Re: [users@httpd] Question: How to secure multiple URL's with SSL on a single host with a single domain?
So in that list of urls at the top, those are totally separate names and IPs? Something like this? 11.22.33.44/webmail is the main interface 55.66.77.88/web-admin is the administrative interface 99.00.11.22/webdav is for access to the WebDAV component On Tue, Apr 29, 2014 at 2:48 PM, Foster, Nate wrote: > Hi All, > > I'm new to the list, so please excuse me if I'm in the wrong spot. > > I host a groupware service on a Debian 7 host running Apache2.2. The > service uses multiple URL's for it's interface. > > xx.xx.xx.xx/webmail is the main interface > xx.xx.xx.xx/web-admin is the administrative interface > xx.xx.xx.xx/webdav is for access to the WebDAV component > > Each URL is enabled and it's .conf file is living in sites-enabled/ > > To secure the first URL, I modified the webmail.conf to have the following > lines at the top of the file: > > > SSLEngine on > SSLCertificateFile /etc/ssl/apache.pem > SSLCertificateKeyFile /etc/ssl/private/apache.key > ServerAdmin webmas...@puresolar.us > > > and at the bottom of the file. > > This worked great until I repeated it for the remaining URL's which results > in an error: [warn] _default_ VirtualHost overlap on port 443, the first > has precedence > > When I search for tutorials and documentation on how to do this properly, I > keep getting information related to securing multiple virtual hosts, which > does not really work for my scenario. I would be grateful for any pointers > on how I can secure my server properly! > > Many Thanks! > > -Nate > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Delete requests forbidden
Because that's typically a very dangerous operation to just leave open. Generally speaking it would mean that people could send requests to your Apache saying to delete something from it (granted, it would be "just" things the user running Apache has access to). Most configurations I've ever worked with (at least production) have everything but HEAD/GET/POST disabled by default. On Thu, Apr 24, 2014 at 1:26 PM, Jeff Trawick wrote: > On Thu, Apr 24, 2014 at 1:30 PM, Egidio Caprino > wrote: >> >> Hello. >> >> I use Apache server on a Arch Linux machine. I have a big problem with the >> delete requests. Apache refuse all of them with the 403 response status >> code. >> >> I do not understand why. Can you please help me? >> >> Egidio > > > Is your httpd configuration forbidding DELETE? > > http://stackoverflow.com/questions/11170377/apache-delete-request > >> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> > > > > -- > Born in Roswell... married an alien... > http://emptyhammock.com/ > http://edjective.org/ > - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Apache 2.4 - non adoption reasons??
Among other things I'm sure many are using modules that just plain won't build/run for 2.4.x. For example, I know at a place I worked a few years ago they were using a module that an app server depended on which would not build for anything beyond Apache 2.2 (we tried, believe me). On Thu, Apr 10, 2014 at 12:48 PM, Filipe Cifali wrote: > I think it's good, but most of my clients already had their share of pain > from Apache 2.0.x to 2.2.x. > > > > > On Thu, Apr 10, 2014 at 2:43 PM, Joey J wrote: >> >> Apache 2.4 has had a stable release out for over 2 years but is only used >> by 2.5% of active Apache sites. Why is the adoption so low?? The Apache >> foundation has been recommending upgrading to 2.4 for some time and looking >> at the improvements I see significant value in several. I don't see any >> reason why anybody wouldn't want to use it but the community seems to think >> it's bad. >> >> What am I missing?? >> >> Current market share: >> http://w3techs.com/technologies/details/ws-apache/2.4/all >> >> -Joey J >> >> - >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> > > > > -- > [ ]'s > > Filipe Cifali Stangler - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Apache major features
On Thu, Feb 20, 2014 at 12:28 PM, Joe Jensen (ConAgra Foods) < joe.jen...@conagrafoods.com> wrote: > We are on a current patch version and being old software there are likely > few remaining security vulnerabilities or bugs for me to worry about in the > version we run. > > > > Joe Jensen > (402)-240-3645 > Application Hosting Services > > > > *From:* Curtis Maurand [mailto:cur...@maurand.com] > *Sent:* Thursday, February 20, 2014 12:25 PM > *To:* users@httpd.apache.org > *Subject:* Re: [users@httpd] Apache major features > > > > > Google is your friend in this case. There are tons of books re: apache > and even hardening it. > > search term: apache books > > About 29,700,000 results (0.35 seconds) > > http://httpd.apache.org/docs/2.4/ > > > > > --Curtis > > On 2/20/2014 12:38 PM, Joe Jensen (ConAgra Foods) wrote: > > What major features have been released in the last 8 years for apache? > My apache infrastructure is quite dated and behind. I'd like to update and > improve it but am new to apache and don't know much more than that I have > nothing modern. > > > > Joe Jensen > (402)-240-3645 > Application Hosting Services > > > > *From:* Jeff Trawick [mailto:traw...@gmail.com ] > *Sent:* Wednesday, February 19, 2014 3:50 PM > *To:* users@httpd.apache.org > *Subject:* Re: [users@httpd] Available online Training/documentation > > > > On Wed, Feb 19, 2014 at 3:24 PM, Joe Jensen (ConAgra Foods) < > joe.jen...@conagrafoods.com> wrote: > > I'm looking for some advice on how to learn the intricacies of both apache > httpd and tomcat. I'm unlikely to get a paid training class, and failed to > find any overall training about it online. Considering it's popularity and > open source nature it strikes me as very odd that there isn't any good and > extensive "on your own" training to read through. If someone can point me > to something online it would be awesome! > > > > I'm charged with a series of apache/tomcat servers as part about 70% of my > job, but we run a ~3-4 year old setup largely unchanged from 7 years ago. > I'd like to learn what I don't know exists, and am hoping for more than > just the apache module and configuration manuals. If I have to though that > may be what I do learn from. > > > > Joe Jensen > (402)-240-3645 > Application Hosting Services > > > > Look at the User's Guide and Howto/Tutorials parts of the documentation. > > > > If it were me, I'd start with this: > > > > 1. Make sure you understand how httpd and Tomcat are installed on all > systems you support and how updates are obtained. > > 2. Check the versions of the software and confirm that they are supported > branches (e.g., 2.2.x or 2.4.x for httpd, whatever is currently supported > for Tomcat). > > 3. See how old the exact versions are (e.g., 2.2.15), and if they are > relatively old then ensure that you are getting updates regularly from a > vendor (e.g., Linux vendor) which applies security fixes to old versions. > > > > If there's a problem already (unsupported, vulnerable versions), work with > your team to find out how to deal with it. You may end up looking through > CHANGES logs for vulnerabilities and crossing out the ones in modules that > aren't used in your configuration, and then seeing what is a potential > concern. > > > > 4-98. (stuff I can't think of at the moment) > > > > 99. Try to identify the most common or most important use of httpd in your > environment (e.g., front-end to Tomcat) and get a fresh VM and set up httpd > with a sample application (or static site) that requires similar > configuration features. Use that to play around and experiment with things > in the product documentation. Even if you won't use a particular feature > in production, the experimentation gives you more insight into how the > server can be configured. > > > > -- > Born in Roswell... married an alien... > http://emptyhammock.com/ > > > Yes, having been through a similar experience in the past I can definitely say start small. VMs are your friend! Make *sure* you're okay right now so nothing is vulnerable (don't count on it being "old" as meaning it's not vulnerable to anything). I've found that if you are making a "big" leap (mostly 1.x -> 2.x) you're liable to run into trouble with modules. That big of a jump some have been absorbed into Apache core httpd, some don't exist any more, some have been replaced, some won't work with 2.x without patching or re-compiling, etc.
Re: [users@httpd] mod_rewrite config (UNCLASSIFIED)
I'd suggest enabling RewriteLog and setting a RewriteLogLevel to something
like debug. So something like
RewriteLog /var/log/apache/rewrite.log
RewriteLogLevel debug
Be careful though! If this site is live and gets a lot of traffic a debug
rewrite log is going to grow fast! That should at least give you a clear
picture of what's actually happening. Usually I've found that the rules
just aren't working the way I thought they were.
On Wed, Dec 11, 2013 at 2:12 PM, Folino, Nick E CTR USARMY HRC (US) <
nick.e.folino@mail.mil> wrote:
> Classification: UNCLASSIFIED
> Caveats: FOUO
>
> Use redirect instead:
>
> http://httpd.apache.org/docs/current/rewrite/avoid.html
>
>
> Nick
>
>
> -Original Message-
> From: Jonathan-Marc Lapointe [mailto:jmlapoi...@ccdmd.qc.ca]
> Sent: Wednesday, December 11, 2013 2:25 PM
> To: users@httpd.apache.org
> Subject: [users@httpd] mod_rewrite config
>
> Hi,
>
> I'd like to redirect all traffic going to https://www.mywebsite.com to
> https://store.mywebsite.com instead.
>
> But I want traffic going to http://www.mywebsite.com to be left alone.
>
> I tried with the following config:
>
> RewriteEngine On
>
> RewriteCond %{HTTP_HOST} ^www.mywebsite.com$ [NC] RewriteCond %{HTTPS}
> =on RewriteRule ^/?(.*) https://store.mywebsite.com/$1 [R,L]
>
> But it does not work.
>
> Traffic going to https://www.mywebsite.com is not rewritten to
> https://store.mywebsite.com.
>
> What am I doing wrong ?
>
> Thanx !
>
>
>
> CCDMD 20 ans !
>
> Jonathan-Marc Lapointe
> Technicien en informatique,
> Administrateur système,
> Administrateur réseau
>
> Centre collégial de développement de matériel didactique 6220, rue
> Sherbrooke Est, bureau 404 Montréal (Québec) H1N 1C1
> (514) 864-8928
> www.ccdmd.qc.ca
> jmlapoi...@ccdmd.qc.ca
> Skype: jmlccdmd
>
>
> Classification: UNCLASSIFIED
> Caveats: FOUO
>
>
>
Re: [users@httpd] New to apache
Yes, if it's an option I'd *strongly* urge you to clone one of the servers you're needing to upgrade (at least in terms of the Apache) and try the upgrade there. If you can clone it as a VM of some sort that would work even better because you could set everything up, snapshot it, do your work, and if there's a problem just roll it back. A lot depends on which modules and how you're using them too. Upgrades in my experience have not been *quite* as bad if you're using just standard Apache modules (like mod_rewrite). If you're using third-party things that Apache doesn't support directly, then you could run into issues with versions there. But then again, I've only ever done Apache on Solaris/Linux, so YMMV as they say. On Wed, Oct 2, 2013 at 11:40 AM, D'Arcy J.M. Cain wrote: > On Wed, 2 Oct 2013 12:27:39 -0400 > "SHERMAN Matt (CANBERRA)" wrote: > > As Tim said earlier, it was an in-house IT Administrator that > > originally installed this to work in conjunction with PHP. It was > > installed years ago, and the administrator has since left the > > company. Can you tell us what the differences are between 2.2.9 and > > 2.2.15? > > Someone else pointed you to the release notes I think. The main issue > will be with local configuration. > > > The Operating System is Server 2003 SP2 x86. > > Not sure what that is. Sounds like Windows? Can't help you there if > it is. I run Unix everywhere. > > -- > D'Arcy J.M. Cain > System Administrator, Vex.Net > http://www.Vex.Net/ IM:da...@vex.net > VoIP: sip:da...@vex.net > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
Re: [users@httpd] Virtual Hosts Possible for SSL ?
Okay, if you're not doing ssl on domain2 then, no, that's not related. I thought maybe from the post title that you were asking about virtual hosts for ssl and that gets complicated depending on exactly what you're trying to do. On Tue, Oct 1, 2013 at 11:57 AM, John McIntyre wrote: > Hi, > Thanks for that. Unfortunately, even after the changes, entering > domain2.com on a browser still goes directly to domain1.com. > > No, I don't have any intention to do SSL on domain2.com. Is this causing > a problem? > > D. > > > Le 1 octobre 2013 à 17:29, Nick Tkach a écrit : > > Well, question is, are you trying to have domain2.com *also* do that same > http->https ( http://domain2.com to https://domain2.com )? If so, do you > have separate certificates for each (domain1 and domain2)? > > > On Tue, Oct 1, 2013 at 10:36 AM, Pete Houston wrote: > >> On Tue, Oct 01, 2013 at 04:25:05PM +0100, John McIntyre wrote: >> > Am I doomed to failiure, or is what I'm trying to do, actually possible? >> >> No, you are almost there. The problem is that for some reason you have >> an asterisk in your VirtualHost declaration for domain2. Change that the >> the actual IP address (or hostname since you're using that for the >> others) and you should be fine. >> >> I'd also swap out the asterisk the NameVirtualHost directive too. >> >> HTH, >> >> Pete >> -- >> Openstrike - improving business through open source >> http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 >> > > >
Re: [users@httpd] Virtual Hosts Possible for SSL ?
Well, question is, are you trying to have domain2.com *also* do that same http->https ( http://domain2.com to https://domain2.com )? If so, do you have separate certificates for each (domain1 and domain2)? On Tue, Oct 1, 2013 at 10:36 AM, Pete Houston wrote: > On Tue, Oct 01, 2013 at 04:25:05PM +0100, John McIntyre wrote: > > Am I doomed to failiure, or is what I'm trying to do, actually possible? > > No, you are almost there. The problem is that for some reason you have > an asterisk in your VirtualHost declaration for domain2. Change that the > the actual IP address (or hostname since you're using that for the > others) and you should be fine. > > I'd also swap out the asterisk the NameVirtualHost directive too. > > HTH, > > Pete > -- > Openstrike - improving business through open source > http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 >
Re: [users@httpd] Strange Problem with POST + mod_jk
On Thu, Aug 8, 2013 at 5:12 PM, Rainer Jung wrote: > On 08.08.2013 17:32, Nick Tkach wrote: > > Not quite sure if this needs to wind up in this group or the tomcat list > > since it kind of involves both. I'm fairly sure it involves an Apache > > misconfig, so thought I'd start here. > > > > We've got an Apache facing the Internet with some Java app servers (both > > jboss and tomcat), pretty standard thing. It's got the jk status worker > > locked down to only the internal IP addresses as usual. That much seems > > to work fine. The weirdness is that if you do a "blank" POST to the > > root context in the Apache it returns the jk status page *regardless of > > where you are*. > > > > So for instance, let's say my external site is http://baseco.com. If > > I've got the status worker mounted as /status, then > > http://baseco.com/status is correctly *not* reachable from the outside > > (403 denied) and correctly *is* reachable from the inside. > > > > However if I do a POST of blank lines: > > > > POST / HTTP/1.0 > > Host:baseco.com <http://baseco.com> > > > > > > (there are two carriage returns here) > > > > It acts as though you made a call to http://baseco.com/status (in the > > contents-not the url). > > > > Not sure what all parts of the config to include, but this is the > > general outline > > > > -- > > DirectoryIndex index.html index.html.var > > > > > > Options FollowSymLinks > > AllowOverride None > > > > Order allow,deny > > Allow from all > > > > > > Order deny,allow > > Deny from all > > > > > > > > JkMount /status mystatus > > > > JkMount mystatus > > Order allow,deny > > Allow from all > > Deny from xx.yy.zz aa.bb.cc <http://aa.bb.cc> (subnets for > > external-facing firewalls) > > > > > > > > > > -- > > > > Then the really strange (to me) follow-up is that it seems to be related > > to not having anything for an index page in the DocumentRoot directory > > (even though we're blocking access to /). As soon as you put an > > index.html file out there in the DocumentRoot (even with just a blank > > line in it) the problem goes away. > > > > I'm trying to figure out how a request for / can "become" a call to > > /status. Any ideas? I'm guessing it's something subtle about the > > config and not an actual bug. > > > The shown config obviously is not complete. You should also tell us > about the versions of Apache and mod_jk used. > > I would clean up by removing "JkMount mystatus" from inside the > Location. The JkMount above the Location is sufficient. > > The problem does not happen if you request "GET /"? > > Then I would switch JkLogLevel to "debug" on an idle system, reproduce > the problem and post the log here. Clean the log from any info that you > don't want to expose publicly. > > Regards, > > Rainer > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > You are absolutely right. I'm embarrassed I didn't think to include versions! :) I will do that soon as I get back to work. Yes, oddly enough it does *not* happen on a GET, PUT, DELETE, OPTIONS, or HEAD.
[users@httpd] Strange Problem with POST + mod_jk
Not quite sure if this needs to wind up in this group or the tomcat list since it kind of involves both. I'm fairly sure it involves an Apache misconfig, so thought I'd start here. We've got an Apache facing the Internet with some Java app servers (both jboss and tomcat), pretty standard thing. It's got the jk status worker locked down to only the internal IP addresses as usual. That much seems to work fine. The weirdness is that if you do a "blank" POST to the root context in the Apache it returns the jk status page *regardless of where you are*. So for instance, let's say my external site is http://baseco.com. If I've got the status worker mounted as /status, then http://baseco.com/status is correctly *not* reachable from the outside (403 denied) and correctly *is* reachable from the inside. However if I do a POST of blank lines: POST / HTTP/1.0 Host:baseco.com (there are two carriage returns here) It acts as though you made a call to http://baseco.com/status (in the contents-not the url). Not sure what all parts of the config to include, but this is the general outline -- DirectoryIndex index.html index.html.var Options FollowSymLinks AllowOverride None Order allow,deny Allow from all Order deny,allow Deny from all JkMount /status mystatus JkMount mystatus Order allow,deny Allow from all Deny from xx.yy.zz aa.bb.cc (subnets for external-facing firewalls) -- Then the really strange (to me) follow-up is that it seems to be related to not having anything for an index page in the DocumentRoot directory (even though we're blocking access to /). As soon as you put an index.html file out there in the DocumentRoot (even with just a blank line in it) the problem goes away. I'm trying to figure out how a request for / can "become" a call to /status. Any ideas? I'm guessing it's something subtle about the config and not an actual bug.
Re: [users@httpd] Setting Headers on a Redirect Scenario
On Thu, Jun 21, 2012 at 3:51 PM, Nick Kew wrote: > > On 21 Jun 2012, at 20:21, Nick Tkach wrote: > > [chop] > > You're overcomplicating it. The server that serves the PDF sets its headers. > The one you're redirecting from is irrelevant. > > (and it would be better to link to the PDF than to redirect). > > -- > Nick Kew > > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > Ah, good point! Okay, that makes sense, thanks! :) - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Setting Headers on a Redirect Scenario
Ok, I'm pretty sure I know the answer to this, but wanted to run it by people more experienced. I have an unusual request from some business users. They want to be able to request a pdf document from one site (which we do control) when in a web page on a *different* site (which we do control) *and* have it give that dialog where it prompts the user to save it. This is the general idea: 1 User hits http://foo.com/sec1/blah/mydoc1.pdf 2 Apache for foo.com "pulls" that pdf as a request to http://bar.com/blah/otherstuff/mydoc1.pdf 3 Apache for foo.com the offers up the pdf via the original page via the "save" dialog The first, naive idea was to have something like this in the virtual host on foo.com: RewriteRule ^/sec1/(*.pdf) http://bar.com/blah/otherstuff/mydoc1.pdf Header always set Content-Disposition attachment
[users@httpd] Less than MinSpareServers Active?
I'm just wondering, is it wrong/bad/unusual for Apache (specifically 2.2.3 with prefork mpm) to allow the number of idle/spare servers to drop below the MinSpareServers setting? It doesn't seem to be an issue, but we're specifically setting: MinSpareServers 5 In its config file, but if I look at the mod_status page it has insisted that there are only 4 idle for the last 2 hours or so. It's under very light load at the moment if that matters (as in 1 request active). It's on a REHL 5.3 x86)_64 if that matters. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Consequences of https to https rewrites?
On Thu, Nov 10, 2011 at 2:23 PM, Mark Montague wrote: > On November 10, 2011 14:41 , Nick Tkach wrote: >> >> Been Googling all over >> trying to find details on any consequences/side-effects of using >> mod_rewrite to redirect secure urls to other secure urls on the same >> site. Something like >> >> RewriteRule ^https://mycom.com/specialsale >> https://mycom.com/content/some/url/page.html >> >> >> First of all, does that even make sense? I'm a little fuzzy on the >> precise technical details of how SSL connections and http headers >> "mix". > > You're complicating things too much. In your HTTPS virtual host stanza in > your web server configuration file, just put > > RewriteRule ^/specialsale$ /content/some/url/page.html > > The pattern for RewriteRule (the first argument) matches based on the URL > path, not the URL. The substitution for the RewriteRule (the second > argument) can be a URL path, too, unless you need to redirect to a different > site. > > Unless you're doing something fancy, the fact that you are redirecting a > HTTPS URL or that you are redirecting to another HTTPS URL are irrelevant. > There are no consequences or side effects that I am aware of. And HTTP > headers are generally independent of whether the connection is secured using > TLS/SSL or not. > Thanks, that's what I figured. I just wanted to make sure I wasn't missing something. :) > Where mod_rewrite becomes confusing is that when you use RewriteRule in a > .htaccess file or Directory context, the pattern gets matched against the > filesystem path with some prefix removed, not the URL path. You can avoid > this by putting your RewriteRules in virtual host or Location contexts. Or, > even better, if you don't need the power of mod_rewrite, use the Redirect > and RedirectMatch directives instead, since these always use the URL path. > >> Second, we've seen that at least sometimes that seems to generate a >> big spike in CPU usage "all of a sudden" once it goes live. > > What seems to generate a big spike in CPU usage? When what goes live? When the Apache HTTPD process gets started with a rewrite like that I meant. I think that was unrelated though. > -- > Mark Montague > m...@catseye.org > > Thanks for the help! :) - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Re: Consequences of https to https rewrites?
Stupid system messed up that formatting, sorry. There's a space in there between the "specialsale" and https:. Another "wrinkle", would it make any difference if it was a RedirectMatch as opposed to a RewriteRule? On Thu, Nov 10, 2011 at 1:41 PM, Nick Tkach wrote: > I've been looking at a particular problem and it's one of those ones > that's just really hard to describe in unique terms for a search > (maybe no one else has hit it before :). Been Googling all over > trying to find details on any consequences/side-effects of using > mod_rewrite to redirect secure urls to other secure urls on the same > site. Something like > > RewriteRule ^https://mycom.com/specialsale > https://mycom.com/content/some/url/page.html > > > First of all, does that even make sense? I'm a little fuzzy on the > precise technical details of how SSL connections and http headers > "mix". I've dealt with SSL and Apache in general in the past and have > some knowledge of SSL handshakes/negotiations, but the precise > technical details I've not had the "pleasure" of dealing with very > often. > > Second, we've seen that at least sometimes that seems to generate a > big spike in CPU usage "all of a sudden" once it goes live. > > > Any thoughts? > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Consequences of https to https rewrites?
I've been looking at a particular problem and it's one of those ones that's just really hard to describe in unique terms for a search (maybe no one else has hit it before :). Been Googling all over trying to find details on any consequences/side-effects of using mod_rewrite to redirect secure urls to other secure urls on the same site. Something like RewriteRule ^https://mycom.com/specialsale https://mycom.com/content/some/url/page.html First of all, does that even make sense? I'm a little fuzzy on the precise technical details of how SSL connections and http headers "mix". I've dealt with SSL and Apache in general in the past and have some knowledge of SSL handshakes/negotiations, but the precise technical details I've not had the "pleasure" of dealing with very often. Second, we've seen that at least sometimes that seems to generate a big spike in CPU usage "all of a sudden" once it goes live. Any thoughts? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] htaccess: .com and .net shall go to .de
On Tue, Nov 8, 2011 at 3:19 PM, Lukas C. C. Hempel wrote:
> Hi there,
>
> I have a problem with an htaccess file.
>
> I own three domains: example.com, example.de and example.net. They all refer
> to the same webhosting space (= alias domains).
>
> What I have succeeded in is that when I enter example.com or example.de it
> refers to www.example.de. I did that with that entry in the .htaccess file:
>
> # Enforce www
> RewriteCond %{HTTP_HOST} !^(www) [NC]
> RewriteRule ^(.*)$ http://www.example.de/$1 [L,R=301]
>
>
> What I want to add, is that when I enter www.example.com or www.example.net,
> I get forwarded to www.example.de? Can anyone come up with a code for that?
>
>
> Thank you for your anticipated help.
>
> Best regards,
>
> Lukas
>
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> " from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
Well, so, if you don't care about the www prefix anymore, then just
change your RewriteCond (my syntax is probably not optimal) to
something like this. It seems like all you care about here is that
the hostname contains something dot example dot something, right?
Either that or I guess if you want to list it out precisely you could
chain the conditions together to rewrite on ^*.example.de or
^*.example.com or ^*.example.net.
RewriteCond %{HTTP_HOST} ^*.example.* [NC]
RewriteRule ^(.*)$ http://www.example.de/$1 [L,R=301]
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Re: SSL certificates and virtual hosts
As long as you don't need to support certain browsers. IIRC Android < 2.2 for example won't support wildcard certs. Sent from my iPhone On Oct 18, 2011, at 7:00 PM, Andrew Schulman wrote: >> Our website account with our ISP has one fixed IP address and allows >> a number of virtual hosts. The main site has an SSL certificate for >> secure access. I wish to add another certificate for one of the named >> virtual hosts. According to Tech Support the account only allows one >> SSL certificate per IP address. > > You can solve this problem by using a wildcard and/or multi-domain > certificate. It's a single certificate that covers multiple hosts and/or > domains. You can get them fairly cheaply, for example the "Verified (Class > 2)" certificate from startssl.com. > > We do this with a setup of 6 virtual hosts that include three hosts (dev, > test, www) in each of two different domains. A single certificate covers > them all. Apache writes an error message to the log about using SSL with > multiple virtual hosts, but the message is wrong and we ignore it. It > works just fine. > > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] apache2-2.2.21 did not accept new connections
Can you post a snippet of what your config file for the mapping you're using for the reverse proxy setup looks like? I've run into that kind of thing sometimes and it's usually just been something like I accidentally was mapping https to http or vice-versa. On Mon, Oct 17, 2011 at 7:12 AM, Petr Hracek wrote: > Dear users, > > some times I am receiving following strange behaviour. > > Apache2-2.2.21 did not accept any new request and in the log I can see > following messages like: > > (70014) End of file: SSL input filter read failed. > (70007)The timeout specified has expired: SSL input filter read failed. > [Mon Oct 17 09:20:34 2011] [info] [client ::1] SSL library error 1 in > handshake > [Mon Oct 17 09:20:34 2011] [info] SSL Library Error: 336027900 > error:140760FC:SSL Routines:SSL23_GET_CLIENT_HELLO:unknown protocol > speaking not SSL to HTTPS port!? > > What can be the reason of that failure? > > My apache2 configuration has following structure on the same PC: > -- -- > -> | Intranet | -> | Apache2 proxy | -> | 127.0.0.1:443 | > | | | *.443 | | rev.proxy | > -- --- | -- > | - > -> | 127.0.0.1:10123 | > | | rev. proxy | > | - > | > | --- > -> | 127.0.0.1:8000| > | rev. proxy | > --- > > -- > Best Regards / S pozdravem > Petr Hracek > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Cat request + query for rewrite?
Is there some way to make a RewriteRule concat together two
back-references? What I want to do is take the REQUEST_URI and the
QUERY_STRING of a request and use the two together as a key into a
map.
So if I have a request like this:
http://mysite.com/bar/startpage?arg1=a&arg2=b
and I want to rewrite that to
http://mysite.com/foo/endpage?arg3=c&arg4=d
Given an entry in the map file like
bar/startpage?arg1=a&arg2=bfoo/endpage?arg3=c&arg4=d
I was trying some combination like
RewriteMap map2 txt:/redirects-map.txt
RewriteCond %{REQUEST_URI} ^/bar/startpage
RewriteCond %{QUERY_STRING} arg1=a&arg2=b
RewriteCond %{REQUEST_URI} (.*)
RewriteCond %{QUERY_STRING} (.*)
RewriteRule .* ${map2:%1%2}? [L,NC,R=302]
That seems to only try to do the map lookup based on the QUERY_STRING.
Obviously the second match is over-riding the first, but I'm not
quite sure how to stop that.
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Re: Vanity URL Rewrites Best Practices?
On Wed, Oct 5, 2011 at 2:48 PM, Nick Tkach wrote:
> On Mon, Oct 3, 2011 at 1:41 PM, Andrew Schulman
> wrote:
>>
>> > For example,
>> >
>> > http://foo.com/mmh/maintenance_plan/tip?contentCategoryType=MaintenanceTip&id=%2Fwww%2Favm_webapps%2Fmmh%2Fmaintenance-tips%2Fcontent%2Fafter_blizzard.xml
>> >
>> > Being sent to
>> >
>> > http://foo.com/mmh/articles/authored/after-blizzard
>> >
>> > We've got a very frequent process where we'll get a huge block of rewrites
>> > like this that vary just by the last part and so far just keep going
>> > through
>> > and adding dozens and dozens of new rewrite rules each time. Surely there
>> > has to be a better way? (Ideally that just involve Apache changes and not
>> > code changes on the back-end)
>>
>> Are the requests similar enough that you can write a single regular
>> expression,
>> or maybe two or three, that extracts the useful part from the URL in every
>> case?
>> For example,
>>
>> RewriteCond %{REQUEST_URI} ^/mmh/
>> RewriteCond %{QUERY_STRING} \%2F(\w+)\.xml$
>> RewriteRule .* /mmh/articles/authored/%1
>>
>> If you can describe all of the requests in this way or something like it,
>> you're
>> done. If not, if each request is so different that it needs its own regular
>> expression, then it seems you're doomed to keep doing it as you are now.
>
> Yes, I'm very nearly there, thanks! The only thing is, I'm not quite
> sure how to combine what you have here with a RewriteMap. If I had
> something like this:
>
> RewriteMap vanmap txt:/tmp/map.txt
>
> RewriteCond %{REQUEST_URI} ^/mmh/
> RewriteCond %{QUERY_STRING} \%2F(\w+)\.xml$
>
>
> Then can I just do a rewrite rule at the end like this?
>
> RewriteRule .* /mmh/${vanmap:$1}? [L,NC,R=302]
>
>
> Because I tried that and it keeps failing to pull any kind of key out
> of the REQUEST_URI.
>
>>
>> Good luck,
>> Andrew.
>>
>>
>> -
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> " from the digest: users-digest-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>>
>
Just to answer my own question, in case it helps someone else down the
road, what I was missing was that inside the curly braces you need to
dereference the variable with % rather than $. So the right version
of what I posted above is:
RewriteMap vanmap txt:/tmp/map.txt
RewriteCond %{REQUEST_URI} ^/mmh/
RewriteCond %{QUERY_STRING} \%2F(\w+)\.xml$
RewriteRule .* /mmh/${vanmap:%1}? [L,NC,R=302]
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Re: Vanity URL Rewrites Best Practices?
On Mon, Oct 3, 2011 at 1:41 PM, Andrew Schulman
wrote:
>
> > For example,
> >
> > http://foo.com/mmh/maintenance_plan/tip?contentCategoryType=MaintenanceTip&id=%2Fwww%2Favm_webapps%2Fmmh%2Fmaintenance-tips%2Fcontent%2Fafter_blizzard.xml
> >
> > Being sent to
> >
> > http://foo.com/mmh/articles/authored/after-blizzard
> >
> > We've got a very frequent process where we'll get a huge block of rewrites
> > like this that vary just by the last part and so far just keep going through
> > and adding dozens and dozens of new rewrite rules each time. Surely there
> > has to be a better way? (Ideally that just involve Apache changes and not
> > code changes on the back-end)
>
> Are the requests similar enough that you can write a single regular
> expression,
> or maybe two or three, that extracts the useful part from the URL in every
> case?
> For example,
>
> RewriteCond %{REQUEST_URI} ^/mmh/
> RewriteCond %{QUERY_STRING} \%2F(\w+)\.xml$
> RewriteRule .* /mmh/articles/authored/%1
>
> If you can describe all of the requests in this way or something like it,
> you're
> done. If not, if each request is so different that it needs its own regular
> expression, then it seems you're doomed to keep doing it as you are now.
Yes, I'm very nearly there, thanks! The only thing is, I'm not quite
sure how to combine what you have here with a RewriteMap. If I had
something like this:
RewriteMap vanmap txt:/tmp/map.txt
RewriteCond %{REQUEST_URI} ^/mmh/
RewriteCond %{QUERY_STRING} \%2F(\w+)\.xml$
Then can I just do a rewrite rule at the end like this?
RewriteRule .* /mmh/${vanmap:$1}? [L,NC,R=302]
Because I tried that and it keeps failing to pull any kind of key out
of the REQUEST_URI.
>
> Good luck,
> Andrew.
>
>
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> " from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Limit + LimitExcept Blocks?
Isn't it redundant to have *both* a Limit and LimitExcept if all you're trying to do is limit HTTP methods for everything on a given httpd to only GET POST HEAD? Options FollowSymLinks AllowOverride None Order allow,deny Allow from all Order Deny,Allow Deny from all
[users@httpd] Track + Trace HTTP Methods
I know I've read in the past that the TRACK method is not supported by Apache. Is that correct? Anyone have a reference they could point me to that explains that?I just need something to point our engineering group to to explain that only TraceEnable Off is needed (not the rewrite rule).
[users@httpd] Vanity URL Rewrites Best Practices?
Does anyone have any pointers/suggestions on the best way to do vanity url rewrites? For example, http://foo.com/mmh/maintenance_plan/tip?contentCategoryType=MaintenanceTip&id=%2Fwww%2Favm_webapps%2Fmmh%2Fmaintenance-tips%2Fcontent%2Fafter_blizzard.xml Being sent to http://foo.com/mmh/articles/authored/after-blizzard We've got a very frequent process where we'll get a huge block of rewrites like this that vary just by the last part and so far just keep going through and adding dozens and dozens of new rewrite rules each time. Surely there has to be a better way? (Ideally that just involve Apache changes and not code changes on the back-end)
Re: [users@httpd] Load Balancing mod_webdav?
- Original Message - > - Original Message - > > This may be a stupid idea, but has anyone had any experience > > load-balancing two Apache (2.2 in our case) servers that are running > > mod_dav? We've searched and searched and it looks like it's just > > something that no one at all talks about. > > I've been thinking about this for some time, but then decided that > it's generally a stupid idea. > Mostly because there are a couple dozen of Dav clients and all of > them have their own interpretation of how to speak to a Dav Server. Good point, we've definitely run into that! > > My idea back then was to have subversion read/write -- but that > seems like a terribly stupid idea because you have no way to split > it up properly. > > > We've got a setup in production where we've got Apache 2.2.17 > > servers > > That sounds like a bad idea. Have you considered starting with test? > Oh yeah, we tested the one-at-a-time setup like we're using in test first. This is the result of that, not the start! :) > > on two different machines (1 per machine) ,identical, each with > > What kind of storage do they sit on? This is crucial, because > mod_dav works with FS locks. > Well, that complicates it I'm sure. They've actually both got an NFS mount from a different box mounted as their WebDAV root. The thing there is, why exactly is that a bad idea? Is it "just" a matter of getting one file over-writing another one potentially or do you risk more serious issues than that? Yes, we certainly could/should try FTP, SFTP/SSH, or SMB, but for a couple of reasons (partly work-flow, partly security) we'd rejected those. We wound up at WebDAV only because it seemed like the only thing left. We'd be open to any other ideas though. > > mod_dav. They're both sitting behind a hardware load-balancer that > > does a port rewrite sending traffic to only one of the two. We'd > > like to let it round-robin between both, but were unsure whether > > that was safe/wise/possible. > > Round-robin seems like the best idea, but only if you enable > sticky sessions. > That's the thing though, given all the little quirks of WebDAV, the various issue with clients, and the NFS mount, is that safe/possible to let them round-robin? Thanks! > i > > -- > Igor Galić > > Tel: +43 (0) 664 886 22 883 > Mail: i.ga...@brainsware.org > URL: http://brainsware.org/ > > - > The official User-To-User support forum of the Apache HTTP Server > Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Load Balancing mod_webdav?
This may be a stupid idea, but has anyone had any experience load-balancing two Apache (2.2 in our case) servers that are running mod_dav? We've searched and searched and it looks like it's just something that no one at all talks about. We've got a setup in production where we've got Apache 2.2.17 servers on two different machines (1 per machine) ,identical, each with mod_dav. They're both sitting behind a hardware load-balancer that does a port rewrite sending traffic to only one of the two. We'd like to let it round-robin between both, but were unsure whether that was safe/wise/possible. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] apxs: not found
Okay, this is probably a stupid question, but what directory are you in when you run the apxs? I noticed you use "./apxs"... That's only going to work if you're in the same directory as the apxs binary(/usr/local/apache2/bin apparently, from what you've said). This email message and any attachments are for the sole use of the intended recipient(s) and may contain information that is proprietary to Ahold and/or its subsidiaries (“Ahold”) or otherwise confidential or legally privileged. If you have received this message in error, please notify the sender by reply, and delete all copies of this message and any attachments. If you are the intended recipient you may use the information contained in this message and any files attached to this message only as authorized by Ahold. Files attached to this message may only be transmitted using secure systems and appropriate means of encryption, and must be secured using the same level of password and security protection with which the file was provided to you. Any unauthorized use, dissemination or disclosure of this message or its attachments is strictly prohibited. From: "Tapan Maheshwari" To: users@httpd.apache.org Sent: Wednesday, May 5, 2010 8:42:51 AM Subject: Re: [us...@httpd] apxs: not found Hi, Thanks for writing 1) SunOS 5.9 Generic_118558-11 sun4u sparc SUNW,Sun-Fire-V440 2) /usr/bin:/bin:/usr/sbin:/sbin 3) no apxs in /usr/bin /bin /usr/sbin /sbin Thanks. --- On Wed, 5/5/10, Mauri wrote: From: Mauri Subject: Re: [us...@httpd] apxs: not found To: users@httpd.apache.org Date: Wednesday, May 5, 2010, 11:17 AM please write: uname -a echo $PATH which apxs Cheers, Mauri 2010/5/5 Sakthi Esakiappan < sakthi.esakiap...@mercuryminds.com > Hello, Have a try with /usr/local/apache2/bin/apxs -c -I /usr/include/libxml2 -I. -i mod_poxy_html.c and make sure that /usr/local/apache2/bin/apxs has executable permission if not give it by chmod +x /usr/local/apache2/bin/apxs On 5 May 2010 15:15, Tapan Maheshwari < tapan...@yahoo.com > wrote: Hi, i tried to compile mod_proxy_html.c using apxs with following command # ./apxs -c -I /usr/include/libxml2 -I. -i mod_proxy_html.c it gives following error "./apxs: not found" i have verified that apxs is available under folder /usr/local/apache2/bin Thanks -- With Regards, Sakthi Esakiappan.M Server Administrator MercuryMinds Technologies Pvt Ltd www.mercuryminds.com "An E-Commerce mentor" +91 44 45588587 sakthi.esakiap...@mercuryminds.com www.mercuryminds.com Disclaimer: This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you have received this message in error, you are hereby notified that we do not consent to any reading, dissemination, distribution or copying of this message. If you have received this communication in error, please notify the sender immediately and destroy the transmitted information.
[us...@httpd] Combining mod_jk and Location Directives
Is it possible, for a given URL that's being directed to mod_jk, to lock it down so that you can only access it from a particular subnet? For example, let's say I have an app with JkMounts defined: JkMount /myapp worker1 JkMount /myapp/sub worker2 JkMount / worker3 Then I have a sub-directory, /admin that I want to restrict to being only available from 192.168.1.*. Is there some combination of JkMount and something like this that will get the desired effect or is this not possible with just mod_jk and Location? Do you *have* to do something with Java enterprise resources to lock it down? Order deny, allow deny from all allow from 192.168.1 This email message and any attachments are for the sole use of the intended recipient(s) and may contain information that is proprietary to Ahold and/or its subsidiaries (“Ahold”) or otherwise confidential or legally privileged. If you have received this message in error, please notify the sender by reply, and delete all copies of this message and any attachments. If you are the intended recipient you may use the information contained in this message and any files attached to this message only as authorized by Ahold. Files attached to this message may only be transmitted using secure systems and appropriate means of encryption, and must be secured using the same level of password and security protection with which the file was provided to you. Any unauthorized use, dissemination or disclosure of this message or its attachments is strictly prohibited. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] use mod_rewrite and mod_jk
Yes, you want to look at JkUnmount directive (something like JkUnmount /images/*). Just put it before your JkMount statement(s). This email message and any attachments are for the sole use of the intended recipient(s) and may contain information that is proprietary to Ahold and/or its subsidiaries (“Ahold”) or otherwise confidential or legally privileged. If you have received this message in error, please notify the sender by reply, and delete all copies of this message and any attachments. If you are the intended recipient you may use the information contained in this message and any files attached to this message only as authorized by Ahold. Files attached to this message may only be transmitted using secure systems and appropriate means of encryption, and must be secured using the same level of password and security protection with which the file was provided to you. Any unauthorized use, dissemination or disclosure of this message or its attachments is strictly prohibited. - Original Message - From: "andre wang" To: users@httpd.apache.org Sent: Wednesday, March 3, 2010 4:07:37 AM Subject: [us...@httpd] use mod_rewrite and mod_jk hi all I have an apache server ( 2.2.9 ) running on debian lenny, and have name virtualhosts support. The following is my config: ServerName www.example.com DocumentRoot /var/www JkMount /* tomcat RewriteEngine On RewriteRule ^/images/ - [L] There is a directory named "images" under the document root "/var/www", so if i send a request "http://www.example.com/images/a.jpg";, could Apache do NOT send the requst to my tomcat server, is that possible? thanks andre.ease - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] SSL Server "Ignoring" mod_proxy ProxyPass directives
Hi, we're trying to get mod_proxy_balancer to work with an SSL virtual host,
but having problems. It seems like HTTPD is "ignoring" any kind of ProxyPass
at all. I have balancers and the SSL host set up as follows below. I've even
tried changing the directives:
ProxyPass /uim balancer://uim-ssl-balancer/uim stickysession=JSESSIONID
to
ProxyPass /uim http://www.peapod.com
but it just ignores it (fails to find /uim on the host). I don't suppose this
sounds familiar to anyone? Since it doesn't work even when not using the
mod_proxy_balancer part I'm guessing/hoping that I'm just missing some
directive or have something out of order.
BalancerMember http://dapvl03.d1.peapod.com:10430 route=uimsvc1 loadfactor=50
BalancerMember http://dapvl04.d1.peapod.com:10430 route=uimsvc2 loadfactor=50
BalancerMember http://dapvl03.d1.peapod.com:10440 route=uimsvc1 loadfactor=50
BalancerMember http://dapvl04.d1.peapod.com:10440 route=uimsvc2 loadfactor=50
ProxyPreserveHost On
SSLEngine on
SSLProxyEngine On
DocumentRoot "/u/local/apache2.2/8010/htdocs"
ServerName www.test.peapod.com
ServerAdmin u...@example.com
ErrorLog "/u/local/apache2.2/8010/logs/ssl_error_log"
TransferLog "/u/local/apache2.2/8010/logs/ssl_access_log"
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "/u/local/apache2.2/8010/conf/server.crt"
SSLCertificateKeyFile "/u/local/apache2.2/8010/conf/server.key"
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "/u/local/apache2.2/8010/logs/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
ProxyPass /itemtrack balancer://www-ssl-balancer/itemtrack stickysession=JSE
SSIONID
ProxyPass /uim balancer://uim-ssl-balancer/uim stickysession=JSESSIONID
This email message and any attachments are for the sole use of the intended
recipient(s) and may contain information that is proprietary to Ahold and/or
its subsidiaries (“Ahold”) or otherwise confidential or legally privileged. If
you have received this message in error, please notify the sender by reply, and
delete all copies of this message and any attachments. If you are the intended
recipient you may use the information contained in this message and any files
attached to this message only as authorized by Ahold. Files attached to this
message may only be transmitted using secure systems and appropriate means of
encryption, and must be secured using the same level of password and security
protection with which the file was provided to you. Any unauthorized use,
dissemination or disclosure of this message or its attachments is strictly
prohibited.
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
