[us...@httpd] Apache segmentation fault
Hi all,
I've built Apache/2.2.14 (Unix) in an embedded environment
(openembedded) including SSL and PHP5 modules.
SSL works fine, but PHP5 module after being loaded won't work.
With the mod_php module loaded it is not possible to get any page from
server, also even if the connection is fine (the browser doesn't show
an error message, but an empty page).
On logs I see an error message each time I try to load the page from browser:
[Thu Sep 02 18:23:54 2010] [notice] child pid 2919 exit signal
Segmentation fault (11)
[Thu Sep 02 18:24:01 2010] [notice] child pid 2917 exit signal
Segmentation fault (11)
The following is the result of launching httpd with strace (only at
the moment of SIGSEGV, since the caught of the request from browser):
[pid 2976] wait4(-1, 0xbec3da4c, WNOHANG|WSTOPPED, NULL) = 0
[pid 2976] select(0, NULL, NULL, NULL, {1, 0}
unfinished ...
[pid 2978] ... poll resumed [{fd=4, events=POLLIN}, {fd=3,
events=POLLIN, revents=POLLIN}], 2, 1) = 1
[pid 2978] SYS_285(0x3, 0xbec3d940, 0xbec3d92c, 0xb1860, 0xbec3da34) = 8
[pid 2978] fcntl64(8, F_GETFL) = 0x2 (flags O_RDWR)
[pid 2978] fcntl64(8, F_SETFL, O_RDWR) = 0
[pid 2978] fcntl64(8, F_GETFD) = 0
[pid 2978] fcntl64(8, F_SETFD, FD_CLOEXEC) = 0
[pid 2978] SYS_298(0xf0004, 0x402ff740, 0x1, 0x402ff198, 0x130c68) = 0
[pid 2978] SYS_286(0x8, 0x1f2238, 0x1f2224, 0x1, 0x1f21d8) = 0
[pid 2978] fcntl64(8, F_GETFL) = 0x2 (flags O_RDWR)
[pid 2978] fcntl64(8, F_SETFL, O_RDWR|O_NONBLOCK) = 0
[pid 2978] brk(0x21d000) = 0x21d000
[pid 2978] read(8, GET /index.html HTTP/1.1\r\nHost: ..., 8000) = 387
[pid 2978] gettimeofday({1283449429, 539}, NULL) = 0
[pid 2978] stat64(/usr/share/apache2/htdocs/index.html,
{st_mode=S_IFREG|0644, st_size=44, ...}) = 0
[pid 2978] --- SIGSEGV (Segmentation fault) @ 0 (0) ---
[pid 2978] chdir(/usr) = 0
[pid 2978] rt_sigaction(SIGSEGV, {SIG_DFL}, {SIG_DFL}, 8) = 0
[pid 2978] kill(2978, SIGSEGV) = 0
[pid 2978] sigreturn() = ? (mask now [QUIT ILL TRAP
ABRT PIPE TERM STKFLT CHLD TSTP URG SYS])
[pid 2978] --- SIGSEGV (Segmentation fault) @ 0 (0) ---
Process 2978 detached
[pid 2977] ... SYS_298 resumed ) = 0
[pid 2977] poll( unfinished ...
[pid 2976] ... select resumed ) = ? ERESTARTNOHAND (To be restarted)
[pid 2976] --- SIGCHLD (Child exited) @ 0 (0) ---
[pid 2976] select(0, NULL, NULL, NULL, {0, 498333}) = 0 (Timeout)
[pid 2976] clone(Process 2983 attached
child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD,
child_tidptr=0x400206c8) = 2983
[pid 2976] wait4(-1, [{WIFSIGNALED(s) WTERMSIG(s) == SIGSEGV}],
WNOHANG|WSTOPPED, NULL) = 2978
[pid 2976] gettimeofday({1283449429, 579544}, NULL) = 0
[pid 2976] write(2, [Thu Sep 02 18:43:49 2010] [noti..., 87 unfinished ...
[pid 2983] rt_sigaction(SIGHUP, {0x7e5b4, [],
SA_INTERRUPT|0x400}, {0x7d7c4, [HUP USR1], 0x400 /* SA_???
*/}, 8) = 0
[pid 2983] rt_sigaction(SIGTERM, {0x7e5b4, [],
SA_INTERRUPT|0x400}, {0x7d794, [], 0x400 /* SA_??? */}, 8) = 0
[pid 2983] rt_sigaction(SIGUSR1, {0x7de20, [],
SA_INTERRUPT|0x400}, {0x7d7c4, [HUP USR1], 0x400 /* SA_???
*/}, 8) = 0
[pid 2983] geteuid32() = 0
[pid 2983] setgid32(1) = 0
[pid 2983] open(/proc/sys/kernel/ngroups_max, O_RDONLY) = 8
[pid 2983] read(8, 65536\n, 31) = 6
[pid 2976] ... write resumed ) = 87
[pid 2976] wait4(-1, 0xbec3da4c, WNOHANG|WSTOPPED, NULL) = 0
[pid 2976] select(0, NULL, NULL, NULL, {1, 0} unfinished ...
[pid 2983] close(8)= 0
[pid 2983] open(/etc/group, O_RDONLY|0x8) = 8
[pid 2983] _llseek(8, 0, [0], SEEK_CUR) = 0
[pid 2983] fstat64(8, {st_mode=S_IFREG|0644, st_size=548, ...}) = 0
[pid 2983] mmap2(NULL, 548, PROT_READ, MAP_SHARED, 8, 0) = 0x40022000
[pid 2983] _llseek(8, 548, [548], SEEK_SET) = 0
[pid 2983] fstat64(8, {st_mode=S_IFREG|0644, st_size=548, ...}) = 0
[pid 2983] munmap(0x40022000, 548) = 0
[pid 2983] close(8)= 0
[pid 2983] setgroups32(1, [1]) = 0
[pid 2983] geteuid32() = 0
[pid 2983] setuid32(1) = 0
[pid 2983] gettimeofday({1283449429, 629288}, NULL) = 0
[pid 2983] SYS_298(0xf0004, 0x402ff734, 0x1, 0x402ff198, 0x130c68
unfinished ...
[pid 2976] ... select resumed ) = 0 (Timeout)
[pid 2976] wait4(-1, 0xbec3da4c, WNOHANG|WSTOPPED, NULL) = 0
[pid 2976] select(0, NULL, NULL, NULL, {1, 0}
Does anyone can help me with this?
Thanks in advance.
--
Fabio Mauri
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Re: Custom ErrorDocument
one more information. If I write ErrorDocument 503 messagge it work fine, but If I write ErrorDocument 503 /test.html it don't work. for me this is the problem: filelog_ssl_error_log:[Thu Jul 15 20:58:46 2010] [debug] proxy_util.c(1488): [client 10.173.202.139] proxy: https: found worker https://10.173.100.117:8443/ for https://10.173.100.117:8443/test.htmlhttps://10.173.100.117:8443/prova.html the file test.html is a local file in /var/www/error/test.html Thanks for any suggest. Cheers, Mauri 2010/7/15 Mauri lai...@gmail.com Hi expert, where I can insert the ErrorDocument directive in my ssl.conf virtualhost ? this is my virtualhost directive NameVirtualHost myserver:443 VirtualHost myserver:443 ServerName myserver ProxyRequests off ProxyPass / https://10.173.100.117:8443/ ProxyHTMLURLMap https://10.173.100.117:8443 / Location / ProxyPassReverse https://10.173.100.117:8443/ ProxyHTMLEnable On ProxyHTMLURLMap / / RequestHeaderunset Accept-Encoding /Location ..SSL Directive.. /VirtualHost if I insert this directive: DocumentRoot /var/www/error Directory /var/www/error/ Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all /Directory ErrorDocument 503 /test.html this is the entry in my apache log (wrong): filelog_ssl_error_log:[Thu Jul 15 20:58:46 2010] [debug] mod_proxy_http.c(56): proxy: HTTP: canonicalising URL // 10.173.100.117:8443/test.html http://10.173.100.117:8443/prova.html filelog_ssl_error_log:[Thu Jul 15 20:58:46 2010] [debug] proxy_util.c(1488): [client 10.173.202.139] proxy: https: found worker https://10.173.100.117:8443/ for https://10.173.100.117:8443/test.htmlhttps://10.173.100.117:8443/prova.html filelog_ssl_error_log:[Thu Jul 15 20:58:46 2010] [debug] mod_proxy_http.c(1960): proxy: HTTP: serving URL https://10.173.100.117:8443/test.htmlhttps://10.173.100.117:8443/prova.html I want that if the backend application is down ( https://10.173.100.117:8443/) the proxy send to client the local file /var/www/error/test.html many thanks for any sugget. Cheers, Mauri
[us...@httpd] Custom ErrorDocument
Hi expert, where I can insert the ErrorDocument directive in my ssl.conf virtualhost ? this is my virtualhost directive NameVirtualHost myserver:443 VirtualHost myserver:443 ServerName myserver ProxyRequests off ProxyPass / https://10.173.100.117:8443/ ProxyHTMLURLMap https://10.173.100.117:8443 / Location / ProxyPassReverse https://10.173.100.117:8443/ ProxyHTMLEnable On ProxyHTMLURLMap / / RequestHeaderunset Accept-Encoding /Location ..SSL Directive.. /VirtualHost if I insert this directive: DocumentRoot /var/www/error Directory /var/www/error/ Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all /Directory ErrorDocument 503 /test.html this is the entry in my apache log (wrong): ictservices_ssl_error_log:[Thu Jul 15 20:58:46 2010] [debug] mod_proxy_http.c(56): proxy: HTTP: canonicalising URL // 10.173.100.117:8443/prova.html ictservices_ssl_error_log:[Thu Jul 15 20:58:46 2010] [debug] proxy_util.c(1488): [client 10.173.202.139] proxy: https: found worker https://10.173.100.117:8443/ for https://10.173.100.117:8443/prova.html ictservices_ssl_error_log:[Thu Jul 15 20:58:46 2010] [debug] mod_proxy_http.c(1960): proxy: HTTP: serving URL https://10.173.100.117:8443/prova.html I want that if the backend application is down (https://10.173.100.117:8443/) the proxy send to client the local file /var/www/error/test.html many thanks for any sugget. Cheers, Mauri
Re: [us...@httpd] (104)Connection reset by peer: SSL input filter read failed.
Hi,
can someone help?
many thanks,
Mauri
2010/7/2 Mauri lai...@gmail.com
Hi Igor,
thanks for the response, u have right about the order, i have changed it.
for the ProxyPassreverse this directive is wrong?
Location /
ProxyPassReverse https://itsmtest/
ProxyHTMLEnable On
ProxyHTMLMeta On
ProxyHTMLURLMap / /
RequestHeaderunset Accept-Encoding
/Location
what I can change or do?
many thanks for the support.
Cheers,
Mauri
2010/7/2 Igor Cicimov icici...@gmail.com
Hi,
Using ProxyRequests off means the apache is going to be a reverse proxy
but I can't see your ProxyPassreverse statement. Also the order of the proxy
commands is little bit weird. I wold do it in this way:
ProxyRequests off
ProxyHTMLLogVerbose On
ProxyPreserveHost On
ProxyPass / https://10.10.0.1:8443/
ProxyPassReverse / https://10.10.0.1:8443/
ProxyHTMLURLMap https://itsmtest/ /
Cheers,
Igor
On Fri, Jul 2, 2010 at 12:28 AM, Mauri lai...@gmail.com wrote:
Hi expert,
my application crashes (BMC Remedy) in the same point.
This is my enviroment: Client -- SSL to Apache Prox -- Tomcat on 8996.
In the apache log i'm reading this error:
[Thu Jul 01 16:37:25 2010] [debug] ssl_engine_io.c(1821): OpenSSL: I/O
error, 3237 bytes expected to read on BIO#8a2fdf8 [mem: 8a4d420]
[Thu Jul 01 16:37:25 2010] [info] [client 10.10.0.1] (104)Connection
reset by peer: SSL input filter read failed.
[Thu Jul 01 16:37:25 2010] [error] [client 10.173.202.231]
(104)Connection reset by peer: proxy: error reading status line from remote
server 10.10.0.1, referer:
https://itsmtest/arsys/atrium/AtriumConsole.swf
[Thu Jul 01 16:37:25 2010] [debug] mod_proxy_http.c(1466): [client
10.173.202.231] proxy: NOT Closing connection to client although reading
from backend server 10.10.0.1 failed., referer:
https://itsmtest/arsys/atrium/AtriumConsole.swf
[Thu Jul 01 16:37:25 2010] [error] [client 10.173.202.231] proxy: Error
reading from remote server returned by
/arsys/plugins/AtriumWidget/messagebroker/amfsecure, referer:
https://itsmtest/arsys/atrium/AtriumConsole.swf
[Thu Jul 01 16:37:25 2010] [debug] proxy_util.c(2062): proxy: HTTPS: has
released connection for (10.10.0.1)
What kind of check can I do?
Many thanks for all suggest, as usual
Cheers,
Mauri
this is my server:
[r...@proxy1 httpd]# uname -a
Linux Proxy1 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686
i386 GNU/Linux
[r...@proxy1 httpd]# rpm -qa | grep httpd
httpd-manual-2.2.3-31.el5_4.2
system-config-httpd-1.3.3.3-1.el5
httpd-2.2.3-31.el5_4.2
httpd-devel-2.2.3-31.el5_4.2
this is my ssl.conf configuration:
LoadModule ssl_module modules/mod_ssl.so
LoadFile /usr/lib/libxml2.so
LoadModule proxy_html_module modules/mod_proxy_html.so
LoadModule xml2enc_module modules/mod_xml2enc.so
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl.crl
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
NameVirtualHost itsmtest:443
VirtualHost itsmtest:443
ServerName itsmtest
ErrorLog logs/ictitsm_ssl_error_log_443
TransferLog logs/ictitsm_ssl_access_log_443
LogLevel Debug
ProxyHTMLLogVerbose On
ProxyPreserveHost On
ProxyPass / https://10.10.0.1:8443/
ProxyHTMLURLMap https://itsmtest/ /
ProxyRequests off
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
SetEnv proxy-initial-not-pooled 1
timeout 900
Location /
ProxyPassReverse https://itsmtest/
ProxyHTMLEnable On
ProxyHTMLMeta On
ProxyHTMLURLMap / /
RequestHeaderunset Accept-Encoding
/Location
SSLEngine on
SSLProxyEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/httpd/cert/proxy_coll_new.crt
SSLCertificateKeyFile /etc/httpd/cert/proxy_coll_new.key
SSLCertificateChainFile /etc/httpd/cert/GlobalCA.cer
Files ~ \.(cgi|shtml|phtml|php3?)$
SSLOptions +StdEnvVars
/Files
Directory /var/www/cgi-bin
SSLOptions +StdEnvVars
/Directory
SetEnv proxy-nokeepalive 1
SetEnvIf User-Agent .*MSIE.* \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\ %b
/VirtualHost
Re: [us...@httpd] (104)Connection reset by peer: SSL input filter read failed.
Hi Igor,
thanks for the response, u have right about the order, i have changed it.
for the ProxyPassreverse this directive is wrong?
Location /
ProxyPassReverse https://itsmtest/
ProxyHTMLEnable On
ProxyHTMLMeta On
ProxyHTMLURLMap / /
RequestHeaderunset Accept-Encoding
/Location
what I can change or do?
many thanks for the support.
Cheers,
Mauri
2010/7/2 Igor Cicimov icici...@gmail.com
Hi,
Using ProxyRequests off means the apache is going to be a reverse proxy
but I can't see your ProxyPassreverse statement. Also the order of the proxy
commands is little bit weird. I wold do it in this way:
ProxyRequests off
ProxyHTMLLogVerbose On
ProxyPreserveHost On
ProxyPass / https://10.10.0.1:8443/
ProxyPassReverse / https://10.10.0.1:8443/
ProxyHTMLURLMap https://itsmtest/ /
Cheers,
Igor
On Fri, Jul 2, 2010 at 12:28 AM, Mauri lai...@gmail.com wrote:
Hi expert,
my application crashes (BMC Remedy) in the same point.
This is my enviroment: Client -- SSL to Apache Prox -- Tomcat on 8996.
In the apache log i'm reading this error:
[Thu Jul 01 16:37:25 2010] [debug] ssl_engine_io.c(1821): OpenSSL: I/O
error, 3237 bytes expected to read on BIO#8a2fdf8 [mem: 8a4d420]
[Thu Jul 01 16:37:25 2010] [info] [client 10.10.0.1] (104)Connection reset
by peer: SSL input filter read failed.
[Thu Jul 01 16:37:25 2010] [error] [client 10.173.202.231] (104)Connection
reset by peer: proxy: error reading status line from remote server
10.10.0.1, referer: https://itsmtest/arsys/atrium/AtriumConsole.swf
[Thu Jul 01 16:37:25 2010] [debug] mod_proxy_http.c(1466): [client
10.173.202.231] proxy: NOT Closing connection to client although reading
from backend server 10.10.0.1 failed., referer:
https://itsmtest/arsys/atrium/AtriumConsole.swf
[Thu Jul 01 16:37:25 2010] [error] [client 10.173.202.231] proxy: Error
reading from remote server returned by
/arsys/plugins/AtriumWidget/messagebroker/amfsecure, referer:
https://itsmtest/arsys/atrium/AtriumConsole.swf
[Thu Jul 01 16:37:25 2010] [debug] proxy_util.c(2062): proxy: HTTPS: has
released connection for (10.10.0.1)
What kind of check can I do?
Many thanks for all suggest, as usual
Cheers,
Mauri
this is my server:
[r...@proxy1 httpd]# uname -a
Linux Proxy1 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686
i386 GNU/Linux
[r...@proxy1 httpd]# rpm -qa | grep httpd
httpd-manual-2.2.3-31.el5_4.2
system-config-httpd-1.3.3.3-1.el5
httpd-2.2.3-31.el5_4.2
httpd-devel-2.2.3-31.el5_4.2
this is my ssl.conf configuration:
LoadModule ssl_module modules/mod_ssl.so
LoadFile /usr/lib/libxml2.so
LoadModule proxy_html_module modules/mod_proxy_html.so
LoadModule xml2enc_module modules/mod_xml2enc.so
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl.crl
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
NameVirtualHost itsmtest:443
VirtualHost itsmtest:443
ServerName itsmtest
ErrorLog logs/ictitsm_ssl_error_log_443
TransferLog logs/ictitsm_ssl_access_log_443
LogLevel Debug
ProxyHTMLLogVerbose On
ProxyPreserveHost On
ProxyPass / https://10.10.0.1:8443/
ProxyHTMLURLMap https://itsmtest/ /
ProxyRequests off
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
SetEnv proxy-initial-not-pooled 1
timeout 900
Location /
ProxyPassReverse https://itsmtest/
ProxyHTMLEnable On
ProxyHTMLMeta On
ProxyHTMLURLMap / /
RequestHeaderunset Accept-Encoding
/Location
SSLEngine on
SSLProxyEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/httpd/cert/proxy_coll_new.crt
SSLCertificateKeyFile /etc/httpd/cert/proxy_coll_new.key
SSLCertificateChainFile /etc/httpd/cert/GlobalCA.cer
Files ~ \.(cgi|shtml|phtml|php3?)$
SSLOptions +StdEnvVars
/Files
Directory /var/www/cgi-bin
SSLOptions +StdEnvVars
/Directory
SetEnv proxy-nokeepalive 1
SetEnvIf User-Agent .*MSIE.* \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\ %b
/VirtualHost
[us...@httpd] (104)Connection reset by peer: SSL input filter read failed.
Hi expert,
my application crashes (BMC Remedy) in the same point.
This is my enviroment: Client -- SSL to Apache Prox -- Tomcat on 8996.
In the apache log i'm reading this error:
[Thu Jul 01 16:37:25 2010] [debug] ssl_engine_io.c(1821): OpenSSL: I/O
error, 3237 bytes expected to read on BIO#8a2fdf8 [mem: 8a4d420]
[Thu Jul 01 16:37:25 2010] [info] [client 10.10.0.1] (104)Connection reset
by peer: SSL input filter read failed.
[Thu Jul 01 16:37:25 2010] [error] [client 10.173.202.231] (104)Connection
reset by peer: proxy: error reading status line from remote server
10.10.0.1, referer: https://itsmtest/arsys/atrium/AtriumConsole.swf
[Thu Jul 01 16:37:25 2010] [debug] mod_proxy_http.c(1466): [client
10.173.202.231] proxy: NOT Closing connection to client although reading
from backend server 10.10.0.1 failed., referer:
https://itsmtest/arsys/atrium/AtriumConsole.swf
[Thu Jul 01 16:37:25 2010] [error] [client 10.173.202.231] proxy: Error
reading from remote server returned by
/arsys/plugins/AtriumWidget/messagebroker/amfsecure, referer:
https://itsmtest/arsys/atrium/AtriumConsole.swf
[Thu Jul 01 16:37:25 2010] [debug] proxy_util.c(2062): proxy: HTTPS: has
released connection for (10.10.0.1)
What kind of check can I do?
Many thanks for all suggest, as usual
Cheers,
Mauri
this is my server:
[r...@proxy1 httpd]# uname -a
Linux Proxy1 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686
i386 GNU/Linux
[r...@proxy1 httpd]# rpm -qa | grep httpd
httpd-manual-2.2.3-31.el5_4.2
system-config-httpd-1.3.3.3-1.el5
httpd-2.2.3-31.el5_4.2
httpd-devel-2.2.3-31.el5_4.2
this is my ssl.conf configuration:
LoadModule ssl_module modules/mod_ssl.so
LoadFile /usr/lib/libxml2.so
LoadModule proxy_html_module modules/mod_proxy_html.so
LoadModule xml2enc_module modules/mod_xml2enc.so
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl.crl
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
NameVirtualHost itsmtest:443
VirtualHost itsmtest:443
ServerName itsmtest
ErrorLog logs/ictitsm_ssl_error_log_443
TransferLog logs/ictitsm_ssl_access_log_443
LogLevel Debug
ProxyHTMLLogVerbose On
ProxyPreserveHost On
ProxyPass / https://10.10.0.1:8443/
ProxyHTMLURLMap https://itsmtest/ /
ProxyRequests off
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
SetEnv proxy-initial-not-pooled 1
timeout 900
Location /
ProxyPassReverse https://itsmtest/
ProxyHTMLEnable On
ProxyHTMLMeta On
ProxyHTMLURLMap / /
RequestHeaderunset Accept-Encoding
/Location
SSLEngine on
SSLProxyEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/httpd/cert/proxy_coll_new.crt
SSLCertificateKeyFile /etc/httpd/cert/proxy_coll_new.key
SSLCertificateChainFile /etc/httpd/cert/GlobalCA.cer
Files ~ \.(cgi|shtml|phtml|php3?)$
SSLOptions +StdEnvVars
/Files
Directory /var/www/cgi-bin
SSLOptions +StdEnvVars
/Directory
SetEnv proxy-nokeepalive 1
SetEnvIf User-Agent .*MSIE.* \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\ %b
/VirtualHost
Re: [us...@httpd] apxs: not found
please write: uname -a echo $PATH which apxs Cheers, Mauri 2010/5/5 Sakthi Esakiappan sakthi.esakiap...@mercuryminds.com Hello, Have a try with /usr/local/apache2/bin/apxs -c -I /usr/include/libxml2 -I. -i mod_poxy_html.c and make sure that /usr/local/apache2/bin/apxs has executable permission if not give it by chmod +x /usr/local/apache2/bin/apxs On 5 May 2010 15:15, Tapan Maheshwari tapan...@yahoo.com wrote: Hi, i tried to compile mod_proxy_html.c using apxs with following command # ./apxs -c -I /usr/include/libxml2 -I. -i mod_proxy_html.c it gives following error* ./apxs: not found* i have verified that apxs is available under folder /usr/local/apache2/bin Thanks -- With Regards, Sakthi Esakiappan.M Server Administrator MercuryMinds Technologies Pvt Ltd www.mercuryminds.com An E-Commerce mentor +91 44 45588587 sakthi.esakiap...@mercuryminds.com www.mercuryminds.com Disclaimer: This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you have received this message in error, you are hereby notified that we do not consent to any reading, dissemination, distribution or copying of this message. If you have received this communication in error, please notify the sender immediately and destroy the transmitted information.
Re: [us...@httpd] ReverseProxy for Tomcat (AJP) not working for SSL redirects
Hi Timo.
i don't know ajp protocol, but I have a similar configuration.
this is my configuration that work fine with apache, mod_proxy as frontend
and a tomcat 6 with SSL (8443) as backend.
u don't set the end point (spike/ http://127.0.0.1:8009/spike/) but only
the ProxyPass. I'm using another modules, also.
Please check my configuration. I hope it can help you.
Read this tutorial, it's very usefull:
http://www.apachetutor.org/admin/reverseproxies
Cheers,
Mauri
LoadModule ssl_module modules/mod_ssl.so
LoadFile /usr/lib/libxml2.so
LoadModule proxy_html_module modules/mod_proxy_html.so
LoadModule xml2enc_module modules/mod_xml2enc.so
LoadModule headers_modulemodules/mod_headers.so
AddType application/x-httpd-php .amf
AddType video/x-ms-asf asf asx
AddType audio/x-ms-wma .wma
AddType application/octet-stream .doc .xls .pdf
AddType application/x-shockwave-flash swf
Listen 443
Listen 80
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl.crl
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
NameVirtualHost mydomain.com:443
VirtualHost mydomain.com:443
ServerName mydomain.com
ProxyRequests off
ProxyPass / https://10.173.90.167:8443/
ProxyHTMLURLMap https://10.173.90.167:8443 /
Location /
ProxyPassReverse https://10.173.90.167:8443/
ProxyHTMLEnable On
ProxyHTMLURLMap / /
RequestHeaderunset Accept-Encoding
/Location
SSLEngine on
SSLProxyEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/httpd/cert/certificate.cer
SSLCertificateKeyFile /etc/httpd/cert/certificate.key
SSLCertificateChainFile /etc/httpd/cert/IT_Global_CA.cer
Files ~ \.(cgi|shtml|phtml|php3?)$
SSLOptions +StdEnvVars
/Files
Directory /var/www/cgi-bin
SSLOptions +StdEnvVars
/Directory
SetEnvIf User-Agent .*MSIE.* \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\ %b
/VirtualHost
2010/4/28 Timo Meinen timomei...@googlemail.com
Hi,
I have a problem with our reverse proxy. I asked this question to the
tomcat-users mailinglist, too, but no one could help me and I am
absolutely stuck with this problem. So, I hope some of the httpd
experts here, may have an idea:
Our configuration is a Apache 2.2 web server, acting as a reverse
proxy for Tomcat 6. This is the configuration:
ServerName it.localhost.de
ProxyPass / ajp://127.0.0.1:8009/spike/
ProxyPassReverse/ ajp://127.0.0.1:8009/spike/
ProxyPassReverseCookiePath /spike /
(This is the configuration in the VirtualHost entry for port 80. There
is a second VHost for SSL with SSLProxyEngine On and SSLEngine On).
As you can see, the webapp is hosted under ContextPath /spike but
available through the proxy via /. Everything works fine, until the
webapp sends an redirect to HTTPS. This is done via SpringSecurity.
The problem is, that the ProxyPassReverse directive doesn't catch the
ContextPath and converts it, if it includes the complete address.
These are the logs from the web browser:
GET http://it.localhost.de/users/65 = 302 =
https://it.localhost.de/spike/users/65
1) Why does the ProxyPassReverse doesn't convert the /spike back to /
in https://it.localhost.de/spike/users/65? Is it because the Header
isn't relative? The protocol is still AJP and so the Proxy should know
how to convert it, right?
1a) If so, how could the webapp switch from http to https and vice
versa, when not able to send the absolute address with a new protocol?
After this, I tried to set additional ProxyPassReverse directives:
ProxyPassReverse/https://it.localhost.de/spike/
ProxyPassReverse/http://it.localhost.de/spike/
This time, the /spike/ is converted to /, but the two directives leads
to an infintive loop of redirects to
http://it.localhost.de/REQUEST-URI.
2) How can I stop this loop? or better
3) How can I configure the ProxyPassReverse correctly?
Thank you very much for any help
Timo
Here are the debug information from httpd:
[Tue Apr 27 16:54:39 2010] [debug] mod_proxy_ajp.c(239): proxy:
APR_BUCKET_IS_EOS
[Tue Apr 27 16:54:39 2010] [debug] mod_proxy_ajp.c(244): proxy: data
to read (max 8186 at 4)
[Tue Apr 27 16:54:39 2010] [debug] mod_proxy_ajp.c(259): proxy: got 0
bytes of data
[Tue Apr 27 16:54:39 2010] [debug] ajp_header.c(652): ajp_read_header:
ajp_ilink_received 04
[Tue Apr 27 16:54:39 2010] [debug] ajp_header.c(662): ajp_parse_type: got
04
[Tue Apr 27 16:54:39 2010] [debug] ajp_header.c(491):
ajp_unmarshal_response: status = 302
[Tue Apr 27 16:54:39 2010] [debug] ajp_header.c(502):
ajp_unmarshal_response: Number of headers is = 2
[Tue Apr
Re: [us...@httpd] Re: ProxyPreserveHost On
someone can help me? many thanks as usual. for recap this is my problem: When I digit https://mysite.com it becomes http://mysite.com because I think that the proxypass is http. It's wrong, I want that the URL will be https://mysite.com but I can use the ProxyPreserveHost (one backend application need to this set). this is my ssl.conf: NameVirtualHost mysite.com:443 VirtualHost mysite.com:443 ProxyPreserveHost On ProxyRequests off ProxyPass / http://10.19.72.100:8080/ ProxyHTMLURLMap http://10.19.72.100:8080 / Location / ProxyPassReverse http://10.19.72.100:8080/ ProxyHTMLEnable On ProxyHTMLURLMap / / RequestHeaderunset Accept-Encoding /Location [SSL directive...] 2010/4/23 Mauri lai...@gmail.com it's in ssl.conf, just # cat /etc/httpd/conf.d/ssl.conf [...] ProxyPreserveHost On ProxyRequests off ProxyPass / http://10.19.72.100:8080/ ProxyHTMLURLMap http://10.19.72.100:8080 / Location / ProxyPassReverse http://10.19.72.100:8080/ ProxyHTMLEnable On ProxyHTMLURLMap / / RequestHeaderunset Accept-Encoding /Location [...] but It don't work in my httpd-2.2.3-31. The error is below in my previous mail. Cheers, Mauri 2010/4/23 GB GB gbcy...@gmail.com I had the exact same problem Instead of putting those lines in httpd.conf, try putting them in ssl.conf I am running version 2.0.54, and ssl.conf directives worked for me. regards, On Fri, Apr 23, 2010 at 9:51 AM, Mauri lai...@gmail.com wrote: Someone can help me? cheers, Mauri 2010/4/22 Mauri lai...@gmail.com Hi experts, this is my scenario: https://miosito.com -- mod_proxy -- http://10.19.72.100:8080/ (tomcat) httpd conf: NameVirtualHost mysite.com:443 VirtualHost mysite.com:443 ProxyPreserveHost On ProxyRequests off ProxyPass / http://10.19.72.100:8080/ ProxyHTMLURLMap http://10.19.72.100:8080 / Location / ProxyPassReverse http://10.19.72.100:8080/ ProxyHTMLEnable On ProxyHTMLURLMap / / RequestHeaderunset Accept-Encoding /Location [SSL directive...] When I digit https://mysite.com it becomes http://mysite.com because I think that hte proxypass is http... It's wrong, I want that the URL will be https://mysite.com but I can use the ProxyPreserveHost (one backend application need to this set). any idea? many thanks, as usual. Cheers, Mauri - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Re: ProxyPreserveHost On
One more bit. Why I don't get a secure connection on the browser? I type https://mysite.com and get redirected to http://mysite.com In my scenario, for the backend application, I have to use in the ssl.conf the set ProxyPreserveHost On NameVirtualHost mysite.com:443 VirtualHost mysite.com:443 ServerName mysite.com ProxyPreserveHost On ProxyRequests off ProxyPass / http://10.19.72.127:8080/ ProxyHTMLURLMap http://10.19.72.127:8080 / Location / ProxyPassReverse http://10.19.72.127:8080/ ProxyHTMLEnable On ProxyHTMLURLMap / / RequestHeaderunset Accept-Encoding /Location Many thanks for any suggest. Cheers, Mauri 2010/4/22 Mauri lai...@gmail.com Hi experts, this is my scenario: https://miosito.com -- mod_proxy -- http://10.19.72.100:8080/ (tomcat) httpd conf: NameVirtualHost mysite.com:443 VirtualHost mysite.com:443 ProxyPreserveHost On ProxyRequests off ProxyPass / http://10.19.72.100:8080/ ProxyHTMLURLMap http://10.19.72.100:8080 / Location / ProxyPassReverse http://10.19.72.100:8080/ ProxyHTMLEnable On ProxyHTMLURLMap / / RequestHeaderunset Accept-Encoding /Location [SSL directive...] When I digit https://mysite.com it becomes http://mysite.com because I think that hte proxypass is http... It's wrong, I want that the URL will be https://mysite.com but I can use the ProxyPreserveHost (one backend application need to this set). any idea? many thanks, as usual. Cheers, Mauri
Re: [us...@httpd] Re: ProxyPreserveHost On
Thanks tom for the reply.
about your request. This is the first call... others log is in
http://mysite.com/bla/bla/bla
I want that only http header will be https://mysite.com/bla/bla/bla and not
http://mysite.com/bla/bla/bla
many thanks.
Cheers,
Mauri
--
https://mysite.com/arsys/
GET /arsys/ HTTP/1.1
Host: mysite.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; it; rv:1.9.2) Gecko/20100115
Firefox/3.6
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: it-it,it;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: IP-Restriction-GUID=84e039146ac96dec:-54437c22:1283941439a:-7fd1
HTTP/1.1 302 Moved Temporarily
Date: Mon, 26 Apr 2010 14:02:09 GMT
Server: Apache-Coyote/1.1
Location: http://mysite.com/arsys/shared/login.jsp?/arsys/
Content-Length: 0
Set-Cookie: JSESSIONID=B1A3E37C4BA0882B288AB46596E18BA4; Path=/arsys
Set-Cookie: q=; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: LB-COOKIE=rd30o0a134864o8080; path=/
Connection: close
Content-Type: text/plain; charset=UTF-8
--
2010/4/26 Tom Evans tevans...@googlemail.com
On Mon, Apr 26, 2010 at 2:11 PM, Mauri lai...@gmail.com wrote:
One more bit.
Really? Sure it's not just the same things being repeated over and
over again, without any testing or actual explanation of the problem?
Why I don't get a secure connection on the browser? I type
https://mysite.com and get redirected to http://mysite.com
Because your proxied application tells it to do so. The only apache
directive that affects redirects from proxies is the ProxyPassReverse
directive. Basically it says 'if you see a redirect like
'${A}/blah/blah/', change it to ${B}/blah/blah/'.
Your ProxyPassReverse says to replace http://10.19.72.127:8080/ with
https://mysite.com/ .
If you think that apache is somehow doing this redirect, please show
some evidence, eg browser header logs from livehttpheaders, or a
complete tcpdump on the proxy showing http traffic from the client to
the proxy, from the proxy to the backend, from the backend back to the
proxy and from the proxy back to the client.
Tom
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Re: ProxyPreserveHost On
Many thanks to Jonas and Tom for the suggest and support. Now I've understood the problem. I have just used the ProxyPassReverse but in this scenario it was different. The location that proxy traps was http://mysite.com and not http://10.19.72.127:8080/. This behavior was caused by the use of ProxyPreserveHost On, I think... Many thanks to all. Cheers, Mauri 2010/4/26 Tom Evans tevans...@googlemail.com On Mon, Apr 26, 2010 at 3:15 PM, Mauri lai...@gmail.com wrote: Thanks tom for the reply. about your request. This is the first call... others log is in http://mysite.com/bla/bla/bla I want that only http header will be https://mysite.com/bla/bla/bla and not http://mysite.com/bla/bla/bla many thanks. Cheers, Mauri -- https://mysite.com/arsys/ GET /arsys/ HTTP/1.1 Host: mysite.com User-Agent: Mozilla/5.0 (X11; U; Linux i686; it; rv:1.9.2) Gecko/20100115 Firefox/3.6 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: it-it,it;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Cookie: IP-Restriction-GUID=84e039146ac96dec:-54437c22:1283941439a:-7fd1 HTTP/1.1 302 Moved Temporarily Date: Mon, 26 Apr 2010 14:02:09 GMT Server: Apache-Coyote/1.1 Location: http://mysite.com/arsys/shared/login.jsp?/arsys/ ^^ Apache did not generate that redirect, your backend application did. Nothing apache can do about your backend being daft. Get your backend to generate relative urls, or to use the incoming host header to generate absolute urls, or get it to generate absolute using the same name you address it by in the config. I'll explain again what ProxyPassReverse does, with this configuration Location / ProxyPass http://10.19.72.127:8080/ ProxyPassReverse http://10.19.72.127:8080/ /Location Your backend generates a 302 response, with a header Location: http://10.19.72.127:8080/foo/bar/ The proxy sees this and replaces the proxied URL (http://10.19.72.127:8080/) with the location specified in apache (/). Location: /foo/bar/ It then generates a canonical URL with the requested host name / server name (depending on the value of UseCanonicalName), which is what the client sees: Location: https://mysite.com/foo/bar/ Your backend is generating this header: Location: http://mysite.com/arsys/shared/login.jsp?/arsys/ This doesn't match the ProxyPassReverse, so doesn't get rewritten. I can't be any clearer than this. I hope this helps you. Tom - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Re: ProxyPreserveHost On
Someone can help me? cheers, Mauri 2010/4/22 Mauri lai...@gmail.com Hi experts, this is my scenario: https://miosito.com -- mod_proxy -- http://10.19.72.100:8080/ (tomcat) httpd conf: NameVirtualHost mysite.com:443 VirtualHost mysite.com:443 ProxyPreserveHost On ProxyRequests off ProxyPass / http://10.19.72.100:8080/ ProxyHTMLURLMap http://10.19.72.100:8080 / Location / ProxyPassReverse http://10.19.72.100:8080/ ProxyHTMLEnable On ProxyHTMLURLMap / / RequestHeaderunset Accept-Encoding /Location [SSL directive...] When I digit https://mysite.com it becomes http://mysite.com because I think that hte proxypass is http... It's wrong, I want that the URL will be https://mysite.com but I can use the ProxyPreserveHost (one backend application need to this set). any idea? many thanks, as usual. Cheers, Mauri
Re: [us...@httpd] Apache module that enables ActiveX
many thanks jonas for your suggest. This is a part of my conf. Is it correct? [...] KeepAlive On ProxyRequests off ProxyPass / http://10.173.90.171/ ProxyHTMLURLMap http://10.173.90.171 / Location / ProxyPassReverse http://10.173.90.171/ ProxyHTMLEnable On ProxyHTMLURLMap / / RequestHeaderunset Accept-Encoding SetEnv proxy-nokeepalive 1 /Location 2010/4/22 Jonas Eckerman jonas_li...@frukt.org On 2010-04-22 16:56, Mauri wrote: [quote]Do you want the connection between the proxy and the server to be kept alive rather than closed after each reqest?[quote] yes. just this? KeepAlive Off in the VirtualHost *:443 No. That turns off keepalive between the browser and the proxy. In order to turn on keepalive between the proxy and the server, use the keepalive parameter to the proxypass command. In order to allow keepalive between the browser and the proxy, set KeepAlive On, not Off, for the host. See Docs at: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass http://httpd.apache.org/docs/2.2/mod/core.html#keepalive Regards /Jonas -- Jonas Eckerman Fruktträdet Förbundet Sveriges Dövblinda http://www.fsdb.org/ http://www.frukt.org/ http://whatever.frukt.org/ - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Re: ProxyPreserveHost On
it's in ssl.conf, just # cat /etc/httpd/conf.d/ssl.conf [...] ProxyPreserveHost On ProxyRequests off ProxyPass / http://10.19.72.100:8080/ ProxyHTMLURLMap http://10.19.72.100:8080 / Location / ProxyPassReverse http://10.19.72.100:8080/ ProxyHTMLEnable On ProxyHTMLURLMap / / RequestHeaderunset Accept-Encoding /Location [...] but It don't work in my httpd-2.2.3-31. The error is below in my previous mail. Cheers, Mauri 2010/4/23 GB GB gbcy...@gmail.com I had the exact same problem Instead of putting those lines in httpd.conf, try putting them in ssl.conf I am running version 2.0.54, and ssl.conf directives worked for me. regards, On Fri, Apr 23, 2010 at 9:51 AM, Mauri lai...@gmail.com wrote: Someone can help me? cheers, Mauri 2010/4/22 Mauri lai...@gmail.com Hi experts, this is my scenario: https://miosito.com -- mod_proxy -- http://10.19.72.100:8080/ (tomcat) httpd conf: NameVirtualHost mysite.com:443 VirtualHost mysite.com:443 ProxyPreserveHost On ProxyRequests off ProxyPass / http://10.19.72.100:8080/ ProxyHTMLURLMap http://10.19.72.100:8080 / Location / ProxyPassReverse http://10.19.72.100:8080/ ProxyHTMLEnable On ProxyHTMLURLMap / / RequestHeaderunset Accept-Encoding /Location [SSL directive...] When I digit https://mysite.com it becomes http://mysite.com because I think that hte proxypass is http... It's wrong, I want that the URL will be https://mysite.com but I can use the ProxyPreserveHost (one backend application need to this set). any idea? many thanks, as usual. Cheers, Mauri - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] KeepAlive settings for reverse proxy (was: Apache module that enables ActiveX)
Jonas, many thanks for your efforts to help me. Honestly I did not understand what's the problem. The anomaly I noticed is that: Scenario A: client -- webserver application The ActiveX (TeeChart) works. Sessions between client and WAS 2 are always fixed (seeing the program TCPView on Windows) Scenario B: client -- proxy -- webserver application ActiveX (TeeChart) does not work. Sessions are many more as explained in previous mail. What I want is a test for setting the proxy between the client - proxy - application only persistent sessions. To do this I made these settings are correct? ProxyPreserveHost On MaxKeepAliveRequests 0 KeepAliveTimeout 60 KeepAlive On ProxyRequests off ProxyPass / http://10.173.90.171/ ProxyHTMLURLMap http://10.173.90.171 / ProxyPassReverse http://10.173.90.171/ keepalive=On ProxyHTMLEnable On ProxyHTMLURLMap / / RequestHeaderunset Accept-Encoding 2010/4/23 Jonas Eckerman jonas_li...@frukt.org On 2010-04-23 16:00, Mauri wrote: many thanks jonas for your suggest. This is a part of my conf. Is it correct? I'm not clear on exactly what you want, so I'm guessing that you wan't keepalive *on* both from browser to proxy and from proxy to server. I'm also suspecting that you might have problems with connections between proxy and server dropping out. If this is not what you want, please correct my mistakes. And I still have no idea why you think this has anything to do with ActiveX. [...] KeepAlive On That allows keepalive for the connections from browser to proxy. My guess is that this is what you want. ProxyPassReverse http://10.173.90.171/ If you have problems with connections between proxy and server dropping out, you could try using changing this to: ProxyPassReverse http://10.173.90.171/ keepalive=On SetEnv proxy-nokeepalive 1 That turns of keepalive *off* for conections from proxy to server. My *guess* is that this is not what you want. If you have problems with keeping connections alive between proxy and server and the keepalive parameter to the proxypass directive didn't help, this might help though. /Jonas -- Jonas Eckerman Fruktträdet Förbundet Sveriges Dövblinda http://www.fsdb.org/ http://www.frukt.org/ http://whatever.frukt.org/ - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] ProxyPreserveHost On
Hi experts, this is my scenario: https://miosito.com -- mod_proxy -- http://10.19.72.100:8080/ (tomcat) httpd conf: NameVirtualHost mysite.com:443 VirtualHost mysite.com:443 ProxyPreserveHost On ProxyRequests off ProxyPass / http://10.19.72.100:8080/ ProxyHTMLURLMap http://10.19.72.100:8080 / Location / ProxyPassReverse http://10.19.72.100:8080/ ProxyHTMLEnable On ProxyHTMLURLMap / / RequestHeaderunset Accept-Encoding /Location [SSL directive...] When I digit https://mysite.com it becomes http://mysite.com because I think that hte proxypass is http... It's wrong, I want that the URL will be https://mysite.com but I can use the ProxyPreserveHost (one backend application need to this set). any idea? many thanks, as usual. Cheers, Mauri
Re: [us...@httpd] Reverse Proxy https to http
Hi GB.
I have a similar solution.
Client -- https://mysite.com -- proxy -- http://backend.
the url in the client broswer is https://mysite.com.
this is my /etc/httpd/conf.d/ssl.conf:
LoadModule ssl_module modules/mod_ssl.so
LoadFile /usr/lib/libxml2.so
LoadModule proxy_html_module modules/mod_proxy_html.so
LoadModule xml2enc_module modules/mod_xml2enc.so
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl.crl
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
NameVirtualHost mysite.com:443
VirtualHost mysite.com:443
ServerName mysite.com
ProxyRequests off
ProxyPass / https://10.173.90.167:8443/
ProxyHTMLURLMap https://10.173.90.167:8443 /
Location /
ProxyPassReverse https://10.173.90.167:8443/
ProxyHTMLEnable On
ProxyHTMLURLMap / /
RequestHeaderunset Accept-Encoding
/Location
SSLEngine on
SSLProxyEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/httpd/cert/IT_Global_Alternative.cer
SSLCertificateKeyFile /etc/httpd/cert/IT_Global_Alternative.key
SSLCertificateChainFile /etc/httpd/cert/IT_Global_CA.cer
Files ~ \.(cgi|shtml|phtml|php3?)$
SSLOptions +StdEnvVars
/Files
Directory /var/www/cgi-bin
SSLOptions +StdEnvVars
/Directory
SetEnvIf User-Agent .*MSIE.* \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\ %b
/VirtualHost
2010/4/22 GB GB gbcy...@gmail.com
Basically what goes on when the user types in https://mydomain.com/lsw
he gets an authentification page from the backend application. Once he
enters his credentials, I notice a POST in the apache logs.
This is what the user types in:
https://mydomain.com/lsw/clientele/gen/authentification.jsp
he enters his credentials, then a POST appears in the log :
POST /lsw/clientele/gen/authentification.jsp HTTP/1.1 302
and in the browser I get the following: The connection has timed out
http://backend2.ca/lsw/clientele/ses/pagePersonnelle.jsp?Mouftah=VXV744A9SVZMU9P
the above link doesn't work because its http rather than https!!
If I add the s manually
https://backend2.ca/lsw/clientele/ses/pagePersonnelle.jsp?Mouftah=VXV744A9SVZMU9P
then it works.
1)So how can I force the protocole to remain https once the client
does a POST.
2)I have noticed in many examples that people use PreserveHost on, in
my case, if activate
PreserveHost on then I cant even get the first page to work:
Thx in advance
On Wed, Apr 21, 2010 at 4:56 AM, Krist van Besien
krist.vanbes...@gmail.com wrote:
On Tue, Apr 20, 2010 at 6:41 PM, GB GB gbcy...@gmail.com wrote:
#this for some reason becomes http from client perspective
#PreserveHost on does not work with lsw, so I disabled it
RewriteRule ^/lsw(.*)$http://backend2.ca:8082/lsw$1
[NC,P,L]
ProxyPassReverse /lsw http://backend2.ca:8082/lsw
Redirect permanent /lsw https://mydomain.com/lsw
First of all: Remove the Redirect Permanent. It's not needed (as
this virtualhost only gets https requests anyway) and confuses. If you
want to make sure that people who accidentaly land on the http site
get redirected to https you need to put a redirect in the http virtual
host.
Secondly: Look at what your backend produces. It is very well possible
that it passes html pages back to the client that contain http://
style URLs. RewriteRule only operates on request URLs,
ProxyPassReverse only on redirects passed back. The content passed
back by the backend is not modified.
HTH,
Krist
--
krist.vanbes...@gmail.com
kr...@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?
-
The official User-To-User support forum of the Apache HTTP Server
Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Apache module that enables ActiveX
Eric, I'm very sorry for the new thread but I'm no able to reply to original thread. As per the previous mail, I have this error, always! (by 2 days): Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 552 552 spam score (6.1) exceeded threshold (state 18). What can i do? :( About my problem. Scenario A image: persistent.png client I.E. - web server IIS (80) when I login to web server , I'm reading 2 stable TCP connection in connection. All requests from my i.e. to web server go through this 2 sessions. I don't see any other connection Scenario B image: persistent2.png client I.E. - apache mod_proxy (80) - web server IIS (80) when I login to web server , I'm reading 2 stable TCP connection in connection. All the request from my i.e. to web server close one session and generate a new session. Can I set the proxy as per Scenario A ? Many thanks for any suggest, and sorry for this thread. Mauri
Re: [us...@httpd] Reverse Proxy https to http
u can investigate on the version. I have this: httpd-2.2.3-31
Please see at ssl.conf top:
LoadModule ssl_module modules/mod_ssl.so
LoadFile /usr/lib/libxml2.so
LoadModule proxy_html_module modules/mod_proxy_html.so
LoadModule xml2enc_module modules/mod_xml2enc.so
have u load this module?
2010/4/22 GB GB gbcy...@gmail.com
The version I am using is
Server version: Apache/2.0.54
Server built: Sep 23 2005 15:28:48
ProxyHTMLURLMap doesn't work with what I am using.
On Thu, Apr 22, 2010 at 8:32 AM, Mauri lai...@gmail.com wrote:
Hi GB.
I have a similar solution.
Client -- https://mysite.com -- proxy -- http://backend.
the url in the client broswer is https://mysite.com.
this is my /etc/httpd/conf.d/ssl.conf:
LoadModule ssl_module modules/mod_ssl.so
LoadFile /usr/lib/libxml2.so
LoadModule proxy_html_module modules/mod_proxy_html.so
LoadModule xml2enc_module modules/mod_xml2enc.so
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl.crl
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
NameVirtualHost mysite.com:443
VirtualHost mysite.com:443
ServerName mysite.com
ProxyRequests off
ProxyPass / https://10.173.90.167:8443/
ProxyHTMLURLMap https://10.173.90.167:8443 /
Location /
ProxyPassReverse https://10.173.90.167:8443/
ProxyHTMLEnable On
ProxyHTMLURLMap / /
RequestHeaderunset Accept-Encoding
/Location
SSLEngine on
SSLProxyEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/httpd/cert/IT_Global_Alternative.cer
SSLCertificateKeyFile /etc/httpd/cert/IT_Global_Alternative.key
SSLCertificateChainFile /etc/httpd/cert/IT_Global_CA.cer
Files ~ \.(cgi|shtml|phtml|php3?)$
SSLOptions +StdEnvVars
/Files
Directory /var/www/cgi-bin
SSLOptions +StdEnvVars
/Directory
SetEnvIf User-Agent .*MSIE.* \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\ %b
/VirtualHost
2010/4/22 GB GB gbcy...@gmail.com
Basically what goes on when the user types in https://mydomain.com/lsw
he gets an authentification page from the backend application. Once he
enters his credentials, I notice a POST in the apache logs.
This is what the user types in:
https://mydomain.com/lsw/clientele/gen/authentification.jsp
he enters his credentials, then a POST appears in the log :
POST /lsw/clientele/gen/authentification.jsp HTTP/1.1 302
and in the browser I get the following: The connection has timed out
http://backend2.ca/lsw/clientele/ses/pagePersonnelle.jsp?Mouftah=VXV744A9SVZMU9P
the above link doesn't work because its http rather than https!!
If I add the s manually
https://backend2.ca/lsw/clientele/ses/pagePersonnelle.jsp?Mouftah=VXV744A9SVZMU9P
then it works.
1)So how can I force the protocole to remain https once the client
does a POST.
2)I have noticed in many examples that people use PreserveHost on, in
my case, if activate
PreserveHost on then I cant even get the first page to work:
Thx in advance
On Wed, Apr 21, 2010 at 4:56 AM, Krist van Besien
krist.vanbes...@gmail.com wrote:
On Tue, Apr 20, 2010 at 6:41 PM, GB GB gbcy...@gmail.com wrote:
#this for some reason becomes http from client perspective
#PreserveHost on does not work with lsw, so I disabled it
RewriteRule ^/lsw(.*)$http://backend2.ca:8082/lsw$1
[NC,P,L]
ProxyPassReverse /lsw http://backend2.ca:8082/lsw
Redirect permanent /lsw https://mydomain.com/lsw
First of all: Remove the Redirect Permanent. It's not needed (as
this virtualhost only gets https requests anyway) and confuses. If you
want to make sure that people who accidentaly land on the http site
get redirected to https you need to put a redirect in the http virtual
host.
Secondly: Look at what your backend produces. It is very well possible
that it passes html pages back to the client that contain http://
style URLs. RewriteRule only operates on request URLs,
ProxyPassReverse only on redirects passed back. The content passed
back by the backend is not modified.
HTH,
Krist
--
krist.vanbes...@gmail.com
kr...@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions
Re: [us...@httpd] Apache module that enables ActiveX
[quote]Do you want the connection between the proxy and the server to be kept alive rather than closed after each reqest?[quote] yes. just this? KeepAlive Off in the VirtualHost *:443 thanks for the suggest. cheers, Mauri 2010/4/22 Jonas Eckerman jonas_li...@frukt.org On 2010-04-21 15:28, Mauri wrote: a question about my previous problem. What previous problem? And what on earth does this have to do with enabling ActiveX? Scenario A) All request from my i.e. to web server go troughput this 2 sessions. I don't see any other connection. Scenario B) All the request from my i.e. to web server close one session and generate a new session. Can I set the proxy as per Scenario A ? Do you want the connection between the proxy and the server to be kept alive rather than closed after each reqest? If so, chek out the keepalive parameter to the ProxyPass config verb. Regards /Jonas -- Jonas Eckerman Fruktträdet Förbundet Sveriges Dövblinda http://www.fsdb.org/ http://www.frukt.org/ http://whatever.frukt.org/ - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Apache module that enables ActiveX
Hi experts, a question about my previous problem. Scenario A) client I.E. - web server IIS (80) when I login to web server , i'm reading 2 stable TCP connection in connection. All request from my i.e. to web server go troughput this 2 sessions. I don't see any other connection. Scenario B) client I.E. - apache mod_proxy (80) - web server IIS (80) when I login to web server , i'm reading 2 stable TCP connection in connection. All the request from my i.e. to web server close one session and generate a new session. Can I set the proxy as per Scenario A ? Many thanks, Mauri apache mod_proxy system: # uname -a Linux SRV01 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686 i386 GNU/Linux # rpm -qa | grep http httpd-manual-2.2.3-31.el5_4.2 system-config-httpd-1.3.3.3-1. el5 jakarta-commons-httpclient-3.0-7jpp.1 httpd-2.2.3-31.el5_4.2 httpd-devel-2.2.3-31.el5_4.2 # rpm -qa | grep ssl openssl-devel-0.9.8e-7.el5 mod_ssl-2.2.3-31.el5_4.2 docbook-style-dsssl-1.79-4.1 openssl-0.9.8e-7.el
Re: [us...@httpd] Re: Apache module that enables ActiveX
Hi expert. I'm sorry for the reply but I'm working for some days with no solution :( I have this scenario: SCENARIO 1) client i.e.7 -- proxy with SSL -- web server in http (I tried https, also) wireshark output (plain text) in attach: file with_proxy.txt I have apache-2.2.3, mod_proxy and mod_ssl. Below all details. SCENARIO 2) client i.e.7 -- web server in http (I tried https, also) wireshark output (plain text) in attach: file without_proxy.txt In Scenario 2 my browser is running properly the ACTIVEX. In the file in attach named GET /reports/TeeFromWeb.asp?teefile=2010420112359_2_teeFile HTTP/1.1 it working fine. In Scenario 1 the browser don't running properly the activex. If you see the attach the only difference id correlated to this GET: HTTP/1.1 200 OK (GIF89a) . I suppose that the client interprets the file as per an image (GIF). I don't undestand the reason. Anyone can help me? thanks for any suggest. Cheers, Mauri # uname -a Linux SRV01 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686 i386 GNU/Linux # rpm -qa | grep http httpd-manual-2.2.3-31.el5_4.2 system-config-httpd-1.3.3.3-1.el5 jakarta-commons-httpclient-3.0-7jpp.1 httpd-2.2.3-31.el5_4.2 httpd-devel-2.2.3-31.el5_4.2 # rpm -qa | grep ssl openssl-devel-0.9.8e-7.el5 mod_ssl-2.2.3-31.el5_4.2 docbook-style-dsssl-1.79-4.1 openssl-0.9.8e-7.el 2010/4/16 Tom Evans tevans...@googlemail.com On Fri, Apr 16, 2010 at 11:43 AM, Mauri lai...@gmail.com wrote: in this moment I don't use any others modules. I use mod_proxy and mod_ssl, only. Then you mean that the apache mod_proxy don't blocks any activex request? I don't have any problems in this request: client -- SERVERA mod_proxy (ex.192.168.0.10) over HTTPS -- SERVERB web server with activex (ex. 192.168.0.11) over HTTP If I try to connect to SERVERB the browser read the activex, if I try to connect to SERVERA the browser don't read the activex from the SERVERB. I'll find the problem on SERVERB? many thanks for your suggest. Cheers, Mauri So when you go direct to server b it works, and when you go via server a it doesn't work? Doesn't sound like anything to do with mod_proxy, sounds more like the browser refusing to run activex from a different security context. Is the HTML the same? Do either of the servers report any errors in error_log? Does the browser? Have you tried different browsers? Tom - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org Hypertext Transfer Protocol Line-based text data: text/html No. TimeSourceDestination Protocol Info 126 1.46371310.10.165.158 10.173.90.171 HTTP GET /reports/TeeFromWeb.asp?teefile=2010420112359_2_teeFile HTTP/1.1 Frame 126 (414 bytes on wire, 414 bytes captured) Ethernet II, Src: HonHaiPr_0c:e0:49 (00:22:68:0c:e0:49), Dst: All-HSRP-routers_33 (00:00:0c:07:ac:33) Internet Protocol, Src: 10.10.165.158 (10.10.165.158), Dst: 10.173.90.171 (10.173.90.171) Transmission Control Protocol, Src Port: 53815 (53815), Dst Port: http (80), Seq: 4809, Ack: 96110, Len: 360 Hypertext Transfer Protocol No. TimeSourceDestination Protocol Info 127 1.46943110.173.90.171 10.10.165.158 TCP [TCP segment of a reassembled PDU] Frame 127 (1314 bytes on wire, 1314 bytes captured) Ethernet II, Src: Cisco_a6:f4:0a (00:0b:bf:a6:f4:0a), Dst: HonHaiPr_0c:e0:49 (00:22:68:0c:e0:49) Internet Protocol, Src: 10.173.90.171 (10.173.90.171), Dst: 10.10.165.158 (10.10.165.158) Transmission Control Protocol, Src Port: http (80), Dst Port: 53815 (53815), Seq: 96110, Ack: 5169, Len: 1260 No. TimeSourceDestination Protocol Info 128 1.46974010.173.90.171 10.10.165.158 TCP [TCP segment of a reassembled PDU] Frame 128 (1314 bytes on wire, 1314 bytes captured) Ethernet II, Src: Cisco_a6:f4:0a (00:0b:bf:a6:f4:0a), Dst: HonHaiPr_0c:e0:49 (00:22:68:0c:e0:49) Internet Protocol, Src: 10.173.90.171 (10.173.90.171), Dst: 10.10.165.158 (10.10.165.158) Transmission Control Protocol, Src Port: http (80), Dst Port: 53815 (53815), Seq: 97370, Ack: 5169, Len: 1260 No. TimeSourceDestination Protocol Info 129 1.46975610.10.165.158 10.173.90.171 TCP 53815 http [ACK] Seq=5169 Ack=98630 Win=42752 Len=0 Frame 129 (54 bytes on wire, 54 bytes captured) Ethernet II, Src: HonHaiPr_0c:e0:49 (00:22:68:0c:e0:49), Dst: All-HSRP-routers_33 (00:00:0c:07:ac:33) Internet Protocol, Src: 10.10.165.158 (10.10.165.158), Dst: 10.173.90.171
Re: [us...@httpd] Re: Apache module that enables ActiveX
I can't call u, i'm sorry :( any idea,however? 2010/4/20 Eli Mazin ema...@verizon.net Extensive!! Call me on my cell Eliahu(Elie) Mazin Network Engineer Security Information A+, Network+,Security +,MCSE,MCSA,CCENT CCNA,CCNP, CISSP Imperva , Bluecoat and F5 Expert 781 502 8882 Cell Office: 781 560 5995 Email: ema...@verizon.net -Original Message- From: alin vasile [mailto:alinachegal...@yahoo.com] Sent: Tuesday, April 20, 2010 7:37 AM To: users@httpd.apache.org Subject: Re: [us...@httpd] Re: Apache module that enables ActiveX what is the activex area in your html? From: Mauri lai...@gmail.com To: users@httpd.apache.org Sent: Tue, April 20, 2010 1:12:15 PM Subject: Re: [us...@httpd] Re: Apache module that enables ActiveX Hi expert. I'm sorry for the reply but I'm working for some days with no solution :( I have this scenario: SCENARIO 1) client i.e.7 -- proxy with SSL -- web server in http (I tried https, also) wireshark output (plain text) in attach: file with_proxy.txt I have apache-2.2.3, mod_proxy and mod_ssl. Below all details. SCENARIO 2) client i.e.7 -- web server in http (I tried https, also) wireshark output (plain text) in attach: file without_proxy.txt In Scenario 2 my browser is running properly the ACTIVEX. In the file in attach named GET /reports/TeeFromWeb.asp?teefile=2010420112359_2_teeFile HTTP/1.1 it working fine. In Scenario 1 the browser don't running properly the activex. If you see the attach the only difference id correlated to this GET: HTTP/1.1 200 OK (GIF89a) . I suppose that the client interprets the file as per an image (GIF). I don't undestand the reason. Anyone can help me? thanks for any suggest. Cheers, Mauri # uname -a Linux SRV01 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686 i386 GNU/Linux # rpm -qa | grep http httpd-manual-2.2.3-31.el5_4.2 system-config-httpd-1.3.3.3-1.el5 jakarta-commons-httpclient-3.0-7jpp.1 httpd-2.2.3-31.el5_4.2 httpd-devel-2.2.3-31.el5_4.2 # rpm -qa | grep ssl openssl-devel-0.9.8e-7.el5 mod_ssl-2.2.3-31.el5_4.2 docbook-style-dsssl-1.79-4.1 openssl-0.9.8e-7.el 2010/4/16 Tom Evans tevans...@googlemail.com On Fri, Apr 16, 2010 at 11:43 AM, Mauri lai...@gmail.com wrote: in this moment I don't use any others modules. I use mod_proxy and mod_ssl, only. Then you mean that the apache mod_proxy don't blocks any activex request? I don't have any problems in this request: client -- SERVERA mod_proxy (ex.192.168.0.10) over HTTPS -- SERVERB web server with activex (ex. 192.168.0.11) over HTTP If I try to connect to SERVERB the browser read the activex, if I try to connect to SERVERA the browser don't read the activex from the SERVERB. I'll find the problem on SERVERB? many thanks for your suggest. Cheers, Mauri So when you go direct to server b it works, and when you go via server a it doesn't work? Doesn't sound like anything to do with mod_proxy, sounds more like the browser refusing to run activex from a different security context. Is the HTML the same? Do either of the servers report any errors in error_log? Does the browser? Have you tried different browsers? Tom - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Re: Apache module that enables ActiveX
I'm sorry but someone mayebe help me? There are apache module that enables ActiveX? Thanks for any suggest. Cheers, Mauri 2010/4/15 Mauri lai...@gmail.com Hi, I have a proxy with SSL that forward any request to a backend platform. In this moment I have a problem if I'm trying to execute an activex on the backend platform. I'm reading that the mod_proxy blocks any activex request because it don't trust for the system. How I can do? I'm reading about mod_security. I'm finding on internet this website: http://brice.free.fr/ mod_activex_filter is an Apache module that enables ActiveX filtering for Apache proxy this module was wrote for 2.0.x in the year 2003 I don't know if I can use this or what i can find... anyone can help me? thanks. # uname -a Linux SRV01 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686 i386 GNU/Linux # rpm -qa | grep http httpd-manual-2.2.3-31.el5_4.2 system-config-httpd-1.3.3.3-1.el5 jakarta-commons-httpclient-3.0-7jpp.1 httpd-2.2.3-31.el5_4.2 httpd-devel-2.2.3-31.el5_4.2 # rpm -qa | grep ssl openssl-devel-0.9.8e-7.el5 mod_ssl-2.2.3-31.el5_4.2 docbook-style-dsssl-1.79-4.1 openssl-0.9.8e-7.el
Re: [us...@httpd] Re: Apache module that enables ActiveX
in this moment I don't use any others modules. I use mod_proxy and mod_ssl, only. Then you mean that the apache mod_proxy don't blocks any activex request? I don't have any problems in this request: client -- SERVERA mod_proxy (ex.192.168.0.10) over HTTPS -- SERVERB web server with activex (ex. 192.168.0.11) over HTTP If I try to connect to SERVERB the browser read the activex, if I try to connect to SERVERA the browser don't read the activex from the SERVERB. I'll find the problem on SERVERB? many thanks for your suggest. Cheers, Mauri 2010/4/16 Tom Evans tevans...@googlemail.com On Fri, Apr 16, 2010 at 11:13 AM, Mauri lai...@gmail.com wrote: I'm sorry but someone mayebe help me? There are apache module that enables ActiveX? Thanks for any suggest. Cheers, Mauri 2010/4/15 Mauri lai...@gmail.com Hi, I have a proxy with SSL that forward any request to a backend platform. In this moment I have a problem if I'm trying to execute an activex on the backend platform. I'm reading that the mod_proxy blocks any activex request because it don't trust for the system. How I can do? I'm reading about mod_security. I'm finding on internet this website: http://brice.free.fr/ mod_activex_filter is an Apache module that enables ActiveX filtering for Apache proxy this module was wrote for 2.0.x in the year 2003 I don't know if I can use this or what i can find... anyone can help me? thanks. # uname -a Linux SRV01 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686 i386 GNU/Linux # rpm -qa | grep http httpd-manual-2.2.3-31.el5_4.2 system-config-httpd-1.3.3.3-1.el5 jakarta-commons-httpclient-3.0-7jpp.1 httpd-2.2.3-31.el5_4.2 httpd-devel-2.2.3-31.el5_4.2 # rpm -qa | grep ssl openssl-devel-0.9.8e-7.el5 mod_ssl-2.2.3-31.el5_4.2 docbook-style-dsssl-1.79-4.1 openssl-0.9.8e-7.el mod_proxy does not alter the HTML presented to the browser, therefore it does not interfere with ActiveX as far as I can tell. The module you pointed to actually disables ActiveX controls by rewriting the html to remove references to the object tag, it would not help 'enabling' ActiveX. Cheers Tom - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Re: Apache module that enables ActiveX
the SERVERB is under my control in my VLAN. good question signed activex control...but in my case the problem exist in the HTTPS connection, and HTTP, also. Scenario 1 client -- SERVERA mod_proxy (ex.192.168.0.10) over HTTPS -- SERVERB web server with activex (ex. 192.168.0.11) over HTTP Scenario 2 client -- SERVERA mod_proxy (ex.192.168.0.10) over HTTP -- SERVERB web server with activex (ex. 192.168.0.11) over HTTP I have the same problem. Then I don't need to this. [quote] mod_proxy will not change the HTML, the HTML indicates how the ActiveX control should be loaded [quote] that is clear. For Eric: i'm trying to find towards activex Tom: Many thanks for all. Cheers, Mauri 2010/4/16 Tom Evans tevans...@googlemail.com On Fri, Apr 16, 2010 at 12:28 PM, Mauri lai...@gmail.com wrote: I'm checking about security context. The html request is the same. I have set LogLevel to debug. In attach the log during the activex request. There aren't errors. I use I.E. 7 as browser, only. If I connect to SERVERB the browser get the file .CAB (activex). The same if I'm try to connect to SERVERA (proxy). Thanks Tom. Cheers, Mauri Is SERVERB under your control, or is it a third party site, like eg, facebook.com, gmail.com etc. Are you trying to proxy some site with a signed activex control, which would indicate the website that the control should be used under, and hence would fail to work if proxied to a different host. I still don't think this has anything to do with Apache or mod_proxy - mod_proxy will not change the HTML, the HTML indicates how the ActiveX control should be loaded, and the control itself indicates the sites it will run on. Apache cannot do anything about that.. Cheers Tom - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Apache module that enables ActiveX
Hi, I have a proxy with SSL that forward any request to a backend platform. In this moment I have a problem if I'm trying to execute an activex on the backend platform. I'm reading that the mod_proxy blocks any activex request because it don't trust for the system. How I can do? I'm reading about mod_security. I'm finding on internet this website: http://brice.free.fr/ mod_activex_filter is an Apache module that enables ActiveX filtering for Apache proxy this module was wrote for 2.0.x in the year 2003 I don't know if I can use this or what i can find... anyone can help me? thanks. # uname -a Linux SRV01 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686 i386 GNU/Linux # rpm -qa | grep http httpd-manual-2.2.3-31.el5_4.2 system-config-httpd-1.3.3.3-1.el5 jakarta-commons-httpclient-3.0-7jpp.1 httpd-2.2.3-31.el5_4.2 httpd-devel-2.2.3-31.el5_4.2 # rpm -qa | grep ssl openssl-devel-0.9.8e-7.el5 mod_ssl-2.2.3-31.el5_4.2 docbook-style-dsssl-1.79-4.1 openssl-0.9.8e-7.el
