Re: Re: Logfile: MAC-Adresse
Eigentlich fällt mir derzeit kein Nutzwert der MAC-Adresse im Log ein. Mal neugierig gefragt: Was willst Du damit? Im LAN kennst Du Deine Nachbarn doch sowieso und aus dem Internet kriegst Du die sowieso nicht. Mir faellt dazu unter anderem dieser Artikel ein: http://www.heise.de/newsticker/meldung/65051 Dann mußt Du aber die IP-Adressen speichern. Die findet auch der Internetprovider in seinen Accountinglogs und kann sie seinen Kunden zuordnen. MACs werden nirgends gespeichert. -- Apache HTTP Server Mailing List users-de unsubscribe-Anfragen an [EMAIL PROTECTED] sonstige Anfragen an [EMAIL PROTECTED] --
Re: [EMAIL PROTECTED] Problems with installing a precompiled tarball to separate directories
[EMAIL PROTECTED] wrote: Hi I need to be able to install Apache 1.3.34 to different directories on different servers (same OS and HW though) without having to build a separate version using different --PREFIX each time. I have tried to build with --PREFIX= , then creating a tarball that is moved over to the target server and finally running make install -root=target directory. This mechanism is documented in the INSTALL file for 1.3.34 but still doesn't seem to work. All files are copied to correct target directory but apachectl and httpd.conf doesn't contain correct paths. Any info would be most welcome. Hi everyone I've received several suggestions to how one could do Apache installations to different directories but no explanation to why the method as described in the INSTALL file doesn't work. Any new takers out there ? -- Per Weisteen Hydro IS Partner http://www.hydroispartner.com/ IS/IT Architect Norsk Hydro ASA http://www.hydro.com/ Email: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Get Firefox! http://www.spreadfirefox.com/?q=affiliatesid=0t=67 NO-0240 Oslo, Norway Phone:(+47) 2253 8227/Mobile:(+47) 9344 5312 *** NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it, may contain confidential or privileged information. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this message is STRICTLY PROHIBITED. If you have received this transmission in error, please immediately notify the sender and delete the e-mail and attached documents. Thank you. *** - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] LDAP Authentication and Subgroups/Nested groups
Thanks for the reply Owen. No I am not nesting realms, only trying to place LDAP groups inside other LDAP groups. If anyone can point me in another direction that I request some help it would be greatly appreciated. Thanks, Alun Coppack -Original Message- From: Boyle Owen [mailto:[EMAIL PROTECTED] Sent: 28 November 2005 08:16 To: users@httpd.apache.org Subject: RE: [EMAIL PROTECTED] LDAP Authentication and Subgroups/Nested groups -Original Message- From: Alun Coppack [mailto:[EMAIL PROTECTED] Sent: Donnerstag, 24. November 2005 15:03 To: users@httpd.apache.org Subject: [EMAIL PROTECTED] LDAP Authentication and Subgroups/Nested groups caveat: I've never used mod_auth_ldap but from a quick scan of the docs it seems it adds the additional functionality of a LDAP database to Basic Auth. That would mean that the initial credential submission is still handled by the Basic Auth mechanism. It's not clear from your posting, but are you nesting realms by any chance? Because you cant... Basic Auth only supports a single layer of authentication in each realm. If you hit a realm at mysite/dir1, then credentials are requested (password challenge) and then those credentials are re-submitted on every subsequent request in the same realm. If you try to put a second layer of authentication at mysite/dir1/dir2, then the browser will be surprised to get a 401 response when it thinks it is already inside a realm and the results will be unpredictable (browser-dependent). Some will go into a loop, popping up password challenges non-stop, others will show the 401 error. Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. I am running Apache 2.0.50 with mod_auth_ldap When I use the 'require group' directive, members of nested groups do not seem to be recognised. I am trying to authenticate using: 'require group cn=Authenticated_users,ou=Roles,dc=sample,dc=com' This group, (Authenticated_Users) has a group called 'cn=Everyone,ou=Groups,dc=sample,dc=com' as a uniqueMember. The user jbloggs is a member of cn=Everyone. Apache does not seem to follow the nesting of groups since if I add jbloggs directly as a uniqueMember of Authenticated_users everything works fine but when jbloggs is only a member of Everyone, authentication fails. I am just wondering what the standard, accepted way of setting up LDAP and apache is. Am I structuring my directory incorrectly? Any help resolving this would be appreciated. Thanks, Alun The sample ldif is included below: # OU DEFINITIONS # People OU - for holding records of all individuals dn: ou=People,dc=sample,dc=com ou: People objectClass: top objectClass: organizationalUnit # Groups OU - for holding records of groupings of individuals dn: ou=Groups,dc=sample,dc=com ou: Groups objectClass: top objectClass: organizationalUnit # Roles OU - for holding records of roles and the groups to which those roles have been assigned dn: ou=Roles,dc=sample,dc=com ou: Roles objectClass: top objectClass: organizationalUnit # PEOPLE ENTRIES dn: uid=jbloggs,ou=People,dc=sample,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson sn: Bloggs cn: Joe uid: jbloggs userpassword: no3XJAZeeb9AKbGNY65/masWpZE= mail: [EMAIL PROTECTED] # GROUPS ENTRIES dn: cn=Everyone,ou=Groups,dc=sample,dc=com objectClass: top objectClass: groupOfUniqueNames cn: Everyone uniqueMember: uid=jbloggs,ou=People,dc=sample,dc=com # ROLES ENTRIES dn: cn=Authenticated_users,ou=Roles,dc=sample,dc=com objectClass: top objectClass: groupOfUniqueNames cn: Authenticated_users uniqueMember: cn=Everyone,ou=Groups,dc=sample,dc=com - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a private and personal nature. It is not related to the exchange or business activities of the SWX Group. Le présent e-mail est un message privé et personnel, sans rapport avec l'activité boursière du Groupe SWX. This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this
Re: [EMAIL PROTECTED] problem with Apache/2.0.54 on fedora core 4
Donovan, Jim wrote: Greetings, all. This version of apache frequently wrongly says Permission Denied when perl cgi scripts try to open files. I had a look on the buglist but didn't find anything (and didn't expect to; how could a version as silly as that get out?). Once it has started saying that, nothing will let you use that file, even changing everything in the path to 777. I even tried running slocate -u and restarting httpd, just in case a snapshot of permissions somewhere is not being updated. What am I doing wrong, please? Do you have SELinux enabled ? I have worked with fedora core 2 without such problems; perhaps I should go back to fc2! Jim Donovan - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Apache 2 start_ssl - missing symbol
On Sun, Nov 27, 2005 at 12:27:52PM +, Stephen Collyer wrote: httpd is linking against libcrypto 0.9.7 in /usr/lib which is missing the symbol in question. So now the question is why did my configure not force linking against my local copy of 0.9.8a ? ... Is -with-ssl not supported anymore, or am I screwing up in some other way ? Can you try setting: export PKG_CONFIG_PATH=/home/stephen/apache/openssl-0.9.8a/lib/pkgconfig before running configure? joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Apache 2 start_ssl - missing symbol
Joe Orton wrote: On Sun, Nov 27, 2005 at 12:27:52PM +, Stephen Collyer wrote: httpd is linking against libcrypto 0.9.7 in /usr/lib which is missing the symbol in question. So now the question is why did my configure not force linking against my local copy of 0.9.8a ? ... Is -with-ssl not supported anymore, or am I screwing up in some other way ? Can you try setting: export PKG_CONFIG_PATH=/home/stephen/apache/openssl-0.9.8a/lib/pkgconfig before running configure? I've tried this but it's made no difference - httpd is still linking against the stuff in /usr/lib Got any suggestions for hand-mangling the makefiles, maybe ? -- Regards Stephen Collyer Netspinner Ltd - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Re: Apache configuration: width of lists of files ?
Uwe Dippel wrote: When displaying files as lists, I found some small differences at the widths between 1.3 and 2.0. So do my users, and ask me to set / change the width of the columns to make more characters of the filenames show. I found a similar request in the archives, more than 3 years ago. There was no answer then. IndexOptions +NameWidth=* For more options of IndexOptions, see the manpage. Joost - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] apache 1.3.33 multiple instances problem
Thank you Axel for your help. I will look into what you said on both the pid possible problem and and running the truss command with the -f option for more information. Thanks again Kenny At 11:02 AM 11/24/2005 +0100, you wrote: [EMAIL PROTECTED] logs]$ tail error.log [Tue Nov 22 11:27:59 2005] [warn] pid file /usr/users/itisgrp/servers/able/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run? makes me suspect that at least one of the apache instances do not create the PID file in the correct directory. In this case, fad may be creating the pid file in the directory of able. Check the PidFile directive in the apache configurations. [EMAIL PROTECTED] bin]$ truss -o /tmp/output httpd start The only trace this will give you is from the script that starts Apache. You should at least give the -f option to truss. Furthermore, as Joshua suggests, for trace purposes, start Apache with the -X option. -ascs - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Re: Apache configuration: width of lists of files ?
On Mon, 28 Nov 2005 14:54:49 +0100, Joost de Heer wrote: IndexOptions +NameWidth=* My excuses for asking this simple question. My only excuse: It seems badly documented. I tried Google once I got your answer, and there does not seem to be a concise description. Again, thanks and my excuses ! Uwe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] mod_perl mod_cache
Hello, I've got mod_cache finally working for disk caching of dynamic content. Unfortunately, it only works when the target perl script is not being run under mod_perl. When I try to use mod_cache on a perl script with mod_perl, it returns an empty HTML page. ie: htmlbody/body/html When I remove the script from mod_perl, it works fine. Does anyone have any ideas as to why this would be happening? Thanks Luc - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Apache 2.0 mod_rewrite and mod_auth_ldap problems
We are in the process of setting up access control for our new Intranet which is Plone and Zope application running on port 8080. The access control should allow all our company users within the Firewall read access to the Intranet server without login. Outside the Firewall, all users have to authenticate to have read access. We are using Apache modules mod_auth_ldap for access control and mod_rewrite to map the URL and into a shorter friendly domain name with the standard http port 80. The mod_auth_ldap configuration and mod_rewrite configuration work well separately but create problems when we try to put them together. We want outside Firewall users to authenticate and want mod_rewrite to transfer the URL. The main problem, we have is the authentication directives work only under the context of directory and because the Plone Zope is a separate application server running under a different port, the mod_rewrite module does not seem to run under the context of directory. Please have a look at the current Apache configuration below. The mod_rewrite part works OK but no authentication happens. There may be another solution to the problem and I would be grateful to hear your comments and suggestions. I know the information I've given you may not be detailed enough, but I will be happy to discuss it with you if you need more details ... VirtualHost *:80 ServerName intranet.mycompany.com RewriteEngine On RewriteRule ^/(.*) http://localhost:8080/VirtualHostBase/http/intranet.mycompany.com:80/Plone/VirtualHostRoot/$1 [L,P] Directory / order deny,allow deny from all allow from 172.24 AuthType Basic AuthName Company Intranet LDAP_Debug On LDAP_Server ldap.company.com LDAP_Connect_Timeout 1000 Base_DN o=company require valid-user Satisfy any /Directory /VirtualHost thanks, Daniel.
RE: [EMAIL PROTECTED] Connection Refused - SOLVED??
It happens EVERY time, immediately, on startup. Apache IS running. And there is nothing in the error log. The error log is listed in the message below. Other suggestions below are more in line with what is happening. You need to start at the beginning of the message to get the drift of all that is happening in my situation. It is a string of events that take place on startup. -Original Message- From: Boyle Owen [mailto:[EMAIL PROTECTED] Sent: Monday, November 28, 2005 3:23 AM To: users@httpd.apache.org Subject: RE: [EMAIL PROTECTED] Connection Refused - SOLVED?? -Original Message- From: Michael Avila [mailto:[EMAIL PROTECTED] Sent: Sonntag, 27. November 2005 20:03 To: users@httpd.apache.org Subject: RE: [EMAIL PROTECTED] Connection Refused - SOLVED?? Don't ask me why but I stumbled on a resolution. If I do the following it works Try to access website with browser - it fails Stop Apache Start Apache Access website with browser - it works Did this happen only once or do you mean that apache eventually stops responding and has to be restarted? If only once, I suspect apache wasn't running to begin with... If it happens many times, then something is switching off apache. Check the error_log. Note that connection refused is a low-level network message at the TCP/IP layer which means that the server is not listening on the port you requested (usually port 80 for HTTP). This is usually because the service is not running. Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. I cannot tell you why it works but it does Mike -Original Message- From: Michael Avila [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 22, 2005 2:28 PM To: users@httpd.apache.org Subject: RE: [EMAIL PROTECTED] Connection Refused Windows XP Pro Apache 2.0.55 Dynamic IP Address on DSL For about a week or so whenever I start up my PC and try to connection to Apache, I keep getting a message The connection was refused when attempting to contact and then the domain name. it's via the internet so that your request goes out to the internet and back in again via your ISP-router-modem. Some experiments: - can you hit the site directly from inside the LAN? [to identify routing problems] Yes, as 127.0.0.1. - what if you use the IP address instead of the domain name? [to identify DNS problems] Usually, but not always, that works. Assuming these two things don't work, then it looks like an apache config problem: - Check your Listen directive. Are you listening to port 80? If in doubt, comment out all Listens then apache will default to port 80. Copy and paste from httpd.conf is Listen 80 - Do you specify the correct IP address in any Listen? If in doubt, comment it out and apache will default to listen to all active IPs (I assume the PC picks up its IP address by DHCP from the modem?) I do not have an IP address with listen as it was changing dynamically. I forgot it was set to statis because of the router in between. Question: should that be Listen :80 or Listen 80 is correct? - Do other services on the server respond? (eg, SMTP on port 25, ICMP echo on port 7) Yes. Because they are all outbound first and do not use the DNS. I was blaming it on the dynamic address changing and the ISP DNS being cached. It made sense even though the dynamic IP address was updated at ZoneEdit, the ISP cache still held the old address. Well, I now have a router between the modem and the PC and I am still having the same problem even though the IP address is not changing. I can query the modem, see the IP address, and check ZoneEdit and it is the same. So now the cache should not need to be changed. So why is the connection being refused? This is from the error.log file. [Mon Nov 21 07:56:40 2005] [notice] Apache/2.0.55 (Win32) PHP/4.3.9 DAV/2 configured -- resuming normal operations [Mon Nov 21 07:56:40 2005] [notice] Server built: Oct 9 2005 19:16:56 [Mon Nov 21 07:56:40 2005] [notice] Parent: Created child process 1628 [Mon Nov 21 07:56:40 2005] [notice] Child 1628: Child process is running [Mon Nov 21 07:56:40 2005] [notice] Child 1628: Acquired the start mutex. [Mon Nov 21 07:56:40 2005] [notice] Child 1628: Starting 250 worker threads. [Mon Nov 21 08:32:56 2005] [notice] Apache/2.0.55 (Win32) PHP/4.3.9 DAV/2 configured -- resuming normal operations [Mon Nov 21 08:32:56 2005] [notice] Server built: Oct 9 2005 19:16:56 [Mon Nov 21 08:32:56 2005] [notice] Parent: Created child process 812 [Mon Nov 21 08:32:57 2005] [notice] Child 812: Child process is running [Mon Nov 21 08:32:57 2005] [notice] Child 812: Acquired the start mutex. [Mon Nov 21 08:32:57 2005] [notice] Child 812: Starting 250 worker threads. [Mon Nov 21 10:36:29 2005] [notice] Apache/2.0.55 (Win32) PHP/4.3.9 DAV/2 configured -- resuming normal operations [Mon Nov 21 10:36:29
Re: [EMAIL PROTECTED] Is my server an open proxy?
On 11/28/05, Jason Martens [EMAIL PROTECTED] wrote: I've been seeing some entries like this in my access.log: 0.0.0.0 - - [06/Nov/2005:15:36:27 -0600] GET http://www.example.com/ HTTP/1.1 200 23660 - Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) It looks like someone is using my server to access other sites. Is that what I'm seeing? How can I test if my server is vulnerable to this? I have ProxyRequests Off set. Is there anything else that I need to check? See: http://httpd.apache.org/docs/1.3/misc/FAQ.html#proxyscan Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Help required for security vulnerabilities in 1.3.29
Hi All,This is a little urgent. We are making use of apache 1.3.29 in our project and while running "Nessus" security scan shows what it believes to be security vulnerabilties found within Apache ports. They need to know if these are validsecurity concerns or "False Positives" . Below are the case ids Potential vulnerability #1 (case 051121-61002) Nessus reports thismessage for port 24313/tcp: It seems that the DELETE method is enabled on your web server. Although we could not exploit this, you'd better disable it. Solution : disable this method Risk factor : MediumPotential vulnerability #2 (case 051121-61005): Nessus reports thismessage for port 8080/tcp: The target is running an Apache web server which allows for theinjection of arbitrary escape sequences into its error logs. Anattacker might use this vulnerability in an attempt to exploit similarvulnerabilities in terminal emulators. Potential vulnerability #3 (case 051121-61009) Nessus reports thismessage for port http-proxy 8080/tcp: Potential vulnerability #4 Nessus reports thismessage for port http-proxy 8080/tcp: The target is running an Apache web server that may not properlyhandle access controls. In effect, on big-endian 64-bit platforms,Apache fails to match allow or deny rules containing an IP address but not a netmask. Potential vulnerability #5 Nessus reports thismessage for port 24313/tcp It seems that the PUT method is enabled on your web server. Althoughwe could not exploit this, you'd better disable itAll I am looking for is some help in the above direction which can help me in analysising whether these vulnerabilities exist. As I am totally new to apache , any help will be totally appreciatedThanks and Regards Syona PS I can even give my contact number if anyone has some detaiuled information Yahoo! Music Unlimited - Access over 1 million songs. Try it free.
Re: [EMAIL PROTECTED] Help required for security vulnerabilities in 1.3.29
On 11/28/05, syona m [EMAIL PROTECTED] wrote: Hi All, This is a little urgent. We are making use of apache 1.3.29 in our project and while running Nessus security scan shows what it believes to be security vulnerabilties found within Apache ports. They need to know if these are validsecurity concerns or False Positives . Below are the case ids First, you need to think a little more about what you are doing before sending scattershot email to every address you can find. You sent this message also to me personally, to our security notification address (which specifically forbids messages of this type) and to god-only-knows how many other addresses. I find this very rude and inconsiderate since it wastes the time of the people who you want to help you. Please consider this the next time you have a problem. The appropriate forum for this type of question is the users@httpd.apache.org mailing list, to which I am now replying. To start, you can get information on apache 1.3 security vulnerabilities here: http://httpd.apache.org/security/vulnerabilities_13.html You'll notice this lines up quite closely with the list you quote. All of these problems could be fixed simply by upgrading your server to the most recent 1.3 release: 1.3.33. Are these important security vulnerabilities? Not really, but it depends on the context. If you are running on a 64-bit big-endian platform, then CVE-2003-0993 could be a problem. If you let untrusted users run ssi, then CVE-2004-0940 could be a problem. If you are a frequent target of Denial of Service attacks, then several of them might be important. The PUT and DELETE warnings are probably a false positive, but I don't know how Nessus is doing its testing, so I can't tell for sure. Do you run mod_dav? Do you run a CGI script that doesn't check its methods? Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Will mod_rewrite work?
Hi Folks, I have an Apache httpd 2.0.55 installation that is running one web site. Its using mod_jk to attach to JBoss and serve out a blog run by Blojsom. At the moment the URL to access it is http://mydomain.com/blojsom/blog/default/ which brings up the blog. I was wondering if it would be possible to use mod_rewrite so that anything requested from http://mydomain.com/blog could automatically send the user the pages from /blojsom/blog/default ? I tried the following, but it didn't work, which started making me wonder if its possible, what with the path not being a physical path. LoadModule rewrite_module modules/mod_rewrite.so RewriteEngine On RewriteBase blog/ RewriteRule ^/$ /blojsom/blog/default/ Thanks in advance, Andrew McCall [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Help required for security vulnerabilities in 1.3.29
On 11/28/05, syona m [EMAIL PROTECTED] wrote: First My sincere appologies to Joshua for the inconivience caused, Seeing these vulnerabilities panicked me. Please accept my appologies and it wont be happening again to answer your questions, I have following info 1)We make use of sun solaris 8 am not sure whether this is a big or small endian 64 bit platform Solaris sparc is big-endian, I believe. (Solaris Intel is little-endian.) You may or may-not have 64-bit, depending on how you installed. In this case, you need to make sure that any Deny directive you have in httpd.conf also uses a netmask (as in Deny from 10.1.0.0/255.255.0.0). 2)Our software is deployed at the customer site so upgrading to new apache version doesnt sem to be a solution for us That's not very good. At some point there may be a security problem that is serious. What are you going to do then? A minor upgrade of apache is quite easy to do, so that is definitely the recommended course of action. Having installed software that you are unable to patch is a very bad idea. 1)How can i run the htpasswd run as setuid? AM not clear about this point htpasswd is *not* normally run suid, and that is fine. This bug only applies if you let untrusted users run htpasswd using priveleges other than their own. This is not a typical setup and you wouldn't have it setup that way unless you specifically changed the permissions. If you are really worried, just delete htpasswd, which you probably don't need. 2)Is there anyways I can test by injecting inject escape sequences into an Apache error or access log? Sure, but what is the point? Escape sequences in the log are not dangerous. It has been possible to put raw garbage in the apache log since the first version of apache, and this has always been clearly documented. You should just avoid using a broken terminal emulator that may interpret the escape sequences. (To be safe, just never view the logs at the terminal. Use an editor as in tail error_log tmp; vi tmp.) Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Secure Apache proxy chaining
Guys and gals, Background - I am trying to chain together two Apache servers (server1 running Sol 9 Apache 2.0.47, server2 running Sol 9 Apache 2.0.55) for certain sites. Due to security restrictions within the customers network, I need to access the web interface of one of their appliances through the two apache proxy servers mentioned above. The scenario is: Workstation - Apache1.custnet.com - Apache2.custnet.com - Appliance.custnet.com The appliance will accept the initial connection on port 80, then kick off a secure 443 session. I am able to use the following scenario successfully: Workstation - Apache2.custnet.com - Appliance.custnet.com From what I can see in the error_log (LogLevel debug), for the second scenario the workstation is prompted to accept a secure connection and proceeds to login over a secure 443 session - the first scenario does not do this - it is as if the request for a secure connection is not being passed back down the chain. Relevant Configuration (changed to protect the innocent): Apache1.custnet.com (httpd.conf) ProxyRequests On Proxy * Order Deny, Allow Deny from all Allow from all /Proxy ProxyRemote http://appliance1.custnet.com http://apache2.custnet.com Compiled in modules: core.c mod_access.c mod_auth.c mod_include.c mod_log_config.c mod_env.c mod_setenvif.c mod_proxy.c proxy_connect.c proxy_ftp.c proxy_http.c prefork.c http_core.c mod_mime.c mod_status.c mod_autoindex.c mod_asis.c mod_cgi.c mod_negotiation.c mod_dir.c mod_imap.c mod_actions.c mod_userdir.c mod_alias.c mod_so.c Apache2.custnet.com (httpd.conf) ProxyRequests On Proxy * Order Deny, Allow Deny from all Allow from all /Proxy Compiled in modules: core.c mod_access.c mod_auth.c mod_include.c mod_log_config.c mod_env.c mod_setenvif.c mod_proxy.c proxy_connect.c proxy_ftp.c proxy_http.c prefork.c http_core.c mod_mime.c mod_status.c mod_autoindex.c mod_asis.c mod_cgi.c mod_negotiation.c mod_dir.c mod_imap.c mod_actions.c mod_userdir.c mod_alias.c mod_so.c What am I missing - I tried to google this scenario but can only find chained http examples. Any direction would be helpful. Regards, -- Graham Trigge IT Technical Specialist Server Support Telstra Australia Office: (02) 9201 9577 Mobile: 0409 654 434 Time flies like an arrow, but fruit flies like a banana - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] apache2, mod_jk, tomcat with .htaccess
Hi all, I had successfully setup apache2, mod_jk and tomcat, so that all jsp, and servlet can be processed successfully by tomcat through apache2 and mod_jk. The problem is that I would like to control access of using .htaccess file. There is no problem when visiting static pages like . html, .jpeg... but when accessing .jsp, apache2 simply pass .jsp and servlet to tomcat without any authentication even though I already setup tomcatAuthenticaion=false in server.xml of tomcat. I had tried different version of apache2 (latest included), different version of mod_jk (and now using 1.2.15) and different version of tomcat (version 4, 5.0 and 5.5), none of them using apache2's authentication when accessing jsp and servlet. I also tried to everything in .htaccess to httpd.conf but the result was the same. So I tried to use apache 1.3, and bingo, everything works, apache will ask for user authentication even without tomcat running. Now, my question is, is the behavior of apache2 and apache1 different when using .htaccess? Moreover, I have to use apache2 for its modules and speed, is there anyway to setup apache2 to treat .htaccess same as apache1.3? Grandy - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] .htaccess Creation Under Windows
Is there a way to create an .htaccess file under Windows XP Pro? I would like to locked down a directory from direct outside connection but Windows does not like that type of filename. Would it be easier just to rename all of the .htaccess files to something else and change the Apache conf file to reflect the change? I prefer not to do that because of all of the applications that come with .htaccess files. I'm liable to forget to rename them. Any suggestions? Mike attachment: winmail.dat- The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] .htaccess Creation Under Windows
Michael Avila wrote: Is there a way to create an .htaccess file under Windows XP Pro? I would like to locked down a directory from direct outside connection but Windows does not like that type of filename. Would it be easier just to rename all of the .htaccess files to something else and change the Apache conf file to reflect the change? I prefer not to do that because of all of the applications that come with .htaccess files. I'm liable to forget to rename them. I was about to say that you were crazy because I have no problem with .htaccess on my server. However a little further testing and I found you were right. I also found a partial workaround however... Let me explain my network and the testing I did. I have Apache running on a Windows 2000 Server computer. Most of the management (including .htaccess stuff), I do from this Windows XP computer with the C: drive on the server mapped as Z: on this XP box. I have no problems at all reading or editing an existing .htaccess file on the XP computer. However, as you reported, I could not create a new .htaccess file on the XP computer. I could even copy an existing .htaccess file (either locally on the XP computer or remotely from the 2000 server) to the local XP computer and then edit it. The workaround would be create a .htaccess file on another computer and copy it via a floppy, USB drive, CD, etc to your XP computer. I even tried sending myself an e-mail with a .htaccess file as an attachment. When I received it on the XP computer, I had no problem saving it, and then reading, copying, or editing it. To that end, I will happily send you a dummy .htaccess file as an attachment. If your computer is like mine, you should then be able to edit or copy it to fit your needs. -- 73 - Jim Walls - K6CCC [EMAIL PROTECTED] Ofc: 818-548-4804 http://home.earthlink.net/~k6ccc AMSAT Member 32537 - WSWSS Member 395 - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] .htaccess Creation Under Windows
At 09:31 29/11/2005, you wrote: Is there a way to create an .htaccess file under Windows XP Pro? I would like to locked down a directory from direct outside connection but Windows does not like that type of filename. Would it be easier just to rename all of the .htaccess files to something else and change the Apache conf file to reflect the change? I prefer not to do that because of all of the applications that come with .htaccess files. I'm liable to forget to rename them. Any suggestions? Mike Save the file as anyfilename.txt using any text editor under XP. Open a console window in that directory and give the command 'ren anyfilename.txt .htaccess' (without the quotes, of course) and press 'Enter'. Do a dir listing to confirm that its done. Close the console window. Sanjay Dutt -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.362 / Virus Database: 267.13.8/184 - Release Date: 27/11/2005 - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Will mod_rewrite work?
-Original Message- From: Andrew McCall [mailto:[EMAIL PROTECTED] Sent: Montag, 28. November 2005 23:11 To: users@httpd.apache.org Subject: [EMAIL PROTECTED] Will mod_rewrite work? Hi Folks, I have an Apache httpd 2.0.55 installation that is running one web site. Its using mod_jk to attach to JBoss and serve out a blog run by Blojsom. At the moment the URL to access it is http://mydomain.com/blojsom/blog/default/ which brings up the blog. I was wondering if it would be possible to use mod_rewrite so that anything requested from http://mydomain.com/blog could automatically send the user the pages from /blojsom/blog/default ? I tried the following, but it didn't work, which started making me wonder if its possible, what with the path not being a physical path. No problem - mod_rewrite works in URL-space. BTW, ...it didn't work... is the least-favourite phrase you want to read on a technical help list... What didn't work? What happened? You got the old URL? You got 404? You got the index page? The computer imploded? Cut'n'paste from the rewrite log... (you *did* activate rewrite logging, didn't you?...) LoadModule rewrite_module modules/mod_rewrite.so RewriteEngine On RewriteBase blog/ Try RewriteBase /blog/ Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. RewriteRule ^/$ /blojsom/blog/default/ Thanks in advance, Andrew McCall [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a private and personal nature. It is not related to the exchange or business activities of the SWX Group. Le présent e-mail est un message privé et personnel, sans rapport avec l'activité boursière du Groupe SWX. This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]