RE: [SLUG] Apache reverse proxying with MS

[Hongduc Nguyen]

Jake,

Thanks, I'll read around and see if that's the case.

Regards,
HD

-Original Message-
From: slug-boun...@slug.org.au [mailto:slug-boun...@slug.org.au] On Behalf Of 
Jake Anderson
Sent: Tuesday, 10 March 2009 7:03 PM
To: Hongduc Nguyen
Cc: slug@slug.org.au
Subject: Re: [SLUG] Apache reverse proxying with MS

It could well be absolute links within the original site.
If the username/pwd screen is coming up from the CRM software then the proxy is 
working.
It probably sends you then directly to "http://someotherplace/main.asp";
rather than "/main.asp" or something
There is another module for apache that will scan the reply data and re-write 
those absolute links into a link that will run through the proxy (cant remember 
what it is at the moment though lol, its something like proxy-rewrite or 
similar).


Hongduc Nguyen wrote:
> Matthew,
>
> I've added the following to my config:  ProxyPreserveHost On
>
> But am still getting the same issue. Here's a snippet of my error_log file, 
> appreciate it if anyone could provide any assistance.
>
> Tue Mar 10 16:21:51 2009] [debug] mod_proxy_http.c(54): proxy: HTTP:
> canonicalising URL //192.168.xxx.xxx:/ [Tue Mar 10 16:21:51 2009]
> [debug] proxy_util.c(1335): [client 192.168.245.52] proxy: http: found
> worker http://192.168.xxx.xxx:/for http://192.168.xxx.xxx:/
> [Tue Mar 10 16:21:51 2009] [debug] mod_proxy.c(756): Running scheme
> http handler (attempt 0) [Tue Mar 10 16:21:51 2009] [debug]
> mod_proxy_http.c(1687): proxy: HTTP: serving URL
> http://192.168.xxx.xxx:/ [Tue Mar 10 16:21:51 2009] [debug]
> proxy_util.c(1755): proxy: HTTP: has acquired connection for
> (192.168.xxx.xxx) [Tue Mar 10 16:21:51 2009] [debug]
> proxy_util.c(1815): proxy: connecting http://192.168.xxx.xxx:/ to
> 192.168.xxx.xxx: [Tue Mar 10 16:21:51 2009] [debug]
> proxy_util.c(1908): proxy: connected / to 192.168.xxx.xxx:/ [Tue
> Mar 10 16:21:51 2009] [debug] proxy_util.c(2002): proxy: HTTP: fam 2
> socket created to connect to 192.168.xxx.xxx [Tue Mar 10 16:21:51
> 2009] [debug] proxy_util.c(2098): proxy: HTTP: connection complete to
> 192.168.xxx.xxx: (192.168.xxx.xxx) [Tue Mar 10 16:21:51 2009]
> [debug] mod_proxy_http.c(1465): proxy: start body send [Tue Mar 10
> 16:21:51 2009] [debug] mod_proxy_http.c(1554): proxy: end body send
> [Tue Mar 10 16:21:51 2009] [debug] proxy_util.c(1773): proxy: HTTP:
> has released connection for (192.168.xxx.xxx)
>
> Regards,
>
> -Original Message-
> From: Matthew Hannigan [mailto:m...@zip.com.au]
> Sent: Tuesday, 10 March 2009 12:36 PM
> To: Hongduc Nguyen
> Cc: slug@slug.org.au
> Subject: Re: [SLUG] Apache reverse proxying with MS
>
>
> You might try ProxyPreserveHost
>
> http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypreservehost
>
> --
> Message  protected by MailGuard: e-mail anti-virus, anti-spam and content 
> filtering.
> http://www.mailguard.com.au
>
> Click here to report this message as spam:
> https://login.mailguard.com.au/report/1x1tQOLoIe/4XBSh8ygMTbhfSIVLLNac
> h/0
>
>
> Please consider our environment before printing this email.
> This e-mail and any files transmitted with it are privileged and confidential 
> information intended for the use of the addressee. The confidentiality and/or 
> privilege in this e-mail is not waived, lost or destroyed if it has been 
> transmitted to you in error. If you have received this e-mail in error you 
> must (a) not disseminate, copy or take any action in reliance on it; (b) 
> notify itsupp...@customware.net and the sender immediately; and (c) delete 
> the original e-mail.
>

--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ 
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Please consider our environment before printing this email.
This e-mail and any files transmitted with it are privileged and confidential 
information intended for the use of the addressee. The confidentiality and/or 
privilege in this e-mail is not waived, lost or destroyed if it has been 
transmitted to you in error. If you have received this e-mail in error you must 
(a) not disseminate, copy or take any action in reliance on it; (b) notify 
itsupp...@customware.net and the sender immediately; and (c) delete the 
original e-mail.
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache reverse proxying with MS

[Jake Anderson]

It could well be absolute links within the original site.
If the username/pwd screen is coming up from the CRM software then the 
proxy is working.
It probably sends you then directly to "http://someotherplace/main.asp"; 
rather than "/main.asp" or something
There is another module for apache that will scan the reply data and 
re-write those absolute links into a link that will run through the 
proxy (cant remember what it is at the moment though lol, its something 
like proxy-rewrite or similar).



Hongduc Nguyen wrote:

Matthew,

I've added the following to my config:  ProxyPreserveHost On

But am still getting the same issue. Here's a snippet of my error_log file, 
appreciate it if anyone could provide any assistance.

Tue Mar 10 16:21:51 2009] [debug] mod_proxy_http.c(54): proxy: HTTP: 
canonicalising URL //192.168.xxx.xxx:/
[Tue Mar 10 16:21:51 2009] [debug] proxy_util.c(1335): [client 192.168.245.52] 
proxy: http: found worker http://192.168.xxx.xxx:/for 
http://192.168.xxx.xxx:/
[Tue Mar 10 16:21:51 2009] [debug] mod_proxy.c(756): Running scheme http 
handler (attempt 0)
[Tue Mar 10 16:21:51 2009] [debug] mod_proxy_http.c(1687): proxy: HTTP: serving 
URL http://192.168.xxx.xxx:/
[Tue Mar 10 16:21:51 2009] [debug] proxy_util.c(1755): proxy: HTTP: has 
acquired connection for (192.168.xxx.xxx)
[Tue Mar 10 16:21:51 2009] [debug] proxy_util.c(1815): proxy: connecting 
http://192.168.xxx.xxx:/ to 192.168.xxx.xxx:
[Tue Mar 10 16:21:51 2009] [debug] proxy_util.c(1908): proxy: connected / to 
192.168.xxx.xxx:/
[Tue Mar 10 16:21:51 2009] [debug] proxy_util.c(2002): proxy: HTTP: fam 2 
socket created to connect to 192.168.xxx.xxx
[Tue Mar 10 16:21:51 2009] [debug] proxy_util.c(2098): proxy: HTTP: connection 
complete to 192.168.xxx.xxx: (192.168.xxx.xxx)
[Tue Mar 10 16:21:51 2009] [debug] mod_proxy_http.c(1465): proxy: start body 
send
[Tue Mar 10 16:21:51 2009] [debug] mod_proxy_http.c(1554): proxy: end body send
[Tue Mar 10 16:21:51 2009] [debug] proxy_util.c(1773): proxy: HTTP: has 
released connection for (192.168.xxx.xxx)

Regards,

-Original Message-
From: Matthew Hannigan [mailto:m...@zip.com.au]
Sent: Tuesday, 10 March 2009 12:36 PM
To: Hongduc Nguyen
Cc: slug@slug.org.au
Subject: Re: [SLUG] Apache reverse proxying with MS


You might try ProxyPreserveHost

http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypreservehost

--
Message  protected by MailGuard: e-mail anti-virus, anti-spam and content 
filtering.
http://www.mailguard.com.au

Click here to report this message as spam:
https://login.mailguard.com.au/report/1x1tQOLoIe/4XBSh8ygMTbhfSIVLLNach/0


Please consider our environment before printing this email.
This e-mail and any files transmitted with it are privileged and confidential 
information intended for the use of the addressee. The confidentiality and/or 
privilege in this e-mail is not waived, lost or destroyed if it has been 
transmitted to you in error. If you have received this e-mail in error you must 
(a) not disseminate, copy or take any action in reliance on it; (b) notify 
itsupp...@customware.net and the sender immediately; and (c) delete the 
original e-mail.
  


--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

RE: [SLUG] Apache reverse proxying with MS

[Hongduc Nguyen]

Matthew,

I've added the following to my config:  ProxyPreserveHost On

But am still getting the same issue. Here's a snippet of my error_log file, 
appreciate it if anyone could provide any assistance.

Tue Mar 10 16:21:51 2009] [debug] mod_proxy_http.c(54): proxy: HTTP: 
canonicalising URL //192.168.xxx.xxx:/
[Tue Mar 10 16:21:51 2009] [debug] proxy_util.c(1335): [client 192.168.245.52] 
proxy: http: found worker http://192.168.xxx.xxx:/for 
http://192.168.xxx.xxx:/
[Tue Mar 10 16:21:51 2009] [debug] mod_proxy.c(756): Running scheme http 
handler (attempt 0)
[Tue Mar 10 16:21:51 2009] [debug] mod_proxy_http.c(1687): proxy: HTTP: serving 
URL http://192.168.xxx.xxx:/
[Tue Mar 10 16:21:51 2009] [debug] proxy_util.c(1755): proxy: HTTP: has 
acquired connection for (192.168.xxx.xxx)
[Tue Mar 10 16:21:51 2009] [debug] proxy_util.c(1815): proxy: connecting 
http://192.168.xxx.xxx:/ to 192.168.xxx.xxx:
[Tue Mar 10 16:21:51 2009] [debug] proxy_util.c(1908): proxy: connected / to 
192.168.xxx.xxx:/
[Tue Mar 10 16:21:51 2009] [debug] proxy_util.c(2002): proxy: HTTP: fam 2 
socket created to connect to 192.168.xxx.xxx
[Tue Mar 10 16:21:51 2009] [debug] proxy_util.c(2098): proxy: HTTP: connection 
complete to 192.168.xxx.xxx: (192.168.xxx.xxx)
[Tue Mar 10 16:21:51 2009] [debug] mod_proxy_http.c(1465): proxy: start body 
send
[Tue Mar 10 16:21:51 2009] [debug] mod_proxy_http.c(1554): proxy: end body send
[Tue Mar 10 16:21:51 2009] [debug] proxy_util.c(1773): proxy: HTTP: has 
released connection for (192.168.xxx.xxx)

Regards,

-Original Message-
From: Matthew Hannigan [mailto:m...@zip.com.au]
Sent: Tuesday, 10 March 2009 12:36 PM
To: Hongduc Nguyen
Cc: slug@slug.org.au
Subject: Re: [SLUG] Apache reverse proxying with MS


You might try ProxyPreserveHost

http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypreservehost

--
Message  protected by MailGuard: e-mail anti-virus, anti-spam and content 
filtering.
http://www.mailguard.com.au

Click here to report this message as spam:
https://login.mailguard.com.au/report/1x1tQOLoIe/4XBSh8ygMTbhfSIVLLNach/0


Please consider our environment before printing this email.
This e-mail and any files transmitted with it are privileged and confidential 
information intended for the use of the addressee. The confidentiality and/or 
privilege in this e-mail is not waived, lost or destroyed if it has been 
transmitted to you in error. If you have received this e-mail in error you must 
(a) not disseminate, copy or take any action in reliance on it; (b) notify 
itsupp...@customware.net and the sender immediately; and (c) delete the 
original e-mail.
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache reverse proxying with MS

[Matthew Hannigan]

You might try ProxyPreserveHost

http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypreservehost

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

RE: [SLUG] Apache reverse proxying with MS

[Hongduc Nguyen]

Hi Kevin,

Here's the content for my reverse proxy config file:

SSLProxyEngine on

ProxyPass /fisheye http://192.168.xxx.xxx:8060/fisheye
ProxyPassReverse /fisheye https://192.168.xxx.xxx:8060/fisheye

ProxyPass /crm http://192.168.xxx.xxx:/
ProxyPassReverse /crm http://192.168.xxx.xxx:/


SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
#ProxyPassReverse /


The reverse proxy for /fisheye works without a hitch.

Regards,

-Original Message-
From: Kevin Saenz [mailto:kevsa...@spinaweb.com.au]
Sent: Tuesday, 10 March 2009 11:05 AM
To: Hongduc Nguyen
Cc: slug@slug.org.au
Subject: Re: [SLUG] Apache reverse proxying with MS

I think you might be missing some other key config options can you send your 
reverse proxy config? if it's sensitive protect any sensitive data.

does your reverse proxy settings work using standard www ports?



On 10/03/2009, at 9:52 AM, Hongduc Nguyen wrote:

> Hi Slug,
>
> I'm trying to get Apach to reverse proxy my Microsoft CRM site.
> Currently configured to use the ProxyPass and ProxyPassReverse
> directives.
>
> ProxyPass /crm http://IP address of CRM:/ ProxyPassReverse /crm
> http://IP address of CRM:/
>
> When I hit the crm site - http://server/crm, I get a "cannot display
> webpage" error after entering my username/password.
>
> Would anyone have any ideas as to what the problem is?
>
> Regards,
> HD
>
>
> Please consider our environment before printing this email.
> This e-mail and any files transmitted with it are privileged and
> confidential information intended for the use of the addressee. The
> confidentiality and/or privilege in this e-mail is not waived, lost or
> destroyed if it has been transmitted to you in error. If you have
> received this e-mail in error you must (a) not disseminate, copy or
> take any action in reliance on it; (b) notify itsupp...@customware.net
> and the sender immediately; and (c) delete the original e-mail.
> --
> SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
> Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
>

--
Message  protected by MailGuard: e-mail anti-virus, anti-spam and content 
filtering.
http://www.mailguard.com.au

Click here to report this message as spam:
https://login.mailguard.com.au/report/1x1sFZfFYi/69i2PXtrHIncqIv5OqQGcn/0


Please consider our environment before printing this email.
This e-mail and any files transmitted with it are privileged and confidential 
information intended for the use of the addressee. The confidentiality and/or 
privilege in this e-mail is not waived, lost or destroyed if it has been 
transmitted to you in error. If you have received this e-mail in error you must 
(a) not disseminate, copy or take any action in reliance on it; (b) notify 
itsupp...@customware.net and the sender immediately; and (c) delete the 
original e-mail.
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache reverse proxying with MS

[Kevin Saenz]

I think you might be missing some other key config options can you  
send your reverse proxy config? if it's sensitive protect any  
sensitive data.


does your reverse proxy settings work using standard www ports?



On 10/03/2009, at 9:52 AM, Hongduc Nguyen wrote:


Hi Slug,

I'm trying to get Apach to reverse proxy my Microsoft CRM site.  
Currently configured to use the ProxyPass and ProxyPassReverse  
directives.


ProxyPass /crm http://IP address of CRM:/
ProxyPassReverse /crm http://IP address of CRM:/

When I hit the crm site - http://server/crm, I get a "cannot display  
webpage" error after entering my username/password.


Would anyone have any ideas as to what the problem is?

Regards,
HD


Please consider our environment before printing this email.
This e-mail and any files transmitted with it are privileged and  
confidential information intended for the use of the addressee. The  
confidentiality and/or privilege in this e-mail is not waived, lost  
or destroyed if it has been transmitted to you in error. If you have  
received this e-mail in error you must (a) not disseminate, copy or  
take any action in reliance on it; (b) notify  
itsupp...@customware.net and the sender immediately; and (c) delete  
the original e-mail.

--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html



--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] Apache reverse proxying with MS

[Hongduc Nguyen]

Hi Slug,

I'm trying to get Apach to reverse proxy my Microsoft CRM site. Currently 
configured to use the ProxyPass and ProxyPassReverse directives.

ProxyPass /crm http://IP address of CRM:/
ProxyPassReverse /crm http://IP address of CRM:/

When I hit the crm site - http://server/crm, I get a "cannot display webpage" 
error after entering my username/password.

Would anyone have any ideas as to what the problem is?

Regards,
HD


Please consider our environment before printing this email.
This e-mail and any files transmitted with it are privileged and confidential 
information intended for the use of the addressee. The confidentiality and/or 
privilege in this e-mail is not waived, lost or destroyed if it has been 
transmitted to you in error. If you have received this e-mail in error you must 
(a) not disseminate, copy or take any action in reliance on it; (b) notify 
itsupp...@customware.net and the sender immediately; and (c) delete the 
original e-mail.
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] apache emails

[Daniel Pittman]

"Voytek Eymont" <[EMAIL PROTECTED]> writes:
> On Mon, August 4, 2008 4:09 pm, Daniel Pittman wrote:
>> "Voytek Eymont" <[EMAIL PROTECTED]> writes:
>
>>> (i.e., who misconfigured their server ?)
>
>> You did.
>
>> You are sending out email that there is absolutely *NO* way for the
>> intended recipient -- or their server -- to notify you about the success or
>> failure of delivery.
>>
>> If you send out email from an email address ensure that the envelope can
>> receive email; either arrange for the envelope address to be something
>> other than "apache@" or arrange for "apache@" to forward somewhere
>> sensible.
>
>> Also, why are you generating outbound email that it is impossible for
>> the recipient to respond meaningfully to?
>
>
> well, that's actually not correct, the emails have a valid and correct 'from'
> (copied from headers)
> "From: Reservations <[EMAIL PROTECTED]>"
> and, mail client's 'reply' replies the above valid address

It should also include a "Sender" header of "[EMAIL PROTECTED]", by the
RFC, indicating the mailbox that sent the email on the behalf of the
indicated sender.

Further, the issue is that the recipient cannot meaningfully respond to
the *sender* of the messages, only to some other address.  The sender,
attached to the envelope, is "apache@", and has nothing significant to
do with the content of the From header in the body.


It is perfectly legitimate for the recipient to act on the SMTP envelope
details, and RFC mandated that your scenario permits them to do so by
way of the Sender header...[1]

> also, these are 'forms' that were actually filled in by the recipient,
> it's simply their conformation on what they filled in

*shrug*  So, send it from an appropriate email address.

> it's the "Return-Path: <[EMAIL PROTECTED]> that has 'invalid' address

Return-Path, Sender, and the SMTP envelope.  You should fix *all* of
those to be deliverable for responses.

Regards,
Daniel

Footnotes: 
[1]  Technically, only as a SHOULD, also known as "unless you have an insanely
 good reason to do otherwise, which you don't."  See RFC2822, 3.6.2

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] apache emails

[Voytek Eymont]

ok, lets try altering subject

On Mon, August 4, 2008 4:09 pm, Daniel Pittman wrote:
> "Voytek Eymont" <[EMAIL PROTECTED]> writes:

>> (i.e., who misconfigured their server ?)

> You did.

> You are sending out email that there is absolutely *NO* way for the
> intended recipient -- or their server -- to notify you about the success or
> failure of delivery.
>
> If you send out email from an email address ensure that the envelope can
> receive email; either arrange for the envelope address to be something
> other than "apache@" or arrange for "apache@" to forward somewhere
> sensible.

> Also, why are you generating outbound email that it is impossible for
> the recipient to respond meaningfully to?


well, that's actually not correct, the emails have a valid and correct 'from'
(copied from headers)
"From: Reservations <[EMAIL PROTECTED]>"
and, mail client's 'reply' replies the above valid address

also, these are 'forms' that were actually filled in by the recipient,
it's simply their conformation on what they filled in

it's the
"Return-Path: <[EMAIL PROTECTED]>
that has 'invalid' address

-- 
Voytek

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache failed t/s

[Rick Welykochy]

Voytek Eymont wrote:


service httpd stop/start fixed it OK, BUT, what could've gone wrong to
bring it down ?

error log included:
'caught SIGTERM, shutting down'

is this when it failed ?


Yup.



error log included:

[Sat Jul 19 06:29:48 2008] [notice] caught SIGTERM, shutting down
[Sat Jul 19 08:29:28 2008] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin
/suexec)


Something shut down Apache at 6:29 AM .. possibly logrotate.
Something else started is up again at 8:29 AM. You perhaps?

Perhaps all that happened is logrotate failed to start Apache again
for reasons as yet to be determined.

cheers
rick



--

Rick Welykochy || Praxis Services || Internet Driving Instructor

I forget what I was taught. I only remember what I have learnt.
 -- Patrick White
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] Apache failed t/s

[Voytek Eymont]

this morning, my long since installed Apache didn't seem running, never
had that before.

service httpd stop/start fixed it OK, BUT, what could've gone wrong to
bring it down ?

error log included:
'caught SIGTERM, shutting down'

is this when it failed ?

when failed, service returned:

# service httpd status
httpd (pid
1333) is running...

# ps ax | grep httpd
 1333 ?Ss 5:27 /usr/sbin/httpd
14011 pts/0R+ 0:00 grep httpd

# service httpd stop
Stopping httpd:[  OK  ]
# service httpd status
httpd is stopped
# service httpd start
Starting httpd:[  OK  ]
# service httpd status
httpd (pid 14123 14122 14121 14120 14119 14118 14117 14116 14083) is
running...

error log included:

[Sat Jul 19 06:29:48 2008] [notice] caught SIGTERM, shutting down
[Sat Jul 19 08:29:28 2008] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin
/suexec)
[Sat Jul 19 08:29:29 2008] [notice] Digest: generating secret for digest
authent
ication ...
[Sat Jul 19 08:29:29 2008] [notice] Digest: done
[Sat Jul 19 08:29:29 2008] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Sat Jul 19 08:29:29 2008] [notice] LDAP: SSL support unavailable

-- 
Voytek

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] apache redirect

[Daniel Pittman]

"Voytek Eymont" <[EMAIL PROTECTED]> writes:

> we have two domains, aa.com and bb.com each with a vhost web site;
>
> some time ago, one vhost was dropped, and, both domains were served from
> single vhost, so that we had:
> aa.com had aa.com
> bb.com had aa.com/bb
>
> now, we went back to two individual vhosts, aa.com and bb.com
>
> is 'Redirect Permanent' best way to cater for any bookmarked access to 'no
> longer existenet at this url but at another server from now on' ?

More or less, yes.  The possible less being that you may need
mod_rewrite to issue permanent redirects if the mapping isn't a trivial
identity mapping of the trees.

Otherwise, yes, moved permanently is the right HTTP response code.

Regards,
Daniel
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] apache redirect

[Voytek Eymont]

we have two domains, aa.com and bb.com each with a vhost web site;

some time ago, one vhost was dropped, and, both domains were served from
single vhost, so that we had:
aa.com had aa.com
bb.com had aa.com/bb

now, we went back to two individual vhosts, aa.com and bb.com

is 'Redirect Permanent' best way to cater for any bookmarked access to 'no
longer existenet at this url but at another server from now on' ?

Redirect Permanent /bb bb.com


-- 
Voytek

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] apache htaccess setup allowoveride all ?

[Voytek Eymont]

On Mon, February 4, 2008 11:11 am, Jeremy Visser wrote:
> On Fri, 2008-02-01 at 12:53 +1100, Voytek Eymont wrote:
>
>> do I also need 'AllowOverride All' in vhost's conf ?
>
> Nope, your error is showing that Apache is indeed parsing the .htaccess
> file, which it would not be doing if the AllowOverride setting is
> incorrect.
>
> Are you loading PHP as CGI or a module? From memory, if you load PHP as
> CGI, you cannot set PHP flags in the .htaccess -- you have to set them
> in php.ini.


Jeremy, thanks

php runs as module

actually, setting 'All' and .htaccess with

php_flag magic_quotes_gpc on

seems to have fixed my problem




-- 
Voytek

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] apache htaccess setup allowoveride all ?

[Jeremy Visser]

On Fri, 2008-02-01 at 12:53 +1100, Voytek Eymont wrote:
> do I also need 'AllowOverride All' in vhost's conf ?

Nope, your error is showing that Apache is indeed parsing the .htaccess
file, which it would not be doing if the AllowOverride setting is
incorrect.

Are you loading PHP as CGI or a module? From memory, if you load PHP as
CGI, you cannot set PHP flags in the .htaccess -- you have to set them
in php.ini.

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] apache htaccess setup allowoveride all ?

[Rick Welykochy]

Voytek Eymont wrote:


currently the /etc/httpd/conf.d has like:

AllowOverride All

the vhost conf has like:


  Options Indexes FollowSymLinks +IncludesNOEXEC
  AllowOverride AuthConfig Limit
  Order allow,deny
  Allow from all


do I also need 'AllowOverride All' in vhost's conf ?



see http://httpd.apache.org/docs/1.3/mod/core.html#allowoverride


cheers
rickw


--
_
Rick Welykochy || Praxis Services

Experimentation is the best form of learning.
-- anon.

--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] apache htaccess setup allowoveride all ?

[Voytek Eymont]

what do I need to allow htaccess ?

as soon as I put this htaccess:

# cat .htaccess
php_flag magic_quotes_gpc on

I get '500 Internal server error';

error log says:

[Fri Feb 01 12:49:07 2008] [alert] [client 111.111.121.6]
/home/xxx.org.au/www/ad
min/.htaccess: php_flag not allowed here, referer:
http://www.xxx.org.au/admin/i
ndex.phtml

currently the /etc/httpd/conf.d has like:

AllowOverride All

the vhost conf has like:


  Options Indexes FollowSymLinks +IncludesNOEXEC
  AllowOverride AuthConfig Limit
  Order allow,deny
  Allow from all


do I also need 'AllowOverride All' in vhost's conf ?



-- 
Voytek

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache - allow from certain IP Addresses

[Peter Hardy]

Hey hey.

On Fri, 2008-01-18 at 09:59 +1030, Roger Symonds wrote:
> I currently looking into Apache and am wondering if it can restrict the IP 
> Addresses it accepts incoming requests on, for a particular virtual host.

Apache has an absolutely mind-boggling array of ways to filter requests.

> On the machine are 3 web applications running behind Apache, all using a 
> seperate virtual hosts.
> Two of the virtual hosts need to remain open to the public on their domains.
> The third application is an application that should only be available to 
> specific IP Addresses.
> 
> Is it possible to get a virtual host to only accept requests from a range of 
> specified IP Addresses?

That's covered in the auth howto;
http://httpd.apache.org/docs/2.0/howto/auth.html#whatotherneatstuffcanido

The last example there is pretty much exactly what you want. In
addition, the Allow and Deny directives will take basically any address
specification you can think of -
http://httpd.apache.org/docs/2.0/mod/mod_access.html#allow

You can't put allow and deny directives straight into the VirtualHost
stanza. I usually wrap them in Location tags like:


DocumentRoot /path/to/docroot/

Order deny,allow
Deny from all
Allow from dev.example.com

Other stuff


Hope that helps,
-- 
Pete

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache - allow from certain IP Addresses

[Sonia Hamilton]

On Fri, 2008-01-18 at 09:59 +1030, Roger Symonds wrote:
> Is it possible to get a virtual host to only accept requests from a range of 
> specified IP Addresses?
> 
> I am happy to dig around through the documentation, but am looking for some 
> direction and guidance.
> Are there any specific commands or syntaxs I should research? Any Examples?

Yes, but I can't remember the syntax off the top of my head. In terms of
examples, I find O'Reilly's "Apache cookbook" very useful.

-- 
Sonia Hamilton
http://SoniaHamilton.wordpress.com
mobile in Mexico: +52-664-165-6914 (sms's preferred)
celular en México: +52-664-165-6914 (prefiero mensajes cortos)



-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] Apache - allow from certain IP Addresses

[Roger Symonds]

Hi SLUG,

I'm new to the list, and was refered to it by a friend who is already on the 
list. 
He said it's a great place to ask questions. I also hope to answer some 
questions where I can :)

I currently looking into Apache and am wondering if it can restrict the IP 
Addresses it accepts incoming requests on, for a particular virtual host.

On the machine are 3 web applications running behind Apache, all using a 
seperate virtual hosts.
Two of the virtual hosts need to remain open to the public on their domains.
The third application is an application that should only be available to 
specific IP Addresses.

Is it possible to get a virtual host to only accept requests from a range of 
specified IP Addresses?

I am happy to dig around through the documentation, but am looking for some 
direction and guidance.
Are there any specific commands or syntaxs I should research? Any Examples?

All help is greatly appreciated.

Regards,
Roger

_
Overpaid or Underpaid? Check our comprehensive Salary Centre
http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fcontent%2Emycareer%2Ecom%2Eau%2Fsalary%2Dcentre%3Fs%5Fcid%3D595810&_t=766724125&_r=Hotmail_Email_Tagline_MyCareer_Oct07&_m=EXT--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] apache order of processing php/html

[Voytek Eymont]

>> DirectoryIndex index.html index.htm index.html.var index.htm.var index.php
>> index.php4 index.php3 index.phtml

OK, I think I found it, there is a php.conf in a sub dir with another
DirectoryIndex directive that seems to take precedence


-- 
Voytek

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] apache order of processing php/html

[Voytek Eymont]

I'm migrating some web sites from Apache 1.3 to 2.x,

one site has Joomla CMS with an index.htm 'top level' page with links to
index.php?whatever;
on 1.3, www.domain.tld brought up index.htm (as desired)
on 2.0, it brings up index.php

httpd.conf order is similar like:

# grep DirectoryIndex /etc/httpd/conf/httpd.conf

DirectoryIndex index.html index.htm index.html.var index.htm.var index.php
index.php4 index.php3 index.phtml

I'm googling for solutions but have not found anything as yet

I've tried .htaccess with another 'DirectoryIndex, so far no luck

any thoughts?

-- 
Voytek

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] apache cronlog permissions

[Voytek Eymont]

On Sun, June 3, 2007 12:25 am, david wrote:
> On Sat, 2007-06-02 at 22:28 +1000, Voytek Eymont wrote:

>> does that mean cronlog doesn't have correct permissions to logs/ ?

> Apache-user != domain.tld.au-user

> Maybe chown www-data:www-data /home/domain.tld.au/logs
> (or whatever owns Apache on your version)

thanks, David

yes, I tried that already with chown -R apache:domain.tld.au logs
and, as far as I can make out, cronlog runs as root


# ps aux | grep crono
root 22664  0.0  0.0  2588  368 ?S04:02   0:00
/usr/sbin/cronolog /home/domain.org.au/logs/%Y-%m-%d-access.log

is this another SELinux issue...?

for the docroot I did:

chcon -R -h -t httpd_sys_content_t /home/domain.tld/www

do I need something like this for logs ?

like httpd_sys_script_ra_t ??

is it like:
chcon -R -h -t httpd_sys_script_ra_t /home/domain.org.au/logs
???


-- 
Voytek

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] apache cronlog permissions

[david]

On Sat, 2007-06-02 at 22:28 +1000, Voytek Eymont wrote:
> I'm trying to migrate my Apache 1.x to Apache 2.x;
> mainly, I'm just copying virtual hosts directives from old to new.
> 
> each vhost has a log directive like;
> 
> CustomLog "|/usr/sbin/cronolog
> /home/domain.tld.au/logs/%Y-%m-%d-access.log" combined
> 
> in Apache error log I'm getting:
> 
> /home/domain.tld.au/logs/2007-06-02-access.log: Permission denied
> piped log program '/usr/sbin/cronolog
> /home/domain.tld.au/logs/%Y-%m-%d-access.log' failed unexpectedly
> 
> does that mean cronlog doesn't have correct permissions to logs/ ?
> 

Apache-user != domain.tld.au-user 

Maybe chown www-data:www-data /home/domain.tld.au/logs
(or whatever owns Apache on your version)



> 
> -- 
> Voytek
> 

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] apache cronlog permissions

[Voytek Eymont]

I'm trying to migrate my Apache 1.x to Apache 2.x;
mainly, I'm just copying virtual hosts directives from old to new.

each vhost has a log directive like;

CustomLog "|/usr/sbin/cronolog
/home/domain.tld.au/logs/%Y-%m-%d-access.log" combined

in Apache error log I'm getting:

/home/domain.tld.au/logs/2007-06-02-access.log: Permission denied
piped log program '/usr/sbin/cronolog
/home/domain.tld.au/logs/%Y-%m-%d-access.log' failed unexpectedly

does that mean cronlog doesn't have correct permissions to logs/ ?


-- 
Voytek

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache reverse proxy not rewriting location header

[Rick Welykochy]

justin randell wrote:


ProxyRequests Off


yup


do you have UseCanonicalName on or off?


On


if this is the issue, then you can either set UseCanonicalName to on,
or use the ProxyPreserveHost directive:


That's what I needed. With ProxyPreserveHost On, the Location headers
are now being rewritten.

Thanks Justin.


cheers
rick


--
_
Rick Welykochy || Praxis Services

Klingon function calls do not have parameters, they have 'arguments'
and they ALWAYS win them.
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache reverse proxy not rewriting location header

[justin randell]

hi rick,


I have configured apache2 with a reverse proxy to some internal
web servers, also running apache2.

Example:


 ServerName something.whatever.net.au
 ServerAdmin [EMAIL PROTECTED]
 DocumentRoot /var/www/
 
 Order allow,deny
 allow from all
 
 ProxyPass / http://10.11.12.3:80/
 ProxyPassReverse / http://10.11.12.3:80/



the only thing i can see missing from this vhost config is

ProxyRequests Off



Trouble is, when host 10.11.12.3 replies with a Location: header,
e.g.

Location: http://10.11.12.3/test/perl-redirected.html

the reverse proxy does not rewrite the header. I would expect the
above header to reach the client in the following form:

Location: http://something.whatever.net.au/test/perl-redirected.html

The Apache docs here 
indicate that

   "This directive lets Apache adjust the URL in the Location,
Content-Location and URI headers on HTTP redirect responses.
This is essential when Apache is used as a reverse proxy to
avoid by-passing the reverse proxy because of HTTP redirects
on the backend servers which stay behind the reverse proxy."

I'm stumped!


also from the apache 2.2 ProxyPassReverse docs:

"Note that the hostname used for constructing the URL is chosen in
respect to the setting of the UseCanonicalName directive."

do you have UseCanonicalName on or off?

if its off, then that might be your problem, because apache will be
using the reverse proxy as the hostname:

http://httpd.apache.org/docs/2.2/mod/core.html#usecanonicalname

"With UseCanonicalName Off Apache will form self-referential URLs
using the hostname and port supplied by the client if any are supplied
(otherwise it will use the canonical name, as defined above). These
values are the same that are used to implement name based virtual
hosts, and are available with the same clients. The CGI variables
SERVER_NAME and SERVER_PORT will be constructed from the client
supplied values as well."

if this is the issue, then you can either set UseCanonicalName to on,
or use the ProxyPreserveHost directive:

http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypreservehost

"When enabled, this option will pass the Host: line from the incoming
request to the proxied host, instead of the hostname specified in the
ProxyPass line."

hope that helps.

cheers
justin
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] Apache reverse proxy not rewriting location header

[Rick Welykochy]

Any Apache aficionados on the list?

I have configured apache2 with a reverse proxy to some internal
web servers, also running apache2.

Example:


ServerName something.whatever.net.au
ServerAdmin [EMAIL PROTECTED]
DocumentRoot /var/www/

Order allow,deny
allow from all

ProxyPass / http://10.11.12.3:80/
ProxyPassReverse / http://10.11.12.3:80/


Trouble is, when host 10.11.12.3 replies with a Location: header,
e.g.

Location: http://10.11.12.3/test/perl-redirected.html

the reverse proxy does not rewrite the header. I would expect the
above header to reach the client in the following form:

Location: http://something.whatever.net.au/test/perl-redirected.html

The Apache docs here 
indicate that

  "This directive lets Apache adjust the URL in the Location,
   Content-Location and URI headers on HTTP redirect responses.
   This is essential when Apache is used as a reverse proxy to
   avoid by-passing the reverse proxy because of HTTP redirects
   on the backend servers which stay behind the reverse proxy."

I'm stumped!

Note that other than the above problem, the reverse proxy is working
very well. I am using it to manage three different apaches inside the
10.* network.


cheers
rickw



--
_
Rick Welykochy || Praxis Services

Klingon function calls do not have parameters, they have 'arguments'
and they ALWAYS win them.
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] Apache and Mailserver help

[Mark O'Connor]

I am a novice setting up a home webserver, and struggling a
little.   (Debian – Apache)

Anyone interested in a bit of onsite support (
Lilyfield/Annandale area)

… for which you will be suitably recompensed of
course.

 

Mark






-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] apache server-status conf

[Peter Chubb]

> "Voytek" == Voytek Eymont <[EMAIL PROTECTED]> writes:

Voytek> I'm unable to get /server-status, have this in conf: error log
Voytek> says:

Voytek>  
Voytek> SetHandler server-status 
Voytek> Order  deny,allow
Voytek>  Deny from all 
Voytek> Allow from 220.240.19.116 
Voytek> 

Make that 
Order allow, deny
the way you have it now, the deny All rule takes precedence over the
Allow 220.240.lxxx rule

--
Dr Peter Chubb  http://www.gelato.unsw.edu.au  peterc AT gelato.unsw.edu.au
http://www.ertos.nicta.com.au   ERTOS within National ICT Australia
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] apache server-status conf

[Voytek Eymont]

I'm unable to get /server-status, have this in conf:
error log says:

[Wed Aug 30 08:02:36 2006] [error] [client 220.240.19.116]
client denied by server configuration: /home/sbt.net.au/www/server-status


SetHandler server-status
Order deny,allow
Deny from all
Allow from 220.240.19.116


this directive works :

Alias /doc/ /usr/share/doc/

order deny,allow
deny from all
allow from localhost .localdomain 220.240.19.116
Options Indexes FollowSymLinks



-- 
Voytek

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache execute a CGI as another user

[Peter Rundle]

Peter Chubb wrote:

Ah.  Posix semantics.

Instead, do
 setreuid(geteuid(), -1);
that should fix it.


/home/prundle> ./suidexec id
Executing Command 'id'
uid=502(matlab) gid=501(prundle) groups=502(matlab)
context=user_u:system_r:unconfined_t

:-)

/home/prundle> ./suidexec /home/matlab/product/bin/matlab
Executing Command '/home/matlab/product/bin/matlab'
Warning:
  MATLAB is starting without a display, using internal event queue.
  You will not be able to display graphics on the screen.

 < M A T L A B >
 Copyright 1984-2006 The MathWorks, Inc.

:-) :-) :-)

Thanks Peter.

--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache execute a CGI as another user

[Peter Chubb]

> "Peter" == Peter Rundle <[EMAIL PROTECTED]> writes:

Peter> Peter Chubb wrote:
>> So do a setuid(geteuid()) in there...

Peter> Que? I don't follow, do you mean the "C" should look like;

Peter>   setuid(geteuid()); execlp(argv[1],argv[2]);

Yes, that's right.


Peter> I tried the above, but no joy, "./suidexec id" still reports

Peter> uid=501(prundle) gid=501(prundle) euid=502(matlab)

Ah.  Posix semantics.

Instead, do
 setreuid(geteuid(), -1);
that should fix it.


-- 
Dr Peter Chubb  http://www.gelato.unsw.edu.au  peterc AT gelato.unsw.edu.au
http://www.ertos.nicta.com.au   ERTOS within National ICT Australia
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache execute a CGI as another user

[Matthew Hannigan]

On Tue, May 16, 2006 at 01:46:30PM +1000, Peter Rundle wrote:
> 
> in the source and now when it runs we see a different result
> 
> $ ./suidexec id
> Executing Command 'id'
> uid=501(prundle) gid=501(prundle) euid=502(matlab) groups=502(matlab) 
> context=user_u:system_r:unconfined_t
> 
> But it doesn't trick the Matlab licence manager.
> 
> $./suidexec /home/matlab/product/bin/matlab
> Executing Command '/home/matlab/product/bin/matlab'
> 
> License Manager Error -39.
> User/host not on INCLUDE list for feature.

You have selinux contexts in there.  Are you running with it enforced?
Check the logs for selinux violations.

There's also the possibility that truly logging in results
in a few vital environment vars being set that are not set
when you merely change uid.


-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache execute a CGI as another user

[Peter Rundle]

Peter Chubb wrote:

So do a setuid(geteuid()) in there...


Que? I don't follow, do you mean the "C" should look like;

 setuid(geteuid());
 execlp(argv[1],argv[2]);

??

I tried the above, but no joy, "./suidexec id" still reports

uid=501(prundle) gid=501(prundle) euid=502(matlab)


P.
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache execute a CGI as another user

[Peter Chubb]

> "Peter" == Peter Rundle <[EMAIL PROTECTED]> writes:

Peter> Changed system(argv[1]); to execlp(argv[1],argv[2]);

Peter> in the source and now when it runs we see a different result

Peter> $ ./suidexec id Executing Command 'id' uid=501(prundle)
Peter> gid=501(prundle) euid=502(matlab) groups=502(matlab)
Peter> context=user_u:system_r:unconfined_t

So do a setuid(geteuid()) in there...

Peter c
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache execute a CGI as another user

[benjl]

On Tue May 16, 2006 at 13:46:30 +1000, Peter Rundle wrote:
>
>Malcolm V wrote:
>
>>Read "man 3 system" as I suggested yesterday.
>
>Thanks Malcolm.
>
>>See "man 3 exec" for what you want.
>
>Changed
>  system(argv[1]);
>to
>  execlp(argv[1],argv[2]);
>
>in the source and now when it runs we see a different result
>
>$ ./suidexec id
>Executing Command 'id'
>uid=501(prundle) gid=501(prundle) euid=502(matlab) groups=502(matlab) 
>context=user_u:system_r:unconfined_t
>
>But it doesn't trick the Matlab licence manager.
>
>$./suidexec /home/matlab/product/bin/matlab
>Executing Command '/home/matlab/product/bin/matlab'
>
>License Manager Error -39.
>User/host not on INCLUDE list for feature.
>
>How hum. Something about a square, a number and a sore head.
>
>But now I also suspect that the Apache suexec module won't work either, so 
>don't think I'll go down that path, perhaps ssh will be more successful.

So, as long as you are hacking a license manager, I could suggest
strace/ltrace the license manager to see how it is working stuff out
and then possibly an evil LD_PRELOAD to trick it... of course this is
quite evil.

This is something you shouldn't look at: 
http://whydontyoublogaboutit.com/item/348

Benno
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache execute a CGI as another user

[Peter Rundle]

Malcolm V wrote:


Read "man 3 system" as I suggested yesterday.


Thanks Malcolm.


See "man 3 exec" for what you want.


Changed
  system(argv[1]);
to
  execlp(argv[1],argv[2]);

in the source and now when it runs we see a different result

$ ./suidexec id
Executing Command 'id'
uid=501(prundle) gid=501(prundle) euid=502(matlab) groups=502(matlab) 
context=user_u:system_r:unconfined_t


But it doesn't trick the Matlab licence manager.

$./suidexec /home/matlab/product/bin/matlab
Executing Command '/home/matlab/product/bin/matlab'

License Manager Error -39.
User/host not on INCLUDE list for feature.

How hum. Something about a square, a number and a sore head.

But now I also suspect that the Apache suexec module won't work either, so don't think 
I'll go down that path, perhaps ssh will be more successful.


Cheers

P.
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache execute a CGI as another user

[Malcolm V]

On Tuesday 16 May 2006 08:24, Peter Rundle allegedly wrote:

> Can you explain to a mere mortal why the following doesn't work?
> As a first step to your "trivial" challenge, I've written a simple C
> routine to
>
>   system ("do something");


Read "man 3 system" as I suggested yesterday.

Of particular note may be this section;

Do not use system() from a program with set-user-ID or set-group-ID
privileges, because strange  values  for some  environment  variables might be
 used to subvert system integrity.  Use the exec(3) family of functions 
instead, but not execlp(3) or execvp(3).  system() will not, in fact, work 
properly from programs with  set-user-ID  or set-group-ID privileges on 
systems on which /bin/sh is bash version 2, since bash 2 drops privileges on
startup.  (Debian uses a modified bash which does not do this when invoked as
sh.)

See "man 3 exec" for what you want.

Cheers,
Malcolm V.
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache execute a CGI as another user

[Peter Rundle]

[EMAIL PROTECTED] wrote:
> Gentlemen it should be absolutely trivial for the cgi to run a compiled program that is 
(a) suid to matlab (b) executes your script either as fork/exec or even system ("do 
something");

> James

James, thanks for volunteering to solve this one ;-) .

Can you explain to a mere mortal why the following doesn't work?
As a first step to your "trivial" challenge, I've written a simple C routine to

 system ("do something");

Then as root, I've changed it's ownership to matlab and setuid on it. But when 
I run
it from my account, it doesn't execute as matlab.

Cluesticks?

Pete.

--
 $ cat suidexec.c
 #include 
 #include 
 main(int argc, char *argv[]) {
   if (argc < 2) {
 printf("Usage:%s \n",argv[0]);
 exit(-1);
   }
   printf("Executing Command '%s'\n",argv[1]);
   system(argv[1]);
 }

 $ ls -l suidexec
 -rws--x--x  1 matlab apache 4962 May 16 08:03 suidexec

 $ ./suidexec id
 Executing Command 'id'
 uid=501(prundle) gid=501(prundle) context=user_u:system_r:unconfined_t

 $ ./suidexec /home/matlab/product/bin/matlab
 Executing Command '/home/matlab/product/bin/matlab'

 License Manager Error -39.
 User/host not on INCLUDE list for feature.

So no dice, but if one su's to the matlab account, all is well.

 $ su matlab
 Password:
 $> /home/matlab/product/bin/matlab

 Warning:
   MATLAB is starting without a display, using internal event queue.
   You will not be able to display graphics on the screen.

  < M A T L A B >
  Copyright 1984-2006 The MathWorks, Inc.


So I don't so much need to execut with matlab permissions as to be seen
to execute as the user account matlab.

--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache execute a CGI as another user

[jam]

On Monday 15 May 2006 09:16, [EMAIL PROTECTED] wrote:
> Dean Hamstead wrote:
> > could you drop the command into a spool, then run it off a queue?
>
> Interesting idea. Can you point to any docs that describe how to set up a
> batch queue in Linux al la VMS batch queue?
>
> > did you try setting the s(et)uid bit of the script?
>
> yeah didn't work. I placed the 'id' command in the top of the script and it
> doesn't report the id as 'matlab' it still reports it to be apache. Even
> though ls -l shows the script to be owned by matlab group apache and
> rwsrws---
>
> I vaguely recall that chmod +s is only valid for binaries as the command
> being executed is bash, the script is just a data file to bash. I could be
> wrong on this one though...
>
> > apache also has suexec, which might also help you.
>
> Hmmm, looks like this might be the one but there's some pain ahead I
> suspect.

Gentlemen it should be absolutely trivial for the cgi to run a compiled 
program that is (a) suid to matlab (b) executes your script either as 
fork/exec or even system ("do something");
James
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache execute a CGI as another user

[Jamie Wilkinson]

This one time, at band camp, Peter Rundle wrote:
>Mike Lake scribed:
>>What about if the apache script writes a small file in /tmp/matlab/ 
>>directory and the user process is looking at that directory every 30 
>>seconds. If the user script sees the file, reads it, gets params from 
>>the file and run. It drops the plot into a directory apache can read.
>>
>>Cludgy but I'm sure that would work.
>
>Definitely, and I've considered it as a last resort, but I'd like to be 
>able to update the users web view with the new image. I.E when the user 
>clicks on submit, it runs a php, which calls the script that runs matlab, 
>when control returns to php it produces a page with the resulting image in 
>it. All works perfectly except the user gets a page full of licencing 
>errors because the script that runs matlab is executing as apache not 
>matlab :-(
>
>I have looked at the idea of using ssh, I.E the script ssh's onto localhost 
>as matlab and runs the command. That might work but I need to put 
>.ssh/dsa_id keys in apaches home directory looks like a cludge. Seems 

The only possibly dodgy part about that is the network stack overhead, but
it's certainly a reasonable solution;  You will need ssh keys, not in
apache's home directory though.

At the target end (matlab user) you can put in something like this in the
.ssh/authorized_keys:

from="localhost",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command="/usr/bin/matlab"
 ssh-dss key...= some comment about this key

and then on the server:

ssh -a -e none -x -C -T -i /path/to/key localhost /usr/bin/matlab

whereever you need to get there.

(This is clagged from something dodgy internal here, but you should be able
to work out what the options all do from the manpage, right? :)


>that apaches suexec was designed for this problem, just not sure I want to 
>put that RPM on my running server.

suexec is designed to run CGIs that aren't owned by the apache user, sure,
but getting that set up the way you want may require rebuilding suexec
itself, which you don't really want to do.  It has lots of hardcoded caveats
the ensure the security of the system.
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache execute a CGI as another user

[Jamie Wilkinson]

This one time, at band camp, Peter Rundle wrote:
>I'm looking for suggestions/recommendations for a way to run a command as a 
>specific user, but triggered from a web form submit button. The 
>corresponding action cgi runs as apache/apache, but I then need it to 
>trigger the running of a shell script as another unprivledged user.

You could use sudo to grant access to that binary and that binary only as
the matlab user, from only the web user.  It's not perfect from a security
standpoint but it'd get the job done.
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache execute a CGI as another user

[Malcolm V]

On Monday 15 May 2006 11:12, Peter Rundle allegedly wrote:
> I vaguely recall that chmod +s is only valid for binaries as the command
> being executed is bash, the script is just a data file to bash. I could be
> wrong on this one though...

This is correct. You can get around this by using a small C program (using  
exec(), etc) instead of the shell script, which is chmod'd g+s or whatever.

check "man 3 system", mine says Debian uses a modified sh which doesn't drop 
these priveleges on startup, not sure if that is still correct.

Cheers,
Malcolm V.
-- 
  Referring to a book: I read part of it all the way through.
  -Samuel Goldwyn
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache execute a CGI as another user

[Peter Rundle]

Mike Lake scribed:
What about if the apache script writes a small file in /tmp/matlab/ 
directory and the user process is looking at that directory every 30 
seconds. If the user script sees the file, reads it, gets params from 
the file and run. It drops the plot into a directory apache can read.


Cludgy but I'm sure that would work.


Definitely, and I've considered it as a last resort, but I'd like to be able to update the 
users web view with the new image. I.E when the user clicks on submit, it runs a php, 
which calls the script that runs matlab, when control returns to php it produces a page 
with the resulting image in it. All works perfectly except the user gets a page full of 
licencing errors because the script that runs matlab is executing as apache not matlab :-(


I have looked at the idea of using ssh, I.E the script ssh's onto localhost as matlab and 
runs the command. That might work but I need to put .ssh/dsa_id keys in apaches home 
directory looks like a cludge. Seems that apaches suexec was designed for this 
problem, just not sure I want to put that RPM on my running server.


P.


--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache execute a CGI as another user

[Michael Lake]

Peter Rundle wrote:

Sluggers,

I'm looking for suggestions/recommendations for a way to run a command 
as a specific user, but triggered from a web form submit button. The 
corresponding action cgi runs as apache/apache, but I then need it to 
trigger the running of a shell script as another unprivledged user.


What about if the apache script writes a small file in /tmp/matlab/ directory and the 
user process is looking at that directory every 30 seconds. If the user script sees 
the file, reads it, gets params from the file and run. It drops the plot into a 
directory apache can read.


Cludgy but I'm sure that would work.
Mike

--
Michael Lake
Science Faculty, UTS
Ph: 9514 8232 Fx: 9514 1460



--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache execute a CGI as another user

[Michael Lake]

Peter Rundle wrote:

Sluggers,

I'm looking for suggestions/recommendations for a way to run a command 
as a specific user, but triggered from a web form submit button. The 
corresponding action cgi runs as apache/apache, but I then need it to 
trigger the running of a shell script as another unprivledged user.


The reason is that I have some commercial software (Matlab) that must 
run as the user 'matlab' for licencing reasons. This software is used to 
generate a graphical plot. I want to allow the web user to request an 
update to the plot.


Alternatively if anyone knows of a good FOSS alternative to Matlab which 
can read and run matlab scripts (java syntax plus lots of libries) that 
maybe a "better" solution.


Octave. Available as an rpm or a deb. Reads and writes Matlab.

Mike
--
Michael Lake
Science Faculty, UTS
Ph: 9514 8232 Fx: 9514 1460




--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache execute a CGI as another user

[Peter Rundle]

Dean Hamstead wrote:

could you drop the command into a spool, then run it off a queue?


Interesting idea. Can you point to any docs that describe how to set up a batch queue in 
Linux al la VMS batch queue?



did you try setting the s(et)uid bit of the script?


yeah didn't work. I placed the 'id' command in the top of the script and it doesn't report 
the id as 'matlab' it still reports it to be apache. Even though ls -l shows the script to 
be owned by matlab group apache and rwsrws---


I vaguely recall that chmod +s is only valid for binaries as the command being executed is 
bash, the script is just a data file to bash. I could be wrong on this one though...



apache also has suexec, which might also help you.


Hmmm, looks like this might be the one but there's some pain ahead I suspect.

Thanks for the suggestions

P.

--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] Apache execute a CGI as another user

[Peter Rundle]

Sluggers,

I'm looking for suggestions/recommendations for a way to run a command as a specific user, 
but triggered from a web form submit button. The corresponding action cgi runs as 
apache/apache, but I then need it to trigger the running of a shell script as another 
unprivledged user.


The reason is that I have some commercial software (Matlab) that must run as the user 
'matlab' for licencing reasons. This software is used to generate a graphical plot. I want 
to allow the web user to request an update to the plot.


Alternatively if anyone knows of a good FOSS alternative to Matlab which can read and run 
matlab scripts (java syntax plus lots of libries) that maybe a "better" solution.


TIA's

Pete
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] apache mod-rewrite help

[Michael Fox]

Hi,

I am a bit stuck on something and after using the various info
available I still cant get it to work.

Let me explain what I've got and what I want to happen.

I installed mediawiki into /wiki and thus my pages show as
domain/wiki/index.php/Main_Page, so I thought okay lets follow the
info to get mod_rewrite going to mask the index.php bit and allow me
to have the final url cleaner url of

domain/wiki/Main_Page

Unfortunately I cant seem to get it to work, anyone able to give me a
copy of a suitable working .htaccess, as I've tried various changes
and still cant get it to work as I want.

Thanks in advance
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] Apache gzip module

[Phill]

Hi Sluggers

Someone told me that the Apache gzip module bloats the temp directory and
can cause the hardisk to be filled with rubbish.

Is this true?

If so is there a fix?

Phill


smime.p7s
Description: S/MIME cryptographic signature
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] apache name based virtual servers through firewall

[Ben Donohue]

ahhh thank-you thank-you thank-you!
so simple but I just didn't "see" it.
all working now.
Thanks again.
Ben


James Purser wrote:


On Mon, 2005-10-10 at 21:11 +1000, Ben Donohue wrote:
 


Hi Slugs,
I've setup name based virtual servers before no problem.
however my current setup has changed.
i've got the ADSL modem forwarding address and port 80 to the firewall.
the firewall forwards this to the apache server in the DMZ.
however every server defaults to the first created name based virtual 
server.

i've tried the Serverpath directive but still no go.
is there something special where forwarding a http request loses it when 
passed through a firewall or an ADSL modem?

any clues appreciated
Ben
i also notice webalizer treats every request as coming from the firewall 
rather than the originating country of origin.

any clues here appreciated here also.



   



I have a similar setup and I have found that you need to do the
NameVirtualHost to the local IP address of the box rather than the
external IP.
 


--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] apache name based virtual servers through firewall

[James Purser]

On Mon, 2005-10-10 at 21:11 +1000, Ben Donohue wrote:
> Hi Slugs,
> I've setup name based virtual servers before no problem.
> however my current setup has changed.
> i've got the ADSL modem forwarding address and port 80 to the firewall.
> the firewall forwards this to the apache server in the DMZ.
> however every server defaults to the first created name based virtual 
> server.
> i've tried the Serverpath directive but still no go.
> is there something special where forwarding a http request loses it when 
> passed through a firewall or an ADSL modem?
> any clues appreciated
> Ben
> i also notice webalizer treats every request as coming from the firewall 
> rather than the originating country of origin.
> any clues here appreciated here also.
> 
> 
> 

I have a similar setup and I have found that you need to do the
NameVirtualHost to the local IP address of the box rather than the
external IP.
-- 
James Purser
Chief Talking Guy - Linux Australia Update
http://k-sit.com - My Blog
http://la-pod.k-sit.com - Linux Australia Update Blog and Forums
Skype: purserj1977

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] apache name based virtual servers through firewall

[Ben Donohue]

Hi Slugs,
I've setup name based virtual servers before no problem.
however my current setup has changed.
i've got the ADSL modem forwarding address and port 80 to the firewall.
the firewall forwards this to the apache server in the DMZ.
however every server defaults to the first created name based virtual 
server.

i've tried the Serverpath directive but still no go.
is there something special where forwarding a http request loses it when 
passed through a firewall or an ADSL modem?

any clues appreciated
Ben
i also notice webalizer treats every request as coming from the firewall 
rather than the originating country of origin.

any clues here appreciated here also.



--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] Apache (?) errors

[Edwin Humphries]

We're just doing a test upgrade of a demo system (before we upgrade the 
production systems) from our development server of an application based 
largely on apache, php and postgresql.


On the test system, I'm seeing a php script output an error message to 
the console as follows:


[EMAIL PROTECTED] html]# php /usr/bin/phpcharge.php4 1 1122989968 
1122990529 2.886968 10.254.254.6 00:90:

Content-type: text/html
 ¼': Unable to initialize module
Module compiled with debug=144, thread-safety=167 module API=1114968780
PHP compiled with debug=0, thread-safety=0 module API=20010901
These options need to match
 in Unknown on line 0
X-Powered-By: PHP/4.1.2
Content-type: text/html

Both systems are updated RH7,2 systems, with the only differences being 
slightly different hardware. I've checked the apache, php and postgresql 
rpms, and all are identical. Checking the httpd error log, I see similar 
error messages on startup:


[Tue Aug  2 12:04:04 2005] [notice] caught SIGTERM, shutting down
PHP Warning:  U1À‰å]Éö�¼': Unable to initialize module
Module compiled with debug=144, thread-safety=231 module API=1119638220
PHP compiled with debug=0, thread-safety=0 module API=20010901
These options need to match
 in Unknown on line 0
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "en_AU"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "en_AU"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").

Can anyone tell me what's happening?

--
Regards,
Edwin Humphries
Mobile: 0419 233 051
Ironstone Technology Pty Ltd
P. O. Box 423, Kiama, NSW, 2533
Phone: +61 (0)2 4233 2285
Facsimile: +61 (0)2 4233 2299
Web: http//www.ironstone.com.au

***
This email is intended for the named addressee/s only and
may contain confidential or privileged information. If you
are not a named addressee please delete the message and
notify the sender.
***
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] Apache (?) errors

[Edwin Humphries]

We're just doing a test upgrade of a demo system (before we upgrade the
production systems) from our development server of an application based
largely on apache, php and postgresql.

On the test system, I'm seeing a php script output an error message to
the console as follows:

[EMAIL PROTECTED] html]# php /usr/bin/phpcharge.php4 1 1122989968
1122990529 2.886968 10.254.254.6 00:90:
Content-type: text/html
 ¼': Unable to initialize module
Module compiled with debug=144, thread-safety=167 module
API=1114968780
PHP compiled with debug=0, thread-safety=0 module API=20010901
These options need to match
 in Unknown on line 0
X-Powered-By: PHP/4.1.2
Content-type: text/html

Both systems are updated RH7,2 systems, with the only differences being
slightly different hardware. I've checked the apache, php and postgresql
rpms, and all are identical. Checking the httpd error log, I see similar
error messages on startup:

[Tue Aug  2 12:04:04 2005] [notice] caught SIGTERM, shutting
 down
PHP Warning:  U1À‰å]Éö�¼': Unable to initialize module
Module compiled with debug=144, thread-safety=231 module
 API=1119638220
PHP compiled with debug=0, thread-safety=0 module API=20010901
These options need to match
 in Unknown on line 0
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "en_AU"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").

Can anyone tell me what's happening?

--
Regards,
Edwin Humphries
Mobile: 0419 233 051
Ironstone Technology Pty Ltd
P. O. Box 423, Kiama, NSW, 2533
Phone: +61 (0)2 4233 2285
Facsimile: +61 (0)2 4233 2299
Web: http//www.ironstone.com.au

***
This email is intended for the named addressee/s only and
may contain confidential or privileged information. If you
are not a named addressee please delete the message and
notify the sender.
***

--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache virtual server configuration

[Edwin Humphries]

Roger,

Thanks for that; all issues now resolved

Roger Barnes wrote:
Well, that worked (thanks for that), but on restarting httpd, 
I got an error message:


Starting httpd: [Wed Jul 27 10:13:37 2005] [warn] 
NameVirtualHost 202.173.184.198:0 has no VirtualHosts.





You don't need that line anymore in this case.   Best practices might dictate 
another approach (anyone?), but removing the NameVirtualHost line should be ok.

- Rog



--
Regards,
Edwin Humphries
Mobile: 0419 233 051
Ironstone Technology Pty Ltd
P. O. Box 423, Kiama, NSW, 2533
Phone: +61 (0)2 4233 2285
Facsimile: +61 (0)2 4233 2299
Web: http//www.ironstone.com.au

***
This email is intended for the named addressee/s only and
may contain confidential or privileged information. If you
are not a named addressee please delete the message and
notify the sender.
***
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

RE: [SLUG] Apache virtual server configuration

[Roger Barnes]

> Well, that worked (thanks for that), but on restarting httpd, 
> I got an error message:
> 
> Starting httpd: [Wed Jul 27 10:13:37 2005] [warn] 
> NameVirtualHost 202.173.184.198:0 has no VirtualHosts.
> 

You don't need that line anymore in this case.   Best practices might dictate 
another approach (anyone?), but removing the NameVirtualHost line should be ok.

- Rog

--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache virtual server configuration

[Edwin Humphries]

Roger,

Well, that worked (thanks for that), but on restarting httpd, I got an 
error message:


Starting httpd: [Wed Jul 27 10:13:37 2005] [warn] NameVirtualHost 
202.173.184.198:0 has no VirtualHosts.


Roger Barnes wrote:

Hi Edwin,

Try  instead, not sure if it will help, but worth a try.

- R 




-Original Message-
From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Edwin Humphries

Sent: Wednesday, 27 July 2005 9:39 AM
To: Peter Rundle
Cc: slug@slug.org.au
Subject: Re: [SLUG] Apache virtual server configuration

Guys,

Thanks for your input. I've tried all that, and it still 
stubbornly loads what in the document root directory, rather 
than the test file in the /website directory.


Does it make any difference in all this that the actual 
server is on an internal IP behind a port-forwarding firewall?


--
Regards,
Edwin Humphries
Mobile: 0419 233 051
Ironstone Technology Pty Ltd
P. O. Box 423, Kiama, NSW, 2533
Phone: +61 (0)2 4233 2285
Facsimile: +61 (0)2 4233 2299
Web: http//www.ironstone.com.au

***
This email is intended for the named addressee/s only and
may contain confidential or privileged information. If you
are not a named addressee please delete the message and
notify the sender.
***
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache virtual server configuration

[Edwin Humphries]

Guys,

Thanks for your input. I've tried all that, and it still stubbornly 
loads what in the document root directory, rather than the test file in 
the /website directory.


Does it make any difference in all this that the actual server is on an 
internal IP behind a port-forwarding firewall?


Peter Rundle wrote:

Edwin,

When you are using NameVirtualHost (I.E HTTP/1.1) you need to give the 
site a name. something like;


NameVirtualHost 202.173.184.198:80


  ServerAdmin [EMAIL PROTECTED]
  ServerName www.ironstome.com.au
  DocumentRoot /var/www/html/website/
  ErrorLog logs/ironstone-error_log
  CustomLog logs/ironstone-access_log common




  ServerAdmin [EMAIL PROTECTED]
  ServerName ww2.ironstome.com.au
  DocumentRoot /var/www/html/website2/
  ErrorLog logs/ironstone2-error_log
  CustomLog logs/ironstone2-access_log common




HTH

P.


--
Regards,
Edwin Humphries
Mobile: 0419 233 051
Ironstone Technology Pty Ltd
P. O. Box 423, Kiama, NSW, 2533
Phone: +61 (0)2 4233 2285
Facsimile: +61 (0)2 4233 2299
Web: http//www.ironstone.com.au

***
This email is intended for the named addressee/s only and
may contain confidential or privileged information. If you
are not a named addressee please delete the message and
notify the sender.
***
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache virtual server configuration

[Peter Rundle]

Edwin,

When you are using NameVirtualHost (I.E HTTP/1.1) you need to give the 
site a name. something like;


NameVirtualHost 202.173.184.198:80


  ServerAdmin [EMAIL PROTECTED]
  ServerName www.ironstome.com.au
  DocumentRoot /var/www/html/website/
  ErrorLog logs/ironstone-error_log
  CustomLog logs/ironstone-access_log common




  ServerAdmin [EMAIL PROTECTED]
  ServerName ww2.ironstome.com.au
  DocumentRoot /var/www/html/website2/
  ErrorLog logs/ironstone2-error_log
  CustomLog logs/ironstone2-access_log common




HTH

P.
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

RE: [SLUG] Apache virtual server configuration

[Roger Barnes]

Hi Edwin,

> We're just converting over from our web server being a single 
> site server (root in /var/www/html/) to also hosting an 
> Intranet/Extranet site. So we want to move the site over to 
> /var/www/html/website, but although we've added a new virtual 
> server in httpd.conf, it still goes back to the 
> /var/www/html/ location. Can anyone offer some ideas?

Not sure if the following will work, but it's based on referring to a working 
vhost config (apache 1.3)...


ServerName www.ironstone.com.au
DocumentRoot "/var/www/html/website/"
HostNameLookups off


HTH,
- Rog
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Fwd: [SLUG] Apache virtual server configuration

[James Polley]

really should remember to CC the list..

-- Forwarded message --
From: James Polley <[EMAIL PROTECTED]>
Date: Jul 27, 2005 9:13 AM
Subject: Re: [SLUG] Apache virtual server configuration
To: [EMAIL PROTECTED]


On 7/27/05, Edwin Humphries <[EMAIL PROTECTED]> wrote:

> NameVirtualHost 202.173.184.198
>
> 
> DocumentRoot /var/www/html/website/
> HostNameLookups off
> 


ServerName www.ironstone.com.au
ServerAlias ironstone.com.au
DocumentRoot /var/www/html/website/
HostNameLookups off



--
There is nothing more worthy of contempt than a man who quote himself
in his email footer - Zhasper, 2005


-- 
There is nothing more worthy of contempt than a man who quote himself
in his email footer - Zhasper, 2005
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache virtual server configuration

[Dean Hamstead]

put " 's around the path

add

ServerName www.ironstone.com.au

if your running only one site, you dont need virtual hosts.

Dean

Edwin Humphries wrote:
We're just converting over from our web server being a single site 
server (root in /var/www/html/) to also hosting an Intranet/Extranet 
site. So we want to move the site over to /var/www/html/website, but 
although we've added a new virtual server in httpd.conf, it still goes 
back to the /var/www/html/ location. Can anyone offer some ideas?


It's Redhat ES3. The httpd.conf file (stripped) is attached




ServerTokens OS
ServerRoot "/etc/httpd"
PidFile run/httpd.pid
Timeout 300
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 15

StartServers   8
MinSpareServers5
MaxSpareServers   20
MaxClients   150
MaxRequestsPerChild  1000


StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild  0

Listen 0.0.0.0:80
LoadModule access_module modules/mod_access.so
LoadModule auth_module modules/mod_auth.so
LoadModule auth_anon_module modules/mod_auth_anon.so
LoadModule auth_dbm_module modules/mod_auth_dbm.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule asis_module modules/mod_asis.so
LoadModule info_module modules/mod_info.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule imap_module modules/mod_imap.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule cache_module modules/mod_cache.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule cgi_module modules/mod_cgi.so
User apache
Group apache
ServerAdmin [EMAIL PROTECTED]
UseCanonicalName Off
DocumentRoot "/var/www/html"

Options FollowSymLinks
AllowOverride None


Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all


UserDir disable

DirectoryIndex index.html index.html.var
AccessFileName .htaccess

Order allow,deny
Deny from all

TypesConfig /etc/mime.types
DefaultType text/plain

#   MIMEMagicFile /usr/share/magic.mime
MIMEMagicFile conf/magic

HostnameLookups Off
ErrorLog logs/error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" 
combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog logs/access_log combined
ServerSignature On
Alias /icons/ "/var/www/icons/"

Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all

Alias /manual "/var/www/manual"

Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Allow from all


# Location of the WebDAV lock database.
DAVLockDB /var/lib/dav/lockdb

ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"

AllowOverride None
Options None
Order allow,deny
Allow from all

IndexOptions FancyIndexing VersionSort NameWidth=*
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip

AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*

AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /i

[SLUG] Apache virtual server configuration

[Edwin Humphries]

We're just converting over from our web server being a single site 
server (root in /var/www/html/) to also hosting an Intranet/Extranet 
site. So we want to move the site over to /var/www/html/website, but 
although we've added a new virtual server in httpd.conf, it still goes 
back to the /var/www/html/ location. Can anyone offer some ideas?


It's Redhat ES3. The httpd.conf file (stripped) is attached

--
Regards,
Edwin Humphries
Mobile: 0419 233 051
Ironstone Technology Pty Ltd
P. O. Box 423, Kiama, NSW, 2533
Phone: +61 (0)2 4233 2285
Facsimile: +61 (0)2 4233 2299
Web: http//www.ironstone.com.au

***
This email is intended for the named addressee/s only and
may contain confidential or privileged information. If you
are not a named addressee please delete the message and
notify the sender.
***
ServerTokens OS
ServerRoot "/etc/httpd"
PidFile run/httpd.pid
Timeout 300
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 15

StartServers   8
MinSpareServers5
MaxSpareServers   20
MaxClients   150
MaxRequestsPerChild  1000


StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild  0

Listen 0.0.0.0:80
LoadModule access_module modules/mod_access.so
LoadModule auth_module modules/mod_auth.so
LoadModule auth_anon_module modules/mod_auth_anon.so
LoadModule auth_dbm_module modules/mod_auth_dbm.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule asis_module modules/mod_asis.so
LoadModule info_module modules/mod_info.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule imap_module modules/mod_imap.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule cache_module modules/mod_cache.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule cgi_module modules/mod_cgi.so
User apache
Group apache
ServerAdmin [EMAIL PROTECTED]
UseCanonicalName Off
DocumentRoot "/var/www/html"

Options FollowSymLinks
AllowOverride None


Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all


UserDir disable

DirectoryIndex index.html index.html.var
AccessFileName .htaccess

Order allow,deny
Deny from all

TypesConfig /etc/mime.types
DefaultType text/plain

#   MIMEMagicFile /usr/share/magic.mime
MIMEMagicFile conf/magic

HostnameLookups Off
ErrorLog logs/error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" 
combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog logs/access_log combined
ServerSignature On
Alias /icons/ "/var/www/icons/"

Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all

Alias /manual "/var/www/manual"

Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Allow from all


# Location of the WebDAV lock database.
DAVLockDB /var/lib/dav/lockdb

ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"

AllowOverride None
Options None
Order allow,deny
Allow from all

IndexOptions FancyIndexing VersionSort NameWidth=*
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip

AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*

AddIcon /ic

[SLUG] Apache probs - Invalid command 'Alias', perhaps mis-spelled

[Michael Lake]

Hi all

Mike wrote...

I just had to upgrade a apache on Debian as it was complaining that a module
was missing an info file and without it it woulnt restart apache.
(it was Error: mod_auth_mysql.so does not have a corresponding .info file.)
This meant that I had to upgrade a few packages due to dependencies e.g. a
newer mod_auth_mysql required a newer libapache-mod-perl. Now I have more
probs.

. snipped the rest 

The problem was many and varied. For a start a Debian upgrade some time ago 
had added the following lines to my httpd conf file: 


# Please keep this LoadModule: line here, it is needed for installation.
Include /etc/apache-perl/modules.conf
Include /etc/apache/modules.conf

Mistake!: I'm running apache-perl and not apache and it was including two module.conf 
files which were slightly different. Thats why I was getting errors like 
"module config_log_module is already loaded, skipping"

I commented out the include for /etc/apache/modules.conf and restarted 
apache-perl.

I also needed to manually add "LoadModule auth_mysql_module 
/usr/lib/apache/1.3/mod_auth_mysql.so"
to the modules.conf file cause for some reason "/usr/sbin/apache-modconf apache-perl" updated 
modules.conf but didn't add the required line.


Then I just got the errors about: 
Invalid command 'AuthMySQLCryptedPasswords', perhaps mis-spelled .

I had had this for 4 years in httpd.conf:

  AuthType Basic
  AuthMySQLCryptedPasswords On
  AuthMySQLHost 
  AuthMySQLUser
  AuthMySQLUserTable 
  AuthMySQLNameField 
  AuthMySQLPasswordField 


But now it seems the interface has changed. Even Crypt has changed to Encrypted!
I found in /usr/lib/apache/1.3/500mod_auth_mysql.info the list of valid 
directives.
I then renamed each one above to the ones below one by one until 
apache-perl-ctl configtest
didn't complain anymore:

  AuthType Basic
  AuthMySQL_Encrypted_Passwords On
  AuthMySQL_Host 
  AuthMySQL_User
  AuthMySQL_Password_Table 
  AuthMySQL_UserName_Field 
  AuthMySQL_Password_Field 


And bingo apache-perl then started fine.

I really need a course in Debian System Administration.

Mike
--
Mike Lake
Caver, Linux enthusiast and interested in anything technical.

--
UTS CRICOS Provider Code:  00099F
DISCLAIMER: This email message and any accompanying attachments may contain
confidential information.  If you are not the intended recipient, do not
read, use, disseminate, distribute or copy this message or attachments.  If
you have received this message in error, please notify the sender immediately
and delete this message. Any views expressed in this message are those of the
individual sender, except where the sender expressly, and with authority,
states them to be the views the University of Technology Sydney. Before
opening any attachments, please check them for viruses and defects.
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] Apache probs - Invalid command 'Alias', perhaps mis-spelled

[Michael Lake]

Hi all

I just had to upgrade a apache on Debian as it was complaining that a module was missing an info file 
and without it it woulnt restart apache.

(it was Error: mod_auth_mysql.so does not have a corresponding .info file.)
This meant that I had to upgrade a few packages due to dependencies e.g. a newer mod_auth_mysql required 
a newer libapache-mod-perl. Now I have more probs.


Im running: 
	apache-perl 1.3

libapache-mod-perl
libapache-mod-auth-mysql

Im getting this:

Syntax error on line 393 of /etc/apache/httpd2.conf:
Invalid command 'Alias', perhaps mis-spelled or defined by a module not 
included in the server configuration
/usr/local/bin/apache-perl-ctl2 start: httpd could not be started

I suspect I have a problem in the modules.conf file. Here is the full info:
(This is actually a second apache im running, the first I have not touched)

vs:/etc/apache-perl# apache-perl-ctl2 start
[Sun Jul  3 22:39:17 2005] [warn] module config_log_module is already loaded, 
skipping
[Sun Jul  3 22:39:17 2005] [warn] module mime_module is already loaded, skipping
[Sun Jul  3 22:39:17 2005] [warn] module negotiation_module is already loaded, 
skipping
[Sun Jul  3 22:39:17 2005] [warn] module status_module is already loaded, 
skipping
[Sun Jul  3 22:39:17 2005] [warn] module autoindex_module is already loaded, 
skipping
[Sun Jul  3 22:39:17 2005] [warn] module dir_module is already loaded, skipping
[Sun Jul  3 22:39:17 2005] [warn] module cgi_module is already loaded, skipping
[Sun Jul  3 22:39:17 2005] [warn] module userdir_module is already loaded, 
skipping
[Sun Jul  3 22:39:17 2005] [warn] module alias_module is already loaded, 
skipping
[Sun Jul  3 22:39:17 2005] [warn] module rewrite_module is already loaded, 
skipping
[Sun Jul  3 22:39:17 2005] [warn] module access_module is already loaded, 
skipping
[Sun Jul  3 22:39:17 2005] [warn] module auth_module is already loaded, skipping
[Sun Jul  3 22:39:17 2005] [warn] module expires_module is already loaded, 
skipping
[Sun Jul  3 22:39:17 2005] [warn] module setenvif_module is already loaded, 
skipping
Syntax error on line 393 of /etc/apache/httpd2.conf:
Invalid command 'Alias', perhaps mis-spelled or defined by a module not 
included in the server configuration
/usr/local/bin/apache-perl-ctl2 start: httpd could not be started

The alias is PERFECTLY VALID 
	Alias /something /home/someone/somethingelse/html


and my modules.conf is this:

vs:/etc/apache-perl# cat modules.conf 
# Autogenerated file - do not edit!

# This file is maintained by the apache-perl package.
# To update it, run the command:
#/usr/sbin/apache-modconf apache-perl
ClearModuleList
AddModule mod_so.c
AddModule mod_macro.c
LoadModule config_log_module /usr/lib/apache/1.3/mod_log_config.so
LoadModule mime_magic_module /usr/lib/apache/1.3/mod_mime_magic.so
LoadModule mime_module /usr/lib/apache/1.3/mod_mime.so
LoadModule negotiation_module /usr/lib/apache/1.3/mod_negotiation.so
LoadModule status_module /usr/lib/apache/1.3/mod_status.so
LoadModule autoindex_module /usr/lib/apache/1.3/mod_autoindex.so
LoadModule dir_module /usr/lib/apache/1.3/mod_dir.so
LoadModule cgi_module /usr/lib/apache/1.3/mod_cgi.so
LoadModule userdir_module /usr/lib/apache/1.3/mod_userdir.so
LoadModule alias_module /usr/lib/apache/1.3/mod_alias.so
LoadModule rewrite_module /usr/lib/apache/1.3/mod_rewrite.so
LoadModule access_module /usr/lib/apache/1.3/mod_access.so
LoadModule auth_module /usr/lib/apache/1.3/mod_auth.so
LoadModule expires_module /usr/lib/apache/1.3/mod_expires.so
LoadModule setenvif_module /usr/lib/apache/1.3/mod_setenvif.so
AddModule mod_perl.c
vs:/etc/apache-perl# 

Googling shows probs like this with Apache2 but Im running apache-perVersion: 1.3.33-6 


Mike
--
Mike Lake
Caver, Linux enthusiast and interested in anything technical.
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache 1.3.33 displaying gifs weirdly!

[mlh]

On Fri, Apr 08, 2005 at 12:49:45PM +1000, Michael Kraus wrote:
> Everything is straight and fresh out-of-the-box so to speak, however
> when I go to http://myserver/   the images are
> OK on the first viewing of the first page with a browser, but as soon as
> I go to another page on the server (e.g. http://myserver/manual) the
> images break, or are displayed funny. (They just don't look the same.)

The apache manual and icons are found by Aliases.
This may have something to do with it.

(I also don't get 'displayed funny' -- they should appear or not.)

If the Alias is not working, you might be just seeing client
cached versions of things. Flush your cache for a truer picture.

Matt



-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache 1.3.33 displaying gifs weirdly!

[Grant Parnell - slug]

On Fri, 8 Apr 2005, Michael Kraus wrote:

> G'day all...
>  
> I've got a FC3 with a custom built apache 1.3.33 (i.e. with mod_perl
> 1.29 and mod_ssl 2.8.22) - built as per (ORA's) the mod_perl book.
>  
> Everything is straight and fresh out-of-the-box so to speak, however
> when I go to http://myserver/   the images are
> OK on the first viewing of the first page with a browser, but as soon as
> I go to another page on the server (e.g. http://myserver/manual) the
> images break, or are displayed funny. (They just don't look the same.)
> 
> Has anyone else observed this behaviour and/or know what is to be done?

Firstly no.. never seen anything like that. Also perhaps you should 
elaborate on "don't look the same". Since rendering of images is almost 
exclusively under client control I can't see how the webserver has much 
effect. Things to look out for are caching of the images (ie if you set 
your browser not to load images, but it finds them in the cache it'll 
still display them and they're probably different). Also the webserver 
naturally can specify some attributes like size/resolution and borders and 
layout, but not stuff like number of colours. The other thing of note 
might be the location the webserver fetches them from, you might somehow 
have stuffed up and have a few versions in different places.

-- 
-- 
Grant Parnell - SLUG President
EverythingLinux services - the consultant's backup & tech support.
Web: http://www.elx.com.au/support.php
We're also busybits.com.au and linuxhelp.com.au and everythinglinux.com.au.
Phone 02 8756 3522 to book service or discuss your needs 
or email us at paidsupport at elx.com.au

ELX or its employees participate in the following:-
OSIA (Open Source Industry Australia) - http://www.osia.net.au
AUUG (Australian Unix Users Group) - http://www.auug.org.au
SLUG (Sydney Linux Users Group) - http://www.slug.org.au
LA (Linux Australia) - http://www.linux.org.au

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

RE: [SLUG] Apache 1.3.33 displaying gifs weirdly!

[Michael Kraus]

> to another page on the server (e.g. http://myserver/manual) 
> the images break, or are displayed funny. (They just don't 
> look the same.)

That is to say, they are skewed, if they are able to be displayed. The
seem to be corrupted by the server somehow.

(Viewing them with an gthumb on the server shows that they're fine
though.)

Regards,
Michael Kraus
Software Developer
[EMAIL PROTECTED]
Direct Line 02 8306 0007
 




Wild Technology Pty Ltd , ABN 98 091 470 692
Sales - Ground Floor, 265/8 Lachlan Street, Waterloo NSW 2017
Admin - Level 4 Tiara, 306/9 Crystal Street, Waterloo NSW 2017
Telephone 1300-13-9453 |  Facsimile 1300-88-9453
http://www.wildtechnology.net
DISCLAIMER & CONFIDENTIALITY NOTICE:  The information contained in this email 
message and any attachments may be confidential information and may also be the 
subject of client legal - legal professional privilege. If you are not the 
intended recipient, any use, interference with, disclosure or copying of this 
material is unauthorised and prohibited.   This email and any attachments are 
also subject to copyright.  No part of them may be reproduced, adapted or 
transmitted without the written permission of the copyright owner.  If you have 
received this email in error, please immediately advise the sender by return 
email and delete the message from your system.


--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] Apache 1.3.33 displaying gifs weirdly!

[Michael Kraus]

G'day all...
 
I've got a FC3 with a custom built apache 1.3.33 (i.e. with mod_perl
1.29 and mod_ssl 2.8.22) - built as per (ORA's) the mod_perl book.
 
Everything is straight and fresh out-of-the-box so to speak, however
when I go to http://myserver/   the images are
OK on the first viewing of the first page with a browser, but as soon as
I go to another page on the server (e.g. http://myserver/manual) the
images break, or are displayed funny. (They just don't look the same.)

Has anyone else observed this behaviour and/or know what is to be done?

Thanks!
 
 
Regards,
Michael Kraus
Software Developer
[EMAIL PROTECTED]
Direct Line 02 8306 0007




Wild Technology Pty Ltd , ABN 98 091 470 692
Sales - Ground Floor, 265/8 Lachlan Street, Waterloo NSW 2017
Admin - Level 4 Tiara, 306/9 Crystal Street, Waterloo NSW 2017
Telephone 1300-13-9453 |  Facsimile 1300-88-9453
http://www.wildtechnology.net
DISCLAIMER & CONFIDENTIALITY NOTICE:  The information contained in this email 
message and any attachments may be confidential information and may also be the 
subject of client legal - legal professional privilege. If you are not the 
intended recipient, any use, interference with, disclosure or copying of this 
material is unauthorised and prohibited.   This email and any attachments are 
also subject to copyright.  No part of them may be reproduced, adapted or 
transmitted without the written permission of the copyright owner.  If you have 
received this email in error, please immediately advise the sender by return 
email and delete the message from your system.


--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] apache mail vulnerability ? phisihing mail attack

[mlh]

On Tue, Apr 05, 2005 at 08:15:04AM +1000, Howard Lowndes wrote:
> Check your version of OpenSSL, but my guess is that you have been 
> rootkitted thru it - Slapper virus, (or was it Slammer, one was for SSL 
> the other was for M$SQL.)
> 
> Time for an upgrade methinks :)
> 
> Voytek wrote:
> >RH73, Postfix 2.1.5, Apache/1.3.27 (Unix) (Red-Hat/Linux)
> >mod_gzip/1.3.26.1a mod_python/2.7.8 Python/1.5.2 mod_ssl/2.8.12
> >OpenSSL/0.9.6b DAV/1.0.3 PHP/4.3.4 mod_perl/1.26 mod_throttle/3.1.2

It could have been almost any of those.  mod_python, php, ssl
have certainly had security bugs.




-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] apache mail vulnerability ? phisihing mail attack

[Howard Lowndes]

Check your version of OpenSSL, but my guess is that you have been 
rootkitted thru it - Slapper virus, (or was it Slammer, one was for SSL 
the other was for M$SQL.)

Time for an upgrade methinks :)
Voytek wrote:
RH73, Postfix 2.1.5, Apache/1.3.27 (Unix) (Red-Hat/Linux)
mod_gzip/1.3.26.1a mod_python/2.7.8 Python/1.5.2 mod_ssl/2.8.12
OpenSSL/0.9.6b DAV/1.0.3 PHP/4.3.4 mod_perl/1.26 mod_throttle/3.1.2
I have Postfix with amavisd-new and clamav, identified malware is
'quarantined' to mail account 'infected' for later deletion;
few days ago, some 23,000 phishing emails were attempted to be sent from
my server, it seems, user 'apache' created them
I looked at the first and last few, they all appeared to be same phishing
email, typical header follows:
have I got a 'bad' web mailform ..? that someone exploited.. or ..?
looking at maillog, it started at about 9:17 on April 1;
looking at web log, I can't find any suspicious action at that time
any suggestions ?
typical mail header:
--
Return-Path: <>
X-Original-To: infected
Delivered-To: [EMAIL PROTECTED]
Received: from localhost (koala.sbt.net.au [127.0.0.1])
 by koala.sbt.net.au (Postfix) with ESMTP id 1E1A42386D6
 for ; Fri, 1 Apr 2005 09:18:07 +1000 (EST)
X-Envelope-From: <[EMAIL PROTECTED]>
X-Envelope-To: <[EMAIL PROTECTED]>
X-Quarantine-Id: 
Received: by koala.sbt.net.au (Postfix, from userid 48)
 id 13FE22386C6; Fri, 1 Apr 2005 09:17:54 +1000 (EST)
To: [EMAIL PROTECTED]
Subject: Final Notice - Avoid service cancellation
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Content-Type: text/html
Message-Id: <[EMAIL PROTECTED]>
Date: Fri, 1 Apr 2005 09:17:54 +1000 (EST)
X-Amavis-Alert: INFECTED, message contains virus: HTML.Phishing.Auction-3
--
# grep 13FE22386C6 /var/log/maillog
Apr  1 09:17:54 koala postfix/pickup[7290]: 13FE22386C6: uid=48 from=
Apr  1 09:17:54 koala postfix/cleanup[8026]: 13FE22386C6:
message-id=<2005033123
[EMAIL PROTECTED]>
Apr  1 09:17:54 koala postfix/qmgr[1490]: 13FE22386C6:
from=<[EMAIL PROTECTED]>,
 size=3881, nrcpt=1 (queue active)
Apr  1 09:18:07 koala postfix/cleanup[8076]: 1E1A42386D6:
message-id=<2005033123
[EMAIL PROTECTED]>
Apr  1 09:18:07 koala amavis[7295]: (07295-06-24) Blocked INFECTED
(HTML.Phishin
g.Auction-3), <> -> <[EMAIL PROTECTED]>, quarantine:
virus-20050401-091806-
07295-06-24, Message-ID: <[EMAIL PROTECTED]>,
Hits: -,
 727 ms
Apr  1 09:18:07 koala postfix/lmtp[8020]: 13FE22386C6:
to=<[EMAIL PROTECTED]
m>, relay=127.0.0.1[127.0.0.1], delay=13, status=sent (250 2.7.1 Ok,
discarded,
id=07295-06-24 - VIRUS: HTML.Phishing.Auction-3)
Apr  1 09:18:07 koala postfix/qmgr[1490]: 13FE22386C6: removed
='[EMAIL PROTECTED]' email address is the default sender for web/php 
generated
emails
---
excerpt from pflogsumm /var/log/maillog:
Senders by message count

  24848   [EMAIL PROTECTED]
  24378   from=<>
Recipients by message count
---
  24107   [EMAIL PROTECTED]

--
Howard.
LANNet Computing Associates - Your Linux people 
--
When you just want a system that works, you choose Linux;
When you want a system that just works, you choose Microsoft.
--
Flatter government, not fatter government;
Get rid of the Australian states.
begin:vcard
fn:Howard Lowndes
n:Lowndes;Howard
org:LANNet Computing Associates
adr:;;PO Box 1174;Lavington;NSW;2641;Australia
email;internet:howard [AT] lowndes [DOT] name
tel;work:02 6040 0222
tel;fax:02 6040 0222
tel;cell:0419 464 430
note:I am heartily sick and tired of telemarketers, therefore I do not answer phone calls which do not present Caller Line Identification, they get flicked to voicemail.  I apologise if this inconveniences you, and I respect your right to not identify yourself, but I also ask that you respect my right to not answer your call if you choose not to identify yourself.  Try dialing 1832 (#32# from mobiles) before the number, to present Caller Line Identification.
x-mozilla-html:FALSE
url:http://www.lannet.com.au
version:2.1
end:vcard

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] apache mail vulnerability ? phisihing mail attack

[Voytek]

RH73, Postfix 2.1.5, Apache/1.3.27 (Unix) (Red-Hat/Linux)
mod_gzip/1.3.26.1a mod_python/2.7.8 Python/1.5.2 mod_ssl/2.8.12
OpenSSL/0.9.6b DAV/1.0.3 PHP/4.3.4 mod_perl/1.26 mod_throttle/3.1.2

I have Postfix with amavisd-new and clamav, identified malware is
'quarantined' to mail account 'infected' for later deletion;

few days ago, some 23,000 phishing emails were attempted to be sent from
my server, it seems, user 'apache' created them

I looked at the first and last few, they all appeared to be same phishing
email, typical header follows:

have I got a 'bad' web mailform ..? that someone exploited.. or ..?

looking at maillog, it started at about 9:17 on April 1;
looking at web log, I can't find any suspicious action at that time

any suggestions ?

typical mail header:
--
Return-Path: <>
X-Original-To: infected
Delivered-To: [EMAIL PROTECTED]
Received: from localhost (koala.sbt.net.au [127.0.0.1])
 by koala.sbt.net.au (Postfix) with ESMTP id 1E1A42386D6
 for ; Fri, 1 Apr 2005 09:18:07 +1000 (EST)
X-Envelope-From: <[EMAIL PROTECTED]>
X-Envelope-To: <[EMAIL PROTECTED]>
X-Quarantine-Id: 
Received: by koala.sbt.net.au (Postfix, from userid 48)
 id 13FE22386C6; Fri, 1 Apr 2005 09:17:54 +1000 (EST)
To: [EMAIL PROTECTED]
Subject: Final Notice - Avoid service cancellation
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Content-Type: text/html
Message-Id: <[EMAIL PROTECTED]>
Date: Fri, 1 Apr 2005 09:17:54 +1000 (EST)
X-Amavis-Alert: INFECTED, message contains virus: HTML.Phishing.Auction-3
--

# grep 13FE22386C6 /var/log/maillog

Apr  1 09:17:54 koala postfix/pickup[7290]: 13FE22386C6: uid=48 from=
Apr  1 09:17:54 koala postfix/cleanup[8026]: 13FE22386C6:
message-id=<2005033123
[EMAIL PROTECTED]>
Apr  1 09:17:54 koala postfix/qmgr[1490]: 13FE22386C6:
from=<[EMAIL PROTECTED]>,
 size=3881, nrcpt=1 (queue active)
Apr  1 09:18:07 koala postfix/cleanup[8076]: 1E1A42386D6:
message-id=<2005033123
[EMAIL PROTECTED]>
Apr  1 09:18:07 koala amavis[7295]: (07295-06-24) Blocked INFECTED
(HTML.Phishin
g.Auction-3), <> -> <[EMAIL PROTECTED]>, quarantine:
virus-20050401-091806-
07295-06-24, Message-ID: <[EMAIL PROTECTED]>,
Hits: -,
 727 ms
Apr  1 09:18:07 koala postfix/lmtp[8020]: 13FE22386C6:
to=<[EMAIL PROTECTED]
m>, relay=127.0.0.1[127.0.0.1], delay=13, status=sent (250 2.7.1 Ok,
discarded,
id=07295-06-24 - VIRUS: HTML.Phishing.Auction-3)
Apr  1 09:18:07 koala postfix/qmgr[1490]: 13FE22386C6: removed


='[EMAIL PROTECTED]' email address is the default sender for web/php 
generated
emails

---
excerpt from pflogsumm /var/log/maillog:

Senders by message count

  24848   [EMAIL PROTECTED]
  24378   from=<>

Recipients by message count
---
  24107   [EMAIL PROTECTED]



-- 
Voytek
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] Apache redirects

[Edwin Humphries]

G'day all,

I'm trying to redirect a domain (e-quality.com.au) to a sub-directory of
another domain (ironstone.com.au/equality/). This is to prevent pages that
have nothing to do with our eQuality product from appearing under the
e-quality domain.

I've added the line "Redirect 301 http://www.e-quality.com.au 
http://www.ironstone.com.au/equality/"; to the httpd.conf file, but it
redirects to the root of the ironstone domain - not quite what I'm after.

Any suggestions?

Regards,
Edwin Humphries
Mobile: 0419 233 051
Ironstone Technology Pty Ltd
P. O. Box 423, Kiama, NSW, 2533
Phone: +61 (0)2 4233 2285
Facsimile: +61 (0)2 4233 2299
Web: http//www.ironstone.com.au

***
This email is intended for the named addressee/s only and 
may contain confidential or privileged information. If you 
are not a named addressee please delete the message and 
notify the sender.
***

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] apache auto error log processing

[Voytek]

I thought I was clever putting like:

/etc/httpd/conf/httpd.conf

ErrorLog "|/usr/sbin/cronolog /etc/httpd/logs/error/%d-error.log"
LogLevel warn

and hoping to have a rolling log of just the last 30 days or errors

but looking at the logs, it's all cummultative, so I have nth day of
*every* month in each log. not eaxactly what I had in mind...

is there a simple way to have a last 30 days log only, or do I need
explicitly delete/remove old entries, or how do I do this ?

-- 
Voytek
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] Apache Password protection

[Simon]

Hi all,
I have the following in my httpd.conf file, and the password file in
place. According to what I have read this should password protect that
directory, however nothing happens and we have free access, what have I
missed?


Options Indexes FollowSymLinks
AllowOverride AuthConfig
order allow,deny
allow from all
AuthName "Enter Username and Password for Standards Packages"
AuthType Basic
AuthUserFile /usr/local/apache2/conf/passwords
Require user olmc
RewriteEngine on
RewriteRule (.*).php$ - [T=text/plain,L]


Simon Bryan
IT Manager OLMC
LMB 14
North Parramatta 
[EMAIL PROTECTED] tel: 
fax: 
mobile: 96833300
98901466
0414238002 




Add me to your address book...Want a signature like this?

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] Apache 2 & old PHP 3 scripts

[Howard Lowndes]

I need to run some old PHP 3 scripts .php3 on an Apache box.

What directive do I need to use to get Apache to know that files ending
in .php3 are PHP scripts.

-- 
Howard.
LANNet Computing Associates;
Your Linux people 
--
"When you just want a system that works, you choose Linux;
when you want a system that just works, you choose Microsoft."
--
"Flatter government, not fatter government;
Get rid of the Australian states."


-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache, CSS & PHP

[amos]

I don't know PHP that well but how about naming it .php and set
the content-type to text/css from inside PHP?
Or how about putting all your .css files under directory css/
(I think it's considered generally a good idea, like concentrating
all your images under "images/") and telling apache to set text/css
for all files under this dir while still the .php suffix tells apache
to pass the files through PHP?
Just ideas I'd explore if I were you, nothing testted.
Cheers,
--Amos
Howard Lowndes wrote:
I have a CSS file which has to be named *.css so that Apache knows to
send it as a text/css mime type but I want to do some PHP processing on
before it goes out; unfortunately Apache appears not to know to pass it
through the PHP handler as it not named *.php so the embedded PHP code
doesn't get processed.
I assume I have to do something with Action, AddHandler and SetHandler
directives, but just what exactly.
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] Apache, CSS & PHP

[Howard Lowndes]

I have a CSS file which has to be named *.css so that Apache knows to
send it as a text/css mime type but I want to do some PHP processing on
before it goes out; unfortunately Apache appears not to know to pass it
through the PHP handler as it not named *.php so the embedded PHP code
doesn't get processed.

I assume I have to do something with Action, AddHandler and SetHandler
directives, but just what exactly.

-- 
Howard.
LANNet Computing Associates;
Your Linux people 
--
"When you just want a system that works, you choose Linux;
when you want a system that just works, you choose Microsoft."
--
"Flatter government, not fatter government;
Get rid of the Australian states."


-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache, DAV & XP [slightly OT]

[amos]

Howard Lowndes wrote:
Tks but not really.  This looks to have all started around the time that
XP SP2 became available.  The client hasn't installed SP2 but I am
working on a M$ DRM conspiracy theory - weird though it may seem.
When the html files are uploaded I can see the OPTIONS, PROPFIND, PUT,
etc log entries for the .html files, but for the .gif files - nothing,
zip, zero, zilch, gets logged.  Slight correction - only PROPFIND for
the relevant directory.  And nothing in the error.log file either.
I have no problem when I upload the .gifs using the same login but from
W2K or cadaver.  I can't try with WXP myself as I don't run it.
How about, just for the sake of testing, change the file suffix or try
to stuff it into a .zip/.rar/.tar.gz?
Cheers,
--Amos
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache, DAV & XP [slightly OT]

[Howard Lowndes]

On Thu, 2004-10-28 at 11:36, Glen Turner wrote:
> Howard Lowndes wrote:
> 
> > There is nothing in the Apache log.
> > Nothing in the Windows event log either.
> > 
> > The client is trying to upload files into two different directories. 
> > The ownership and the perms are identical on both and on the files
> > therein and the dirs and files are all owned by apache.
> 
> All the files and directories should be owned by apache.

They are.
> 
> *But* the Unix permissions are somewhat irrelevant, it's the
> Apache access control and authentication which counts in this
> case.
> 
> > One will allow the upload of html files into it, the other will not
> > allow the upload of gif files into it.
> 
> My guess would be that someone has prevented the download of .gif
> files from www.example.edu.au by code like
> 
>   SetEnvIfNoCase Referer "^http://www.example.edu.au/"; local=1
>   SetEnvIfNoCase Referer "^http://www.example.edu.au$"; local=1
> 
>   
>Order Allow,Deny
>Allow from env=local
>   
> 
Not so, no mention of gif|png|jpg in the httpd.conf file anywhere except
in relation to the AddIcons etc.

> and forgotten that this needs to be undone for when using
> https://dav.www.example.edu.au/

Not using https for dav at this stage.  I know I should be :)

> 
> Hope this helps,

Tks but not really.  This looks to have all started around the time that
XP SP2 became available.  The client hasn't installed SP2 but I am
working on a M$ DRM conspiracy theory - weird though it may seem.

When the html files are uploaded I can see the OPTIONS, PROPFIND, PUT,
etc log entries for the .html files, but for the .gif files - nothing,
zip, zero, zilch, gets logged.  Slight correction - only PROPFIND for
the relevant directory.  And nothing in the error.log file either.

I have no problem when I upload the .gifs using the same login but from
W2K or cadaver.  I can't try with WXP myself as I don't run it.



> Glen
-- 
Howard.
LANNet Computing Associates;
Your Linux people 
--
"When you just want a system that works, you choose Linux;
when you want a system that just works, you choose Microsoft."
--
"Flatter government, not fatter government;
Get rid of the Australian states."


-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache, DAV & XP [slightly OT]

[Glen Turner]

Howard Lowndes wrote:
There is nothing in the Apache log.
Nothing in the Windows event log either.
The client is trying to upload files into two different directories. 
The ownership and the perms are identical on both and on the files
therein and the dirs and files are all owned by apache.
All the files and directories should be owned by apache.
*But* the Unix permissions are somewhat irrelevant, it's the
Apache access control and authentication which counts in this
case.
One will allow the upload of html files into it, the other will not
allow the upload of gif files into it.
My guess would be that someone has prevented the download of .gif
files from www.example.edu.au by code like
 SetEnvIfNoCase Referer "^http://www.example.edu.au/"; local=1
 SetEnvIfNoCase Referer "^http://www.example.edu.au$"; local=1
 
  Order Allow,Deny
  Allow from env=local
 
and forgotten that this needs to be undone for when using
https://dav.www.example.edu.au/
Hope this helps,
Glen
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache, DAV & XP [slightly OT]

[Howard Lowndes]

On Wed, 2004-10-27 at 17:58, [EMAIL PROTECTED] wrote:
> Howard Lowndes wrote:
> > I have a client's Apache server which is DAV enabled and I can get to it
> > with W2K and cadaver, and my client was able to get to it with XP until
> > a few weeks ago, around the time M$ started cramming SP2 down everyone's
> > throats.
> > 
> > My client has not installed SP2 and keeps knocking back the
> > auto-upgrade  offers, but I am just wondering if M$h!t haven't done
> > something to his XP anyway.
> > 
> > Are there any known issues or history in this area?
> > 
> 
> What do the Windows event log say?
> What does Apache' logs say about his access attempts?

There is nothing in the Apache log.
Nothing in the Windows event log either.

The client is trying to upload files into two different directories. 
The ownership and the perms are identical on both and on the files
therein and the dirs and files are all owned by apache.

One will allow the upload of html files into it, the other will not
allow the upload of gif files into it.
> 
> --Amos
-- 
Howard.
LANNet Computing Associates;
Your Linux people 
--
"When you just want a system that works, you choose Linux;
when you want a system that just works, you choose Microsoft."
--
"Flatter government, not fatter government;
Get rid of the Australian states."


-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache, DAV & XP [slightly OT]

[Howard Lowndes]

On Wed, 2004-10-27 at 17:58, [EMAIL PROTECTED] wrote:
> Howard Lowndes wrote:
> > I have a client's Apache server which is DAV enabled and I can get to it
> > with W2K and cadaver, and my client was able to get to it with XP until
> > a few weeks ago, around the time M$ started cramming SP2 down everyone's
> > throats.
> > 
> > My client has not installed SP2 and keeps knocking back the
> > auto-upgrade  offers, but I am just wondering if M$h!t haven't done
> > something to his XP anyway.
> > 
> > Are there any known issues or history in this area?
> > 
> 
> What do the Windows event log say?
> What does Apache' logs say about his access attempts?

I'll be able to get that later tonight when I do an analysis with the
client.

> 
> --Amos
-- 
Howard.
LANNet Computing Associates;
Your Linux people 
--
"When you just want a system that works, you choose Linux;
when you want a system that just works, you choose Microsoft."
--
"Flatter government, not fatter government;
Get rid of the Australian states."


-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache, DAV & XP [slightly OT]

[amos]

Howard Lowndes wrote:
I have a client's Apache server which is DAV enabled and I can get to it
with W2K and cadaver, and my client was able to get to it with XP until
a few weeks ago, around the time M$ started cramming SP2 down everyone's
throats.
My client has not installed SP2 and keeps knocking back the
auto-upgrade  offers, but I am just wondering if M$h!t haven't done
something to his XP anyway.
Are there any known issues or history in this area?
What do the Windows event log say?
What does Apache' logs say about his access attempts?
--Amos
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] Apache, DAV & XP [slightly OT]

[Howard Lowndes]

I have a client's Apache server which is DAV enabled and I can get to it
with W2K and cadaver, and my client was able to get to it with XP until
a few weeks ago, around the time M$ started cramming SP2 down everyone's
throats.

My client has not installed SP2 and keeps knocking back the
auto-upgrade  offers, but I am just wondering if M$h!t haven't done
something to his XP anyway.

Are there any known issues or history in this area?

-- 
Howard.
LANNet Computing Associates;
Your Linux people 
--
"When you just want a system that works, you choose Linux;
when you want a system that just works, you choose Microsoft."
--
"Flatter government, not fatter government;
Get rid of the Australian states."


-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache restart Q

[Steve Kowalik]

On Sun, 3 Oct 2004 11:44:27 +1000 (EST), Voytek uttered
> Apache restarted 7 hrs ago..?
> 
> is that telling me that Apache stopped 7 hrs ago..?
> 
What is more likely to have happened is that Apache was restarted
after its log files were rotated.

Cheers,
-- 
Steve
Russian roulette in bash(1): $((RANDOM%6)) || rm -rf ~
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] Apache restart Q

[Voytek]

I've just looked at my /server-status; and, it says:

--
Current Time: Sunday, 03-Oct-2004 11:20:08 EST
Restart Time: Sunday, 03-Oct-2004 04:07:58 EST
Parent Server Generation: 2
Server uptime: 7 hours 12 minutes 10 seconds
Total accesses: 2983 - Total Traffic: 26.5 MB
CPU Usage: u78.14 s8.49 cu.15 cs.08 - .335% CPU load
.115 requests/sec - 1073 B/second - 9.1 kB/request
1 requests currently being processed, 15 idle servers

--

Apache restarted 7 hrs ago..?

is that telling me that Apache stopped 7 hrs ago..?


-- 
Voytek
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache and SSI

[Nick Wilcox]

On Tue, 21 Sep 2004 09:45:04 +1000, Craig Dibble wrote
> Simon Bryan wrote:
> > Hi all,
> > We are trying to use SSI to read the IP address of requests to our
> > webserver so we can deny some ip addresses access to certain pages.
> > 
> > I have followed the instructions at:
> > http://httpd.apache.org/docs/howto/ssi.html#configuringyourservertopermitssi

These instructions don't cover loading the SSI module. Try adding:

LoadModule include_module modules/mod_include.so

(assuming apache2 on *nix).

--
Nick Wilcox.






-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache and SSI

[Craig Dibble]

Simon Bryan wrote:
Hi all,
We are trying to use SSI to read the IP address of requests to our
webserver so we can deny some ip addresses access to certain pages.
I have followed the instructions at:
http://httpd.apache.org/docs/howto/ssi.html#configuringyourservertopermitssi
Which method did you use to allow SSI?

We are viewing it using Firefox and IE, when we connect to some remote
servers using this system it displays fine. Just in our case the variable
is always empty.
I'm not quite sure what you mean by this, but if you haven't properly 
configured your SSI then yes, the page will display, but the variable 
will be blank.

I'd suggest you test it using the XBitHack as it's the quickest and 
easiest way to allow SSI (you can take up the issue of security 
implications separately). In which case, make sure you've set the 
executable bit (chmod +x) on the relevant page and you should be fine.

Unless I've got the wrong end of the stick entirely.
Craig
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] Apache and SSI

[Simon Bryan]

Hi all,
We are trying to use SSI to read the IP address of requests to our
webserver so we can deny some ip addresses access to certain pages.

I have followed the instructions at:
http://httpd.apache.org/docs/howto/ssi.html#configuringyourservertopermitssi

We are using:

IP



var IP = '';

document.write("IP: " + IP);
document.write("
");

//ip = "10.192.0.111";
if (IP.match(/10.192.0.\d{1,3}/)) {
document.write("matches");
} else {
document.write("doesn't match");
}




We are viewing it using Firefox and IE, when we connect to some remote
servers using this system it displays fine. Just in our case the variable
is always empty.

Any ideas?

-- 
Simon Bryan
IT Manager
OLMC Parramatta
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache .htaccess, is this correct ?

[Voytek]

Jamie Wilkinson said:

> I leave the server-wide docroot as the distro had set it, usually
> /var/www/html, and in it place a single page that indicates that the
> server

Jamie,
once I set that, if I load in browser server's host name, or server's IP
address, that should go to server doc root, shouldn't it ?

(I'm going to one of vhosts, which in itself is not a problem)

-- 
Voytek
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache .htaccess, is this correct ?

[Voytek]

Sebastian Welsh said:

> If I get what you are asking, yes, but as Jamie mentioned, it's often
> worthwhile not wandering too far from your distros defaults :)
>
> If you have
>
> 
>   Options FollowSymLinks
>   AllowOverride None
>   Order deny,allow
>   Deny from all
>  
>
> then each virtual host will need to have
>   AllowOverride AuthConfig
>   Order allow,deny
>   Allow from all
> in the relevant directory sections for the virtual host. Without these
> parameters, the config from the / directory will apply.
>
> Does that make sense? If I'm not explaining it well, there is a pretty
> good


Seb, Jamie, thanks

yes, of course it does make sense.. *if* I thought about it before c'n'p
into httpd.conf, I would've realized myself that your original reply
had the anwser already...

(and I'll write 100 times on the blackboard: just getting 'OK' from 'httpd
start' doesn't mean the pages are served)

(looking at original file, it seems it was 'none', it appears I changed
it... in the main httpd.conf, rather than in a vhost... anyhow, corrected
now)

-- 
Voytek
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache .htaccess, is this correct ?

[Sebastian Welsh]

On Wed, 4 Aug 2004 04:26 pm, Voytek wrote:
> Sebastian Welsh said:
> > On Wed, 4 Aug 2004 09:24 am, Voytek wrote:
> >> 
> >> Options FollowSymLinks
> >> AllowOverride AuthConfig
> >> 
> >
> > Gulp. Don't forget that in your Directory statements, you are providing
> > the
> > full, rather than the relative path for the directory. You probably want
> > to
> > leave your root directory as
> > AllowOverride None
> >
> >
> > 
> > Options FollowSymLinks
> > AllowOverride None
> > Order deny,allow
> > Deny from all
> > 
>
> Seb,
>
> OOOPS, above changes made my typo3 site return 403/forbidden
>
> I guess, I need to set as above for '/', and, undo for vhost ..?

If I get what you are asking, yes, but as Jamie mentioned, it's often 
worthwhile not wandering too far from your distros defaults :)

If you have 


Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
 

then each virtual host will need to have 
AllowOverride AuthConfig
Order allow,deny
Allow from all
in the relevant directory sections for the virtual host. Without these 
parameters, the config from the / directory will apply.

Does that make sense? If I'm not explaining it well, there is a pretty good 
explanation of how Directory works at 
http://httpd.apache.org/docs-2.0/mod/core.html.en#directory

Seb
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache .htaccess, is this correct ?

[Voytek]

Sebastian Welsh said:
> On Wed, 4 Aug 2004 09:24 am, Voytek wrote:

>> 
>> Options FollowSymLinks
>> AllowOverride AuthConfig
>> 
>
> Gulp. Don't forget that in your Directory statements, you are providing
> the
> full, rather than the relative path for the directory. You probably want
> to
> leave your root directory as
>   AllowOverride None

>
> 
>   Options FollowSymLinks
>   AllowOverride None
>   Order deny,allow
>   Deny from all
> 

Seb,

OOOPS, above changes made my typo3 site return 403/forbidden

I guess, I need to set as above for '/', and, undo for vhost ..?



-- 
Voytek
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache .htaccess, is this correct ?

[Jamie Wilkinson]

This one time, at band camp, Voytek wrote:
>also, any recomendation where should the server's docroot be on a multi
>name vhost server ?

I leave the server-wide docroot as the distro had set it, usually
/var/www/html, and in it place a single page that indicates that the server
is alive; if that page appears in any of the hosted virtualhosts then there
is a problem with the vhost configuration, otherwise it is never seen except
by the monitoring systems.

-- 
[EMAIL PROTECTED]   http://spacepants.org/jaq.gpg
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache .htaccess, is this correct ?

[Voytek]

Sebastian Welsh said:
> Gulp. Don't forget that in your Directory statements, you are providing
> full, rather than the relative path for the directory. You probably want
> leave your root directory as
>   AllowOverride None

thanks, Seb
fixed

>
> 
>   Options Indexes FollowSymLinks +IncludesNOEXEC
>   AllowOverride AuthConfig
>   Order allow, deny
>   Allow from all
> 

thanks, fixed (btw, it didn't like the space ahead of  'deny')

is there any issues in having same doc root as this in virtual, as in:


..
DocumentRoot /home/name.com.au/www
..


  Options Indexes FollowSymLinks +IncludesNOEXEC
  AllowOverride AuthConfig
  Order allow,deny
  Allow from all



also, any recomendation where should the server's docroot be on a multi
name vhost server ?
I recall, there used to be suggestion to make a page pointing to
individual dirs, for name-vhost-challanged-browsers, I guess, that's lomg
obsolote now ?




-- 
Voytek
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache .htaccess, is this correct ?

[Sebastian Welsh]

On Wed, 4 Aug 2004 09:24 am, Voytek wrote:

> I have multiple name vhosts, Id' like it to apply to all vhosts, if
> possible, looking at what I currently have, is:
> in the main httpd.conf:
>
> ...
> #DocumentRoot "/var/www/html"
> DocumentRoot "/home/sbt/www"
>
> 
> Options FollowSymLinks
> AllowOverride AuthConfig
> 

Gulp. Don't forget that in your Directory statements, you are providing the 
full, rather than the relative path for the directory. You probably want to 
leave your root directory as
AllowOverride None


> #
> 
> Options Indexes FollowSymLinks +IncludesNOEXEC
> AllowOverride None
> #AllowOverride All
> Order allow,deny
> Allow from all
> 
>
>
> so, does above mean that it will allow AuthConfig in the web root of
> /home/www/sbt/ ?

Directory configs work on an override basis, so settings for Directories 
further away from / subsume preceding ones (see 
http://httpd.apache.org/docs-2.0/en/mod/core.html.en#directory for a far 
better explanation than I can provide). So in your example, the entry
AllowOverride None
means that .htaccess entries will not be honoured for /home/sbt/www and below.
This setup


Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all



Options Indexes FollowSymLinks +IncludesNOEXEC
AllowOverride AuthConfig
Order allow, deny
Allow from all


prohibits access and .htaccess style reconfiguration for the root directory, 
but permits access and .htaccess authorization for the 
directory /my/virtual/host and below.

>
> can I enable it for all vhosts ?
> the vhosts have individual name.tld.conf files, like:
>
> 
> ServerAdmin [EMAIL PROTECTED]
> DocumentRoot /home/russelllea/www
> ServerName www.russelllea
> ErrorDocument 404 /index.html
> 
>
> or, do I need an individual entry for each vhost ?

That is certainly what I'd choose. A bit of work now, but in future it would 
just become process each time you set up new virtual hosts. 

Seb
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Apache .htaccess, is this correct ?

[Voytek]

Sebastian Welsh said:
> You may need to edit httpd.conf at least once :-( In the relevant
>   AllowOverride   AuthConfig
>
> 
> Options Indexes Includes FollowSymLinks MultiViews
> # AllowOverride None
> AllowOverride AuthConfig
> Order allow,deny
> Allow from all
> 
>
> Alternatively you could create a specific Directory section for your
> subdirectory. However including the AuthConfig directive at the document
> root
> would allow you to add controls to future subdirectories without the need
> to rejig your server.

thanks, Seb
yes, I prefer the first option

I have multiple name vhosts, Id' like it to apply to all vhosts, if
possible, looking at what I currently have, is:
in the main httpd.conf:

...
#DocumentRoot "/var/www/html"
DocumentRoot "/home/sbt/www"


Options FollowSymLinks
AllowOverride AuthConfig

#

Options Indexes FollowSymLinks +IncludesNOEXEC
AllowOverride None
#AllowOverride All
Order allow,deny
Allow from all



so, does above mean that it will allow AuthConfig in the web root of
/home/www/sbt/ ?

can I enable it for all vhosts ?
the vhosts have individual name.tld.conf files, like:


ServerAdmin [EMAIL PROTECTED]
DocumentRoot /home/russelllea/www
ServerName www.russelllea
ErrorDocument 404 /index.html


or, do I need an individual entry for each vhost ?


-- 
Voytek
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html