Re: [users@httpd] jsp
You need a JSP container like Tomcat or Resin, etc. On 6/15/05, ganesan malairaja <[EMAIL PROTECTED]> wrote: > hi guys > > i would like to know the requirements to make a jsp code running. > > i know i need jsee. > > do i need tomcat ... > > any other tools i need to make the page running > > thanks > > > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] >" from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- In doG We Trust - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[users@httpd] jsp
hi guys i would like to know the requirements to make a jsp code running. i know i need jsee. do i need tomcat ... any other tools i need to make the page running thanks - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[users@httpd] Upload Problem
Dear All.. I've a problem with my web server, when i'm tryinh to upload file bigger than 8 MB i won't work. I get this information from the apache log. I'm using apache from the my distro(rpm packages) ?? Does anyone know about this ?? or having experience with this -- Ressa Registered Linux User Number 336566 - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users@httpd] mod_proxy / mod_rewrite: Passing remote IP address to internal server
On Wed, 15 Jun 2005, Werner Schalk wrote: > I do use mod_proxy as a reverse / forward proxy as follows: > > Inet -> Server (public IP, Apache 2) -> Internal Server (same system, virtual > server using Linux vserver - private IP address, Apache 2) > > Now all the requests that are send to the public IP address are forwarded to > the internal server(s). The problem is that the original IP of the remote > client is not passed to the internal server so for the internal servers it > looks like the public server is making all the requests. My question now is: > How can I pass the remote_addr of the client making the request to the > internal server using mod_rewrite or mod_proxy? I mean I want the IP not only > to be logable inside the virtual server (with the private ip) but also I > would like PHP scripts etc. to correctly get the IP's of the remote clients. Have you tried looking at the X-Forwarded-For header? (Appears in CGI scripts as HTTP_X_FORWARDED_FOR) This is passed automatically by mod_proxy, as far as I know. Cheers, David Adam [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users@httpd] Forcing External Redirect requests through mod_rewrite and proxy
On 6/14/05, Tim Traver <[EMAIL PROTECTED]> wrote: > Joshua, > > its doing an internal redirect to the local server. I need it to make an > external request to that URL and pass through the data it gets back. > > I need it to do that so that it hits the load balancing hardware, and sends > the request to the server group that can handle the requests for that mime > type... This sounds like a networking issue and not an apache issue. Apache is simply making an HTTP request to domain.com. If your OS believes that domain.com maps to itself, then that is where it will send it. You either need to make your OS believe that domain.com maps to your load balancer, or you need to give apache a different address that maps correctly. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[users@httpd] mod_proxy / mod_rewrite: Passing remote IP address to internal server
Hi, I do use mod_proxy as a reverse / forward proxy as follows: Inet -> Server (public IP, Apache 2) -> Internal Server (same system, virtual server using Linux vserver - private IP address, Apache 2) Now all the requests that are send to the public IP address are forwarded to the internal server(s). The problem is that the original IP of the remote client is not passed to the internal server so for the internal servers it looks like the public server is making all the requests. My question now is: How can I pass the remote_addr of the client making the request to the internal server using mod_rewrite or mod_proxy? I mean I want the IP not only to be logable inside the virtual server (with the private ip) but also I would like PHP scripts etc. to correctly get the IP's of the remote clients. Any input is greatly appreciated. All the best & thanks, Werner. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users@httpd] Apache 2.0 Secure and non secure server
To bring the secure server down on one instance would the easiest way be commenting out #llisten 443 and then issuing a "apachectl graceful", and Vice versa for port 80? Can one instance have Vitural Server Hosting on port 80 but not on the Secure Server? Also it might be a nightmare to configure PHP on two separate instances, if you have the servers installed under different users. On 6/14/05, Joshua Slive <[EMAIL PROTECTED]> wrote: > On 6/14/05, Kory Wheatley <[EMAIL PROTECTED]> wrote: > > Question: > > > > Would it be better to setup Apache Secure Server and NON Secure Server > > on two separate configuration instances, or one just one instance? > > Would it be a performance hit to have it setup as two separate server > > instances? > > It really depends on what you prefer to maintain. It is pretty-much > equivalent in terms of performance. If you have only one instance, > then you get a shared idle server pool, which could save a little > memory. But with two instances, you can tailor the necessary modules > for each server, which could save memory as well. Two instances is > probably a little more resilient, in that bringing down one > (accidentally or deliberately) will not affect the other. But it is > probably a little more of a hassel to configure. > > Joshua. > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users@httpd] Forcing External Redirect requests through mod_rewrite and proxy
Joshua, its doing an internal redirect to the local server. I need it to make an external request to that URL and pass through the data it gets back. I need it to do that so that it hits the load balancing hardware, and sends the request to the server group that can handle the requests for that mime type... Tim. Joshua Slive wrote: On 6/14/05, Tim Traver <[EMAIL PROTECTED]> wrote: Hi all, ok, this may sound wierd, but I'm sure you guys have heard it all... I am trying to do a proxy redirect using the [P] directive at the end of a mod_rewrite rule. Here is what my .htaccess file looks like : RewriteEngine On RewriteCond %{REQUEST_URI} !-s RewriteRule ^page/(.*) http://domain.com/Merchant2/merchant.mvc?page=$1 [P] What I want to happen is for this proxy request to not be an internal one, but make the request externally. The reason for this is because we have load balancing switches that determine where requests go based upon the URI, and this machine is not supposed to handle the .mvc scripts (another bank of machines is)... So, a request comes in for http://domain.com/page/2 and I want it to send out a proxy request to http://domain.com/Merchant2/merchant.mvc?page=2 The reason I do't do a Redirect, is that I do not want the URL to change in the users browser... is there a directive to add to the [P] that can tell it not to do this request internally ??? or better yet, is there another module, or resource I can find that I can use to accomplish something similar ??? I don't understand your question. What exactly is the above configuration not doing that you would like it to do? Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users@httpd] Forcing External Redirect requests through mod_rewrite and proxy
On 6/14/05, Tim Traver <[EMAIL PROTECTED]> wrote: > Hi all, > > ok, this may sound wierd, but I'm sure you guys have heard it all... > > I am trying to do a proxy redirect using the [P] directive at the end of > a mod_rewrite rule. Here is what my .htaccess file looks like : > > RewriteEngine On > RewriteCond %{REQUEST_URI} !-s > RewriteRule ^page/(.*) http://domain.com/Merchant2/merchant.mvc?page=$1 [P] > > What I want to happen is for this proxy request to not be an internal > one, but make the request externally. The reason for this is because we > have load balancing switches that determine where requests go based upon > the URI, and this machine is not supposed to handle the .mvc scripts > (another bank of machines is)... > > So, a request comes in for http://domain.com/page/2 and I want it to > send out a proxy request to http://domain.com/Merchant2/merchant.mvc?page=2 > > The reason I do't do a Redirect, is that I do not want the URL to change > in the users browser... > > is there a directive to add to the [P] that can tell it not to do this > request internally ??? > > or better yet, is there another module, or resource I can find that I > can use to accomplish something similar ??? I don't understand your question. What exactly is the above configuration not doing that you would like it to do? Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users@httpd] Apache 2.0 Secure and non secure server
On 6/14/05, Kory Wheatley <[EMAIL PROTECTED]> wrote: > Question: > > Would it be better to setup Apache Secure Server and NON Secure Server > on two separate configuration instances, or one just one instance? > Would it be a performance hit to have it setup as two separate server > instances? It really depends on what you prefer to maintain. It is pretty-much equivalent in terms of performance. If you have only one instance, then you get a shared idle server pool, which could save a little memory. But with two instances, you can tailor the necessary modules for each server, which could save memory as well. Two instances is probably a little more resilient, in that bringing down one (accidentally or deliberately) will not affect the other. But it is probably a little more of a hassel to configure. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[users@httpd] Apache 2.0 Secure and non secure server
Question: Would it be better to setup Apache Secure Server and NON Secure Server on two separate configuration instances, or one just one instance? Would it be a performance hit to have it setup as two separate server instances? -- Kory Wheatley - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[users@httpd] Forcing External Redirect requests through mod_rewrite and proxy
Hi all, ok, this may sound wierd, but I'm sure you guys have heard it all... I am trying to do a proxy redirect using the [P] directive at the end of a mod_rewrite rule. Here is what my .htaccess file looks like : RewriteEngine On RewriteCond %{REQUEST_URI} !-s RewriteRule ^page/(.*) http://domain.com/Merchant2/merchant.mvc?page=$1 [P] What I want to happen is for this proxy request to not be an internal one, but make the request externally. The reason for this is because we have load balancing switches that determine where requests go based upon the URI, and this machine is not supposed to handle the .mvc scripts (another bank of machines is)... So, a request comes in for http://domain.com/page/2 and I want it to send out a proxy request to http://domain.com/Merchant2/merchant.mvc?page=2 The reason I do't do a Redirect, is that I do not want the URL to change in the users browser... is there a directive to add to the [P] that can tell it not to do this request internally ??? or better yet, is there another module, or resource I can find that I can use to accomplish something similar ??? Thanks, Tim. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [users@httpd] Error at installing apache.rpm
Whoops. Go back to that site. The other packages are there as well. Apache2-mpm should be the apache2-worker on the site I think. From: Peter J Milanese Sent: Tuesday, June 14, 2005 8:25 AM To: 'users@httpd.apache.org' Subject: RE: [EMAIL PROTECTED] Error at installing apache.rpm You From: Andreas Bauer [mailto:[EMAIL PROTECTED] Sent: Monday, June 13, 2005 6:57 PM To: users@httpd.apache.org Subject: [EMAIL PROTECTED] Error at installing apache.rpm Hello! Installing apache rpm file: apache2-2.0.50-7.2.i586.rpm from Suse Server: ftp://ftp.gwdg.de/pub/linux/suse/suse_update/9.2/rpm/i586, I got errormessage of missing libaries: apache2-MPM not available libapr0 not available libapr.0.so.0 not available libaprutil-0.so.0 not available Btw, there is a command for apache modules: httpd -1. The command indicates, if the required modules are existing. If this command fails, a Tomcat-Apache Connection is not possible. Is this right? And how to httpd -1? If this is possible, the not available modules (apache2-MPM,libapr0,libapr.0.so.0, libaprutil-0.so.0) can be the reason for my big problems with connecting Tomcat and Apache. So, I will need this 4 modules. Where can I get them or equivalents rpm packages? After googlen I found not the modules. Best regards and many thanks Andreas
Re: [users@httpd] Apache generated pages
On 6/14/05, Octavian Rasnita <[EMAIL PROTECTED]> wrote: > Hi, > > I am using Apache 2.0.54 under Linux and I am viewing a directory which > doesn't have a directory index (an index.html or index.php, etc). > The page is created with no problems, and all the files are shown as it > should, and one of the link created is: > > 2005-06-13.tgz > > After accessing this type of link, the file starts downloading, but the > extension is changed to .gz instead of .tgz as it should. > > I can change it manually, but why does this happen? It is most likely your browser that is doing this based on clues that it gets from the Content-Type and Content-Encoding HTTP response headers. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users@httpd] mod_deflate w/reverse proxy
On 6/14/05, Serge Knystautas <[EMAIL PROTECTED]> wrote: > I'm having trouble using mod_deflate to compress content that is going > through my reverse proxy using apache 2.0.46. Quite an old version. If you are using complex stuff like deflate and proxy, you should be keeping up with more recent versions. > AddOutputFilterByType DEFLATE text/html text/plain text/xml See: http://httpd.apache.org/docs-2.0/mod/core.html#addoutputfilterbytype where it tells you that this directive does not work with proxies. You'll need to look at the more complex configuration: http://httpd.apache.org/docs-2.0/mod/mod_deflate.html#recommended Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [users@httpd] RewriteRule problems
what does your rewrite log file say? If you add RewriteEngine on RewriteLog "/usr/local/var/apache/logs/rewrite.log"<<--- change this to your appropriate path RewriteLogLevel 9 <<-- use level 9 only for debugging. RewriteRule ^/old/(.*) http://ukrbcsr01/$1 [P] <<-- make sure you don't pick up the next rules, i'd use [P,L] if the proxy was success, you would see something like this in your rewrite log 127.0.0.1 - - [06/Jun/2005:10:20:56 --0700] [localhost/sid#23c458][rid#82fa40/initial] (3) applying pattern '^/old/(.*)' to uri '/old/something' 127.0.0.1 - - [06/Jun/2005:10:20:56 --0700] [localhost/sid#23c458][rid#82fa40/initial] (2) rewrite /old/something -> http://ukrbcsr01/something 127.0.0.1 - - [06/Jun/2005:10:20:56 --0700] [localhost/sid#23c458][rid#82fa40/initial] (2) forcing proxy-throughput with http://ukrbcsr01/something -Original Message- From: Arne Heizmann [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 14, 2005 9:46 AM To: users@httpd.apache.org Subject: [EMAIL PROTECTED] RewriteRule problems Hi, I get a 403 Forbidden when trying to use a RewriteRule to proxy a request to another server. I have two servers, ukrbcsr01 and ukrbcsr02. ukrbcsr02 is accessible from the outside, ukrbcsr01 isn't. Their LAN IPs are 192.168.0.131 and 192.168.0.132, respectively. I can access one from the other, so I know that both Apaches are running correctly and the LAN is working. Now I added the following RewriteRule to ukrbcsr02: RewriteEngine On RewriteRule ^/old/(.*) http://ukrbcsr01/$1 [P] I was hoping that [P] would work to proxy the request to the other server, but what I get instead is a 403 Forbidden when I try to access /old/something. I get the same 403 even when I stop the Apache on ukrbcsr01, so it must be ukrbcsr02 that generates the Forbidden message without even attempting to proxy the request. Thanks for any advice you can give. Arne Heizmann ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. ** - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[users@httpd] RewriteRule problems
Hi, I get a 403 Forbidden when trying to use a RewriteRule to proxy a request to another server. I have two servers, ukrbcsr01 and ukrbcsr02. ukrbcsr02 is accessible from the outside, ukrbcsr01 isn't. Their LAN IPs are 192.168.0.131 and 192.168.0.132, respectively. I can access one from the other, so I know that both Apaches are running correctly and the LAN is working. Now I added the following RewriteRule to ukrbcsr02: RewriteEngine On RewriteRule ^/old/(.*) http://ukrbcsr01/$1 [P] I was hoping that [P] would work to proxy the request to the other server, but what I get instead is a 403 Forbidden when I try to access /old/something. I get the same 403 even when I stop the Apache on ukrbcsr01, so it must be ukrbcsr02 that generates the Forbidden message without even attempting to proxy the request. Thanks for any advice you can give. Arne Heizmann ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. ** - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [users@httpd] mod_deflate w/reverse proxy
Take a look at http://issues.apache.org/bugzilla/show_bug.cgi?id=31226. There is apparently a problem with AddOutputFilterByType. I've had the exact same problem. The solution I chose was to use SetOutputFilter (instead of AddOutputFilterByType) and use other means for selecting what resources to compress or not compress. You can set or remove an outputfilter per directory or location, or you can use mod_rewrite to set the environment variable no-gzip for specific resources. It sure would be a lot nicer to be able to use the MIME type to determine whether to apply compression or not, but... -ascs -Original Message- From: Serge Knystautas [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 14, 2005 5:54 PM To: users@httpd.apache.org Subject: [EMAIL PROTECTED] mod_deflate w/reverse proxy I'm having trouble using mod_deflate to compress content that is going through my reverse proxy using apache 2.0.46. All requests go to a default virtual host, and then I use RewriteConf/RewriteRule [P] to carve off certain hostnames to reverse proxy to another webserver. We use this approach for testing, so normally everyone sees the regular set of files, but before deploying I can setup special hostnames to see a newer site version. Configuration looks like this... UseCanonicalName Off AddOutputFilterByType DEFLATE text/html text/plain text/xml DocumentRoot /foobar ServerName www.lokitech.com ProxyRequests Off Order deny,allow Allow from all RewriteEngine On RewriteCond %{HTTP_HOST} \.lokitech\.com [NC,OR] RewriteCond %{HTTP_HOST} ^lokitech\.com [NC] RewriteRule ^/(.*) http://localhost:8082/$1 [P] ProxyPreserveHost On Let's say I'm hosting www.lokitech.com and www.prestosports.com on this server. With this setup, a request for an HTML URL on www.prestosports.com will get compressed, but a request for an HTML URL on www.lokitech.com will not get compressed. I've done extensive google searching and saw there was something about how mod_deflate and mod_proxy are not compatible, but it wasn't clear if this is outdated or if there is a workaround. Beyond instantly telling me how to fix this, I'm mainly hoping for suggestions to diagnose why the filter would not get applied to the proxy requests. Thanks in advance. -- Serge Knystautas Lokitech >> software . strategy . design >> http://www.lokitech.com p. 301.656.5501 e. [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users@httpd] mod_deflate w/reverse proxy
Serge, On Tue, 14 Jun 2005, Serge Knystautas wrote: > I'm having trouble using mod_deflate to compress content that is going > through my reverse proxy using apache 2.0.46. All requests go to a > default virtual host, and then I use RewriteConf/RewriteRule [P] to > carve off certain hostnames to reverse proxy to another webserver. We > use this approach for testing, so normally everyone sees the regular set > of files, but before deploying I can setup special hostnames to see a > newer site version. > > Beyond instantly telling me how to fix this, I'm mainly hoping for > suggestions to diagnose why the filter would not get applied to the > proxy requests. Thanks in advance. I ran into a similar problem with mod_gzip on 1.3. I found that the 'mod_gzip_item_include handler proxy-server' configuration directive fixed this - there might be something similar for mod_deflate. Cheers, David Adam [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[users@httpd] mod_deflate w/reverse proxy
I'm having trouble using mod_deflate to compress content that is going through my reverse proxy using apache 2.0.46. All requests go to a default virtual host, and then I use RewriteConf/RewriteRule [P] to carve off certain hostnames to reverse proxy to another webserver. We use this approach for testing, so normally everyone sees the regular set of files, but before deploying I can setup special hostnames to see a newer site version. Configuration looks like this... UseCanonicalName Off AddOutputFilterByType DEFLATE text/html text/plain text/xml DocumentRoot /foobar ServerName www.lokitech.com ProxyRequests Off Order deny,allow Allow from all RewriteEngine On RewriteCond %{HTTP_HOST} \.lokitech\.com [NC,OR] RewriteCond %{HTTP_HOST} ^lokitech\.com [NC] RewriteRule ^/(.*) http://localhost:8082/$1 [P] ProxyPreserveHost On Let's say I'm hosting www.lokitech.com and www.prestosports.com on this server. With this setup, a request for an HTML URL on www.prestosports.com will get compressed, but a request for an HTML URL on www.lokitech.com will not get compressed. I've done extensive google searching and saw there was something about how mod_deflate and mod_proxy are not compatible, but it wasn't clear if this is outdated or if there is a workaround. Beyond instantly telling me how to fix this, I'm mainly hoping for suggestions to diagnose why the filter would not get applied to the proxy requests. Thanks in advance. -- Serge Knystautas Lokitech >> software . strategy . design >> http://www.lokitech.com p. 301.656.5501 e. [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users@httpd] apache as reverse-proxy : forwarding SSL environment variables
Hi all. Thanks for your support Joshua Slive wrote: You can set them in a cookie or in the query string. mod_rewrite can do either of these. Then, if necessary, mod_rewrite on the back-end machine could put them back in the environment. Brian Hughes '89 wrote: What I've been doing with my Apache reverse proxies is to use mod_rewrite and mod_header to take the SSL var(s) and set them as HTTP request headers for the reverse-proxy request. This has the advantage of being a little "cleaner" if you have calls into your application machine that either already uses cookies, or that makes use of query strings. As the machines are currently running apache 1.3x at this time (no upgrade planned at this time), I'll try forwarding the env via query string as Joshua advised me. The mod_headers method advised by Brian needs apache 2.x as mod_headers can't set request headers on apache 1.3 (only response headers) Best regards, -G.- - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [users@httpd] Authorize users from an intermediate CA only
Take a look at the SSLRequire directive. You can choose to only accept client certificates issued by a named issuer CN for example. -ascs -Original Message- From: pierre lhostis [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 14, 2005 9:53 AM To: users@httpd.apache.org Subject: [EMAIL PROTECTED] Authorize users from an intermediate CA only Hello all, I have got a SSL question I want to use mutual authentication and I only want users from an intermediate Certification Authority (CA) to get access to my website. My intermediate CA (called SubCA here) depends on another CA this way: RootCA \---sign--> mySubCA \---sign--> myUsers certificates \---sign--> anotherSubCA \---sign--> otherUsers certificates For the moment I am only able to: - authorize users from a RootCA (selfsigned certificate) - authorize users from a RootCA (selfsigned certificate) and SubCAs signed by this RootCA (using SSLVerifyDepth = 2) BUT, quite obviously, I don't want users from anotherSubCA to get access to my web site. So my question is quite simple: Is this simply possible to only authorize users from my subCA with the SSLCACertificateFile (SSLCACertificatePath) directive in Apache? Thanks, Pierre. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [users@httpd] Forbid Directory Listings
From: "Boyle Owen" <[EMAIL PROTECTED]> Reply-To: users@httpd.apache.org To: Subject: RE: [EMAIL PROTECTED] Forbid Directory Listings Date: Tue, 14 Jun 2005 14:31:44 +0200 > -Original Message- > From: Jack Stone [mailto:[EMAIL PROTECTED] > Sent: Dienstag, 14. Juni 2005 04:54 > To: users@httpd.apache.org > Subject: [EMAIL PROTECTED] Forbid Directory Listings > > > I've just moved to Apache-2.0.54 from Apache-1.33x on FBSD-5.4 > > There is one feature that the Apache-1.33 appears to have by > default I > liked, but is not yet working for me on Apache-2.0x and I > have looked at my > configs & the archives until my head is exploding for the knob(s). > > The feature in Apache-1.33 wanted: > If a directory is without an index.htm(or php, etc), the > browser will show > this error: > > Forbidden > You don't have permission to access /tmp/ on this server. > -- > -- > Apache/1.3.33 Server at www.domain.com Port 80 > > > Thus, the above prevents browsers to search a directory at > will. If one > knows the right filename, then that will work and is okay, > but I don't want > someone seeing an open list of files contained in the directory. It is an argument to the "Options" directive: Options -Indexes will switch off directory indexing (see http://httpd.apache.org/docs-2.0/mod/core.html#options for details). BTW, 1.3 and 2 have the same default (allow indexing) so I don't know why you get different behaviour - your configs must differ (or there are additional directives in a .htaccess file). Rgds, Owen Boyle Owen: Thanks so much! That was the knob I was looking for. Sorry I didn't look at the "Options" page even though the config file says "important." It's usually something simple overlooked. BTW: Both my apache-1.3 and 2 have this config line: Options Indexes FollowSymLinks So, dunno why 1.3x is denying any listing of directories and that through me off that trail. Once I added the minus to -Indexes - Voila! Best of regards to you, Jack _ Is your PC infected? Get a FREE online computer virus scan from McAfee® Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users@httpd] apache as reverse-proxy : forwarding SSL environment variables
At 09.20 14/06/2005 -0400, you wrote: I've posted examples of how to do this to the list a few times over the past several months. If you have trouble finding them in one of the archives, let me know and I'll send the example conf statements directly to you. -Brian Hi Brian et al. here my digestion of what you proposed.. [comments welcome] Thanks to help from the Apache users mailing list, here is a setup for authenticating with a reverse proxy (i.e., OpenPortalGuard gate keeper). Objective: A reverse-proxy handles all the authentication for multilple application servers behind the proxy. The application servers behave as if they had handled the authentication themselves (with HTTP BASIC). Requirements: The described setup requires Apache 2.0 or higher on the remote proxy (because only apache 2 adds the RequestHeader directive in mod-headers). Currently, only Apache 1.3 has been tested as application server--but higher versions of Apache should work too. It should be independent on what application server is run (tested with cgi, but also tomcat via mod-jk, php, quixote via mod-scgi, ecc. should work--this has to be verified) Authentication Methods: Currently, the described setup has been tested with straight HTTP BASIC Authentication. But I believe it should equally work for more useful authentication methods including: - HTTP BASIC over ssl with user DB on LDAP (mod-ssl with mod-ldap or mod-auth-ldap) - SSL with client-cert-auth and +fakeBasicAuth ReverseProxy Setup: the following directives are a simple test of a reverse proxy: Allow from all RewriteEngine on # AuthType Basic AuthName "testRealm" AuthUserFile /path/to/PwdFile Require user bud ezio # # Set a HTTP request-header "OPG_USER" with the # name of the authenticated user (REMOTE_USER) # RewriteCond %{REMOTE_USER} (.*) RewriteRule .* - [E=OPG_USER:%1] RequestHeader add OPG_USER "%{OPG_USER}e" # RewriteRule ^(.*) http://test1.myDomain.it/$1 [P,L] Application Server Setup: The following directives make the Apache server behind the proxy set the REMOTE_USER environment variable to the value set in the HTTP Header "OPG_USER" RewriteEngine on RewriteCond %{HTTP:OPG_USER} (.*) RewriteRule .* - [E=REMOTE_USER:%1] - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users@httpd] apache as reverse-proxy : forwarding SSL environment variables
On Jun 14, 2005, at 08:53 AM, Joshua Slive wrote: On 6/14/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: We've successfully set up apache with mod_proxy + mod_rewrite in front of our (yet another) apache serving our webapps. We've an application that use some mod_ssl environment variables to work properly (for example it use SSL_CLIENT_S_DN). The problem when connecting through reverse proxy is those mod_ssl environment variables are not available on the machine hosting the application. Is there any solution to forwarding this var to the application machine ? You can set them in a cookie or in the query string. mod_rewrite can do either of these. Then, if necessary, mod_rewrite on the back-end machine could put them back in the environment. What I've been doing with my Apache reverse proxies is to use mod_rewrite and mod_header to take the SSL var(s) and set them as HTTP request headers for the reverse-proxy request. This has the advantage of being a little "cleaner" if you have calls into your application machine that either already uses cookies, or that makes use of query strings. I've posted examples of how to do this to the list a few times over the past several months. If you have trouble finding them in one of the archives, let me know and I'll send the example conf statements directly to you. -Brian - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users@httpd] apache2: mod_cache: no X-Cache header
On 6/13/05, john doe <[EMAIL PROTECTED]> wrote: > I just migrated from Apache 1.3 to Apache2 through Debian Sarge. I use > mod_proxy/mod_cache/mod_disk_cache for reverse proxying. To my > surprise, X-Cache is no longer being produced. Is this a supposed > behavior? How can one calculate hit/miss ratio then? Use the rfc-standard Age header, which contains the number of seconds since the last update-check if you hit the cache, and is not present (log contains "-") if it was a cache-miss. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users@httpd] apache as reverse-proxy : forwarding SSL environment variables
On 6/14/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Hi, > > We've successfully set up apache with mod_proxy + mod_rewrite in front > of our (yet another) apache serving our webapps. > > We've an application that use some mod_ssl environment variables to work > properly (for example it use SSL_CLIENT_S_DN). The problem when > connecting through reverse proxy is those mod_ssl environment variables > are not available on the machine hosting the application. > > Is there any solution to forwarding this var to the application machine ? You can set them in a cookie or in the query string. mod_rewrite can do either of these. Then, if necessary, mod_rewrite on the back-end machine could put them back in the environment. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [users@httpd] Fw: signal Bus error with apache Apache/2.0.54 with SSL pages
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Sent: Montag, 13. Juni 2005 19:31 > To: users@httpd.apache.org > Subject: RE: [EMAIL PROTECTED] Fw: signal Bus error with apache > Apache/2.0.54 with SSL pages > > > OK - I tired a new setting in my mail client - let me know if > this comes as > plain text. > > Responses are in-line. Thanks. I had a look at your mail but it's getting beyond me. Anything else in the way (router/FW/bridge etc.)? I'm not sure I can help much more - there's a limit to what you can do over a mailing-list... Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. > > And here is new chain of thought: > > After studying Ethereal traces taken during the problem, this problem > appears to occur anytime my browser attempts to re-use the > SSL session ID. > > I have attempted 2 things to try and work around - disabling > SSLv3 in my > browser - the problem still occurs (see trace) and disabling > SSL session > caching - also no luck. > > I have noted that my server is creating the SSL cache file > but it's not > creating the SSL mutex file. > > Below are the Ethereal traces: > > > > > > > No. TimeSourceDestination > Protocol > Info > - new ssl session key - it works > 189 12.585475 10.129.149.250204.151.176.150 TCP > 1689 > https [SYN] Seq=0 Ack=0 Win=64512 Len=0 MSS=1260 > 190 12.586075 204.151.176.150 10.129.149.250TCP > https > 1689 [SYN, ACK] Seq=0 Ack=1 Win=50400 Len=0 MSS=1460 > 191 12.586101 10.129.149.250204.151.176.150 TCP > 1689 > https [ACK] Seq=1 Ack=1 Win=64512 Len=0 > 192 12.609405 10.129.149.250204.151.176.150 SSLv2 > Client Hello > 193 12.609945 204.151.176.150 10.129.149.250TCP > https > 1689 [ACK] Seq=1 Ack=46 Win=50400 Len=0 > 194 12.610493 204.151.176.150 10.129.149.250SSLv2 > Server Hello > 195 12.611325 10.129.149.250204.151.176.150 SSLv2 > Client Master Key > 196 12.611846 204.151.176.150 10.129.149.250TCP > https > 1689 [ACK] Seq=762 Ack=186 Win=50400 Len=0 > 199 12.636118 204.151.176.150 10.129.149.250SSLv2 > Encrypted Data > 200 12.636369 10.129.149.250204.151.176.150 SSLv2 > Encrypted Data > 201 12.636960 204.151.176.150 10.129.149.250SSLv2 > Encrypted Data > 202 12.637632 10.129.149.250204.151.176.150 SSLv2 > Encrypted Data, [Unreassembled Packet] > 203 12.637686 10.129.149.250204.151.176.150 SSLv2 > Encrypted Data, [Unreassembled Packet] > 204 12.638546 204.151.176.150 10.129.149.250TCP > https > 1689 [ACK] Seq=832 Ack=1769 Win=50400 Len=0 > 205 12.639477 204.151.176.150 10.129.149.250SSLv2 > Encrypted Data > 206 12.640166 204.151.176.150 10.129.149.250SSLv2 > Encrypted Data, [Unreassembled Packet] > 207 12.640209 10.129.149.250204.151.176.150 TCP > 1689 > https [ACK] Seq=1769 Ack=2416 Win=64512 Len=0 > 208 12.640244 204.151.176.150 10.129.149.250SSLv2 > Encrypted Data, [Unreassembled Packet] > 209 12.640351 204.151.176.150 10.129.149.250SSLv2 > Encrypted Data, [Unreassembled Packet] > 210 12.640367 10.129.149.250204.151.176.150 TCP > 1689 > https [ACK] Seq=1769 Ack=4936 Win=64512 Len=0 > 262 17.493514 204.151.176.150 10.129.149.250SSLv2 > Encrypted Data, [Unreassembled Packet] > 267 17.630522 10.129.149.250204.151.176.150 TCP > 1689 > https [ACK] Seq=1769 Ack=6196 Win=64512 Len=0 > 268 17.631444 204.151.176.150 10.129.149.250SSLv2 > Encrypted Data, Encrypted Data, [Unreassembled Packet] > 269 17.631501 204.151.176.150 10.129.149.250SSLv2 > Encrypted Data, [Unreassembled Packet] > 270 17.631524 10.129.149.250204.151.176.150 TCP > 1689 > https [ACK] Seq=1769 Ack=7596 Win=64512 Len=0 > 271 17.632893 10.129.149.250204.151.176.150 TCP > 1689 > https [FIN, ACK] Seq=1769 Ack=7596 Win=64512 Len=0 > 272 17.633372 204.151.176.150 10.129.149.250TCP > https > 1689 [ACK] Seq=7596 Ack=1770 Win=50400 Len=0 > > - resuse ssl session key - does not work > 430 21.122033 10.129.149.250204.151.176.150 TCP > 1690 > https [SYN] Seq=0 Ack=0 Win=64512 Len=0 MSS=1260 > 432 21.122548 204.151.176.150 10.129.149.250TCP > https > 1690 [SYN, ACK] Seq=0 Ack=1 Win=50400 Len=0 MSS=1460 > 433 21.122565 10.129.149.250204.151.176.150 TCP > 1690 > https [ACK] Seq=1 Ack=1 Win=64512 Len=0 > 434 21.122999 10.129.149.250204.151.176.150 SSLv2 > Client Hello > 435 21.123501 204.151.176.150 10.129.149.250TCP > https > 1690 [ACK] Seq=1 Ack=62 Wi
RE: [users@httpd] Forbid Directory Listings
> -Original Message- > From: Jack Stone [mailto:[EMAIL PROTECTED] > Sent: Dienstag, 14. Juni 2005 04:54 > To: users@httpd.apache.org > Subject: [EMAIL PROTECTED] Forbid Directory Listings > > > I've just moved to Apache-2.0.54 from Apache-1.33x on FBSD-5.4 > > There is one feature that the Apache-1.33 appears to have by > default I > liked, but is not yet working for me on Apache-2.0x and I > have looked at my > configs & the archives until my head is exploding for the knob(s). > > The feature in Apache-1.33 wanted: > If a directory is without an index.htm(or php, etc), the > browser will show > this error: > > Forbidden > You don't have permission to access /tmp/ on this server. > -- > -- > Apache/1.3.33 Server at www.domain.com Port 80 > > > Thus, the above prevents browsers to search a directory at > will. If one > knows the right filename, then that will work and is okay, > but I don't want > someone seeing an open list of files contained in the directory. It is an argument to the "Options" directive: Options -Indexes will switch off directory indexing (see http://httpd.apache.org/docs-2.0/mod/core.html#options for details). BTW, 1.3 and 2 have the same default (allow indexing) so I don't know why you get different behaviour - your configs must differ (or there are additional directives in a .htaccess file). Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. > > Would someone kindly point me in the right direction on how > to set this same > knob in Apache-2x...?? > > Appreciate any help > > Best regards, > Jack > > _ > Express yourself instantly with MSN Messenger! Download today > - it's FREE! > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ > > > - > The official User-To-User support forum of the Apache HTTP > Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] >" from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a private and personal nature. It is not related to the exchange or business activities of the SWX Group. Le présent e-mail est un message privé et personnel, sans rapport avec l'activité boursière du Groupe SWX. This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [users@httpd] Error at installing apache.rpm
You From: Andreas Bauer [mailto:[EMAIL PROTECTED] Sent: Monday, June 13, 2005 6:57 PM To: users@httpd.apache.org Subject: [EMAIL PROTECTED] Error at installing apache.rpm Hello! Installing apache rpm file: apache2-2.0.50-7.2.i586.rpm from Suse Server: ftp://ftp.gwdg.de/pub/linux/suse/suse_update/9.2/rpm/i586, I got errormessage of missing libaries: apache2-MPM not available libapr0 not available libapr.0.so.0 not available libaprutil-0.so.0 not available Btw, there is a command for apache modules: httpd -1. The command indicates, if the required modules are existing. If this command fails, a Tomcat-Apache Connection is not possible. Is this right? And how to httpd -1? If this is possible, the not available modules (apache2-MPM,libapr0,libapr.0.so.0, libaprutil-0.so.0) can be the reason for my big problems with connecting Tomcat and Apache. So, I will need this 4 modules. Where can I get them or equivalents rpm packages? After googlen I found not the modules. Best regards and many thanks Andreas
RE: [users@httpd] POSTing to non-executable file
I know some browsers send in HTTP HEAD command before they send HTTP GET. I am sure your client program can do the same. Yanbin Ma Competitrack Inc. 718-482-4284 -Original Message- From: Stephen Carville [mailto:[EMAIL PROTECTED] Sent: Monday, June 13, 2005 10:01 PM To: Apache Users Subject: [EMAIL PROTECTED] POSTing to non-executable file Is there a good way for a client program to check for the existance of a file on a remote server before attempting a download? Kind of an http version of the ls command. We have a software program that checks for the existance of a file by doing an empty POST to the URL. This works with apache 2.0.52 but fails on 1.3.20 with an error 405: The requested method POST is not allowed for the URL /pdf/temp/16557996.pdf. Whatever technique I use has to work on both 1.3 and 2.0 so I'd like to know if there is a better way. -- Stephen Carville - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[users@httpd] Re: still content negotiation problems
Hey Joshua, Thanks for your response. Just replying to snips 'cause I figured it out. On Mon, 13 Jun 2005 21:50:53 -0400, Joshua Slive wrote: > Ouch. OpenBSD doesn't have mod_mime by default? That's crazy. > In fact OpenBSD does have mod_mime and mod_negotiation compiled in, I've gotten so used to them ripping out things for security reasons, that somewhere along in my trying to get this to work I came to this false conclusion. I had forgotten about httpd -l . Takes writing out the email to find the problem... :) It seems my extra LoadModule lines had been messing things up. I removed them and things work as expected. I've even added a some UTF-8 auto-negotiation and Japanese pages with AddCharset UTF-8 .ja AddCharset UTF-8 .fr Nice ! > One thing missing from your config is a test.html.en. This is necessary > so that someone requesting "en,fr;q=0.5" will get the english page. But > the fact that that is missing doesn't explain why request test.html > doesn't get you something. That is a little curious. > Thanks for the tip. I've symlinked page.html.html to page.html.en Server is negotiating happily, and it's still too hot in NYC. Thanks, -- Marco - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[users@httpd] apache as reverse-proxy : forwarding SSL environment variables
Hi, We've successfully set up apache with mod_proxy + mod_rewrite in front of our (yet another) apache serving our webapps. We've an application that use some mod_ssl environment variables to work properly (for example it use SSL_CLIENT_S_DN). The problem when connecting through reverse proxy is those mod_ssl environment variables are not available on the machine hosting the application. Is there any solution to forwarding this var to the application machine ? Thanks in advance. Best regards, -G.- - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[users@httpd] Authorize users from an intermediate CA only
Hello all, I have got a SSL question I want to use mutual authentication and I only want users from an intermediate Certification Authority (CA) to get access to my website. My intermediate CA (called SubCA here) depends on another CA this way: RootCA \---sign--> mySubCA \---sign--> myUsers certificates \---sign--> anotherSubCA \---sign--> otherUsers certificates For the moment I am only able to: - authorize users from a RootCA (selfsigned certificate) - authorize users from a RootCA (selfsigned certificate) and SubCAs signed by this RootCA (using SSLVerifyDepth = 2) BUT, quite obviously, I don't want users from anotherSubCA to get access to my web site. So my question is quite simple: Is this simply possible to only authorize users from my subCA with the SSLCACertificateFile (SSLCACertificatePath) directive in Apache? Thanks, Pierre. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users@httpd] How to limit php script execution to a select path only ?
On 6/14/05, Rich <[EMAIL PROTECTED]> wrote: > Example: > > > php_admin_value open_basedir /htdocs/bla/bla1/:/htdocs/bla/bla2/ > > > This will limit PHP execution to the two paths specified. > > NOTE: > 1) The paths MUST be absolute from root, or the chroot of apache if > appropriate - it SHOULD be appropriate :-) > > 2) The paths can not be symlinks - they must be real directory paths > > Hope this helps > > Rich. > > > Maxim Vexler wrote: > > Hello everyone. > > > > Sorry for the newbies question, I would have searched for it myself if > > it wasn't that urgent. > > Could you please demonstrate or provide a helpful link on how to limit > > script execution (php in this case) to a selected number of path's > > (phpBB2 & mysqladmin in this case) > > > > Thank you. > > > > Apache version 2.0.52 > > php4 as loadable module > > OS : windows 2k3. > > > > Thank you very much. The directive does work, but only when it's "bare" in the httpd.conf file. I must be doing something wrong here, I'm using the php4 module, on windows server, that gets loaded like this : LoadModule php4_module "c:/php/php4apache2.dll" Then I tried to add this directive into httpd.conf : php_admin_value open_basedir "D:/Inetpub/wwwroot/NEEDED_PATH/" but for some reason it did not worked. When I wrote only the "php_admin_value ..." line Apache imposed the directive, why is that ? -- Cheers, Maxim Vexler (hq4ever). Do u GNU ? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[users@httpd] Apache generated pages
Hi, I am using Apache 2.0.54 under Linux and I am viewing a directory which doesn't have a directory index (an index.html or index.php, etc). The page is created with no problems, and all the files are shown as it should, and one of the link created is: 2005-06-13.tgz After accessing this type of link, the file starts downloading, but the extension is changed to .gz instead of .tgz as it should. I can change it manually, but why does this happen? Thank you. Teddy - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]