[EMAIL PROTECTED] Rewrite/RedirectMatch Issues
I have been having trouble getting some Rewrites or Redirects to work. Here is what I am trying to do: http://weather.domain.com/ - http://www.domain.com/weather/ http://weather.domain.com/# - http://www.domain.com/weather/# http://weather.domain.com/@ - http://www.domain.com/weather/@ The # represents a string of 5 digits (US zip code). The @ string represents any text (aimed at the name of a city). Here is what I currently have. I've gone through many changes, but this seems to be the closest to working properly: Redirect/index.php http://www.domain.com/weather/ RedirectMatch ^/([0-9]{5})http://www.domain.com/weather/$1 RedirectMatch ^/([A-Za-z]+) http://www.domain.com/weather/$1 The problem with this is the last line is interpreting index.php as /index and appending that to the end. The second line works perfectly. How can I get the last line to work without seeing index.php, or index, as a match? Also, when it gets to http://www.domain.com/weather/$1, I am experiencing a similar issue. The images/ folder is in a folder called weather/. So, with the rules that I have in place, the images are not showing up. I'd like to know if there is a way to follow the rules while excluding the weather folder. Here are the rules for that: RewriteRule ^weather/$ cgi-bin/weather/hw3.cgi?forecast=asus01use_map=us_c_sm_albers2 [NC] RewriteRule ^weather/([0-9]{5})cgi-bin/weather/hw3.cgi?pands=$1 [NC] RewriteRule ^weather/([A-Za-z]+) cgi-bin/weather/hw3.cgi?pands=$1 [NC] Thank You, Jason Williard - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] how to get asp on apache ?(asap)
"William A. Rowe, Jr." [EMAIL PROTECTED] wrote:mohan devanoor wrote: Thanks William, problem is solved with mod_perl but how to create any asp program to run on apache??- i meant to say the samples which r given in asp/eg/ are working. Apache uses perl scriptembeded asp page. is it so? htttp://localhost/asp/form.asp outout : a formYou missed the point; surrender. Either you want to run perl 'asp' scripts,or it's time for you to learn, and port your applications, to aspx. but u said- mod_aspdotnet and mod_mono only support aspx - not asp. modperl also doesn'tsupport 'vb' or other non-perl .asp pages, onl y asp pages in perl. ???Trust me, I researched how to deploy the microsoft scripting framework forasp script into httpd, and it was a totally worthless exercise in futility.Nobody's done it yet, and now nobody is about to. There were some variousapps to convert .asp script within apache, but I believe most of thoseefforts are dead.If you are looking for something less complex than aspx, you might learn php.Yours,Bill-The official User-To-User support forum of the Apache HTTP Server Project.See for more info.To unsubscribe, e-mail: [EMAIL PROTECTED]" from the digest: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED] Relax. Yahoo! Mail virus scanning helps detect nasty viruses!
[EMAIL PROTECTED] double wild card ssl certificates
My company has a wild card SSL server certificate *.domain.com . However we need to use double wild card certificate *.*.domain.com. Can I use *.domain.com (which is a server certificate, signed by a trusted root CA) to sign the *.*.domain.com ? I have read elsewhere that I need an intermediate CA certificate. Is this correct ? Is there any limitation/restriction on the intermediate CA certificate ? What can I use it for? Can I use the intermediate CA certificate to sign other certificates ? I have read that an intermediate CA certificate can only be use to establish a chain for a server certificate which is signed by the same root CA. Does not make much sense to me. Can someone please clarify? Thank you! - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Dual SAN certificate support
On Thu, Feb 02, 2006 at 04:20:42PM -0600, Savage, Robert CTR USTRANSCOM J6 wrote: Acronym defined: SAN = Subject Alternative Name Certificate contains two FQDN entries, one an alias to the other: DNSName: fully.qualified.name DNSName: alias-of.qualified.name What I got back from the CA is a certificate that's slightly longer than one for a single FQDN host. Apache2 refuses to start with this Dual SAN cert. mod_ssl doesn't care about what subjectAltName extensions might be in the certificate, though it might cause false warnings about subject CN mismatches. What error is being printed when the server fails to start? What does the error_log say? Regards, joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] double wild card ssl certificates
On 2/3/06, Khai Doan [EMAIL PROTECTED] wrote: My company has a wild card SSL server certificate *.domain.com . However we need to use double wild card certificate *.*.domain.com. Can I use *.domain.com (which is a server certificate, signed by a trusted root CA) to sign the *.*.domain.com ? Does * match *.* also?
Re: [EMAIL PROTECTED] cgi-bin contents
AddHandler html php ## is this going to do it? thanks hi all... if i have a cgi-bin directory - or any directory in which is cgi execution is permitted - can i have other files served from the same directory or any other directory below - like php and html? do i need suexec for that? the php engine is not set up as cgi... thanks - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] cgi-bin contents
On 2/2/06, make stuff up [EMAIL PROTECTED] wrote: hi all... if i have a cgi-bin directory - or any directory in which is cgi execution is permitted - can i have other files served from the same directory or any other directory below - like php and html? do i need suexec for that? There are two ways to configure cgi: 1. Use ScriptAlias 2. Use Options ExecCGI and AddHandler cgi-script .cgi. The first way will treat *all* files as CGI scripts, so no non-cgi script may be served from a ScriptAliased directory. The second way can share a directory with non-CGI files. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] sumbol multiple-defined when compiling httpd 2.2.0 on Solaris 8
Hi, I'm trying to compile httpd 2.2.0 on Solaris 8. When I do 'make install' it stops with the following error messages: === [..] /usr/root/web/httpd-2.2.0/srclib/apr/libtool --silent --mode=link gcc -g -O2 -pthreads -L/usr/root/web/httpd-2.2.0/srclib/apr-util/xml/expat/lib -L/openssl-0.9.8a/lib -R/openssl-0.9.8a/lib -ldl -o ab -static ab.lo -lm /usr/root/web/httpd-2.2.0/srclib/pcre/libpcre.la /usr/root/web/httpd-2.2.0/srclib/apr-util/libaprutil-1.la /usr/root/web/httpd-2.2.0/srclib/apr-util/xml/expat/lib/libexpat.la /usr/root/web/httpd-2.2.0/srclib/apr/libapr-1.la -lsendfile -lrt -lsocket -lnsl -lpthread -lssl -lcrypto ld: fatal: symbol `SHA256_Transform' is multiply-defined: (file /usr/root/web/httpd-2.2.0/srclib/apr/.libs/libapr-1.a(sha2.o) type=FUNC; file /openssl-0.9.8a/lib/libcrypto.a(sha256.o) type=FUNC); ld: fatal: symbol `SHA256_Init' is multiply-defined: (file /usr/root/web/httpd-2.2.0/srclib/apr/.libs/libapr-1.a(sha2.o) type=FUNC; file /openssl-0.9.8a/lib/libcrypto.a(sha256.o) type=FUNC); ld: fatal: symbol `SHA256_Final' is multiply-defined: (file /usr/root/web/httpd-2.2.0/srclib/apr/.libs/libapr-1.a(sha2.o) type=FUNC; file /openssl-0.9.8a/lib/libcrypto.a(sha256.o) type=FUNC); ld: fatal: symbol `SHA256_Update' is multiply-defined: (file /usr/root/web/httpd-2.2.0/srclib/apr/.libs/libapr-1.a(sha2.o) type=FUNC; file /openssl-0.9.8a/lib/libcrypto.a(sha256.o) type=FUNC); ld: fatal: File processing errors. No output written to ab collect2: ld returned 1 exit status *** Error code 1 make: Fatal error: Command failed for target `ab' Current working directory /usr/root/web/httpd-2.2.0/support === Any idea how to fix this. I used the following parameters to configure it: export ZLIBVER=1.2.3 export SSLVER=0.9.8a export HTTPDVER=2.2.0 ./configure --prefix=${PREFIX}/httpd-${HTTPDVER} \ --with-z=${PREFIX}/zlib-${ZLIBVER}/lib/libz.so \ --with-ssl=${PREFIX}/openssl-${SSLVER} \ --enable-ssl \ --enable-static-support \ --enable-http \ --enable-dav \ --enable-dav-fs \ --enable-dav-lock \ --enable-rewrite \ --enable-so \ --enable-mime-magic \ --enable-expires \ --enable-headers \ --enable-usertrack \ --enable-unique-id \ --enable-auth-digest \ --enable-cgi Thanks in advance, Nico -- - It has been said that there are only two businesses that refer to customers as users: illegal drug trade and the computer industry. - Nico De Ranter Senior System Administrator Sony Service Center (NSCE) The Corporate Village, Da Vincilaan 7-D1 B-1935 Zaventem, Belgium Telephone: +32 (0)2 700 86 41 Fax: +32 (0)2 700 86 22 - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] how to get asp on apache ?(asap)
Have a look at Sun Java System Active Server Pages (formly Chilisoft) http://www.sun.com/software/chilisoft/index.xml It will let you run ASP (NOT ASP.NET) on Linux. I used it about 3-4 years ago when I made the switch from Windows(IIS) to Linux(Apache). Used it for a couple years until I got all my old ASP code converted to PHP. PS It is not free enough, you have to purchase this software. But it works great. Mark. mohan devanoor wrote: Thanks William, problem is solved with mod_perl but how to create any asp program to run on apache?? Your help would be appreciated... */William A. Rowe, Jr. [EMAIL PROTECTED]/* wrote: mod_aspdotnet and mod_mono only support aspx - not asp. modperl also doesn't support 'vb' or other non-perl .asp pages, only asp pages in perl. Devraj Mukherjee wrote: Hi Mohan, I have no experience with Apache::ASP but It's worth looking at mod_mono that supports ASP .NET on Apache. Devraj mohan devanoor wrote: hello all, i have apache 2.0.55 and perl. and i installed mod_perl in order to get asp run on my apache. g t; i copied eg/ folder to htdocs but couldnt get the asp page in IE. iam a newbie for apache::asp . can any one tell me the procedure to get asp page on my server. Your help would be appreciated... Thanks Brings words and photos together (easily) with PhotoMail - it's free and works with Yahoo! Mail. - The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] . - The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Relax. Yahoo! Mail virus scanning http://us.rd.yahoo.com/mail_us/taglines/viruscc/*http://communications.yahoo.com/features.php?page=221 helps detect nasty viruses! -- ___ Mark McCulligh, Web Consultant VisualTech Components www.VisualTech.ca [EMAIL PROTECTED] (519)318-7905 - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Apache 2.0/2.2 + Suexec + Mod_Frontpage help
Hello, Curently i'm running Apache 1.3.34 + Suexec with PHP_Suexec + Mod_Frontpage_Mirfak and i have plans to upgrade to Apache version 2.0 or 2.2. The problems is that i can't find a easy way to make Frontpage to work with Suexec for Apache 2 (i hate Frontpage but we have many clients that are using it). The module that is provided from rtr.com doesn't works with Suexec Enabled with the newer versions of Apache 2.0. Mod_Frontpage_Mirfak is for Apache 1.3 only. For Apache 1.3 i've tried a simple patch that checks if the executable is the Frontpage binary and if it is - it is executed without Suexec. The patch is very simple: --- ./src/main/util_script.c.orig Wed Apr 3 13:42:49 2002 +++ ./src/main/util_script.cWed Apr 3 13:47:30 2002 @@ -1182,6 +1182,7 @@ #elif defined(NETWARE) #else if (ap_suexec_enabled +(strcmp(r-filename, /usr/local/frontpage/version5.0/apache-fp/_vti_bin/fpexe)) ((r-server-server_uid != ap_user_id) || (r-server-server_gid != ap_group_id) || (!strncmp(/~, r-uri, 2 { Is there a patch that makes Frontpage to works with Suexec ? And if there is not, is it possible something to be done like the patch that i've pasted above ? Or there is other solution ? Thank You Iavor - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Re: Precompiled Mod_SSL binaries for Win32 and Apache 1.3
I have tested this same application on Win32 with apache 1.3. It is dog slow. yes. As I expected. But one fact remains, it's STABLE. the scripts don't fail. There is a nice issue with 2.0.55 and modperl 2 and perl. As for apache 1.3 being threaded on win32. This I did not know. Apache 2 on win32 is still hacked together. better, but has a lot of annoyances. rotatelog.exe for example. If you can point out a way to resolve Free to wrong pool 618410 not 16eb160 type errors. Otherwise... chill out. On Thu, 2006-02-02 at 15:54 -0600, William A. Rowe, Jr. wrote: Jason J. Czerak wrote: It was going to be a possible solution to a problem on Win32 with threads and Apache 2 and modperl 2 that was just breaking things under any sort of load. ROFL / Picks self up off of floor / Falls back down laughing / Dude, Win32 is ALWAYS THREADED. 1.3 was, 2.0 was, 2.2 is. Will always be. See Randy's work for some pretty solid builds of httpd+ssl+modperl. And note that Win32 apache1.3 was bubblegum and bailing wire compared to 2.0 or 2.2 - they are miles apart. For unix shrug / really you can keep using 1.3 if you don't expect any new changes, I hear you point about the fact that it keeps on chugging. But apache1.3/win32 barely chugged in the first place. Note that most modperl 1.26 modules just were never right for apache1.3/Win32 (though most of the ASF's worked ok.) Authoring a 1.26 modperl module for Windows is an exercize unto itself. Wipes tears from eyes / Bill - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Jason Czerak ([EMAIL PROTECTED]) __ Thisemailtransmissionandanydocuments,filesorpreviousemail messagesattachedtoitmaycontaininformationthatisconfidentialor legallyprivileged.Ifyouarenottheintendedrecipientoraperson responsiblefordeliveringthistransmissiontotheintendedrecipient, youareherebynotifiedthatyoumustnotreadthistransmissionand thatanydisclosure,copying,printing,distributionoruseofthis transmissionisstrictlyprohibited.Ifyouhavereceivedthistransmission inerror,pleaseimmediatelynotifythesenderbytelephoneorreturnemail anddeletetheoriginaltransmissionanditsattachmentswithoutreading orsavinginanymanner.
[EMAIL PROTECTED] Sporadic (and very anoying) file rights issues
Hello all, I posted 1 week ago about a problem of access rights with apache and subversion. Today, I'm pretty sure it's an apache problem because I'm now facing the bug with another application. Summary: * From time to time some subversion transactions faild. The failure is due to a problem of access rights on the directory created to store the transaction. The directory is created with following rights: drw-rwSrw- tnx... Note: the 'S' means 'parent directory has setgid but you created a directory without execution rights'. It's a kind of error state. The problem is: execution rights on the directory are missing (so the directoy is not very useful). Today I discovered that another application on the same server have the same behaviour: * From time to time, this C program called by a php script (I know... but I'm not the one who wrote the code!) faild because it create a directory without execution rights. In both cases, the most low level routine called in C is mkdir with '0755' (sounds like good for a directory). mkdir man page tells us umask influence mkdir behaviour but since the problem is not systematic, I think there is a problem somewhere in apache. Note: * I'm running a x86 SMP box with RHEL3 and apache 2.0.48-16 RPM provided by subversion rpm packager here: http://the.earth.li/pub/subversion/summersoft.fay.ar.us/pub/subversion/latest/rhel-3/bin/ * I cannot reproduce this bug on my test server with the same configuration. Someone can help me ? - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Dual SAN certificate support
Joe, Event Type: Error Event Source: Service Control Manager Event Category: None Event ID: 7024 Date: 2/2/2006 Time: 8:20:18 AM User: N/A Computer: UNDERDOG Description: The Apache2 service terminated with service-specific error 1. When I edit ssl.conf to point to a single-SAN certificate for another IP-based virtual web site, Apache starts up smartly with no errors. --Doc Robert G. (Doc) Savage, CISSP, RHCE, GCIA Senior Systems Analyst BAE Systems Information Technology USTranscom J6-PI (TFMS) E-mail: [EMAIL PROTECTED] DSN: 779-3275 Fax: 576-4578 -Original Message- From: Joe Orton [mailto:[EMAIL PROTECTED] Sent: Friday, February 03, 2006 3:46 To: Savage, Robert CTR USTRANSCOM J6 Cc: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] Dual SAN certificate support On Thu, Feb 02, 2006 at 04:20:42PM -0600, Savage, Robert CTR USTRANSCOM J6 wrote: Acronym defined: SAN = Subject Alternative Name Certificate contains two FQDN entries, one an alias to the other: DNSName: fully.qualified.name DNSName: alias-of.qualified.name What I got back from the CA is a certificate that's slightly longer than one for a single FQDN host. Apache2 refuses to start with this Dual SAN cert. mod_ssl doesn't care about what subjectAltName extensions might be in the certificate, though it might cause false warnings about subject CN mismatches. What error is being printed when the server fails to start? What does the error_log say? Regards, joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] cgi-bin contents
On 2/2/06, make stuff up [EMAIL PROTECTED] wrote: hi all... if i have a cgi-bin directory - or any directory in which is cgi execution is permitted - can i have other files served from the same directory or any other directory below - like php and html? do i need suexec for that? There are two ways to configure cgi: 1. Use ScriptAlias 2. Use Options ExecCGI and AddHandler cgi-script .cgi. The first way will treat *all* files as CGI scripts, so no non-cgi script may be served from a ScriptAliased directory. The second way can share a directory with non-CGI files. i was using #2 but it doesn't work. i have: Directory /path/to/dir Options +ExecCGI FollowSymLinks AddHandler cgi-script .cgi /Directory and the cgi scripts don't work. anything wrong with this? thanks Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] how to get asp on apache ?(asap)
You can try http://www.sun.com/software/chilisoft/index.xml Works for some. I have installed it before and some of the application works without any rewrites, others don't. Gary Wayne Smith -Original Message- From: William A. Rowe, Jr. [mailto:[EMAIL PROTECTED] Sent: Thursday, February 02, 2006 11:43 PM To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] how to get asp on apache ?(asap) mohan devanoor wrote: Thanks William, problem is solved with mod_perl but how to create any asp program to run on apache?? You missed the point; surrender. Either you want to run perl 'asp' scripts, or it's time for you to learn, and port your applications, to aspx. Trust me, I researched how to deploy the microsoft scripting framework for asp script into httpd, and it was a totally worthless exercise in futility. Nobody's done it yet, and now nobody is about to. There were some various apps to convert .asp script within apache, but I believe most of those efforts are dead. If you are looking for something less complex than aspx, you might learn php. Yours, Bill - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Reverse proxy with proxy-html
I'm having some difficulty getting this to work the way I need it to. Does anyone have some time to provide some feed back and experiences? Thx Errol Neal - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Redirecting http traffic to an https virtual host
Peter, Here is what I have in production today on a Apache 2.0.X server. This is within a VirtualHost. Suggest defining a rewrite log and setting logging level high to see what's going on behind the scene if this doesn't work for you. John Location /xyz RewriteEngine on RewriteCond %{SERVER_PORT} !=443 RewriteRule ^.*/xyz(.*)$ https://%{SERVER_NAME}/xyz$1 [R] /Location Peter Clark wrote: I have been reassured by the documentation that this is an easy problem, but for some reason I'm not having much luck. I'm running Apache 2.0.52 on Debian Sarge, and I want to use Squirrelmail with SSL. No problems running Squirrelmail at https://webmail.mydomain.tld. But what I want is for all requests to http://webmail.mydomain.tld to be redirected to https://. Here's where I run into trouble. /etc/apache2/httpd.conf has the line NameVirtualHost 1.2.3.4 and I have the virtual domain for webmail.mydomain.tld stored in /etc/apache2/sites-available/webmail: --- /etc/apache2/sites-available/webmail: Directory /var/www/webmail php_flag register_globals off Options Indexes FollowSymLinks IfModule mod_dir.c DirectoryIndex index.php /IfModule /Directory # users will prefer a simple URL like http://webmail.example.com VirtualHost webmail.mydomain.tld:443 SSLEngine on SSLCertificateFile /etc/ssl/mydomain.tld/Cert.pem SSLCertificateKeyFile /etc/ssl/mydomain.tld/PrivateKey.pem DocumentRoot /var/www/webmail ServerName webmail.mydomain.tld ServerAdmin [EMAIL PROTECTED] /VirtualHost VirtualHost webmail.mydomain.tld:80 ServerName webmail.mydomain.tld Redirect permanent / https://webmail.mydomain.tld /VirtualHost --- If I have /etc/apache2/sites-available/webmail set up like this, I get the following error when trying to start Apache: --- Starting web server: Apache2[Mon Dec 20 14:44:46 2004] [error] VirtualHost webmail.mydomain.tld:80-- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results [Mon Dec 20 14:44:46 2004] [error] VirtualHost webmail.mydomain.tld:443 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results --- However, if I comment out the VirtualHost webmail.mydomain.tld:80 and following lines, and change VirtualHost webmail.mydomain.tld:443 to VirtualHost webmail.mydomain.tld, traffic to http://webmail.mydomain.tld isn't redirected. I also tried putting an .htaccess file in /var/www/webmail (which is a symbolic link to /usr/share/squirrelmail, Squirrelmail's home directory) with the following contents: --- DirectoryIndex index.php IfModule mod_rewrite.c RewriteEngine On RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^(.*)$ https://%{SERVER_NAME}/webmail/$1 [L,R=303] /IfModule --- But still traffic isn't redirected. I've checked that mod_rewrite is enabled. So what obvious thing am I missing? Thanks, :Peter - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] cgi-bin contents
On 2/3/06, make stuff up [EMAIL PROTECTED] wrote: i was using #2 but it doesn't work. i have: Directory /path/to/dir Options +ExecCGI FollowSymLinks Don't mix + and non-+ options. You probably mean Options ExecCGI FollowSymLinks. AddHandler cgi-script .cgi /Directory and the cgi scripts don't work. anything wrong with this? I can't tell you anything unless you describe in detail what you mean by don't work. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] mod_auth_ldap mod_auth_mysql on OS-X
Greetings! I've managed to completely isolate the multiple authentication symptoms I'm having. To recap, I'd like to authenticate users against an LDAP server with a fail through to a MySQL server. Realms which require only LDAP or only MySQL authentication behave correctly. However, a realm which requires authentication against both LDAP followed by MySQL is problematic in that when a user exists in LDAP [with password 'x'] AND the SAME user exists in MySQL [with password 'y'] AND the user submits the MySQL password [password 'y'] LDAP refuses to decline authentication to mod_auth_mysql. See error below: [Fri Feb 03 10:45:52 2006] [debug] mod_auth_ldap.c(337): [client 129.xxx.xx.xx] [20821] auth_ldap authenticate: using URL ldap://sun.x.xx.edu/ou=people,dc=x,dc=xx,dc=edu [Fri Feb 03 10:45:52 2006] [warn] [client 129.xxx.xx.xx] [20821] auth_ldap authenticate: user jones authentication failed; URI /ldap_mysql/ [ldap_simple_bind_s() to check user credentials failed][Invalid credentials] The authentication dialog keeps reappearing as LDAP can't authenticate and refuses to decline authorization. When a user is in either LDAP or MySQL [but NOT both] and submits their name using their MySQL password, mod_auth_ladp correctly declines authentication to mod_auth_mysql. Likewise, when a user who is in either LDAP or MySQL [NOT both] submits their name using their LDAP password, LDAP correctly authenticates. # Directory /usr/local/apache2/htdocs/mysql Options FollowSymLinks AuthType Basic AuthName MySQL protected #mod_auth_mysql AuthMySQLEnable On AuthMySQLHost gentoo.x.xx.edu AuthMySQLUser httpd AuthMySQLPassword AuthMySQLDB http_auth AuthMysqlUserTable mysql_auth AuthMySQLNameField username AuthMySQLPasswordField passwd AuthMySQLPwEncryption crypt AuthMysqlGroupTable mysql_groups AuthMySQLGroupField groups require group administration /Directory # Directory /usr/local/apache2/htdocs/ldap Options FollowSymLinks AuthType Basic AuthName ldap secured #mod_auth_ldap AuthLDAPURL ldap://sun.x.xx.xxx:389/ou=people,dc=x,dc=xx,dc=edu require valid-user /Directory # Directory /usr/local/apache2/htdocs/ldap_mysql Options FollowSymLinks AuthType Basic AuthName LDAP then MySQL secured #mod_auth_ldap AuthLDAPURL ldap://sun.xxx.xx.xxx:389/ou=people,dc=x,dc=xx,dc=edu AuthLDAPAuthoritative Off require valid-user #mod_auth_mysql AuthMySQLHost gentoo.x.xx.edu AuthMySQLUser httpd AuthMySQLPassword AuthMySQLDB http_auth AuthMysqlUserTable mysql_auth AuthMysqlGroupTable mysql_groups AuthMySQLGroupField groups AuthMySQLNameField username AuthMySQLPasswordField passwd AuthMySQLPwEncryption crypt require group administration /Directory # System stats OS=OS-X [10.3.9] Apache = 2.0.55 mod_auth_ldap, mod_ldap = [apache's own module] mod_auth_mysql = 3.0 [sourceforge] Using these modules --- LoadModule access_module modules/mod_access.so LoadModule auth_module modules/mod_auth.so LoadModule ldap_module modules/mod_ldap.so LoadModule auth_ldap_module modules/mod_auth_ldap.so LoadModule mysql_auth_module modules/mod_auth_mysql.so LoadModule include_module modules/mod_include.so LoadModule log_config_module modules/mod_log_config.so LoadModule env_module modules/mod_env.so LoadModule setenvif_module modules/mod_setenvif.so LoadModule mime_module modules/mod_mime.so LoadModule autoindex_module modules/mod_autoindex.so LoadModule asis_module modules/mod_asis.so #LoadModule info_module modules/mod_info.so LoadModule negotiation_module modules/mod_negotiation.so LoadModule dir_module modules/mod_dir.so LoadModule imap_module modules/mod_imap.so LoadModule actions_module modules/mod_actions.so LoadModule alias_module modules/mod_alias.so LoadModule php5_modulemodules/libphp5.so Please let me know if you have any thoughts on how to debug this problem. I've already rebuilt Apache and mod_auth_mysql from fresh downloads to make sure the installation is clean. regards, -bill William Paredes wrote: Just before going live I noticed that mod_auth_mysql and mod_auth_ldap do not fail through properly when protecting the same realm. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] mod_auth_ldap mod_auth_mysql on OS-X
Hi Wiliam. I've been reading up on modules and authentication. You may need to move the LDAP module so it comes after the mysql_auth module, as each module is tested in reverse order, i.e. last loaded module is higher priority and comes first in the pecking order. Accordingly, the way you have your modules listed, mysql will have priority over the LDAP module. mod_access having the lowest priority and being checked last, cause it's first in the LoadModule listing. On Fri, 3 Feb 2006, William Paredes wrote: To: users@httpd.apache.org From: William Paredes [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED] mod_auth_ldap mod_auth_mysql on OS-X Greetings! Using these modules --- LoadModule access_module modules/mod_access.so LoadModule auth_module modules/mod_auth.so LoadModule ldap_module modules/mod_ldap.so LoadModule auth_ldap_module modules/mod_auth_ldap.so LoadModule mysql_auth_module modules/mod_auth_mysql.so Arrange these modules in reverse order with the last mentioned module having highest checking priority, and the module first in the list has lowest priority, i.e. is tested last. Keith In theory, theory and practice are the same; In practice they are not. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Redirecting http traffic to an https virtual host
The rewrite condition is superfluous, and furthermore it is not because the connection is on port 443 that it is necessarily SSL. Either you have SSLEngine On within that virtual host, or you don't: that's what determines whether the VH uses SSL or not. A better way of testing is to use the %{HTTPS} variable which either has either of the values on or off depending on whether the request was made on an SSL connection or not. RewriteCond %{HTTPS} =off RewriteRule ^(.*)$ https://%{SERVERNAME}$1 [R] If there is any chance that the SERVERNAME variable may contain a port number, you will need to strip it off: RewriteCond %{HTTPS} =off RewriteCond %{SERVERNAME} ^([^:]*) RewriteRule ^(.*)$ https://%1$1 [R] I guess you could have these directives at the server-level and use RewriteOptions inherit in each VH. -ascs -Original Message- From: John Moore [mailto:[EMAIL PROTECTED] Sent: Friday, February 03, 2006 5:44 PM To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] Redirecting http traffic to an https virtual host Peter, Here is what I have in production today on a Apache 2.0.X server. This is within a VirtualHost. Suggest defining a rewrite log and setting logging level high to see what's going on behind the scene if this doesn't work for you. John Location /xyz RewriteEngine on RewriteCond %{SERVER_PORT} !=443 RewriteRule ^.*/xyz(.*)$ https://%{SERVER_NAME}/xyz$1 [R] /Location - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] mod_auth_ldap mod_auth_mysql on OS-X
Hi! Moving the mod_auth_mysql module before the mod_auth_ldap does give mysql priority, however the reverse problem happens. That is, when a user exists in both databases with different passwords, now mod_auth_mysql refuses to 'decline'. I've systematically swapped the load order of mod_auth_mysql, mod_access, mod_auth, mod_ldap mod_auth_ldap using all possible combinations, restarting the server and reloading the browser [flushing the cache] each time with the result being that one module always refuses to decline when a user exists in both databases. -bill [EMAIL PROTECTED] wrote: Hi Wiliam. I've been reading up on modules and authentication. You may need to move the LDAP module so it comes after the mysql_auth module, as each module is tested in reverse order, i.e. last loaded module is higher priority and comes first in the pecking order. Accordingly, the way you have your modules listed, mysql will have priority over the LDAP module. mod_access having the lowest priority and being checked last, cause it's first in the LoadModule listing. On Fri, 3 Feb 2006, William Paredes wrote: To: users@httpd.apache.org From: William Paredes [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED] mod_auth_ldap mod_auth_mysql on OS-X Greetings! Using these modules --- LoadModule access_module modules/mod_access.so LoadModule auth_module modules/mod_auth.so LoadModule ldap_module modules/mod_ldap.so LoadModule auth_ldap_module modules/mod_auth_ldap.so LoadModule mysql_auth_module modules/mod_auth_mysql.so Arrange these modules in reverse order with the last mentioned module having highest checking priority, and the module first in the list has lowest priority, i.e. is tested last. Keith In theory, theory and practice are the same; In practice they are not. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Reverse proxy with proxy-html
On 2/3/06, Errol Neal [EMAIL PROTECTED] wrote: I'm having some difficulty getting this to work the way I need it to. Does anyone have some time to provide some feed back and experiences? Just some advice: That kind of comment rarely gets you anywhere on a technical list. Explain your problem as clearly and precisely as you can and see if you get a response. The author of mod_proxy_html can sometimes be found on this list, so it is certainly possible you will get intelligent help. But not if you don't provide a precise question. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] LDAP Authentication with mod_authnz_ldap
Hi guys :) I'm running TWiki and using a .htaccess file to control access to files. Basically I'm using mod_authnz_ldap and Basic Authentication to authenticate users with our internal directory server. Here is my .htaccess file: SetHandler cgi-script AuthType Basic AuthBasicProvider ldap AuthLDAPURL ldap://sun-ds.central.sun.com/ou=people,dc=sun,dc=com AuthzLDAPAuthoritative on AuthName Sun LDAP Account FilesMatch [^/]*\.html$ SetHandler blabla allow from all /FilesMatch FilesMatch configure.* require user db160517 /FilesMatch FilesMatch (attach|edit|manage|rename|save|upload|mail|logon|.*auth).* require valid-user /FilesMatch FilesMatch .* allow from all /FilesMatch So basically the problem I'm having is this. LDAP login and auth works, and if you type a non-existant username and password, it asks you again to login, but, sometimes (95% of the time), when you type a /valid/ username and a /invalid/ password a 500 error pops up (no Perl errors appear though, so Apache is sending the 500 and Perl isn't being called). I've tried to see if it's the type of password being sent - I can't find a pattern or reason for the 500 error. Apache simply says: [Fri Feb 03 15:09:29 2006] [warn] [client 129.146.11.18] [16227] auth_ldap authenticate: user db160517 authentication failed; URI /twiki/bin/edit/Main/WebHome [ldap_simple_bind_s() to check user credentials failed][Invalid credentials], referer: http://usability9.central.sun.com/twiki/bin/view But that doesn't explain why it would throw a HTTP 500 status to the browser. The problem is that of course the HTTP auth is then fixed and won't clear easily (restart the whole browser process, or use the web developer extension in firefox...) Other than that error (and a 500 status in access.log) I have no indication of how to fix this. Any help would be appreciated. Thank you :D - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Reverse proxy with proxy-html
On 2/3/06, Errol Neal [EMAIL PROTECTED] wrote: I'm having some difficulty getting this to work the way I need it to. does anyone have some time to provide some feed back and experiences? You Wrote: Just some advice: That kind of comment rarely gets you anywhere on a technical list. Yeah. It's just a lot of effort to put yourself out there like that.. Supply a bunch of information to a list of total strangers and at times, get no response whatsoever to your request for assistance. I just thought I would test the waters to determine if anyone out there was having a good day and wanted to actually SEE my problem to SEE if perhaps they could help before actually doing so. I don't know - guess it's my own insecurities or hate of rejection :) Did that make any sense? Anyhow Here I go: I'm running http 2.0.52 on Centos 4.2. I'm trying throw a reverse proxy in-between a weblogic server to offload SSL processing. Because of the way this portal is coded, some of the links are hard coded with the original server's IP. This is why I have to rely upon mod_proxy-html. I am making some progress, but I am not getting the expected results. Here is my config file: VirtualHost 172.16.101.119:443 SSLEngine on SSLCertificateFile /etc/httpd/conf/ssl.crt/iedportl.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/iedportl.key ServerAdmin [EMAIL PROTECTED] DocumentRoot /var/www/www_***_net/wwwroot ServerName www.tripwire-dhs.net CustomLog |/usr/local/sbin/cronolog /var/www/www_***_net/logs/%Y-%m-%d-www_***_net.log combined ProxyRequests Off ProxyPass / http://172.16.103.200:7004/ ProxyHTMLLogVerbose on ProxyPassReverse / http://172.16.103.200:7004/ LogLevel Debug SetOutputFilter proxy-html;DEFLATE Location / ProxyPassReverse / SetOutputFilter proxy-html;DEFLATE ProxyHTMLExtended on ProxyHTMLURLMap /(.*) /$1 RL /Location /VirtualHost Now, with that configuration, the results I get links on the page that have been rewritten, although wrong. Ive attached the relevant portion of my log file. If I view the link properties, I can tell that something is even more wrong.. Ive attached a screen shot of that also. In short, the links are rewritten as http:/16.103.200:7004/IED/blahblahblah, but the original protocol was https and there is no redirection occuring that is complicating things, so is there anyone who used proxy-html with a reverse proxy? Thanks in advance.. Errol Neal [Fri Feb 03 17:53:54 2006] [info] [client 172.16.101.98] H/RX: match at /IED/framework/skins/IED/css/body.css, substituting /IED/framework/skins/IED/css/body.css [Fri Feb 03 17:53:54 2006] [info] [client 172.16.101.98] H/RX: match at /IED/framework/skins/IED/css/button.css, substituting /IED/framework/skins/IED/css/button.css [Fri Feb 03 17:53:54 2006] [info] [client 172.16.101.98] H/RX: match at /IED/framework/skins/IED/alert/css/window-alert.css, substituting /IED/framework/skins/IED/alert/css/window-alert.css [Fri Feb 03 17:53:54 2006] [info] [client 172.16.101.98] H/RX: match at /IED/framework/skins/IED/css/window.css, substituting /IED/framework/skins/IED/css/window.css [Fri Feb 03 17:53:54 2006] [info] [client 172.16.101.98] H/RX: match at /IED/framework/skins/IED/plain/css/window-plain.css, substituting /IED/framework/skins/IED/plain/css/window-plain.css [Fri Feb 03 17:53:54 2006] [info] [client 172.16.101.98] H/RX: match at /IED/framework/skins/IED/css/portlet.css, substituting /IED/framework/skins/IED/css/portlet.css [Fri Feb 03 17:53:54 2006] [info] [client 172.16.101.98] H/RX: match at /IED/framework/skins/IED/css/book.css, substituting /IED/framework/skins/IED/css/book.css [Fri Feb 03 17:53:54 2006] [info] [client 172.16.101.98] H/RX: match at /IED/framework/skins/IED/css/layout.css, substituting /IED/framework/skins/IED/css/layout.css [Fri Feb 03 17:53:54 2006] [info] [client 172.16.101.98] H/RX: match at /IED/framework/skins/IED/css/form.css, substituting /IED/framework/skins/IED/css/form.css [Fri Feb 03 17:53:54 2006] [info] [client 172.16.101.98] H/RX: match at /IED/framework/skins/IED/js/menu.js, substituting /IED/framework/skins/IED/js/menu.js [Fri Feb 03 17:53:54 2006] [info] [client 172.16.101.98] H/RX: match at /IED/framework/skins/IED/js/util.js, substituting /IED/framework/skins/IED/js/util.js [Fri Feb 03 17:53:54 2006] [info] [client 172.16.101.98] H/RX: match at /IED/framework/skins/IED/js/delete.js, substituting /IED/framework/skins/IED/js/delete.js [Fri Feb 03 17:53:54 2006] [info] [client 172.16.101.98] H/RX: match at /IED/framework/skins/IED/js/float.js, substituting /IED/framework/skins/IED/js/float.js [Fri Feb 03 17:53:54 2006] [info] [client 172.16.101.98] H/RX: match at /IED/framework/skins/IED/js/menufx.js, substituting /IED/framework/skins/IED/js/menufx.js [Fri Feb 03
[EMAIL PROTECTED] Newbie Getting Errors on Start
Greetings. Just installed 2.0.55 and when I try to start it, a dos like box pops up and gives me the following error: The system cannot find the file specified: No installed service named Apache 2 I'm running this on Windows XP. Your help in getting this fixed is appreciated in advance. Charlie Moher _ Take charge with a pop-up guard built on patented Microsoft® SmartScreen Technology. http://join.msn.com/?pgmarket=en-capage=byoa/premxAPID=1994DI=1034SU=http://hotmail.com/encaHL=Market_MSNIS_Taglines Start enjoying all the benefits of MSN® Premium right now and get the first two months FREE*. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] apr_uid_current() - what does it mean on Windows??
Hi, When i use apr_uid_name_get(apr_uid_t *userid, apr_gid_t *groupid, apr_pool_t *p); on WIndows, it sets the userid groupid to invalid values - i.e if i pass the gid set by apr_uid_name_get to apr_gid_name_get() on WINDOWS, it returns APR_EINVAL. Why is it so? does the apr_uid_name_get() not work on WINDOWS? Thanks Regards,Lekha Menonhttp://www.patni.com World-Wide Partnerships. World-Class Solutions. _ This e-mail message may contain proprietary, confidential or legally privileged information for the sole use of the person or entity to whom this message was originally addressed. Any review, e-transmission dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you have received this e-mail in error kindly delete this e-mail from your records. If it appears that this mail has been forwarded to you without proper authority, please notify us immediately at [EMAIL PROTECTED] and delete this mail. _