have any special mod_ssl source to compile towards.
Perhaps the SVN installation messes up the mod_ssl pathes so that the compilation of mod_qos goes bad? (wild guess...)
Anyway - thanks again for an Excellent module (I can't understand why I havent found it earlier)!
I found it really strange why your mod is not more "famous", and it should really be a part of the core Apache repository - you have my vote on that.
I'll keep on testing and you have a nice day!
Cheers,
Kalle
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello
I just tried mod_qos, and I'm very impressed by the functinality.
But I stumble on a small issue...
When activating mod_qos, ssl (https) traffic stops working.
The site I'm trying to run mod_qos on is a SVN (subversion) site running apache2 on Linux SLES10 (s390x)
I compiled with apxs2 without major problems, and mod_qos works just fine.
The purpose and setup is for limiting the amount of requests over a period of time for each client, and I use the following config:
# don't allow a client IP to access /test.html 20 or
# more times within 10 minutes:
SetEnvIf Request_URI /test.html QS_Block=yes
QS_ClientEventBlockCount 20
Again, the mod_qos itself works flawless and does what it should do as far as I can see in behavior and logs, but for some reason, ssl breaks when activating it (of course ordinary http traffic works as expected - how could I test otherwise ;-)
Any ideas anyone?
feel free to send hints to kalle<at>hemmabruket.net - it would be very much appreciated :-)
Cheers,
Kalle Larsson
Hi Kalle,
1) How did you compile mod_qos? Could it be that mod_ssl and mod_qos load different OpenSSL libraries when loaded into the Apache server?
Define the OpenSSL includes and library path when compiling mod_qos.
Example:
apxs -c -I /opt/openssl/include -L /opt/gcc/lib -l gcc_s -lcrypto mod_qos.c -Wl,-R,/opt/gcc/lib
Test the library dependencies of mod_qos and mod_ssl using ldd. Are they using the same libcrypto.so file?
2) In which order do you load your modules? Try to load mod_ssl before loading mod_qos (put the mod_ssl LoadModule directive abore mod_qos to your httpd.conf file).
3) What does "strace -f httpd -d ... 2>&1 | grep open(" show? What libraries are loaded into the Apache server?
Regards, Pascal
Hmm...
Seems to work now (but I really don't know why ;-)
I recompiled with "/usr/sbin/apxs2-prefork -cia mod_qos.c" (prefork only) this time.
I recompiled on a machine without SVN installed and that seems to work better.
One problem is that mod_ssl is build-in into Apache2 on SLES10, so I dont have any special mod_ssl source to compile towards.
Perhaps the SVN installation messes up the mod_ssl pathes so that the compilation of mod_qos goes bad? (wild guess...)
Anyway - thanks again for an Excellent module (I can't understand why I havent found it earlier)!
I found it really strange why your mod is not more "famous", and it should really be a part of the core Apache repository - you have my vote on that.
I'll keep on testing and you have a nice day!
Cheers,
Kalle