Re: Exec startet keine PHP/SH-Dateien
Hallo! Ich würde mal auf Berechtigungsprobleme tippen. Eventuell darf der User unter dem der Indianer läuft nicht auf die php zugreifen. Bei den modernen Linux/Unix systemen gibt es oft automatische Updates. Schau mal nach in welcher Gruppe sich die php executale befindet. Gruß Mario On 11/8/06, Mario Batz [EMAIL PROTECTED] wrote: Hallo, vielleicht hat jemand eine Idee … Ich habe auf meinem Webspace ein Skript das mittels exec() ein PHP-Skript startet: exec(php auswertung.php 123 ). Rufe ich dieses Skript von der Kommandozeile auf, wird die exec-Anweisung ausgeführt, starte ich es aber über den Browser, wird die exec-Anweisung ignoriert. (es erscheint keine Fehlermeldung). Baue ich statt dem php auswertung… ein Systemkommando ein: exec(touch text.txt), funktioniert es perfekt. Ersetze ich touch durch den Aufruf einen Shellskripts, wird wieder exec() ignoriert. Alle Dateien haben chmod 777. Und vor ein paar Wochen hat es noch ohne Probleme funktioniert. Folgendes läuft auf dem Server: * Debian Sarge * php 4.4.4 * Apache/1.3.37 (Unix) FrontPage/5.0.2.2623 mod_ssl/2.8.28 OpenSSL/0.9.7e Der Admin vom Webspace selbst hat keine Ahnung woher dieses Problem kommen soll. Hat vielleicht jemand eine Idee? MfG Mario -- Apache HTTP Server Mailing List users-de unsubscribe-Anfragen an [EMAIL PROTECTED] sonstige Anfragen an [EMAIL PROTECTED] -- -- Apache HTTP Server Mailing List users-de unsubscribe-Anfragen an [EMAIL PROTECTED] sonstige Anfragen an [EMAIL PROTECTED] --
AW: Exec startet keine PHP/SH-Dateien
Selbst wenn die PHP-Datei chmod 777 hat? Oder meinst du die PHP-Binary selbst? -Ursprüngliche Nachricht- Von: James Blond [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 8. November 2006 09:45 An: users-de@httpd.apache.org Betreff: Re: Exec startet keine PHP/SH-Dateien Hallo! Ich würde mal auf Berechtigungsprobleme tippen. Eventuell darf der User unter dem der Indianer läuft nicht auf die php zugreifen. Bei den modernen Linux/Unix systemen gibt es oft automatische Updates. Schau mal nach in welcher Gruppe sich die php executale befindet. Gruß Mario On 11/8/06, Mario Batz [EMAIL PROTECTED] wrote: Hallo, vielleicht hat jemand eine Idee Ich habe auf meinem Webspace ein Skript das mittels exec() ein PHP-Skript startet: exec(php auswertung.php 123 ). Rufe ich dieses Skript von der Kommandozeile auf, wird die exec-Anweisung ausgeführt, starte ich es aber über den Browser, wird die exec-Anweisung ignoriert. (es erscheint keine Fehlermeldung). Baue ich statt dem php auswertung ein Systemkommando ein: exec(touch text.txt), funktioniert es perfekt. Ersetze ich touch durch den Aufruf einen Shellskripts, wird wieder exec() ignoriert. Alle Dateien haben chmod 777. Und vor ein paar Wochen hat es noch ohne Probleme funktioniert. Folgendes läuft auf dem Server: * Debian Sarge * php 4.4.4 * Apache/1.3.37 (Unix) FrontPage/5.0.2.2623 mod_ssl/2.8.28 OpenSSL/0.9.7e Der Admin vom Webspace selbst hat keine Ahnung woher dieses Problem kommen soll. Hat vielleicht jemand eine Idee? MfG Mario -- Apache HTTP Server Mailing List users-de unsubscribe-Anfragen an [EMAIL PROTECTED] sonstige Anfragen an [EMAIL PROTECTED] -- -- Apache HTTP Server Mailing List users-de unsubscribe-Anfragen an [EMAIL PROTECTED] sonstige Anfragen an [EMAIL PROTECTED] -- -- Apache HTTP Server Mailing List users-de unsubscribe-Anfragen an [EMAIL PROTECTED] sonstige Anfragen an [EMAIL PROTECTED] --
Re: Exec startet keine PHP/SH-Dateien
On Wed, Nov 08, 2006 at 09:56:32AM +0100, Mario Batz wrote: Selbst wenn die PHP-Datei chmod 777 hat? Du rufste es doch mit exec(php auswertung.php 123 ) auf - da brauchts keine Ausführungsrechte für auswertung.php. Nur Leserechte. Oder meinst du die PHP-Binary selbst? Exakt. Und es muß natürlich im Pfad stehen. Versuche mal, es mit dem vollstaändigen Pfad aufzurufen (und auswertung.php ebenso) Rainer -- Apache HTTP Server Mailing List users-de unsubscribe-Anfragen an [EMAIL PROTECTED] sonstige Anfragen an [EMAIL PROTECTED] --
AW: Exec startet keine PHP/SH-Dateien
So, hab den Fehler gefunden ... Wenn ich bei exec(php auswertung.php 123 ) bei php den Pfad mit angebe, dann klappts. LOL Also bei exec(/usr/local/bin/php auswertung.php 123 ) klappts auch mit exec(). So wie es aussieht, hat jemand an den Pfaden gedreht und somit wird php nicht gefunden. Aber jetzt funktioniert es ja wieder ... Ich hoffe nicht nur heute ;) Aber es ist trotzdem verwunderlich ... In $PATH steht der Pfad zu PHP eindeutig drin. Mit freundlichen Grüßen Mario -Ursprüngliche Nachricht- Von: Rainer Sokoll [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 8. November 2006 10:10 An: users-de@httpd.apache.org Betreff: Re: Exec startet keine PHP/SH-Dateien On Wed, Nov 08, 2006 at 09:56:32AM +0100, Mario Batz wrote: Selbst wenn die PHP-Datei chmod 777 hat? Du rufste es doch mit exec(php auswertung.php 123 ) auf - da brauchts keine Ausführungsrechte für auswertung.php. Nur Leserechte. Oder meinst du die PHP-Binary selbst? Exakt. Und es muß natürlich im Pfad stehen. Versuche mal, es mit dem vollstaändigen Pfad aufzurufen (und auswertung.php ebenso) Rainer -- Apache HTTP Server Mailing List users-de unsubscribe-Anfragen an [EMAIL PROTECTED] sonstige Anfragen an [EMAIL PROTECTED] -- -- Apache HTTP Server Mailing List users-de unsubscribe-Anfragen an [EMAIL PROTECTED] sonstige Anfragen an [EMAIL PROTECTED] --
RE: [EMAIL PROTECTED] config apache account
-Original Message- From: Tim Liu [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 08, 2006 8:50 AM To: users@httpd.apache.org Subject: [EMAIL PROTECTED] config apache account Folks, am newie to apache linux . google and read apache docu but don't find answer. thx in advance. What is apache account? After apache installation, i find the following account: [] id apache uid=48(apache) gid=48(apache) groups=1704(labtools),48(apache) Should i use it to lauch apache server? or use root account? It depends on what port you want apache to listen to. If it's the default port 80, then you have to start apache as root because only root can open ports below 1024. Once the parent apache process starts as root, it will spawn child processes running under the user apache and those will serve the requests. If you want to listen on a port 1024 (eg, 8000), then you may start apache as user apache (you don't have to - you can still start as root). This is just a way to allow non-root users to run a webserver on a high-end port... BTW, check that the apache User drective is set to apache. Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. thx Tim This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] is it possible to invalidate the cache?
Hello all I have set up as a caching reverse proxy. Is there any way to invalidate the cache in order to force apache to make the requests to the origin server ? thx cristi - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Hanging processes when using worker MPM
Hello all, I recently had to switch from prefork to worker on a large production system, in order to optimize performance and limit memory usage under high load. In principle, it is working fine, however I see that over time some processes are hanging even though they should have been killed off (recycled). The worker table in server-status looks like this: WGWW.GW. ..W..W.. ..W...W. WG..W... W... ..W..WW.WWWW WWW_W_W_W... __W__... My question is: Will the top 6 processes be killed for real at any stage, or will the server stop accepting connections once the remaining processes have gone into the same state? I can manually kill off the hanging processes (kill -9), but this is risky at best as I don't know the PIDs (and am unsure how to find this information). About the setup: HP DL385 dual dualcore opteron servers FreeBSD 6.1-RELEASE Apache version 2.0.58_1 Mod_jk version 1.2.15 Tomcat version 5.5.12_3 The apache server is configured with the minimum number of modules, no PHP or other sensitive stuff. The only indication I have on where the problem may lie is that I haven't been able to reproduce when simulating load on a path that isn't mod_jk-mounted, however reproducing has proven difficult in any case. Does anyone have any suggestions? Or am I worried without reason? With best regards, Eirik Øverby Unicore AS Oslo, Norway - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Using Edge Side Includes (ESI) with Apache
Hi Nick. Thank you very much for your answer. So what's the way to implement ESI-Akanai on my webserver? By using PHP headers? I've got no idea :( Regards, --T On 11/7/06, Nick Kew [EMAIL PROTECTED] wrote: On Tue, 7 Nov 2006 18:25:34 +0100 thomas Armstrong [EMAIL PROTECTED] wrote: Hi. Using Apache 2, I'm trying to work with Edge Side Includes (ESI) in order to Akamai my webpages: http://www.akamai.com/html/support/esi.html Does anybody know any module for Apache to execute this ESI markup language? Yes and no. I wrote an ESI parser to run under the first experimental version of mod_xmlns in 2003. That didn't include ESI caching, basically because when I looked at the spec, I got too disgusted at the way they'd broken standard HTTP caching. But it hasn't been maintained. Basically, I'm not convinced of the value of ESI, and switched my own efforts in that field to mod_publisher. People ask about ESI on the lists from time to time, but noone seems serious enough to sponsor me to update it. -- Nick Kew Application Development with Apache - the Apache Modules Book http://www.apachetutor.org/ - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Question about mod_charset_light and mod_proxy_html (Solved!)
On Wed, 08 Nov 2006 00:48:39 -0500 mickg [EMAIL PROTECTED] wrote: Just to put my money where my mouth is, I have implemented a (stupid) prototype that does: If no known charset is native to libxml2 detected , a recompiled version of mod_proxy_html now uses iconv (eventually via the xmlFindCharEncodingHandler function) to convert from the source encoding to UTF-8. If no encoding info is specified, it assumes windows-1251 (yes, stupid, but still). The main work is done by adding a const char * enc_from to ctxt this specifies, in iconv compatible terms, the source encoding. sniff_encoding is modified to return 0 when it encounters a non-native coding, and to set ctxt-enc_from (ctxt is added as a parameter to it) The function: size_t ConvertCtxtBuffer(const char * buf, char ** newbuf, size_t bytes, saxctxt *ctxt, ap_filter_t *f) { size_t len=0; if (ctxt-enc_from) { if (!xmlFindCharEncodingHandler(ctxt-enc_from)) { ap_log_rerror(APLOG_MARK, APLOG_ERROR, 0, f-r,ConvertInput: no encoding handler found for '%s', ctxt-enc_from); *newbuf=buf; return bytes; } else { ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, f-r,ConvertInput: bytes: %d, , bytes); len=ConvertInput(buf,newbuf,bytes,f-r,ctxt-enc_from); ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, f-r,ConvertInput: len: %d, , len); if (len0) { ap_log_rerror(APLOG_MARK, APLOG_ERROR, 0, f-r,ConvertInput: conversion failed from '%s', ctxt-enc_from); *newbuf=buf; return bytes; } buf=*newbuf; ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, f-r,ConvertInput: encoding handler found for '%s', buf); return len; } } else { *newbuf=buf; return bytes; } } calls the actual conversion. The function size_t ConvertInput(const char *in, char ** newbuf, int size, void * r, const char *encoding) { xmlChar *out; xmlChar *oldout; int ret; int out_size; int temp; size_t len=0; xmlCharEncodingHandlerPtr handler; if (in == 0) return 0; ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,z1) ; handler = xmlFindCharEncodingHandler(encoding); ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,z2 %d %d %d,handler-input, handler-output, handler-iconv_in) ; if (!handler) { ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,z2a) ; printf(ConvertInput: no encoding handler found for '%s'\n, encoding ? encoding : ); return 0; } ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,z3) ; out_size = (size+1) * 2 - 1; out = (unsigned char *) xmlMalloc((size_t) out_size); oldout=out; ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,z4 %d %d %s %s %d,size,out_size,encoding,in,handler-output) ; if (out != 0) { temp = size ; if (handler-input) { ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,z5) ; ret = handler-input(out, out_size, in, temp); } else { ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,z5a) ; ret = iconv(handler-iconv_in,in,temp,out,out_size); } ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,z6 %d %d %d,ret,temp,out_size) ; if ((ret 0)) { if (ret 0) { ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,ConvertInput: conversion wasn't succesful) ; } else { ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,ConvertInput: conversion wasn't succesful. Converter %i octets.,temp) ; } xmlFree(oldout); out = 0; out_size=-1; } else { out_size=( (size+1) * 2 - 1) - out_size; out = (unsigned char *) xmlRealloc(oldout, out_size+1 ); out[out_size] = 0; /*null terminating out */ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,out %d, oldout %d,out,oldout) ; ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,len(OUT): %d,strlen(out)) ; } } else { ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,No memory!) ; } *newbuf=out; return out_size; } does the actual conversion. It currently output a bit too much log info, and I suspect a memory leak from xmlMalloc. I honestly do not know enough about Apache to figure out when to free it (especially at 1AM). Oh, also, the proxy_html_filter function is modified at 4 points, so that bytes=ConvertCtxtBuffer(buf,buf,bytes,ctxt,f); is called, so that the conversion actually takes place, and so that when sniff_... returns 0, the return value is converted to XML_CHAR_ENCODING_UTF8. ** * !!!THIS CODE IS *NOT* PRODUCTION QUALITY!!!
Re: [EMAIL PROTECTED] Question about mod_charset_light and mod_proxy_html (Solved!)
On Wed, 08 Nov 2006 00:48:39 -0500 mickg [EMAIL PROTECTED] wrote: Just to put my money where my mouth is, I have implemented a (stupid) prototype that does: If no known charset is native to libxml2 detected , a recompiled version of mod_proxy_html now uses iconv (eventually via the xmlFindCharEncodingHandler function) to convert from the source encoding to UTF-8. Interesting. You've gone one up on my aliasing proposal, for what looks like rather less work than I thought that would take. I might snarf the basic idea for Version 3. If no encoding info is specified, it assumes windows-1251 (yes, stupid, but still). But not stupid if we make it a configurable default! It does work on my _own_ website, where it quite happily converts win-1251 to utf-8. Once I fix the memory leak (any help appreciated), I'll be happy. See http://www.apachetutor.org/dev/pools for an easy way to deal with the memory. And a great many thanks to Nick Kew for getting me off my lazy ... to start coding (which, honestly, I am better at than administering systems). :-) BTW, I still have no clue why I cannot do this with mod_charset_lite. Neither am I. But a closer look at mod_charset_lite has been on my TODO list for so long it's probably on a permanent back-burner. Did you also look at the full mod_charset? AIUI it was written by Russian developers, so cyrillic was presumably important to them. -- Nick Kew Application Development with Apache - the Apache Modules Book http://www.apachetutor.org/ - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] is it possible to invalidate the cache?
On 11/8/06, cristi [EMAIL PROTECTED] wrote: Hello all I have set up as a caching reverse proxy. Is there any way to invalidate the cache in order to force apache to make the requests to the origin server ? Sure. See the HTTP spec for the details of what the client can request as far as caching. http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13 In particular, I'd guess Cache-Control: max-age:0 would probably work as an HTTP request header. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] client side certificates authentication in virtual hosts
All Can you run two SSL virtual host URLS on the same IP address and have one running with no client certificate authentication and one running without client authentication. I have tried it and the options SSLVerifyClient require SSLVerifyDepth 1 But when this is enabled on one of the virtual hosts it takes out the other virtual host and i am unable to connect. Regards Ben Cuthbert Deutsche Bank AG Corporate Investment Bank GTO : TISO / Arch Global Finance / Prime Services PGP: http://pgp.mit.edu +44 (0) 20 754 76389 (Tel) +44 (0) 20 754 74996 (Fax) --- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
Re: [EMAIL PROTECTED] client side certificates authentication in virtual hosts
On 11/8/06, Benjamin Cuthbert [EMAIL PROTECTED] wrote: All Can you run two SSL virtual host URLS on the same IP address and have one running with no client certificate authentication and one running without client authentication. I have tried it and the options SSLVerifyClient require SSLVerifyDepth 1 But when this is enabled on one of the virtual hosts it takes out the other virtual host and i am unable to connect. When using one IP address, you'll likely have the same problem with the client certificates that you do with the server certificates: the certificate must be selected before the hostname is known. So I doubt this will work. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] client side certificates authentication in virtual hosts
On 11/8/06, Benjamin Cuthbert [EMAIL PROTECTED] wrote: All Can you run two SSL virtual host URLS on the same IP address and have one running with no client certificate authentication and one running without It's possible if having one VirtualHost complaining about wrong Server Certificate is applicable for you, which I really doubt. client authentication. I have tried it and the options SSLVerifyClient require SSLVerifyDepth 1 But when this is enabled on one of the virtual hosts it takes out the other virtual host and i am unable to connect. Most probably you configure both for your VH with the same name. In this case one of hosts ignored and you always hit the same VH. Or you have some kind of other mistake in your config. It would be good to take a look on how you configured them. Regards Ben Cuthbert Deutsche Bank AG Corporate Investment Bank GTO : TISO / Arch Global Finance / Prime Services PGP: http://pgp.mit.edu +44 (0) 20 754 76389 (Tel) +44 (0) 20 754 74996 (Fax) --- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] DDOS
Hi, My apache server this receiving flooding from solicitations HTTP of diverse places, as shown in log below (access_log). How to block this? My environment is mandriva 2007.0, kernel 2.6.17-5mdv packages: [EMAIL PROTECTED] ~]# rpm -qa | grep apache apache-conf-2.2.3-3mdv2007.0 apache-mpm-prefork-2.2.3-1mdv2007.0 apache-base-2.2.3-1mdv2007.0 apache-modules-2.2.3-1mdv2007.0 apache-mod_ssl-2.2.3-1mdv2007.0 apache-mod_php-5.1.6-2mdv2007.0 Thanks, Leo. 207.44.158.30 - - [01/Nov/2006:21:07:04 -0300] GET http://www.yceml.net/0717/10371789-3.gif HTTP/1.1 206 300 http://auction 24.ws/ Mozilla/4.0 (compatible; MSIE 6.0; Windows NT) 66.79.189.8 - - [01/Nov/2006:21:06:54 -0300] POST http://219.133.51.184/login HTTP/1.1 200 260 http://qqshow.qq.com/inc/i_l .shtml Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 66.79.189.15 - - [01/Nov/2006:21:07:17 -0300] POST http://219.133.40.148/login HTTP/1.1 200 260 http://qqshow.qq.com/inc/i_ l.shtml Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 66.79.189.12 - - [01/Nov/2006:21:07:27 -0300] POST http://219.133.41.81/login HTTP/1.1 200 260 http://qqshow.qq.com/inc/i_l .shtml Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 66.79.189.9 - - [01/Nov/2006:21:07:36 -0300] GET http://verify.qq.com/getimage?0.5233314004944895 HTTP/1.1 200 638 http://q qshow.qq.com/inc/i_l.shtml Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] DDOS
On 11/8/06, Leonardo Neves [EMAIL PROTECTED] wrote: Hi, My apache server this receiving flooding from solicitations HTTP of diverse places, as shown in log below (access_log). How to block this? My environment is mandriva 2007.0, kernel 2.6.17-5mdv packages: 207.44.158.30 - - [01/Nov/2006:21:07:04 -0300] GET http://www.yceml.net/0717/10371789-3.gif HTTP/1.1 206 300 http://auction 24.ws/ Mozilla/4.0 (compatible; MSIE 6.0; Windows NT) 66.79.189.8 - - [01/Nov/2006:21:06:54 -0300] POST http://219.133.51.184/login HTTP/1.1 200 260 http://qqshow.qq.com/inc/i_l .shtml Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) It looks like you are running an open proxy server. http://httpd.apache.org/docs/1.3/misc/FAQ.html#proxyscan You should remove mod_proxy if you don't need it, or at the very least set ProxyRequests Off Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] NMAKE : fatal error U1077: 'copy' : return code '0x1'
Hey everyone, Last week I wrote about some problems I'd been having with trying to get Apache to compile on Windows. I received a lot of great feedback and have narrowed the problem down to Visual Studio Express. I upgraded to Visual Studio Professional and all previous compilation issues have been resolved. I was finally able to finish a build of Apache, which seems to work quite nicely. However, I have a question about .pdb files. Please known I am a novice when it comes to compiling on Windows, so perhaps this is no big issue at all. Anyway, after my build, I noticed all these .pdb files in the Apache folder. According to the help pages these are Program Debug files. First question: Why am I getting these on a Release build. Second question: I opened properties on the Apache solution, went to linker, and set Generate Debug Info to No on the Release build. However, this gives me the following error during the build install: D:\Program Files\Microsoft Visual Studio 8\VC\bin\nmake.exe -nologo -f Makefile.win SHORT=R LONG=Release _copybin src_exe=pdb src_dll=pdb src_so=pdb quiet=- inst_exe=\Apache2\bin inst_dll=\Apache2\bin inst_so=\Apache2\modules copy Release\Apache.pdb \Apache2\bin .y The system cannot find the file specified. NMAKE : fatal error U1077: 'copy' : return code '0x1' After which the install stops, leaving only a partial \Apache directory. (All Config files, gifs etc etc ar emissing) Third and final question: If I don't get a resolution for the second question, can I just delete all the .pdb files? Once again, I am totally new to compiling Apache on windows, so any help/feedback would greatly be appreciated. Thanks all! R. Sponsored Link For just $24.99/mo., Vonage offers unlimited local and long- distance calling. Sign up now. http://www.vonage.com/startsavingnow/ - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] client side certificates authentication in virtual hosts
They does not sound like such a good idea, what if i bound the new virtual host to a new IP address would i then be able to run both in different modes ? Regards Ben Cuthbert Deutsche Bank AG Corporate Investment Bank GTO : TISO / Arch Global Finance / Prime Services PGP: http://pgp.mit.edu +44 (0) 20 754 76389 (Tel) +44 (0) 20 754 74996 (Fax) Serge Dubrouski [EMAIL PROTECTED] 11/08/2006 03:52 PM Please respond to users@httpd.apache.org To users@httpd.apache.org cc Subject Re: [EMAIL PROTECTED] client side certificates authentication in virtual hosts On 11/8/06, Benjamin Cuthbert [EMAIL PROTECTED] wrote: All Can you run two SSL virtual host URLS on the same IP address and have one running with no client certificate authentication and one running without It's possible if having one VirtualHost complaining about wrong Server Certificate is applicable for you, which I really doubt. client authentication. I have tried it and the options SSLVerifyClient require SSLVerifyDepth 1 But when this is enabled on one of the virtual hosts it takes out the other virtual host and i am unable to connect. Most probably you configure both for your VH with the same name. In this case one of hosts ignored and you always hit the same VH. Or you have some kind of other mistake in your config. It would be good to take a look on how you configured them. Regards Ben Cuthbert Deutsche Bank AG Corporate Investment Bank GTO : TISO / Arch Global Finance / Prime Services PGP: http://pgp.mit.edu +44 (0) 20 754 76389 (Tel) +44 (0) 20 754 74996 (Fax) --- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
Re: [EMAIL PROTECTED] DDOS
Thanks for reply. I removed mod_proxy and the problem continued. Some another ideia? Leo. 2006/11/8, Joshua Slive [EMAIL PROTECTED]: On 11/8/06, Leonardo Neves [EMAIL PROTECTED] wrote: Hi, My apache server this receiving flooding from solicitations HTTP of diverse places, as shown in log below (access_log). How to block this? My environment is mandriva 2007.0, kernel 2.6.17-5mdv packages: 207.44.158.30 - - [01/Nov/2006:21:07:04 -0300] GET http://www.yceml.net/0717/10371789-3.gif HTTP/1.1 206 300 http://auction 24.ws/ Mozilla/4.0 (compatible; MSIE 6.0; Windows NT) 66.79.189.8 - - [01/Nov/2006:21:06:54 -0300] POST http://219.133.51.184/login HTTP/1.1 200 260 http://qqshow.qq.com/inc/i_l .shtml Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) It looks like you are running an open proxy server. http://httpd.apache.org/docs/1.3/misc/FAQ.html#proxyscan You should remove mod_proxy if you don't need it, or at the very least set ProxyRequests Off Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] DDOS
On 11/8/06, Leonardo Neves [EMAIL PROTECTED] wrote: Thanks for reply. I removed mod_proxy and the problem continued. Some another ideia? The requests aren't going to instantly stop. You've been running an open proxy server that is probably being exploited by an army of compromised drone computers. This may go on for a while, since it is unlikely that bad guys will retest your server. But you should check to make sure that the requests are now failing (giving a 4xx status code or returning your own home page). Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Apache 2.0.59 Binary with /htdocs for red hat ent lnx 4
Folks,Can somebody share the link for Apache 2.0.59 Binary with /htdocs for red hat ent lnx 4? The link in the following doesn't have documents and apache can't start. thx a lot http://mirrors.isc.org/pub/apache/httpd/binaries/rpm/i386/thx Tim
Re: [EMAIL PROTECTED] Question about mod_charset_light and mod_proxy_html (Solved!)
Nick Kew wrote: On Wed, 08 Nov 2006 00:48:39 -0500 mickg [EMAIL PROTECTED] wrote: Just to put my money where my mouth is, I have implemented a (stupid) prototype that does: If no known charset is native to libxml2 detected , a recompiled version of mod_proxy_html now uses iconv (eventually via the xmlFindCharEncodingHandler function) to convert from the source encoding to UTF-8. Interesting. You've gone one up on my aliasing proposal, for what looks like rather less work than I thought that would take. I might snarf the basic idea for Version 3. Do you want the full working code once I clean up the memory problem? It is, after all, GPL, so it would be in good spirit for me to release the modified source. :) Although, to be truly honest, what the thing is doing IS somewhat backwards. The dataflow would be such (And I am more familiar with Python code, as the next snippet will show). data comes in if ctxt.encoder==None: obtain charset if need iconv to convert charset: ctxt.encoder=charset return enc=UTF-8 else: return enc proir to processing buf, if ctxt.encoder!=None: convert(buf) convert if encoder is set (non-null). This guarantees that either the data is in known enc to libxml, or was utf8 to begin with, or was converted to utf8, or conversion failed miserably (the miserable failure was logged.) If no encoding info is specified, it assumes windows-1251 (yes, stupid, but still). But not stupid if we make it a configurable default! Yeah, preferably via a directive such as HTMLSourceDefaultEnc windows-1251 or some such. It does work on my _own_ website, where it quite happily converts win-1251 to utf-8. Once I fix the memory leak (any help appreciated), I'll be happy. See http://www.apachetutor.org/dev/pools for an easy way to deal with the memory. And a great many thanks to Nick Kew for getting me off my lazy ... to start coding (which, honestly, I am better at than administering systems). :-) BTW, I still have no clue why I cannot do this with mod_charset_lite. Neither am I. But a closer look at mod_charset_lite has been on my TODO list for so long it's probably on a permanent back-burner. Did you also look at the full mod_charset? AIUI it was written by Russian developers, so cyrillic was presumably important to them. The thing about mod_charset, is that they assume no iconv, and do all internal translation. With translation settings and weird maps, where needed. This seems a bit insane to me, unless needed. I believe the reason was that we had: win1251 read as koi8, transcoded into LATIN1 Now, we need to make sense of *that*. Also, they do not cleanly support utf8 translation (they do not support translation back from utf8). iconv does. Honestly, remaking mod_proxy_html into mod_proxy_charset_convert would be trivial now, IMO. And maybe that's the better idea. Although that does duplicate mod_charset_light, at least I know it'll work. And , it would use libxml2 where possible, not iconv. mickg - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Question about mod_charset_light and mod_proxy_html (Solved!)
On Wed, 08 Nov 2006 12:56:28 -0500 mickg [EMAIL PROTECTED] wrote: Do you want the full working code once I clean up the memory problem? It is, after all, GPL, so it would be in good spirit for me to release the modified source. :) Yes please. I haven't thought through whether to incorporate this or something similar. If I do, I'll want to base it on apr_iconv, rather than native iconv. But having your code there to look at can't hurt, regardless of what I end up doing. -- Nick Kew Application Development with Apache - the Apache Modules Book http://www.apachetutor.org/ - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Question about mod_charset_light and mod_proxy_html (Solved!)
Nick Kew wrote: On Wed, 08 Nov 2006 12:56:28 -0500 mickg [EMAIL PROTECTED] wrote: Do you want the full working code once I clean up the memory problem? It is, after all, GPL, so it would be in good spirit for me to release the modified source. :) Yes please. I haven't thought through whether to incorporate this or something similar. If I do, I'll want to base it on apr_iconv, rather than native iconv. But having your code there to look at can't hurt, regardless of what I end up doing. Attached. Code compiles on Ubuntu, assuming apache-dev, libxml2-dev, and a ln -s /usr/include/libxml2/libxml /usr/include/libxml apxs2 -i -c mod_proxy_html.c No warnings on the new functions are emitted. I am now using it on a webserver, and will say tomorrow whether there are any major memory leaks (A decent amount of traffic is going through it). Essential Missing: Rewriting of get post request data. The reason for using iconv, and not apache's iconv: libxml already opens the iconv handle during initialization. Might as well use it. Standard discalimers apply. Code is GPL, my modifications are, for WebThing's use, BSDed. TODO list: Add rewriting of POST/GET requests. Add directive to set default encoding if non availible (once I figure out how to add directives). Add directive to set output encoding (and convert to it) (once I figure out how to modify data post-processing) Maybe make a mod_charset_libxml charset converter. As the mod_charset_light is not working, and I am not sure I want to fix that. ( For the record, *why oh why* are we doing text munging in C/C++ ? As someone who coded in C a long, long time ago , I find I am much more productive in various HLLs, such as Python. This, of course, excepts kernel code. I have half a mind to make a Python, Perl, or Lisp-based filter. ) mickg / Copyright (c) 2003-5, WebThing Ltd Author: Nick Kew [EMAIL PROTECTED] Modifier: Michael Gorbovitski [EMAIL PROTECTED] 2006 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ / Note to Users You are requested to register as a user, at http://apache.webthing.com/registration.html This entitles you to support from the developer. I'm unlikely to reply to help/support requests from non-registered users, unless you're paying and/or offering constructive feedback such as bug reports or sensible suggestions for further development. It also makes a small contribution to the effort that's gone into developing this work. */ /* End of Notices */ /* GO_FASTER You can #define GO_FASTER to disable informational logging. This disables the ProxyHTMLLogVerbose option altogether. Default is to leave it undefined, and enable verbose logging as a configuration option. Binaries are supplied with verbose logging enabled. */ #ifdef GO_FASTER #define VERBOSE(x) #else #define VERBOSE(x) if ( verbose ) x #endif #define VERSION_STRING proxy_html/2.5 #include ctype.h /* libxml */ #include libxml/HTMLparser.h /* apache */ #include http_protocol.h #include http_config.h #include http_log.h #include apr_strings.h /* To support Apache 2.1/2.2, we need the ap_ forms of the * regexp stuff, and they're now used in the code. * To support 2.0 in the same compile, * we #define the * AP_ versions if necessary. */ #ifndef AP_REG_ICASE /* it's 2.0, so we #define the ap_ versions */ #define ap_regex_t regex_t #define ap_regmatch_t regmatch_t #define AP_REG_EXTENDED REG_EXTENDED #define AP_REG_ICASE REG_ICASE #define AP_REG_NOSUB REG_NOSUB #define AP_REG_NEWLINE REG_NEWLINE #endif module AP_MODULE_DECLARE_DATA proxy_html_module ; #define M_HTML 0x01 #define M_EVENTS0x02 #define M_CDATA 0x04 #define M_REGEX 0x08 #define M_ATSTART 0x10 #define M_ATEND 0x20 #define M_LAST 0x40 typedef struct { unsigned int start ; unsigned int end ; } meta ; typedef struct urlmap { struct
Re: [EMAIL PROTECTED] Question about mod_charset_light and mod_proxy_html (Solved!)
Nick Kew wrote: On Wed, 08 Nov 2006 12:56:28 -0500 mickg [EMAIL PROTECTED] wrote: Do you want the full working code once I clean up the memory problem? It is, after all, GPL, so it would be in good spirit for me to release the modified source. :) Yes please. I haven't thought through whether to incorporate this or something similar. If I do, I'll want to base it on apr_iconv, rather than native iconv. But having your code there to look at can't hurt, regardless of what I end up doing. Attached. Code compiles on Ubuntu, assuming apache-dev, libxml2-dev, and a ln -s /usr/include/libxml2/libxml /usr/include/libxml apxs2 -i -c mod_proxy_html.c No warnings on the new functions are emitted. I am now using it on a webserver, and will say tomorrow whether there are any major memory leaks (A decent amount of traffic is going through it). Essential Missing: Rewriting of get post request data. The reason for using iconv, and not apache's iconv: libxml already opens the iconv handle during initialization. Might as well use it. Standard disclaimers apply. Code is GPL, my modifications are, for WebThing's use, BSDed. TODO list: Add rewriting of POST/GET requests. Add directive to set default encoding if non available (once I figure out how to add directives). Add directive to set output encoding (and convert to it) (once I figure out how to modify data post-processing) Maybe make a mod_charset_libxml charset converter. As the mod_charset_light is not working, and I am not sure I want to fix that. ( For the record, *why oh why* are we doing text munging in C/C++ ? As someone who coded in C a long, long time ago , I find I am much more productive in various HLLs, such as Python. This, of course, excepts kernel code. I have half a mind to make a Python, Perl, or Lisp-based filter. ) mickg / Copyright (c) 2003-5, WebThing Ltd Author: Nick Kew [EMAIL PROTECTED] Modifier: Michael Gorbovitski [EMAIL PROTECTED] 2006 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ / Note to Users You are requested to register as a user, at http://apache.webthing.com/registration.html This entitles you to support from the developer. I'm unlikely to reply to help/support requests from non-registered users, unless you're paying and/or offering constructive feedback such as bug reports or sensible suggestions for further development. It also makes a small contribution to the effort that's gone into developing this work. */ /* End of Notices */ /* GO_FASTER You can #define GO_FASTER to disable informational logging. This disables the ProxyHTMLLogVerbose option altogether. Default is to leave it undefined, and enable verbose logging as a configuration option. Binaries are supplied with verbose logging enabled. */ #ifdef GO_FASTER #define VERBOSE(x) #else #define VERBOSE(x) if ( verbose ) x #endif #define VERSION_STRING proxy_html/2.5 #include ctype.h /* libxml */ #include libxml/HTMLparser.h /* apache */ #include http_protocol.h #include http_config.h #include http_log.h #include apr_strings.h /* To support Apache 2.1/2.2, we need the ap_ forms of the * regexp stuff, and they're now used in the code. * To support 2.0 in the same compile, * we #define the * AP_ versions if necessary. */ #ifndef AP_REG_ICASE /* it's 2.0, so we #define the ap_ versions */ #define ap_regex_t regex_t #define ap_regmatch_t regmatch_t #define AP_REG_EXTENDED REG_EXTENDED #define AP_REG_ICASE REG_ICASE #define AP_REG_NOSUB REG_NOSUB #define AP_REG_NEWLINE REG_NEWLINE #endif module AP_MODULE_DECLARE_DATA proxy_html_module ; #define M_HTML 0x01 #define M_EVENTS0x02 #define M_CDATA 0x04 #define M_REGEX 0x08 #define M_ATSTART 0x10 #define M_ATEND 0x20 #define M_LAST 0x40 typedef struct { unsigned int start ; unsigned int end ; } meta ; typedef struct urlmap { struct
Re: [EMAIL PROTECTED] httpd 2.2.3 build issue
... The compile worked fine the first time on the same VM image, but now on subsequent builds can't seem to get past this part. I'm looking for any cruft in the system which may have been left over from any previous compile/install, but no success yet. Can you try passing --with-included-apr to configure? No change, still errors out in the same spot, with the same error: gawk: fatal: no (known) protocol supplied in special filename `/inet/src/httpd-2.2.3/srclib/apr/build/make_var_export.awk' make[3]: *** [export_vars.c] Error 2 make[3]: Leaving directory `/inet/src/httpd-2.2.3/srclib/apr' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/inet/src/httpd-2.2.3/srclib/apr' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/inet/src/httpd-2.2.3/srclib' make: *** [all-recursive] Error 1 My configure args looked like so: ./configure -C \ --prefix=/inet/apps/apache-2.2.3 \ --enable-so \ --enable-mods-shared=all \ --disable-deflate \ --enable-ssl --with-ssl=/usr \ --with-included-apr \ --enable-proxy --enable-proxy-ajp \ --enable-cache --enable-disk-cache --enable-mem-cache \ --enable-file-cache \ --with-mpm=prefork \ --with-program-name=inet-httpd joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Best way of forwarding traffice from Apache 1.3 to 2.0
thx all for the suggestions..this one worked RewriteEngine on RewriteRule ^/(.+) /temporary.html On 11/8/06, Boyle Owen [EMAIL PROTECTED] wrote: -Original Message- From: Joseph Cheng [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 07, 2006 9:31 PM To: users@httpd.apache.org Subject: [EMAIL PROTECTED] Best way of forwarding traffice from Apache 1.3 to 2.0 Hello I have done basic url forwarding before but I am trying to see how to do some thing different now. I have old apache 1.3 server and brand new 2.0 server. Right now the 1.3 server is live with http clients hitting it. I am trying to see what would be best way to direct _all_ http clients going to 1.3 server to load one html document in the 1.3 docroot telling them to go to the 2.0 server address instead. It is tricky because previous web site visitors might have bookmarked various very old documents so I am stuck trying to think of a way to point them all to that one html document if they type any url containing the *domain.com* text. Any ideas? TIA! What did you try already? What happened? As I read it, you want to put up a page that says, Site has moved rather than redirect users (so that the browser reloads the new site). Correct? Something as simple as; RedirectMatch ^/.*$ /that_one_html_doc.html ...should work (see docs for details). Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Re: Restarting Apache
Sean Conner writes: It was thus said that the Great Jonathan Horne once stated: On Tuesday 07 November 2006 20:32, [EMAIL PROTECTED] wrote: I'm a newbie to Apache, actually, a dummy (: Can someone please explain to me, why am I allowed to restart Apache with httpd -k {restart|graceful} while working in shell interactively, and am failed to do so if it's done as a part of shell script started by cron? my first guess, would that maybe you didnt include the path to the binary in your cron statement? I was thinking the cron job might be running as the wrong user myself ... -spc (But this is getting into the realm of OS issues, not Apache ... ) Thank you very much, guys, and sorry for disturbing. I fixed the problem by adding the job to the 'root' user crontab (I did it to an ordinary user crontab before). Thanks again! - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Rewrite problem (adding www.)
Hi, I use the following piece of code in an .htaccess file at /var/www/vhosts/domain.com/httpdocs/.htaccess to get traffic from http://domain.com onto http://www.domain.com which works perfectly: RewriteCond %{HTTP_HOST} ^domain\.com$ [NC] RewriteRule ^(.*)$ http://www.domain.com/$1 [R=301,L,NE] However when the root of the site in question isn't at the top level of the domain (the following in an .htaccess file at /var/www/vhosts/domain.com/httpdocs/sub/.htaccess): RewriteCond %{HTTP_HOST} ^domain\.com$ [NC] RewriteRule ^(.*)$ http://www.domain.com/sub/$1 [R=301,L,NE] it fails in a certain case which leads to a request for http://domain.com/sub (note no trailing bracket) being served http://www.domain.com/sub//var/www/vhosts/domain.com/httpdocs/sub instead of http://www.domain.com/sub or http://www.domain.com/sub/ Can someone suggest how I make the rewrite condition / rule more robust? Thanks, Geoff - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Domain OR Password Protection???
Could I have a domain protection and a password protection on a directory with Apache?BUT!! NOT require both but just one?Details..I have a directory which is domain protected.When a user from an unapporved domain tried to access the directory he will recieve a 403 error. At this exact moment - ONLY when they are not on an approved domain, a login/password window pop up.If they have the correct login/password then they gain access to the directory.I can't have login/password for all times. Just when they try to access from an un-apporved domain... ANY IDEAS?Is this possible??Thank you!!
Re: [EMAIL PROTECTED] Domain OR Password Protection???
On 11/8/06, Liz Kim [EMAIL PROTECTED] wrote: Could I have a domain protection and a password protection on a directory with Apache? BUT!! NOT require both but just one? Details.. I have a directory which is domain protected. When a user from an unapporved domain tried to access the directory he will recieve a 403 error. At this exact moment - ONLY when they are not on an approved domain, a login/password window pop up. If they have the correct login/password then they gain access to the directory. I can't have login/password for all times. Just when they try to access from an un-apporved domain... ANY IDEAS? Is this possible?? http://wiki.apache.org/httpd/Recipes/BypassAuthenticationOrAuthorizationRequirements Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Trouble building mod_auth_ldap with Mozilla LDAP C SDK 6.0, Apache 2.0.59 on ia64
Hello everyone: This is my first time posting here, but I've been building Apache for years now since early 1.3.x and I've benefited from the archives previously. I've scanned the FAQ, recent bugs, and mailing list archives. I've also Google'd for solutions to my issue, but I'm not having success. I've successfully built Apache 2.0.59 with many modules, but I'm having trouble adding mod_auth_ldap to connect to an older Netscape Directory Server via SSL. Because of the LDAP over SSL requirement, I believe I'm restricted to use the Netscape(iPlanetSunRedHat)Mozilla LDAP C SDK rather and OpenLDAP's libraries. I've built the Mozilla LDAP version 6.0 C SDK successfully (version 5 does not seem to work on the ia64 architecture) and I can use ldapsearch command line tool from the SDK to connect to the ldaps:// LDAP server with SSL. I am building httpd-2.0.59 on a SGI Altix 350 (ia64 architecture) with Novell SuSE 9.3. It's possible there is confusion with installed OpenLDAP libraries, I think I see it fall back to them, below. Questions: 1) Is this the best place to ask about building mod_auth_ldap? 2) Is it possible to use OpenLDAP libraries instead of Mozilla LDAP C SDK to do a ldaps:// connection? 3) ./modules/experimental/README.ldap implies that this module is still experimental -- is that true? 4) Is mod_auth_ldap planned to support the Mozilla LDAP C SDK, version 6? From what I've seen (details below), it does not support version 6. 5) Should I file a bug to build against Mozilla LDAP C SDK, version 6? Here is the only reference I found for how to build version 6: http://directory.fedora.redhat.com/wiki/Building I made two edits to get configure working, based upon my searching the web: http://www.mozilla.org/directory/csdk-docs/getstart.htm#compile_ldap_cli ent corroborates: http://mail-archives.apache.org/mod_mbox/httpd-bugs/200310.mbox/%3C20031 [EMAIL PROTECTED] __ The first edit was to modify the SDK's ldap_ssl.h header to include ldap.h, and this is successful in avoiding this configure issue: checking ldap_ssl.h usability... no checking ldap_ssl.h presence... yes configure: WARNING: ldap_ssl.h: present but cannot be compiled configure: WARNING: ldap_ssl.h: check for missing prerequisite headers? configure: WARNING: ldap_ssl.h: see the Autoconf documentation configure: WARNING: ldap_ssl.h: section Present But Cannot Be Compiled configure: WARNING: ldap_ssl.h: proceeding with the preprocessor's result configure: WARNING: ldap_ssl.h: in the future, the compiler will take precedence configure: WARNING: ## -- ## configure: WARNING: ## Report this to the AC_PACKAGE_NAME lists. ## configure: WARNING: ## -- ## checking for ldap_ssl.h... yes __ The second edit was to: vi :3611 srclib/apr-util/configure and change two lines to use the 60 (versus 50) libraries. Otherwise, I would see this during configure: checking for ldap_init in -lldap50... yes setting APRUTIL_EXPORT_LIBS to -lldap50 -lnspr4 -lplc4 -lplds4 -liutil50 - llber50 -lldif50 -lnss3 -lprldap50 -lssl3 -lssldap50 setting APRUTIL_LIBS to -lldap50 -lnspr4 -lplc4 -lplds4 -liutil50 -llber50 -lldif50 -lnss3 -lprldap50 -lssl3 -lssldap50 checking for ldapssl_install_routines in -lldap50... yes checking for ldap_start_tls_s in -lldap50... yes __ Here is what I currently see with the 60 modification, I think it falls back to the OpenLDAP libraries on my system after trying libldap60: checking for ldap support... setting APRUTIL_INCLUDES to -I/engr/pkgs/mozilla/dist/public/ldap setting APRUTIL_LDFLAGS to -L/engr/lib:/engr/pkgs/mozilla/dist/lib:/engr/pkgs/mozilla/dist/Linux2. 6_ia64_glibc_PTH_64_DBG.OBJ/lib checking for ldap_init in -lldap60... no checking for ldap_init in -lldapssl41... no checking for ldap_init in -lldapssl40... no checking for ldap_init in -lldapssl30... no checking for ldap_init in -lldapssl20... no checking for ldap_init in -lldap... yes setting APRUTIL_EXPORT_LIBS to -lldap -llber setting APRUTIL_LIBS to -lldap -llber checking for ldapssl_install_routines in -lldap... no checking for ldap_start_tls_s in -lldap... yes checking for ber_init in -llber... yes checking lber.h usability... yes checking lber.h presence... yes checking for lber.h... yes checking for ldap.h... yes checking ldap_ssl.h usability... yes checking ldap_ssl.h presence... yes checking for ldap_ssl.h... yes __ The make fails... make[3]: Entering directory `/engr/pkgs/httpd-2.0.59/modules/experimental' /engr/pkgs/httpd-2.0.59/srclib/apr/libtool --silent --mode=compile gcc -g -O2 -pthread-DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -DAP_HAVE_DESIGNATED_INITIALIZER
RE: [EMAIL PROTECTED] DDOS
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joshua Slive Sent: Wednesday, November 08, 2006 5:51 PM To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] DDOS On 11/8/06, Leonardo Neves [EMAIL PROTECTED] wrote: Thanks for reply. I removed mod_proxy and the problem continued. Some another ideia? The requests aren't going to instantly stop. You've been running an open proxy server that is probably being exploited by an army of compromised drone computers. This may go on for a while, since it is unlikely that bad guys will retest your server. Check out http://www.postcastserver.com/help/Open_Proxy_Servers.aspx See if your server is still on the lists... Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. But you should check to make sure that the requests are now failing (giving a 4xx status code or returning your own home page). Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]