Apache Tomcat Native library Not Found Error on Ubuntu

Sometimes you might get the following error message in your logs for your Tomcat instance under Ubuntu.

The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found

 

To fix this issue, simply run the following command to install the appropriate library.

apt-get install libtcnative-1

 

The error should go away!

Apache Error Log mod_fcgid: can’t apply process slot for /usr/local/cpanel/cgi-sys/php5 (cPanel/CloudLinux)

I was getting the following error message in apaches error log on a cPanel machine with CloudLinux

mod_fcgid: can't apply process slot for /usr/local/cpanel/cgi-sys/php5

Looking into the issue, it seemed that a couple of sites were reaching the max EP (Entry PRocess). If you read the ClouldLinux documentation it states the following. http://docs.cloudlinux.com/index.html?limits.html

Entry processes limit control the number of entries into LVE. Each time a process ‘enters’ into LVE, we increment the counter. Each time process exits LVE, we decrement the counter. We don’t count processes that are created inside LVE itself. It is also know as ‘Apache concurrent connections’ limit. The process enter’s into LVE when there is a new HTTP request for CGI/PHP, when new SSH session is created, or when new cron job is started. This limit was created to prevent DoS attacks against web server. One of the fairly popular attacks is to tie up all the Apache connections by hitting some slow page on a server. Once all Apache slots are used up, no one else will be able to connect to the web server, causing it to appear to be down. The issue is worsened by CPU limits, as once site starts to get slow due to CPU limit — it will respond to requests slower and slower, causing more and more connections to be tied up. To solve that, we have created entry processes (often called concurrent connections) limit. It will limit the number of concurrent connections to Apache, causing web server to serve error 508 page (Resource Limit Reached), once there number of concurrent requests for the site goes above the limit.

I

WordPress and Protecting Directories with .htaccess

You’ll find sometime that when you deploy WordPress in order for permalinks to work correctly you need a proper .htaccess file. This .htaccess also affects anything else you place within your web root when WordPress lives.

For instance if you need to password protect a directory within the your webroot where WordPress lives. You’ll find that when you do so, and try to visit that folder in a web browser that a 404 WordPress page will be displayed. To fix this, you simply need to add the following to your main .htaccess file that has your WordPress rules.

ErrorDocument 401 default

This should then allow you to use your password protected directories as you normally would if you didn’t have WordPress installed.

Source: http://www.andrewrollins.com/2008/01/22/wordpress-and-htaccess-password-protected-directories/

Pasword Protected Sub Directories Missing on Index Listing with Apache2

If you’ve setup a folder that allows listing of the directory index, you will be presented with that directories contents. Folders and files will be show and you can navigate through each folder. However, if you’ve password protected a sub directory, it will not show up in the listing. This is because its considered to be protected and the user should not be able to access it.

To override this option you must place the following into your root .htaccess file, not the one protecting the folder.

IndexOptions +ShowForbidden

http://httpd.apache.org/docs/current/mod/mod_autoindex.html

Apache dDoS “killapache” Sends Malformed GET Requests

There is a bug in certain versions of Apache that is susceptible to a dDoS using malformed GET requests. You can find more information about “killapache” at the following site.

http://www.pentestit.com/2011/08/25/killapache-ddos-tool-freezes-apache-web-server/

 

There is no patch, however their is a work around for this bug which is provided below. In Ubuntu or Debian create a new file “/etc/apache2/conf.d/killapache-fix” and place the following code

 


# Drop the Range header when more than 5 ranges.
# CVE-2011-3192
SetEnvIf Range (,.*?){5,} bad-range=1
RequestHeader unset Range env=bad-range

# optional logging.
CustomLog logs/range-CVE-2011-3192.log common env=bad-range

You may need to install the “headers” module, which can be done by typing “a2enmod headers” and then you should be able to reload apache without errors.

 

WordPress Permalink Sub-Directory 404 Error Weirdness

I didn’t really know what to put for the title of this post, but hopefully the content makes more sense and gets indexed properly and found by people looking for this specific information.

The problem is when you install WordPress and setup Permalinks which uses a .htaccess file for Apache. The .htaccess make cause problems with other applications or HTML files you have in sub-directories in your document root.

The fix? It’s simple, just view this blog post. It explains to fix the problem you simply place “ErrorDocument 401 default” at the top of your .htaccess file and everything is resolved. Your WordPress installation still generates 404 pages, but now sub-directories work correctly.

http://www.geoffblog.com/2009/04/wordpress-htaccess-clashes-with-sub.html

Adventures in cPanel and mod_fcgid/Apache mpm_worker

I’ve started using cPanel on my main box, as well as some VPS accounts for a couple of customers. I never really enjoyed using a “Control Panel”, but ever since moving to cPanel I’ve actually enjoyed the experience. Previous to cPanel I was mostly using scripts I’ve coded in perl, which worked well. But there was no way to provide the users with control without writing lots of lines of code. Why re-invent the wheel?

Before cPAnel I use to run Apache2/mod_fcgid/mpm_worker with an entirely custom configuration. cPanel comes with something called EasyApache, which allows you to go step by step through how Apache and PHP will be configured and setup. It will download the required source and then build, all automatically unless something breaks which is rare.

EasyApache supports mpm_worker and mod_fcgid, which builds and works for the most part. The only exception is the fact that are issues with mod_fcgid/2.3.5 that seems to leave left over PHP processes. These processes sit idle while eating up memory, eventually if you have enough of them your machine will run into “OOM\Out Of Memory Errors”. Which is ugly. I have a post up on cPanel’s forum:

http://forums.cpanel.net/f5/lost-abandoned-php-processes-apache-2-2-17-mod_fcgid-2-3-5-suexec-180571.html

There has been a suggestion to upgrade to mod_fcgid/2.3.6 which I’ve done and still seem to have

Looking at Cassandra (DB) and Hiphop (Compiling PHP to Native C)

I was all over the internet one day and ran into a project called Cassandra. Which was opensourced by Facebook and is being developed by Apache committers as well as other major companies.

http://cassandra.apache.org/

I also dug up another Facebook related project called Hiphop, which compiles PHP into native C to boost performance. Also used by Facebook.

https://github.com/facebook/hiphop-php/wiki/