WebGate Configuration Problem - apache

I have a instance of Oracle Access Manager set up on Server A and a copy of WebGate set up on Apache on Server B which should be working but isn't. When I try to access http(s)://hostname:port/access/oblix/apps/ webgate/bin/webgate.cgi?progid=1 as specified in the directions after everything is set up, I get a web page that says:
No Response from Application Web Server
There was no response from the application web server for the page you requested.
Please notify the site's webmaster and try your request again later.
I get the same error message when accessing other pages which are set up to be protected by WebGate with LocationMatch in Apache's httpd.conf.
Also, I'm not getting any output in webgate/access/oblix/logs/oblog.log even though webgate/access/oblix/conf/oblog_config_wg.xml has the log level set to LOGLEVEL_TRACE.
Does anyone have thoughts on what config files to check that could be causing this problem?
Edit 1: I've found that when I access a page protected by WebGate, the Apache error_log has this:
[Thu Oct 8 09:44:23 2009] [notice] child pid 4970 exit signal Segmentation fault (11)
Edit 2: Also, for some reason, pages which are to be protected by WebGate don't trigger an update to Apache's access_log, even though they do return that error message.

Ah the joy of the webgate install. Here are the usual questions I ask myself:
Does the apache user also own the directory where webgate is installed?
Are you running this on an OS and Apache version verified by Oracle?
Is your httpd.conf correctly setup with the WebGate configs?
Did you put
LD_ASSUME_KERNEL=2.4.19
export LD_ASSUME_KERNEL
in your init.d/httpd file?
Are you clocks in sync between the Access server and the apache host?

Reinstalling Webgate fixed the problem. Not sure what screwed it up.

i got
[2014-03-27T04:41:51.2101+05:30] [OHS] [NOTIFICATION:16] [OHS-9999] [core.c] [pid: 14931] [tid: 139749613860672] [user: root] [VirtualHost: main] child pid 14952 exit signal Segmentation fault (11)
along with
Directory does not exist for read/write [.../oracle/middleware/Oracle_WT1/log] []
in OHS_HOME/network/log/sqlnet.log
After changing file permission of OHS directory appropriately. This issue got resolved for me.

Related

Apache/PHP7.3 running in Docker randomly drops connection with empty response

I have found several similar questions:
APACHE, PHP Server return randomly empty response
https://serverfault.com/questions/66662/apache-gives-empty-reply
and others
However these does not seem to help to find the cause. I can replicate the behaviour when reloading a specific page ~20 times.
Running current apache2 (= 2.4.38-3+deb10u4). I tried to disable opcache, remove MaxRequestsPerChild with no effect.
Apache log does not show any error. The request is not even logged.
The USE_ZEND_ALLOC=0 seem to have no effect and the problem persists.
I tried to install mod_forensic which shows that the request came in. No error or finished request is then logged.
The container is running in Kubernetes and I cannot replicate the issue locally running directly with Docker machine, that is why I think this might be caused by some memory setting. However I couldn't find what might be causing this as there is no single error message.
Can you think of any reason why this might be happening?
Edit1:
I tried to set log level to trace:
https://gist.github.com/knyttl/861e8a0fe5651408df37cd5c3874946b
The request is handled and then you can see:
[Tue Oct 20 08:37:55.825454 2020] [core:trace4] [pid 1] mpm_common.c(536): mpm child 388 (gen 2/slot 4) exited
With no error and no response.
Edit2:
I updated to php7.4 and the issue persists.
I finally found it:
The process is silently killed by OOM killer of the host machine:
[4019392.626796] Memory cgroup out of memory: Kill process 4178127 (apache2) score 1137 or sacrifice child
[4019392.636520] Killed process 4178127 (apache2) total-vm:143960kB, anon-rss:22856kB, file-rss:10472kB, shmem-rss:28228kB
This is never logged within the container so it was hard to find.
Why don't you use Jorge's answers ?
Finally solved by adding to /etc/apache2/envvars:
export USE_ZEND_ALLOC=0
https://serverfault.com/a/66759

Apache/Docusign - Restrict location by host or ip

I'm trying to restrict an url called by Docusign event when a document is completed.
I want to only give access to this url by Docusign host or ip but i'm unable to do so because of my limited skills on Apache.
By following this documentation https://www.docusign.com/trust/security/esignature
I've tried to add this line in my vhost :
<LocationMatch "^/souscription/api/[^/].*/callback/.*$">
Require host docusign.com docusign.net
</LocationMatch>
But I have this error in apache log:
[Wed Jul 29 12:59:09.663648 2020] [authz_host:error] [pid 32671] [client 162.248.186.11:50836] AH01753: access check of 'docusign.com docusign.net' to /souscription/api/1.0/callback/118/completed failed, reason: unable to get the remote host name
What's wrong with my config ?
For Apache questions, use superuser.com
When building a listening server for receiving DocuSign webhook messages, filtering by IP is not recommended since it leads to a brittle installation that can fail at exactly the wrong time. Instead:
Use the combination of the Basic Authentication and HMAC features to assure yourself that the message really came from DocuSign.
Or better, use an intermediate PaaS service to queue the notification messages. The additional feature is that you can receive the notification messages from behind your firewall with no changes to the firewall. See the example repo and associated blog posts.

Apache crashes with Parent: child process exited with status 3221226356

Apache crashes and I get the following error in the apache log:
AH00428: Parent: child process exited with status 3221226356 -- Restarting.
Backtrace:
Count: 2
Exception #: 0XC0000008
Stack:
ntdll!KiRaiseUserExceptionDispatcher+0x3a
KERNELBASE!CloseHandle+0x1b
libapr_1!apr_shm_size_get+0x27d
libapr_1!apr_shm_destroy+0x12
mod_socache_shmcb+0x161c
mod_ssl!ssl_run_proxy_post_handshake+0x8d12
mod_ssl!ssl_run_pre_handshake+0x3d97
libapr_1!apr_pool_clear+0x6e
httpd!OPENSSL_Applink+0xcef
httpd!OPENSSL_Applink+0x1f98
KERNEL32!BaseThreadInitThunk+0x22
ntdll!RtlUserThreadStart+0x34
Seems to have to do with mod_ssl. I do have a http proxy set up in a https virtual host. However, the same error appears in the Apache log even if I comment out the proxy portion of the config file. This error also tends to be followed by a couple of MySQL errors in the Windows application log complaining about a lost connection. I think that might just be because Apache crashed while the connections were open. I am using the latest versions of Apache 2.4.20, PHP 7.0.8, and MySQL 5.7. Any ideas? Thanks!

mod mono server 4 constantly crashes with soap requests

I have a c# Soap service that I have running on my Linux Suse 12.1 VPS server. This has been working fine without problems until I made a small change to the soap service and copied it onto my VPS. I thought it must have been an issue with my change so I rolled back my changes and still not working. Even some methods that haven't been touched are failing.
However, I have tested on my Dev machine which is on windows and is working fine and have also copied the soap interface on to a linux dev machine which is set up in the exact samme way as my VPS, i.e. OpenSuse 12.1 and has all the same stuff as my VPS web server. Both work absolutely fine, not got any problems what so ever.
On the VPS host, however, mod-mono-server is constantly crashing and even though it starts up, the asmx file cannot be read, just displays server error, and I need to run rcapache2 restart to get the test page to load up.
In the apache error log file I have the following:
[Thu Aug 30 20:10:19 2012] [error] (70014)End of file found: read_data
failed [Thu Aug 30 20:10:19 2012] [error] Command stream corrupted,
last command was 1 [Thu Aug 30 20:08:47 2012] [error] Command stream
corrupted, last command was 7
I have no idea what the problem might be, I've tried rebooting the VPS but no difference.
I am using the ASP.net 4 version of mod-mono-server.
Thanks for any help you can provide.
UPDATE 1
I have just noticed something else in the apache error. The log file contains the following
[Thu Aug 30 20:46:31 2012] [notice] caught SIGTERM, shutting down
[Thu Aug 30 20:46:32 2012] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Thu Aug 30 20:46:32 2012] [error] Not running mod-mono-server.exe because no MonoApplications, MonoApplicationsConfigFile or MonoApplicationConfigDir specified.
UPDATE 2
Have just made a discovery, not entirely sure if it helps. The soap service is working fine on the server as long as it doesn't require accessing a mysql database. If it performs a query, it displays an an internal server error 500 within the test page. but if called from PHP it causes it to crash mono. The database is a mysql database and is a local database. There's 34% RAM Free so I don't believe this is a memory issue. I've also emptied the database table to determine if this fixes it if it its something to do with the amount of data, but this hasn't fixed it either.
Thanks to #knocte suggestion I managed to figure out the problem.
When the Soap Service accesses the database it reads a config.xml to determine what username and password to use to access the database, I'm guessing that this config file managed to get corrupted during the transfer. Although I could read it in vi, but maybe there was something that was wrong with the file that stopped the soap service reading the config.
All I did was delete the file and copy and paste the content into the file manually.
For some reason mod-mono when it couldn't access the database it crashes mono, even though all the MySQL stuff within the soap service has MySQL Exception handling. #knocte suggestion of testing the soap service proved useful as when this was used to access the database from the soap service xsp4 would stop but display the error saying that it didn't have permission to access the database, even though it had the correct username and password in the config file.
Once I had re-created the config file the soap service works correctly again.
Thanks for your help.

Magento Soap Error - Premature end of data in tag definitions line 2

My client is using Unleashedsoftware.com to connect to a Magento Store. But it gives this error.
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>WSDL</faultcode>
<faultstring>
SOAP-ERROR: Parsing WSDL: Couldn't load from 'http://www.domain.com/index.php/api/v2_soap/index/wsdl/1/' : Premature end of data in tag definitions line 2
</faultstring>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
When browsing http://www.domain.com/index.php/api/v2_soap/index/ Firebug gives me “500 Internal Service Error”.
When I browse http://www.domain.com/index.php/api/v2_soap/index/wsdl/1/, I am getting valid XML data.
I checked the server log files and it seems like:
[Thu Aug 30 22:22:25 2012] [warn] [client 92.92.92.92] mod_fcgid: stderr: in /home/doaminuser/public_html/lib/Zend/Soap/Server.php on line 762
I been searching for couple of days now and today I tried to duplicate the entire site to another test server, and it seems to be working! So that seems to be a server issue.
Please, anybody got any idea what could be the issue?
Is there any better way of debugging this issue, any sample code or debugging tips.
Magento version is 1.6.2
Thank you.
There's lots of times where Magento's SOAP API fails due to problems your Magento server has communicating with itself.
That is, PHP's SOAP implementation requires that the SOAP server itself fetch the WSDL file via http, and a local network configuration issue gets in the way of Magento fetching it's own WSDL.
You can debug this by SSHing into your Magento server, and running the following command
curl -l 'http://www.example.com/index.php/api/v2_soap/index/wsdl/1/' > /tmp/wsdl.xml
and then examining the wsdl.xml file. Because you're performing this from your web-server, you may get different results than when you're performing it from your local browser.
I had a similar problem when calling the URL
http://www.store.com/index.php/api/v2_soap/?wsdl
After some time I received the message 500 - Internal Server Error and a Premature end of script headers message in the apache error log.
After a whole day of research I figured out, that the Timeout-Directive of the Apache module (configured in httpd.conf on a Linux environment) was set to "20" which caused the server to send the 500 error after 20 seconds. The problem is, that in my case the Magento system needs a longer time to "crawl" through all wsdl.xml files in order to build the WSDL-output (if you are using Magento SOAPv2).
Maybe you should check your Timeout Directive..hope that helps.
"I have memories of this. What worked for me was to put the hostname
in /etc/hosts on the server plus the www alias on 127.0.0.1 However,
in this instance the server was in the building rather than in some
ISP place and the LAN had Windows computers on it. Windows users had
downloaded lots of trojan-virus-porn things that were spending the
whole time spamming the network so the real problem was with the
Windows computers on the network, not with the server or with Magento.
After fdisking the PC's the problem was solved."
Thank You I've been struggling for 2 days with this on magento 1.6 and Windows Server 2008 adding this line to the hosts file (C:\Windows\System32\drivers\etc) solved the issue for me:
127.0.0.1 www.Domain.com
also remember to fix your magento soap (role) because the Roles Resources doesn't save in 1.6 unless you fix this file:
MagentoRoot\app\code\core\Mage\Adminhtml\Block\Api\Tab\Rolesedit.php
replace this:
if (array_key_exists(strtolower($item->getResource_id()), $resources) && $item->getPermission() == 'allow') {
with this:
if (array_key_exists(strtolower($item->getResource_id()), $resources) && $item->getApiPermission() == 'allow') {
In my case the issue was the Mod_Security rule "PHP Easter Egg Access" was enabled.
Rule ID: 380800
Once disabled, the api access worked.
An indicator was in the Apache log file:
Jun 19 09:15:52 httpd[1024961]: [error] [client xyz.xyz.xyz.xyz] ModSecurity: [file "/usr/local/apache/conf/modsec/99_asl_jitp.conf"] [line "116"] [id "380800"] [rev "1"] [msg "Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP Easter Egg Access"] [data "phpe9568f35-d428-11d2-a769-00aa001acf42"] [severity "CRITICAL"] Access denied with code 403 (phase 2). Pattern match "php(?:e9568f3[56]-d428-11d2-a769-00aa001acf42|b8b5f2a0-3c92-11d3-a3a9-4c7b08c10000)" at REQUEST_URI. [hostname "www.yoursever.com"]...
Magento version: 1.7.0.2
PHP version: 5.3.26
More information about the PHP Easter Egg Access rule:
http://www.atomicorp.com/forums/viewtopic.php?f=3&t=5057
http://www.0php.com/php_easter_egg.php
For those wanting a quick test script to replicate the issue (useful when trying to convince your hosting provider that it's a problem on their end), use:
<?php
$server = new SoapServer("http://<url to your magento shop>/index.php/api/v2_soap/index/wsdl/1/");
?>
This is the line in /lib/Zend/Soap/Server.php that triggers the error.
In my case if you browsed to:
http://< url to your magento shop >/index.php/api/v2_soap/index/wsdl/1/
the xml was fine, but if you ran the above php script on the server, the error was given.
This error most often appeared for me while omitting www for domain given in Magento SOAP url. Url has to match base url specified in the Magento config.