RE: [EMAIL PROTECTED] Apache 2.055 Best Practices

[Boyle Owen]

> -Original Message-
> From: Rosado, Rodolfo CTR MDA/IOM [mailto:[EMAIL PROTECTED] 
> Sent: Montag, 6. Februar 2006 16:37
> To: users@httpd.apache.org
> Subject: [EMAIL PROTECTED] Apache 2.055 Best Practices
> 
> All, 
> 
>   I am attempting to redirect traffic incoming to an Apache 
> server located in a DMZ to two machines behind my firewall.  
> My Apache server listens on both ports 443 and 80.  The 
> traffic on port 443 is redirected via a JK2 connector to a 
> Tomact 4.1.30 server and has no issues.  The traffic on port 
> 80 is redirected to another machine running IIS using a 
> reverse proxy.  I also have a third machine serving images.  
> All of the traffic from my DMZ to my backend servers must do 
> so over 1 port. 

"redirected"

A redirection is an alternative to proxying - the server responds to the client 
with a 301 or 302 and the client makes a new request directly to the new 
server. To do this you use Redirect directives or mod_rewrite with the [R] 
flag. Is this what you are doing (you don't have any directives like this in 
the config below)?

> 
> 
>  
> DocumentRoot "e:/apache2/htdocs2" 
> ServerName portal.mda.mil 
> ServerAdmin [EMAIL PROTECTED] 
> ErrorLog logs/error.log 
> TransferLog logs/access.log 
> ProxyRequests Off 
>  
> Order deny,allow 
> Allow from all 
>  
> ProxyPass /xyz http://xyzmachine:9030/xyz 
>   
> ProxyPassReverse /xyz http://xyzmachine:9030/xyz 
>   
> ProxyPass /imagerequest http://imagemachine:9030/imagerequest 
>   
> ProxyPassReverse /imagerequest 
> http://imagemachine:9030/imagerequest 
>   

Why have you got *three* arguments to the Proxy directives? You can only have 
[path] [url] - I assume this is a typo...

> 
> My challenges are: 
> The pages are served correctly by the URL's are not being 
> preserved, and the links on the served pages are also not 
> being preserved.  
> 
> i.e.: 
> 
> An inbound request may look like: 
> 
> http://www.sumplace.com/xyz/somefunction.htm 
>   
> 
> The page returned to the browser will have the url: 
> 
> http://xyzmachine:9030/xyz/somefunction.htm 
>   

Pages don't have URLs. The client requests a URL and the server returns a page 
(with no indication of what was originally requested). The URL you see in the 
browser is a record of what the browser requested to get the page you see. If 
this changes from what you typed in, it's because the original server sent a 
301 or 302 redirect to a new URL. The browser then requested this page and 
changed the URL in the address bar.

Your results look exactly like you are redirecting instead of proxying. My 
guess is that you have some other directives somewhere that we don't know about 
(further up the config, outside the VH, in a .htaccess file)? These are being 
hit before we get to the Proxy directives and causing the redirect. 

Look in the access log and see what HTTP-status you are getting for these 
requests (I bet it's 301/302 - it should be 200).

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

> 
> And the links on the page will also have the issue. 
> 
> I've tried using the ProxyPreserverHost directive, which 
> really didn't help.  
> 
> Question:  How can I forward the URL to the backend and have 
> all of the URL's return to the browser with the proper URL's?
> 
> Thanks for any assistance. 
> 
> R2 
>   
> 
> 
>   
> 
> 
> 
> 
> 
> 
> 
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen 
Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a 
private and personal nature. It is not related to the exchange or business 
activities of the SWX Group. Le présent e-mail est un message privé et 
personnel, sans rapport avec l'activité boursière du Groupe SWX.
 
 
This message is for the named person's use only. It may contain confidential, 
proprietary or legally privileged information. No confidentiality or privilege 
is waived or lost by any mistransmission. If you receive this message in error, 
please notify the sender urgently and then immediately delete the message and 
any copies of it from your system. Please also immediately destroy any 
hardcopies of the message. You must not, directly or indirectly, use, disclose, 
distribute, print, or copy any part of this message if you are not the intended 
recipient. The sender's company reserves the right to monitor all e-mail 
communications through their networks. Any views expressed in this message are 
those of the individual sender, except where the message states otherwise and 
the sender is authorised to state them to be the views of the sender's company.

-
The official User-To-User support forum of the Apache HTTP Se

RE: [EMAIL PROTECTED] apache error: client denied access by server configuration

[Boyle Owen]

> -Original Message-
> From: George Moureau [mailto:[EMAIL PROTECTED] 
> Sent: Montag, 6. Februar 2006 23:09
> To: users@httpd.apache.org
> Subject: [EMAIL PROTECTED] apache error: client denied access by 
> server configuration
> 
> Can anyone help with this? I'm setting up a development server with  
> httpd-2.2.0. I want to be able to develop and test multiple sites on  
> this server. so far the only one I can get to is /usr/local/apache2/ 
> htdocs, all others give me forbidden messages from my browser. I've  
> set up virtual hosting and set up the Directory to allow all, but  
> alas I still can't get to it from my browers (IE or 
> Safari)I feel  
> like I'm very close, but not there yet
> 
> 
> help, don't know whatelse to try,

I dunno, looking in the error log might be helpful... (If it doesn't clear it 
up for you, post back with the *exact* message found there). Also, post your VH 
config, especially the Allow directive (I suspect a mismatch between the 
DocumentRoot and the Directory path controlled by Allow).

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

> 
> George Moureau
> [EMAIL PROTECTED]
> (706) 377-3360
> 
> 
> 
> 
> -
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
> 
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen 
Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a 
private and personal nature. It is not related to the exchange or business 
activities of the SWX Group. Le présent e-mail est un message privé et 
personnel, sans rapport avec l'activité boursière du Groupe SWX.
 
 
This message is for the named person's use only. It may contain confidential, 
proprietary or legally privileged information. No confidentiality or privilege 
is waived or lost by any mistransmission. If you receive this message in error, 
please notify the sender urgently and then immediately delete the message and 
any copies of it from your system. Please also immediately destroy any 
hardcopies of the message. You must not, directly or indirectly, use, disclose, 
distribute, print, or copy any part of this message if you are not the intended 
recipient. The sender's company reserves the right to monitor all e-mail 
communications through their networks. Any views expressed in this message are 
those of the individual sender, except where the message states otherwise and 
the sender is authorised to state them to be the views of the sender's company.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] DNS

[Arturo Ignacio Partarrieu Ramos]

DNS, domain name system, is needed to resolve the domain names and
hostnames into IP addresses (and backwards). The machine that takes
care of this conversion is called a name server.
More information can be find in Suse Linux Documentation, chapter 38 Basic Networking, section 3 Name ResolutionOn 2/6/06, Boyle Owen <
[EMAIL PROTECTED]> wrote:> -Original Message-> From: info.raa
 [mailto:[EMAIL PROTECTED]]> Sent: Montag, 6. Februar 2006 11:48> To: Apache List> Subject: [EMAIL PROTECTED] DNS>> Greetings List!>> Can anyone give me a hint about DNS?
> Or tell where can i find documentation or the how to?Type "DNS howto" into Google and read the first hit.Rgds,Owen BoyleDisclaimer: Any disclaimer attached to this message may be ignored.
PS - it's http://www.tldp.org/HOWTO/DNS-HOWTO.html>> Thanks.>> Kbl>>> -
> The official User-To-User support forum of the Apache HTTP> Server Project.> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]>>Diese
E-mail ist eine private und persönliche Kommunikation. Sie hat keinen
Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail
is of a private and personal nature. It is not related to the exchange
or business activities of the SWX Group. Le présent e-mail est un
message privé et personnel, sans rapport avec l'activité boursière du
Groupe SWX.This message is for the named person's use only.
It may contain confidential, proprietary or legally privileged
information. No confidentiality or privilege is waived or lost by any
mistransmission. If you receive this message in error, please notify
the sender urgently and then immediately delete the message and any
copies of it from your system. Please also immediately destroy any
hardcopies of the message. You must not, directly or indirectly, use,
disclose, distribute, print, or copy any part of this message if you
are not the intended recipient. The sender's company reserves the right
to monitor all e-mail communications through their networks. Any views
expressed in this message are those of the individual sender, except
where the message states otherwise and the sender is authorised to
state them to be the views of the sender's company.-The official User-To-User support forum of the Apache HTTP Server Project.See http://httpd.apache.org/userslist.html> for more info.To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]For additional commands, e-mail: 
[EMAIL PROTECTED]

[EMAIL PROTECTED] Possible Configuration Problem

[Carl Maloney]

I am a ultra beginner with Apache/PHP.  I got the server up and  running.  I can load up any html page/php file from my  browser.  I started a html file that has a "submit" button that is  suppose to launch a *.php file.  When I press the button, I first  got Error Message: 404, File not found.  In the html file I added  the file directory to the file name,  Pressed the "submit" button  and got Error Message 403: YOu don't have permission to access / on  this server.  Any ideas?  
		Brings words and photos together (easily) with 
PhotoMail  - it's free and works with Yahoo! Mail.

Re: [EMAIL PROTECTED] Open Proxy

[Emmanuel E]

which version of apache are you 
using? The proxy config typically looks like this:
 
=
ProxyRequests OnAllowCONNECT 443 563
...
#Your allow deny directives should go 
here. 


 


 
I am not sure whether  is the way to go.
 
Cheers,
Emmanuel

  - Original Message - 
  From: 
  Benjamin Neu 
  
  To: users@httpd.apache.org 
  Sent: Tuesday, February 07, 2006 6:24 
  AM
  Subject: [EMAIL PROTECTED] Open Proxy
  Can anyone help me secure my Apache proxy server. Here is the 
  problem.The box that I have on the net is NOT behind a firewall. It has 
  one NIC with a external IP.Order 
  deny,allowDeny from allAllow from 127.0.0.1That 
  is the mod_proxy configuration I have in place, I THOUGHT this might prevent 
  people on the net from pointing their browsers to my proxy and surfing freely, 
  but it has not. The ultimate goal I have is to just have it so that when I'm 
  ssh'd into my box that only I can use the proxy and not have it wide open. 
  I dont' know if I can close this up or not?

[EMAIL PROTECTED] Open Proxy

[Benjamin Neu]

Can anyone help me secure my Apache proxy server. Here is the problem.The box that I have on the net is NOT behind a firewall. It has one NIC with a external IP.


  Order deny,allow
  Deny from all
  Allow from 127.0.0.1

That is the mod_proxy configuration I have in place, I THOUGHT this might prevent people on the net from pointing their browsers to my proxy and surfing freely, but it has not. The ultimate goal I have is to just have it so that when I'm ssh'd into my box that only I can use the proxy and not have it wide open.
I dont' know if I can close this up or not?

[EMAIL PROTECTED] apache error: client denied access by server configuration

[George Moureau]

Can anyone help with this? I'm setting up a development server with  
httpd-2.2.0. I want to be able to develop and test multiple sites on  
this server. so far the only one I can get to is /usr/local/apache2/ 
htdocs, all others give me forbidden messages from my browser. I've  
set up virtual hosting and set up the Directory to allow all, but  
alas I still can't get to it from my browers (IE or Safari)I feel  
like I'm very close, but not there yet



help, don't know whatelse to try,

George Moureau
[EMAIL PROTECTED]
(706) 377-3360




-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Limit user per directory

[Cj B]

Hello, I have a question about limiting users to a direcotry,  
basically I want to limit the users to a certain directory. ie: user1  
would be limited to browsing user1's directory. Currently I am doing  
the following for each user in the htpasswd file:


Alias /user1 "/export/home/user1"

AuthName Admin
AuthType Basic
AuthUserFile /usr/local/apache1/conf/cliweb-passwd
Options None
AllowOverride None
Order allow,deny
Allow from all
require user user1


I was wondering if there's a faster way to do this, so that I don't  
have to create an entry for each user?


Thanks,
Chris Black
Jr. Client Operations Engineer

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] SSL / HTML question

[Joshua Slive]

On 2/6/06, Mark McCulligh <[EMAIL PROTECTED]> wrote:

> I think I now understanding the attack.  They are changing the response
> information when the login form is being sent to the user in plain
> text.

Yep.

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] SSL / HTML question

[Mark McCulligh]

Joshua Slive wrote:


On 2/6/06, Mark McCulligh <[EMAIL PROTECTED]> wrote:
 


This type of attack can be pulled off even if the login form is secured.
The attacker just has create a login page that looks like mine and get
the user to use it.  A lot of users won't realize they are on the wrong
website and the lock(secure) is missing.  We have all seen those Paypal
emails that try and get you to click on the link and login.
   



Yes, it is easy to fool the average user.  The difference with the
man-in-the-middle attack is that it would fool a relatively
sophisticated user.  There is essentially no way to tell your info is
about to be stolen unless you view-source and analyze the code.  For
the other attacks you mention, a quick look at the URL bar will tell
the story.  (But I agree that most users don't even bother to do
that.)
 

I think I now understanding the attack.  They are changing the response 
information when the login form is being sent to the user in plain 
text.  I first thought you where telling me the attacker was getting the 
user to go to a different URL and log in.


Mark.


Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

 




--
___
Mark McCulligh, Web Consultant
VisualTech Components www.VisualTech.ca
[EMAIL PROTECTED]
(519)318-7905


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] SSL / HTML question

[Joshua Slive]

On 2/6/06, Mark McCulligh <[EMAIL PROTECTED]> wrote:
>
> This type of attack can be pulled off even if the login form is secured.
> The attacker just has create a login page that looks like mine and get
> the user to use it.  A lot of users won't realize they are on the wrong
> website and the lock(secure) is missing.  We have all seen those Paypal
> emails that try and get you to click on the link and login.

Yes, it is easy to fool the average user.  The difference with the
man-in-the-middle attack is that it would fool a relatively
sophisticated user.  There is essentially no way to tell your info is
about to be stolen unless you view-source and analyze the code.  For
the other attacks you mention, a quick look at the URL bar will tell
the story.  (But I agree that most users don't even bother to do
that.)

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] SSL / HTML question

[Mark McCulligh]

Joshua Slive wrote:


On 2/6/06, Mark McCulligh <[EMAIL PROTECTED]> wrote:
 


The client should alway be logging
in on their website for I hope they reallize if they where not on their
website.
   



I'm not sure if you understood or not, but my point was that a
man-in-the-middle could make it look exactly like they were on their
own site.  He could simply replace the target URL on the form to point
to his own site.  (If you checked the URL-bar, you might see
after-the-fact that you had gone to the wrong site.  But the data
would already be stolen.)
 


I think you misunderstood my reply.  I was just trying to explain my setup.

This type of attack can be pulled off even if the login form is secured. 
The attacker just has create a login page that looks like mine and get 
the user to use it.  A lot of users won't realize they are on the wrong 
website and the lock(secure) is missing.  We have all seen those Paypal 
emails that try and get you to click on the link and login.


Mark.


Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

 




--
___
Mark McCulligh, Web Consultant
VisualTech Components www.VisualTech.ca
[EMAIL PROTECTED]
(519)318-7905


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] SSL / HTML question

[Joshua Slive]

On 2/6/06, Mark McCulligh <[EMAIL PROTECTED]> wrote:
> The client should alway be logging
> in on their website for I hope they reallize if they where not on their
> website.

I'm not sure if you understood or not, but my point was that a
man-in-the-middle could make it look exactly like they were on their
own site.  He could simply replace the target URL on the form to point
to his own site.  (If you checked the URL-bar, you might see
after-the-fact that you had gone to the wrong site.  But the data
would already be stolen.)

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] SSL / HTML question

[Mark McCulligh]

Joshua Slive wrote:


On 2/6/06, Mark McCulligh <[EMAIL PROTECTED]> wrote:
 


If you have a login html (http://www.ex.com/login.html) where the 
action is to a https website (https://www.ex2.com/login_script.php).
Will the login information be submitted encrypted. Or does the user
first have to be on to the secure website before loggin in?

Just wondering when you go from http(80) to https(443) when does the
data start to be secured?
   



Each request is independent.  So when the user hits the "POST" button,
a new request is started to the https server that will carry the data
encrypted.
But this scheme is subject to man-in-the-middle attacks.  An attacker
with access to the wire could replace login.html with his own page
that looks the same but directs the POST to his own server.   So
unless you have users that always carefully examine the web page
source code, you should make the form ecrypted as well.
 


Thanks Joshua, just what I wanted to know.

In short what I am doing is I have a couple static websites and one 
secure website they can login in to manage their website. The clients 
want the login form on their website and I don't what to purchase 
multiple SSL just for the login form. The client should alway be logging 
in on their website for I hope they reallize if they where not on their 
website. But as we all know users can be stupid or though emails ask you 
to click here to verify your credit card wouldn't still be out there.


Mark.


Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

 




--
___
Mark McCulligh, Web Consultant
VisualTech Components www.VisualTech.ca
[EMAIL PROTECTED]
(519)318-7905


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] SSL / HTML question

[Joshua Slive]

On 2/6/06, Mark McCulligh <[EMAIL PROTECTED]> wrote:
> If you have a login html (http://www.ex.com/login.html) where the 
> action is to a https website (https://www.ex2.com/login_script.php).
> Will the login information be submitted encrypted. Or does the user
> first have to be on to the secure website before loggin in?
>
> Just wondering when you go from http(80) to https(443) when does the
> data start to be secured?

Each request is independent.  So when the user hits the "POST" button,
a new request is started to the https server that will carry the data
encrypted.

But this scheme is subject to man-in-the-middle attacks.  An attacker
with access to the wire could replace login.html with his own page
that looks the same but directs the POST to his own server.   So
unless you have users that always carefully examine the web page
source code, you should make the form ecrypted as well.

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] SSL / HTML question

[Mark McCulligh]

If you have a login html (http://www.ex.com/login.html) where the  
action is to a https website (https://www.ex2.com/login_script.php).  
Will the login information be submitted encrypted. Or does the user 
first have to be on to the secure website before loggin in?


Just wondering when you go from http(80) to https(443) when does the 
data start to be secured?


Thanks,
Mark.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] Dual SAN certificate support

[Savage, Robert CTR USTRANSCOM J6]

Joe,

On a Linux host I could get you a stack backtrace in a jiffy. I've never
seen that done on a Winders machine, so I'll have to do some rummaging
around at MSDN.

I'll e-mail the certificate text you asked for directly to your e-mail
box rather than to the list.

--Doc
Robert G. (Doc) Savage, CISSP, RHCE, GCIA
Senior Systems Analyst
BAE Systems Information Technology
USTranscom J6-PI (TFMS)
E-mail: [EMAIL PROTECTED]


-Original Message-
From: Joe Orton [mailto:[EMAIL PROTECTED] 
Sent: Monday, February 06, 2006 4:13
To: Savage, Robert CTR USTRANSCOM J6
Cc: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] Dual SAN certificate support

On Fri, Feb 03, 2006 at 10:08:19AM -0600, Savage, Robert CTR USTRANSCOM
J6 wrote:
> Event Type: Error
> Event Source:   Service Control Manager
> Event Category: None
> Event ID:   7024
> Date:   2/2/2006
> Time:   8:20:18 AM
> User:   N/A
> Computer:   UNDERDOG
> Description:
> The Apache2 service terminated with service-specific error 1.
> 
> When I edit ssl.conf to point to a single-SAN certificate for another
> IP-based virtual web site, Apache starts up smartly with no errors.

Is it possible for you to debug this crash?  I don't know how to get a
stack backtrace on Win32 but that's what I'd to see to investigate this
any further.

Can you give the "openssl x509 -text" output of the certificate which 
causes the crash at startup?

joe

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Images are not shown

[Richard Vinke]

Thanks! This did the job!

Joshua Slive wrote:

  On 2/6/06, Richard Vinke <[EMAIL PROTECTED]> wrote:
  
  
Hello,

I installed the newest XAMPP package on a pentium1, 133MHz, 64MB.
With a simple index.html I test the server. But no images are visable at
the client. The access log file of apache says code 200 and the number
of bytes of the images. I assume, the code 200 is correct. At the client
(IE and FF), FF says the content of the image is 0 bytes. The ALT text
is working normaly. No error messages are found in the access file and
the error log file.

When I use the https://pentium1 the images are there! (whatch the 's'
after http)

  
  
EnableSendfile off

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See  for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

  

[EMAIL PROTECTED] Apache 2.055 Best Practices

[Rosado, Rodolfo CTR MDA/IOM]

Title: Apache 2.055 Best Practices






All, 


  I am attempting to redirect traffic incoming to an Apache server located in a DMZ to two machines behind my firewall.  My Apache server listens on both ports 443 and 80.  The traffic on port 443 is redirected via a JK2 connector to a Tomact 4.1.30 server and has no issues.  The traffic on port 80 is redirected to another machine running IIS using a reverse proxy.  I also have a third machine serving images.  All of the traffic from my DMZ to my backend servers must do so over 1 port. 




DocumentRoot "e:/apache2/htdocs2"

ServerName portal.mda.mil

ServerAdmin [EMAIL PROTECTED]

ErrorLog logs/error.log

TransferLog logs/access.log

ProxyRequests Off



Order deny,allow

Allow from all



ProxyPass /xyz http://xyzmachine:9030/xyz

ProxyPassReverse /xyz http://xyzmachine:9030/xyz

ProxyPass /imagerequest http://imagemachine:9030/imagerequest

ProxyPassReverse /imagerequest http://imagemachine:9030/imagerequest


My challenges are:

The pages are served correctly by the URL's are not being preserved, and the links on the served pages are also not being preserved.  

i.e.: 


An inbound request may look like:


http://www.sumplace.com/xyz/somefunction.htm


The page returned to the browser will have the url:


http://xyzmachine:9030/xyz/somefunction.htm


And the links on the page will also have the issue. 


I've tried using the ProxyPreserverHost directive, which really didn't help.  


Question:  How can I forward the URL to the backend and have all of the URL's return to the browser with the proper URL's?

Thanks for any assistance.


R2

 



  

RE: [EMAIL PROTECTED] Help! - question about file permissions and apache

[Boyle Owen]

 

> -Original Message-
> From: Michael McCullough [mailto:[EMAIL PROTECTED] 
> Sent: Montag, 6. Februar 2006 15:19
> To: users@httpd.apache.org
> Subject: Re: [EMAIL PROTECTED] Help! - question about file 
> permissions and apache
> 
> I have figured it out. But now I can't get it to work outside 
> of my computer. Having trouble with port 80. I have a Westell 
> 327 dsl modem/router and runing Windows XP Home. I had setup 
> a DNS account and gave my computer a static IP, but the DNS 
> site is saying they are getting another IP number from my 
> browser(Firefox) which is not the IP address I gave my 
> computer. Thanks! 

I may be wrong but I have a nasty feeling that you have installed apache on a 
home PC and think that's all there is to putting a website on the public 
internet (bar a coupla tweaks).

There's tons more to it...

- have you registered a domain name?
- have you informed the registrar of your primary DNS?
- have you been assigned an IP address by your ISP? (you don't just "give your 
computer a static IP address" any more than you give your phone a phone 
number...)
- does your domain name resolve to your assigned IP in public DNS? (Post them 
and we'll check).

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 


> 
> 
> 
> On 2/6/06, Boyle Owen <[EMAIL PROTECTED]> wrote:
> 
>   > -Original Message-
>   > From: Michael McCullough [mailto:[EMAIL PROTECTED]
>   > Sent: Samstag, 4. Februar 2006 19:56
>   > To: Apache
>   > Subject: [EMAIL PROTECTED] ] Help!
>   >
>   > Hi all, I am a newbi to Apache. I am setting up Apache on a
>   > Windows XP
>   > base PC and trying to figure out how to set the file
>   > permissions. Thanks!
>   
>   This question doesn't mean very much - most features of 
> apache should work straight away without any modification of 
> file permissions. What specifically do you want to do? What 
> specifically have you tried? What specifically is not 
> working? Quote error log messages in all posts... 
>   
>   Rgds,
>   Owen Boyle
>   Disclaimer: Any disclaimer attached to this message may 
> be ignored.
>   
>   >
>   > 
> -
>   > The official User-To-User support forum of the Apache HTTP 
>   > Server Project.
>   > See http://httpd.apache.org/userslist.html> for 
> more info.
>   > To unsubscribe, e-mail: 
> [EMAIL PROTECTED] 
>  
>   >"   from the digest: 
> [EMAIL PROTECTED]
>   > For additional commands, e-mail: [EMAIL PROTECTED]
>   >
>   >
>   Diese E-mail ist eine private und persönliche 
> Kommunikation. Sie hat keinen Bezug zur Börsen- bzw. 
> Geschäftstätigkeit der SWX Gruppe. This e-mail is of a 
> private and personal nature. It is not related to the 
> exchange or business activities of the SWX Group. Le présent 
> e-mail est un message privé et personnel, sans rapport avec 
> l'activité boursière du Groupe SWX. 
>   
>   
>   This message is for the named person's use only. It may 
> contain confidential, proprietary or legally privileged 
> information. No confidentiality or privilege is waived or 
> lost by any mistransmission. If you receive this message in 
> error, please notify the sender urgently and then immediately 
> delete the message and any copies of it from your system. 
> Please also immediately destroy any hardcopies of the 
> message. You must not, directly or indirectly, use, disclose, 
> distribute, print, or copy any part of this message if you 
> are not the intended recipient. The sender's company reserves 
> the right to monitor all e-mail communications through their 
> networks. Any views expressed in this message are those of 
> the individual sender, except where the message states 
> otherwise and the sender is authorised to state them to be 
> the views of the sender's company. 
>   
>   
> -
>   The official User-To-User support forum of the Apache 
> HTTP Server Project.
>   See http://httpd.apache.org/userslist.html > for more info.
>   To unsubscribe, e-mail: [EMAIL PROTECTED]
>  "   from the digest: 
> [EMAIL PROTECTED] 
>  
>   For additional commands, e-mail: [EMAIL PROTECTED]
>   
>   
> 
> 
> 
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen 
Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a 
private and personal nature. It is not related to the exchange or business 
activities of the SWX Group. Le présent e-mail est un message privé et 
personnel, sans rapport avec l'activité boursière du Groupe SWX.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://ht

Re: [EMAIL PROTECTED] Help! - question about file permissions and apache

[Michael McCullough]

I have figured it out. But now I can't get it to work outside of my computer. Having trouble with port 80. I have a Westell 327 dsl modem/router and runing Windows XP Home. I had setup a DNS account and gave my computer a static IP, but the DNS site is saying they are getting another IP number from my browser(Firefox) which is not the IP address I gave my computer. Thanks!
On 2/6/06, Boyle Owen <[EMAIL PROTECTED]> wrote:
> -Original Message-> From: Michael McCullough [mailto:[EMAIL PROTECTED]]> Sent: Samstag, 4. Februar 2006 19:56> To: Apache> Subject: [EMAIL PROTECTED]
] Help!>> Hi all, I am a newbi to Apache. I am setting up Apache on a> Windows XP> base PC and trying to figure out how to set the file> permissions. Thanks!This question doesn't mean very much - most features of apache should work straight away without any modification of file permissions. What specifically do you want to do? What specifically have you tried? What specifically is not working? Quote error log messages in all posts...
Rgds,Owen BoyleDisclaimer: Any disclaimer attached to this message may be ignored.>> -> The official User-To-User support forum of the Apache HTTP
> Server Project.> See http://httpd.apache.org/userslist.html> for more info.> To unsubscribe, e-mail: 
[EMAIL PROTECTED]>"   from the digest: [EMAIL PROTECTED]> For additional commands, e-mail: 
[EMAIL PROTECTED]>>Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a private and personal nature. It is not related to the exchange or business activities of the SWX Group. Le présent e-mail est un message privé et personnel, sans rapport avec l'activité boursière du Groupe SWX.
This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company.
-The official User-To-User support forum of the Apache HTTP Server Project.See http://httpd.apache.org/userslist.html
> for more info.To unsubscribe, e-mail: [EMAIL PROTECTED]   "   from the digest: 
[EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] only one ip per user (has many connections) can access resource at the same time ?

[Boyle Owen]

> -Original Message-
> From: tvlgiao [mailto:[EMAIL PROTECTED] 
> Sent: Montag, 6. Februar 2006 14:20
> To: users@httpd.apache.org
> Subject: Re: [EMAIL PROTECTED] only one ip per user (has many 
> connections) can access resource at the same time ?
> 
> 
> oh, i mean that  while a file is "transferring", the 
> connection is also "opening", isn't it ? with a large file, 
> the connection probably opens longer than small files 
> (sometimes we don't realize). the connection will be closed 
> when a file finished or user close web browser. 

It's not a connection. It's a series of data-packets sent using TCP/IP.
The large file is chopped into many packets that are sent by (possibly)
various routes and may arrive out-of-order or may need to be re-sent (if
some get lost).

The best you can hope for is "while the server is serving the request".
You could set a flag when the request is received and clear it when the
log is written (the log is only written at the end of the request).

> 
> writing server-side script i can check authentication, but 
> can not check whether user is downloading or not at that 
> moment. i thinks only web server can check that state.

a module may be able to hook into the state variables you'd need to
check to see this but it would not be trivial - you'd be into semaphores
and stuff like that...

> 
> 
> 
> 
>   Rgds,
>   Owen Boyle
>   Disclaimer: Any disclaimer attached to this message may 
> be ignored.
> 
> 
> anyway thanks for your reply.
> 
> cheers,
> tvlgiao 
> 
>
 
 
This message is for the named person's use only. It may contain confidential, 
proprietary or legally privileged information. No confidentiality or privilege 
is waived or lost by any mistransmission. If you receive this message in error, 
please notify the sender urgently and then immediately delete the message and 
any copies of it from your system. Please also immediately destroy any 
hardcopies of the message. You must not, directly or indirectly, use, disclose, 
distribute, print, or copy any part of this message if you are not the intended 
recipient. The sender's company reserves the right to monitor all e-mail 
communications through their networks. Any views expressed in this message are 
those of the individual sender, except where the message states otherwise and 
the sender is authorised to state them to be the views of the sender's company.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Images are not shown

[Joshua Slive]

On 2/6/06, Richard Vinke <[EMAIL PROTECTED]> wrote:
> Hello,
>
> I installed the newest XAMPP package on a pentium1, 133MHz, 64MB.
> With a simple index.html I test the server. But no images are visable at
> the client. The access log file of apache says code 200 and the number
> of bytes of the images. I assume, the code 200 is correct. At the client
> (IE and FF), FF says the content of the image is 0 bytes. The ALT text
> is working normaly. No error messages are found in the access file and
> the error log file.
>
> When I use the https://pentium1 the images are there! (whatch the 's'
> after http)

EnableSendfile off

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] only one ip per user (has many connections) can access resource at the same time ?

[tvlgiao]

2006/2/6, Boyle Owen <[EMAIL PROTECTED]>:
> -Original Message-> From: tvlgiao [mailto:[EMAIL PROTECTED]]> Sent: Sonntag, 5. Februar 2006 00:28> To: users@httpd.apache.org
> Subject: [EMAIL PROTECTED] only one ip per user (has many> connections) can access resource at the same time ?>> Hello all,>> How can I configure Apache to use mod_auth_mysql  to solve
> the following authentication theme:>> In brief: if A logs in and is downloading  (connection> established, IP is saved when he logs  in), no other user can> use A's account to  authenticate (because anyone else has
> different  IP.)>> If A logs in and is not downloading anything (no  connection,> session and A's IP is saved).  B can use A's account  to log> in (establish a new Connection, B's  session overrides A's as
> A hasn't start any connection).  Hence, Precisely at the time>  when B logs in, A is booted as B's session already overrides A's.You have a fundamental misunderstanding of HTTP. It is not a conection-based protocol (like the telephone), it is connection-less and stateless and works with the client and server exchanging messages (ie, it is electronic document mail-order). So, at the HTTP layer, you don't really have people "logged in" at all...
oh, i mean that  while a file is "transferring", the connection is also "opening", isn't it ? with a large file, the connection probably opens longer than small files (sometimes we don't realize). the connection will be closed when a file finished or user close web browser.
Having said all that, you can provide the illusion of sessions and statefullness, but only by loading an application on top of HTTP - this would be some form of session tracking using cookies, for example. For this, you need additional server-sided logic (eg, CGI, PHP, Cocoon, etc.) and it can't be done simply by configuring apache.
writing server-side script i can check authentication, but can not check whether user is downloading or not at that moment. i thinks only web server can check that state.
Rgds,Owen BoyleDisclaimer: Any disclaimer attached to this message may be ignored.anyway thanks for your reply.

cheers,
tvlgiao 

Re: [EMAIL PROTECTED] sumbol multiple-defined when compiling httpd 2.2.0 on Solaris 8

[Nico De Ranter]

On Mon, 2006-02-06 at 11:31 +, Joe Orton wrote:
> On Mon, Feb 06, 2006 at 09:51:10AM +0100, Nico De Ranter wrote:
> > thanks but I don't seem to be able to apply the patch (on a fresh
> > httpd-2.2.0 directory)
> > 
> > mena.[root]# cd httpd-2.2.0/srclib/apr
> > mena.[root]# patch -p1 < apr-1.2.2-random.patch
> >   Looks like a unified context diff.
> > Hunk #1 failed at line 57.
> > Hunk #2 failed at line 5.
> 
> Maybe the patch has been mangled in the download?  If not perhaps try a 
> GNU patch rather than whatever comes with Solaris.  The patch applies 
> cleanly to a 2.2.0 tarball.

Yep, you're right. Using patch on linux worked without problems.

Nico

> 
> joe
-- 
-
 "It has been said that there are only two businesses that
  refer to customers as users: illegal drug trade and
   the computer industry."
-
Nico De Ranter
Senior System Administrator
Sony Service Center (NSCE)
The Corporate Village, Da Vincilaan 7-D1
B-1935 Zaventem, Belgium
Telephone: +32 (0)2 700 86 41 Fax: +32 (0)2 700 86 22



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re[2]: [EMAIL PROTECTED] Many virtual hosts on 80 port and one on 443 (SSL)

[John]

mod_rewrite is not enabled in my server's configuration (well i don't
want to enable it)

Any other idea ?




From: Axel-Stéphane  SMORGRAV <[EMAIL PROTECTED]>
To: , "John" <[EMAIL PROTECTED]>
Date: Monday, February 6, 2006, 1:28:14 PM
Subject: [EMAIL PROTECTED] Many virtual hosts on 80 port and one on 443 (SSL)



  Monday, February 6, 2006, 1:28:14 PM, you wrote:

  > What about this:

> RewriteEngine ON
> RewriteCond %{HTTP_HOST} =virtualhost 
> RewriteRule .* - [F]


> or alternatively

> RewriteEngine ON
> RewriteCond %{HTTP_HOST} !=sslservername
> RewriteRule .* - [F]

> Instead or returning a HTTP 403 you could redirect the request to the 
> apropriate URL:

> RewriteEngine ON
> RewriteCond %{HTTP_HOST} !=sslservername
> RewriteRule ^(.*)$ http://%{HTTP_HOST}$1 [R]

> -ascs

> -Original Message-
> From: John [mailto:[EMAIL PROTECTED] 
> Sent: Monday, February 06, 2006 10:52 AM
> To: users@httpd.apache.org
> Subject: [EMAIL PROTECTED] Many virtual hosts on 80 port and one on 443 (SSL)

> Hi all

> I have set up a web server with many virtua users on 80 and a virtual host on 
> 443 port (SSL)

> Then if a user type a domain of any virtual host (except SSL)
> using the form https://virtualhost then it goes to the host on the
> 443.

> Well, i want to prevent that from accessing SSL using any domain (included in 
> my VHs)

> Any ideas?



> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]


> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]






-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] sumbol multiple-defined when compiling httpd 2.2.0 on Solaris 8

[Joe Orton]

On Mon, Feb 06, 2006 at 09:51:10AM +0100, Nico De Ranter wrote:
> thanks but I don't seem to be able to apply the patch (on a fresh
> httpd-2.2.0 directory)
> 
> mena.[root]# cd httpd-2.2.0/srclib/apr
> mena.[root]# patch -p1 < apr-1.2.2-random.patch
>   Looks like a unified context diff.
> Hunk #1 failed at line 57.
> Hunk #2 failed at line 5.

Maybe the patch has been mangled in the download?  If not perhaps try a 
GNU patch rather than whatever comes with Solaris.  The patch applies 
cleanly to a 2.2.0 tarball.

joe

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] Many virtual hosts on 80 port and one on 443 (SSL)

[Axel-Stéphane SMORGRAV]

What about this:

RewriteEngine ON
RewriteCond %{HTTP_HOST} =virtualhost 
RewriteRule .* - [F]


or alternatively

RewriteEngine ON
RewriteCond %{HTTP_HOST} !=sslservername
RewriteRule .* - [F]

Instead or returning a HTTP 403 you could redirect the request to the 
apropriate URL:

RewriteEngine ON
RewriteCond %{HTTP_HOST} !=sslservername
RewriteRule ^(.*)$ http://%{HTTP_HOST}$1 [R]

-ascs

-Original Message-
From: John [mailto:[EMAIL PROTECTED] 
Sent: Monday, February 06, 2006 10:52 AM
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] Many virtual hosts on 80 port and one on 443 (SSL)

Hi all

I have set up a web server with many virtua users on 80 and a virtual host on 
443 port (SSL)

Then if a user type a domain of any virtual host (except SSL) using the form 
https://virtualhost then it goes to the host on the 443.

Well, i want to prevent that from accessing SSL using any domain (included in 
my VHs)

Any ideas?



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] DNS

[Boyle Owen]

> -Original Message-
> From: info.raa [mailto:[EMAIL PROTECTED] 
> Sent: Montag, 6. Februar 2006 11:48
> To: Apache List
> Subject: [EMAIL PROTECTED] DNS
> 
> Greetings List!
> 
> Can anyone give me a hint about DNS?
> Or tell where can i find documentation or the how to?

Type "DNS howto" into Google and read the first hit.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

PS - it's http://www.tldp.org/HOWTO/DNS-HOWTO.html

> 
> Thanks.
> 
> Kbl
> 
> 
> -
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
> 
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen 
Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a 
private and personal nature. It is not related to the exchange or business 
activities of the SWX Group. Le présent e-mail est un message privé et 
personnel, sans rapport avec l'activité boursière du Groupe SWX.
 
 
This message is for the named person's use only. It may contain confidential, 
proprietary or legally privileged information. No confidentiality or privilege 
is waived or lost by any mistransmission. If you receive this message in error, 
please notify the sender urgently and then immediately delete the message and 
any copies of it from your system. Please also immediately destroy any 
hardcopies of the message. You must not, directly or indirectly, use, disclose, 
distribute, print, or copy any part of this message if you are not the intended 
recipient. The sender's company reserves the right to monitor all e-mail 
communications through their networks. Any views expressed in this message are 
those of the individual sender, except where the message states otherwise and 
the sender is authorised to state them to be the views of the sender's company.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] DNS

[info . raa]

Greetings List!

Can anyone give me a hint about DNS?
Or tell where can i find documentation or the how to?

Thanks.

Kbl


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Dual SAN certificate support

[Joe Orton]

On Fri, Feb 03, 2006 at 10:08:19AM -0600, Savage, Robert CTR USTRANSCOM J6 
wrote:
> Event Type: Error
> Event Source:   Service Control Manager
> Event Category: None
> Event ID:   7024
> Date:   2/2/2006
> Time:   8:20:18 AM
> User:   N/A
> Computer:   UNDERDOG
> Description:
> The Apache2 service terminated with service-specific error 1.
> 
> When I edit ssl.conf to point to a single-SAN certificate for another
> IP-based virtual web site, Apache starts up smartly with no errors.

Is it possible for you to debug this crash?  I don't know how to get a
stack backtrace on Win32 but that's what I'd to see to investigate this
any further.

Can you give the "openssl x509 -text" output of the certificate which 
causes the crash at startup?

joe

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Many virtual hosts on 80 port and one on 443 (SSL)

[John]

Hi all

I have set up a web server with many virtua users on 80 and a virtual
host on 443 port (SSL)

Then if a user type a domain of any virtual host (except SSL) using
the form https://virtualhost then it goes to the host on the 443.

Well, i want to prevent that from accessing SSL using any domain
(included in my VHs)

Any ideas?



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] Get original user host name through reverse proxy

[Axel-Stéphane SMORGRAV]

There was recently a thread on this subject on this list. The solution 
consisted of using a module that fiddles with the X-Forwarded-For header.

The exact name of the thread was "[EMAIL PROTECTED] reverse proxy - forward ip"

-ascs

-Original Message-
From: Mr Alex Eydelberg [mailto:[EMAIL PROTECTED] 
Sent: Monday, February 06, 2006 8:59 AM
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] Get original user host name through reverse proxy

Hello all,

I have Apache running on an externally accessible IP on port 80 along with 
mod_proxy installed. I have it properly forwarding to an internal machine on 
the LAN running IIS.

The issue that I'm hoping to resolve is that when I check the user host name 
field in the request, it returns the IP address of the Apache server, instead 
of the original user that requested the proxied page.
Is there any way to not have Apache act "properly" in this case and just 
forward on the original requestor?

Here is my virtual host configuration (domain names
obfuscated):


ServerName www.myserver.com
ProxyPass / http://internal.myserver.com/
ProxyPassReverse / http://internal.myserver.com/
HostnameLookups On
ErrorLog /local/logs/myserver-error_log
CustomLog /local/logs/myserver-access_log combined
Options FollowSymLinks ExecCGI Includes
AddOutputFilter Includes .html


Thank you!
Kevin

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] Reverse proxy with proxy-html

[Axel-Stéphane SMORGRAV]

I have not used mod_proxy_html extensively, and it has been a while now, but 
from the understanding I have it will do textual substitution of links in a 
HTML document with another string. Therefore nothing prevents you from using a 
pattern that will match any part of the link URL, including the method and 
host/port portions of the URL.

The following 

ProxyHTMLURLMap ^https?://server.backend.my/ https://url.public.my/ R

works very well for replacing the backend server URL with the public one. No 
need to save the URL path.

-ascs

-Original Message-
From: Errol Neal [mailto:[EMAIL PROTECTED] 
Sent: Saturday, February 04, 2006 12:16 AM
To: users@httpd.apache.org
Subject: RE: [EMAIL PROTECTED] Reverse proxy with proxy-html

On 2/3/06, Errol Neal <[EMAIL PROTECTED]> wrote:
>> I'm having some difficulty getting this to work the way I need it to.
>> does anyone have some time to provide some feed back and experiences?

You Wrote:
> Just some advice: That kind of comment rarely gets you anywhere on a
technical list. 

Yeah. It's just a lot of effort to put yourself out there like that..
Supply a bunch of information to a list of total strangers and at times, get no 
response whatsoever to your request for assistance. I just thought I would test 
the waters to determine if anyone out there was having a good day and wanted to 
actually SEE my problem to SEE if perhaps they could help before actually doing 
so. I don't know - guess it's my own insecurities or hate of rejection :)

Did that make any sense?

Anyhow Here I go:

I'm running http 2.0.52 on Centos 4.2. I'm trying throw a reverse proxy 
in-between a weblogic server to offload SSL processing. Because of the way this 
portal is coded, some of the links are hard coded with the original server's 
IP. This is why I have to rely upon mod_proxy-html. I am making some progress, 
but I am not getting the expected results. 

Here is my config file:


SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/iedportl.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/iedportl.key
ServerAdmin [EMAIL PROTECTED]
DocumentRoot /var/www/www_***_net/wwwroot
ServerName www.tripwire-dhs.net
CustomLog "|/usr/local/sbin/cronolog 
/var/www/www_***_net/logs/%Y-%m-%d-www_***_net.log" combined
ProxyRequests Off
ProxyPass / http://172.16.103.200:7004/

ProxyHTMLLogVerbose on
ProxyPassReverse / http://172.16.103.200:7004/
LogLevel Debug
SetOutputFilter proxy-html;DEFLATE

ProxyPassReverse /
SetOutputFilter proxy-html;DEFLATE
ProxyHTMLExtended on
ProxyHTMLURLMap /(.*) /$1 RL






Now, with that configuration, the results I get links on the page that have 
been rewritten, although wrong. Ive attached the relevant portion of my log 
file. If I view the link properties, I can tell that something is even more 
wrong.. Ive attached a screen shot of that also. 

In short, the links are rewritten as
http:/16.103.200:7004/IED/blahblahblah, but the original protocol was https and 
there is no redirection occuring that is complicating things, so is there 
anyone who used proxy-html with a reverse proxy? 


Thanks in advance..

Errol Neal


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] sumbol multiple-defined when compiling httpd 2.2.0 on Solaris 8

[Nico De Ranter]

Hi Joe,

thanks but I don't seem to be able to apply the patch (on a fresh
httpd-2.2.0 directory)

mena.[root]# cd httpd-2.2.0/srclib/apr
mena.[root]# patch -p1 < apr-1.2.2-random.patch
  Looks like a unified context diff.
Hunk #1 failed at line 57.
Hunk #2 failed at line 5.
Hunk #3 failed at line 150.
Hunk #4 failed at line 264.
Hunk #5 failed at line 310.
Hunk #6 failed at line 368.
Hunk #7 failed at line 448.
Hunk #8 failed at line 471.
Hunk #9 failed at line 483.
Hunk #10 failed at line 497.
Hunk #11 failed at line 524.
Hunk #12 failed at line 540.
Hunk #13 failed at line 561.
Hunk #14 failed at line 569.
Hunk #15 failed at line 584.
Hunk #16 failed at line 639.
Hunk #17 failed at line 694.
Hunk #18 failed at line 772.
Hunk #19 failed at line 795.
Hunk #20 failed at line 807.
Hunk #21 failed at line 821.
Hunk #22 failed at line 843.
Hunk #23 failed at line 860.
Hunk #24 failed at line 871.
Hunk #25 failed at line 892.
Hunk #26 failed at line 900.
Hunk #27 failed at line 915.
Hunk #28 failed at line 934.
Hunk #29 failed at line 946.
Hunk #30 failed at line 967.
Hunk #31 failed at line 975.
Hunk #32 failed at line 990.
32 out of 32 hunks failed: saving rejects to random/unix/sha2.h.rej

Nico



On Fri, 2006-02-03 at 16:05 +, Joe Orton wrote:
> On Fri, Feb 03, 2006 at 03:52:37PM +0100, Nico De Ranter wrote:
> > I'm trying to compile httpd 2.2.0 on Solaris 8.  When I do 'make
> > install' it stops with the following error messages:
> > 
> > ===
> > [..]
> > /usr/root/web/httpd-2.2.0/srclib/apr/libtool --silent --mode=link gcc -g
> > -O2 -pthreads
> > -L/usr/root/web/httpd-2.2.0/srclib/apr-util/xml/expat/lib
> > -L/openssl-0.9.8a/lib -R/openssl-0.9.8a/lib  -ldl -o ab -static ab.lo
> > -lm /usr/root/web/httpd-2.2.0/srclib/pcre/libpcre.la 
> > /usr/root/web/httpd-2.2.0/srclib/apr-util/libaprutil-1.la 
> > /usr/root/web/httpd-2.2.0/srclib/apr-util/xml/expat/lib/libexpat.la 
> > /usr/root/web/httpd-2.2.0/srclib/apr/libapr-1.la -lsendfile -lrt -lsocket 
> > -lnsl -lpthread -lssl -lcrypto
> > ld: fatal: symbol `SHA256_Transform' is multiply-defined:
> 
> To fix this issue, you can download this patch:
> 
> http://people.apache.org/~jorton/apr-1.2.2-random.patch
> 
> and apply it like this:
> 
> cd srclib/apr
> patch -p1 < apr-1.2.2-random.patch
> 
> this should be fixed out-of-the-box for the next httpd release.
> 
> joe
-- 
-
 "It has been said that there are only two businesses that
  refer to customers as users: illegal drug trade and
   the computer industry."
-
Nico De Ranter
Senior System Administrator
Sony Service Center (NSCE)
The Corporate Village, Da Vincilaan 7-D1
B-1935 Zaventem, Belgium
Telephone: +32 (0)2 700 86 41 Fax: +32 (0)2 700 86 22



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]