RE: [EMAIL PROTECTED] basic auth, apache, and denies

[Boyle Owen]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
> Sent: Thursday, August 03, 2006 5:30 AM
> To: users@httpd.apache.org
> Subject: [EMAIL PROTECTED] basic auth, apache, and denies
> 
> 
> Question:
> 
> apache 1.3.x.  apache basic auth (over SSL) involving many users and
> groups.  Alice's group gets access to /x and /y, but Bob's group only
> gets access to /x.  When Bob tries to access /x, Bob gets a
> username/password prompt.  Bob types in his username and password, and
> all is good.  But if Bob tries to go to /y, he gets a username and
> password prompt again and again.  This is presumably because apache
> knows Bob isn't supposed to have access to /y, so it sends a 401
> error, and the browser prompts for another username and password in
> the hope that Bob has another login that will work.  Of course, this
> confuses Bob to no end.

It's not as clever as that. Each request has to have a valid set of
credentials in a basic auth header or the server responds 401.

I rather think the funny behaviour results from something else:

1) Are /x and /y really parallel URLs (eg, http://server/dir1 and
http://server/dir2) or are they nested (eg, http://server/dir and
http://server/dir/subdir)? If they're nested, results will be
unpredictable since basic auth only supports a single layer of
authorization...
2) Is any of the content on /x located /y or vice-versa? If /x/page
contains an image at /y/pic.png, then this might screw up (it's browser
dependent). 

> 
> So what I would like is for Bob's access attempts to /y to result in a
> 403 instead of a 401.  In more concrete terms, if the browser presents
> username/password credentials to a resource, and those credentials are
> valid credentials but are not allowed access to this particular
> resource, the access should result in a 403, or similar, instead of a
> 401.

Credentials are only valid relative to a resource. You can't go to the
Stones concert with a ticket for Robbie Williams. You might as well turn
up with a bus ticket...

The correct response to an unauthorized request for a protected resource
is 401. Sending 403 breaks HTTP and can't (and shouldn't) be done. 403
means the server wasn't allowed to fetch the data (server config or file
permissions).

Bone up a bit on exactly how basic auth works:
http://en.wikipedia.org/wiki/Basic_authentication_scheme

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

> 
> Is this possible?  A google search didn't turn up anything useful.
> Probably not imaginitive enough in search terms; someone else has to
> have had this problem before.
> 
> Thanks!
> 
> - Morty
> 
> -
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
 
 
This message is for the named person's use only. It may contain confidential, 
proprietary or legally privileged information. No confidentiality or privilege 
is waived or lost by any mistransmission. If you receive this message in error, 
please notify the sender urgently and then immediately delete the message and 
any copies of it from your system. Please also immediately destroy any 
hardcopies of the message. You must not, directly or indirectly, use, disclose, 
distribute, print, or copy any part of this message if you are not the intended 
recipient. The sender's company reserves the right to monitor all e-mail 
communications through their networks. Any views expressed in this message are 
those of the individual sender, except where the message states otherwise and 
the sender is authorised to state them to be the views of the sender's company.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] Problem with Script/binary execution

[Devireddy, Nagendra Reddy (STSD)]

Hi Greenlees,

Thank you very much for your reply. 
I have given proper permissions for the directory. And one more thing,
This is working fine on a Solaris Box. I am getting this problem with
Linux 2.6. I have compared everything b/n the two machines.
Configuration, structure everything is same.

Thanks,
Nagendra  

-Original Message-
From: Jaqui Greenlees [mailto:[EMAIL PROTECTED] 
Sent: Thursday, August 03, 2006 2:30 AM
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] Problem with Script/binary execution 


--- "Devireddy, Nagendra Reddy (STSD)"
<[EMAIL PROTECTED]> wrote:

> Hi all,
> 
> I am facing some problem while access a .exe file from the server.
> 
> http://localhost:3444/test.exe
> 
> Its giving the following error :
> 
> Internal Server Error
> The server encountered an internal error or misconfiguration and was 
> unable to complete your request.
> Please contact the server administrator, [EMAIL PROTECTED] and inform 
> them of the time the error occurred, and anything you might have done 
> that may have caused the error.
> More information about this error may be available in the server error

> log.
> And this is the error message in server log ..
> Premature end of script headers: test.exe, referer:
> http://localhost:3444/test.exe
> But I am able to run that exe from command line. Its generating 
> correct output. I have given the permissions as  rwxrwxrwx and tried. 
> Then also its giving the same problem.
> Can some one help me on this.. 
> Thanks in advance ..
> 
> Thanks and Regards,
> Nagendra Reddy. D

I'll ask it.. you did put the exe into a cgi designated folder and added
a handler to the httpd.conf?
by default, apache will not execute ANY file, only send it via http, you
have to reduce the site security by enabling the folder(s) holding files
you want executed and make sure you tell apache how to handle them.

Jeff Henager: "If the average user can put a CD in and boot the system
and follow the prompts, he can install and use Linux. If he can't do
that simple task, he doesn't need to be around technology."

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com 

-
The official User-To-User support forum of the Apache HTTP Server
Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] Hiding directory from the browser address field

[Boyle Owen]

> -Original Message-
> From: José Euclides Silva Junior [mailto:[EMAIL PROTECTED] 
> Sent: Wednesday, August 02, 2006 10:42 PM
> To: users@httpd.apache.org
> Subject: [EMAIL PROTECTED] Hiding directory from the browser address field
> 
> 
> 
> -- Forwarded message --
> From: José Euclides Silva Junior <[EMAIL PROTECTED]>
> Date: 02/08/2006 17:17
> Subject: Hiding directory from the browser address field
> To: [EMAIL PROTECTED]
> 
> 
> Hi guys,
> i need to hide the application(Java) root directory from the 
> browser, as you can see at these steps example:
> 1) Http request: www..com  
> 2) Apache runs module Alias: redirect www..com 
>   to www..com/somedir/ 
>  
> 3) App runs and Apache returns www..com/somedir/  to the browser 

You are a bit confused about the relationship between what the browser display 
in its location bar and what apache sends. Apache doesn't send the contents of 
the location bar - the browser just displays the URL it requested from the 
server. Here's how it works:

1) User types in http://server/
2) browser looks up server in DNS, sends request "GET /", location bar reads 
http://server/.
3) server gets request, sees it has a redirect rule so responds 301 Redirect to 
http://server/dir
4) browser gets redirect, makes new request "GET /dir", location bar now reads 
http://server/dir. 
5) server gets this request, fetches content, sends it back
6) browser gets content and displays it
7) location bar still reads http:/server/dir since that's the last thing 
browser requested.

So there is no way to do exactly what you want - the server can't control what 
the browser displays.

However, you may have visited a site that seemed to do that and are wondering 
how it worked? It cheated and used frames. You basically have a single page at 
http://server/ that contains a big frame and the frame URL is for the internal 
content (http://server/dir). So as you navigate through the site, the top level 
URL doesn't change and all the navigation is handled in the frame (and usually 
some javascript). The details are out-of-scope on this list (check a frames 
how-to if you want more info). 

Note that this "solution" only prevents the URLs appearing in the location bar. 
They are still visible to the user if he happens to "view-source" and read the 
HTML... So this isn't any form of security and is only cosmetic.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

> 
> But, at this thime(step 3) i need to alter some http header 
> field, because Apache must JUST return " www..com 
>  " to the browser, instead of " 
> www..com/somedir  ". How 
> coud i do it? Any alias ou rewrite directive available?
> Thanks in advance, Euclides. 
>
 
 
This message is for the named person's use only. It may contain confidential, 
proprietary or legally privileged information. No confidentiality or privilege 
is waived or lost by any mistransmission. If you receive this message in error, 
please notify the sender urgently and then immediately delete the message and 
any copies of it from your system. Please also immediately destroy any 
hardcopies of the message. You must not, directly or indirectly, use, disclose, 
distribute, print, or copy any part of this message if you are not the intended 
recipient. The sender's company reserves the right to monitor all e-mail 
communications through their networks. Any views expressed in this message are 
those of the individual sender, except where the message states otherwise and 
the sender is authorised to state them to be the views of the sender's company.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] Problem with Script/binary execution

[Boyle Owen]

> -Original Message-
> From: Devireddy, Nagendra Reddy (STSD) [mailto:[EMAIL PROTECTED] 
> Sent: Wednesday, August 02, 2006 5:20 PM
> To: users@httpd.apache.org
> Subject: [EMAIL PROTECTED] Problem with Script/binary execution 
> 
> Hi all, 
> 
> I am facing some problem while access a .exe file from the server. 
> 
> http://localhost:3444/test.exe   
> 
> Its giving the following error : 
> 
> Internal Server Error
...
> Its 
> generating correct output. 

Oh yeah?... Is it generating a CGI header before any other output?

Check this:
http://httpd.apache.org/docs/2.2/howto/cgi.html#writing

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

> I have given the permissions as  
> rwxrwxrwx and tried. Then also its giving the same problem.
> 
> Can some one help me on this.. 
> Thanks in advance .. 
> 
> Thanks and Regards, 
> Nagendra Reddy. D 
> 
>
 
 
This message is for the named person's use only. It may contain confidential, 
proprietary or legally privileged information. No confidentiality or privilege 
is waived or lost by any mistransmission. If you receive this message in error, 
please notify the sender urgently and then immediately delete the message and 
any copies of it from your system. Please also immediately destroy any 
hardcopies of the message. You must not, directly or indirectly, use, disclose, 
distribute, print, or copy any part of this message if you are not the intended 
recipient. The sender's company reserves the right to monitor all e-mail 
communications through their networks. Any views expressed in this message are 
those of the individual sender, except where the message states otherwise and 
the sender is authorised to state them to be the views of the sender's company.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] redirecting https to http..

[Boyle Owen]

> -Original Message-
> From: Brian Munroe [mailto:[EMAIL PROTECTED] 
> Sent: Thursday, August 03, 2006 6:51 AM
> To: users@httpd.apache.org
> Subject: Re: [EMAIL PROTECTED] redirecting https to http..
> 
> > I am sorry I guess I was not clear.
> >
> > Just redirection works fine..
> > The problem is when I issue https://example.com on browser
> > I get certificate is not signed by proper authority..
> > The reason is I have created a self signed certificate and 
> installed.
> > I have sent certificate to get it signed but meanwhile I do not want
> > users get popup msg. Is there a way to redirect users..?
> >
> 
> Oh now I get it.  Hum.  I would have thought that it would redirect
> (or rewrite) before it tried to do the SSL handshake. 

No - it's the other way round. The SSL session encapsulates the HTTP
session. So all the SSL negotiation takes place *before* any HTTP
traffic is sent. The browser flashes the warning during the SSL start-up
when the cert it gets back from the server doesn't have a trusted
authority.

There is no way to do what the OP wants.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

> I guess not,
> eh?
> 
> Sorry I couldn't be of more help.
> 
> -- brian
> 
> -
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
 
 
This message is for the named person's use only. It may contain confidential, 
proprietary or legally privileged information. No confidentiality or privilege 
is waived or lost by any mistransmission. If you receive this message in error, 
please notify the sender urgently and then immediately delete the message and 
any copies of it from your system. Please also immediately destroy any 
hardcopies of the message. You must not, directly or indirectly, use, disclose, 
distribute, print, or copy any part of this message if you are not the intended 
recipient. The sender's company reserves the right to monitor all e-mail 
communications through their networks. Any views expressed in this message are 
those of the individual sender, except where the message states otherwise and 
the sender is authorised to state them to be the views of the sender's company.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] redirecting https to http..

[Brian Munroe]

I am sorry I guess I was not clear.

Just redirection works fine..
The problem is when I issue https://example.com on browser
I get certificate is not signed by proper authority..
The reason is I have created a self signed certificate and installed.
I have sent certificate to get it signed but meanwhile I do not want
users get popup msg. Is there a way to redirect users..?



Oh now I get it.  Hum.  I would have thought that it would redirect
(or rewrite) before it tried to do the SSL handshake.  I guess not,
eh?

Sorry I couldn't be of more help.

-- brian

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] problem while accessing a executable using apache2.0.48 server

[Devireddy, Nagendra Reddy (STSD)]

Title: Problem with Script/binary execution



 

Hi all, 
I am facing some problem while access a .exe file 
from the server. 
http://localhost:3444/test.exe 

Its giving the following error : 
Internal Server 
Error The server 
encountered an internal error or misconfiguration and was unable to complete 
your request. Please 
contact the server administrator, [EMAIL PROTECTED] and inform them of the time 
the error occurred, and anything you might have done that may have caused the 
error.
More information about this error 
may be available in the server error log. And this is the error message in server log .. 
Premature end of script headers: test.exe, 
referer: http://localhost:3444/test.exe But I am able to run that exe from command line. Its 
generating correct output. I have given the permissions as  rwxrwxrwx and 
tried. Then also its giving the same problem.
Can some one help me on this.. 
Thanks in advance 
.. 
Thanks and 
Regards, Nagendra Reddy. D 

Re: [EMAIL PROTECTED] redirecting https to http..

[Divakar]

How about using a Redirect instead of a Rewrite rule?

Put something like this in the section for your SSL virtual host

Redirectmatch ^/(.*)$ http://example.com/$1

Brian,

I am sorry I guess I was not clear.

Just redirection works fine..
The problem is when I issue https://example.com on browser
I get certificate is not signed by proper authority..
The reason is I have created a self signed certificate and installed.
I have sent certificate to get it signed but meanwhile I do not want
users get popup msg. Is there a way to redirect users..?

thanks for helping me out..
Divakar

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] redirecting https to http..

[Brian Munroe]

On 8/2/06, Divakar <[EMAIL PROTECTED]> wrote:

Hi,

I would like to redirect all users trying
https://example.com/ ==>
http://example.com



How about using a Redirect instead of a Rewrite rule?

Put something like this in the section for your SSL virtual host

Redirectmatch ^/(.*)$ http://example.com/$1

-- brian

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] basic auth, apache, and denies

[morty]

Question:

apache 1.3.x.  apache basic auth (over SSL) involving many users and
groups.  Alice's group gets access to /x and /y, but Bob's group only
gets access to /x.  When Bob tries to access /x, Bob gets a
username/password prompt.  Bob types in his username and password, and
all is good.  But if Bob tries to go to /y, he gets a username and
password prompt again and again.  This is presumably because apache
knows Bob isn't supposed to have access to /y, so it sends a 401
error, and the browser prompts for another username and password in
the hope that Bob has another login that will work.  Of course, this
confuses Bob to no end.

So what I would like is for Bob's access attempts to /y to result in a
403 instead of a 401.  In more concrete terms, if the browser presents
username/password credentials to a resource, and those credentials are
valid credentials but are not allowed access to this particular
resource, the access should result in a 403, or similar, instead of a
401.

Is this possible?  A google search didn't turn up anything useful.
Probably not imaginitive enough in search terms; someone else has to
have had this problem before.

Thanks!

- Morty

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Rerouting Localhost (to XAMPP home page)

[David Blomstrom]

Rob Wilkerson <[EMAIL PROTECTED]> wrote: You should be able to do this one of two ways:1.  Change your DocumentRoot directory and the associated block to /Applications/xampp/htdocs2.  Uncomment the NameVirtualHosts directive and create a *:80> block that has a DocumentRoot that point to/Applications/xampp/htdocsI discovered that DocumentRoot is already set up as you susggested...DocumentRoot "/Applications/xampp/htdocs"So I tried the second option, adding this to my httpd.conf file:## VirtualHost example:# Almost any Apache directive may go into a VirtualHost container.# The first VirtualHost section is used for requests without a known# server name.###    ServerAdmin [EMAIL PROTECTED]#    DocumentRoot /www/docs/dummy-host.example.com#    ServerName dummy-host.example.com#    ErrorLog logs/dummy-host.example.com-error_log#    CustomLog logs/dummy-host.example.com-access_log common#NameVirtualHost *:80    ServerAdmin [EMAIL PROTECTED]    DocumentRoot /Applications/xampp/htdocs    ServerName dummy-host.example.com    ErrorLog logs/dummy-host.example.com-error_log    CustomLog logs/dummy-host.example.com-access_log commonI then restarted my computer, but nothing changed; http://localhost/ still displays the standard Apache greeting. I was concerned that I might have ruined my httpd.conf file because I'm just learning
 how to work with it on a Mac, and I've moved, deleted and modified it several times. But the fact that http://localhost indicates it's working, right?Do I have to substitute something meaningful for the server name? On my PC, my virtual hosts look like this:ServerName pxServerAlias px *.pxDocumentRoot C:\sistes\pxSo what would be the server name for the example I'm working on now - "etc."?Thanks. 
	
		See the all-new, redesigned Yahoo.com.  Check it out.

[EMAIL PROTECTED] redirecting https to http..

[Divakar]

Hi,

I would like to redirect all users trying
https://example.com/ ==>
http://example.com

we are still waiting for ssl certificate, but
meanwhile we want to redirect users instead of
getting a popup with "Cert from unknown authority"
when user try https://example.com

So far I am unlucky to get mod_rewrite work.

Things tried inside httpd.conf

RewriteEngine On
and following combinations..

1.
RewriteCond %{HTTPS} !=off
RewriteRule ^(.*)//(.*) http://%{SERVER_NAME}/$2 [L,R,NC]

2.
RewriteCond %{HTTPS} =on
RewriteRule ^/(.*) http://%{SERVER_NAME}/$1 [L,R,NC]

3.
RewriteCond %{HTTPS} !=off
RewriteRule ^/(.*) http://%{SERVER_NAME}/$1 [L,R,NC]

4.
RewriteCond %{SERVER_PORT} !=80
RewriteRule ^/(.*) http://%{SERVER_NAME}/$1 [L,R,NC]

Anybody know how to get this work..? Please help me..

TIA
Divakar

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] CoreDumpDirectory

[Mididoc Productions]

Excuse me Joshua,

I try to get that fixed, but am not so familiar yet.
will learn 


I installed the directory in httpd.conf:

CoreDumpDirectory /tmp



but I don't know for the rest to do:

"Before starting up the server, any process limits on core dump file size
must be lifted; for example"

  # ulimit -c unlimited
  # apachectl start



would you mind to help me with more details how to do that?


Thank you

Best regards

Mike Roland


>
> On 8/2/06, Mididoc Productions <[EMAIL PROTECTED]> wrote:
> > hi Joshua,
> >
> > thank you for responding.
> > I did a little research and found a link concerning this problem:
> > http://ubuntuforums.org/archive/index.php/t-18490.html
> >
> > Do you have an idea, from which module this could come?
> > Is there a methode to check which modules could be desactivated?
>
> The instructions in the link I sent you are exactly how to determine
> the problem module.
>
> Joshua.
>
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

AW: [EMAIL PROTECTED] message /var/logs/messages

[Mididoc Productions]

ok
will try to find out

regards

Mike Roland

> -Ursprüngliche Nachricht-
> Von: Jonathan Mangin [mailto:[EMAIL PROTECTED]
> Gesendet: Mittwoch, 2. August 2006 16:09
> An: users@httpd.apache.org
> Betreff: Re: [EMAIL PROTECTED] message /var/logs/messages
>
>
> Google VSAP.
> This certainly isn't an apache problem.
>
>
>
> - Original Message -
> From: "Mididoc Productions" <[EMAIL PROTECTED]>
> To: 
> Sent: Wednesday, August 02, 2006 9:35 AM
> Subject: AW: [EMAIL PROTECTED] message /var/logs/messages
>
>
> >
> >
> > > >
> > > > Aug  1 00:05:52 mail vsapd[27368]: untie attempted while 1
> > > > inner references
> > > > still exist at
> > > > /usr/local/lib/perl5/vendor_perl/5.8.4/VSAP/Server/Modules/vsa
> > > > p/sys/logs.pm
> > >
> > > Is a "vps server" something to do with apache? Anyway, this
> is just some
> > > buggy code in the perl module... BTW, First step in learning
> more about
> > > obscure error messages is to cut'n'paste them into Google...
> >
> >
> > I tried in google, didn't help further.
> > Do you have a solution?
> >
> > thanks for answering
> >
> > regards
> > Mike Roland
> >
> > >
> > > Rgds,
> > > Owen Boyle
> >
> >
> > -
> > The official User-To-User support forum of the Apache HTTP
> Server Project.
> > See http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> >"   from the digest: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
>
>
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] mod_proxy_ajp & static content

[dfelicia]

I've seen a few posts re: this topic, but don't quite get the solution...

I'm trying to use mod_proxy_ajp to pass only dynamic content to the servlet
engine (*.jsp), while allowing Apache to serve static content.  the catch,
of course, is that the URL has to be the same for both.

So,

http://myserver/myapp/my.jsp -> route to Tomcat
http://myserver/myapp/my.gif -> serve via Apache

This is quite easy to accomplish using mod_jk, but Apache 2.2 seems to
prefer mod_proxy_ajp.

I'm not an Apache expert, and could really benefit from an example,
especially if mod_rewrite comes into the picture as part of the solution.

Also, assuming there is some magic to make this work, will it perform as
well as mod_jk?
-- 
View this message in context: 
http://www.nabble.com/mod_proxy_ajp---static-content-tf2042892.html#a5624248
Sent from the Apache HTTP Server - Users forum at Nabble.com.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] cannot get ap_rvputs() or ap_rprintf() to generate server output in mod_include.

[Pyeatt, John]

This question is really directed at someone familiar with the C API.
 
I am currently working with a customer that is upgrading from Apache HTTP 
Server 1.3 to 2.2 on SunOS 5.9.
 
They have made a custom modification to mod_include that they want ported to 
the 2.2 version.
 
I have been able to get most of the logic into the new version of mod_include 
just fine and the standard mod_include ssi directives generate output a 
response to the browser just fine,  for example.
 
The part I am now struggling with is getting the thing to actually send the 
output in the response.
 
In the 1.3 version I could call ap_rvputs() or ap_rprintf() and the output 
would be sent in the response to the browser just fine.
 
But in 2.2 I am calling something as simple as:
 
len = ap_rprintf(r, "hello world");
 
I do not see this string appear in the browser. Though the value of len does 
equal 11. So at least to this point the server thinks it sent something.
 
Can anyone familiar with the API for generating output give me a hand? Is there 
some type of flush function I need to call? Or an init function?
 
--
John Pyeatt
Berbee Information Networks
Phone: 608-288-3000
Cell: 608-658-0871
Email: [EMAIL PROTECTED]

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Problem with Script/binary execution

[Jaqui Greenlees]

--- "Devireddy, Nagendra Reddy (STSD)"
<[EMAIL PROTECTED]> wrote:

> Hi all,
> 
> I am facing some problem while access a .exe file
> from the server.
> 
> http://localhost:3444/test.exe 
> 
> Its giving the following error :
> 
> Internal Server Error
> The server encountered an internal error or
> misconfiguration and was
> unable to complete your request.
> Please contact the server administrator,
> [EMAIL PROTECTED] and inform
> them of the time the error occurred, and anything
> you might have done
> that may have caused the error.
> More information about this error may be available
> in the server error
> log.
> And this is the error message in server log ..
> Premature end of script headers: test.exe, referer:
> http://localhost:3444/test.exe
> But I am able to run that exe from command line. Its
> generating correct
> output. I have given the permissions as  rwxrwxrwx
> and tried. Then also
> its giving the same problem.
> Can some one help me on this.. 
> Thanks in advance ..
> 
> Thanks and Regards,
> Nagendra Reddy. D

I'll ask it.. you did put the exe into a cgi
designated folder and added a handler to the
httpd.conf?
by default, apache will not execute ANY file, only
send it via http, you have to reduce the site security
by enabling the folder(s) holding files you want
executed and make sure you tell apache how to handle them.

Jeff Henager: "If the average user can put a CD in and boot the system and 
follow the prompts, he can install and use Linux. If he can't do that simple 
task, he doesn't need to be around technology."

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Hiding directory from the browser address field

[José Euclides Silva Junior]

-- Forwarded message --From: José Euclides Silva Junior <[EMAIL PROTECTED]>
Date: 02/08/2006 17:17Subject: Hiding directory from the browser address fieldTo: [EMAIL PROTECTED]
Hi guys,i need to hide the application(Java) root directory from the browser, as you can see at these steps example:1) Http request: 
www..com2) Apache runs module Alias: redirect www..com to 
www..com/somedir/3) App runs and Apache returns www..com/somedir/  to the browser But, at this thime(step 3) i need to alter some http header field, because Apache must JUST return "
www..com" to the browser, instead of "
 www..com/somedir". How coud i do it? Any alias ou rewrite directive available?Thanks in advance, Euclides. 

Re: [EMAIL PROTECTED] Patrick Presto is out of the office.

[Jaqui Greenlees]

--- Jacqui Caren <[EMAIL PROTECTED]> wrote:

> Nick Kew wrote:
> > We seem to get rather a lot of these from
> us.ibm.com.
> > Who is going to suggest they upgrade to a more
> capable
> > mail responder, such as the 20-year-old "vacation"
> program.
> 
> Block all email that includes 'out of the office'
> :-)
> 
> Of course, any vacation software should NEVER
> respond to
> mailing lists - and you can tell real lists from the
> headers.

shhh, don't tell ibm that lotus notes & domino are
screwed beyond belief. ;)

I look at it this way, if people aren't clued in
enough to change their list settings for vacation
time, it just proves that you really don't want to
work with them :)

Jaqui

Jeff Henager: "If the average user can put a CD in and boot the system and 
follow the prompts, he can install and use Linux. If he can't do that simple 
task, he doesn't need to be around technology."

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Excessive memory consumption

[John Morrissey]

On Wed, Jul 19, 2006 at 12:13:11PM -0400, Joshua Slive wrote:
> On 7/19/06, John Morrissey <[EMAIL PROTECTED]> wrote:
> > On Tue, Jul 18, 2006 at 08:53:51PM -0400, Joshua Slive wrote:
> > > Are any of the requests byte-ranges (response code 206).  If so, see:
> > > http://issues.apache.org/bugzilla/show_bug.cgi?id=29962
> >
> > Some are, yes. It looks like the Debian 2.0.54-5 packages already
> > include the patch attached to that bug (the one in the source package is
> > identical to the one posted in the bug).
> >
> > I also looked at bug 23567 (and 34589, which is a duplicate) but the
> > only filter we have enabled is INCLUDES (mod_include). None of the
> > suspect requests was for server-parsed HTML *and* a byte-range request
> > (206 response).
> 
> Well, you should really upgrade to the most recent version to make
> sure you have the official patch.  You can also do the
> RequestHeader unset Range
> Header unset Accept-Ranges
> hack.

We've been running the header modifications for three days now and haven't
had a single child spiral out of control.

I'm very surprised, since we're running the Debian package versioned
2.0.54-5, which includes the fix specified in Bug 29962 for CAN-2005-2728:

http://packages.qa.debian.org/a/apache2/news/20050908T181706Z.html

I checked it against revision 239378 in the 2.0.x branch; the Debian patch
is essentially identical:

http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/modules/http/http_protocol.c?r1=151405&r2=239378&view=patch

I even checked the package build process, and the patch is being included
during the build. I'm not sure how to react to this; perhaps this is a
different problem that has similar symptoms/workarounds? Should I try
following up to the relevant Debian and/or Apache bugs?

Thanks again for all your help, Joshua.

john
-- 
John Morrissey  _o/\   __o
[EMAIL PROTECTED]_-< \_  /  \     <  \,
www.horde.net/__(_)/_(_)/\___(_) /_(_)__

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Using env vars to compliment logging

[Mike Cardwell]

* on the Wed, Aug 02, 2006 at 08:42:32AM +0200, Boyle Owen wrote:

> If I understood the OP correctly, he wants ever more fine-grained
> control than that - he wants separate logs for different ServerAliases
> *within* a VH... ("wildcard approach in a VirtualHost container").
>
> That can't be done and you'd have to define a separate VH for each alias
> (ie, expand the aliases into full VHs). As described in (1) above, the
> better approach is to parse a global logfile later - you can put the
> hostname into the LogFoprmat with %{Host}i.

The way I would tackle this is:

1.) Update the LogFormat to include %{Host}i as described above
2.) Log to a pipe instead of to a file
3.) Write a script that the log will be piped to which handles
the logic of choosing a path depending on the host, and
writes to the correct log file.

If you take this approach, be sure to secure it so a user can't for
example symlink a log file to a system file such as /etc/passwd causing
you to overwrite/corrupt it.

I'm available for contract work if this is out of your reach. There is
also http://jobs.perl.org/ which I have no affiliation to.

Mike

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] mod_expires not working

[Gregor Schneider]

hi guys,I'm getting nuts here. This is what i have:Apache HTTPD 2.0.48, Suse 9 something, Tomcat 5.0.28 working together with Apache HTTPD via mod_jk.I have loaded and included both mod_headers and mod_expires (verified via https:/.../server-info), however, something puzzels me here:
First, I'm attaching my mod_headers.conf and mod_expires.conf:mod_headers.conf:  1   2    Header unset Pragma  3    Header set Connection: close env=object_is_pdf
  4    Header set ServerTokens MIN  5    Header set Cache-Control "public,must-revalidate"  6 mod_expires.conf:  1   2 ExpiresActive On
  3 ExpiresDefault "now plus 10 seconds"  4 ExpiresByType image/gif "now plus 3 months"  5 ExpiresByType image/jpeg "now plus 3 months"  6 ExpiresByType text/html "now plus 3 months"
  7 ExpiresByType text/xml "now plus 3 months"  8 ExpiresByType text/_javascript_ "now plus 3 months"  9 ExpiresByType application/pdf "now plus 3 months"
 10 Line 3 is to work around the IE-bug that you cannot download f.e. pdf's via SSL, the mod_setenvif.conf is missing here, but this is not the point.I would expect that I'm getting a response-header saying something like
Expires: Thu, 01 Nov 2006 22:00:00 CETHowever, what's coming back is   "Expires: Thu, 01 Jan 1970 01:00:00 CET".Since we have not implemented a form-based SSO between Apache HTTPD and Tomcat, we do have to serve our static HTML-content via Tomcat, and I can see that this header is definately created by Tomcat. When I go directly to Tomcat via 
https://myhost:8080/somehtml.html, I get exactly this header, too.Now here's my question:Why does mod_headers not seem to work here? What am I getting wrong?
Please note that I'm quite a newbie to Apache HTTPD and Tomcat, so I might ask some dumb questions...Any hints are greatly appreciated!Cheers & TIA!Gregor -- what's puzzlin' you, is the nature of my game

Re: [EMAIL PROTECTED] Patrick Presto is out of the office.

[Jacqui Caren]

Nick Kew wrote:

We seem to get rather a lot of these from us.ibm.com.
Who is going to suggest they upgrade to a more capable
mail responder, such as the 20-year-old "vacation" program.


Block all email that includes 'out of the office' :-)

Of course, any vacation software should NEVER respond to
mailing lists - and you can tell real lists from the headers.

Jacqui


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Patrick Presto is out of the office.

[Nick Kew]

On Wednesday 02 August 2006 16:59, Patrick Presto wrote:
> I will be out of the office starting  08/02/2006 and will not return until
> 08/03/2006.
>
> I am out of the office today but will be returning tomorrow.

We seem to get rather a lot of these from us.ibm.com.
Who is going to suggest they upgrade to a more capable
mail responder, such as the 20-year-old "vacation" program.

-- 
Nick Kew

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Patrick Presto is out of the office.

[Edward Krack]

Vincent Bray:

> > I will be out of the office starting 08/02/2006 and will not return until
> > 08/03/2006.
>
> Is that a US formatted date or have I got a whole month to raid your
> office?

You have less than 24 hours.
Better hurry!

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Patrick Presto is out of the office.

[Vincent Bray]

On 8/2/06, Patrick Presto <[EMAIL PROTECTED]> wrote:

I will be out of the office starting 08/02/2006 and will not return until
08/03/2006.


Is that a US formatted date or have I got a whole month to raid your office?


 I am out of the office today but will be returning tomorrow.

That's great, thanks.

--
noodl

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Vitualhosts ssl and apache2

[David Pratt]

This seems to be working for me testing the domain using a RewriteCond. 
It brings up the message that the cert is not right for host but I am 
not bothered by this at the moment. I simply want secure exchange for 
login etc until I go from a virtual server with one ip to dedicated with 
several ips.


Here I am rewriting from 8080 (regular port) as opposed to 8443 which is 
the port the secure twisted server is running on. I can separate this 
into separate virtual servers which would likely be best as you have 
pointed out.


Regards
David

Vincent Bray wrote:

On 8/2/06, David Pratt <[EMAIL PROTECTED]> wrote:

Hi Vincent, ok - I am trying something else that I have partially
working but I need something to fix my regex to catch to domain
properly. So may have need a RewriteCond that can compare domain name
coming in.

Here is what I have got so far but since my regex is not right for
domains - it moves on to the last RewriteRule that I have set up which
places it in the zope root - but good thing is that ssl works properly.
So I need a proper regex that will catch the domain so it will land on
the right rewrite rule. Many thanks.


Hi again,
It's entirely unclear what you're trying to do here, and why you are
using mod_rewrite to do it. If you need to differentiate the proxy
address based on the host name, then you should be using multiple
vhosts instead. As pointed out earlier though, this can't work on a
single ip/port.

In any case, if you really want to do this wrong, then
RewriteCond %{HTTP_HOST} (.+)
.. will allow you to read the hostname, putting the result in %1 for
the following rule.



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Patrick Presto is out of the office.

[Patrick Presto]

I will be out of the office starting  08/02/2006 and will not return until 08/03/2006.

I am out of the office today but will be returning tomorrow. 

Re: [EMAIL PROTECTED] Can't get mod_rewrite to do anything

[Ken Schutte]

Vincent Bray wrote:

The debian apache layout usually includes a default virtual host in a
directory called sites-enabled. If you 've got one of those, your
rewrite rules in the main server context will have no effect. There
are two ways around this, either move the rules in to the default
vhost, or add RewriteEngine On and RewriteOptions Inherit to that
vhost.



That was it - I put it in the default vhost file and it's working now. 
Thanks!


Ken

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Problem with Script/binary execution

[Devireddy, Nagendra Reddy (STSD)]

Title: Problem with Script/binary execution 






Hi all,


I am facing some problem while access a .exe file from the server.


http://localhost:3444/test.exe 


Its giving the following error :


Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, [EMAIL PROTECTED] and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

And this is the error message in server log ..

Premature end of script headers: test.exe, referer: http://localhost:3444/test.exe

But I am able to run that exe from command line. Its generating correct output. I have given the permissions as  rwxrwxrwx and tried. Then also its giving the same problem.

Can some one help me on this.. 

Thanks in advance ..


Thanks and Regards,

Nagendra Reddy. D

Re: [EMAIL PROTECTED] Access control and AJP

[Dan Peder Eriksen]

Hello Vincent,

that worked just perfect. Thanks for you quick reply :)

Sincerely Dan Peder Eriksen

On Wed, 02 Aug 2006 16:56:10 +0200, Vincent Bray <[EMAIL PROTECTED]> wrote:


On 8/2/06, Dan Peder Eriksen <[EMAIL PROTECTED]> wrote:

Hello,


Hi,

[snip]


This is what I have been trying:

AuthType Basic
AuthName "Restricted Files"
AuthBasicProvider file
AuthUserFile F:\Apache\passwd
Require valid-user



 is entirely the wrong directive to use here, as it refers
to a filesystem location, rather than a URI. Try  instead.





-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Access control and AJP

[Vincent Bray]

On 8/2/06, Dan Peder Eriksen <[EMAIL PROTECTED]> wrote:

Hello,


Hi,

[snip]


This is what I have been trying:

AuthType Basic
AuthName "Restricted Files"
AuthBasicProvider file
AuthUserFile F:\Apache\passwd
Require valid-user



 is entirely the wrong directive to use here, as it refers
to a filesystem location, rather than a URI. Try  instead.

--
noodl

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: RE: [EMAIL PROTECTED] Firefox - 'partially encrypted' SSL

[Vincent Bray]

On 8/2/06, Declerck Michael-W30479 <[EMAIL PROTECTED]> wrote:

Under 'view page info' then 'links' I have about nine different http://
links, but most of them lead away from my site.
One of links is a form submission to an intranet search database (I have
to include that because of intranet standards), and the javascript for
that searching function is sourced from another site on the intranet.

I have a rewrite rule that transfers all http:// requests to https://,
but I had all my site links changed anyway.
What does the linking have to do with the partially encrypted message?
And could external javascript sourcing cause a hole in the SSL
encryption?


Firefox appears to be doing the right thing here. The reference to
your javascript being via http:// causes the error message to be
displayed, quite rightly in my opinion. Imagine that the link was
included in the page not by you, but as the result of an XSS
vulnerability. In that case, the javascript could easily disclose
private information.

--
noodl

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Access control and AJP

[Dan Peder Eriksen]

Hello,

I have configured my apache httpd server 2.2.3 to have
apache tomcat 5.5 handle requests with path /Tromsbuss.
Using the following line in httpd.conf:
ProxyPass /Tromsbuss ajp://127.0.0.1:8009/Tromsbuss

This all works nice. What I am trying to now is to provide
access control to /Tromsbuss. I have tried what was supplied
in the howto on access control in the documentation and it
works for anything that the httpd server is serving, however
once tomcat is serving it, it just does not prompt for
authentication information.

This is what I have been trying:

AuthType Basic
AuthName "Restricted Files"
AuthBasicProvider file
AuthUserFile F:\Apache\passwd
Require valid-user


I would be greatly appreiciate anyone who could help me out
or point me in the right direction so I can solve this.

Thanks for your time.

Sincerely Dan Peder Eriksen

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Firefox - 'partially encrypted' SSL

[Graeme Walker]

If there are any page resources, other than links to other websites etc then this will cause the page to be partially secured, since these are not https resources i.e. are not using a secure socket.
On 8/2/06, Declerck Michael-W30479 <[EMAIL PROTECTED]> wrote:
Under 'view page info' then 'links' I have about nine different http://links, but most of them lead away from my site.One of links is a form submission to an intranet search database (I haveto include that because of intranet standards), and the _javascript_ for
that searching function is sourced from another site on the intranet.I have a rewrite rule that transfers all http:// requests to https://,but I had all my site links changed anyway.What does the linking have to do with the partially encrypted message?
And could external _javascript_ sourcing cause a hole in the SSLencryption?-Original Message-From: Richard Collyer [mailto:[EMAIL PROTECTED]]Sent: Wednesday, August 02, 2006 5:25 AM
To: users@httpd.apache.orgSubject: Re: [EMAIL PROTECTED] Firefox - 'partially encrypted' SSLOn Wed, August 2, 2006 10:11 am, Vincent Bray wrote:> On 8/1/06, Declerck Michael-W30479 <
[EMAIL PROTECTED]> wrote:>> Any advice?>> Does this sound like Firefox brokenness?>> I would assume that it is my configuration that is the problem.
>> Is this just a case of having media or frames linked in to your page> via http:// links?Right click --> view page info.Search for the media that is linked by http:// and not https://
CheersRichard-The official User-To-User support forum of the Apache HTTP ServerProject.See 
http://httpd.apache.org/userslist.html> for more info.To unsubscribe, e-mail: [EMAIL PROTECTED]   "   from the digest: 
[EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]-
The official User-To-User support forum of the Apache HTTP Server Project.See http://httpd.apache.org/userslist.html> for more info.To unsubscribe, e-mail: 
[EMAIL PROTECTED]   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Re: [EMAIL PROTECTED] Vitualhosts ssl and apache2

[Vincent Bray]

On 8/2/06, David Pratt <[EMAIL PROTECTED]> wrote:

Hi Vincent, ok - I am trying something else that I have partially
working but I need something to fix my regex to catch to domain
properly. So may have need a RewriteCond that can compare domain name
coming in.

Here is what I have got so far but since my regex is not right for
domains - it moves on to the last RewriteRule that I have set up which
places it in the zope root - but good thing is that ssl works properly.
So I need a proper regex that will catch the domain so it will land on
the right rewrite rule. Many thanks.


Hi again,
It's entirely unclear what you're trying to do here, and why you are
using mod_rewrite to do it. If you need to differentiate the proxy
address based on the host name, then you should be using multiple
vhosts instead. As pointed out earlier though, this can't work on a
single ip/port.

In any case, if you really want to do this wrong, then
RewriteCond %{HTTP_HOST} (.+)
.. will allow you to read the hostname, putting the result in %1 for
the following rule.

--
noodl

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Vitualhosts ssl and apache2

[David Pratt]

Hi Vincent, ok - I am trying something else that I have partially 
working but I need something to fix my regex to catch to domain 
properly. So may have need a RewriteCond that can compare domain name 
coming in.


Here is what I have got so far but since my regex is not right for 
domains - it moves on to the last RewriteRule that I have set up which 
places it in the zope root - but good thing is that ssl works properly. 
So I need a proper regex that will catch the domain so it will land on 
the right rewrite rule. Many thanks.


Regards,
David


  RewriteEngine On
  RewriteRule ^.*mydomain\.com/(.*)
http://127.0.0.1:8080/am11727372/++vh++https:www.mydomain.com:443/++/$1 
[L,P]
  RewriteRule ^.*mydomain1\.com/(.*) 
http://127.0.0.1:8080/am12704055/++vh++https:www.mydomain1.com:443/++/$1 
[L,P]
 RewriteRule ^/(.*) 
http://127.0.0.1:8080/++vh++https:%{HTTP_HOST}:443/++/$1 [L,P]


  SSLEngine on
  SSLCipherSuite 
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

  SSLCertificateFile /usr/local/etc/apache2/ssl.crt/self_signed.cert
  SSLCertificateKeyFile /usr/local/etc/apache2/ssl.key/self_signed.key
  SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
  
SSLOptions +StdEnvVars
  
  
SSLOptions +StdEnvVars
  

  SetEnvIf User-Agent ".*MSIE.*" \
   nokeepalive ssl-unclean-shutdown \
   downgrade-1.0 force-response-1.0


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Child pid

[Joshua Slive]

On 8/2/06, Mididoc Productions <[EMAIL PROTECTED]> wrote:

hi Joshua,

thank you for responding.
I did a little research and found a link concerning this problem:
http://ubuntuforums.org/archive/index.php/t-18490.html

Do you have an idea, from which module this could come?
Is there a methode to check which modules could be desactivated?


The instructions in the link I sent you are exactly how to determine
the problem module.

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] Firefox - 'partially encrypted' SSL

[Declerck Michael-W30479]

Under 'view page info' then 'links' I have about nine different http://
links, but most of them lead away from my site.
One of links is a form submission to an intranet search database (I have
to include that because of intranet standards), and the javascript for
that searching function is sourced from another site on the intranet.

I have a rewrite rule that transfers all http:// requests to https://,
but I had all my site links changed anyway.
What does the linking have to do with the partially encrypted message?
And could external javascript sourcing cause a hole in the SSL
encryption?

-Original Message-
From: Richard Collyer [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, August 02, 2006 5:25 AM
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] Firefox - 'partially encrypted' SSL


On Wed, August 2, 2006 10:11 am, Vincent Bray wrote:
> On 8/1/06, Declerck Michael-W30479 <[EMAIL PROTECTED]> wrote:
>> Any advice?
>> Does this sound like Firefox brokenness?
>> I would assume that it is my configuration that is the problem.
>
> Is this just a case of having media or frames linked in to your page 
> via http:// links?

Right click --> view page info.

Search for the media that is linked by http:// and not https://

Cheers
Richard


-
The official User-To-User support forum of the Apache HTTP Server
Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

AW: [EMAIL PROTECTED] message /var/logs/messages

[Mididoc Productions]

> 
> What do you mean? Google tells you exactly what the error is. If you
> google for "untie attempted while 1 inner references still exist" you
> will get several versions of the perltie man page all of which give the
> exact error message and its cause. 
> 
> I'm not a perl guru, but as far as I can see, it's just a warning that
> an object is being dereferenced while there is a still a reference to
> it. That means the garbage collector can't free the resources and you
> might get a memory leak. If the code was controlling the Mars Polar
> Lander it might be worth worrying about but it's only a minor
> performance issue and not too important.
> 
> NB - this is occurring in some buggy piece of perl that has next to
> nothing to do with apache...
> 
> > Do you have a solution?
> 
> Yes. Don't use that perl module. However, an alternative is not to
> bother about it because you don't really have a problem.

ok thank you

regards

mike roland


> 
> Rgds,
> Owen Boyle


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] message /var/logs/messages

[Jonathan Mangin]

Google VSAP.
This certainly isn't an apache problem.



- Original Message - 
From: "Mididoc Productions" <[EMAIL PROTECTED]>
To: 
Sent: Wednesday, August 02, 2006 9:35 AM
Subject: AW: [EMAIL PROTECTED] message /var/logs/messages


>
>
> > >
> > > Aug  1 00:05:52 mail vsapd[27368]: untie attempted while 1
> > > inner references
> > > still exist at
> > > /usr/local/lib/perl5/vendor_perl/5.8.4/VSAP/Server/Modules/vsa
> > > p/sys/logs.pm
> >
> > Is a "vps server" something to do with apache? Anyway, this is just some
> > buggy code in the perl module... BTW, First step in learning more about
> > obscure error messages is to cut'n'paste them into Google...
>
>
> I tried in google, didn't help further.
> Do you have a solution?
>
> thanks for answering
>
> regards
> Mike Roland
>
> >
> > Rgds,
> > Owen Boyle
>
>
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] message /var/logs/messages

[Boyle Owen]

> -Original Message-
> From: Mididoc Productions [mailto:[EMAIL PROTECTED] 
> Sent: Wednesday, August 02, 2006 3:35 PM
> To: users@httpd.apache.org
> Subject: AW: [EMAIL PROTECTED] message /var/logs/messages
> 
> 
> 
> > > 
> > > Aug  1 00:05:52 mail vsapd[27368]: untie attempted while 1 
> > > inner references
> > > still exist at
> > > /usr/local/lib/perl5/vendor_perl/5.8.4/VSAP/Server/Modules/vsa
> > > p/sys/logs.pm
> > 
> > Is a "vps server" something to do with apache? Anyway, this 
> is just some
> > buggy code in the perl module... BTW, First step in 
> learning more about
> > obscure error messages is to cut'n'paste them into Google...
> 
> 
> I tried in google, didn't help further.

What do you mean? Google tells you exactly what the error is. If you
google for "untie attempted while 1 inner references still exist" you
will get several versions of the perltie man page all of which give the
exact error message and its cause. 

I'm not a perl guru, but as far as I can see, it's just a warning that
an object is being dereferenced while there is a still a reference to
it. That means the garbage collector can't free the resources and you
might get a memory leak. If the code was controlling the Mars Polar
Lander it might be worth worrying about but it's only a minor
performance issue and not too important.

NB - this is occurring in some buggy piece of perl that has next to
nothing to do with apache...

> Do you have a solution?

Yes. Don't use that perl module. However, an alternative is not to
bother about it because you don't really have a problem.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

> 
> thanks for answering
> 
> regards
> Mike Roland
> 
> > 
> > Rgds,
> > Owen Boyle
> 
> 
> -
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
 
 
This message is for the named person's use only. It may contain confidential, 
proprietary or legally privileged information. No confidentiality or privilege 
is waived or lost by any mistransmission. If you receive this message in error, 
please notify the sender urgently and then immediately delete the message and 
any copies of it from your system. Please also immediately destroy any 
hardcopies of the message. You must not, directly or indirectly, use, disclose, 
distribute, print, or copy any part of this message if you are not the intended 
recipient. The sender's company reserves the right to monitor all e-mail 
communications through their networks. Any views expressed in this message are 
those of the individual sender, except where the message states otherwise and 
the sender is authorised to state them to be the views of the sender's company.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Re: [EMAIL PROTECTED] Vitualhosts ssl and apache2

[Vincent Bray]

On 8/2/06, David Pratt <[EMAIL PROTECTED]> wrote:

Hi Vincent. I had found this example searching more but not sure it is
of any value.


It may be of value but you should understand what it's doing. With
this setup there are two distinct ssl conversations going on. As
pointed out by the message linked to earier, this is usually
pointless.

--
noodl

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Vitualhosts ssl and apache2

[David Pratt]

Hi Vincent. I had found this example searching more but not sure it is 
of any value.


Regards,
David


ServerName webmail.example.org
DocumentRoot /var/www/html/exchange
RedirectMatch ^/(index.html?)$ 
https://webmail.example.org/exchange/

RedirectMatch ^/exchange$ https://webmail.example.org/exchange/



# This secures the server from being used as a third party
# proxy server
ProxyRequests Off

# Allows the proxying of a SSL connection
SSLProxyEngine On
ProxyVia On

DocumentRoot /home/user/mail_proxy/html/
RequestHeader set Front-End-Https "On"

ServerName mail

# Set up SSL to work with this host
SSLEngine On
SSLCertificateFile /etc/apache/webmail-proxy/server.crt
SSLCertificateKeyFile /etc/apache/webmail-proxy/server.key

SSLProxyMachineCertificateFile 
/etc/apache/webmail-proxy/certnew.cer


ProxyPass /exchange/ https://mail-internal/exchange/
ProxyPassReverse /exchange/ https://mail-internal/exchange/

ProxyPass /exchweb/ https://mail-internal/exchweb/
ProxyPassReverse /exchweb/ https://mail-internal/exchweb/

ProxyPass /public/ https://mail-internal/public/
ProxyPassReverse /public/ https://mail-internal/public/

ProxyPreserveHost On


Vincent Bray wrote:

On 8/2/06, Vincent Bray <[EMAIL PROTECTED]> wrote:

On 8/2/06, David Pratt <[EMAIL PROTECTED]> wrote:
> Hi Vincent. I have NameVirtualHost(s) set up as follows.
>
> NameVirtualHost *:80
> NameVirtualHost *.443
>
> Sorry I did not include this in my previous message. The twisted SSL
> server is pretty much stand alone and uses its own certificate source.
> What I want to do is have the server running on localhost:8443 proxied
> on 443 for a particular path.  Will I still need Apache's SSLEngine for
> this?

Hi,
Looking in to this a little further (thanks google) has confirmed what
I thought; that reverse proxying ssl is largely pointless. This rather
old message explains the scenario:

http://www.squid-cache.org/mail-archive/squid-users/25/0744.html

That leaves you either, a) forgetting about ssl authentication between
the user agent and zope, b) exposing zope to the client directly, or
c) using something at the tcp level to forward the encrypted
connection to zope's port.



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

AW: [EMAIL PROTECTED] message /var/logs/messages

[Mididoc Productions]

> > 
> > Aug  1 00:05:52 mail vsapd[27368]: untie attempted while 1 
> > inner references
> > still exist at
> > /usr/local/lib/perl5/vendor_perl/5.8.4/VSAP/Server/Modules/vsa
> > p/sys/logs.pm
> 
> Is a "vps server" something to do with apache? Anyway, this is just some
> buggy code in the perl module... BTW, First step in learning more about
> obscure error messages is to cut'n'paste them into Google...


I tried in google, didn't help further.
Do you have a solution?

thanks for answering

regards
Mike Roland

> 
> Rgds,
> Owen Boyle


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Re: Re: [EMAIL PROTECTED] Vitualhosts ssl and apache2

[Vincent Bray]

On 8/2/06, Vincent Bray <[EMAIL PROTECTED]> wrote:

On 8/2/06, David Pratt <[EMAIL PROTECTED]> wrote:
> Hi Vincent. I have NameVirtualHost(s) set up as follows.
>
> NameVirtualHost *:80
> NameVirtualHost *.443
>
> Sorry I did not include this in my previous message. The twisted SSL
> server is pretty much stand alone and uses its own certificate source.
> What I want to do is have the server running on localhost:8443 proxied
> on 443 for a particular path.  Will I still need Apache's SSLEngine for
> this?

Hi,
Looking in to this a little further (thanks google) has confirmed what
I thought; that reverse proxying ssl is largely pointless. This rather
old message explains the scenario:

http://www.squid-cache.org/mail-archive/squid-users/25/0744.html

That leaves you either, a) forgetting about ssl authentication between
the user agent and zope, b) exposing zope to the client directly, or
c) using something at the tcp level to forward the encrypted
connection to zope's port.

--
noodl

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] Vitualhosts ssl and apache2

[Boyle Owen]

> -Original Message-
> From: David Pratt [mailto:[EMAIL PROTECTED] 
> Sent: Wednesday, August 02, 2006 2:48 PM
> To: users@httpd.apache.org
> Subject: Re: [EMAIL PROTECTED] Vitualhosts ssl and apache2
> 
> Hi Vincent. I have NameVirtualHost(s) set up as follows.
> 
> NameVirtualHost *:80
> NameVirtualHost *.443

Did you miss the comment below?

> > ... Of course, you also can't use name virtual 
> hosts over
> > ssl on the same ip/port.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 


> > 
> > Some suggested reading:
> > http://www.onlamp.com/pub/a/apache/2005/02/17/apacheckbk.html
> > http://httpd.apache.org/docs/2.2/vhosts/
> > http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts
> > 
> 
> -
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
 
 
This message is for the named person's use only. It may contain confidential, 
proprietary or legally privileged information. No confidentiality or privilege 
is waived or lost by any mistransmission. If you receive this message in error, 
please notify the sender urgently and then immediately delete the message and 
any copies of it from your system. Please also immediately destroy any 
hardcopies of the message. You must not, directly or indirectly, use, disclose, 
distribute, print, or copy any part of this message if you are not the intended 
recipient. The sender's company reserves the right to monitor all e-mail 
communications through their networks. Any views expressed in this message are 
those of the individual sender, except where the message states otherwise and 
the sender is authorised to state them to be the views of the sender's company.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Re: [EMAIL PROTECTED] Vitualhosts ssl and apache2

[Vincent Bray]

On 8/2/06, David Pratt <[EMAIL PROTECTED]> wrote:

Hi Vincent. I have NameVirtualHost(s) set up as follows.

NameVirtualHost *:80
NameVirtualHost *.443

Sorry I did not include this in my previous message. The twisted SSL
server is pretty much stand alone and uses its own certificate source.
What I want to do is have the server running on localhost:8443 proxied
on 443 for a particular path.  Will I still need Apache's SSLEngine for
this?


Yes you will, as the connection to apache uses the ssl protocol. I
don't know the details of setting up reverse ssl proxies, but I gather
there are extra steps involving SSLProxyEngine. Hopefully somebody
clueful on this subject will jump in now..

--
noodl

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Vitualhosts ssl and apache2

[David Pratt]

Hi Vincent. I have NameVirtualHost(s) set up as follows.

NameVirtualHost *:80
NameVirtualHost *.443

Sorry I did not include this in my previous message. The twisted SSL 
server is pretty much stand alone and uses its own certificate source. 
What I want to do is have the server running on localhost:8443 proxied 
on 443 for a particular path.  Will I still need Apache's SSLEngine for 
this?


Regards,
David


Vincent Bray wrote:

On 8/2/06, David Pratt <[EMAIL PROTECTED]> wrote:

Hi I have a couple of questions. I am trying to set up my ssl on zope3
with apache2. I have zope (twisted) running on port 8080 and a secure
server running on port 8443.  My sites are folders in the zope root. The
virtual host setup is below. The virtual hosts work fine on port 80
using www.mydomain.com and www.mydomain1.com


[snip]

Hi,
You have many problems here.. First you don't seem to have any
NameVirtualHost directives to tell apache to use name virtual hosts.
Second, when you sort that out you'll find that your vhosts aren't
even running ssl (no SSLEngine On). Then, you're proxying to
http://127.0.0.1:8443 meaning that you're speaking the wrong protocol
to the backend. Of course, you also can't use name virtual hosts over
ssl on the same ip/port.

Some suggested reading:
http://www.onlamp.com/pub/a/apache/2005/02/17/apacheckbk.html
http://httpd.apache.org/docs/2.2/vhosts/
http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

AW: [EMAIL PROTECTED] Child pid

[Mididoc Productions]

hi Joshua,

thank you for responding.
I did a little research and found a link concerning this problem:
http://ubuntuforums.org/archive/index.php/t-18490.html

Do you have an idea, from which module this could come?
Is there a methode to check which modules could be desactivated?

Thanks again.

Mike


>
>
> On 8/1/06, Mididoc Productions <[EMAIL PROTECTED]> wrote:
> > hello, all,
> >
> > could anybody tell me please what this message in apache
> error_log means:
> >
> > [Tue Aug  1 22:33:20 2006] [notice] child pid 78700 exit signal
> Segmentation
> > fault (11)
> >
> > thanks for a tip
>
> Something bad happened.  In specific, there is an error in the code
> someplace.  To debug, see:
> http://httpd.apache.org/dev/debugging.html#crashes
>
> Joshua.
>
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] mod_rewrite issue

[Krist van Besien]

On 8/1/06, SOPRO <[EMAIL PROTECTED]> wrote:

Hi friends!

I have an aplication hosted on a JBOSS server that must receive an id
as argument.
This id will make the application load the correct template for the typed URL.

Eg.: For URL 'client1.app.mydomain.com', the application will load the
template for 'client1'.

I trying to do something like this:


ServerName www.app.mydomain.com
ServerAlias *.app.mydomain.com

RewriteCond %{http_host} ^(.*).app.mydomain.com
RewriteRule ^(.*) http://localhost:8080/app?id=%1 [P,L]


The problem is that I get a redirect to
'http://localhost:5050/app?id=client1' and I want to keep the original
URL (client1.app.mydomain.com).

 Do you have another idea in how to do this functional ?


Your problem might be that the JBOSS server sends a redirect. Use a
tool like the LiveHTTPHeaders plugin in Firefox to see what the server
communicates back to the browser.

Krist



--
[EMAIL PROTECTED]
Bremgarten b. Bern, Switzerland

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Firefox - 'partially encrypted' SSL

[Richard Collyer]

On Wed, August 2, 2006 10:11 am, Vincent Bray wrote:
> On 8/1/06, Declerck Michael-W30479 <[EMAIL PROTECTED]> wrote:
>> Any advice?
>> Does this sound like Firefox brokenness?
>> I would assume that it is my configuration that is the problem.
>
> Is this just a case of having media or frames linked in to your page
> via http:// links?

Right click --> view page info.

Search for the media that is linked by http:// and not https://

Cheers
Richard


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Vitualhosts ssl and apache2

[Vincent Bray]

On 8/2/06, David Pratt <[EMAIL PROTECTED]> wrote:

Hi I have a couple of questions. I am trying to set up my ssl on zope3
with apache2. I have zope (twisted) running on port 8080 and a secure
server running on port 8443.  My sites are folders in the zope root. The
virtual host setup is below. The virtual hosts work fine on port 80
using www.mydomain.com and www.mydomain1.com


[snip]

Hi,
You have many problems here.. First you don't seem to have any
NameVirtualHost directives to tell apache to use name virtual hosts.
Second, when you sort that out you'll find that your vhosts aren't
even running ssl (no SSLEngine On). Then, you're proxying to
http://127.0.0.1:8443 meaning that you're speaking the wrong protocol
to the backend. Of course, you also can't use name virtual hosts over
ssl on the same ip/port.

Some suggested reading:
http://www.onlamp.com/pub/a/apache/2005/02/17/apacheckbk.html
http://httpd.apache.org/docs/2.2/vhosts/
http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts

--
noodl

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Can't get mod_rewrite to do anything

[Vincent Bray]

On 8/1/06, Ken Schutte <[EMAIL PROTECTED]> wrote:

Hi,

I'm using apache2 on Debian, and have the following in
/etc/apache2/apache2.conf,

LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so
RewriteLog /var/log/apache2/rewrite_log
RewriteEngine On
RewriteRule ^/index.html /index.php

I don't get any errors on apache2 start, but the rule doesn't work.
I've tried a bunch of other rules too, and I can't get any simple
RewriteRules to do anything.  It created the rewrite_log log file, but
it is empty, so I do not even know where to look to track down the problem.


The debian apache layout usually includes a default virtual host in a
directory called sites-enabled. If you 've got one of those, your
rewrite rules in the main server context will have no effect. There
are two ways around this, either move the rules in to the default
vhost, or add RewriteEngine On and RewriteOptions Inherit to that
vhost.

--
noodl

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] configuring a balancer in httpd.conf

[Vincent Bray]

On 8/1/06, DM <[EMAIL PROTECTED]> wrote:

###
ProxyRequests Off


Order deny,allow
Allow from all


ProxyPass / http://erie:8080/
ProxyPassReverse / http://erie:8080/
###


I attempted to get the load-balancing working by replacing the above with the 
following:

###
ProxyRequests Off

ProxyPass / balancer://mycluster stickysession=jsessionid nofailover=On
ProxyPassReverse / balancer://mycluster


BalancerMember http://erie:8080
BalancerMember http://titan192:8080

Order deny,allow
Allow from all

###


As always with 403 errors, look in your error log for an explaination.
If the message is along the lines of "Client denied by server
configuration", try adding in the  stanza from your first
example.

--
noodl

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Firefox - 'partially encrypted' SSL

[Vincent Bray]

On 8/1/06, Declerck Michael-W30479 <[EMAIL PROTECTED]> wrote:

Any advice?
Does this sound like Firefox brokenness?
I would assume that it is my configuration that is the problem.


Is this just a case of having media or frames linked in to your page
via http:// links?

--
noodl

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] nokeepalive downgrade-1.0 force-response-1.0 ssl-unclean-shutdown for IE6

[Rainer Traut]

Hi,

we're running apache 2.2.3 on Redhat EL4.3 x86_64
with mod_proxy_ajp for our backend tomcat.
All traffic is https.

To tweak performance for our IE6 users we tried to leave this line
commented out of our ssl.conf:

BrowserMatch ".*MSIE.*" \
 nokeepalive ssl-unclean-shutdown \
 downgrade-1.0 force-response-1.0

Our observations are:
you can leave this line out if there is no forward proxy on the client
side.
If it is we ran into problems, like error messages in IE6 'page cannot
be displayed'.
On a fully patched XP SP2 IE6 the connection problems were very rare but
they existed. So it is difficult to reproduce the problem.

The question is, can we allow http 1.1 for the IE6 users?
Or what parameters are safe in this situation?

Thanks
Rainer



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]