[us...@httpd] redirect all http to https
Hello I want to redirect ALL http requests to a virtual host to the https port using the same URL ( except for the protocol side ) Thanks for any info/links - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] redirect all http to https
virtual host *:80 RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R, L] or RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*)$ https://%{HTTP_HOST}/$1 [R=301,L] many ways to do it On Tue, Apr 20, 2010 at 12:55 AM, Frank Bonnet f.bon...@esiee.fr wrote: Hello I want to redirect ALL http requests to a virtual host to the https port using the same URL ( except for the protocol side ) Thanks for any info/links - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] redirect all http to https
Thanks a lot :-) On 04/20/10 09:59, Michael Ni wrote: virtual host *:80 RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R, L] or RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*)$ https://%{HTTP_HOST}/$1 [R=301,L] many ways to do it On Tue, Apr 20, 2010 at 12:55 AM, Frank Bonnet f.bon...@esiee.fr mailto:f.bon...@esiee.fr wrote: Hello I want to redirect ALL http requests to a virtual host to the https port using the same URL ( except for the protocol side ) Thanks for any info/links - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org mailto:users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org mailto:users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org mailto:users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Reverse proxy question
Hi, I am unable to set the proxy worker properties (connection pool size etc.) . If I remove my all Proxy Rewrite directives, I still see this in logs: proxy: initialized worker 0 in child 29085 for (*) min=0 max=7 smax=7 How this gets initialized? From: alin vasile alinachegal...@yahoo.com To: users@httpd.apache.org Sent: Sun, April 18, 2010 8:38:03 PM Subject: Re: [us...@httpd] Reverse proxy question The key here is that I want to rewrite some URL's using a remote proxy and I need to set the proxy properties in a common place (not repeating them at every RewriteRule). I saw that if I remove the ProxyPass directives the warnings dissapear. But are the ProxySet properties used in this case? From: alin vasile alinachegal...@yahoo.com To: users@httpd.apache.org Sent: Sat, April 17, 2010 5:44:43 PM Subject: [us...@httpd] Reverse proxy question Hi, I try to setup a reverse proxy with httpd 2.2.15: ProxyPass /112 http:/mywebserver/112 ProxyPassReverse /112 http:/mywebserver/112 and I want to rewrite some requests through it: RewriteCond %{REQUEST_URI} /112 RewriteRule /112/(.*) http://mywebserver/112/$1 [P,L] Also I would like to set some properties for this proxy: Proxy http:/mywebserver/112 ProxySet keepalive=On /Proxy In this moment if I start httpd I'll get the warning: worker http:/mywebserver/112 already used by another worker. What I am doing wrong? Thanks
Re: [us...@httpd] Re: Apache module that enables ActiveX
Hi expert. I'm sorry for the reply but I'm working for some days with no solution :( I have this scenario: SCENARIO 1) client i.e.7 -- proxy with SSL -- web server in http (I tried https, also) wireshark output (plain text) in attach: file with_proxy.txt I have apache-2.2.3, mod_proxy and mod_ssl. Below all details. SCENARIO 2) client i.e.7 -- web server in http (I tried https, also) wireshark output (plain text) in attach: file without_proxy.txt In Scenario 2 my browser is running properly the ACTIVEX. In the file in attach named GET /reports/TeeFromWeb.asp?teefile=2010420112359_2_teeFile HTTP/1.1 it working fine. In Scenario 1 the browser don't running properly the activex. If you see the attach the only difference id correlated to this GET: HTTP/1.1 200 OK (GIF89a) . I suppose that the client interprets the file as per an image (GIF). I don't undestand the reason. Anyone can help me? thanks for any suggest. Cheers, Mauri # uname -a Linux SRV01 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686 i386 GNU/Linux # rpm -qa | grep http httpd-manual-2.2.3-31.el5_4.2 system-config-httpd-1.3.3.3-1.el5 jakarta-commons-httpclient-3.0-7jpp.1 httpd-2.2.3-31.el5_4.2 httpd-devel-2.2.3-31.el5_4.2 # rpm -qa | grep ssl openssl-devel-0.9.8e-7.el5 mod_ssl-2.2.3-31.el5_4.2 docbook-style-dsssl-1.79-4.1 openssl-0.9.8e-7.el 2010/4/16 Tom Evans tevans...@googlemail.com On Fri, Apr 16, 2010 at 11:43 AM, Mauri lai...@gmail.com wrote: in this moment I don't use any others modules. I use mod_proxy and mod_ssl, only. Then you mean that the apache mod_proxy don't blocks any activex request? I don't have any problems in this request: client -- SERVERA mod_proxy (ex.192.168.0.10) over HTTPS -- SERVERB web server with activex (ex. 192.168.0.11) over HTTP If I try to connect to SERVERB the browser read the activex, if I try to connect to SERVERA the browser don't read the activex from the SERVERB. I'll find the problem on SERVERB? many thanks for your suggest. Cheers, Mauri So when you go direct to server b it works, and when you go via server a it doesn't work? Doesn't sound like anything to do with mod_proxy, sounds more like the browser refusing to run activex from a different security context. Is the HTML the same? Do either of the servers report any errors in error_log? Does the browser? Have you tried different browsers? Tom - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org Hypertext Transfer Protocol Line-based text data: text/html No. TimeSourceDestination Protocol Info 126 1.46371310.10.165.158 10.173.90.171 HTTP GET /reports/TeeFromWeb.asp?teefile=2010420112359_2_teeFile HTTP/1.1 Frame 126 (414 bytes on wire, 414 bytes captured) Ethernet II, Src: HonHaiPr_0c:e0:49 (00:22:68:0c:e0:49), Dst: All-HSRP-routers_33 (00:00:0c:07:ac:33) Internet Protocol, Src: 10.10.165.158 (10.10.165.158), Dst: 10.173.90.171 (10.173.90.171) Transmission Control Protocol, Src Port: 53815 (53815), Dst Port: http (80), Seq: 4809, Ack: 96110, Len: 360 Hypertext Transfer Protocol No. TimeSourceDestination Protocol Info 127 1.46943110.173.90.171 10.10.165.158 TCP [TCP segment of a reassembled PDU] Frame 127 (1314 bytes on wire, 1314 bytes captured) Ethernet II, Src: Cisco_a6:f4:0a (00:0b:bf:a6:f4:0a), Dst: HonHaiPr_0c:e0:49 (00:22:68:0c:e0:49) Internet Protocol, Src: 10.173.90.171 (10.173.90.171), Dst: 10.10.165.158 (10.10.165.158) Transmission Control Protocol, Src Port: http (80), Dst Port: 53815 (53815), Seq: 96110, Ack: 5169, Len: 1260 No. TimeSourceDestination Protocol Info 128 1.46974010.173.90.171 10.10.165.158 TCP [TCP segment of a reassembled PDU] Frame 128 (1314 bytes on wire, 1314 bytes captured) Ethernet II, Src: Cisco_a6:f4:0a (00:0b:bf:a6:f4:0a), Dst: HonHaiPr_0c:e0:49 (00:22:68:0c:e0:49) Internet Protocol, Src: 10.173.90.171 (10.173.90.171), Dst: 10.10.165.158 (10.10.165.158) Transmission Control Protocol, Src Port: http (80), Dst Port: 53815 (53815), Seq: 97370, Ack: 5169, Len: 1260 No. TimeSourceDestination Protocol Info 129 1.46975610.10.165.158 10.173.90.171 TCP 53815 http [ACK] Seq=5169 Ack=98630 Win=42752 Len=0 Frame 129 (54 bytes on wire, 54 bytes captured) Ethernet II, Src: HonHaiPr_0c:e0:49 (00:22:68:0c:e0:49), Dst: All-HSRP-routers_33 (00:00:0c:07:ac:33) Internet Protocol, Src: 10.10.165.158 (10.10.165.158), Dst: 10.173.90.171
Re: [us...@httpd] Re: Apache module that enables ActiveX
what is the activex area in your html? From: Mauri lai...@gmail.com To: users@httpd.apache.org Sent: Tue, April 20, 2010 1:12:15 PM Subject: Re: [us...@httpd] Re: Apache module that enables ActiveX Hi expert. I'm sorry for the reply but I'm working for some days with no solution :( I have this scenario: SCENARIO 1) client i.e.7 -- proxy with SSL -- web server in http (I tried https, also) wireshark output (plain text) in attach: file with_proxy.txt I have apache-2.2.3, mod_proxy and mod_ssl. Below all details. SCENARIO 2) client i.e.7 -- web server in http (I tried https, also) wireshark output (plain text) in attach: file without_proxy.txt In Scenario 2 my browser is running properly the ACTIVEX. In the file in attach named GET /reports/TeeFromWeb.asp?teefile=2010420112359_2_teeFile HTTP/1.1 it working fine. In Scenario 1 the browser don't running properly the activex. If you see the attach the only difference id correlated to this GET: HTTP/1.1 200 OK (GIF89a) . I suppose that the client interprets the file as per an image (GIF). I don't undestand the reason. Anyone can help me? thanks for any suggest. Cheers, Mauri # uname -a Linux SRV01 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686 i386 GNU/Linux # rpm -qa | grep http httpd-manual-2.2.3-31.el5_4.2 system-config-httpd-1.3.3.3-1.el5 jakarta-commons-httpclient-3.0-7jpp.1 httpd-2.2.3-31.el5_4.2 httpd-devel-2.2.3-31.el5_4.2 # rpm -qa | grep ssl openssl-devel-0.9.8e-7.el5 mod_ssl-2.2.3-31.el5_4.2 docbook-style-dsssl-1.79-4.1 openssl-0.9.8e-7.el 2010/4/16 Tom Evans tevans...@googlemail.com On Fri, Apr 16, 2010 at 11:43 AM, Mauri lai...@gmail.com wrote: in this moment I don't use any others modules. I use mod_proxy and mod_ssl, only. Then you mean that the apache mod_proxy don't blocks any activex request? I don't have any problems in this request: client -- SERVERA mod_proxy (ex.192.168.0.10) over HTTPS -- SERVERB web server with activex (ex. 192.168.0.11) over HTTP If I try to connect to SERVERB the browser read the activex, if I try to connect to SERVERA the browser don't read the activex from the SERVERB. I'll find the problem on SERVERB? many thanks for your suggest. Cheers, Mauri So when you go direct to server b it works, and when you go via server a it doesn't work? Doesn't sound like anything to do with mod_proxy, sounds more like the browser refusing to run activex from a different security context. Is the HTML the same? Do either of the servers report any errors in error_log? Does the browser? Have you tried different browsers? Tom - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Setting up Case insensitive Reverse Proxy
Hi, I would like to setup case insensitive reverse proxy for my site which has more than 100 such reverse proxy and the code has the links with different cases in it. As of now I am setting two Reverse PRoxy for such setup as below. ProxyPass /abc/http://www.xyx.com/ABC ProxyPassReverse /abc/ http://www.xyx.com/ABC ProxyPass /ABC/http://www.xyx.com/ABC ProxyPassReverse /ABC/ http://www.xyx.com/ABC Please advice. Best Reards, Arun Janarthanan
RE: [us...@httpd] Re: Apache module that enables ActiveX
Extensive!! Call me on my cell Eliahu(Elie) Mazin Network Engineer Security Information A+, Network+,Security +,MCSE,MCSA,CCENT CCNA,CCNP, CISSP Imperva , Bluecoat and F5 Expert 781 502 8882 Cell Office: 781 560 5995 Email: ema...@verizon.net -Original Message- From: alin vasile [mailto:alinachegal...@yahoo.com] Sent: Tuesday, April 20, 2010 7:37 AM To: users@httpd.apache.org Subject: Re: [us...@httpd] Re: Apache module that enables ActiveX what is the activex area in your html? From: Mauri lai...@gmail.com To: users@httpd.apache.org Sent: Tue, April 20, 2010 1:12:15 PM Subject: Re: [us...@httpd] Re: Apache module that enables ActiveX Hi expert. I'm sorry for the reply but I'm working for some days with no solution :( I have this scenario: SCENARIO 1) client i.e.7 -- proxy with SSL -- web server in http (I tried https, also) wireshark output (plain text) in attach: file with_proxy.txt I have apache-2.2.3, mod_proxy and mod_ssl. Below all details. SCENARIO 2) client i.e.7 -- web server in http (I tried https, also) wireshark output (plain text) in attach: file without_proxy.txt In Scenario 2 my browser is running properly the ACTIVEX. In the file in attach named GET /reports/TeeFromWeb.asp?teefile=2010420112359_2_teeFile HTTP/1.1 it working fine. In Scenario 1 the browser don't running properly the activex. If you see the attach the only difference id correlated to this GET: HTTP/1.1 200 OK (GIF89a) . I suppose that the client interprets the file as per an image (GIF). I don't undestand the reason. Anyone can help me? thanks for any suggest. Cheers, Mauri # uname -a Linux SRV01 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686 i386 GNU/Linux # rpm -qa | grep http httpd-manual-2.2.3-31.el5_4.2 system-config-httpd-1.3.3.3-1.el5 jakarta-commons-httpclient-3.0-7jpp.1 httpd-2.2.3-31.el5_4.2 httpd-devel-2.2.3-31.el5_4.2 # rpm -qa | grep ssl openssl-devel-0.9.8e-7.el5 mod_ssl-2.2.3-31.el5_4.2 docbook-style-dsssl-1.79-4.1 openssl-0.9.8e-7.el 2010/4/16 Tom Evans tevans...@googlemail.com On Fri, Apr 16, 2010 at 11:43 AM, Mauri lai...@gmail.com wrote: in this moment I don't use any others modules. I use mod_proxy and mod_ssl, only. Then you mean that the apache mod_proxy don't blocks any activex request? I don't have any problems in this request: client -- SERVERA mod_proxy (ex.192.168.0.10) over HTTPS -- SERVERB web server with activex (ex. 192.168.0.11) over HTTP If I try to connect to SERVERB the browser read the activex, if I try to connect to SERVERA the browser don't read the activex from the SERVERB. I'll find the problem on SERVERB? many thanks for your suggest. Cheers, Mauri So when you go direct to server b it works, and when you go via server a it doesn't work? Doesn't sound like anything to do with mod_proxy, sounds more like the browser refusing to run activex from a different security context. Is the HTML the same? Do either of the servers report any errors in error_log? Does the browser? Have you tried different browsers? Tom - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [us...@httpd] Re: Apache module that enables ActiveX
ELIAHU (ELI)MAZIN OFFICE : 781 560 5995 CELL: 781 502 8882 EMAIL: ema...@verizon.net MCSA, MCSE, CCNA, CCNP, CISSP SUMMARY: Senior Cyber Security /Network Security professional with over twenty years of extensive experience in security and in designing and maintaining large scale multi-vendor enterprise using WAN/LAN Networks. OBJECTIVE: To find a hands-on permanent position within a stable company where my 15 years of Cyber Security experience will be an asset. STATUS: Green Card ADDITIONAL QUALIFICATIONS 15 years Cyber Security 10 years Patch Management experience on Windows, UNIX and Red Hat Linux 10 years experience in IDS, SAN, Cyber Best Practices, Risk Assessment and Scripting (Perl DHDL) 8 years Cyber Forensics (Encase FDK) Programming and Scripting Languages: Cobol, RGP ,PHP, Python and Perl EDUCATION: 2000Fairfield University (MOT), Fairfield Master of Science in Technology Management 1978Temple University, Philadelphia, PA Bachelor of Business Administration, Major in Marketing, Minor in Communication 1994Law Degree University of Jerusalem Israel 1993International Export and trading Tel Aviv Israel 1986System Analyst Justus Liebig University Giessen Germany Certifications: A+, Network+, Security+, MCSE, MCSA, CCENT, CCNA, CCNP, CCA, CCEA, CISSP, Oracle, Six Sigma Black Belt. The Juniper (JNCIP) Firewall/VPN certification Languages: English, German, Hebrew, Arabic, Farsi, Yiddish, Aramaic, Russian, and Dutch. COMMUNITY AND SOCIAL ACTIVITIES: Member of the Board of Directors: North and South Shore Jewish Federation, Spanish Chamber Of Commerce Lawrence, and Lowell MA SKILLS: Protocols: TCP/IP, IPX, AppleTalk, DECNET Routing Protocols: BGP, RIP, OSPF, Static Routing Technical Training: Cisco ICRC ACRC, Cisco Networkers 96, 97, 98, and 2000. Foundry (Brocade): ServerIron 450 Load Balancer Cisco Routers Switches: 1600, 2500, 3810, 4000, 7000, 7200, 7500, 7600 and GSR 120012 series routers w/IOS 10.x, 11.x, 12.x. Catalyst 3500, 3550, 3750, 4000, 4500, 5000, 5500 and 6500 series switches w/3.x, 4.x, 5x Code, IOS and Supervisor I, II and III Cards as well as RSMs and MSFCs, Cisco VPN 3000 Series Concentrators. Local Director 430, Pix Firewalls, and Cisco Wireless Access Points, Cisco Secure ACS v4.1 Juniper Networks Equipment: Juniper Networks Secure Access 2000 and Netscreen 50 Firewall. Virtual Private Network (VPN) Experience: LAN-LAN, Nortel CES4600D VPN Gateway and Cisco VPN 3000 Series Concentrators. BlueCoat SG 510C and reporter. Secure Sphere WAF G4 from Imperva. Management Software Hardware: Spectrum Enterprise Manager, Spectrum One-Click and Reporting Gateway, MRTG, Alcatel-Lucent VitalSuite Software Performance Management. Enterasys switches chasis S N and X series, stackable A B and C standalone D G and I routers . Enterasys WLAN Controllers and Access Points with Direct Path Forwarding . Telephone support . Datalink/Physical Layer Experience: OC-3, OC-12, T1/T3, Frame Relay, ISDN, FDDI, Ethernet (10/100/1000) Datalink/Physical Layer/TEST Equipment: Larscom Access-T, Split-T, Mega-T. Telco-Systems 828A T3 Multiplexers, Electrodata TTS 3 EZ-Tester II for T1 and T3 Testing, Network General Sniffer and Airmagnet Wireless Analyzer. Nortel: Meridian Option 81C and 11C PBX, Call Pilot Voice Mail Systems, Bridge Conferencing, OTM SAN Administrator: Systems/SAN/backup/network administrator/engineer with over twelve years of experience Install, Configure, Maintain Admin Storage Environment provide storage space based on the business rqmts. Responsible for SAN Mgmt. Work with Storage products from IBM, EMC, HP NAS. Troubleshoot support SAN NAS environments to deliver proactive solutions. Plan, design implement Virtual Infrastructure WAN LAN deployment. Work with ECC SAN manager, Solution enabler CLI, VMware ESX server. SAN, ESX, Linux, Windows, Solaris, DR systems engineer/administrator for a global B2B processing (supply chain, order management, electronic data interchange logics) network. Seamlessly migrated implemented a new disaster redundant off-site production datacenter using DBSi facilities, while upgrading maintaining an existing SunGard co-located remote data center. To support goals initiatives we migrated corporate headquarters to a new office park to increase space; support growth for technology; staff customers. We utilized these technologies to make projects initiatives a reality: VMware ESX/VCB/VIC/HA/DRS/VMotion on HP Blade Chassis; Hyperic/nagios/Big Brother; CommVault Galaxy; Sun Solaris; Red-Hat Enterprise Linux; SUN Solaris; Microsoft Windows Server; EMC CLARiiON storage arrays; Oracle RAC/DataGuard; Brocade SAN; Cisco network switches Lenovo equipment WORK EXPERIENCE 10/12/09 Present STARWOOD HOTELS RESORTS WORLDWIDE, INC Braintree, MA Network Operations Manager(VOIP Specialist)/Contract Maintain the data network
[us...@httpd] memory leak (?) when a copy of the ErrorLog is done
Hi, I'm using the httpd apache server and inside the httpd.conf I have the ErrorLog set as: ErrorLog /logs/SystemLogs.trace I'm using also a custom module writing a lot of trace in the ErrorLog using the API like: ap_log_error (__FILE__, __LINE__, APLOG_ERR, 0, prrRequestRec - server, %s, ...); or ap_log_error (__FILE__, __LINE__, APLOG_WARNING, 0, prrRequestRec - server, %s, ...); I have also a crontab job that periodically copy the /logs/SystemLogs.trace in a repository cp /logs/SystemLogs.trace /Repository/SystemLogs.trace and reset the current log using the command: echo /logs/SystemLogs.trace So, the issue is that: - every time the copy is done we saw the memory usage is decreased a lot and - if we remove the copied log file (rm /Repository/SystemLogs.trace) the memory usage is again increased Why the memory usage is impacted when the copy of the log file is done or the copied log file is removed? Thanks in advance for your help giu
Re: [us...@httpd] Re: Apache module that enables ActiveX
I can't call u, i'm sorry :( any idea,however? 2010/4/20 Eli Mazin ema...@verizon.net Extensive!! Call me on my cell Eliahu(Elie) Mazin Network Engineer Security Information A+, Network+,Security +,MCSE,MCSA,CCENT CCNA,CCNP, CISSP Imperva , Bluecoat and F5 Expert 781 502 8882 Cell Office: 781 560 5995 Email: ema...@verizon.net -Original Message- From: alin vasile [mailto:alinachegal...@yahoo.com] Sent: Tuesday, April 20, 2010 7:37 AM To: users@httpd.apache.org Subject: Re: [us...@httpd] Re: Apache module that enables ActiveX what is the activex area in your html? From: Mauri lai...@gmail.com To: users@httpd.apache.org Sent: Tue, April 20, 2010 1:12:15 PM Subject: Re: [us...@httpd] Re: Apache module that enables ActiveX Hi expert. I'm sorry for the reply but I'm working for some days with no solution :( I have this scenario: SCENARIO 1) client i.e.7 -- proxy with SSL -- web server in http (I tried https, also) wireshark output (plain text) in attach: file with_proxy.txt I have apache-2.2.3, mod_proxy and mod_ssl. Below all details. SCENARIO 2) client i.e.7 -- web server in http (I tried https, also) wireshark output (plain text) in attach: file without_proxy.txt In Scenario 2 my browser is running properly the ACTIVEX. In the file in attach named GET /reports/TeeFromWeb.asp?teefile=2010420112359_2_teeFile HTTP/1.1 it working fine. In Scenario 1 the browser don't running properly the activex. If you see the attach the only difference id correlated to this GET: HTTP/1.1 200 OK (GIF89a) . I suppose that the client interprets the file as per an image (GIF). I don't undestand the reason. Anyone can help me? thanks for any suggest. Cheers, Mauri # uname -a Linux SRV01 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686 i386 GNU/Linux # rpm -qa | grep http httpd-manual-2.2.3-31.el5_4.2 system-config-httpd-1.3.3.3-1.el5 jakarta-commons-httpclient-3.0-7jpp.1 httpd-2.2.3-31.el5_4.2 httpd-devel-2.2.3-31.el5_4.2 # rpm -qa | grep ssl openssl-devel-0.9.8e-7.el5 mod_ssl-2.2.3-31.el5_4.2 docbook-style-dsssl-1.79-4.1 openssl-0.9.8e-7.el 2010/4/16 Tom Evans tevans...@googlemail.com On Fri, Apr 16, 2010 at 11:43 AM, Mauri lai...@gmail.com wrote: in this moment I don't use any others modules. I use mod_proxy and mod_ssl, only. Then you mean that the apache mod_proxy don't blocks any activex request? I don't have any problems in this request: client -- SERVERA mod_proxy (ex.192.168.0.10) over HTTPS -- SERVERB web server with activex (ex. 192.168.0.11) over HTTP If I try to connect to SERVERB the browser read the activex, if I try to connect to SERVERA the browser don't read the activex from the SERVERB. I'll find the problem on SERVERB? many thanks for your suggest. Cheers, Mauri So when you go direct to server b it works, and when you go via server a it doesn't work? Doesn't sound like anything to do with mod_proxy, sounds more like the browser refusing to run activex from a different security context. Is the HTML the same? Do either of the servers report any errors in error_log? Does the browser? Have you tried different browsers? Tom - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Re: Apache module that enables ActiveX
On Tue, Apr 20, 2010 at 8:28 AM, Eli Mazin ema...@verizon.net wrote: Html experience see under emaz I am on the road call me if you need something on my cel Don't post this garbage on this mailing list. -- Eric Covener cove...@gmail.com - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] loadbalancer not working as expected
Igor, thanks a lot for your help. I made the changes yesterday and everything is working as expected now. Bummer, one of the appsrv has the appsvr who was overloaded, this being the reason for all the session going to it. Thanks a lot! On Sun, Apr 18, 2010 at 11:06 PM, Igor Cicimov icici...@gmail.com wrote: Hi, Have you done any modification on the tomcats? I think you need to put the jvmRoute parameter as follows in the conf/server.xml file: Engine jvmRoute=appsvr1 name=Standalone defaultHost=localhost debug=0 and same for appsvr2 and appsvr3. Cheers, Igor On Sat, Apr 17, 2010 at 5:35 AM, Joaquin Martinez joaquinmarti...@gmail.com wrote: Hello all. Please, bear with me. I have made a configuration on workers.properties file to balance dynamic servlet content through three application servers, using Tomcat as our web server. As per the configuration, I am not seeing the load being balance across all three app servers, but rather the load goes especifically to one of them. Once I shutdown this Tomcat server, the load goes to another server and so on. I am seeing this through the Sessions column under Tomcat's manager application on each server. It is my understanding the the load should be almost round-robin. So, Im going to show you my configuration to see if you can light me on any errors. First, we are using apache Apache/2.0.58 and Tomcat Tomcat/5.5.23. Operating system is HP-UX 11.31, Both components comes bundled with HP-UX Web Server Suite. Here's the content of the workers.properties file. worker.list=loadbalancer,jkstatus worker.appsvr1.port=8009 worker.appsvr1.lbfactor=37 worker.appsvr1.host=192.168.4.21 worker.appsvr1.connection_pool_timeout=600 worker.appsvr1.retries=2 worker.appsvr1.socket_keepalive=true worker.appsvr1.type=ajp13 worker.appsvr2.port=8009 worker.appsvr2.lbfactor=25 worker.appsvr2.host=192.168.4.22 worker.appsvr2.connection_pool_timeout=600 worker.appsvr2.retries=2 worker.appsvr2.socket_keepalive=true worker.appsvr2.type=ajp13 worker.appsvr3.port=8009 worker.appsvr3.lbfactor=37 worker.appsvr3.host=192.168.4.23 worker.appsvr3.connection_pool_timeout=600 worker.appsvr3.retries=2 worker.appsvr3.socket_keepalive=true worker.appsvr3.type=ajp13 worker.jkstatus.type=status worker.loadbalancer.type=lb worker.loadbalancer.balance_workers=appsvr1,appsvr2,appsvr3 worker.loadbalancer.sticky_session=true NOTE: Previously, I had lbfactor set to 37 on all three. and in an attemp to change the behaivour I have been flirting with lower values for appsvr2, but with not avail. Currently, the appsvr that is getting the most load is appsvr2. It is annoying, because to solve the problem I have to bounce Tomcat every time, since the application starts to gets slow. So, how do I do to get Apache to distribuite the load uniformily (at least round-robin) across all three ? Is there any missing configuration you can point out on the workers.properties ? At your request, I can show you the mod_jk.conf file. Thansk! appreciate any help! - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org -- Suerte! Joaquin Martinez -- En ninguno de mis mensajes trato de insultar ó perjudicar intencionalmente a nadie, pero si por alguna razón sientes que así lo hice, disculpame.. pues el ser humano no es perfecto y comete errores. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Re: Apache module that enables ActiveX
On 4/20/10 8:06 AM, Eric Covener wrote: On Tue, Apr 20, 2010 at 8:28 AM, Eli Mazinema...@verizon.net wrote: Html experience see under emaz I am on the road call me if you need something on my cel Don't post this garbage on this mailing list. Or, a slightly nicer way to say this - there's a Reply all feature in email. Use it. Delete the list email address from the recipients. We don't want to read your interpersonal back and forth. It's fine, just not public or useful to any of the rest of us. Since most of us read hundreds, if not thousands of messages each and every day, we tend to tire quickly of personal communications that don't include us. If it's private, keep it private. If it's about Apache (and can help us all), post it here. Cheers, -- Jason A. Nunnelley +1 2562971652 http://www.google.com/profiles/imjasonn [Member Tekany, LLC] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Re: Apache module that enables ActiveX
On Tue, Apr 20, 2010 at 9:16 AM, Jason Nunnelley ja...@jasonn.com wrote: On 4/20/10 8:06 AM, Eric Covener wrote: On Tue, Apr 20, 2010 at 8:28 AM, Eli Mazinema...@verizon.net wrote: Html experience see under emaz I am on the road call me if you need something on my cel Don't post this garbage on this mailing list. Or, a slightly nicer way to say this - there's a Reply all feature in email. Use it. Delete the list email address from the recipients. We don't want to read your interpersonal back and forth. It's fine, just not public or useful to any of the rest of us. Since most of us read hundreds, if not thousands of messages each and every day, we tend to tire quickly of personal communications that don't include us. If it's private, keep it private. If it's about Apache (and can help us all), post it here. I think this goes a bit beyond just the courtesy of branching off into private correspondence, since this guy responded to a question on the user support list with two copies of his Resume instead of a useful answer. -- Eric Covener cove...@gmail.com - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Redirect after HTTP Post appears to be corrupting the Get request sent
Hi I have some pages that are protected i.e. when the user tries to access them after a period of inactivity, they are redirected to a login page, which, if they log in correctly, will take them to the page they were originally requesting. My problem is that if the original page was accessed via HTTP Get, they are presented with the login form, but if the original page was accessed via HTTP Post, my Apache HTTP proxy server returns a 400 response. So, with the HTTP Get, the sequence of messages using Firefox LiveHTTPHeaders is: Request: HTTP Get xyzURL Response: HTTP 302 OK Location: loginURL Request:HTTP Get loginURL Response: HTTP 200 OK With the HTTP Post, the sequence of messages is: Request: HTTP Post xyzURL formdata Response: HTTP 302 OK Location: loginURL Request:HTTP Get loginURL Response: HTTP 400 Bad request When I examine access_log on the HTTP server, I see the following coming in for the HTTP Get: GET xyzURL 302 GET loginURL 200 I see the following coming in for the HTTP Post: POST xyzURL 302 formdataGET loginURL 400 I think that because of the formdata inserted before the GET loginURL the request is not understood. My question is why/how is this happening? What module or configuration could be at fault? I have not changed the standard config afaik. The decision to present the login page is made by an Oracle Access Server, and does not appear to be faulty. thanks, Baljeet.
[us...@httpd] Reverse Proxy https to http
Hello, I am trying to configure my proxy to be able to accept HTTPS and forward requests to backend server which is in HTTP user--(https://mydomain.com/abc)-ssl: [reverse proxy]:http---http://backend.ca/8082/abc I want to preserve the URL as https//mydomain.com/abc. I looked at my firewall logs and noticed 6 https sessions and one http. The http session is what is not working in my rewriting I presume. My goal is to preserve https protocol client side, although the backend is in http. Also, when I use Preserverhost on when using https to http, it fails right away BUT https to https works good. Thx here is my config file User nobody Group nobody ServerAdmin ...@x ServerName mydomain.com UseCanonicalName Off ServerSignature Off HostnameLookups Off SecServerSignature Serveur-Web/1.0 ServerRoot /usr/apache2 DocumentRoot /var/apache2/htdocs PidFile /var/apache2/logs/httpd.pid ScoreBoardFile /var/apache2/logs/httpd.scoreboard Listen 80 Timeout 60 KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 15 IfModule prefork.c MinSpareServers 10 MaxSpareServers 20 StartServers10 MaxClients 256 MaxRequestsPerChild 0 /IfModule IfModule worker.c StartServers 2 MaxClients 250 MinSpareThreads 25 MaxSpareThreads 75 ThreadsPerChild 25 /IfModule LimitRequestBody 10240 LimitRequestFields 40 LimitRequestFieldsize 1500 LimitRequestline 500 CoreDumpDirectory /var/apache2/logs Directory / Options None AllowOverride None Order deny,allow Deny from all /Directory Directory /var/apache2/htdocs Order allow,deny Allow from all /Directory Directory /www Order allow,deny Allow from all /Directory IfModule mod_mime.c TypesConfig /etc/apache2/mime.types /IfModule DefaultType text/plain IfModule mod_mime.c AddEncoding x-compress .Z AddEncoding x-gzip .gz .tgz AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddType application/x-tar .tgz AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl /IfModule LogLevel notice ErrorLog syslog:local7 LogFormat %h %l %u %t \%r\ %s %b \%{Referer}i\ \%{User-Agent}i\ combined LogFormat %h %l %u %t \%r\ %s %b common LogFormat %{Referer}i - %U referer LogFormat %{User-agent}i agent ErrorLog /var/apache2/logs/error_log CustomLog /var/apache2/logs/access_log combined IfDefine SSL LoadModule ssl_module modules/mod_ssl.so /IfDefine IfModule mod_ssl.c Include /etc/apache2/ssl.conf /IfModule RewriteEngine on RewriteLog /var/apache2/logs/rewrite.log RewriteLogLevel 2 RewriteCond %{SERVER_PROTOCOL} !^https [NC] RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,QSA] NameVirtualHost 10.6.3.205:443 NameVirtualHost 10.6.3.103:443 IfModule mod_ssl.c VirtualHost 10.6.3.205:443 ServerName mydomain1.com ServerAlias mydomain1 ProxyBadHeader Ignore ProxyRequests Off ProxyPreserveHost On RewriteEngine On SSLProxyEngine on DocumentRoot /var/apache2/htdocs ProxyPass https://mydomain1.com/ https://backend3.ca:44322/ ProxyPass / https://backend3.ca:44322/ ProxyPassReverse https://backend3.ca:44322/ https://mydomain1.com/ LogLevel info ErrorLog /var/apache2/logs/mydomain1.com.error.log TransferLog /var/apache2/logs/mydomain1.com.access.log RewriteLogLevel 0 RewriteLog /var/apache2/logs/mydomain1.com.rewrite.log /VirtualHost VirtualHost 10.6.3.103:443 ServerName mydomain.com ServerAlias mydomain ProxyBadHeader Ignore ProxyRequests Off RewriteEngine On SSLProxyEngine on RewriteEngine on RewriteRule ^/lsw2(.*)$ https://backend1.sap.ca:26961/lsw2/$1 [NC,P,L]# this works #this for some reason becomes http from client perspective #PreserveHost on does not work with lsw, so I disabled it RewriteRule ^/lsw(.*)$http://backend2.ca:8082/lsw$1 [NC,P,L] ProxyPassReverse /lsw http://backend2.ca:8082/lsw Redirect permanent /lsw https://mydomain.com/lsw LogLevel info ErrorLog /var/apache2/logs/mydomain.com.error.log TransferLog/var/apache2/logs/mydomain.com.access.log RewriteLogLevel 0 RewriteLog /var/apache2/logs/mydomain.com.rewrite.log /VirtualHost /IfModule LoadModule security_modulemodules/mod_security.so SecFilterEngine On SecFilterCheckURLEncoding On SecFilterCheckUnicodeEncoding On SecFilter hidden SecFilterForceByteRange 32 126 SecAuditEngine RelevantOnly SecAuditLog /var/apache2/logs/audit_log SecFilterDebugLog /var/apache2/logs/modsec_debug_log SecFilterDebugLevel 0 SecFilterDefaultAction deny,log,status:500 SecFilterSelective HTTP_Transfer-Encoding !^$ SecFilter /etc/passwd SecFilterSelective ARGS bin/ SecFilterSelective ARGS ^(.*)[][\|\#|\^|\{|\}||\||\`||\@|\$|\*](.*)$ SecFilter delete[[:space:]]+from SecFilter insert[[:space:]]+into SecFilter select.+from - The official User-To-User support forum of
RE: [us...@httpd] Timestamps of access log entries
Why not change the timezone on the whole server, not just Apache? smime.p7s Description: S/MIME cryptographic signature
[us...@httpd] security incident and md5/sha1 checksums
Hi, Concerning the security incident recently reported: https://blogs.apache.org/infra/entry/apache_org_04_09_2010 It says that some SVN access was compromised. Does that mean I have to check {md5,sha1}sum of things downloaded during the incident? Will ASF report a new (reliable) list of MD5/SHA1 of everything? Sorry to post here, I've found some comments in the above blog asking the same, but with no answer. Cheers, Diego. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Reverse proxy - block explicit proxy setup
I managed to do this with rewrite rules; if the requested host is not on intranet, I'll forbid the request: RewriteRule .* - [F] From: alin vasile alinachegal...@yahoo.com To: users@httpd.apache.org Sent: Mon, April 19, 2010 11:36:23 PM Subject: Re: [us...@httpd] Reverse proxy - block explicit proxy setup Actually it doesn't block all the requests, but the requests that should go through the transparent proxy aren't rewriten, they are tried to be resolved to local files. From: alin vasile alinachegal...@yahoo.com To: users@httpd.apache.org Sent: Mon, April 19, 2010 11:24:16 PM Subject: Re: [us...@httpd] Reverse proxy - block explicit proxy setup I made this virtual host: NameVirtualHost * VirtualHost * Directory / Order deny, allow Deny from all /Directory /VirtualHost * But it blocks also my normal GET requests that should go through the transparent proxy (the client doesn't have the webserver configured as proxy). From: Eric Covener cove...@gmail.com To: users@httpd.apache.org Sent: Mon, April 19, 2010 10:39:31 PM Subject: Re: [us...@httpd] Reverse proxy - block explicit proxy setup On Mon, Apr 19, 2010 at 2:47 PM, alin vasile alinachegal...@yahoo.com wrote: Hi all, After I am setting up a reverse proxy using httpd, how can I disable the requests from the clients that have it configured as (forward) proxy? For example If i put my proxy IP port in Proxomitron, even if I configured ProxyRequests Off, I can see in it while testing : New Message Log Window Testing 192.168.187.129:3 Waiting for remote proxy's reply HTTP/1.1 200 OK Ending proxy test Testing 192.168.187.129:3 Waiting for remote proxy's reply HTTP/1.1 200 OK Ending proxy test Thanks. It's probably not being proxied, but served by your default (first-listed) vhost that matches. Create a default virtualhost to capture these and configure it to deny all. -- Eric Covener cove...@gmail.com - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Rewrite rule rewriting unexpectedly
Eric Covener wrote, On 4/19/2010 2:59 PM: On Mon, Apr 19, 2010 at 5:44 PM, Glenn Gillis gl...@elaw.org wrote: Would any rewriting gurus out there care to speculate why the rewrite rule: RewriteRule /blog http://spotlight.wordpress.com/; would cause the image URL: img src=/system/files/images_content/blogspot_final_framed_0.jpg alt=what we do width=500 height=125 / to redirect to the spotlight.wordpress.com webpage? Running Apache 2.2.9 on FreeBSD 6.x. If you want to match exactly /blog and not that string inside the URL, you need to anchor it with e.g. ^/blog$ Thanks, that works! I believe I had tried it with just ^/blog and just /blog$ but not with ^/blog$. -- Glenn smime.p7s Description: S/MIME Cryptographic Signature
[us...@httpd] forward requests to apache web server from sun
Hi all, I'm not sure whether this is really possible, but I wanted to know whether the below description will work for me or not I want to keep Sun Web server facing internet and keep apache in between sun web server and WebLogic. Is this really possible? Thanks,