Re: [EMAIL PROTECTED] Problem with SUEXEC

[Steve Swift]

I've just noticed the "SUEXEC" in the subject.  I don't think this is
anything to do with SUEXEC, but if it is, then step (13) of the SUEXEC
process determines that the CGI which is being accessed lies within the
Doc_Root as defined by "suexec -V"

--
Steve Swift
http://www.swiftys.org.uk

Re: [EMAIL PROTECTED] Problem with SUEXEC

[Steve Swift]

I would interpret "search permission are missing on a component of the path"
to mean that some component of the directory path containing the file that
apache is trying to access does not contain an "x" permission that applies
to the apache userid or group.
However, that doesn't work for you (and I've never seen such an explicit
message from apache itself, so this may be coming from something else)

On 03/01/07, Dhika Cikul <[EMAIL PROTECTED]> wrote:


2007/1/3, Steve Swift <[EMAIL PROTECTED]>:
> In order for apache to access /home/mydomain/public_html/ (and
presumably
> something like index.html inside that directory) then the userid or
group
> that apache is running under needs both "r" and "x" access to each
directory
> /home /home/mydomain and /home/mydomain/public_html

I have chmoded /home/mydomain and /home/mydomain/public_html to 755,
but still get 403 permission denied

> I've never understood why it works this way, but I've found out the hard
way
> that it does. Depending on your system there may be other access
> restrictions in force, but the error message describes my suggestion
rather
> nicely.

i didn't understood about the error message.
[quote]
[Fri Dec 29 14:11:45 2006] [error] [client 192.168.65.1]
(13)Permission denied: access to / failed because search permissions
are missing on a component of the path
[/quote]

what is the mean "search permission are missing on a component of the
path"?

> On 02/01/07, Dhika Cikul <[EMAIL PROTECTED]> wrote:
> >
> > Dear,
> >
> > I have problem with apache installation at my machine, i compile
> > apache with suexec support
> >
> > [quote]
> > [EMAIL PROTECTED] apache_1.3.37]# ./configure --prefix=/usr/local/apache
> > --enable-suexec --suexec-caller=nobody --suexec-uidmin=99
> > --suexec-gidmin=99
> --suexec-safepath=/usr/local/bin:/usr/bin:/bin
> > --suexec-userdir=public_html --enable-module=ssl --enable-shared=ssl
> > --disable-rule=SSL_COMPAT
> > [/quote]
> >
> > Installation process was succesfull, and this is the PHP configuration
:
> >
> > [quote]
> > [EMAIL PROTECTED] php-4.4.4]# ./configure
> > --with-apxs=/usr/local/apache/bin/apxs --with-mysql
> --with-curl
> > --with-gd --with-freetext=/usr/local/freetype
> --with-gettext
> > --enable-mbstring --enable-mbregex --enable-magic-quotes --with-xml
> > --with-jpeg-dir=/usr/lib  --with-ftp --with-zlib
> --enable-track-vars
> > --enable-versioning --enable-memory-limit --with-pear --with-mcrypt
> > --with-mhash
> > [/quote]
> >
> > Both of that process was succesfully compiled, and i have tested with
> phpinfo()
> >
> > The problem occur while i add virtualHost at httpd.conf
> >
> > [quote]
> > 
> > ServerAdmin [EMAIL PROTECTED]
> > DocumentRoot /home/mydomain/public_html/
> > User mydomain
> > Group mydomain
> > ServerName www.mydomain.net
> > ServerAlias domainku.net www.mydomain.net
> > CustomLog domlogs/mydomain.net-log combined
> > #ScriptAlias /cgi-bin/
> /home/mydomain/public_html/cgi-bin/
> > 
> > [/quote]
> >
> > While i add that virtualHost and i try to access mydomain.com, i get
> > 403 permission error
> >
> > [quote]
> > Forbidden
> > You don't have permission to access / on this server.
> >
> > Apache/1.3.37 Server at www.mydomain.net Port 80
> > [/quote]
> >
> > i have checked ownership and permission at /home/mydomain/public_html
> > the ownership is mydomain.mydomain and permission is 755. I have try
> > several times and still unsucessfull
> >
> > At apache error_log :
> >
> > [quote]
> > [Fri Dec 29 14:11:45 2006] [error] [client 192.168.65.1]
> > (13)Permission denied: access to / failed because search permissions
> > are missing on a component of the path
> > [/quote]
> >
> > anyone knows how to fix this problem??, i have tried with Apache2 and
> > Apache1, and get same problem
> >
> > Thank's
> > --
> > Dhika Cikul
> >

>
> --
> Steve Swift
>  http://www.swiftys.org.uk


--
Dhika Cikul

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
Steve Swift
http://www.swiftys.org.uk

[EMAIL PROTECTED] Getting CheckSpelling to work (repost)

[Vidiot]

I posted the following over the holiday weekend, so it may have gotten "lost"
in the holiday shuffle:

Good evening and Happy New Year.  Yep, I am home on a New Year's Eve.
I'm watching the C-Band feed of the raw Times Square event from New York.

In any event I am bringing up a new Linux server, replacing the older server
that is running Apache 1.3.  The new server is running Fedora Core 6,
updated, so it is running the latest Apache server.  I managed to get my
CGI and SSI stuff working again, but the CheckSpelling is not working,
as it currently is on the old server.

I looked for "checkspelling" in the FAQ, but got nothing.  Trying to find
something in the previous postings would appear to be a daunting task with
a search capability.

Here are the sections in the config file that contain the directive:


Options Includes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
CheckSpelling on


ServerName www.vidiot.com
ServerAlias vidiot.com *.vidiot.com
CheckSpelling on



The Directory section is where it is working in 1.3, but when it didn't
work there, I added it to VirtualHost, as listed in the on line docs.

But it doesn't work there either.

My test is to go to one of my web pages that is upper/lower and then
change one of the uppercase characters to lowercase and look for the page.
I get a page not found.  I also did the same thing on the 1.3 server and
it did as I expected, i.e., it found the page and showed the URL with the
correct case.

Thanks in advance for any pointers in figuring out this problem.

MB
-- 
e-mail: [EMAIL PROTECTED]/~\ The ASCII
 \ / Ribbon Campaign
[So it's true, scythe matters.  Willow  5/12/03]  X  Against
Visit - URL: http://vidiot.com/  / \ HTML Email

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Icon for Link Directory

[Indraveni]

Hi,

I am using Apache2.2.3 version and I created symlink using the comman 
ls  -l /home/veni /var/www/veni. Now I have a link for the veni directory 
created under the path /var/www. When I am viewiing the content of /var/www, I 
want to differentiate the directory and the link with the icon displayed beside 
it. For this I added the following lines in the apache2.conf (httpd.conf) but 
still the icon is not changed, all the icons are the  directory icons only.. 
 AddIcon /icons/link.jpg ^^SYMDIR^^
 AddIcon /icons/link.jpg ^^SYMLINK^^

Any one have any idea of how to achive this, please let me know

Thankyou
Indraveni


 Send free SMS to your Friends on Mobile from your Yahoo! Messenger. Download 
Now! http://messenger.yahoo.com/download.php

Re: [EMAIL PROTECTED] Where is access.log generated

[Sander Temme]

Arthur,

On Jan 2, 2007, at 4:13 PM, Arthur Kreitman wrote:


I can’t find where the writes to access.log are called?  Any hints?


Looking through the Apache source code, the access log entries are  
generated by the ap_hook_log_transaction hook, which is implemented  
by modules/loggers/mod_log_config.c and ran from several possible  
places in server/protocol.c (and server/eor_bucket.c). I dearly hope  
only one of those code paths actually gets followed during a given  
transaction. (:


If you have your own module, you can implement  
ap_hook_log_transaction and add to the access log yourself.


Yes, hooks can be somewhat untraceable in Apache, but in the Apache  
source distribution, all hooks (save one) that are defined are  
actually called. The pattern is:


* To declare a hook handler, you call ap_hook_mumble from your
  register_hooks function implementation
* To run the hook, Apache calls ap_run_mumble.

So, to find out about logging, I used find and grep:

[EMAIL PROTECTED] trunk $ find . -type f -name \*.c | xargs grep  
ap_hook_log_transaction

...
[EMAIL PROTECTED] trunk $ find . -type f -name \*.c | xargs grep  
ap_run_log_transaction

...

(output omitted but easily obtained).

S.

--
[EMAIL PROTECTED]http://www.temme.net/sander/
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF




smime.p7s
Description: S/MIME cryptographic signature

Re: [EMAIL PROTECTED] Problem with SUEXEC

[Dhika Cikul]

2007/1/3, Steve Swift <[EMAIL PROTECTED]>:

In order for apache to access /home/mydomain/public_html/ (and presumably
something like index.html inside that directory) then the userid or group
that apache is running under needs both "r" and "x" access to each directory
/home /home/mydomain and /home/mydomain/public_html


I have chmoded /home/mydomain and /home/mydomain/public_html to 755,
but still get 403 permission denied


I've never understood why it works this way, but I've found out the hard way
that it does. Depending on your system there may be other access
restrictions in force, but the error message describes my suggestion rather
nicely.


i didn't understood about the error message.
[quote]
[Fri Dec 29 14:11:45 2006] [error] [client 192.168.65.1]
(13)Permission denied: access to / failed because search permissions
are missing on a component of the path
[/quote]

what is the mean "search permission are missing on a component of the path"?


On 02/01/07, Dhika Cikul <[EMAIL PROTECTED]> wrote:
>
> Dear,
>
> I have problem with apache installation at my machine, i compile
> apache with suexec support
>
> [quote]
> [EMAIL PROTECTED] apache_1.3.37]# ./configure --prefix=/usr/local/apache
> --enable-suexec --suexec-caller=nobody --suexec-uidmin=99
> --suexec-gidmin=99
--suexec-safepath=/usr/local/bin:/usr/bin:/bin
> --suexec-userdir=public_html --enable-module=ssl --enable-shared=ssl
> --disable-rule=SSL_COMPAT
> [/quote]
>
> Installation process was succesfull, and this is the PHP configuration :
>
> [quote]
> [EMAIL PROTECTED] php-4.4.4]# ./configure
> --with-apxs=/usr/local/apache/bin/apxs --with-mysql
--with-curl
> --with-gd --with-freetext=/usr/local/freetype
--with-gettext
> --enable-mbstring --enable-mbregex --enable-magic-quotes --with-xml
> --with-jpeg-dir=/usr/lib  --with-ftp --with-zlib
--enable-track-vars
> --enable-versioning --enable-memory-limit --with-pear --with-mcrypt
> --with-mhash
> [/quote]
>
> Both of that process was succesfully compiled, and i have tested with
phpinfo()
>
> The problem occur while i add virtualHost at httpd.conf
>
> [quote]
> 
> ServerAdmin [EMAIL PROTECTED]
> DocumentRoot /home/mydomain/public_html/
> User mydomain
> Group mydomain
> ServerName www.mydomain.net
> ServerAlias domainku.net www.mydomain.net
> CustomLog domlogs/mydomain.net-log combined
> #ScriptAlias /cgi-bin/
/home/mydomain/public_html/cgi-bin/
> 
> [/quote]
>
> While i add that virtualHost and i try to access mydomain.com, i get
> 403 permission error
>
> [quote]
> Forbidden
> You don't have permission to access / on this server.
>
> Apache/1.3.37 Server at www.mydomain.net Port 80
> [/quote]
>
> i have checked ownership and permission at /home/mydomain/public_html
> the ownership is mydomain.mydomain and permission is 755. I have try
> several times and still unsucessfull
>
> At apache error_log :
>
> [quote]
> [Fri Dec 29 14:11:45 2006] [error] [client 192.168.65.1]
> (13)Permission denied: access to / failed because search permissions
> are missing on a component of the path
> [/quote]
>
> anyone knows how to fix this problem??, i have tried with Apache2 and
> Apache1, and get same problem
>
> Thank's
> --
> Dhika Cikul
>




--
Steve Swift
 http://www.swiftys.org.uk



--
Dhika Cikul

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Where is access.log generated

[Arthur Kreitman]

I can't find where the writes to access.log are called?  Any hints?

 

Art

Re: [EMAIL PROTECTED] Re: (no subject)

[Evan Platt]

At 01:10 PM 1/2/2007, you wrote:

>At 12:48 PM 1/2/2007, you wrote:
>>unsubscribe
>
>As the headers say:
>list-unsubscribe: 

Actually it is: [EMAIL PROTECTED]

This is the httpd mail list, not the spamassassin mail list :-)


Alex, I'll take "Evan needs to go back to sleep for $400 please."

Ok, yeah the original post was to the spamassassin list,

I hit the reply, which of course goes to the OP. I then saw 
"apache.org", typed Apache in my address book, and viola.


Back to bed for me. 



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Re: (no subject)

[Vidiot]

>At 12:48 PM 1/2/2007, you wrote:
>>unsubscribe
>
>As the headers say:
>list-unsubscribe: 

Actually it is: [EMAIL PROTECTED]

This is the httpd mail list, not the spamassassin mail list :-)

MB
-- 
e-mail: [EMAIL PROTECTED]/~\ The ASCII
 \ / Ribbon Campaign
[So it's true, scythe matters.  Willow  5/12/03]  X  Against
Visit - URL: http://vidiot.com/  / \ HTML Email

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] use apache to log email link clicks perjob, then redirect?

[Greg]

Hi all 

Is there any way to use CustomLog Directive as sort of a link click counter, 
then redirect to a url in the querystring? 
and have a different log file for each job, keyed off a unique job number?

example url:
http://www.mydomain.com/jobnumberhere/page.ext?url=http://www.redirect.com

logged into the
 /pathprefix/jobnumberhere/log_file
(where it would log the address in the querystring)

and then redirected to:
http://www.redirect.com


Thanks for any advise you can give.

Regards,
Greg 
Y Marketing & ITO Design, Inc.

64 East Main Street, Somerville, NJ 08876
P: 908.243.0046/48  F: 908.243.0042

[EMAIL PROTECTED] Re: (no subject)

[Evan Platt]

At 12:48 PM 1/2/2007, you wrote:

unsubscribe


As the headers say:
list-unsubscribe: 


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] No permission to access files.

[Richard Lynch]

On Mon, January 1, 2007 4:06 pm, Rod Rook wrote:
> I've been running httpd web server under Fedora Core 4.
>
> Now, I installed Fedora Core 6 onto another hard drive and configured
> httpd
> server with the same /etc/httpd/conf/httpd.conf as under FC4.
>
> My web server is running now, but outside browsers get an error
> message of
> no permission to access to the following files: main.php and menu.php.

Exactly what error message is it?

WILD GUESS:
It's something about "safe mode" or "exec_dir"

These are PHP settings from php.ini which have almost nothing to do
with Apache per se.

Compare your old php.ini and the new one, if you can, or turn off
"safe_mode" (which is a horrible name for something that isn't really
all that safe, and which does nothing useful at all if you are running
PHP as a Module, and which is going away in PHP 6 anyway)

You can also relax the restrictions on exec_dir until you can figure
out how to work that correctly, with very little risk -- It really is
only useful for ISPs with shared hosting, for the most part.

> Here is the properties of the files.
>
> -rwxrwxr-x 1 user_u:object_r:user_home_t  webroot webroot 466
> Feb
> 27  2006 index.php
> -rwxrwxr-x 1 user_u:object_r:user_home_t  webroot webroot4197
> Feb
> 27  2006 main.php
> -rwxrwxr-x 1 user_u:object_r:user_home_t  webroot webroot 529
> Nov
> 29  2005 menu.php
>
> The index.php is supposed to execute main.php and menu.php.
>
> What could be wrong with the file permission properties?
>
> Thank you.
>
> pine
>


-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] measure performance of a php-script with apache ab

[Richard Lynch]

On Mon, January 1, 2007 9:29 am, Stefani Gerber wrote:
> I want to measure the performance of a specific php-script. That
> script
> performs, based on session information (that I copied directly into
> that
> file for test purposes),

It's possible that the session setup/breakdown takes 2 seconds on the
first page hit, but is much faster on a reload with the same session
data...

Seems unlikely to be that dramatic, though.

Double-check that you have the correct session info.

> some calculations and database queries. When
> I
> look at the script in a browser, it does what it should and takes
> about
> 2 seconds to finish (slow development machine). When I run the script
> with ab (ab -n 1000 -c 10 http://localhost/path/to/script.php) I get a
> measure for "requests per second" of 500-900. I asume, that no
> parsing/executing of the script is done. To check, I put in a db-write
> at the beginning of the script which writes, if the page is called in
> the browser and doesn't, if it is called by ab.

I wouldn't do that -- Keep the test valid by having it do the same
thing regardless of the environment...

If anything, check to make sure that your ab test actually IS altering
the db the way a normal visitor would.  Otherwise your test is only of
academic interest.

> Does anyone know, why the php-part is not executed when I use ab or
> where I should start off to find the problem?

I don't know ab that well, or Apache for that matter, but it should be
pretty easy in PHP to record the "hits" and be sure that PHP is
executing.

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Hot Standby with proxy balancer / httpd 2.2.3

[Bindul Bhowmik]

Hello,

I have been trying to set up a simple proxy balancer with a hot standby.

For a while I saw the status=+H (Hot Standby) option documented in the
documentation from TRUNK on the httpd site [1].

Now, though the same documentation appears on the version 2.2 documentation [2].

I downloaded httpd v2.2.3 and tried to set up a hot standby, but the
server threw an error:
BalancerMember Unknow status parameter option

Checking the documentation that came with the distribution (after the
install) does not mention the 'status' parameter at all.

I checked the source code on SVN, and the hot standby status code is
available on the trunk [3], but not on the 2.2.3 tag [4]. Then again,
this bit of code is available on the 2.2.x branch [5].

I am kind of confused as to when and if the hot standby feature would
be available.

I am using the Windows MSI install of httpd on a Windows XP box.

Any pointer would be helpful.

Thanks and have a Happy New Year.

Regards,
Bindul



[1] http://httpd.apache.org/docs/trunk/mod/mod_proxy.html#proxypass
[2] http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass
[3] 
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy.c?view=markup
(line 185-227)
[4] 
http://svn.apache.org/viewvc/httpd/httpd/tags/2.2.3/modules/proxy/mod_proxy.c?view=markup
(line 184-220)
[5] 
http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy.c?view=markup

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Reverse Proxy and Apache logging problem

[Odhiambo Washington]

Hello and Happy New Year!

[I asked this question in squid-users, but I still remain clueless]
 
I have one question which I need some clues about.
 
I am running Squid-2.6 in accelerator mode. The site being accelerated 
is being served by apache which is residing on the same box as Squid.
 
Squid is listening on the public IP of the box while Apache listens on
the loopback interface (127.0.0.1).
 
Now, for the purpose of getting access statitics for the websites being
accelerated
 
Now, when I check the Apache logs, there are no details of the actual
hosts accessing the website:

127.0.0.1 - - [02/Jan/2007:13:08:53 +0300] "POST /searchmyresults.php HTTP/1.0" 
302 18844
127.0.0.1 - - [02/Jan/2007:13:08:52 +0300] "GET /kcperesults.php HTTP/1.0" 200 
33729
127.0.0.1 - - [02/Jan/2007:13:08:52 +0300] "GET /kcperesults.php?start=21 
HTTP/1.0" 200 33789
127.0.0.1 - - [02/Jan/2007:13:08:54 +0300] "GET 
/kcpe2006res.php?id=1477429&cenno=603030 HTTP/1.0" 200 19026
127.0.0.1 - - [02/Jan/2007:13:08:53 +0300] "GET /kcperesults.php HTTP/1.0" 200 
33714
127.0.0.1 - - [02/Jan/2007:13:08:55 +0300] "POST /juan1.php HTTP/1.0" 302 -
127.0.0.1 - - [02/Jan/2007:13:08:55 +0300] "GET 
/kcpe2006res.php?id=1917448&cenno=401116 HTTP/1.0" 200 19026
127.0.0.1 - - [02/Jan/2007:13:08:55 +0300] "GET /searchmyresults.php HTTP/1.0" 
200 18844
127.0.0.1 - - [02/Jan/2007:13:08:56 +0300] "GET /kcpe.php HTTP/1.0" 200 18083
127.0.0.1 - - [02/Jan/2007:13:08:56 +0300] "GET / HTTP/1.0" 200 20460
 
Is there something that I need to put in squid.conf so that it can
"forward" to apache the actual details (IP, name) of the connecting
host for logging?

I'd like to be able generate access stats for the websites using
apache logs.

Thank you in advance..


-Wash

http://www.netmeister.org/news/learn2quote.html

DISCLAIMER: See http://www.wananchi.com/bms/terms.php

--
+==+
|\  _,,,---,,_ | Odhiambo Washington<[EMAIL PROTECTED]>
Zzz /,`.-'`'-.  ;-;;,_ | Wananchi Online Ltd.   www.wananchi.com
   |,4-  ) )-,_. ,\ (  `'-'| Tel: +254 20 313985-9  +254 20 313922
  '---''(_/--'  `-'\_) | GSM: +254 722 743223   +254 733 744121
+==+

The cost of living is going up, and the chance of living is going
down.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Apache SSO with LDAP

[Marc Boorshtein]

On 1/2/07, Gayal <[EMAIL PROTECTED]> wrote:

Dear Marc,

I couldn't find any decent How to's or Tutorials on mod_kerberos. Instead
found mod_kerb. Are these both the same?

Thanx


yes, my mistake

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Apache SSO with LDAP

[Gayal]

Dear Marc,

I couldn't find any decent How to's or Tutorials on mod_kerberos. Instead
found mod_kerb. Are these both the same?

Thanx

On 1/3/07, Marc Boorshtein <[EMAIL PROTECTED]> wrote:


look at mod_kerberos

On 1/2/07, Gayal <[EMAIL PROTECTED]> wrote:
> Dear Marc,
>
> I need authentication against an AD domain.
>
> Suppose my company intranet is hosted in Linux - Apache Httpd. And
employees
> are authenticated via Windows Domain Controller. So i need to get this
> Windows AD credentials into my Linux Apache Server to authenticate users
to
> view the web. Since the intranet comprise different web applications i
am
> hoping to implement SSO as well.
>
> Any help from you is highly appreciated.
>
> Regards,
> Gayal
>
>
>
> On 1/2/07, Marc Boorshtein <[EMAIL PROTECTED]> wrote:
> >
> > do you want sso or authentication against an AD domain?
> >
> > Also, what is your ldap config and logs?
> >
> > On 1/2/07, Gayal <[EMAIL PROTECTED]> wrote:
> > > Hi,
> > >
> > >  I m trying to implement Seamless Authentication in Apache for
Active
> > > Directory Users.
> > >
> > >  When i enable the mod_auth_ldap module within the Apache
configuration
> file
> > > I cannot restart Apache Service.
> > >  An error window opens saying "The Requested Operation failed."
> > >
> > >  Can any one please help me on this.
> > >
> > >  --
> > >  Gayal
> > >
> >
> >
> -
> > The official User-To-User support forum of the Apache HTTP Server
Project.
> > See http://httpd.apache.org/userslist.html> for more
> info.
> > To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> >"   from the digest:
> [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
>
>
> --
> Gayal Rupasinghe
> SU-APIIT
> "The willingness to make a commitment even when results are unknown."

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
Gayal Rupasinghe
SU-APIIT
"The willingness to make a commitment even when results are unknown."

Re: [EMAIL PROTECTED] Missing Mod_Access

[Can Le]

Sander Temme,
  
  You are the skilled person in the art of Apache.
  
  After I changed html code "" by  "\n", the header error is gone.
  My C++  script were running OK in both IE and Firefox if I only have "cout"  
for  printing outputs.
   
  Therefore I had a popup windows which asked me to download my test1.exe  file 
in CGI-BIN folder when I only used Firefox, not IE. I had no error  on exe file 
when I added "cout " to print two lines below: 
  
// #!C:\Perl\bin\per
  / /use CGI;
  
So my question is what is the proper HTTP header to run my test1.exe in Firefox?
  
  Thank you for your helps.
  
  Can Le
  
Sander Temme <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] http://www.temme.net/sander/
> PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF




 __
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Re: [EMAIL PROTECTED] Apache SSO with LDAP

[Marc Boorshtein]

look at mod_kerberos

On 1/2/07, Gayal <[EMAIL PROTECTED]> wrote:

Dear Marc,

I need authentication against an AD domain.

Suppose my company intranet is hosted in Linux - Apache Httpd. And employees
are authenticated via Windows Domain Controller. So i need to get this
Windows AD credentials into my Linux Apache Server to authenticate users to
view the web. Since the intranet comprise different web applications i am
hoping to implement SSO as well.

Any help from you is highly appreciated.

Regards,
Gayal



On 1/2/07, Marc Boorshtein <[EMAIL PROTECTED]> wrote:
>
> do you want sso or authentication against an AD domain?
>
> Also, what is your ldap config and logs?
>
> On 1/2/07, Gayal <[EMAIL PROTECTED]> wrote:
> > Hi,
> >
> >  I m trying to implement Seamless Authentication in Apache for Active
> > Directory Users.
> >
> >  When i enable the mod_auth_ldap module within the Apache configuration
file
> > I cannot restart Apache Service.
> >  An error window opens saying "The Requested Operation failed."
> >
> >  Can any one please help me on this.
> >
> >  --
> >  Gayal
> >
>
>
-
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more
info.
> To unsubscribe, e-mail:
[EMAIL PROTECTED]
>"   from the digest:
[EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>



--
Gayal Rupasinghe
SU-APIIT
"The willingness to make a commitment even when results are unknown."


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Apache SSO with LDAP

[Gayal]

Dear Marc,

I need authentication against an AD domain.

Suppose my company intranet is hosted in Linux - Apache Httpd. And employees
are authenticated via Windows Domain Controller. So i need to get this
Windows AD credentials into my Linux Apache Server to authenticate users to
view the web. Since the intranet comprise different web applications i am
hoping to implement SSO as well.

Any help from you is highly appreciated.

Regards,
Gayal


On 1/2/07, Marc Boorshtein <[EMAIL PROTECTED]> wrote:


do you want sso or authentication against an AD domain?

Also, what is your ldap config and logs?

On 1/2/07, Gayal <[EMAIL PROTECTED]> wrote:
> Hi,
>
>  I m trying to implement Seamless Authentication in Apache for Active
> Directory Users.
>
>  When i enable the mod_auth_ldap module within the Apache configuration
file
> I cannot restart Apache Service.
>  An error window opens saying "The Requested Operation failed."
>
>  Can any one please help me on this.
>
>  --
>  Gayal
>

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
Gayal Rupasinghe
SU-APIIT
"The willingness to make a commitment even when results are unknown."

Re: [EMAIL PROTECTED] Permission Problem with apache2 and FC6

[Rod Rook]

Thank you for your help. I followed your suggestion and not my web server is
accessible.

Now what do I do to turn SELinux on? Or do I have to do without it?

pine

On 1/2/07, ganesh ganesh <[EMAIL PROTECTED]> wrote:


Hi,

  Use the following command "setenforece 0". check your issue once that
has been done and check with the logs, if you still have the issue...
provide the logs again




On 1/2/07, Rod Rook <[EMAIL PROTECTED]> wrote:

> I am currently running httpd web server under FC4 and in the process of
> migrating to FC6.
>
> Under FC6, I configured /etc/httpd/conf/httpd.cong almost exactly as
> under FC5.
>
> Now I am getting the following error messages. (Please also see the
> attached .jpg file.)
>
>  Quote:
>   Forbidden: You don't have permission to access /main.php
> Here is the file permission as they ae now:
>  Quote:
>   -rwxr-xr-x 1 user_u:object_r:user_home_t webroot webroot 466 Feb 27
> 2006 index.php
> -rwxr-xr-x 1 user_u:object_r:user_home_t webroot webroot 4197 Feb 27
> 2006 main.php
> -rwxr-xr-x 1 user_u:object_r:user_home_t webroot webroot 529 Nov 29 2005
> menu.php
> /etc/httpd/conf/httpd.conf also has the following lines.
>
>  Quote:
>   DirectoryIndex index.html index.html.var index.shtml index.cgi
> index.php index.phtml index.php3 index.htm home.html welcome.html
> AddType application/x-compress .Z
> AddType application/x-gzip .gz .tgz
> AddType application/x-httpd-php .php .phps .php3 .phtml .html .htm
> .shtml .fds
> Do you have any suggestions as to where I should look to solve the
> problem?
>
> -
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>   "   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>


--
Regards,
GANESH.

Re: [EMAIL PROTECTED] Problem with SUEXEC

[Steve Swift]

In order for apache to access /home/mydomain/public_html/ (and presumably
something like index.html inside that directory) then the userid or group
that apache is running under needs both "r" and "x" access to each directory
/home /home/mydomain and /home/mydomain/public_html

I've never understood why it works this way, but I've found out the hard way
that it does. Depending on your system there may be other access
restrictions in force, but the error message describes my suggestion rather
nicely.

On 02/01/07, Dhika Cikul <[EMAIL PROTECTED]> wrote:


Dear,

I have problem with apache installation at my machine, i compile
apache with suexec support

[quote]
[EMAIL PROTECTED] apache_1.3.37]# ./configure --prefix=/usr/local/apache
--enable-suexec --suexec-caller=nobody --suexec-uidmin=99
--suexec-gidmin=99 --suexec-safepath=/usr/local/bin:/usr/bin:/bin
--suexec-userdir=public_html --enable-module=ssl --enable-shared=ssl
--disable-rule=SSL_COMPAT
[/quote]

Installation process was succesfull, and this is the PHP configuration :

[quote]
[EMAIL PROTECTED] php-4.4.4]# ./configure
--with-apxs=/usr/local/apache/bin/apxs --with-mysql --with-curl
--with-gd --with-freetext=/usr/local/freetype --with-gettext
--enable-mbstring --enable-mbregex --enable-magic-quotes --with-xml
--with-jpeg-dir=/usr/lib  --with-ftp --with-zlib --enable-track-vars
--enable-versioning --enable-memory-limit --with-pear --with-mcrypt
--with-mhash
[/quote]

Both of that process was succesfully compiled, and i have tested with
phpinfo()

The problem occur while i add virtualHost at httpd.conf

[quote]

ServerAdmin [EMAIL PROTECTED]
DocumentRoot /home/mydomain/public_html/
User mydomain
Group mydomain
ServerName www.mydomain.net
ServerAlias domainku.net www.mydomain.net
CustomLog domlogs/mydomain.net-log combined
#ScriptAlias /cgi-bin/ /home/mydomain/public_html/cgi-bin/

[/quote]

While i add that virtualHost and i try to access mydomain.com, i get
403 permission error

[quote]
Forbidden
You don't have permission to access / on this server.

Apache/1.3.37 Server at www.mydomain.net Port 80
[/quote]

i have checked ownership and permission at /home/mydomain/public_html
the ownership is mydomain.mydomain and permission is 755. I have try
several times and still unsucessfull

At apache error_log :

[quote]
[Fri Dec 29 14:11:45 2006] [error] [client 192.168.65.1]
(13)Permission denied: access to / failed because search permissions
are missing on a component of the path
[/quote]

anyone knows how to fix this problem??, i have tried with Apache2 and
Apache1, and get same problem

Thank's
--
Dhika Cikul

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
Steve Swift
http://www.swiftys.org.uk

Re: [EMAIL PROTECTED] Apache SSO with LDAP

[Marc Boorshtein]

do you want sso or authentication against an AD domain?

Also, what is your ldap config and logs?

On 1/2/07, Gayal <[EMAIL PROTECTED]> wrote:

Hi,

 I m trying to implement Seamless Authentication in Apache for Active
Directory Users.

 When i enable the mod_auth_ldap module within the Apache configuration file
I cannot restart Apache Service.
 An error window opens saying "The Requested Operation failed."

 Can any one please help me on this.

 --
 Gayal



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Apache and client certs

[Serge Dubrouski]

On 1/2/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:



Thanks a lot!
I've just tested WebSphere PlugIn, but the result is the same as using
reverse proxy for contact the backend server. It desn't work

I think that the only solution in a short time for me is to modify my
webapplication.
I can made my application asking for client cetificate in the web.xml but
I don't like it very much

Is there something else could you suggest me?

If, for example, I could using Tomcat instead of WebSphere, are you sure I
will be able to pass client certificate information to the application
server only using mod_ssl and mod_proxy or... have I to add mod_jk too?




You'll have to use mod_jk.

Please let me know.


Thanks


manuciao


  *"Serge Dubrouski" <[EMAIL PROTECTED]>*

30/12/2006 16.32   Please respond to
users@httpd.apache.org

   To
users@httpd.apache.org  cc
  Subject
Re: [EMAIL PROTECTED] Apache and client certs




On 12/30/06, toadie D <[EMAIL PROTECTED]> wrote:
> It is possible to use reverse proxy to pass a PEM Encoded Certificate as
a
> HTTP header to a backend server.
>
> Make sure you have this directive in your config file
>
> SSLOptions +ExportCertData
>
> Then use mod_headers to  set the header
>
> RequestHeader MY_CLIENT_CERT %{SSL_CLIENT_CERT}s
>
>
> You can find more info here
> http://httpd.apache.org/docs/2.2/mod/mod_ssl.html and
> here  http://httpd.apache.org/docs/2.2/mod/mod_headers.html
>
> One caveat, depending on which version of apache you use (2.0.x or 2.2.x
),
> the PEM encoded Certificate may across a bit strange (ie.  not
conforming to
> multiline HTTP header).

And not recognizable by backend application.

> So you may see your header looking like this
>
> MY_CLIENT_CERT: - BEGIN CERTIFICATE -[blanks no CRLF] [First
line of
> base64 encoded data] [ blanks no CRLF ] [Second line of base64 encoded
data]
> .   END CERTIFICATE -
>
>
>
>
>
>

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Problem with SUEXEC

[Dhika Cikul]

Dear,

I have problem with apache installation at my machine, i compile
apache with suexec support

[quote]
[EMAIL PROTECTED] apache_1.3.37]# ./configure --prefix=/usr/local/apache
--enable-suexec --suexec-caller=nobody --suexec-uidmin=99
--suexec-gidmin=99 --suexec-safepath=/usr/local/bin:/usr/bin:/bin
--suexec-userdir=public_html --enable-module=ssl --enable-shared=ssl
--disable-rule=SSL_COMPAT
[/quote]

Installation process was succesfull, and this is the PHP configuration :

[quote]
[EMAIL PROTECTED] php-4.4.4]# ./configure
--with-apxs=/usr/local/apache/bin/apxs --with-mysql --with-curl
--with-gd --with-freetext=/usr/local/freetype --with-gettext
--enable-mbstring --enable-mbregex --enable-magic-quotes --with-xml
--with-jpeg-dir=/usr/lib  --with-ftp --with-zlib --enable-track-vars
--enable-versioning --enable-memory-limit --with-pear --with-mcrypt
--with-mhash
[/quote]

Both of that process was succesfully compiled, and i have tested with phpinfo()

The problem occur while i add virtualHost at httpd.conf

[quote]

   ServerAdmin [EMAIL PROTECTED]
   DocumentRoot /home/mydomain/public_html/
   User mydomain
   Group mydomain
   ServerName www.mydomain.net
   ServerAlias domainku.net www.mydomain.net
   CustomLog domlogs/mydomain.net-log combined
   #ScriptAlias /cgi-bin/ /home/mydomain/public_html/cgi-bin/

[/quote]

While i add that virtualHost and i try to access mydomain.com, i get
403 permission error

[quote]
Forbidden
You don't have permission to access / on this server.

Apache/1.3.37 Server at www.mydomain.net Port 80
[/quote]

i have checked ownership and permission at /home/mydomain/public_html
the ownership is mydomain.mydomain and permission is 755. I have try
several times and still unsucessfull

At apache error_log :

[quote]
[Fri Dec 29 14:11:45 2006] [error] [client 192.168.65.1]
(13)Permission denied: access to / failed because search permissions
are missing on a component of the path
[/quote]

anyone knows how to fix this problem??, i have tried with Apache2 and
Apache1, and get same problem

Thank's
--
Dhika Cikul

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Apache and client certs

[Manuela . Vorazzo]

Thanks a lot!
I've just tested WebSphere PlugIn, but the result is the same as using 
reverse proxy for contact the backend server. It desn't work

I think that the only solution in a short time for me is to modify my 
webapplication.
I can made my application asking for client cetificate in the web.xml but 
I don't like it very much

Is there something else could you suggest me?

If, for example, I could using Tomcat instead of WebSphere, are you sure I 
will be able to pass client certificate information to the application 
server only using mod_ssl and mod_proxy or... have I to add mod_jk 
too?

Please let me know.

Thanks 


manuciao



"Serge Dubrouski" <[EMAIL PROTECTED]> 
30/12/2006 16.32
Please respond to
users@httpd.apache.org


To
users@httpd.apache.org
cc

Subject
Re: [EMAIL PROTECTED] Apache and client certs






On 12/30/06, toadie D <[EMAIL PROTECTED]> wrote:
> It is possible to use reverse proxy to pass a PEM Encoded Certificate as 
a
> HTTP header to a backend server.
>
> Make sure you have this directive in your config file
>
> SSLOptions +ExportCertData
>
> Then use mod_headers to  set the header
>
> RequestHeader MY_CLIENT_CERT %{SSL_CLIENT_CERT}s
>
>
> You can find more info here
> http://httpd.apache.org/docs/2.2/mod/mod_ssl.html and
> here  http://httpd.apache.org/docs/2.2/mod/mod_headers.html
>
> One caveat, depending on which version of apache you use (2.0.x or 
2.2.x),
> the PEM encoded Certificate may across a bit strange (ie.  not 
conforming to
> multiline HTTP header).

And not recognizable by backend application.

> So you may see your header looking like this
>
> MY_CLIENT_CERT: - BEGIN CERTIFICATE -[blanks no CRLF] [First 
line of
> base64 encoded data] [ blanks no CRLF ] [Second line of base64 encoded 
data]
> .   END CERTIFICATE -
>
>
>
>
>
>

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] failure to start apache with error log defined with rotatelogs.

[Norman Peelman]

>- Original Message - 
>From: Jacob Eshed 
>.To: users@httpd.apache.org 
>.Sent: Tuesday, January 02, 2007 2:51 AM
>Subject: [EMAIL PROTECTED] failure to start apache with error log defined with 
>rotatelogs.
>
>
>Hi,
>On SunOS 5.9:
>When the Error Log is set to "ErrorLog /apache/logs/error_log" the apache 
>starts successfully.
>Changing the error log to rotate logs: "ErrorLog 
>"|/product/httpd-2.0.55/bin/rotatelogs /apache/logs/error_log.%Y-%m-%d 50M" 
>>.causes the apache start to fail with the following error: 
>"ld.so.1: /product/httpd-2.0.55/bin/rotatelogs: fatal: libgcc_s.so.1: open 
>failed: No such file or directory"
> 
>Please let me know where it is missing and how can I install/add it.
> 
>Jacob
> 

I had trouble using rotatelogs until I used absolute paths for both the 
path to rotatelogs and the log files...

Norm

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Apache SSO with LDAP

[Gayal]

Hi,

I m trying to implement Seamless Authentication in Apache for Active
Directory Users.

When i enable the mod_auth_ldap module within the Apache configuration file
I cannot restart Apache Service.
An error window opens saying "The Requested Operation failed."

Can any one please help me on this.

--
Gayal

Re: [EMAIL PROTECTED] Permission Problem with apache2 and FC6

[ganesh ganesh]

Hi,

 Use the following command "setenforece 0". check your issue once that has
been done and check with the logs, if you still have the issue... provide
the logs again




On 1/2/07, Rod Rook <[EMAIL PROTECTED]> wrote:


I am currently running httpd web server under FC4 and in the process of
migrating to FC6.

Under FC6, I configured /etc/httpd/conf/httpd.cong almost exactly as under
FC5.

Now I am getting the following error messages. (Please also see the
attached .jpg file.)

 Quote:
  Forbidden: You don't have permission to access /main.php
Here is the file permission as they ae now:
 Quote:
  -rwxr-xr-x 1 user_u:object_r:user_home_t webroot webroot 466 Feb 27 2006
index.php
-rwxr-xr-x 1 user_u:object_r:user_home_t webroot webroot 4197 Feb 27 2006
main.php
-rwxr-xr-x 1 user_u:object_r:user_home_t webroot webroot 529 Nov 29 2005
menu.php
/etc/httpd/conf/httpd.conf also has the following lines.

 Quote:
  DirectoryIndex index.html index.html.var index.shtml index.cgi index.php
index.phtml index.php3 index.htm home.html welcome.html
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-httpd-php .php .phps .php3 .phtml .html .htm .shtml
.fds
Do you have any suggestions as to where I should look to solve the
problem?

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]






--
Regards,
GANESH.