Bug#279690: apache-ssl: Segmentation fault when accessing any pages
Fabio Massimo Di Nitto wrote:
Can you please attach the configuration files? What modules are you using?
Fabio
########## File httpd.conf #########
cat httpd.conf | grep -v '^#' | grep '[A-Za-z0-9]'
ServerType standalone
ServerRoot /etc/apache-ssl
LockFile /var/lock/apache-ssl.lock
PidFile /var/run/apache-ssl.pid
ScoreBoardFile /var/run/apache-ssl.scoreboard
Timeout 120
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MinSpareServers 2
MaxSpareServers 6
StartServers 3
MaxClients 150
MaxRequestsPerChild 100
Listen 443
Include /etc/apache-ssl/modules.conf
<IfModule mod_status.c>
ExtendedStatus On
</IfModule>
Port 443
User www-data
Group www-data
ServerAdmin webmaster@pixelized.ch
ServerName www.pixelized.ch
DocumentRoot /home/www.pixelized.ch
<Directory />
Options SymLinksIfOwnerMatch
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes Includes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Directory /home/www.pixelized.ch/>
Options Indexes Includes FollowSymLinks MultiViews
# This controls which options the .htaccess files in directories can
# override. Can also be "All", or any combination of "Options",
"FileInfo",
# "AuthConfig", and "Limit"
AllowOverride None
# Controls who can get stuff from this server.
Order allow,deny
Allow from all
</Directory>
<IfModule mod_userdir.c>
UserDir public_html
<Directory /home/*/public_html>
AllowOverride FileInfo AuthConfig Limit
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS PROPFIND>
Order allow,deny
Allow from all
</Limit>
<Limit PUT DELETE PATCH PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
Order deny,allow
Deny from all
</Limit>
</Directory>
</IfModule>
<IfModule mod_dir.c>
DirectoryIndex index.html index.htm index.shtml index.cgi index.php
</IfModule>
AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
UseCanonicalName Off
TypesConfig /etc/mime.types
DefaultType text/plain
<IfModule mod_mime_magic.c>
MIMEMagicFile /usr/share/misc/file/magic.mime
</IfModule>
HostnameLookups Off
ErrorLog /var/log/apache-ssl/error.log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"
\"%{forensic-
id}n\" %T %v" full
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"
\"%{forensic-
id}n\" %P %T" debug
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"
\"%{forensic-
id}n\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{forensic-id}n\"" forensic
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog /var/log/apache-ssl/access.log combined
<IfModule mod_log_forensic.c>
ForensicLog /var/log/apache-ssl/forensic.log
</IfModule>
<IfModule mod_backtrace.c>
EnableExceptionHook On
# Backtrace logs are written to error.log but optionally they can be
# redirected to a different file.
# BacktraceLog /var/log/apache-ssl/backtrace.log
</IfModule>
<IfModule mod_whatkilledus.c>
EnableExceptionHook On
# Whatkilledus logs are written to error.log but optionally they can be
# redirected to a different file.
# WhatKilledUsLog /var/log/apache-ssl/whatkilledus.log
</IfModule>
ServerSignature On
<IfModule mod_alias.c>
Alias /icons/ /usr/share/apache/icons/
<Directory /usr/share/apache/icons>
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
Alias /images/ /usr/share/images/
<Directory /usr/share/images>
Options MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</IfModule>
<IfModule mod_alias.c>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory /usr/lib/cgi-bin/>
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
</IfModule>
<IfModule mod_autoindex.c>
# FancyIndexing: whether you want fancy directory indexing or standard
IndexOptions FancyIndexing NameWidth=*
# AddIcon* directives tell the server which icon to show for different
# files or filename extensions. These are only displayed for
# FancyIndexed directories.
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/deb.gif .deb
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
# DefaultIcon: which icon to show for files which do not have an icon
# explicitly set.
DefaultIcon /icons/unknown.gif
# AddDescription: allows you to place a short description after a
file in
# server-generated indexes. These are only displayed for FancyIndexed
# directories.
# Format: AddDescription "description" filename
#AddDescription "GZIP compressed document" .gz
#AddDescription "tar archive" .tar
#AddDescription "GZIP compressed tar archive" .tgz
# ReadmeName: the name of the README file the server will look for by
# default, and append to directory listings.
# HeaderName: the name of a file which should be prepended to
# directory indexes.
# The module recognize only 2 kind of mime-types, text/html and
# text/*, but the only method it has to identify them is via
# the filename extension. The default is to include and display
# html files.
ReadmeName README.html
HeaderName HEADER.html
# Otherwise you can comment the 2 lines above and uncomment
# the 2 below in order to display plain text files.
# ReadmeName README.txt
# HeaderName HEADER.txt
# IndexIgnore: a set of filenames which directory indexing should
ignore
# and not include in the listing. Shell-style wildcarding is
permitted.
IndexIgnore .??* *~ *# HEADER.html HEADER.txt RCS CVS *,v *,t
# Uncomment the following IndexIgnore line to add README.* to the file
# list that will not be displayed by mod_autoindex.
# It is not enabled by default on Debian system to permit users to
properly
# browse Debian documentation (/doc/)
#IndexIgnore README.*
</IfModule>
<IfModule mod_mime.c>
# AddEncoding allows you to have certain browsers (Mosaic/X 2.1+)
# uncompress information on the fly. Note: Not all browsers support
# this. Despite the name similarity, the following Add* directives
# have nothing to do with the FancyIndexing customization
# directives above.
AddEncoding x-compress Z
AddEncoding x-gzip gz tgz
# AddLanguage: allows you to specify the language of a document.
You can
# then use content negotiation to give a browser a file in a language
# it can understand.
# Note 1: The suffix does not have to be the same as the language
# keyword --- those with documents in Polish (whose net-standard
# language code is pl) may wish to use "AddLanguage pl .po" to
# avoid the ambiguity with the common suffix for perl scripts.
# Note 2: The example entries below illustrate that in quite
# some cases the two character 'Language' abbriviation is not
# identical to the two character 'Country' code for its country,
# E.g. 'Danmark/dk' versus 'Danish/da'.
# Note 3: There is 'work in progress' to fix this and get
# the reference data for rfc3066 cleaned up.
# Danish (da) - Dutch (nl) - English (en) - Estonian (ee)
# French (fr) - German (de) - Greek-Modern (el)
# Italian (it) - Portugese (pt) - Luxembourgeois (lb)
# Spanish (es) - Swedish (sv) - Catalan (ca) - Czech(cs)
# Polish (pl) - Brazilian Portuguese (pt-br) - Japanese (ja)
AddLanguage da .dk
AddLanguage nl .nl
AddLanguage en .en
AddLanguage et .ee
AddLanguage fr .fr
AddLanguage de .de
AddLanguage el .el
AddLanguage it .it
AddLanguage ja .ja
AddCharset ISO-2022-JP .jis
AddLanguage pl .po
AddCharset ISO-8859-2 .iso-pl
AddLanguage pt .pt
AddLanguage pt-br .pt-br
AddLanguage lb .lu
AddLanguage ca .ca
AddLanguage es .es
AddLanguage sv .se
AddLanguage cs .cz
# LanguagePriority: allows you to give precedence to some languages
# in case of a tie during content negotiation.
# Just list the languages in decreasing order of preference. We have
# more or less alphabetized them here. You probably want to change
# this.
<IfModule mod_negotiation.c>
LanguagePriority en da nl et fr de el it ja pl pt pt-br lb ca es sv
</IfModule>
# AddType allows you to tweak mime.types without actually editing
# it, or to make certain files to be certain types.
# For example, the PHP 3.x module (not part of the Apache
# distribution - see http://www.php.net) will typically use:
#AddType application/x-httpd-php3 .php3
#AddType application/x-httpd-php3-source .phps
# And for PHP 4.x, use:
#AddType application/x-httpd-php .php
#AddType application/x-httpd-php-source .phps
AddType application/x-tar .tgz
AddType image/bmp .bmp
# hdml
AddType text/x-hdml .hdml
# AddHandler allows you to map certain file extensions to "handlers",
# actions unrelated to filetype. These can be either built into
# the server or added with the Action command (see below).
# If you want to use server side includes, or CGI outside
# ScriptAliased directories, uncomment the following lines.
# To use CGI scripts:
#AddHandler cgi-script .cgi .sh .pl
# To use server-parsed HTML files mod_include has to be enabled.
<IfModule mod_include.c>
AddType text/html .shtml
AddHandler server-parsed .shtml
</IfModule>
# Uncomment the following line to enable Apache's send-asis HTTP
# file feature.
#AddHandler send-as-is asis
# If you wish to use server-parsed imagemap files, use
#AddHandler imap-file map
# To enable type maps, you might want to use
#AddHandler type-map var
</IfModule>
AddDefaultCharset on
<IfModule mod_setenvif.c>
# The following directives modify normal HTTP response behavior.
# The first directive disables keepalive for Netscape 2.x and
browsers that
# spoof it. There are known problems with these browser
implementations.
# The second directive is for Microsoft Internet Explorer 4.0b2
# which has a broken HTTP/1.1 implementation and does not properly
# support keepalive when it is used on 301 or 302 (redirect) responses.
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0
force-response-1.0
# The following directive disables HTTP/1.1 responses to browsers which
# are in violation of the HTTP/1.0 spec by not being able to grok a
# basic 1.1 response.
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
</IfModule>
<IfModule mod_perl.c>
<IfModule mod_alias.c>
Alias /perl/ /var/www/perl/
</IfModule>
<Location /perl>
SetHandler perl-script
PerlHandler Apache::Registry
Options +ExecCGI
</Location>
</IfModule>
<IfModule mod_alias.c>
Alias /doc/ /usr/share/doc/
</IfModule>
<Location /doc>
order deny,allow
deny from all
allow from 127.0.0.0/255.0.0.0
Options Indexes FollowSymLinks MultiViews
</Location>
<IfModule mod_proxy.c>
# Proxy Server directives. Uncomment the following lines to
# enable the proxy server:
#ProxyRequests On
#<Directory proxy:*>
# Order deny,allow
# Deny from all
# Allow from .your_domain.com
#</Directory>
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing
Via: headers)
# Set to one of: Off | On | Full | Block
#ProxyVia On
# To enable the cache as well, edit and uncomment the following lines:
# (no cacheing without CacheRoot)
#CacheRoot "/var/cache/apache-ssl"
#CacheSize 5
#CacheGcInterval 4
#CacheMaxExpire 24
#CacheLastModifiedFactor 0.1
#CacheDefaultExpire 1
#NoCache a_domain.com another_domain.edu joes.garage_sale.com
</IfModule>
NameVirtualHost *
SSLNoV2
SSLNoCAList
SSLRandomFile file /dev/urandom 1024
SSLRandomFilePerConnection file /dev/urandom 1024
SSLEnable
SSLCacheServerPath /usr/lib/apache-ssl/gcache
SSLCacheServerPort /var/run/gcache_port
SSLSessionCacheTimeout 15
SSLCertificateFile /etc/apache-ssl/apache.pem
SSLVerifyClient 0
SSLVerifyDepth 10
SSLUseCRL
SSLCRLCheckAll
SSLOnRevocationSetEnv SSL_REVOKED
SSLOnCRLExpirySetEnv SSL_CRL_EXPIRED
SSLOnNoCRLSetEnv SSL_NO_CRL
SSLFakeBasicAuth
CustomLog /var/log/apache-ssl/ssl.log "%t %{version}c %{cipher}c
%{clientcert}c"
Include /etc/apache-ssl/conf.d
#### conf.d/ispman #########
<VirtualHost *:808>
ServerAdmin admin@pixelized.ch
ServerName adm.pixelized.ch
SSLCertificateFile /etc/apache-ssl/apache.pem
DocumentRoot /opt/ispman/htdocs
PerlModule Apache::Registry
<Directory /opt/ispman/htdocs>
DirectoryIndex index.html index.cgi
AllowOverride None
<Files *.cgi>
Options ExecCGI
SetHandler perl-script
PerlHandler Apache::Registry
# AddHandler cgi-script .cgi
</Files>
</Directory>
</VirtualHost>
##### modules.conf ######
# Autogenerated file - do not edit!
# This file is maintained by the apache-ssl package.
# To update it, run the command:
# /usr/sbin/apache-modconf apache-ssl
ClearModuleList
AddModule mod_so.c
AddModule mod_macro.c
LoadModule config_log_module /usr/lib/apache/1.3/mod_log_config_ssl.so
LoadModule mime_magic_module /usr/lib/apache/1.3/mod_mime_magic.so
LoadModule mime_module /usr/lib/apache/1.3/mod_mime_ssl.so
LoadModule negotiation_module /usr/lib/apache/1.3/mod_negotiation.so
LoadModule status_module /usr/lib/apache/1.3/mod_status.so
LoadModule autoindex_module /usr/lib/apache/1.3/mod_autoindex.so
LoadModule dir_module /usr/lib/apache/1.3/mod_dir.so
LoadModule cgi_module /usr/lib/apache/1.3/mod_cgi.so
LoadModule userdir_module /usr/lib/apache/1.3/mod_userdir.so
LoadModule alias_module /usr/lib/apache/1.3/mod_alias.so
LoadModule rewrite_module /usr/lib/apache/1.3/mod_rewrite.so
LoadModule access_module /usr/lib/apache/1.3/mod_access.so
LoadModule expires_module /usr/lib/apache/1.3/mod_expires.so
LoadModule setenvif_module /usr/lib/apache/1.3/mod_setenvif.so
LoadModule apache_ssl_module /usr/lib/apache/1.3/libssl.so
LoadModule auth_module /usr/lib/apache/1.3/mod_auth_ssl.so
LoadModule perl_module /usr/lib/apache/1.3/mod_perl.so
ciao
cate
Reply to: