RE: [EMAIL PROTECTED] verifying and installing apache 2.0.5.8 in AIX/unix environment

[johnny page]

I have AIX 5.2 , so how do i tell if I have md5 or pgp on my system.



From: "Boyle Owen" <[EMAIL PROTECTED]>
Reply-To: users@httpd.apache.org
To: 
Subject: RE: [EMAIL PROTECTED] verifying and installing apache 2.0.5.8 in 
AIX/unix environment

Date: Fri, 12 May 2006 08:53:23 +0200

> -Original Message-
> From: johnny page [mailto:[EMAIL PROTECTED]
> Sent: Thursday, May 11, 2006 8:27 PM
> To: users@httpd.apache.org
> Subject: [EMAIL PROTECTED] verifying and installing apache
> 2.0.5.8 in AIX/unix environment
>
> How exactly do you verify the apache download?

This is explained here: http://httpd.apache.org/download.cgi#verify

Basically, you download the file linked to by [PGP] and/or [MD5] next to 
the distro you just downloaded and then you run one of the commands shown 
(depending on what you've got installed on your system). Personally, I use 
the MD5 signature since I have Gnu textutils (see link on the page). To 
verify, I do:


$ md5sum httpd-2.2.2.tar.gz

This returns a hex string which is the MD5 checksum of the data in the 
file. You I then compare this with the data in the [MD5] link and check the 
strings match. If they do, you can be sure that the file you just 
downloaded is the same as the one on the apache website and so nobody 
sneaked anything into the code...


Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.

>
> _
> Express yourself instantly with MSN Messenger! Download today
> - it's FREE!
> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>
>
> -
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen 
Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of 
a private and personal nature. It is not related to the exchange or 
business activities of the SWX Group. Le présent e-mail est un message 
privé et personnel, sans rapport avec l'activité boursière du Groupe SWX.



This message is for the named person's use only. It may contain 
confidential, proprietary or legally privileged information. No 
confidentiality or privilege is waived or lost by any mistransmission. If 
you receive this message in error, please notify the sender urgently and 
then immediately delete the message and any copies of it from your system. 
Please also immediately destroy any hardcopies of the message. You must 
not, directly or indirectly, use, disclose, distribute, print, or copy any 
part of this message if you are not the intended recipient. The sender's 
company reserves the right to monitor all e-mail communications through 
their networks. Any views expressed in this message are those of the 
individual sender, except where the message states otherwise and the sender 
is authorised to state them to be the views of the sender's company.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



_
Express yourself instantly with MSN Messenger! Download today - it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Can't connect to Apache HTTP server on Windows XP machine from a different machine on LAN

[kartikay malhotra]

Hi All!I am both a windows and Linux user. Previously I installed Apache HTTP Server for Linux. It works like a dream. I can connect to HTTP Server on my local machine from any machine on my LAN. I tried the same with windows. I downloaded and installed Apache 
2.2 for windows (XP), and I ran the service. Although I can access my local machine using http://localhost, http://127.0.0.1 or through its IP address (
http://107.108.89.158), I cannot connect from any other machine in my LAN. Why so?Please advise as to how to connect to my machine using http://107.108.89.158/ from a different machine on LAN.
Many ThanksKMP.S. Please suggest changes in the conf file, IIS, etc...

Re: [EMAIL PROTECTED] dbmmanage vs htdbm

[Ann Hopkins]

Thank you are a lifesaver.  That was it exactly.  I couldn't find
that option anywhere.  I bet if I looked at the Change Notes it was
probably there.

Paul Querna wrote:
> Ann Hopkins wrote:
>> Configuration:  Linux, Apache 2.2.2, PHP 5.1.3, and Modsecurity
>> 1.9.3, Perl 5.8.8
>>
>> I have a pre-existing user password file which worked fine until
>> Apache 2.2.2.
>>
>> I get an error message in the logs when a user and password is
>> entered correctly.
>>
>>
>> ...This function has not been implemented on this platform: could
>> not open dbm (type DB) auth file: /usr/local/apache/etc/users...
>>
>>
>> I can view the file using "dbmmanage", but not "htdbm" which gives
>> me the same message of "This function has not been implemented on
>> this platform"
>>
>> The files use "DB" and I am sure that it has something to do with
>> apache as this works with the "dbmmanage" perl script.
>>
>>
>> I configured apache using the following which has worked in the past.
>>
>> ./configure --prefix=/usr/local/apache --datadir=/home/www
>> --enable-so --enable-logio --enable-mime-magic --enable-info
>> --enable-rewrite --enable-expires --disable-userdir --enable-ssl
>> --enable-dav --enable-dav-fs --enable-authn-dbm --enable-authz-dbm
>> --enable-auth-digest
> 
> 
> Berkeley DB support was not enabled in APR-Util.  Add --with-berkeley-db
> and it should work.
> 


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] dbmmanage vs htdbm

[Paul Querna]

Ann Hopkins wrote:
> Configuration:  Linux, Apache 2.2.2, PHP 5.1.3, and Modsecurity
> 1.9.3, Perl 5.8.8
> 
> I have a pre-existing user password file which worked fine until
> Apache 2.2.2.
> 
> I get an error message in the logs when a user and password is
> entered correctly.
> 
> 
> ...This function has not been implemented on this platform: could
> not open dbm (type DB) auth file: /usr/local/apache/etc/users...
> 
> 
> I can view the file using "dbmmanage", but not "htdbm" which gives
> me the same message of "This function has not been implemented on
> this platform"
> 
> The files use "DB" and I am sure that it has something to do with
> apache as this works with the "dbmmanage" perl script.
> 
> 
> I configured apache using the following which has worked in the past.
> 
> ./configure --prefix=/usr/local/apache --datadir=/home/www
> --enable-so --enable-logio --enable-mime-magic --enable-info
> --enable-rewrite --enable-expires --disable-userdir --enable-ssl
> --enable-dav --enable-dav-fs --enable-authn-dbm --enable-authz-dbm
> --enable-auth-digest


Berkeley DB support was not enabled in APR-Util.  Add --with-berkeley-db
and it should work.



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] dbmmanage vs htdbm

[Bill Jones]

On 5/12/06, Ann Hopkins <[EMAIL PROTECTED]> wrote:

Configuration:  Linux, Apache 2.2.2, PHP 5.1.3, and Modsecurity
1.9.3, Perl 5.8.8

I have a pre-existing user password file which worked fine until
Apache 2.2.2.


This version of mod-security I have found to work correctly with
2.2.2: http://www.modsecurity.org/download/modsecurity-apache_2.0.0-dev1.tar.gz

But I'm on Ubuntu 5.10 PPC -- YMMV.

HTH/Sx =)
--
WC (Bill) Jones -- http://youve-reached-the.endoftheinternet.org/

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] dbmmanage vs htdbm

[Ann Hopkins]

Configuration:  Linux, Apache 2.2.2, PHP 5.1.3, and Modsecurity
1.9.3, Perl 5.8.8

I have a pre-existing user password file which worked fine until
Apache 2.2.2.

I get an error message in the logs when a user and password is
entered correctly.


...This function has not been implemented on this platform: could
not open dbm (type DB) auth file: /usr/local/apache/etc/users...


I can view the file using "dbmmanage", but not "htdbm" which gives
me the same message of "This function has not been implemented on
this platform"

The files use "DB" and I am sure that it has something to do with
apache as this works with the "dbmmanage" perl script.


I configured apache using the following which has worked in the past.

./configure --prefix=/usr/local/apache --datadir=/home/www
--enable-so --enable-logio --enable-mime-magic --enable-info
--enable-rewrite --enable-expires --disable-userdir --enable-ssl
--enable-dav --enable-dav-fs --enable-authn-dbm --enable-authz-dbm
--enable-auth-digest

The sections that don't work are typical of the following..

">
AllowOverride AuthConfig
AuthName "Happy Anniversary"
AuthType Basic
AuthBasicProvider dbm
AuthDBMType DB
AuthzDBMType DB
AuthDBMUserFile /usr/local/apache/etc/users
AuthDBMGroupFile /usr/local/apache/etc/users
Require group family


Is there anything I am missing that has changed?

Thank you...



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Revisiting apache startup failure SSLCertificateFile erro

[Rex Brooks]

I added the last couple of messages in this 
thread back into the last reply to which I am 
responding.


I was busy all week with the OASIS Symposium 2006.

I want to be clear that I have Apache2.0 
installed on RedHatEnterprise Linux using all the 
included packages. The location of the 
SSLCertificateFile  and SSLCertificateKeyFile 
match the locations in ssl.conf file in the 
conf.d directory from which all .conf files are 
loaded by httpd.conf.


The error message I get in the error log when 
attempting to start httpd remains:


[Mon May 08 06:20:22 2006] [error] Server should 
be SSL-aware but has no certificate configured 
[Hint: SSLCertificateFile]


So I am missing something because it seems to me 
the I have the certificate configured correctly.


My intention to reintall apache was thwarted when 
I unchecked the webserver from the Add or Remove 
Packages list and clicked update, I got the 
message: Package Not Found: php   required by 
<'php-pear', '4.3.9, '3.6').


This is an anomaly similar to the message I get 
that DocumentRoot 
/home/rexb/jakarta-tomcat-5.0.28 does not exist.


So, for now I can't even reinstall Apache and 
then rebuild the portal and registry.


So, I am back to asking if I am missing something 
in the configuration of the certificate or 
pointing to it.


Please note that I tried several ways to build 
and references Certificate-Key files.


Regards,
Rex

At 2:42 PM +0200 5/9/06, Axel-Stéphane  SMORGRAV wrote:

 No need to reinstall Apache. This is only a configuration issue.

You need to tell Apache where to find the
- Server certificate
- Private key associated with the server certificate
- CA Certificate

From your httpd.conf file, you probably include 
a configuration file called ssl.conf. This 
include directive may be enclosed within a 
condition like . Chances are that 
the SSL variable is not defined and therefore 
the ssl.conf file is not loaded. You can remove 
this condition altogether (and the associated 
), or you can start Apache with the 
command "apachectl startssl" rather than 
"apachectl start".


The module mod_info is very useful for 
determining exactly what configuation directives 
have been loaded into Apache by requesting 
http://myserver.mydomain.com/server-info which 
will give you a list of all loaded modules and 
all associated configuration directives.


-ascs

-Original Message-
From: Rex Brooks [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 09, 2006 2:10 PM
To: Richard de Vries
Cc: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] Correction & 
Question: SSLCertificateFile: RedHat (RHEL4) 
apache startup failure: 
ebxml-registry-repository on tomcat on port 
6480, with Mambo LAMP Portal on port 8080: 
Despite Self-Signed Cert: [error] Server should 
be SSL-aware but ha


Here is the httpd error_log for that sequence:

[Mon May 08 06:20:21 2006] [notice] core dump file size limit raised
to 4294967295 bytes
[Mon May 08 06:20:22 2006] [notice] suEXEC mechanism enabled
(wrapper: /usr/sbin/suexec)
[Mon May 08 06:20:22 2006] [error] Server should be SSL-aware but has
no certificate configured [Hint: SSLCertificateFile]

It's beginning to look like I will have to reinstall apache.

Regards,
Rex


Thanks Richard,

I appreciate that you took the time to answer. So 
far you are the only one. This installation is on 
RedHat Enterprise Linux4 and Apache2.0 and I have 
tried the Key-Certificate generation instructions 
detailed in the System Administration Guide Ch. 
26.6-26.8,


I tried the freebsd instructions at the url you 
advised, and what happened was that the 
certificate signing request could not open the 
key. I have also downloaded and tried with 
openssl-0.9.8b. I was able to generate the 
server.key and server.crt but httpd still does 
not start.


The Admin Guide instructions also result in what 
ought to be a valid server key in the ssl.key 
directory and a server.crt in the ssl.crt 
directory as specified in the ssl.conf file in 
the /etc/httpd/conf directory, but httpd still 
does not start


Here is the terminal output when attempting to start httpd:

[EMAIL PROTECTED] ~]# service httpd start
Starting httpd: [Mon May 08 06:20:21 2006] [warn] 
The Alias directive in /etc/httpd/conf/httpd.conf 
at line 557 will probably never match because it 
overlaps an earlier AliasMatch.

Warning: DocumentRoot [/home/xxx/jakarta-tomcat-5.0.28] does not exist
   [FAILED]
[EMAIL PROTECTED] ~]#

Here is the httpd error_log for that sequence:

[Mon May 08 06:20:21 2006] [notice] core dump 
file size limit raised to 4294967295 bytes
[Mon May 08 06:20:22 2006] [notice] suEXEC 
mechanism enabled (wrapper: /usr/sbin/suexec)
[Mon May 08 06:20:22 2006] [error] Server should 
be SSL-aware but has no certificate configured 
[Hint: SSLCertificateFile]


It's beginning to look like I will have to reinstall apache.

Regards,
Rex



what error are you getting?

Try following the instructions at this UR

Re: [EMAIL PROTECTED] https to http proxy with Apache

[Bo Najdrovsky]

Brian Rectanus wrote:


It would help to post the tomcat-workers.conf, but I'll take a guess
and assume this is what it looks like:

LB1  andy:8012
LB2  andy:8022
LB3  andy:8032
LB3  andy:8042
ALL  andy:8012|andy:8022|andy:8032|andy:8042


Yep, that's exactly what it looks like.




Does it make a difference with ProxyPreserveHost Off?  My thought is
that the backend server is seeing the original Host header which is
www.foo.bar and basing the Location header off that instead of the
andy:* Host header.


Well, if set ProxyPreserveHost to Off, then the URL's actually change 
from the original host to http://andy/webapp  (i.e. the back end server) 
Notice that  they still lose the https and change to http.





Anyhow, just a shot in the dark.

-B

-
The official User-To-User support forum of the Apache HTTP Server 
Project.

See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Re: Mod_auth_radius

[Joost de Heer]

Mike VanHorn wrote:
>
>> Did you load all the needed modules? You need mod_auth_basic.so for
>> basic
>> authentication.
>
> Yes. Well, I think so, anyway. I'm looking in to mod_authnz_external now,
> as
> it comes with a radius authenticator, and adheres to the new
> authentication
> model that Apache 2.1/2.2.x introduced. From reading the documentation for
> mod_authnz_external, it sounds like mod_auth_radius isn't working because
> it
> isn't communication back to mod_auth_basic, so mod_auth_basic fails and
> that's why I get the error.

Get mod_auth_xradius from www.outoforder.cc, and compile it with
-DUSING_2_1_RECENT (to activate the new AAA code). After that, configure
it as documented, and use 'AuthBasicProvider xradius' to set it as the
basic authentication provider.

Joost


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Using SSI trough mod_rewrite+mod_proxy

[Joshua Slive]

On 5/12/06, Domingos Parra Novo <[EMAIL PROTECTED]> wrote:


OB: almost forgot to note, I'm using Apache 1.3.33 on both groups of
machines, and unless it is really mandatory, I'm unable to update them
to Apache 2.0/2.2. :(


Using mod_include as a filter (which is exactly what you are trying to
do) will only work in 2.x.

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] https to http proxy with Apache

[Brian Rectanus]

On 5/12/06, Bo Najdrovsky <[EMAIL PROTECTED]> wrote:

Boyle Owen wrote:
> Let's focus on this bit:
>
>
>> however whenever there is an incoming POST
>> from a form in the web application, the response from the
>> Tomcat causes
>> a switch to HTTP, where I need it to remain HTTPS.
>>
>
> I'm not sure I completely understand.. When you say, "causes a switch to HTTP", I 
assume you mean that after you submit the form, the browser address window changes to "http" 
(typically, this would be the acknowledgement page). If so, then the browser must be getting a 
redirect that tells it to do this.
>
> If not, can you explain in more detail exactly what happens at this point.
>


Well, essentially, what I'm trying to accomplish is this method of load
balancing:

 
http://tomcat.apache.org/tomcat-5.0-doc/balancer-howto.html#Using%20Apache%202%20with%20mod_proxy%20and%20mod_rewrite

but have the connection between the browser and the Apache httpd be over
https instead of http.

The problem that I'm seeing is that some of the URLs  that come from the
Tomcat managed application lose the https and revert back to http.  It
looks like it happens only in actions that originate from the web
application.When I posted my message yesterday, I suspected that it
had something to do with POST, but upon further investigation, I think
it happens with any URL, which originates from Tomcat, (and
consequently, it happens with POST request processing, since the
resulting URL is determined by the web application).

   For example, there is a login screen in the web application. Getting
to the login screen over https is no problem, and it renders correctly.
When I fill in the user id and password and click the login button, this
causes the form to be submitted to the servlet which processes it and
determines the forwarding action (i.e. the URL the first screen of the
application). The problem is that the URL of this forwarding action is
now HTTP instead of HTTPS when it gets back to the browser.

I hope that makes it a little clearer, it's kind of difficult to explain
in email messages.



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





It would help to post the tomcat-workers.conf, but I'll take a guess
and assume this is what it looks like:

LB1  andy:8012
LB2  andy:8022
LB3  andy:8032
LB3  andy:8042
ALL  andy:8012|andy:8022|andy:8032|andy:8042

Does it make a difference with ProxyPreserveHost Off?  My thought is
that the backend server is seeing the original Host header which is
www.foo.bar and basing the Location header off that instead of the
andy:* Host header.

Anyhow, just a shot in the dark.

-B

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Using SSI trough mod_rewrite+mod_proxy

[Domingos Parra Novo]

Hiyas,

	I have a slow backend server (running apache 1.3 + vignette), which 
does some SSI to generate content to our users.


	The "load" on these servers is quite high right now. I'm trying to 
remove the SSI processing on these hosts, in an atempt to lower the CPU 
usage of those machines.


	What I want to do is configure a pool of "frontend" apache servers, 
accessing the backend servers trough mod_rewrite and mod_proxy. SSI is 
already disabled on the backend servers, and then, I already get the 
proxied pages with the SSI directives not yet parsed (and teorically, 
ready to be parsed by my frontend servers).


	But, (hope it is not a FAQ question) when my frontend servers fetches 
the html page from my backend servers (via mod_proxy), no matter what I 
do on my configuration, mod_includes refuses to parse the requested page 
on my frontend servers too (I.e., I'm unable to make any SSI content to 
be parsed, if its from mod_proxy, and not directly from the filesystem).


	Is there anything I'm able to do, to solve this issue? If this is just 
matter of configuration, even better. But I'm not afraid of doing 
patches on apache's source code, in case it is needed.


OB: almost forgot to note, I'm using Apache 1.3.33 on both groups of 
machines, and unless it is really mandatory, I'm unable to update them 
to Apache 2.0/2.2. :(


Thanks in advance,

Domingos.

--
Domingos Parra Novo
Coordenador de Projetos
Terra Networks Brasil S/A
Tel: +55(51)3284-4275

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] passing request to the server

[Brian Rectanus]

I'll assume you are just testing some code and trying to learn.  In
that case, I think you just overlooked a missed else in there (better
indention might help see that):

   if (!strcmp(r->uri,"/tiago/precisas/index1.htm")){
   r->uri = "/tiago/imprecisas/index1.htm";
   }
   /* Insert else here */
   else {
   ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,"print_test2: %s",
r->uri);
   return HTTP_NOT_FOUND;
   }

Or it is going to hit HTTP_NOT_FOUND on match or not.

-B

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] Name-based Virtual Hosts and Reverse Proxy with ProxyPreserveHost On

[Vic Feria]

Here is a simpler way: (This works only if the other server is within the
LAN). I have the drive from the other server mapped into the main server. In
the config file I entered, in your case if would look like this:


Alias /bb "D:/phpBB2"
# where D is the mapped drive with the directory /phpBB2

AllowOverride None
Options None
Order allow,deny
Allow from all


###

Then http://www.foo.com/bb fire up your phpBB2 application.


-Original Message-
From: Brian Bonner [mailto:[EMAIL PROTECTED] 
Sent: Friday, May 12, 2006 12:00 PM
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] Name-based Virtual Hosts and Reverse Proxy with
ProxyPreserveHost On


Hello.

I have a Apache 2.2 setup in a reverse proxy configuration.

On the Proxy Server I have:

NameVirtualHost  *:80


ServerAdmin [EMAIL PROTECTED]
DocumentRoot /var/www/foo/html
ServerName www.foo.com
ErrorLog logs/www.foo.com-error_log
CustomLog logs/www.foo.com-access_log common

ProxyPreserveHost On

ProxyPassReverseCookiePath /JSPWiki /wiki
ProxyPass   /wiki   http://app1.internal.com:8080/JSPWiki
ProxyPassReverse/wiki   http://app1.internal.com:8080/JSPWiki

ProxyPass   /bbhttp://app1.internal.com/phpBB2
ProxyPassReverse/bbhttp://app1.internal.com/phpBB2

ProxyPass  /  http://app1.internal.com/
ProxyPassReverse  /   http://app1.internal.com/





ServerAdmin [EMAIL PROTECTED]
DocumentRoot /var/www/bar/html
ServerName www.bar.com
ErrorLog logs/www.bar.com-error_log
CustomLog logs/www.bar.com-access_log common

ProxyPreserveHost On

ProxyPassReverseCookiePath /JSPWiki /wiki
ProxyPass   /wiki   http://app1.internal.com:8080/JSPWiki
ProxyPassReverse/wiki   http://app1.internal.com:8080/JSPWiki

ProxyPass   /bb   http://app1.internal.com/phpBB2
ProxyPassReverse/bbhttp://app1.internal.com/phpBB2

ProxyPass  /  http://app1.internal.com/
ProxyPassReverse  /   http://app1.internal.com/



On the internal box  (app1.internal.com) I have:

NameVirtualHost  *:80

ServerAdmin [EMAIL PROTECTED]
DocumentRoot /var/www/html
ServerName www.foo.com
ErrorLog logs/www.foo.com-error_log
CustomLog logs/www.foo.com-access_log common



ServerAdmin [EMAIL PROTECTED]
DocumentRoot /var/www/bar/html
ServerName www.bar.com
ErrorLog logs/www.bar.com-error_log
CustomLog logs/www.bar.com-access_log common



My intent was to be able to add virtual hosts to the configuration files of
the two servers and not have to setup separate IP Addresses for the virtual
hosts to proxy to.

When I access http://www.foo.com/wiki,  it returns:
404
The requested URL /JSPWiki/ was not found on this server.

The log on the proxy server is generating this request which doesn't make
any sense since it's being proxied.

When I access http://www.foo.com/bb,  it returns:
404
The requested URL /phpBB2/ was not found on this server.


I'd prefer not to have the reverse proxy pass *everything* through to the
back end server that is doing the virtual hosting and then proxy it again.
I don't believe this is how it should work, but I need some advice.  Again,
I was trying to get around having to configure separate DNS Entries for the
virtual hosts that sit on the same box. I guess I can go back to this, but I
thought this should work.

Any insight would be helpful.

Thanks.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info. To
unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-- 
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.392 / Virus Database: 268.5.6/337 - Release Date: 5/11/2006
 

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.392 / Virus Database: 268.5.6/337 - Release Date: 5/11/2006
 


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] mod_dav_svn.so error on startup

[Jay G. Scott]

hi,

newbie to apache building; not a newbie otherwise.

apachectl start

yields this error:

Syntax error on line 232 of /opt/depot/httpd-2.0.58/conf/httpd.conf:
Cannot load /opt/depot/httpd-2.0.58/modules/mod_dav_svn.so into server:
ld.so.1: /opt/depot/httpd-2.0.58/bin/httpd:
fatal: relocation error:
file /opt/depot/httpd-2.0.58/modules/mod_dav_svn.so:
symbol dav_xml_get_cdata: referenced symbol not found

line 232:
LoadModule dav_svn_module modules/mod_dav_svn.so

ah, yess  i should mention that i'm trying to get subversion
and apache to play nice.  subversion is 1.3.1.


set GPACK=httpd-2.0.58
set SSLVER=openssl-0.9.7g
set ZVER=zlib-1.2.1
set APR=apr-1.2.7
set APU=apr-util-1.2.7

./configure --prefix=/opt/depot/$GPACK  \
--enable-ssl --with-ssl=/opt/depot/$SSLVER  \
--with-z=/opt/depot/$ZVER   \
--enable-so \
--enable-info   \
--enable-cgi\
--enable-status \
--enable-proxy  \
--enable-rewrite\
--enable-proxy-connect  \
--enable-proxy-http \
--enable-proxy-ftp

there may be something aggressively foolish about that configure;
lemme know  i stole many options from someone else's old notes.

-- 
Jay Scott   512-835-3553[EMAIL PROTECTED]
Head of Sun Support, Sr. Operating Systems Specialist
Applied Research Labs, Computer Science Div.   S224
University of Texas at Austin

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] authentication help - trying to provide PAM auth

[Louis LeBlanc]

Hey folks.

I'm having some difficulties with an authorization configuration.

I am running Apache 2.0.58, though upgrading to the 2.2 release is not out
of the question if it will help achieve the goal.  This is running on a
FreeBSD 5.4_RELEASE-p12 system, and is connected to a backend Tomcat
server via mod_jk.  Mod_perl is also installed.

My goal is to allow a secure (HTTPS), password protected DAV folder for
all users in the system users group.  Part of that goal is to require
password access using their system (shell) password.  Most of these users
cannot shell in from outside, an I'd like to require the digest password
method.

I do have Cyrus Sasl2 installed, which is tied to the PAM authentication
module, but I can't find a (working) module for either pam or sasl.  There
is a port for mod_auth_pwcheck, which is supposed to work with SASL, but
it won't even build.  I'd get into the code and fix it, but I haven't time
now.

I've found a mod_auth_pam2 port, which builds fine and appears to work up
until I try to authenticate.  Then I get the following:

[Fri May 12 12:18:21 2006] [error] [client xx.xxx.xxx.xxx] PAM: user
'somebody' - not authenticated: authentication error

I don't get any other info, even though I have LogLevel Info set.  I'm
sure the password I'm using is right.  I've checked the auth logs, and
they show no authorization failures.

My system is using shadow passwords, but I'm not keen on fiddling with the
shadow files permissions.  I'd rather hoped the module would authenticate
the same way the sasl or imap modules do.

BTW, I have included the httpd config in the /etc/pam.d file.

Any ideas or suggestions for a known working method of providing PAM
authentication would be welcome.

Lou

-- 
Louis LeBlanc   [EMAIL PROTECTED]
Fully Funded Hobbyist,   KeySlapper Extrordinaire :þ
http://www.keyslapper.net   Ô¿Ô¬


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Web Server Performace Issues

[edward . dunkle]

We have been testing with the following
tunings on a similar linux box.  I would be interested to here if
your performance improves with this:

Linux Tuning :

set the following values in /etc/sysctl.conf

kernel.msgmni = 1024
kernel.sem = 1000 32000 32 512
fs.file-max = 2097152
fs.inode-max = 8388608
kernel.shmmax =      
 2147483648
### net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_syn_backlog = 1024

### some of these are invalid
net.ipv4.tcp_rfc1337=1
### some say use 1800
net.ipv4.tcp_keepalive_time=120
net.ipv4.tcp_keepalive_intvl=15
net.ipv4.tcp_keepalive_probes=4 
net.ipv4.tcp_max_orphans=256

# increase TCP max buffer size
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
# increase Linux autotuning TCP buffer
limits
# min, default, and max number of bytes
to use
net.ipv4.tcp_rmem = 4096 87380 16777216

net.ipv4.tcp_wmem = 4096 65536 16777216
net.ipv4.route.flush=1

#
# Decrease the time default value for
tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 30
# Turn off the inefficient tcp options
net.ipv4.tcp_window_scaling = 0
net.ipv4.tcp_sack = 0
net.ipv4.tcp_timestamps = 0

sysctl -p
/etc/rc.d/init.d/network restart

vi /etc/security/limits.conf
web          soft
   nofile  8192
web          hard
   nofile  65536

/etc/rc.d/init.d/sshd restart

Apache:
insert the follwing line into bin/envvars
to fix Apache memory handling on Enterprise Linux:
export LD_ASSUME_KERNEL=2.4.1

Also, I think this might work better:

    ServerLimit          64
    ThreadLimit        2048
    StartServers         12
    MaxClients         2048
    MinSpareThreads       1
    MaxSpareThreads      32
    ThreadsPerChild      32
    MaxRequestsPerChild   0


If you are confident you are not losing
memory, fine.  Otherwise use something like:
MaxRequestsPerChild 1024

[EMAIL PROTECTED] Name-based Virtual Hosts and Reverse Proxy with ProxyPreserveHost On

[Brian Bonner]

Hello.

I have a Apache 2.2 setup in a reverse proxy configuration.

On the Proxy Server I have:

NameVirtualHost  *:80


   ServerAdmin [EMAIL PROTECTED]
   DocumentRoot /var/www/foo/html
   ServerName www.foo.com
   ErrorLog logs/www.foo.com-error_log
   CustomLog logs/www.foo.com-access_log common

   ProxyPreserveHost On

   ProxyPassReverseCookiePath /JSPWiki /wiki
   ProxyPass   /wiki   http://app1.internal.com:8080/JSPWiki
   ProxyPassReverse/wiki   http://app1.internal.com:8080/JSPWiki

   ProxyPass   /bbhttp://app1.internal.com/phpBB2
   ProxyPassReverse/bbhttp://app1.internal.com/phpBB2

   ProxyPass  /  http://app1.internal.com/
   ProxyPassReverse  /   http://app1.internal.com/





   ServerAdmin [EMAIL PROTECTED]
   DocumentRoot /var/www/bar/html
   ServerName www.bar.com
   ErrorLog logs/www.bar.com-error_log
   CustomLog logs/www.bar.com-access_log common

   ProxyPreserveHost On

   ProxyPassReverseCookiePath /JSPWiki /wiki
   ProxyPass   /wiki   http://app1.internal.com:8080/JSPWiki
   ProxyPassReverse/wiki   http://app1.internal.com:8080/JSPWiki

   ProxyPass   /bb   http://app1.internal.com/phpBB2
   ProxyPassReverse/bbhttp://app1.internal.com/phpBB2

   ProxyPass  /  http://app1.internal.com/
   ProxyPassReverse  /   http://app1.internal.com/



On the internal box  (app1.internal.com) I have:

NameVirtualHost  *:80

   ServerAdmin [EMAIL PROTECTED]
   DocumentRoot /var/www/html
   ServerName www.foo.com
   ErrorLog logs/www.foo.com-error_log
   CustomLog logs/www.foo.com-access_log common



   ServerAdmin [EMAIL PROTECTED]
   DocumentRoot /var/www/bar/html
   ServerName www.bar.com
   ErrorLog logs/www.bar.com-error_log
   CustomLog logs/www.bar.com-access_log common



My intent was to be able to add virtual hosts to the configuration
files of the two servers and not have to setup separate IP Addresses
for the virtual hosts to proxy to.

When I access http://www.foo.com/wiki,  it returns:
404
The requested URL /JSPWiki/ was not found on this server.

The log on the proxy server is generating this request which doesn't
make any sense since it's being proxied.

When I access http://www.foo.com/bb,  it returns:
404
The requested URL /phpBB2/ was not found on this server.


I'd prefer not to have the reverse proxy pass *everything* through to
the back end server that is doing the virtual hosting and then proxy
it again.  I don't believe this is how it should work, but I need some
advice.  Again, I was trying to get around having to configure
separate DNS Entries for the virtual hosts that sit on the same box.
I guess I can go back to this, but I thought this should work.

Any insight would be helpful.

Thanks.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] passing request to the server

[Bill Jones]

Skip using mod_rewrite or mod_proxy and just do Redirect/RedirectMatch

Redirect permanent /tiago/precisas
http://my.application.server.com/tiago/imprecisas

--
WC (Bill) Jones -- http://youve-reached-the.endoftheinternet.org/

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Web Server Performace Issues

[Joshua Slive]

On 5/12/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:

Hey Guys,

I have a web server running:

apache - httpd-2.2.0
php - php-5.1.2

The site that is hosted on this server has very high traffic and is on a
50mbit bandwidth:

qdisc tbf 8006: dev eth0 rate 50Mbit burst 1531b lat 48.8ms

The problem is that during peak hours (sometimes during normal hours) this
system becomes very slow and the commands take longer to execute.  Also
the site becomes really slow.  We have tweaked the followng httpd options:


ServerLimit  80
StartServers 10
MaxClients 1995
MinSpareThreads  25
MaxSpareThreads  75
ThreadsPerChild  35
MaxRequestsPerChild   0


Also, I have made sure that HostnameLookups is Off.  The following is the
server hardware info:

Dual Intel(R) Xeon(TM) CPU 2.66GHz
2GB of ram

I have added 4GB of swap space to this server as well.  However, none of
these changes have improved performance.  Any ideas what I might be able
to do to make this server perform better?

Any suggestions or comments would be grately appreciated.


You need to start with a little more investigation.  Use a tool like
"top" to see if you are running out of memory or some other resource.

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] https to http proxy with Apache

[Bo Najdrovsky]

Boyle Owen wrote:

Let's focus on this bit:

  
however whenever there is an incoming POST 
from a form in the web application, the response from the 
Tomcat causes 
a switch to HTTP, where I need it to remain HTTPS.  



I'm not sure I completely understand.. When you say, "causes a switch to HTTP", I assume 
you mean that after you submit the form, the browser address window changes to "http" 
(typically, this would be the acknowledgement page). If so, then the browser must be getting a 
redirect that tells it to do this.

If not, can you explain in more detail exactly what happens at this point.
  



Well, essentially, what I'm trying to accomplish is this method of load 
balancing:


http://tomcat.apache.org/tomcat-5.0-doc/balancer-howto.html#Using%20Apache%202%20with%20mod_proxy%20and%20mod_rewrite

but have the connection between the browser and the Apache httpd be over 
https instead of http.  

The problem that I'm seeing is that some of the URLs  that come from the 
Tomcat managed application lose the https and revert back to http.  It 
looks like it happens only in actions that originate from the web 
application.When I posted my message yesterday, I suspected that it 
had something to do with POST, but upon further investigation, I think 
it happens with any URL, which originates from Tomcat, (and 
consequently, it happens with POST request processing, since the 
resulting URL is determined by the web application). 

  For example, there is a login screen in the web application. Getting 
to the login screen over https is no problem, and it renders correctly.  
When I fill in the user id and password and click the login button, this 
causes the form to be submitted to the servlet which processes it and 
determines the forwarding action (i.e. the URL the first screen of the 
application). The problem is that the URL of this forwarding action is 
now HTTP instead of HTTPS when it gets back to the browser.


I hope that makes it a little clearer, it's kind of difficult to explain 
in email messages.




-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Web Server Performace Issues

[linux]

Hey Guys,

I have a web server running:

apache - httpd-2.2.0
php - php-5.1.2

The site that is hosted on this server has very high traffic and is on a
50mbit bandwidth:

qdisc tbf 8006: dev eth0 rate 50Mbit burst 1531b lat 48.8ms

The problem is that during peak hours (sometimes during normal hours) this
system becomes very slow and the commands take longer to execute.  Also
the site becomes really slow.  We have tweaked the followng httpd options:


ServerLimit  80
StartServers 10
MaxClients 1995
MinSpareThreads  25
MaxSpareThreads  75
ThreadsPerChild  35
MaxRequestsPerChild   0


Also, I have made sure that HostnameLookups is Off.  The following is the
server hardware info:

Dual Intel(R) Xeon(TM) CPU 2.66GHz
2GB of ram

I have added 4GB of swap space to this server as well.  However, none of
these changes have improved performance.  Any ideas what I might be able
to do to make this server perform better?

Any suggestions or comments would be grately appreciated.

Thanks in advance.

-- 
httpd.conf
--
ServerRoot "/usr/local/apache"
Listen 80
LoadModule php5_modulemodules/libphp5.so


User apache
Group apache


ServerAdmin [EMAIL PROTECTED]
DocumentRoot "/usr/local/apache/htdocs"

Options Indexes
AllowOverride None
Order deny,allow
Deny from all


Options Indexes +FollowSymLinks +ExecCGI
AllowOverride None
Order allow,deny
Allow from all


DirectoryIndex index.php index.htm index.html


Order allow,deny
Deny from all

ErrorLog logs/error_log
LogLevel emerg

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common

  LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\" %I %O" combinedio

CustomLog logs/access_log common


ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/"


Scriptsock logs/cgisock


AllowOverride None
Options None
Order allow,deny
Allow from all

DefaultType text/plain

TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
 AddType application/x-httpd-php .php .phtml
 AddType application/x-httpd-php-source .phps
AddHandler cgi-script .cgi

Include conf/extra/httpd-mpm.conf
Include conf/extra/httpd-vhosts.conf

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

Alias /awstatsclasses "/usr/local/awstats-6.5/wwwroot/classes/"
Alias /awstatscss "/usr/local/awstats-6.5/wwwroot/css/"
Alias /awstatsicons "/usr/local/awstats-6.5/wwwroot/icon/"
ScriptAlias /awstats/ "/usr/local/awstats-6.5/wwwroot/cgi-bin/"

Options None
AllowOverride None
Order allow,deny
Allow from all

--END httpd.conf--

--httpd-mpm.conf--

PidFile logs/httpd.pid



LockFile logs/accept.lock



StartServers  5
MinSpareServers   5
MaxSpareServers  10
MaxClients  150
MaxRequestsPerChild   0


ServerLimit  80
StartServers 10
MaxClients 1995
MinSpareThreads  25
MaxSpareThreads  75
ThreadsPerChild  35
MaxRequestsPerChild   0


ThreadsPerChild 250
MaxRequestsPerChild   0


StartThreads10
MaxClients  50
MaxRequestsPerThread 1


ThreadStackSize  65536
StartThreads   250
MinSpareThreads 25
MaxSpareThreads250
MaxThreads1000
MaxRequestsPerChild  0
MaxMemFree 100


StartServers   2
MinSpareThreads5
MaxSpareThreads   10
MaxRequestsPerChild0

--END httpd-mpm.conf--


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Web Server Performace Issues

[linux]

Hey Guys,

I have a web server running:

apache - httpd-2.2.0
php - php-5.1.2

The site that is hosted on this server has very high traffic and is on a
50mbit bandwidth:

qdisc tbf 8006: dev eth0 rate 50Mbit burst 1531b lat 48.8ms

The problem is that during peak hours (sometimes during normal hours) this
system becomes very slow and the commands take longer to execute.  Also
the site becomes really slow.  We have tweaked the followng httpd options:


ServerLimit  80
StartServers 10
MaxClients 1995
MinSpareThreads  25
MaxSpareThreads  75
ThreadsPerChild  35
MaxRequestsPerChild   0


Also, I have made sure that HostnameLookups is Off.  The following is the
server hardware info:

Dual Intel(R) Xeon(TM) CPU 2.66GHz
2GB of ram

I have added 4GB of swap space to this server as well.  However, none of
these changes have improved performance.  Any ideas what I might be able
to do to make this server perform better?

Any suggestions or comments would be grately appreciated.

Thanks in advance.

-- 
httpd.conf
--
ServerRoot "/usr/local/apache"
Listen 80
LoadModule php5_modulemodules/libphp5.so


User apache
Group apache


ServerAdmin [EMAIL PROTECTED]
DocumentRoot "/usr/local/apache/htdocs"

Options Indexes
AllowOverride None
Order deny,allow
Deny from all


Options Indexes +FollowSymLinks +ExecCGI
AllowOverride None
Order allow,deny
Allow from all


DirectoryIndex index.php index.htm index.html


Order allow,deny
Deny from all

ErrorLog logs/error_log
LogLevel emerg

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common

  LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\" %I %O" combinedio

CustomLog logs/access_log common


ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/"


Scriptsock logs/cgisock


AllowOverride None
Options None
Order allow,deny
Allow from all

DefaultType text/plain

TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
 AddType application/x-httpd-php .php .phtml
 AddType application/x-httpd-php-source .phps
AddHandler cgi-script .cgi

Include conf/extra/httpd-mpm.conf
Include conf/extra/httpd-vhosts.conf

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

Alias /awstatsclasses "/usr/local/awstats-6.5/wwwroot/classes/"
Alias /awstatscss "/usr/local/awstats-6.5/wwwroot/css/"
Alias /awstatsicons "/usr/local/awstats-6.5/wwwroot/icon/"
ScriptAlias /awstats/ "/usr/local/awstats-6.5/wwwroot/cgi-bin/"

Options None
AllowOverride None
Order allow,deny
Allow from all

--END httpd.conf--

--httpd-mpm.conf--

PidFile logs/httpd.pid



LockFile logs/accept.lock



StartServers  5
MinSpareServers   5
MaxSpareServers  10
MaxClients  150
MaxRequestsPerChild   0


ServerLimit  80
StartServers 10
MaxClients 1995
MinSpareThreads  25
MaxSpareThreads  75
ThreadsPerChild  35
MaxRequestsPerChild   0


ThreadsPerChild 250
MaxRequestsPerChild   0


StartThreads10
MaxClients  50
MaxRequestsPerThread 1


ThreadStackSize  65536
StartThreads   250
MinSpareThreads 25
MaxSpareThreads250
MaxThreads1000
MaxRequestsPerChild  0
MaxMemFree 100


StartServers   2
MinSpareThreads5
MaxSpareThreads   10
MaxRequestsPerChild0

--END httpd-mpm.conf--




-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Proxy errors

[Matthew Claridge]

Thats what i thought, but I don't see any 502 errors in the access log 
and my ErrorDocument handler doesn't catch it


Matt

on 12/05/2006 15:58 Axel-Stéphane SMORGRAV said the following:


As far as I can tell from the code it should return HTTP_BAD_GATEWAY, i.e. HTTP 
502. You can use the ErrorDocument directive to specify a HTML page to return 
to the client in case the error occurs.

-ascs

-Original Message-
From: Matthew Claridge [mailto:[EMAIL PROTECTED] 
Sent: Friday, May 12, 2006 3:30 PM

To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] Proxy errors

Thanks for this - I've tried changing the timeout so I'll see what happens.

Is it possible to catch the error and display something nicer instead?

cheers
Matt

on 12/05/2006 10:27 Axel-Stéphane SMORGRAV said the following:

 


The error you are referring to is generated during the processing of the 
backend server response. It may be due to the backend server closing the 
connection, or the connection timing out.

The timeout is 5 minutes by default, so unless the request really takes that 
long to process, I think it is more likely that this is due to the remote 
server having closed the connection.

The timeout value can be changed. ProxyTimeout surely applies, but you may also 
have to change Timeout.

-ascs


-Original Message-
From: Matthew Claridge [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 11, 2006 1:55 PM
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] Proxy errors

Hi,

I'm seeing the following in my apache error log:

proxy: Error reading from remote server

But I'm having trouble tying it up to a request in the access log and also 
having problem diagnosing the exact fault. Can I therefore ask a few questions?

1. We use mod_proxy as part of a whole pile of URL rewriting we do. I
*think* the proxy is timing out during the rewriting process, possibly because 
Apache gets busy. We also limit the bandwidth on this site so that might be 
causing the timeout. Does this seem a reasonable explanation? Or does anyone 
else have any other ideas?

2. Another possibility is that a lot of our pages make http requests to 
external services behind the scenes, before returning to the user. If these 
external services fail to respond, this may also cause the proxy timeout. 
Comments?

3. I have ProxyErrorOverride turned on, but does this error have an associated 
HTTP 1.1 status code that I can trap and then give a better error? I don't see 
anything in the access logs, but that might be because its trapped inside 
mod_rewrite.

4. When this error occurs, it doesn't seem to be either  or 
 after the request is made. My understanding is that this error occurs 
because the proxy times out, but which timeout value is it supposed to use?

Thanks in advance for any help you can give.

cheers
Matt
--
Matthew Claridge
Product Support Engineer
RWA Limited

Tel: 02920 815 054
Email: [EMAIL PROTECTED]
Web: www.rwa-net.co.uk


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
 "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
 "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


_
This e-mail has been scanned for viruses by Verizon Business Internet 
Managed Scanning Services - powered by MessageLabs. For further 
information visit http://www.mci.com



   



--
Matthew Claridge
Product Support Engineer
RWA Limited

Tel: 02920 815 054
Email: [EMAIL PROTECTED]
Web: www.rwa-net.co.uk


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


_
This e-mail has been scanned for viruses by Verizon Business Internet Managed 
Scanning Services - powered by MessageLabs. For further information visit 
http://www.mci.com
 



--
Matthew Claridge
Product Support Engineer
RWA Lim

RE: [EMAIL PROTECTED] Proxy errors

[Axel-Stéphane SMORGRAV]

As far as I can tell from the code it should return HTTP_BAD_GATEWAY, i.e. HTTP 
502. You can use the ErrorDocument directive to specify a HTML page to return 
to the client in case the error occurs.

-ascs

-Original Message-
From: Matthew Claridge [mailto:[EMAIL PROTECTED] 
Sent: Friday, May 12, 2006 3:30 PM
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] Proxy errors

Thanks for this - I've tried changing the timeout so I'll see what happens.

Is it possible to catch the error and display something nicer instead?

cheers
Matt

on 12/05/2006 10:27 Axel-Stéphane SMORGRAV said the following:

>The error you are referring to is generated during the processing of the 
>backend server response. It may be due to the backend server closing the 
>connection, or the connection timing out.
>
>The timeout is 5 minutes by default, so unless the request really takes that 
>long to process, I think it is more likely that this is due to the remote 
>server having closed the connection.
>
>The timeout value can be changed. ProxyTimeout surely applies, but you may 
>also have to change Timeout.
>
>-ascs
>
>
>-Original Message-
>From: Matthew Claridge [mailto:[EMAIL PROTECTED]
>Sent: Thursday, May 11, 2006 1:55 PM
>To: users@httpd.apache.org
>Subject: [EMAIL PROTECTED] Proxy errors
>
>Hi,
>
>I'm seeing the following in my apache error log:
>
>proxy: Error reading from remote server
>
>But I'm having trouble tying it up to a request in the access log and also 
>having problem diagnosing the exact fault. Can I therefore ask a few questions?
>
>1. We use mod_proxy as part of a whole pile of URL rewriting we do. I
>*think* the proxy is timing out during the rewriting process, possibly because 
>Apache gets busy. We also limit the bandwidth on this site so that might be 
>causing the timeout. Does this seem a reasonable explanation? Or does anyone 
>else have any other ideas?
>
>2. Another possibility is that a lot of our pages make http requests to 
>external services behind the scenes, before returning to the user. If these 
>external services fail to respond, this may also cause the proxy timeout. 
>Comments?
>
>3. I have ProxyErrorOverride turned on, but does this error have an associated 
>HTTP 1.1 status code that I can trap and then give a better error? I don't see 
>anything in the access logs, but that might be because its trapped inside 
>mod_rewrite.
>
>4. When this error occurs, it doesn't seem to be either  or 
> after the request is made. My understanding is that this error 
>occurs because the proxy times out, but which timeout value is it supposed to 
>use?
>
>Thanks in advance for any help you can give.
>
>cheers
>Matt
>--
>Matthew Claridge
>Product Support Engineer
>RWA Limited
>
>Tel: 02920 815 054
>Email: [EMAIL PROTECTED]
>Web: www.rwa-net.co.uk
>
>
>-
>The official User-To-User support forum of the Apache HTTP Server Project.
>See http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>   "   from the digest: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>-
>The official User-To-User support forum of the Apache HTTP Server Project.
>See http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>   "   from the digest: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>_
>This e-mail has been scanned for viruses by Verizon Business Internet 
>Managed Scanning Services - powered by MessageLabs. For further 
>information visit http://www.mci.com
>  
>

--
Matthew Claridge
Product Support Engineer
RWA Limited

Tel: 02920 815 054
Email: [EMAIL PROTECTED]
Web: www.rwa-net.co.uk


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] CGI permissions on Debian

[Tony Heal]

I am running a 
Debian 3.1 (sarge) server and the following apache packages 
installed:
ii  
apache 
1.3.33-6sarge1 
versatile, high-performance HTTP serverii  
apache-common  
1.3.33-6sarge1 
support files for all Apache web serversii  
apache2-utils  
2.0.54-5   
utility programs for web serversii  
libapache-dbi-perl 
0.94-2 
Connect apache server to database via perl's DBIii  
libapache-mod-dav  
1.0.3-10   
A DAV module for Apacheii  
libapache-mod-gzip 
1.3.26.1a-8    
HTTP compression module for Apacheii  
libapache-mod-perl 
1.29.0.3-6sarge1   
integration of perl with the Apache web serverii  
libapache-mod-php4 
4.3.10-16  
server-side, HTML-embedded scripting language (apache 1.3 module)ii  
libapache-mod-ssl  
2.8.22-1sarge1 
Strong cryptography (HTTPS support) for Apache
 

I have a java 
program running on this server. One 
of the things contained in it's sar file are some cgi files. During the 
installation of this program the original directory gets deleted and the new sar 
gets expanded, then I set the permissions on the cgi files. the commands used 
are
 
chmod -R 755 
/path/help/admin
chmod -R g+s 
/path/help/admin
 
The files are all 
owned and grouped by the same user. 
owner.owner
apache user is 
www-data
'owner' is in the 
www-data group
www-data is in the 
'owner' group
 
 
Here is my problem. 
With perms set at 755 the cgi file work fine. once the g+s is set (2755) the cgi files stop working. This 
method works on woody, but I can not see any reason that would make a 
diff.
 
 
Anyone got any 
ideas/suggestions/comments that can help?

 
Tony Heal
Pace Systems Group, Inc.
800-624-5999
[EMAIL PROTECTED]
 

[EMAIL PROTECTED] Re: Mod_auth_radius

[Mike VanHorn]

> Did you load all the needed modules? You need mod_auth_basic.so for basic
> authentication.

Yes. Well, I think so, anyway. I'm looking in to mod_authnz_external now, as
it comes with a radius authenticator, and adheres to the new authentication
model that Apache 2.1/2.2.x introduced. From reading the documentation for
mod_authnz_external, it sounds like mod_auth_radius isn't working because it
isn't communication back to mod_auth_basic, so mod_auth_basic fails and
that's why I get the error.

Thank you for your interest.

---
Mike VanHorn
Senior Computer Systems Administrator 
College of Engineering and Computer Science
Wright State University
265 Russ Engineering Center
937-775-5157
[EMAIL PROTECTED]
http://www.cs.wright.edu/~mvanhorn/




-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] Totally stumped on httpd, gcc & solaris 10

[Chris Edwards]

Thanks for all the replies I have been getting... Here is some more information 
on my enviroment. 

Here is what I am using to try and compile Apache2 ...

./configure --with-perl=/usr/bin/perl --prefix=/www --enable-module=so 
--enable-ssl --enable-setenvif --with-ssl=/usr/local/ssl

I downloaded Apache 2.2.2, might as well get the latest version.

Here are my library paths...

Configuration file [version 4]: /var/ld/ld.config
  Default Library Path (ELF):   
/usr/lib:/usr/lib/secure:/usr/local/lib:/usr/local/mysql/lib:/lib:/usr/local/ssl/lib/
  Trusted Directories (ELF):/lib/secure:/usr/lib/secure  (system default)

I am running gcc 3.3.2 from SunFreeWare

Here is the Error I get durring make...

make[2]: Entering directory `/export/home/chris/Sources/httpd-2.2.2/server'
/export/home/chris/Sources/httpd-2.2.2/srclib/apr/libtool --silent 
--mode=compile gcc -g -O2-DSOLARIS2=10 -D_POSIX_PTHREAD_SEMANTICS 
-D_REENTRANT -D_LARGEFILE64_SOURCE
-I/export/home/chris/Sources/httpd-2.2.2/srclib/pcre -I. 
-I/export/home/chris/Sources/httpd-2.2.2/os/unix 
-I/export/home/chris/Sources/httpd-2.2.2/server/mpm/prefork 
-I/export/home/chris/Sources/httpd-2.2.2/modules/http 
-I/export/home/chris/Sources/httpd-2.2.2/modules/filters 
-I/export/home/chris/Sources/httpd-2.2.2/modules/proxy 
-I/export/home/chris/Sources/httpd-2.2.2/include 
-I/export/home/chris/Sources/httpd-2.2.2/modules/generators 
-I/export/home/chris/Sources/httpd-2.2.2/modules/mappers 
-I/export/home/chris/Sources/httpd-2.2.2/modules/database 
-I/export/home/chris/Sources/httpd-2.2.2/srclib/apr/include 
-I/export/home/chris/Sources/httpd-2.2.2/srclib/apr-util/include 
-I/export/home/chris/Sources/httpd-2.2.2/srclib/apr-util/xml/expat/lib 
-I/export/home/chris/Sources/httpd-2.2.2/modules/proxy/../generators 
-I/usr/local/ssl/include -I/usr/sfw/include 
-I/export/home/chris/Sources/httpd-2.2.2/modules/ssl 
-I/export/home/chris/Sources/httpd-2.2.2/modules/dav/main  -prefer-non-pic 
-static -c exports.c && touch exports.lo
exports.c:116:2: #endif without #if
make[2]: *** [exports.lo] Error 1
make[2]: Leaving directory `/export/home/chris/Sources/httpd-2.2.2/server'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/export/home/chris/Sources/httpd-2.2.2/server'
make: *** [all-recursive] Error 1

Thanks,

Chris Edwards


-Original Message-
From: Ricardo Stella [mailto:[EMAIL PROTECTED] 
Sent: Thursday, May 11, 2006 3:47 PM
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] Totally stumped on httpd, gcc & solaris 10



Chris Edwards wrote:
> Hola!
>
> I am trying to compile Apache2 on Solaris 10 with gcc.  Here is the 
> error Im getting durring the make...
>
> exports.c:116:2: #endif without #if
> make[2]: *** [exports.lo] Error 1
> make[2]: Leaving directory
> `/export/home/chris/Sources/httpd-2.2.0/server'
> make[1]: *** [all-recursive] Error 1
> make[1]: Leaving directory
> `/export/home/chris/Sources/httpd-2.2.0/server'
> make: *** [all-recursive] Error 1
> #
>
> Any help would be greatly appreciated.  Thanks!
>
>   

Well, although 2.2.2 is out, it would help to know what options you used for 
configure or what gcc you are using.  Here's mine, ripped from the net 
somewhere and since I need ldap and BerkeleyDB, those options are there (note 
LDFLAGS and CPPFLAGS should all be on one line):

CFLAGS="-O2"; export CFLAGS
LDFLAGS="-L/usr/local/ssl/lib -L/usr/local/openldap/lib -L/usr/local/lib 
-R/usr/local/ssl/lib:/usr/local/openldap/lib:/usr/local/lib"; export LDFLAGS 
CPPFLAGS="-I/usr/local/ssl/include -I/usr/local/openldap/include 
-I/usr/local/include"; export CPPFLAGS

./configure \
--prefix=/usr/local/apache2 \
--enable-mods-shared=most \
--with-ldap-include=/usr/local/openldap/include \ 
--with-ldap-lib=/usr/local/openldap/lib \ --with-ssl=/usr/local/ssl \ 
--with-perl=/usr/local/bin/perl \ --with-ldap \ 
--with-berkeley-db=/usr/local/BerkeleyDB \ --enable-ldap \ --enable-authnz-ldap 
\ --enable-ssl

I'm using gcc 3.3.2 from sunfreeware.com...

My .02...

-- 

°(((=((===°°°(((===




-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Proxy errors

[Matthew Claridge]

Thanks for this - I've tried changing the timeout so I'll see what happens.

Is it possible to catch the error and display something nicer instead?

cheers
Matt

on 12/05/2006 10:27 Axel-Stéphane SMORGRAV said the following:


The error you are referring to is generated during the processing of the 
backend server response. It may be due to the backend server closing the 
connection, or the connection timing out.

The timeout is 5 minutes by default, so unless the request really takes that 
long to process, I think it is more likely that this is due to the remote 
server having closed the connection.

The timeout value can be changed. ProxyTimeout surely applies, but you may also 
have to change Timeout.

-ascs


-Original Message-
From: Matthew Claridge [mailto:[EMAIL PROTECTED] 
Sent: Thursday, May 11, 2006 1:55 PM

To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] Proxy errors

Hi,

I'm seeing the following in my apache error log:

proxy: Error reading from remote server

But I'm having trouble tying it up to a request in the access log and also 
having problem diagnosing the exact fault. Can I therefore ask a few questions?

1. We use mod_proxy as part of a whole pile of URL rewriting we do. I
*think* the proxy is timing out during the rewriting process, possibly because 
Apache gets busy. We also limit the bandwidth on this site so that might be 
causing the timeout. Does this seem a reasonable explanation? Or does anyone 
else have any other ideas?

2. Another possibility is that a lot of our pages make http requests to 
external services behind the scenes, before returning to the user. If these 
external services fail to respond, this may also cause the proxy timeout. 
Comments?

3. I have ProxyErrorOverride turned on, but does this error have an associated 
HTTP 1.1 status code that I can trap and then give a better error? I don't see 
anything in the access logs, but that might be because its trapped inside 
mod_rewrite.

4. When this error occurs, it doesn't seem to be either  or 
 after the request is made. My understanding is that this error occurs 
because the proxy times out, but which timeout value is it supposed to use?

Thanks in advance for any help you can give.

cheers
Matt
--
Matthew Claridge
Product Support Engineer
RWA Limited

Tel: 02920 815 054
Email: [EMAIL PROTECTED]
Web: www.rwa-net.co.uk


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


_
This e-mail has been scanned for viruses by Verizon Business Internet Managed 
Scanning Services - powered by MessageLabs. For further information visit 
http://www.mci.com
 



--
Matthew Claridge
Product Support Engineer
RWA Limited

Tel: 02920 815 054
Email: [EMAIL PROTECTED]
Web: www.rwa-net.co.uk


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] performance prob due to httpd's piling up

[Chris]

On 08/05/06, Billy Nab <[EMAIL PROTECTED]> wrote:

>-Original Message-
>From: Ron Arts [mailto:[EMAIL PROTECTED]
>Sent: Monday, May 08, 2006 2:33 AM
>To: users@httpd.apache.org
>Subject: Re: [EMAIL PROTECTED] performance prob due to httpd's piling up
>
>Bennet,
>
>- understand that the apache docs are for the apache *as they
distribute >it*
>  companies like RedHat, SuSE have their own way of doing things, and
>  apache instructions only apply partially. Configuration file docs are
>  ok though
>
>
>Ron

That comment needs to be seriously taken at face value.

The apache version, installation directories, paths, document root,
everything basically is no where near what the apache docs have in it on
most distributions I have seen.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





I noticed the issue on a few servers.

If the httpd server limit is set to a low number then in theory I
thought it should help when their is a lot of requests by stopping
resource starvation from excessive child processes.  Instead I just
get queued requests and a large number of httpd processes stuck in RUN
state.  Even with keepalive off and timeout set to a very low value
the RUN state persists.

I solved this for a busy site by upgrading the hardware significantly
and moving from apache 1.3 to 2.2 which seems to handle the situation
better and that stopped the RUN sticking on the child processes.

Spec of server with the problem worst before I moved busy site.

FreeBSD 6.0
AMD 64 3200+ (i386 mode)
2 gig ram
apache 1.3
php 4.4.2
mysql 4.1

the ram never saturated and swap was never used more then a few kB.
It was cpu saturation.

Chris

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Re: Mod_auth_radius

[Joost de Heer]

Mike VanHorn wrote:
>
> I'm using mod_auth_radius with Apache 2.2.2 to protect a directory. Here's
> the entries from the log file:
>
> [Thu May 11 15:32:43 2006] [debug] mod_auth_radius-2.0.c(1154): Radius
> Auth
> for: servername requests /path-to-protected-directory/ :
> file=/full-path-to-protected-directory/
> [Thu May 11 15:32:43 2006] [debug] mod_auth_radius-2.0.c(1185):  No cookie
> found.  Trying RADIUS authentication.\n
> [Thu May 11 15:32:43 2006] [debug] mod_auth_radius-2.0.c(894): Sending
> packet on radius-server
> [Thu May 11 15:32:43 2006] [debug] mod_auth_radius-2.0.c(1223):  RADIUS
> Authentication for user=my-user-name password=my-password OK.  Cookie
> expiry
> in 60 minutes\n
> [Thu May 11 15:32:43 2006] [debug] mod_auth_radius-2.0.c(1225):  Adding
> cookie bad0609dc93dcae84e4316263abb792a44639f6b\n
> [Thu May 11 15:32:43 2006] [crit] [client my-ip-address] configuration
> error:  couldn't check access.  No groups file?:
> /path-to-protected-directory/

Did you load all the needed modules? You need mod_auth_basic.so for basic
authentication.

Joost


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] Access to Webpage

[Axel-Stéphane SMORGRAV]

VPN/IPsec solutions might also be considered in order to restrict access from 
the Internet to only those able to establish a secure session... That would 
restrict the number of users who would be able to probe the webmail gizmo.

-ascs

-Original Message-
From: Boyle Owen [mailto:[EMAIL PROTECTED] 
Sent: Friday, May 12, 2006 2:42 PM
To: users@httpd.apache.org
Subject: RE: [EMAIL PROTECTED] Access to Webpage

I rather imagined he wanted to avoid that the general public gets to see the 
login page. It's fairly easy to allow from intranet and deny from internet. 
However, I take you point that the OP will probably come back with a 
requirement that, in addition to the above, Joe Bloggs must be allowed access 
from anywhere. At that point it does indeed move out of apache and into the 
application layer (ie, the webmail gizmo).

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] Access to Webpage

[Boyle Owen]

 

> -Original Message-
> From: Victor Trac [mailto:[EMAIL PROTECTED] 
> Sent: Friday, May 12, 2006 2:20 PM
> To: users@httpd.apache.org
> Subject: Re: [EMAIL PROTECTED] Access to Webpage
> 
> By doing this with apache you are limiting access by source 
> IP and not by actual user accounts.  A prohibited user could 
> gain access from an allowed IP address.  I understood the 
> problem to mean that he wanted to restrict certain users from 
> anywhere on the internet. 

Absolutely. The original post is under-determined and ambiguous (so nothing 
unusual about that, then :-)

I rather imagined he wanted to avoid that the general public gets to see the 
login page. It's fairly easy to allow from intranet and deny from internet. 
However, I take you point that the OP will probably come back with a 
requirement that, in addition to the above, Joe Bloggs must be allowed access 
from anywhere. At that point it does indeed move out of apache and into the 
application layer (ie, the webmail gizmo).

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

> 
> -Victor
> 
> 
> On 5/12/06, Boyle Owen <[EMAIL PROTECTED]> wrote:
> 
>   > -Original Message-
>   > From: Ranjith Kumar [mailto:[EMAIL PROTECTED]
>   > Sent: Friday, May 12, 2006 1:42 PM
>   > To: users@httpd.apache.org  
>   > Subject: [EMAIL PROTECTED] Access to Webpage
>   >
>   > Hi,
>   >
>   > I have a mail server running postfix, and using squirrel mail
>   > for webaccess. Its running based on apache. 
>   > I have two ip addresses on the system, one is public and
>   > another one is for local.
>   > All my users can access the website and check their mails
>   > from any where (local and internet),
>   > I do not want to allow all users from outside of my network. 
>   > I want to allow few users only from the internet.
>   >
>   > How can I do this? Help me
>   
>   This is indeed an apache configuration issue. The basic 
> tools are the Access Control directives: 
> http://httpd.apache.org/docs/2.2/howto/access.html 
>  
>   
>   You need something like:
>   
>   Order deny,allow
>   Deny from all
>   Allow from 192.168  # intranet
>   Allow from abc  # specific internet addresses
>   Allow from xyz  # " 
>   
>   See the docs for more details on these directives.
>   
>   Rgds,
>   Owen Boyle
>   Disclaimer: Any disclaimer attached to this message may 
> be ignored.
>   
>   >
>   >
>   > Regards,
>   > Ranjith Kumar
>   > 
>   Diese E-mail ist eine private und persönliche 
> Kommunikation. Sie hat keinen Bezug zur Börsen- bzw. 
> Geschäftstätigkeit der SWX Gruppe. This e-mail is of a 
> private and personal nature. It is not related to the 
> exchange or business activities of the SWX Group. Le présent 
> e-mail est un message privé et personnel, sans rapport avec 
> l'activité boursière du Groupe SWX. 
>   
>   
>   This message is for the named person's use only. It may 
> contain confidential, proprietary or legally privileged 
> information. No confidentiality or privilege is waived or 
> lost by any mistransmission. If you receive this message in 
> error, please notify the sender urgently and then immediately 
> delete the message and any copies of it from your system. 
> Please also immediately destroy any hardcopies of the 
> message. You must not, directly or indirectly, use, disclose, 
> distribute, print, or copy any part of this message if you 
> are not the intended recipient. The sender's company reserves 
> the right to monitor all e-mail communications through their 
> networks. Any views expressed in this message are those of 
> the individual sender, except where the message states 
> otherwise and the sender is authorised to state them to be 
> the views of the sender's company. 
>   
>   
> -
>   The official User-To-User support forum of the Apache 
> HTTP Server Project.
>   See http://httpd.apache.org/userslist.html > for more info.
>   To unsubscribe, e-mail: [EMAIL PROTECTED]
>  "   from the digest: 
> [EMAIL PROTECTED] 
>  
>   For additional commands, e-mail: [EMAIL PROTECTED]
>   
>   
> 
> 
> 
> 
> -- 
> http://www.victortrac.com   
> 

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] suExec problem

[Laszlo Nagy]

Hello,

I have a SuSe 9.3 server, with apache version 2.0.53 and suexec 
configured. It was working for months. One day, it stopped working for 
ALL virtual hosts. I might have misconfigured something, but I'm not 
sure what is the problem. When I start up apache, I see this in the 
error_log:


[Fri May 12 11:48:40 2006] [warn] Init: Session Cache is not configured 
[hint: SSLSessionCache]
[Fri May 12 11:48:40 2006] [notice] suEXEC mechanism enabled (wrapper: 
/usr/sbin/suexec2)

Destroying config 0x80f0c08
Creating new config (0x80f4ea8) for (null)
[Fri May 12 11:48:40 2006] [notice] Apache/2.0.53 (Linux/SUSE) 
configured -- resuming normal operations


So probably the suexec binary is okay. Then I go to one of my virtual 
hosts, and execute phpinfo(). That says I'm using the mod_php version. 
There are no more error messages in apache error log neither in suexec.log.


Here is my suexec config:

dybs1 /home/nagylzs# suexec2 -V
-D AP_DOC_ROOT="/srv/www"
-D AP_GID_MIN=96
-D AP_HTTPD_USER="wwwrun"
-D AP_LOG_EXEC="/var/log/apache2/suexec.log"
-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D AP_UID_MIN=96
-D AP_USERDIR_SUFFIX="public_html"

Here is a virtual host:


 ServerName joomla.dynabit.hu
 DocumentRoot /srv/www/vhosts/ddyb04/joomla.dynabit.hu
 ErrorLog /var/log/apache2/joomla-dynabit-error_log
 CustomLog /var/log/apache2/joomla-dynabit-access_log combined
 UseCanonicalName Off
 ServerSignature On

 ScriptAlias /php/ "/srv/www/vhosts/ddyb04/joomla.dynabit.hu/cgi-bin/"
 Action application/x-httpd-php "/php/php5"

 DirectoryIndex index.html index.htm index.php

 SuexecUserGroup ddyb04 users

 
 Options ExecCGI FollowSymLinks
 AllowOverride None
 Order allow,deny
 Allow from all
 

 
 Options Indexes FollowSymLinks
 AllowOverride FileInfo
 Order allow,deny
 Allow from all
 



Do you have any ideas? Why it is not working? Why can't I see the error 
in the logs?


Thanks,

 Laszlo

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] passing request to the server

[Axel-Stéphane SMORGRAV]

Unless you are doing this in order to familiarise yourself with writing modules 
for Apache 2.0, I strongly suggest you use a module that already exists and 
that provides a lot more flexibility than you module does. That module happens 
to be mod_rewrite (funny how often it saves the day!) Combined with mod_proxy 
it will provide exactly the functionality you need:
 
RewriteEngine on
RewriteRule ^/tiago/precisas/index1.htm 
http://my.application.server.com/tiago/imprecisas/index1.htm [P,L]
 
Actually, you probably do not even need mod_rewrite for this specific problem 
as you could instead use:
 
ProxyPass /tiago/precisas http://my.application.server.com/tiago/imprecisas

-ascs



From: Tiago Semprebom [mailto:[EMAIL PROTECTED] 
Sent: Friday, May 12, 2006 1:27 PM
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] passing request to the server


Hello,

I'm beginning the development of a handler module and one of the tasks 
of this module is change some request uri to another uri. I developed 
this small module (code below), in this small module I compare if an 
incoming request uri is equal a determinate uri if is true I change this 
request uri for an another uri. I need now to direct this request to the 
server for that it can serve this request and send the result to the 
client.

thank's in advanced,

Tiago Semprebom
---
#include "httpd.h"
#include "ap_config.h"
#include 

static int my_new_handler(request_rec *r)
{
int APRStatus = OK;

if (r->method_number != M_GET)
   return DECLINED;

if (r->finfo.filetype == 0) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,"print_test: %s", 
r->uri);
if (!strcmp(r->uri,"/tiago/precisas/index1.htm")){
r->uri = "/tiago/imprecisas/index1.htm";
}
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,"print_test2: %s", 
r->uri);
return HTTP_NOT_FOUND;
}

return (APRStatus);
}
 
static void register_hooks(apr_pool_t *p)
{
 ap_hook_handler(my_new_handler,NULL,NULL,APR_HOOK_MIDDLE);
}

module AP_MODULE_DECLARE_DATA my_handler =
{
STANDARD20_MODULE_STUFF,
NULL,  /* create per-directory config structure */
NULL,  /* merge per-directory config structures */
NULL,  /* create per-server config structure */
NULL,  /* merge per-server config structures */
NULL,  /* command apr_table_t */
register_hooks /* register hooks */
};




Yahoo! Search
Música para ver e ouvir: You're Beautiful, do James Blunt 

 

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Access to Webpage

[Victor Trac]

By doing this with apache you are limiting access by source IP and not by actual user accounts.  A prohibited user could gain access from an allowed IP address.  I understood the problem to mean that he wanted to restrict certain users from anywhere on the internet.
-VictorOn 5/12/06, Boyle Owen <[EMAIL PROTECTED]> wrote:
> -Original Message-> From: Ranjith Kumar [mailto:[EMAIL PROTECTED]]> Sent: Friday, May 12, 2006 1:42 PM> To: 
users@httpd.apache.org> Subject: [EMAIL PROTECTED] Access to Webpage>> Hi,>> I have a mail server running postfix, and using squirrel mail> for webaccess. Its running based on apache.
> I have two ip addresses on the system, one is public and> another one is for local.> All my users can access the website and check their mails> from any where (local and internet),> I do not want to allow all users from outside of my network.
> I want to allow few users only from the internet.>> How can I do this? Help meThis is indeed an apache configuration issue. The basic tools are the Access Control directives: 
http://httpd.apache.org/docs/2.2/howto/access.htmlYou need something like:Order deny,allowDeny from allAllow from 192.168  # intranetAllow from abc  # specific internet addressesAllow from xyz  # "
See the docs for more details on these directives.Rgds,Owen BoyleDisclaimer: Any disclaimer attached to this message may be ignored.>>> Regards,> Ranjith Kumar>
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a private and personal nature. It is not related to the exchange or business activities of the SWX Group. Le présent e-mail est un message privé et personnel, sans rapport avec l'activité boursière du Groupe SWX.
This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company.
-The official User-To-User support forum of the Apache HTTP Server Project.See http://httpd.apache.org/userslist.html
> for more info.To unsubscribe, e-mail: [EMAIL PROTECTED]   "   from the digest: 
[EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]-- 
http://www.victortrac.com

RE: [EMAIL PROTECTED] Access to Webpage

[Boyle Owen]

> -Original Message-
> From: Ranjith Kumar [mailto:[EMAIL PROTECTED] 
> Sent: Friday, May 12, 2006 1:42 PM
> To: users@httpd.apache.org
> Subject: [EMAIL PROTECTED] Access to Webpage
> 
> Hi,
>  
> I have a mail server running postfix, and using squirrel mail 
> for webaccess. Its running based on apache. 
> I have two ip addresses on the system, one is public and 
> another one is for local. 
> All my users can access the website and check their mails 
> from any where (local and internet), 
> I do not want to allow all users from outside of my network. 
> I want to allow few users only from the internet.
>  
> How can I do this? Help me

This is indeed an apache configuration issue. The basic tools are the Access 
Control directives: http://httpd.apache.org/docs/2.2/howto/access.html

You need something like:

Order deny,allow
Deny from all
Allow from 192.168  # intranet
Allow from abc  # specific internet addresses
Allow from xyz  # "

See the docs for more details on these directives.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

>  
>  
> Regards,
> Ranjith Kumar
> 
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen 
Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a 
private and personal nature. It is not related to the exchange or business 
activities of the SWX Group. Le présent e-mail est un message privé et 
personnel, sans rapport avec l'activité boursière du Groupe SWX.
 
 
This message is for the named person's use only. It may contain confidential, 
proprietary or legally privileged information. No confidentiality or privilege 
is waived or lost by any mistransmission. If you receive this message in error, 
please notify the sender urgently and then immediately delete the message and 
any copies of it from your system. Please also immediately destroy any 
hardcopies of the message. You must not, directly or indirectly, use, disclose, 
distribute, print, or copy any part of this message if you are not the intended 
recipient. The sender's company reserves the right to monitor all e-mail 
communications through their networks. Any views expressed in this message are 
those of the individual sender, except where the message states otherwise and 
the sender is authorised to state them to be the views of the sender's company.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Access to Webpage

[Victor Trac]

This is a mail server/webmail client problem and not an apache problem.  On 5/12/06, Ranjith Kumar <[EMAIL PROTECTED]
> wrote:Hi,
 
I have a mail server running postfix, and using squirrel mail for webaccess. Its running based on apache. 
I have two ip addresses on the system, one is public and another one is for local. 
All my users can access the website and check their mails from any where (local and internet), 
I do not want to allow all users from outside of my network. I want to allow few users only from the internet.
 
How can I do this? Help me
 
 
Regards,
Ranjith Kumar

-- http://www.victortrac.com

Re: [EMAIL PROTECTED] Access to Webpage

[Norbul]

If yours users have static IP you can use option in 
directory tag "allow from" or use .htaccess to make 
authentication
 
 

  - Original Message - 
  From: 
  Ranjith 
  Kumar 
  To: users@httpd.apache.org 
  Sent: Friday, May 12, 2006 1:41 PM
  Subject: [EMAIL PROTECTED] Access to 
  Webpage
  
  Hi,
   
  I have a mail server running postfix, and using squirrel mail for 
  webaccess. Its running based on apache. 
  I have two ip addresses on the system, one is public and another one is 
  for local. 
  All my users can access the website and check their mails from any where 
  (local and internet), 
  I do not want to allow all users from outside of my network. I want to 
  allow few users only from the internet.
   
  How can I do this? Help me
   
   
  Regards,
  Ranjith Kumar

Re: [EMAIL PROTECTED] Access to Webpage

[Rainer Sokoll]

On Fri, May 12, 2006 at 05:11:33PM +0530, Ranjith Kumar wrote:

> I do not want to allow all users from outside of my network. I want to allow
> few users only from the internet.
> 
> How can I do this? Help me

The users have to authenticate themselves on your mailserver - where is
your problem?

Rainer

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Access to Webpage

[Ranjith Kumar]

Hi,
 
I have a mail server running postfix, and using squirrel mail for webaccess. Its running based on apache. 
I have two ip addresses on the system, one is public and another one is for local. 
All my users can access the website and check their mails from any where (local and internet), 
I do not want to allow all users from outside of my network. I want to allow few users only from the internet.
 
How can I do this? Help me
 
 
Regards,
Ranjith Kumar

[EMAIL PROTECTED] passing request to the server

[Tiago Semprebom]

Hello,I'm beginning the development of a handler module and one of the tasks of this module is change some request uri to another uri. I developed this small module (code below), in this small module I compare if an incoming request uri is equal a determinate uri if is true I change this request uri for an another uri. I need now to direct this request to the server for that it can serve this request and send the result to the client.thank's in advanced,Tiago Semprebom---#include "httpd.h"#include "ap_config.h"#include static int my_new_handler(request_rec *r){    int APRStatus = OK;    if (r->method_number != M_GET)   return DECLINED;    if (r->finfo.filetype == 0)
 {    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,"print_test: %s", r->uri);    if (!strcmp(r->uri,"/tiago/precisas/index1.htm")){    r->uri = "/tiago/imprecisas/index1.htm";    }    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,"print_test2: %s", r->uri);    return HTTP_NOT_FOUND;    }    return (APRStatus);} static void register_hooks(apr_pool_t *p){ ap_hook_handler(my_new_handler,NULL,NULL,APR_HOOK_MIDDLE);}module AP_MODULE_DECLARE_DATA my_handler ={    STANDARD20_MODULE_STUFF,    NULL,  /* create per-directory config structure */   
 NULL,  /* merge per-directory config structures */    NULL,  /* create per-server config structure */    NULL,  /* merge per-server config structures */    NULL,  /* command apr_table_t */    register_hooks /* register hooks */};
		 
Yahoo! Search 
Música para ver e ouvir: You're Beautiful, do James Blunt

RE: [EMAIL PROTECTED] https to http proxy with Apache

[Axel-Stéphane SMORGRAV]

I guess the response to the POST is a redirect (302) which is not rewritten by 
any of the ProxyPassReverse directives. In that case the URL of the Location 
header probably starts with http://andy:port/ instead of 
https://my.reverse.proxy.com/

What you need to do is figure out exactly what the value of the Location header 
of the 302 response is and add a ProxyPassReverse directive that matches that 
URL.


Looking more closely at your configuration, I notice that you set 
ProxyPreserveHost On. In that case redirects from the Tomcats would be to 
http://my.reverse.proxy.com/, and since there is no ProxyPassReverse that 
matches, Location headers would never be adjusted. Basically, none of the 
ProxyPassReverse in your configuration would ever match a Location header in a 
302 response from Tomcat.

You then have two choices: either turn off ProxyPreserveHost, or change the 
ProxyPassReverse accordingly. I cannot see any good reason to use 
ProxyPreserveHost unless your backend application generates absolute HTTP links 
into HTML contents, based on the Host header.

-ascs


-Original Message-
From: Bo Najdrovsky [mailto:[EMAIL PROTECTED] 
Sent: Thursday, May 11, 2006 9:36 PM
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] https to http proxy with Apache

Hello, I have a problem I've been grappling with for the past 3 days 
without much luck so I thought I'd come to the experts.   :-)  I have 
an Apache 2.0.x server, which acts as a load balancing gateway to 
multiple Tomcat servlet containers behind it. This proxying/load 
balancing is done using the combination of mod_rewrite and mod_proxy.  
It has been working very well for traffic over normal HTTP.  I now need 
to make this work over HTTPS between the browsers and the Apache, and 
that's where I'm having the problem.   I configured the Apache server to 
listen for HTTPS requests, and they forward correctly over regular HTTP 
to the Tomcats behind it, however whenever there is an incoming POST 
from a form in the web application, the response from the Tomcat causes 
a switch to HTTP, where I need it to remain HTTPS.  Here's what the 
pertinent portion of the configuration looks like:

RewriteMap tomcats "rnd:/path/to/tomcat-workers.conf"
ProxyPreserveHost On
ProxyTimeout 8000


RewriteEngine On

RewriteCond "%{HTTP_COOKIE}"  "(^};\s*)jsessionid=\w*\.(\w+)($|;)" [NC]
RewriteRule "(.*)""http://$(tomcats:%2)%{REQUEST_URI}" [P,L,NC]
RewriteRule "^.*;jsessionid=\w*\.(\w+)($|;)"  
"http://$(tomcats:$1)%{REQUEST_URI}" [P,L,NC]
RewriteRule "(.*)""http://$(tomcats:all)%{REQUEST_URI}" [P,L,NC]

ProxyPassRevese http://andy:8012/
ProxyPassRevese http://andy:8022/
ProxyPassRevese http://andy:8032/
ProxyPassRevese http://andy:8042/


I suspect that the problem lies somewhere in the ProxyPassReverse, but 
don't know what I could to remedy it. Any suggestions would be welcome.  
Thanks,

Bo


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] Proxy errors

[Axel-Stéphane SMORGRAV]

The error you are referring to is generated during the processing of the 
backend server response. It may be due to the backend server closing the 
connection, or the connection timing out.

The timeout is 5 minutes by default, so unless the request really takes that 
long to process, I think it is more likely that this is due to the remote 
server having closed the connection.

The timeout value can be changed. ProxyTimeout surely applies, but you may also 
have to change Timeout.

-ascs


-Original Message-
From: Matthew Claridge [mailto:[EMAIL PROTECTED] 
Sent: Thursday, May 11, 2006 1:55 PM
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] Proxy errors

Hi,

I'm seeing the following in my apache error log:

proxy: Error reading from remote server

But I'm having trouble tying it up to a request in the access log and also 
having problem diagnosing the exact fault. Can I therefore ask a few questions?

1. We use mod_proxy as part of a whole pile of URL rewriting we do. I
*think* the proxy is timing out during the rewriting process, possibly because 
Apache gets busy. We also limit the bandwidth on this site so that might be 
causing the timeout. Does this seem a reasonable explanation? Or does anyone 
else have any other ideas?

2. Another possibility is that a lot of our pages make http requests to 
external services behind the scenes, before returning to the user. If these 
external services fail to respond, this may also cause the proxy timeout. 
Comments?

3. I have ProxyErrorOverride turned on, but does this error have an associated 
HTTP 1.1 status code that I can trap and then give a better error? I don't see 
anything in the access logs, but that might be because its trapped inside 
mod_rewrite.

4. When this error occurs, it doesn't seem to be either  or 
 after the request is made. My understanding is that this error 
occurs because the proxy times out, but which timeout value is it supposed to 
use?

Thanks in advance for any help you can give.

cheers
Matt
--
Matthew Claridge
Product Support Engineer
RWA Limited

Tel: 02920 815 054
Email: [EMAIL PROTECTED]
Web: www.rwa-net.co.uk


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] https to http proxy with Apache

[Boyle Owen]

> -Original Message-
> From: Bo Najdrovsky [mailto:[EMAIL PROTECTED] 
> Sent: Thursday, May 11, 2006 9:36 PM
> To: users@httpd.apache.org
> Subject: [EMAIL PROTECTED] https to http proxy with Apache
> 
> Hello, I have a problem I've been grappling with for the past 3 days 
> without much luck so I thought I'd come to the experts.   :-) 
>  I have 
> an Apache 2.0.x server, which acts as a load balancing gateway to 
> multiple Tomcat servlet containers behind it. This proxying/load 
> balancing is done using the combination of mod_rewrite and 
> mod_proxy.  
> It has been working very well for traffic over normal HTTP.  
> I now need 
> to make this work over HTTPS between the browsers and the Apache, and 
> that's where I'm having the problem.   I configured the 
> Apache server to 
> listen for HTTPS requests, and they forward correctly over 
> regular HTTP 
> to the Tomcats behind it, 

Let's focus on this bit:

> however whenever there is an incoming POST 
> from a form in the web application, the response from the 
> Tomcat causes 
> a switch to HTTP, where I need it to remain HTTPS.  

I'm not sure I completely understand.. When you say, "causes a switch to HTTP", 
I assume you mean that after you submit the form, the browser address window 
changes to "http" (typically, this would be the acknowledgement page). If so, 
then the browser must be getting a redirect that tells it to do this.

If not, can you explain in more detail exactly what happens at this point.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

Here's what the 
> pertinent portion of the configuration looks like:
> 
> RewriteMap tomcats "rnd:/path/to/tomcat-workers.conf"
> ProxyPreserveHost On
> ProxyTimeout 8000
> 
> 
> RewriteEngine On
> 
> RewriteCond "%{HTTP_COOKIE}"  
> "(^};\s*)jsessionid=\w*\.(\w+)($|;)" [NC]
> RewriteRule "(.*)"
> "http://$(tomcats:%2)%{REQUEST_URI}" [P,L,NC]
> RewriteRule "^.*;jsessionid=\w*\.(\w+)($|;)"  
> "http://$(tomcats:$1)%{REQUEST_URI}" [P,L,NC]
> RewriteRule "(.*)"
> "http://$(tomcats:all)%{REQUEST_URI}" [P,L,NC]
> 
> ProxyPassRevese http://andy:8012/
> ProxyPassRevese http://andy:8022/
> ProxyPassRevese http://andy:8032/
> ProxyPassRevese http://andy:8042/
> 
> 
> I suspect that the problem lies somewhere in the 
> ProxyPassReverse, but 
> don't know what I could to remedy it. Any suggestions would 
> be welcome.  
> Thanks,
> 
> Bo
> 
> 
> -
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen 
Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a 
private and personal nature. It is not related to the exchange or business 
activities of the SWX Group. Le présent e-mail est un message privé et 
personnel, sans rapport avec l'activité boursière du Groupe SWX.
 
 
This message is for the named person's use only. It may contain confidential, 
proprietary or legally privileged information. No confidentiality or privilege 
is waived or lost by any mistransmission. If you receive this message in error, 
please notify the sender urgently and then immediately delete the message and 
any copies of it from your system. Please also immediately destroy any 
hardcopies of the message. You must not, directly or indirectly, use, disclose, 
distribute, print, or copy any part of this message if you are not the intended 
recipient. The sender's company reserves the right to monitor all e-mail 
communications through their networks. Any views expressed in this message are 
those of the individual sender, except where the message states otherwise and 
the sender is authorised to state them to be the views of the sender's company.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] verifying and installing apache 2.0.5.8 in AIX/unix environment

[Boyle Owen]

> -Original Message-
> From: johnny page [mailto:[EMAIL PROTECTED] 
> Sent: Thursday, May 11, 2006 8:27 PM
> To: users@httpd.apache.org
> Subject: [EMAIL PROTECTED] verifying and installing apache 
> 2.0.5.8 in AIX/unix environment
> 
> How exactly do you verify the apache download?

This is explained here: http://httpd.apache.org/download.cgi#verify

Basically, you download the file linked to by [PGP] and/or [MD5] next to the 
distro you just downloaded and then you run one of the commands shown 
(depending on what you've got installed on your system). Personally, I use the 
MD5 signature since I have Gnu textutils (see link on the page). To verify, I 
do: 

$ md5sum httpd-2.2.2.tar.gz

This returns a hex string which is the MD5 checksum of the data in the file. 
You I then compare this with the data in the [MD5] link and check the strings 
match. If they do, you can be sure that the file you just downloaded is the 
same as the one on the apache website and so nobody sneaked anything into the 
code...

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.  

> 
> _
> Express yourself instantly with MSN Messenger! Download today 
> - it's FREE! 
> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
> 
> 
> -
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen 
Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a 
private and personal nature. It is not related to the exchange or business 
activities of the SWX Group. Le présent e-mail est un message privé et 
personnel, sans rapport avec l'activité boursière du Groupe SWX.
 
 
This message is for the named person's use only. It may contain confidential, 
proprietary or legally privileged information. No confidentiality or privilege 
is waived or lost by any mistransmission. If you receive this message in error, 
please notify the sender urgently and then immediately delete the message and 
any copies of it from your system. Please also immediately destroy any 
hardcopies of the message. You must not, directly or indirectly, use, disclose, 
distribute, print, or copy any part of this message if you are not the intended 
recipient. The sender's company reserves the right to monitor all e-mail 
communications through their networks. Any views expressed in this message are 
those of the individual sender, except where the message states otherwise and 
the sender is authorised to state them to be the views of the sender's company.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]