Apache Lounge

RE: === Please report crashes or other issues or all is fine ===

vbgamer45 — Mon, 20 Apr 2026 03:40:38 GMT

tangent wrote:

Have you picked on the HTTPD stability issue reported over mod_http2, https://www.apachelounge.com/viewtopic.php?t=9487, which may be the cause of your problem?

I do note in your previous post back in December, https://www.apachelounge.com/viewtopic.php?t=9452, your trace shows this module being loaded.

Steffen posted an update over this last month, https://www.apachelounge.com/viewtopic.php?t=9487, together with a download link for a later version of mod_http2.

Since this is a third party module to HTTPD, I'm guessing this later download will be needed until Apache release 2.4.67.

I forgot to mention this is with that mod_http2 update, running on windows 2022
Doesn't happen all the time. But crashes the server once a day or so, its a very busy websites. Running PHP 8.3 64bit nts under FastCGI

I had another different crash today
Faulting application name: httpd.exe, version: 2.4.66.0, time stamp: 0x699c17d8
Faulting module name: libapr-1.dll, ....

Continue this post on Apache Lounge

Topic Replies: 11

RE: === Please report crashes or other issues or all is fine ===

mrdj1024 — Mon, 20 Apr 2026 02:14:17 GMT

tangent wrote:

haven't had any issues since using the new module,win 11 user

Topic Replies: 11

RE: === Please report crashes or other issues or all is fine ===

tangent — Sun, 19 Apr 2026 10:08:31 GMT

RE: Apache with OpenSSL 3.6.1 < 3.6.2 Multiple Vulnerabilitie

admin — Thu, 16 Apr 2026 17:07:32 GMT

Coming week we planned to update all with latest dependencies.

Topic Replies: 3

RE: === Please report crashes or other issues or all is fine ===

vbgamer45 — Thu, 16 Apr 2026 15:44:20 GMT

Current issue I am getting
Faulting application name: httpd.exe, version: 2.4.66.0, time stamp: 0x699c17d8
Faulting module name: libssl-3-x64.dll, version: 3.6.1.0, time stamp: 0x699c14a2
Exception code: 0xc0000005
Fault offset: 0x00000000000a6f39
Faulting process id: 0x235ac
Faulting application start time: 0x01dccc782a223d57
Faulting application path: C:\Program Files\Apache Software Foundation\Apache2.4\bin\httpd.exe
Faulting module path: C:\Program Files\Apache Software Foundation\Apache2.4\bin\libssl-3-x64.dll
Report Id: 512dda9e-fbf1-40af-81a5-01cf75d0e61e
Faulting package full name:
Faulting package-relative application ID:

Topic Replies: 11

RE: Apache with OpenSSL 3.6.1 < 3.6.2 Multiple Vulnerabilitie

kostya — Thu, 16 Apr 2026 13:44:31 GMT

What about Win32? It contains openssl 3.6.0

Topic Replies: 3

RE: htaccess good getting blocked by bad

danielruf — Thu, 16 Apr 2026 07:02:48 GMT

I 100% agree with Stray78.

If there is nothing, no risk is there. It's just the automatic probes of bots and the web is full of bots. This is the daily noise that I always see but besides a 404 doesn't really matter.

Due to the shortage of IPv4 addresses, dynamic IP addresses can be quickly reassigned to real people. I normally just managed some CIDR rules from hosting providers, since these are generally reserved by them in blocks and not so dynamic.

You won't see an Azure / AWS / OVH IP address that often reassigned to a home internet connection of a real person. But blocks should be regularly checked and removed after some time (this is what fail2ban does for you, and that is why I referred to that).

I would not use a database for that, this can quickly lead to DoS due to the way this puts extra work onto your server.

Topic Replies: 5

RE: new VC redist

admin — Thu, 16 Apr 2026 05:15:07 GMT

It is not a Microsoft site. Better to download at the link from the download page here.

Topic Replies: 1

RE: htaccess good getting blocked by bad

jmweb — Thu, 16 Apr 2026 03:57:33 GMT

liderbug wrote:

I'm having a problem. My htaccess says "deny from 1.2.3.4" because that IP tried to hack in. The next day a "good" person's router is assigned that IP and now they're blocked and they get "Forbidden" from Apache and not my htaccess. I have: ErrorDocument 403 [path]/403.php which works and doesn't work. I say works because I can get 14 "deny from [same IP] and if my IP is there I get Forbidden and my 403.php doesn't run. (twisty little passages all alike/diferent)
Thanks

As others have commented, you will never be able to stop spam requests - they will keep coming assigned with dynamic IP addresses.

If you still want to continue your project, I recommend you offload the work performed by your 403.php script and instead assign it to a scheduled job that parses your apache access log file - which should be written in a pre-configured format. This way, you alleviate the server with delayed requests. This also avoids race conditions with your PHP script with concurrent spam requests.

Then you should consider removing blacklisted IP addresses after a certain time interval since the last spam request. The whole point of your project is to temporarily blacklist the IP address a spammer is currently using - not blacklist the IP address indefinitely.

To associate ....

Continue this post on Apache Lounge

Topic Replies: 5

new VC redist

mrdj1024 — Thu, 16 Apr 2026 02:09:47 GMT

hi!
recently posted https://github.com/abbodi1406/vcredist/releases
V104

Topic Replies: 1

RE: htaccess good getting blocked by bad

Stray78 — Thu, 16 Apr 2026 01:37:56 GMT

It's going to happen. Just get rid of the Script "My 403.php scripts".

You should see my logs...

Get mod_security, mod_evasive, mod_qos...

Wordpress crap, if you don't use it, don't worry about it.

Topic Replies: 5

RE: htaccess good getting blocked by bad

liderbug — Wed, 15 Apr 2026 20:51:50 GMT

RE: htaccess good getting blocked by bad

danielruf — Wed, 15 Apr 2026 18:52:08 GMT

I can understand why you want to use some tarpit solution.

But this is the general grey noise of the web, most or all public websites are facing these rather harmless requests.

Keep in mind thyt you are also burning CPU cycles of your server via PHP.

Bots in general close the connection or just send a request but do not keep the connection open or check the response.

You can block whole CIDR blocks of relevant botnets. Or simply use fail2ban with a custom jail, which adds the relevant firewall rules automatically.

https://greg.molnar.io/blog/blocking-bots-with-fail2ban/

Topic Replies: 5

htaccess good getting blocked by bad

liderbug — Wed, 15 Apr 2026 15:06:23 GMT

So my website gets hit 10 to 30 times every day with requests for [mysite]/wp-admin, wp-login, etc. I don't/won't use Wordpress. There are several other words I block: user, passwd, etc. When a trigger word comes in I execute a 403.php script that appends "deny from $ip" to htaccess. One of my pages is in Colorado for use of the people in the area to schedule a volunteer shift on a local project. Last night there were 4 WP attempts from - Poland. My problem is: a local user using a local internet address gets a DHCP address previously used by a BOT in the same IP range (thank you dhcp).

My 403.php scripts ends with:
while ( 1 )
{
echo "\0x16";
usleep (10000);
}

Oh, and while I write this 12 more wp-xxxxx requests have come in. My biggest gripe - the IP belongs to [say] Microsoft. "Not our problem. Take it up with the end user." (OMG we should do anything to not rake in money).

Any improvements anyone can suggest? Thanks

Topic Replies: 5

RE: HOWTO: Building Apache and dependencies using CMake

tangent — Tue, 14 Apr 2026 19:21:45 GMT

Build dependency updates to include latest support package releases:

EXPAT (2.7.5)
NGHTTP2 (1.68.1)
OPENSSL (3.6.2)

Other than release version details, there are no changes to the batch file build logic from before.

Topic Replies: 108

RE: HOWTO: Building extra Apache modules using CMake

tangent — Tue, 14 Apr 2026 19:12:29 GMT

Build dependency updates to include:

MOD_QOS (11.78)
MOD_XSENDFILE (1.0-P1)

Note, a post reporting the script update for MOD_QOS (11.78) last month was omitted in error.

Other than release version details, there are no changes to the batch file build logic from before.

Topic Replies: 3

RE: Available mod_qos :: updated

Erik Wrubel — Tue, 14 Apr 2026 12:27:24 GMT

Oh, I see! Great, I did not know that.

Thanks!

Topic Replies: 24

RE: Available mod_qos :: updated

nono303 — Tue, 14 Apr 2026 04:39:15 GMT

Hi,
Fyi you can find mod_qos 11.78 (r2736 2026-02-16) vs18 x64 build here

Topic Replies: 24

RE: Available mod_qos :: updated

Erik Wrubel — Mon, 13 Apr 2026 15:26:16 GMT

Is there a chance to get a new build of the current version 11.78 of mod_qos? It includes some changes I requested that I would like to test.

Or is there a new build scheduled already anyway?

Thanks!

Topic Replies: 24

RE: HOWTO: Building Apache and dependencies using CMake

tangent — Sat, 11 Apr 2026 16:11:46 GMT

James Blond wrote:

I really like this cmake project. Sometimes it is hard to follow the changes. Would you mind to open a github repo for this? That you be awesome.

Apologies, but I've been away for a couple of weeks; hence the lack of response.

I've thought about your request to create a GitHub repo for this project, but on balance would prefer to keep the script and discussion local to the Apache Lounge.

The differences between releases are generally minor, and mostly reflect changes caused by package updates, along with other code refinements (or corrections). I do endeavour to comment the code.

Topic Replies: 108

RE: !!! We are under a DOS attack !!!!

tangent — Sat, 11 Apr 2026 10:30:33 GMT

I am staggered anyone would attempt a DOS against something as philanthropic as the Apache Lounge site.

There are some bad people in this world.

Topic Replies: 3

RE: !!! We are under a DOS attack !!!!

admin — Sat, 11 Apr 2026 06:46:40 GMT

Better now, see the Apache busyworkers :

https://land10.nl/mrtg/apaches-busyworkers-day.png

Topic Replies: 3

RE: !!! We are under a DOS attack !!!!

mrdj1024 — Fri, 10 Apr 2026 22:56:15 GMT

Hopefully everything will be in order soon!

Topic Replies: 3

!!! We are under a DOS attack !!!!

Steffen — Fri, 10 Apr 2026 19:33:16 GMT

At the moment we are under DOS attach.
Now no or slow response

They use the register URL, so I had disable it.

Topic Replies: 3

RE: Wampserver addons & applications

Otomatic — Wed, 08 Apr 2026 14:47:24 GMT

Hi,

- PHP 8.4.20
https://wampserver.aviatechno.net/files/php/wampserver3_x64_addon_php8.4.20.exe
- PHP 8.5.5
https://wampserver.aviatechno.net/files/php/wampserver3_x64_addon_php8.5.5.exe

Topic Replies: 124

RE: Apache with OpenSSL 3.6.1 < 3.6.2 Multiple Vulnerabilitie

admin — Thu, 02 Apr 2026 11:02:50 GMT

Current Apache contains 3.6.1. Version 3.6.2 is announced, not available yet.
The highest severity issue fixed in this release is Moderate, not high or critical. We release with the next Apache (67).

Topic Replies: 3

Apache with OpenSSL 3.6.1 < 3.6.2 Multiple Vulnerabilitie

carman — Thu, 02 Apr 2026 08:18:04 GMT

I would like to know is there any plan to release a new build of Apache/2.4.66 (Win64) with OpenSSL > 3.6.1 version as this finding shows after performed SRAA. Checked that OpenSSL has released 3.6.1.

Topic Replies: 3

RE: PHP 8.5.3, 8.4.18, 8.3.30, 8.2.30, 8.0-8.1, 7.4-7.0, 5.6-5.3

mrdj1024 — Tue, 31 Mar 2026 23:03:20 GMT

hi,@Jan-E
i have a question,what would the outcome be if i took php 8.5.4's openssl 3.5 version and put that version in place of my other php's openssl dll files? all my php versions used are made by you and both are thread safe versions,what could happen if i used an openssl dll on a build that wasnt compiled with it?

Topic Replies: 395

RE: mod_maxminddb.so?

nono303 — Mon, 30 Mar 2026 12:46:37 GMT

You can also consider https://github.com/maxmind/geoipupdate/ to stay with up-to-date databases

Topic Replies: 4

RE: HOWTO: Building Apache and dependencies using CMake

James Blond — Sun, 29 Mar 2026 16:04:57 GMT

I really like this cmake project. Sometimes it is hard to follow the changes. Would you mind to open a github repo for this? That you be awesome.

Topic Replies: 108