Re: [SECURITY] [DSA 532-1] New libapache-mod-ssl packages fix multiple vulnerabilities
On Tue, Jul 27, 2004 at 01:01:10PM +0200, Rhesa Rozendaal wrote:
> The main reason is that it adds the line
> LoadModule ssl_module /usr/lib/apache/1.3/mod_ssl.so
> to the apache config file /etc/apache/httpd.conf.
> Here's why this breaks my setup: I run two instances of apache, a
> light-weight frontend server that handles static content and proxies
> dynamic requests to a big backend mod_perl instance that runs on
> the internal interface only. This is a common mod_perl configuration.
> In my case, the frontend handles SSL connections. Its config file is
> The backend instance uses the original filename /etc/apache/httpd.conf.
> The frontend is already bound to port 443. The backend tried to restart,
> but now has a load mod_ssl line, and can't start. And now our
> application won't run...
It is unfortunate that this caused a problem for you, but it was not the
resul of the security update. The woody Apache packages have always worked
this way, and will modify /etc/apache/httpd.conf. There is no way for the
packaging system to know that you are using /etc/apache/ht-light.conf
instead. If you are running multiple instances, I would suggest that you
use /etc/apache/httpd.conf only for the instance started by the package, and
use a different config file for your custom build.
However, I refer you to the debian-apache list for more information about
this (sometimes unfortunate) behaviour.