Laughing at the stony face of gloom

(your instinct can’t be wrong)

Archive for May 2008

Server Side Includes on IIS 6.0

leave a comment »

As is often the case, a department comes to us with a piece of software they’ve bought; they smile sweetly and say “by the way, we need this installed and working by the end of the week”…

This time around though, it’s some sort of web-based package. And it needs server side includes… turned on… Not usually a problem with IIS as .asp/.aspx pages will (I’m told, and have a vague recollection of) by default do server side includes without anything special needing to be put in place. That’s nice. However this application uses “proper” server side includes (or “historical, outdated and outmoded” server side includes… depending on your point of view), which means .shtml pages … which, by default IIS has no idea what to do with.

So, what do we need to do to remedy this?

Well, first we need to allow the server side extension.

in the IIS manager
computer name
|- Web Service Extensions

Server Side Includes (highlight then click “Allow”)

If there isn’t a Server Side Extension already there, we can add one. Select “Add a new Web Service Extension” ; the extension name will be : Server Side Includes – the required file is ssinc.dll – this is usually located in c:\windows\system32\inetsrv\ssinc.dll

That should be it… except in this case, it’s not.

These files use a “include virtual” directive rather than an “include file” directive (the installation notes, helpfully say

“If you have problems getting the server side includes to work, simply manually change the virtual to file” … sounds simple … except there are 441 shtml files to manually edit… FUN? Not!

(A quick test shows that their solution will work… but I don’t want to make hundreds of edits; so there must be a way of making the virtual directive work…. it is supported by IIS after all… The virtual directive meaning something along the lines of “a directory that exists relative to the virtual directory” )

So … could I make a simple virtual directory for this site ?

computer says… “no”

– I think the problem is that I need to do a virtual directory for each of the folders… let’s try that with one of the pages…


It looks like, when the include virtual directive is issued, we need to actually have a virtual directory of that name – or something along those lines (I’m guessing here – I’ll do some proper thinking tomorrow on work’s time :) )


Written by Mas

May 20, 2008 at 10:06 pm

Posted in web servers

Tagged with , , ,

Odd apache 404 behaviour

leave a comment »

Oh the legacy systems; just lately we’ve been experiencing a little bit of “what can only be described as” odd behavior. Our Apache server is set up to offer virtual hosts; one of these is a remnant of our yee oldee static site :) For some reason though, the following behavior is being observed.

If you click a link to one of the pages on any site you are thrown to a 404 error page on our primary site.


If you type the url in (or do a “copy link”, “paste (into location bar) and go”) the page loads without issue; subsequent requests – as the page is now cached – resolve fine.

My main suspicion is that some thing’s going a bit askew on the redirect front (see – blame mod_rewrite – just because it is powerful and confusing with it’s regular expressions (but not the sort you hear in bars!))

Detailed setup
We have multiple virtual hosts all being accessed from a primary apache server (say 20 or so); many of these link into our primary http://www.domain (usually with a rewrite/proxy to some location – say http://www.domain/ex/servicename ).

The service that is experiencing the problem was previously known as http://www.some-other-domain (I’ll shorten this ’cause I’m lazy to http://www.sod ) but due to a departmental re-branding is now known as http://www.some-new-domain (and this I’ll shorten to http://www.snd ); however all the content remains the same. Additionally, the http://www.sod and the http://www.snd make use of apache’s ldap authentication to our Active directory service. Additionally, the http://www.sod and the http://www.snd have WebDav publishing enabled (as it saves giving users shell accounts (does anyone other than me call them “shell accounts” still?))

Oh, just as I suspected – we have a couple of lines in our virtualhost file for the http://www.snd site.

RewriteCond %{HTTP_REFERER} /ex/servicename
RewriteRule ^/(.*)?$ http://www.domain/$1 [NC,P,R,L]

Let’s remove these lines and give it a whirl!
Yep – everything seems to work. But these lines were put in place for a reason, weren’t they? (You don’t just go adding things willy-nilly to the old apache configs).

A quick ask around reveals no knowledge.

My suspicions are;
1) the site has been effectively decommissioned – this happens – slowly; but direct access has been allowed to give people access to specific areas that are currently unable to be migrated (online training packages and their ilk)
2) someone fugged up, possibly me.

I do need to do some confirmation – and hunting for reasons (should it be doing this? Has the site been decommissioned ? Why haven’t the content providers been told ? yadda yadda)

Solution – long term
Confirm whether or not the site is decommissioned, or whether there was another reason for the rules being put in place. (Contact point: head of Web Team/head of Customer Services)

Solution – short term
Let’s add in some exclusions to try and say “yeah, keep doing that, but not if it’s _these_ pages”

One of the pages is our antivirus software which we allow to be distributed to staff machines (that avoid our standard network for one reason or another) ; it is accessed by a number of pages – but the important thing is, if a request is made for it on the http://www.snd site, that it passes the request straight to the page.

Currently it’s throwing all content back to the http://www.domain site; so we need to put a rewrite rule in before the existing rule.

Something along the lines of

RewriteRule ^/antivirus(.*)?$ – [L]

ta-da :)
Now we just need to find out why it was put there in the first place.

Written by Mas

May 7, 2008 at 10:00 am

Posted in web servers

Tagged with , , ,

Server talking, talking server talk… reprise… (2)

leave a comment »

Okay – we’ve had a bit of a glitch today; but better late than never… onto meddling with the server. Currently we have tomcat 5 and nothing else running and we seem to have a healthy CPU situation. However, this is a physical box… so what is going to happen when we throw IIS or Apache into the situation? Well, let’s start with apache as I’ve just downloaded that and am raring to do an apache install on a windows production box… I know, I know – not so long ago this would have been frowned upon – but today… well… let’s give it a whirl and see what happens eh?


(installing apache 2.2.8 – using the msi windows installer with openssl)

so – first an install; Like tomcat I’m installing it into the C:\Apache\ folder ; I’m including all the headers and things (to allow other modules to link in – it might be handy – if not – I can always delete them later)

Making it available to all users on port 80 (or just the current user on 8080 – which seems to be already taken – meaning that the tomcat installation has to been shifted onto a different port; in this case 9090 (it doesn’t matter too much about this; ) – moments later – we have an install in place. Brilliant.

Now how to link the apache installation to tomcat ?

There are two methods we currently employ – one being through the mod_jk connectors (as per the IIS install) the other being through apache acting as a proxy. The former is always the preferred; but we’ll see what happens now.

A quick installation check; what do we have?
Okay – in the /modules subdirectory we have 67 modules… do we need all these modules? We might do? Who knows? Well – I would say – as this is going to be a “front facing server install” we’ll see what we need (so that’s the common ones – mod proxy, mod rewrite, mod openss yadda yadda yadda; and a few odds and sods – whatever apache considers “it’s essential core” :) – I’ll have to check… by default, apache’s httpd.conf has the following included

LoadModule actions_module modules/
LoadModule alias_module modules/
LoadModule asis_module modules/
LoadModule auth_basic_module modules/
LoadModule authn_default_module modules/
LoadModule authn_file_module modules/
LoadModule authz_default_module modules/
LoadModule authz_groupfile_module modules/
LoadModule authz_host_module modules/
LoadModule authz_user_module modules/
LoadModule autoindex_module modules/
LoadModule cgi_module modules/
LoadModule dir_module modules/
LoadModule env_module modules/
LoadModule include_module modules/
LoadModule isapi_module modules/
LoadModule log_config_module modules/
LoadModule mime_module modules/
LoadModule negotiation_module modules/
LoadModule setenvif_module modules/

(yeah, I know, I was saying all that in parenthesis; and I know I was being lazy – oh cut and paste – my typing fingers are in your debt!!))

One of the things I dislike about the “default” apache setup, is it’s use of conditionals – “if this, if that, if the other”… I do so prefer to explicitly state “load this module, use this rule” – but that’s me; each to their own :)

Reading through the “Using apache with windows” page there are a few oddities to be aware of, not least that meddling with the httpd.conf file when the service is running could lead to issues (as, due to way apache/windows works, it has a single parent process and a child process, which, on creation re-reads the httpd.conf (without needing a(n apache) server restart)!); Apache can, it seem, load isapi modules (yay! (or nay,yay)) but cannot load filters (“mod_isapi” notes)… hmm… I’d better check how it does the aj13 connector to tomcat… ah… no worries – from the notes on the “ftp/apache/tomcat/tomcat-connectors/jk/binaries/win32/jk-1.2.26/” folder on your selected mirror : is for Apache 2.2, and works with Apache 2.2.4 and later.
Rename to before putting it in your
Apache2.2/modules directory.

phew. I was worried there :)

I’ll continue this thought tomorrow I think – it’s almost 5 already! Where does the time go (and why am I never invited :) ?)

Written by Mas

May 6, 2008 at 3:49 pm

Posted in web servers

Tagged with , ,

Server talking, talking server talk… reprise… (1)

leave a comment »

After getting our Tomcat5 / IIS6 installation up and running, we’ve noticed that we’re having a high CPU utilization; for 90% of the time the tomcat process is hitting %99 CPU usage. This is a bit of an issue as we aren’t planning “single server, single process”… So, we’re now doing some testing – to see

1) if we can replicate the issue

2) if we can make a solution
(proposed solutions so far – use Apache in front – don’t use any web server in front of Tomcat … )

The process:

1) download tomcat, java et al.
2) Install it :)

This time around (it’s hardly been a month) and the java version is now jdk1.6.0_06.

Java is installed to c:\java\jdk1.6.0_6 and C:\Java\jre1.6.0_06\
(no netbeans this time around – I don’t think they’re actually needed for what we want to do)

The Tomcat version is still apache-tomcat-5.5.26 (much slower turn-around?)

Tomcat is installed to C:\Apache\Tomcat_5.5

runtime is set to point to c:\java\jre1.6.0_06

Reading through tomcat notes (that I might have previously missed); Tomcat no-longer needs the full java jdk/sdk ( a mental note to be made, to myself, for future installations)

It looks like there are issues with JNI (Genie?) applications – I wonder if that could be causing some of the problems we’ve been having… -ponders-

Odd; we seem unable to access the server … I wonder if someone’s blocking 8080 on the firewall… ponders… oh well, it’ll wait until next week now

Written by Mas

May 2, 2008 at 3:56 pm

Posted in web servers

Tagged with , ,