RE: [EMAIL PROTECTED] unknown in .htaccess files
-Original Message- From: morgan gangwere [mailto:[EMAIL PROTECTED] Sent: Thursday, May 31, 2007 10:30 PM To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] unknown in .htaccess files ... well, thanks for pointing that out (im suprised at the face that it didnt come up as one of the top searches for 'Apache .htaccess file usage') .htaccess is the name of the file that contains the auth directives - that *has* to be in the directory you want to protect[1]. You should've looked for AuthUserFile - that points to the name of the file that contains the password data - that should *not* be under the docroot. If you'd typed AuthUserFile into Google, you'd have gone straight to the apache docs (in fact, the abstract of the second hit even contains the warning!) Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. [1] The OP wants/needs to use the htaccess mechanism for authentication. This is one way to do it but it is not obligatory. You can put also auth directives in the main config, conversely, you can put non-auth directives in htaccess. See docs for details. - -- Just a Thought Morgan Gangwere For those who want my PGP key: http://pengunassasin.kicks-ass.org/pgpKey.html *** Wisdom for the day *** * Dont rawquote - it gives * * spammers free bait! * ** -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGXzBaCF9T/dUsmAgRAhNkAKDLcEG4cUVlbJQ70LztZ1b45k8T0wCeKb0M nJ1Otqng7Ag5qT3uu5iVEh8= =a3/t -END PGP SIGNATURE- - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Problems with mod_proxy etc and open proxy
People, I have: Server version: Apache/2.2.4 running on FC6 - I have commented out these lines in httpd.conf: # LoadModule proxy_module modules/mod_proxy.so # LoadModule proxy_balancer_module modules/mod_proxy_balancer.so # LoadModule proxy_ftp_module modules/mod_proxy_ftp.so # LoadModule proxy_http_module modules/mod_proxy_http.so # LoadModule proxy_connect_module modules/mod_proxy_connect.so # IfModule mod_proxy.c # ProxyRequests On #Proxy * #Order deny,allow #Deny from all #Allow from .example.com #/Proxy #ProxyVia On have moved: /etc/httpd/conf.d/proxy_ajp.conf out of that dir and have restarted the httpd service but I still get lines in: /var/log/httpd/access.log like: 72.28.205.136 - - [01/Jun/2007:12:15:24 +1000] GET http://www.sun.com/ HTTP/1.1 200 1261 - Mozilla/5.0 ( Windows; U; Windows NT4.0; DigiExt ) What else do I need to do? Thanks, Phil. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Mod_proxy problem in 2.2.4
If you don't have enough memory for the OS to maintain the important stuff in the buffer cache, then mem_cache isn't going to help because it will just shove other important stuff out of memory and onto disk. Yes, it is. But it's quite diffucult to explain why without detailed description of our application. Some of our proxies have dead disks already and they are still in production just because they don't need disk at all. We can't replace broken disks by ourselfs cuz they are not on same continent we are and ISPs are bunch of lamers. Memory cache is working and saving significant traffic (money) to our main site. Part of page I got is plain HTML and mem cache is enabled just for images. Sending parts of cached pages which should not be cached at all to another users is definitely security flaw and should be fixed. -- Pavel Mateja - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Problems with mod_proxy etc and open proxy
On Fri, 2007-06-01 at 21:00 +1000, Philip Rhoades wrote: 72.28.205.136 - - [01/Jun/2007:12:15:24 +1000] GET http://www.sun.com/ HTTP/1.1 200 1261 - Mozilla/5.0 ( Windows; U; Windows NT4.0; DigiExt ) What else do I need to do? Probably nothing. Have you tried to make the same request yourself? If so, what does your webserver return? I'd pitch a guess that it returns the index page from your default virtual host, rather than Sun's. That's what mine does, at any rate. Graeme - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] How to access virtual hosts from another pc ?
I want to have two sites running on a win2003 server machine in our network which has a single ip address. I have setup apache 2.0.59 with two name based virtual hosts, and modified the hosts file to allow me to access the sites by name. The entries in httpd.conf are NameVirtualHost *:80 VirtualHost *:80 DocumentRoot C:\Bugzilla ServerName bugzilla /VirtualHost VirtualHost *:80 DocumentRoot C:\avdp ServerName avdp /VirtualHost The hosts file contains 127.0.0.1 bugzilla 127.0.0.1 avdp On that pc I can now browse the 2 sites using http://avdp, http://bugzilla Now I want to access the sites from other machines on the network, but I'm unclear how I set this up ? I did setup a dns cname for each site, ie avdp and bugzilla pointing to the win2003server machine, but I always get the first site listed, if I browse either site. Regards Tony * The contents of this Email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom it is addressed. The views stated herein do not necessarily represent the view of the company. If you are not the intended recipient of this Email you may not copy, forward, disclose or otherwise use it or any part of it in any form whatsoever. If you have received this mail in error please Email the sender. * Image Processing Techniques Ltd Tel : +44(0)1189886226 Fax : +44(0)1189886227 Website : www.imageproc.com Registered Office : Phoenix House, Bartholomew Street, Newbury, Berkshire, RG14 5QA Registration Number : 3564291 Place of Registration : England VAT Registration : 709198411
Re: [EMAIL PROTECTED] RewriteMap questions
On 5/31/07, Josh Trutwin [EMAIL PROTECTED] wrote: On Thu, 31 May 2007 13:20:03 -0400 Joshua Slive [EMAIL PROTECTED] wrote: Yes, but I was thinking of having your script just output the /custom/404.php directly. Hoping this is my last question - I have the following .htaccess file: RewriteEngine On # Rewrite Map for Page Rewrites RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-l RewriteRule .* ${smc_rewriter:%{REQUEST_FILENAME}^%{REQUEST_URI}} [L,QSA] # Rewrite Map for old URL Redirects ReWriteCond %{REQUEST_FILENAME} sitepages/p.*.php$ ReWriteCond %{QUERY_STRING} !redirect_to_new_url=yes ReWriteRule .* ${smc_rewriter:%{REQUEST_FILENAME}^%{REQUEST_URI}}?redirect_to_new_url=yes [R=301] The first block works well to rewrite URL's from a mapping program - e.g.: new_page_name.php = sitepages/pid123.php The second block is designed to send a 301 redirect to anyone that uses the old URL's (maybe via a bookmark or search result) which I also added to the map - this is supposed to redirect: sitepages/pid123.php = new_page_name.php?redirect_to_new_url=yes The query string bit is to avoid a loop. That piece works ok, but when I added this block, the first part now doesn't stop despite the [L] flag, it rewrites the new url to sitepages/pid123.php then the next block gets executed then the first one again, each request like this calls the program 3 times. I can't tell at all what you are trying to accomplish here. Given you have the second set of rules, why is the first set of rules necessary at all? If people are redirected to the correct place, why do you then need to remap internally? Your problem with the [L] not working likely has to do with operating in .htaccess files instead of the main server config. mod_rewrite needs to reinject the request in order to make sure all the proper rules are applied. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] How to access virtual hosts from another pc ?
On 6/1/07, Tony Benham [EMAIL PROTECTED] wrote: I want to have two sites running on a win2003 server machine in our network which has a single ip address. I have setup apache 2.0.59 with two name based virtual hosts, and modified the hosts file to allow me to access the sites by name. The entries in httpd.conf are NameVirtualHost *:80 VirtualHost *:80 DocumentRoot C:\Bugzilla ServerName bugzilla /VirtualHost VirtualHost *:80 DocumentRoot C:\avdp ServerName avdp /VirtualHost The hosts file contains 127.0.0.1 bugzilla 127.0.0.1 avdp On that pc I can now browse the 2 sites using http://avdp, http://bugzilla Now I want to access the sites from other machines on the network, but I'm unclear how I set this up ? I did setup a dns cname for each site, ie avdp and bugzilla pointing to the win2003server machine, but I always get the first site listed, if I browse either site. Name Virtual Hosts works only with HTTP 1.1 so the first step is verify that your browser (and proxy if you're using one) supports HTTP 1.1. Normally you can find the HTTP version of the session in your access log. An other problem can be the dns, does it works if you modify the hosts file on the remote pc? ( with the ip-addresses of the server of course :-) ) ? -- Staf Wagemakers - http://www.wagemakers.be
Re: [EMAIL PROTECTED] How to access virtual hosts from another pc ?
On 6/1/07, Staf Wagemakers [EMAIL PROTECTED] wrote: Name Virtual Hosts works only with HTTP 1.1 so the first step is verify that your browser (and proxy if you're using one) supports HTTP 1.1. Normally you can find the HTTP version of the session in your access log. This is somewhat of a misconception. While it is true that HTTP/1.0 does not include the Host header necessary for name-based virtual hosts, essentially all HTTP/1.0 clients and servers still support it as an extension. In fact, any client or proxy that doesn't support the Host header would be essentially useless on the modern web. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] How to access virtual hosts from another pc ?
I think this is indeed a DNS problem. You must have something like this on your network : server2003 86400 IN A your.network.ip.address bugzilla IN CNAME server2003 avdpIN CNAME server2003 The first entry points to the web server and the other two are aliases Luis From: Staf Wagemakers [mailto:[EMAIL PROTECTED] Sent: sexta-feira, 1 de Junho de 2007 15:25 To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] How to access virtual hosts from another pc ? On 6/1/07, Tony Benham [EMAIL PROTECTED] wrote: I want to have two sites running on a win2003 server machine in our network which has a single ip address. I have setup apache 2.0.59 with two name based virtual hosts, and modified the hosts file to allow me to access the sites by name. The entries in httpd.conf are NameVirtualHost *:80 VirtualHost *:80 DocumentRoot C:\Bugzilla ServerName bugzilla /VirtualHost VirtualHost *:80 DocumentRoot C:\avdp ServerName avdp /VirtualHost The hosts file contains 127.0.0.1 bugzilla 127.0.0.1 avdp On that pc I can now browse the 2 sites using http://avdp, http://bugzilla Now I want to access the sites from other machines on the network, but I'm unclear how I set this up ? I did setup a dns cname for each site, ie avdp and bugzilla pointing to the win2003server machine, but I always get the first site listed, if I browse either site. Name Virtual Hosts works only with HTTP 1.1 so the first step is verify that your browser (and proxy if you're using one) supports HTTP 1.1. Normally you can find the HTTP version of the session in your access log. An other problem can be the dns, does it works if you modify the hosts file on the remote pc? ( with the ip-addresses of the server of course :-) ) ? -- Staf Wagemakers - http://www.wagemakers.be
Re: [EMAIL PROTECTED] Problems with mod_proxy etc and open proxy
Graeme Fowler wrote: On Fri, 2007-06-01 at 21:00 +1000, Philip Rhoades wrote: 72.28.205.136 - - [01/Jun/2007:12:15:24 +1000] GET http://www.sun.com/ HTTP/1.1 200 1261 - Mozilla/5.0 ( Windows; U; Windows NT4.0; DigiExt ) What else do I need to do? Probably nothing. Have you tried to make the same request yourself? If so, what does your webserver return? I'd pitch a guess that it returns the index page from your default virtual host, rather than Sun's. That's what mine does, at any rate. Graeme [waves] p - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature
Re: [EMAIL PROTECTED] Httptunnel with Apache
On 6/1/07, Jiajin Yu [EMAIL PROTECTED] wrote: Have anyone successfully configured httptunnel with Apache2.2? I use simple configuration just like this: ProxyRequests Off Proxy * Order deny,allow Allow from all /Proxy ProxyPass /foo http://localhost: ProxyPassReverse /foo http://localhost: When I start htc and hts in my machine, from the debugging message, it seems that htc sends a POST request first, then a GET. But hts always first receives GET request from mod_proxy of Apache. I modify the code so that htc will sleep for 2 seconds after it sends out POST request, but hts still receives GET first. From the access.log, it also seems that mod_proxy caches POST even though the POST is earlier than GET because the log of POST is written after GET. Can anyone give me some hints or solution? Thanks. I've played with http_tunnel a few years ago. If I remember it correctly there was problem with mod_proxy and GNU httptunnel and I needed to apply a patch to get it working. I don't remember the patch id perhaps google can help. regards, -- Staf Wagemakers - http://www.wagemakers.be
[EMAIL PROTECTED] Httptunnel with Apache
Hi, there Have anyone successfully configured httptunnel with Apache2.2? I use simple configuration just like this: ProxyRequests Off Proxy * Order deny,allow Allow from all /Proxy ProxyPass /foo http://localhost: ProxyPassReverse /foo http://localhost: When I start htc and hts in my machine, from the debugging message, it seems that htc sends a POST request first, then a GET. But hts always first receives GET request from mod_proxy of Apache. I modify the code so that htc will sleep for 2 seconds after it sends out POST request, but hts still receives GET first. From the access.log, it also seems that mod_proxy caches POST even though the POST is earlier than GET because the log of POST is written after GET. Can anyone give me some hints or solution? Thanks. -- Regards, Jiajin - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Problems with an extra Rewrite Rule before a RewriteCond
Thank you everybody. However I'm still gettint the same odd effect. I tried: RewriteRule ^faq index.php?page_id=119 [R,L] --- it doesn't mask the URL RewriteRule ^faq index.php?page_id=119 [R,TP] -- Internal server error RewriteRule ^faq index.php?page_id=119 -- it's caught by index.php, I suppose I also tried by editting it on 'httpd.conf': RewriteRule http://myblog.com/faq http://myblog.com/index.php?page_id=119 [R,L] .. But I'm not sure Apache is taking it into account. :( On 5/30/07, Vincent Bray [EMAIL PROTECTED] wrote: On 30/05/07, Russ [EMAIL PROTECTED] wrote: I'm a bit confused. R means redirect, meaning the server sends the 301 or 302 header to the browser. In either case, the browse will redirect to the new URL and that's what will show in the address bar. How evactly do you make things redirect without proxying and without a change in the address bar? Do as Joshua pointed out. First try without any flags at all, and in case that doesn't work try with [PT]. I expect you won't need any flags. -- noodl - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Problems with an extra Rewrite Rule before a RewriteCond
On 6/1/07, thomas Armstrong [EMAIL PROTECTED] wrote: Thank you everybody. However I'm still gettint the same odd effect. I tried: RewriteRule ^faq index.php?page_id=119 [R,L] --- it doesn't mask the URL RewriteRule ^faq index.php?page_id=119 [R,TP] -- Internal server error RewriteRule ^faq index.php?page_id=119 -- it's caught by index.php, I suppose As you've been told repeatedly, you can't use R if you don't want the browser to see the new URL. So the only one of those that makes any sense at all is the last one. But what the heck does It's caught by index.php mean? Isn't that the idea? What exactly happens? I also tried by editting it on 'httpd.conf': RewriteRule http://myblog.com/faq http://myblog.com/index.php?page_id=119 [R,L] That's a garbage config. Where did you get that from. Something closer would be RewriteRule ^/faq /index.php?page_id=119 [L] and perhaps better RewriteRule ^/faq /full/path/to/index.php?page_id=119 [L] If you still can't get it to work, you MUST use the RewriteLog to debug your problems. Using mod_rewrite with the RewriteLog is just flailing in the dark. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] RewriteMap questions
On Fri, 1 Jun 2007 08:57:06 -0400 Joshua Slive [EMAIL PROTECTED] wrote: I can't tell at all what you are trying to accomplish here. Given you have the second set of rules, why is the first set of rules necessary at all? If people are redirected to the correct place, why do you then need to remap internally? Sorry - the first block was meant to map/rewrite new URLs to existing pages that all have the form sitepages/pid123.php - for example: features.php = sitepages/pid123.php This is a rewrite because features.php does not actually exist on disk but maps to the file sitepages/pid123.php. The second block then is meant to serve as a redirect. Basically the management wants to make sure that anyone who still uses the old URL scheme gets redirected to the new URL - so when someone browses to: sitepages/pid123.php they get a redirect to features.php - which then has to do the mapping. Yeah it's kind of strange, but that's what the customer wants I guess. From discussions on the mailing list previous to this I added the redirect_stop=yes to the query string to prevent infinite redirect loops. I have one mapping program that uses on map array: 'features.php' = 'sitepages/pid123.php', 'sitepages/pid123.php' = 'features.php', So both rules can use the same RewriteMap, but I think I need two rules because one is a 301 redirect and the other is not. Your problem with the [L] not working likely has to do with operating in .htaccess files instead of the main server config. mod_rewrite needs to reinject the request in order to make sure all the proper rules are applied. I guess I could put this in a vhost file, but then I'd probably want to check for the existence of the map file too as this URL rewriting is a feature not everyone will buy. Thanks, Josh - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] RewriteMap questions
On 6/1/07, Josh Trutwin [EMAIL PROTECTED] wrote: On Fri, 1 Jun 2007 08:57:06 -0400 Joshua Slive [EMAIL PROTECTED] wrote: I can't tell at all what you are trying to accomplish here. Given you have the second set of rules, why is the first set of rules necessary at all? If people are redirected to the correct place, why do you then need to remap internally? Sorry - the first block was meant to map/rewrite new URLs to existing pages that all have the form sitepages/pid123.php - for example: features.php = sitepages/pid123.php This is a rewrite because features.php does not actually exist on disk but maps to the file sitepages/pid123.php. The second block then is meant to serve as a redirect. Basically the management wants to make sure that anyone who still uses the old URL scheme gets redirected to the new URL - so when someone browses to: sitepages/pid123.php they get a redirect to features.php - which then has to do the mapping. Yeah it's kind of strange, but that's what the customer wants I guess. From discussions on the mailing list previous to this I added the redirect_stop=yes to the query string to prevent infinite redirect loops. I have one mapping program that uses on map array: 'features.php' = 'sitepages/pid123.php', 'sitepages/pid123.php' = 'features.php', So both rules can use the same RewriteMap, but I think I need two rules because one is a 301 redirect and the other is not. Using the same map for both directions was what confused me. There are a number of ways to get around this problem. Moving to httpd.conf is always preferable in my opinion. But you could also try replacing your REQUEST_FILENAME test with a test against REQUEST_URI or THE_REQUEST. Since these should always have the original request data in them, they won't be affected by the previous rewrite stuff and therefore will only match for requests that are explicitly requesting the old names. Alternatively, you could have your first set of rewrites add a ?rewritten to the query string and test against that. Finally, you really need to fire up the RewriteLog to help you debug this stuff. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] MPM suggestion
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, could you please suggest me which MPM module to use? I have about 10-15 active production sites, all with effectively low traffic. Some of them use php, others use perl for generating dynamic content. For PHP I'm currently using mod_php, but using PHP as CGI is an option if needed. In the future, I want to make this system a bit more secure, and so I decided to use different UIDs and GIDs for the different sites, so they cannot touch each others' files. Which MPM should I use to achieve this? I also thought it would be nice if the separate sites would use different chroots, but this is not necessary for me (or is it?). Thanks in advance, Gergely POLONKAI -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkZgeGsACgkQDmtpjMiCcGhzrQCfXDS8JcqJgSCSz4fBiyJ/wjyE 0UsAn1fd7WusAYcAD/7edN9XMFUUutOY =RRKh -END PGP SIGNATURE- - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] MPM suggestion
On 6/1/07, Polonkai Gergely [EMAIL PROTECTED] wrote: could you please suggest me which MPM module to use? I have about 10-15 active production sites, all with effectively low traffic. Some of them use php, others use perl for generating dynamic content. For PHP I'm currently using mod_php, but using PHP as CGI is an option if needed. In the future, I want to make this system a bit more secure, and so I decided to use different UIDs and GIDs for the different sites, so they cannot touch each others' files. Which MPM should I use to achieve this? I also thought it would be nice if the separate sites would use different chroots, but this is not necessary for me (or is it?). No particular MPM supports this. If you only want to isolate cgi scripts, then you can simply use suexec. If you want complete isolation, you need to use multiple apache instances, as described here: http://wiki.apache.org/httpd/Recipes/Different_UserIDs_Using_Reverse_Proxy In either case, any MPM will do. The highest performance with the lowest resource use likely comes from worker or event. The best stability (in terms of resilience in the face of crashing scripts and avoidance of thread safety problems) comes from prefork. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] MPM suggestion
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Joshua Slive írta: On 6/1/07, Polonkai Gergely [EMAIL PROTECTED] wrote: could you please suggest me which MPM module to use? I have about 10-15 active production sites, all with effectively low traffic. Some of them use php, others use perl for generating dynamic content. For PHP I'm currently using mod_php, but using PHP as CGI is an option if needed. In the future, I want to make this system a bit more secure, and so I decided to use different UIDs and GIDs for the different sites, so they cannot touch each others' files. Which MPM should I use to achieve this? I also thought it would be nice if the separate sites would use different chroots, but this is not necessary for me (or is it?). No particular MPM supports this. If you only want to isolate cgi scripts, then you can simply use suexec. If you want complete isolation, you need to use multiple apache instances, as described here: http://wiki.apache.org/httpd/Recipes/Different_UserIDs_Using_Reverse_Proxy In either case, any MPM will do. The highest performance with the lowest resource use likely comes from worker or event. The best stability (in terms of resilience in the face of crashing scripts and avoidance of thread safety problems) comes from prefork. Joshua. Thank you, this is more than helpful! Gergely -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkZggO4ACgkQDmtpjMiCcGjyrACeOwWLl/eiHGIhiWJyvXbdLraz +GUAnAtKRQEYCV4QVZs1nzKpmIA1fyBf =rbcq -END PGP SIGNATURE- - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Mutilayered Authentication
Hello, I have a question about multi-layered authentication. Say there are 3 directories A, B and C /A /A/B /A/B/C 1. Users with a login/password or on the xxx.com domain to be able to access A: Directory /A AuthUserFile a_passwd AuthType Basic Require valid-user order deny,allow deny from all allow from xxx.com Satisfy any /Directory 2. ONLY users on domain yyy.com are allowed to B: Directory /A/B order deny,allow deny from all allow from yyy.com /Directory 3. ONLY users on domain zzz.com are allow to C: Directory /A/B/C order deny,allow deny from all allow from zzz.com /Directory It appears that both 2 and 3 are not working correctly. They still prompt for a login/password acting like a Satisfy any... When I tried to put Satisfy All for 2 and 3, even the users coming from an allowed domain are prompted for a login/passwd. Any ways to turn these prompts for 2 and 3? thank you!
Re: [EMAIL PROTECTED] Mutilayered Authentication
On 6/1/07, Liz Kim [EMAIL PROTECTED] wrote: Hello, I have a question about multi-layered authentication. Say there are 3 directories A, B and C /A /A/B /A/B/C 1. Users with a login/password or on the xxx.com domain to be able to access A: Directory /A AuthUserFile a_passwd AuthType Basic Require valid-user order deny,allow deny from all allow from xxx.com Satisfy any /Directory 2. ONLY users on domain yyy.com are allowed to B: Directory /A/B order deny,allow deny from all allow from yyy.com /Directory 3. ONLY users on domain zzz.com are allow to C: Directory /A/B/C order deny,allow deny from all allow from zzz.com /Directory It appears that both 2 and 3 are not working correctly. They still prompt for a login/password acting like a Satisfy any... When I tried to put Satisfy All for 2 and 3, even the users coming from an allowed domain are prompted for a login/passwd. There is no way to turn require off once it is on. You can do Require non-existant-user in the subdirectories to make sure that nobody can every use a password to enter. But you'll still get the auth prompt. The only way around this would be to move the subdirectories to a different part of the filesystem, and then Alias them back into the proper place in the webspace. Then the auth directives wouldn't be inherited. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Problems with mod_proxy etc and open proxy
Graeme, On 6/1/07, Graeme Fowler [EMAIL PROTECTED] wrote: On Fri, 2007-06-01 at 21:00 +1000, Philip Rhoades wrote: 72.28.205.136 - - [01/Jun/2007:12:15:24 +1000] GET http://www.sun.com/ HTTP/1.1 200 1261 - Mozilla/5.0 ( Windows; U; Windows NT4.0; DigiExt ) What else do I need to do? Probably nothing. Have you tried to make the same request yourself? Not sure what you mean - do you mean load the page: http://www.sun.com/ into my browser on the same machine that is running httpd? - that just returns the sun page . . If so, what does your webserver return? I'd pitch a guess that it returns the index page from your default virtual host, rather than Sun's. That's what mine does, at any rate. Thanks, Phil. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]