date:20070618

[EMAIL PROTECTED] Re: virtual host configuration

2007-06-18 Thread Thufir

On Mon, 18 Jun 2007 15:18:44 +0100, Tony Stevenson wrote:

> On Mon, June 18, 2007 3:25 am, Thufir wrote:
>> I've previously configured a FQDN through  for
>>  and plan to do so again.  I run
>> apache for personal, home use for apps such as
>> >  feeds/> and plan on doing some ruby.  I don't want to have an actual
>> website, this is just for my use.
> 
> What do you mean when you say "I don't want to have an actual website"??

I only installed apache because Feed-onFeeds requires a web server.
Similarly, to muck around with ruby-on-rails requires a web server (it 
ships with one).  If it weren't for the requirements of those two items, 
I wouldn't have a web server installed.

I'm not trying to set up a web server for other persons to visit.  I want 
to use some stuff which requires a web server.  In and of itself, I have 
no interest in a web server of any variety.  (not to knock apache, or 
other server software!)

> 
> 
>> However, when I configure my box with a FQDN this interferes with
>> Apache,
>>  which assumes that I want to actually have a web page.  The apparent
>> work around is to use virtual hosts?
> 
> Where do you configure this FQDN? In your hosts file?

/etc/hosts and /etc/sysconfig/network

[...]
>> I'll probably be install fedora core 7 soon.
> 
> I'm sure the Fedora team will be happy to hear that, albeit without the
> 'core' part of the name.

did they change that?  Heh, was just explaining that I plan some fairly 
major system changes (moving windows, too) so I probably wouldn't put too 
much into apache until that's done (have to backup some data too).

thanks,

Thufir

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] How to prevent Spammer from abusing Apache?

2007-06-18 Thread Boyle Owen

> -Original Message-
> From: Bill Hernandez [mailto:[EMAIL PROTECTED] 
> Sent: Tuesday, June 19, 2007 7:15 AM
> To: users@httpd.apache.org
> Subject: Re: [EMAIL PROTECTED] How to prevent Spammer from abusing Apache?
> 
> 
> 
> Over time I've bought a bunch of Apache books, but recently I 
> started  
> reading one that I really like ...

... that is sold from a website that's registered via GoDaddy. 
... and you are a customer of GoDaddy
(http://marc.info/?l=apache-httpd-users&m=118197179017673&w=2)

That wouldn't be *your* website, by any chance?

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 


> Bill Hernandez
> Plano, Texas
> 
> -
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
 
 
This message is for the named person's use only. It may contain confidential, 
proprietary or legally privileged information. No confidentiality or privilege 
is waived or lost by any mistransmission. If you receive this message in error, 
please notify the sender urgently and then immediately delete the message and 
any copies of it from your system. Please also immediately destroy any 
hardcopies of the message. You must not, directly or indirectly, use, disclose, 
distribute, print, or copy any part of this message if you are not the intended 
recipient. The sender's company reserves the right to monitor all e-mail 
communications through their networks. Any views expressed in this message are 
those of the individual sender, except where the message states otherwise and 
the sender is authorised to state them to be the views of the sender's company.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Apache - Good Books

2007-06-18 Thread Bill Hernandez


Feedback,

Over time I've bought a bunch of Apache books, but recently I started  
reading one that I really like :


TITLE   : Preventing Web Attacks with Apache
AUTHOR  : Ryan C. Barnett
ISBN: 0-321-32128-6
URL : http://www.nerdbooks.com/item.php?id=0321321286



I also just finished reading a small pocket book that I really liked  
a lot. I was well written with good examples:


TITLE   : Apache Phrasebook (Essential Code and Commands)
AUTHOR  : Daniel Lopez
ISBN: 0-672-32836-4
URL : http://www.nerdbooks.com/item.php?id=0672328364

Best Regards,

Bill Hernandez
Plano, Texas

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] How to prevent Spammer from abusing Apache?

2007-06-18 Thread Bill Hernandez



On Jun 18, 2007, at 5:07 PM, Tony Anecito wrote:


Thanks Karel,

I will implement your suggestions immediately. I already blocked in  
my router the company that was making the attempt from Seattle.


Many Thanks,
-Tony


Tony,

Over time I've bought a bunch of Apache books, but recently I started  
reading one that I really like :


TITLE   : Preventing Web Attacks with Apache
AUTHOR  : Ryan C. Barnett
ISBN: 0-321-32128-6
URL : http://www.nerdbooks.com/item.php?id=0321321286

You might want to take a look at it...

I also just finished reading a small pocket book that I really liked  
a lot:


TITLE   : Apache Phrasebook (Essential Code and Commands)
AUTHOR  : Daniel Lopez
ISBN: 0-672-32836-4
URL : http://www.nerdbooks.com/item.php?id=0672328364

Best Regards,

Bill Hernandez
Plano, Texas

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Re: Re: SSL and virtual hosts

2007-06-18 Thread Bill Hernandez


THIS IS A RESEND DUE TO TYPO...

On Jun 18, 2007, at 12:52 AM, Totte wrote:


And as Bill states above one can have a cert (bought from GoDaddy.com)
allowing several subdomains to use the same ssl cert.
My question is if anyone knows how to create it on your own?


If you are going to create the certificates on your own, (self signed  
certificates) then all you need is one default certificate, and  
assign the same certificate to each sub-domain...


I have two domains, and one sub-domain with certificates from  
RapidSSL, and two test domains with self signed certificates, since  
my purpose with the test domains is merely to encrypt communications  
for testing, and I don't need to prove to myself that I am who I say  
I am...


The reason I suggested the "6 in 1" from GoDaddy.com was because the  
problem you described the other day was one of sub-domains, even  
though you were describing them as domains.


If you are using name-based virtual hosting, it doesn't matter  
because only the certificate for the first virtual host will be  
correct anyway. If you want individual certificates to work  
correctly, you are going to need to set up ip-based, or port-based  
virtual hosts. If you want to use name-based vh then you will need a  
blanket certificate, but that usually is a fairly expensive proposition.


I have 5 public ip's from Verizon 15/2 MBit Business FIOS which I run  
through a SonicWall TZ 180 Wireless Firewall. It allows me to do a 1  
to 1 NAT from each public ip to a corresponding private ip, then I  
set up Apache to do ip-based virtual hosting and life is swell, but  
in the past I had tried multiple routers, setting up the server to  
listen on multiple public ip's relying on the OS X Server firewall,  
but I never felt completely secure having the servers exposed  
directly to the web. I have only had this SonicWall for about a  
month, but I am extremely happy with it, and it solved my SSL problems.


In the next few days I will buy two more SSL Certificates for the two  
test domains that are currently using self signed certificates, and  
that will make me very happy.


Best Regards,

Bill Hernandez
Plano, Texas



-
The official User-To-User support forum of the Apache HTTP Server  
Project.

See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Re: Re: SSL and virtual hosts

2007-06-18 Thread Bill Hernandez



On Jun 18, 2007, at 12:52 AM, Totte wrote:


And as Bill states above one can have a cert (bought from GoDaddy.com)
allowing several subdomains to use the same ssl cert.
My question is if anyone knows how to create it on your own?


If you are going to create the certificates on your own, (self signed  
certificates) then all you need is one default certificate, and  
assign the same certificate to each sub-domain...


I have two domains, and one sub-domain with certificates from  
RapidSSL, and two test domains with self signed certificates, since  
my purpose with the test domains is merely to encrypt communications  
for testing, and I don't need to prove to myself that I am who I say  
I am...


The reason I suggested the "6 in 1" from GoDaddy.com was because the  
problem you described the other day was one of sub-domains, even  
though you were describing them as domains.


If you are using name-based virtual hosting, it doesn't matter  
because only the certificate for the first virtual host will be  
correct anyway. If you want individual certificates to work  
correctly, you are going to need to set up ip-based, or port-based  
virtual hosts. If you want to use name-based vh then you will need a  
blanket certificate, but that usually is a fairly expensive proposition.


I have 5 public ip's from Verizon 15/2 MBit Business FIOS which I run  
through a SonicWall TZ 180 Wireless Firewall. It allows me to do a 1  
to 1 NAT from each public ip to a corresponding private ip, then I  
set up Apache to do ip-based virtual hosting and life is swell, but  
in the past I had tried multiple routers, setting up the server to  
listen on multiple public ip's relying on the OS X Server firewall,  
but I never felt completely secure having the servers exposed  
directly to the web. I have only had this SonicWall for about a  
month, but I am extremely happy with it, and it solved my SSL problems.


In the next few days I will buy two more SSL Certificates for the two  
test domains that currently suing self signed certificates, and that  
will make me very happy.


Best Regards,

Bill Hernandez
Plano, Texas



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Error with "Bad Request (Invalid Hostname)"

2007-06-18 Thread Long Tran

Hi all,

I've tried googling around and it didn't help so, I have to post to this
mailing list, hoping to solve this error.


I've got NameBaseVirtualHost Apache 2.2.4 with this VHost on the
202.62.63.58 server:


ServerName ixp-test.long-tran.com
ServerAlias ns1.gfdoctor.net long-tran.com
ServerAdmin [EMAIL PROTECTED]
ErrorLog logs/error_log_ltran_test
JkMount /* tomcat-ltran-test




pinging ixp-test.long-tran.com on the 202.62.63.58 server shows:
PING ixp-test.long-tran.com (202.62.63.58) 56(84) bytes of data.
64 bytes from ns1.gfdoctor.net (202.62.63.58): icmp_seq=1 ttl=64
time=0.027 ms
64 bytes from ns1.gfdoctor.net (202.62.63.58): icmp_seq=2 ttl=64
time=0.027 ms


pinging ixp-test.long-tran.com from my machine shows:
[EMAIL PROTECTED]:~> ping long-tran.com
PING long-tran.com (202.62.63.58) 56(84) bytes of data.
64 bytes from ns1.gfdoctor.net (202.62.63.58): icmp_seq=1 ttl=119
time=21.3 ms
64 bytes from ns1.gfdoctor.net (202.62.63.58): icmp_seq=2 ttl=119
time=24.2 ms

But when I try entering the URL http://ixp-test.long-tran.com, it shows
an error "Bad Request (Invalid Hostname)".

Can you please let me know if there is anything wrong with my settings?
I've got a few more VHosts but they all work properly, I don't know why
the ixp-test.long-tran.com not working.

Regards,
Long


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] Geolocation Question

2007-06-18 Thread Jon Keys

Hi Karel,Thanks for the reply ... I see your point about utilizing mod_proxy, 
but we actually use mod_status (which is preferred by mod_proxy_balance as far 
as I can tell) to feed mod_proxy_balance info for it's load balancing 
algorithms (bytes transferred, numbers of hits, etc...). Mod_status also allows 
the balancer manager to run which handles enabling / disabling of cluster 
members so we really have to use it. As for session management, we just want to 
redirect people back to the same server in case their download breaks or they 
want to download more than one file ... this way we can avoid the costly GeoIP 
lookup each time they return.As a side note, I've been searching around on the 
ip2location forums and found that they have released an apache module which 
puts the ip2location data into  apache environment variables for each request. 
I think this would make a mod_proxy_balancer patch much more manageable but I'm 
not really sure? Is it generally easy to reference environment variables from 
modules? Also, I bought a book from Amazon called 'Writing Apache Modules with 
Perl and C' but it mainly focuses on Perl modules. Does anyone know how Perl 
modules stack up against C modules in terms of performance?Thanks for 
replying,Jon> From: [EMAIL PROTECTED]> Date: Mon, 18 Jun 2007 23:34:37 +0200> 
To: users@httpd.apache.org> Subject: Re: [EMAIL PROTECTED] Geolocation 
Question> > -BEGIN PGP SIGNED MESSAGE-> Hash: SHA1> > Hi Jon,> > Just 
my 2 cents - but I think Joshua has it right. If you're using  > session 
management and weighted load balancing, then you must pass  > the requests 
through your proxy - and hence your advantage of  > geolocation is gone. If 
you're already using an external redirect,  > then the proxy balancer has no 
way of knowing how many concurrent  > connections worker is maintaining or how 
long they take or how much  > bytes they serve (this would be needed for 
balancing purposes).> > The only way I see it is to let mod_rewrite warp the 
browser to an  > external url, e.g. from www.mysite.org to other domain names  
> (www.us.mysite.org, www.eu.mysite.org etc.) and then loose all  > contact 
with the browser - which would mean to forget about sessions  > and balancing.> 
> Incidentally, if you have a good DNS provider or if you handle your  > own 
DNS, then you could find a solution there - resolve  > www.mysite.org depending 
on the requestor IP to a US-address, a EU- > address, and so on. An alternative 
approach, but I'm pretty sure that  > this can work.> > Hope this helps,> 
Karel> > On Jun 18, 2007, at 10:53 PM, Jon Keys wrote:> > > Hey Joshua,> >> > 
You're right except we don't use mod_proxy_balancer in conjunction  > > with 
mod_proxy ... we use mod_rewrite with '[R]' directive and  > > point to the 
mod_proxy_balancer worker to determine which server to  > > externally redirect 
to. Does this make sense?> >> > The reason we chose to do this was to take 
advantage of some of the  > > nice features in mod_proxy_balancer (like session 
management,  > > weighted load balancing, etc...). We are, however, not locked 
in to  > > this solution. If something more efficient / easier to manage is  > 
> out there we are definitely open to suggestions.> >> > Thanks for your 
reply,> >> > Jon> >> > > Date: Mon, 18 Jun 2007 16:10:50 -0400> > > From: 
[EMAIL PROTECTED]> > > To: users@httpd.apache.org> > > Subject: Re: [EMAIL 
PROTECTED] Geolocation Question> > >> > > On 6/18/07, Jon Keys <[EMAIL 
PROTECTED]> wrote:> > > >> > > > Hi,> > > >> > > > I'm setting up some load 
balancing based on Apache with  > > mod_proxy_balancer> > > > and I'd like to 
incorporate geolocation based on IP address  > > into the load> > > > balancing 
algorithm.> > > >> > > > I know that IP's are not a reliable way of determining 
 > > location, but we> > > > purchased a package from ip2location to try and be 
as accurate  > > as possible.> > > > Even still, it's not perfect and that's OK 
because we are just  > > distributing> > > > the load of some free downloads 
... if someone gets redirected  > > to a server> > > > that's not that close to 
them it won't be the end of the world.> > > >> > > > Anyway, does anyone know 
of such a patch / mod / plugin /  > > application> > > > compatible with 
apache2? If not, some pointers on where to  > > begin developing> > > > this 
would be greatly appreciated.> > >> > > Maybe I'm missing something, but this 
doesn't make any sense to me.> > >> > > If you are using mod_proxy_balancer, 
then all requests will go  > > through> > > the apache proxy server. That means 
there is no benefit in  > > putting the> > > back-end server close to the 
client. In fact, you want the back-end> > > server close to the balancer.> > >> 
> > If you want the client to access stuff from a closer server, you> > > 
should issue an external redirect. mod_rewrite would be a  > > standard way> > 
> to access a database to do a conditional redirect.> > >> > > Joshua.> > > >

Re: [EMAIL PROTECTED] Apache instalation

2007-06-18 Thread patrick


hi dorin,

asking a question about installation without sharing basic information like 
your OS (windows, linux...)? also please read a little bit (archive, website 
using google, apache.org etc...).


apache is very easy to install.

pat 


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Apache instalation

2007-06-18 Thread dorin


Hi,

How can I install Apache on my personal computer.
>From where I can dowload the software and what are the steps that I should
take?

Thanks,
Dorin
-- 
View this message in context: 
http://www.nabble.com/Apache-instalation-tf3943328.html#a11185699
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] How to prevent Spammer from abusing Apache?

2007-06-18 Thread Tony Anecito

Thanks Karel,

  I will implement your suggestions immediately. I already blocked in my router 
the company that was making the attempt from Seattle.

  Many Thanks,
  -Tony

Karel Kubat <[EMAIL PROTECTED]> wrote:
  -BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi Tony,

On Jun 18, 2007, at 11:25 PM, Tony Anecito wrote:

> I noticed a someone was using CONNECT xxx.xxx.xxx.xxx http command 
> against Apache. I was wondering how to disable the CONNECT command 
> from executing on Apache. In a couple of entries I noticed a 
> connection from Seattle that might be a spammer so I want to 
> disable the CONNECT command from running successfully.

I'd advise you to CLOSE THIS IMMEDIATELY. Before long your site will 
be on lists of open proxies and you'll be denied traffic. And trust 
me, it's a huge pain getting off those lists. Until you fix this 
issue, don't advertize your site - there will be plenty of spambots 
checking the openness of your proxy.

See the proxy documentation, off the top of my head (check the docs, 
I can't access them now but want to leave at least a pointer) there 
are at least 3 alternatives:

# 1. If you have a reverse proxy only, you don't need to serve proxy 
requests
ProxyRequests off

or

# 2. If you have a forwarding proxy, then you must serve proxy requests.
# Use a whitelist of the systems that are allowed to do so, and close 
all
# others. I'm not sure this is the right syntax btw...

order deny, allow
deny from all
allow from 127.0.0.1

or

3. Have your proxy listen to some odd port, say 8080, set up as a 
virtual server. Allow proxy requests only in that virtual server. 
Have your internal LAN users (who use Apache as a forwarding proxy to 
get to the outside) connect to that port, but close access to the 
port from the outside on the OS level, eg. on Linux with iptables.

Hope this helps,
Karel

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (Darwin)

iD8DBQFGdvzI23FrzRzybNURApPOAKCOtTA73RZULOmGApmFwVCeMAcOiQCfeApS
c9aeh/4r60oFTHhDGNCG6dM=
=G9Md
-END PGP SIGNATURE-

-
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
Be a better Heartthrob. Get better relationship answers from someone who knows.
Yahoo! Answers - Check it out.

Re: [EMAIL PROTECTED] How to prevent Spammer from abusing Apache?

2007-06-18 Thread Karel Kubat


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi Tony,

On Jun 18, 2007, at 11:25 PM, Tony Anecito wrote:

I noticed a someone was using CONNECT xxx.xxx.xxx.xxx http command  
against Apache. I was wondering how to disable the CONNECT command  
from executing on Apache. In a couple of entries I noticed a  
connection from Seattle that might be a spammer so I want to  
disable the CONNECT command from running successfully.


I'd advise you to CLOSE THIS IMMEDIATELY. Before long your site will  
be on lists of open proxies and you'll be denied traffic. And trust  
me, it's a huge pain getting off those lists. Until you fix this  
issue, don't advertize your site - there will be plenty of spambots  
checking the openness of your proxy.


See the proxy documentation, off the top of my head (check the docs,  
I can't access them now but want to leave at least a pointer) there  
are at least 3 alternatives:


# 1. If you have a reverse proxy only, you don't need to serve proxy  
requests

ProxyRequests off

or

# 2. If you have a forwarding proxy, then you must serve proxy requests.
# Use a whitelist of the systems that are allowed to do so, and close  
all

# others. I'm not sure this is the right syntax btw...

  order deny, allow
  deny from all
  allow from 127.0.0.1


or

3. Have your proxy listen to some odd port, say 8080, set up as a  
virtual server. Allow proxy requests only in that virtual server.  
Have your internal LAN users (who use Apache as a forwarding proxy to  
get to the outside) connect to that port, but close access to the  
port from the outside on the OS level, eg. on Linux with iptables.


Hope this helps,
Karel

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (Darwin)

iD8DBQFGdvzI23FrzRzybNURApPOAKCOtTA73RZULOmGApmFwVCeMAcOiQCfeApS
c9aeh/4r60oFTHhDGNCG6dM=
=G9Md
-END PGP SIGNATURE-

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Geolocation Question

2007-06-18 Thread Karel Kubat

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi Jon,

Just my 2 cents - but I think Joshua has it right. If you're using  
session management and weighted load balancing, then you must pass  
the requests through your proxy - and hence your advantage of  
geolocation is gone. If you're already using an external redirect,  
then the proxy balancer has no way of knowing how many concurrent  
connections worker is maintaining or how long they take or how much  
bytes they serve (this would be needed for balancing purposes).

The only way I see it is to let mod_rewrite warp the browser to an  
external url, e.g. from www.mysite.org to other domain names  
(www.us.mysite.org, www.eu.mysite.org etc.) and then loose all  
contact with the browser - which would mean to forget about sessions  
and balancing.

Incidentally, if you have a good DNS provider or if you handle your  
own DNS, then you could find a solution there - resolve  
www.mysite.org depending on the requestor IP to a US-address, a EU- 
address, and so on. An alternative approach, but I'm pretty sure that  
this can work.

Hope this helps,
Karel

On Jun 18, 2007, at 10:53 PM, Jon Keys wrote:

Hey Joshua,

You're right except we don't use mod_proxy_balancer in conjunction  
with mod_proxy ... we use mod_rewrite with '[R]' directive and  
point to the mod_proxy_balancer worker to determine which server to  
externally redirect to. Does this make sense?

The reason we chose to do this was to take advantage of some of the  
nice features in mod_proxy_balancer (like session management,  
weighted load balancing, etc...). We are, however, not locked in to  
this solution. If something more efficient / easier to manage is  
out there we are definitely open to suggestions.

Thanks for your reply,

Jon

> Date: Mon, 18 Jun 2007 16:10:50 -0400
> From: [EMAIL PROTECTED]
> To: users@httpd.apache.org
> Subject: Re: [EMAIL PROTECTED] Geolocation Question
>
> On 6/18/07, Jon Keys <[EMAIL PROTECTED]> wrote:
> >
> > Hi,
> >
> > I'm setting up some load balancing based on Apache with  
mod_proxy_balancer
> > and I'd like to incorporate geolocation based on IP address  
into the load

> > balancing algorithm.
> >
> > I know that IP's are not a reliable way of determining  
location, but we
> > purchased a package from ip2location to try and be as accurate  
as possible.
> > Even still, it's not perfect and that's OK because we are just  
distributing
> > the load of some free downloads ... if someone gets redirected  
to a server

> > that's not that close to them it won't be the end of the world.
> >
> > Anyway, does anyone know of such a patch / mod / plugin /  
application
> > compatible with apache2? If not, some pointers on where to  
begin developing

> > this would be greatly appreciated.
>
> Maybe I'm missing something, but this doesn't make any sense to me.
>
> If you are using mod_proxy_balancer, then all requests will go  
through
> the apache proxy server. That means there is no benefit in  
putting the

> back-end server close to the client. In fact, you want the back-end
> server close to the balancer.
>
> If you want the client to access stuff from a closer server, you
> should issue an external redirect. mod_rewrite would be a  
standard way

> to access a database to do a conditional redirect.
>
> Joshua.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (Darwin)

iD8DBQFGdvpu23FrzRzybNURAoIlAJ0W8jkgGpIg+lHgBxtqnX4G5+tvCwCfTbaL
KjAoCjJib8KdbsYJtqMS2yc=
=FJKx
-END PGP SIGNATURE-

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] How to prevent Spammer from abusing Apache?

2007-06-18 Thread Tony Anecito

Hi All,
   
  I noticed a someone was using CONNECT xxx.xxx.xxx.xxx http command against 
Apache. I was wondering how to disable the CONNECT command from executing on 
Apache. In a couple of entries I noticed a connection from Seattle that might 
be a spammer so I want to disable the CONNECT command from running successfully.
   
  Thanks,
  -Tony

   
-
Sick sense of humor? Visit Yahoo! TV's Comedy with an Edge to see what's on, 
when.

RE: [EMAIL PROTECTED] Geolocation Question

2007-06-18 Thread Jon Keys




Hey Joshua,You're right except we don't use mod_proxy_balancer
in conjunction with mod_proxy ... we use mod_rewrite with '[R]'
directive and point to the mod_proxy_balancer worker to determine which
server to externally redirect to. Does this make sense?The
reason we chose to do this was to take advantage of some of the nice
features in mod_proxy_balancer (like session management, weighted load
balancing, etc...). We are, however, not locked in to this solution. If
something more efficient / easier to manage is out there we are
definitely open to suggestions.Thanks for your reply,Jon> Date: Mon, 18 Jun 
2007 16:10:50 -0400> From: [EMAIL PROTECTED]> To: users@httpd.apache.org> 
Subject: Re: [EMAIL PROTECTED] Geolocation Question> > On 6/18/07, Jon Keys 
<[EMAIL PROTECTED]> wrote:> >> > Hi,> >> > I'm setting up some load balancing 
based on Apache with mod_proxy_balancer> > and I'd like to incorporate 
geolocation based on IP address into the load> > balancing algorithm.> >> > I 
know that IP's are not a reliable way of determining location, but we> > 
purchased a package from ip2location to try and be as accurate as possible.> > 
Even still, it's not perfect and that's OK because we are just distributing> > 
the load of some free downloads ... if someone gets redirected to a server> > 
that's not that close to them it won't be the end of the world.> >> > Anyway, 
does anyone know of such a patch / mod / plugin / application> > compatible 
with apache2? If not, some pointers on where to begin developing> > this would 
be greatly appreciated.> > Maybe I'm missing something, but this doesn't make 
any sense to me.> > If you are using mod_proxy_balancer, then all requests will 
go through> the apache proxy server. That means there is no benefit in putting 
the> back-end server close to the client. In fact, you want the back-end> 
server close to the balancer.> > If you want the client to access stuff from a 
closer server, you> should issue an external redirect. mod_rewrite would be a 
standard way> to access a database to do a conditional redirect.> > Joshua.> > 
-> The 
official User-To-User support forum of the Apache HTTP Server Project.> See 
http://httpd.apache.org/userslist.html> for more info.> To unsubscribe, 
e-mail: [EMAIL PROTECTED]>"   from the digest: [EMAIL PROTECTED]> For 
additional commands, e-mail: [EMAIL PROTECTED]> 
_
Live Earth is coming.  Learn more about the hottest summer event - only on MSN.
http://liveearth.msn.com?source=msntaglineliveearthwlm

Re: [EMAIL PROTECTED] Geolocation Question

2007-06-18 Thread Joshua Slive


On 6/18/07, Jon Keys <[EMAIL PROTECTED]> wrote:


Hi,

I'm setting up some load balancing based on Apache with mod_proxy_balancer
and I'd like to incorporate geolocation based on IP address into the load
balancing algorithm.

I know that IP's are not a reliable way of determining location, but we
purchased a package from ip2location to try and be as accurate as possible.
Even still, it's not perfect and that's OK because we are just distributing
the load of some free downloads ... if someone gets redirected to a server
that's not that close to them it won't be the end of the world.

Anyway, does anyone know of such a patch / mod / plugin / application
compatible with apache2? If not, some pointers on where to begin developing
this would be greatly appreciated.


Maybe I'm missing something, but this doesn't make any sense to me.

If you are using mod_proxy_balancer, then all requests will go through
the apache proxy server. That means there is no benefit in putting the
back-end server close to the client. In fact, you want the back-end
server close to the balancer.

If you want the client to access stuff from a closer server, you
should issue an external redirect. mod_rewrite would be a standard way
to access a database to do a conditional redirect.

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Geolocation Question

2007-06-18 Thread Jon Keys

Hi,I'm setting up some load balancing based on Apache with mod_proxy_balancer 
and I'd like to incorporate geolocation based on IP address into the load 
balancing algorithm. I know that IP's are not a reliable way of determining 
location, but we purchased a package from ip2location to try and be as accurate 
as possible. Even still, it's not perfect and that's OK because we are just 
distributing the load of some free downloads ... if someone gets redirected to 
a server that's not that close to them it won't be the end of the world.Anyway, 
does anyone know of such a patch / mod / plugin / application compatible with 
apache2? If not, some pointers on where to begin developing this would be 
greatly appreciated.Thanks,Jon
_
Hotmail to go? Get your Hotmail, news, sports and much more! Check out the New 
MSN Mobile! 
http://mobile.msn.com

Re: [EMAIL PROTECTED] build mod_ssl with Apache 2.2.4

2007-06-18 Thread Sander Temme



On Jun 18, 2007, at 9:12 AM, Kader Ben wrote:


Could someone tell me what I'm missing?


What operating system? /export/home suggests Solaris. x86 or Sparc?  
Which compiler, gcc or Sun Workshop?


Also, could you paste us the line immediately preceding the error?

S.

--
Sander Temme
[EMAIL PROTECTED]
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF





smime.p7s
Description: S/MIME cryptographic signature

[EMAIL PROTECTED] Mod_proxy / mod_proxy_balancer question: How to take workers gracefully out of service

2007-06-18 Thread Karel Kubat


Hi all,

If someone has information on how to take balanced workers gracefully  
out of service, please let me know! I've been searching the Apache  
docs in vain, and Google doesn't provide an answer either. Thanks in  
advance!



THE PROBLEM

I am using mod_proxy to balance requests to two workers. The sessions  
are made sticky using a cookie CellColor. This works like a charm, so  
far no problems.


However, here's the problem. I will occasionally need to take a  
worker out of service, but I will need to do so gracefully. The  
procedure should be:

* I inform the balancer that the worker will go down eventually
* As for running sessions, the balancer keeps sending them to this  
worker
* But new sessions all go to other workers, which are not marked as  
"will go down"
* I simply wait for an hour or so, until running sessions to the  
target worker die out

* Then I can stop the worker and service it.


THE CONFIGURATION

Here is the balancer configuration in a lab environment. There are  
two sample wokers, at localhost:8010 and 8020 (the last two at 8000  
and 8001 are hot-standby). Session stickiness is enforced as follows:

* In the webserver at localhost:8010 a cookie is added:
  Header add Set-Cookie CellColor=balancer.red
* And on 8020 it is:
  Header add Set-Cookie CellColor=balancer.blue

Listen  8030

# All URI's go through red or blue cell, sticky by CellColor
# except for the purple manager
ProxyPass   /purple-manager !
ProxyPass   / balancer://purple/ stickysession=CellColor \
  maxattempts=3 timeout=5

# Web interface to the manager

SetHandler  balancer-manager
Order   allow,deny
Allow   from all


# Tag for passing requests
Header  add CellColor purple

# The workers

BalancerMember  http://localhost:8010 route=red
BalancerMember  http://localhost:8020 route=blue
BalancerMember  http://localhost:8000 status=+H
BalancerMember  http://localhost:8001 status=+H




THE QUESTION

How do I take the worker at http://localhost:8010 gracefully out of  
service, without interrupting already running sessions? Given the  
above config, I can surf to http://localhost:8030/purple-manager and  
set the "red" worker to "disabled", but if I do that, then all  
requests will immediately go to the "blue" worker, even if there's a  
cookie CellColor=balancer.red in the request. It looks as though  
there are only two states (enabled or disabled) while for what I want  
there should be one more (working, but don't use it).



Thanks in advance..
Karel


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] bandwidth problem on windows

2007-06-18 Thread patrick


hi,

adding this to httpd.conf:
EnableSendfile off
EnableMMAP off

now apache is using my full bandwidth. it seem to be EnableSendfile that 
causing the bandwidth to be limited or not. so everyone installing apache on 
windows should turn this option to off or it's only my setup?


my website are located on the same harddrive (local "C:\www\...") - NTFS.

thanks,
patrick 


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Redirect of http to https going into an infinite loop

2007-06-18 Thread Joshua Slive

On 6/18/07, Ken Robinson <[EMAIL PROTECTED]> wrote:

On 6/18/07, Brett Neumeier <[EMAIL PROTECTED]> wrote:
> On Mon, 2007-06-18 at 17:16 +0100, Tony Stevenson wrote:
> > On Mon, June 18, 2007 4:49 pm, Ken Robinson wrote:
> > > I'm trying to help my boss solve his rewrite problem. He's trying the
> > > following code in the config file, but the results are an infinite loop of
> > > rewrites:
>
> Is there any reason your boss doesn't want to just use something like:
>
> 
> ServerName virtual1
> Port 80
> Redirect permanent / https://virtual1/
> 
>
> I mean, you don't have to use mod_rewrite to do a redirect.

He tried that suggestion and it still loops.

He also tried the code from the article at
http://rewrite.drbacchus.com/rewritewiki/SSL

He said that it still loops then too.

Then there is likely something in your SSL  that is
pointing back to your non-ssl host, causing a loop. Those configs on
their own certainly don't loop.

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Redirect of http to https going into an infinite loop

2007-06-18 Thread Ken Robinson

On 6/18/07, Brett Neumeier <[EMAIL PROTECTED]> wrote:

On Mon, 2007-06-18 at 17:16 +0100, Tony Stevenson wrote:
> On Mon, June 18, 2007 4:49 pm, Ken Robinson wrote:
> > I'm trying to help my boss solve his rewrite problem. He's trying the
> > following code in the config file, but the results are an infinite loop of
> > rewrites:

Is there any reason your boss doesn't want to just use something like:

ServerName virtual1
Port 80
Redirect permanent / https://virtual1/

I mean, you don't have to use mod_rewrite to do a redirect.

He tried that suggestion and it still loops.

He also tried the code from the article at
http://rewrite.drbacchus.com/rewritewiki/SSL

He said that it still loops then too.

Ken

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] post data lost using mod_rewrite

2007-06-18 Thread GKapitany

Hi,

I'm wondering if there is a way to preserve POST data while using
mod_rewrite redirect?

Thanks,
Gabriel

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Redirect of http to https going into an infinite loop

2007-06-18 Thread Brett Neumeier

On Mon, 2007-06-18 at 17:16 +0100, Tony Stevenson wrote: 
> On Mon, June 18, 2007 4:49 pm, Ken Robinson wrote:
> > I'm trying to help my boss solve his rewrite problem. He's trying the
> > following code in the config file, but the results are an infinite loop of
> > rewrites:

Is there any reason your boss doesn't want to just use something like:

ServerName virtual1
Port 80
ServerAdmin [EMAIL PROTECTED]
Redirect permanent / https://virtual1/

I mean, you don't have to use mod_rewrite to do a redirect.

Cheers,

bn

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] build mod_ssl with Apache 2.2.4

2007-06-18 Thread Kader Ben

Hi Listers,

I'm building Apache 2.2.4 with mod_ssl. I have installed openSSL openssl-0.9.8e 
and tried to build Apache with the command :

./configure --prefix=/export/home/benmatk/apache --enable-mods-shared=all 
--enable-ssl --with-ssl=/export/home/benmatk/openssl
 

Unfortunatly I,m getting the following error:


ld: fatal: relocations remain against allocatable but non-writable sections
collect2: ld returned 1 exit status
make[4]: *** [mod_ssl.la] Error 1
make[4]: Leaving directory `/export/home/benmatk/httpd-2.2.4/modules/ssl'
make[3]: *** [shared-build-recursive] Error 1



Could someone tell me what I'm missing?

Regards,


Ben


 

It's here! Your new message!  
Get new email alerts with the free Yahoo! Toolbar.
http://tools.search.yahoo.com/toolbar/features/mail/

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Redirect of http to https going into an infinite loop

2007-06-18 Thread Tony Stevenson

On Mon, June 18, 2007 4:49 pm, Ken Robinson wrote:
> I'm trying to help my boss solve his rewrite problem. He's trying the
> following code in the config file, but the results are an infinite loop of
> rewrites:
>
>
> 
> ServerName virtual1
> Port 80
> ServerAdmin [EMAIL PROTECTED]
> Options +FollowSymLinks
> RewriteEngine On
> RewriteCond %{SERVER_PORT} !^443$
> RewriteRule ^/(.*)$ https://virtual1/$1 [L,R]
>
>
> Is there any way of making this work without specifying a different
> target host?
>

Ken, take a look at this article, it will help you redirect http traffic
to https.

http://rewrite.drbacchus.com/rewritewiki/SSL

Regards,
Tony

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] ProxyPassReverse not working

2007-06-18 Thread Tony Stevenson

On Mon, June 18, 2007 4:26 pm, [EMAIL PROTECTED] wrote:
> Hi Tony,
>
>
> Thanks a lot, it worked.
>
>

No problems, I glad it helped.

...

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Redirect of http to https going into an infinite loop

2007-06-18 Thread Ken Robinson


I'm trying to help my boss solve his rewrite problem. He's trying the
following code in the config file, but the results are an infinite
loop of rewrites:


   ServerName virtual1
   Port 80
   ServerAdmin [EMAIL PROTECTED]
   Options +FollowSymLinks
   RewriteEngine On
   RewriteCond %{SERVER_PORT} !^443$
   RewriteRule ^/(.*)$ https://virtual1/$1 [L,R]

Is there any way of making this work without specifying a different target host?

Thanks in advance.
Ken

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] RE: Apache 2.0.59 authnetication in OpenLdap

2007-06-18 Thread Maurer, Hermann

Hi,

can you try with the standard ldap port 389 ?
something like this: 
AuthLDAPURL "ldap://server:389/o=root?uid?sub?(objectClass=*)"

Regards,
Hermann Maurer

->-Original Message-
->From: Radulescu Iulian [mailto:[EMAIL PROTECTED] 
->Sent: Monday, June 18, 2007 4:47 PM
->To: users@httpd.apache.org
->Subject: RE: [EMAIL PROTECTED] RE: Apache 2.0.59 authnetication 
->in OpenLdap
->
->These are the modules:
->
->LoadModule auth_ldap_module modules/mod_auth_ldap.so
->LoadModule ldap_module modules/util_ldap.so
->
->They are coming with the distribution of Apache 2.0.59
->
->The anonymous bind works as well.
->How can I check the URL from command line?
->
->I will check now the link. 
->
->Thank you,
->Iulian.
->
->-Original Message-
->From: Tony Stevenson [mailto:[EMAIL PROTECTED] 
->Sent: Monday, June 18, 2007 5:40 PM
->To: Radulescu Iulian
->Subject: RE: [EMAIL PROTECTED] RE: Apache 2.0.59 authnetication 
->in OpenLdap
->
->On Mon, June 18, 2007 3:29 pm, Radulescu Iulian wrote:
->> Also, please note that the same configuration (just the 
->server and the
->> port I changed), connecting to a Netscape Directory Server 
->works like
->a
->> charm. :)
->>
->> I am using the modules which comes with apache 2.0.59 for LDAP.
->>
->>
->
->Ok, you have to tell Apache to bind to OpenLDAP using specific
->credentials, unless you allow anonymous binding to your LDAP 
->Directory.
->
->Can you please state which modules you have loaded exactly as well.
->
->Have you read that link I gave you last time? It shows how to setup
->basic
->LDAP authentication, which would work fine in your scenario.
->
->Also, triple check your LDAP Auth URL, is that correct? Is 
->that the same
->if you test from the command line of your server?
->
->
->
->Iulian, as as aside note please do not CC me directly on 
->these emails as
->I
->will get two copies of them, and that is just plain annoying  :)
->
->
->--
->Tony
->
->> Thank you,
->> Iulian.
->>
->>
->> -Original Message-
->> From: Radulescu Iulian [mailto:[EMAIL PROTECTED]
->> Sent: Monday, June 18, 2007 5:26 PM
->> To: users@httpd.apache.org; [EMAIL PROTECTED]
->> Subject: RE: [EMAIL PROTECTED] RE: Apache 2.0.59 authnetication in
->OpenLdap
->>
->>
->> Here it is:
->>
->>
->> 
->>
->>
->> ErrorLog logs/host-1571-error.log
->> CustomLog logs/host-1571-access.log common
->>
->>
->> LogLevel debug
->>
->>
->>
->> 
->> Order Deny,Allow
->> Deny from all
->> Allow from 127 172
->>
->>
->> AuthType Basic
->> AuthName "CONF"
->>
->>
->> AuthLDAPURL "ldap://server:3939/o=root?uid?sub?(objectClass=*)"
->> require valid-user
->>
->> 
->> 
->>
->>
->> -Original Message-
->> From: Tony Stevenson [mailto:[EMAIL PROTECTED]
->> Sent: Monday, June 18, 2007 5:24 PM
->> To: users@httpd.apache.org
->> Subject: Re: [EMAIL PROTECTED] RE: Apache 2.0.59 authnetication in
->OpenLdap
->>
->>
->> Radulescu Iulian wrote:
->>
->>> Hello,
->>>
->>
->> ...
->>
->>
->>>
->>> /[Mon Jun 18 16:32:06 2007] [warn] [client 127.0.0.1] 
->[796] auth_ldap
->>> authenticate: user fidesAdmin authentication failed; URI
->>> /servlet/HtmlUiServlet [ldap_search_ext_s() for user 
->failed][Protocol
->>> Error]/
->>>
->>>
->>> / /
->>>
->>>
->>> I checked the ldap logs, and it seems the request does not 
->reach the
->>> server. The machine is visible, I try to connect using LdapBrowser
->and
->> I
->>
->>> succedded it. Any ideas?
->>>
->>>
->>>
->>> Here is the configuration:
->>>
->>>
->>>
->>>
->>> AuthType Basic
->>>
->>>
->>> AuthName "CONF"
->>>
->>>
->>>
->>>
->>> AuthLDAPURL "ldap://server:3939/o=root?uid?sub?(objectClass=*)"
->>>
->>>
->>> require valid-user
->>>
->>>
->>>
->>
->> Lulian, we would really need to see more of your Apache 
->confiugration
->> that these few lines. Can you paste your entire vhost configuration,
->and
->> all related  and  blocks that may apply?
->>
->> I am guessing you may not have configured Apache correctly, 
->but would
->> like to see more of your config before suggesting any definitive
->answers.
->> Though you can read this page to get some ideas for yourself:
->>
->>
->> http://wiki.apache.org/httpd/Recipes/UseLDAPToPasswordProtectAFolder
->>
->>
->>
->> --
->> Tony
->>
->>
->>
->> 
->-
->> The official User-To-User support forum of the Apache HTTP Server
->> Project.
->> See http://httpd.apache.org/userslist.html> for more info.
->> To unsubscribe, e-mail: [EMAIL PROTECTED]
->> "   from the digest: [EMAIL PROTECTED]
->> For additional commands, e-mail: [EMAIL PROTECTED]
->>
->>
->>
->> 
->-
->> The official User-To-User support forum of the Apache HTTP Server
->> Project.
->> See http://httpd.apache.org/userslist.html> for more info.
->> To unsubscribe, e-mail: [EMAIL PROTECTED]
->> "   from the digest: [EMAIL PROTECTED]
->> For additional commands, e-mail: [EMAIL PROTECTED]
->>
->>
->>
->
->
->

RE: [EMAIL PROTECTED] RE: Apache 2.0.59 authnetication in OpenLdap

2007-06-18 Thread Radulescu Iulian


Also, 

The link you provided:
http://wiki.apache.org/httpd/Recipes/UseLDAPToPasswordProtectAFolder


Is applicable for Apache 2.2; I need to make it work on 2.0 :(

Iulian.

-Original Message-
From: Radulescu Iulian [mailto:[EMAIL PROTECTED] 
Sent: Monday, June 18, 2007 5:47 PM
To: users@httpd.apache.org
Subject: RE: [EMAIL PROTECTED] RE: Apache 2.0.59 authnetication in OpenLdap

These are the modules:

LoadModule auth_ldap_module modules/mod_auth_ldap.so
LoadModule ldap_module modules/util_ldap.so

They are coming with the distribution of Apache 2.0.59

The anonymous bind works as well.
How can I check the URL from command line?

I will check now the link. 

Thank you,
Iulian.

-Original Message-
From: Tony Stevenson [mailto:[EMAIL PROTECTED] 
Sent: Monday, June 18, 2007 5:40 PM
To: Radulescu Iulian
Subject: RE: [EMAIL PROTECTED] RE: Apache 2.0.59 authnetication in OpenLdap

On Mon, June 18, 2007 3:29 pm, Radulescu Iulian wrote:
> Also, please note that the same configuration (just the server and the
> port I changed), connecting to a Netscape Directory Server works like
a
> charm. :)
>
> I am using the modules which comes with apache 2.0.59 for LDAP.
>
>

Ok, you have to tell Apache to bind to OpenLDAP using specific
credentials, unless you allow anonymous binding to your LDAP Directory.

Can you please state which modules you have loaded exactly as well.

Have you read that link I gave you last time? It shows how to setup
basic
LDAP authentication, which would work fine in your scenario.

Also, triple check your LDAP Auth URL, is that correct? Is that the same
if you test from the command line of your server?



Iulian, as as aside note please do not CC me directly on these emails as
I
will get two copies of them, and that is just plain annoying  :)


--
Tony

> Thank you,
> Iulian.
>
>
> -Original Message-
> From: Radulescu Iulian [mailto:[EMAIL PROTECTED]
> Sent: Monday, June 18, 2007 5:26 PM
> To: users@httpd.apache.org; [EMAIL PROTECTED]
> Subject: RE: [EMAIL PROTECTED] RE: Apache 2.0.59 authnetication in
OpenLdap
>
>
> Here it is:
>
>
> 
>
>
> ErrorLog logs/host-1571-error.log
> CustomLog logs/host-1571-access.log common
>
>
> LogLevel debug
>
>
>
> 
> Order Deny,Allow
> Deny from all
> Allow from 127 172
>
>
> AuthType Basic
> AuthName "CONF"
>
>
> AuthLDAPURL "ldap://server:3939/o=root?uid?sub?(objectClass=*)"
> require valid-user
>
> 
> 
>
>
> -Original Message-
> From: Tony Stevenson [mailto:[EMAIL PROTECTED]
> Sent: Monday, June 18, 2007 5:24 PM
> To: users@httpd.apache.org
> Subject: Re: [EMAIL PROTECTED] RE: Apache 2.0.59 authnetication in
OpenLdap
>
>
> Radulescu Iulian wrote:
>
>> Hello,
>>
>
> ...
>
>
>>
>> /[Mon Jun 18 16:32:06 2007] [warn] [client 127.0.0.1] [796] auth_ldap
>> authenticate: user fidesAdmin authentication failed; URI
>> /servlet/HtmlUiServlet [ldap_search_ext_s() for user failed][Protocol
>> Error]/
>>
>>
>> / /
>>
>>
>> I checked the ldap logs, and it seems the request does not reach the
>> server. The machine is visible, I try to connect using LdapBrowser
and
> I
>
>> succedded it. Any ideas?
>>
>>
>>
>> Here is the configuration:
>>
>>
>>
>>
>> AuthType Basic
>>
>>
>> AuthName "CONF"
>>
>>
>>
>>
>> AuthLDAPURL "ldap://server:3939/o=root?uid?sub?(objectClass=*)"
>>
>>
>> require valid-user
>>
>>
>>
>
> Lulian, we would really need to see more of your Apache confiugration
> that these few lines. Can you paste your entire vhost configuration,
and
> all related  and  blocks that may apply?
>
> I am guessing you may not have configured Apache correctly, but would
> like to see more of your config before suggesting any definitive
answers.
> Though you can read this page to get some ideas for yourself:
>
>
> http://wiki.apache.org/httpd/Recipes/UseLDAPToPasswordProtectAFolder
>
>
>
> --
> Tony
>
>
>
> -
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> "   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
> -
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> "   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>


-
The official User-To-User support forum of the Apache HTTP Server
Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
The official User-To-User support forum

Re: [EMAIL PROTECTED] ProxyPassReverse not working

2007-06-18 Thread GKapitany

Hi Tony,

Thanks a lot, it worked.

Regards,
Gabriel

 "Tony Stevenson"  
 <[EMAIL PROTECTED] 
 >  To 
   users@httpd.apache.org  
 18/06/2007 11:15   cc 
 AM
   Subject 
   Re: [EMAIL PROTECTED] ProxyPassReverse  
 Please respond to not working 
 [EMAIL PROTECTED] 
   e.org   

On Mon, June 18, 2007 4:07 pm, Tony Stevenson wrote:
> On Mon, June 18, 2007 3:47 pm, [EMAIL PROTECTED] wrote:
>
>> Hello,
>>
>>
>>
>> I'm trying to route requests to the application servers based on the
>> URL,
>> using the configuration below. The direct request reaches the app
>> servers but the ProxyPassReverse doesn't work, instead of getting:
>>
>> http://myhost.com/prod/ on the client I get http://myhost.com/.
>>
>>
>
> This is because your directives below are incorrect...
>
>
> They should read :
>
>
> ProxyPass / ajp://tomcat_prod:8009/
> ProxyPassReverse / http://myhost.com/
>
>

Sorry, mistake, they should read:

ProxyPass / ajp://tomcat_prod:8009/
ProxyPassReverse / ajp://tomcat_prod:8009/

Where the 2nd string passed the to the ProxyPassReverse directive matches
the one above it.  In this case "ajp://tomcat_prod:8009/"

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] ProxyPassReverse not working

2007-06-18 Thread Tony Stevenson

On Mon, June 18, 2007 4:07 pm, Tony Stevenson wrote:
> On Mon, June 18, 2007 3:47 pm, [EMAIL PROTECTED] wrote:
>
>> Hello,
>>
>>
>>
>> I'm trying to route requests to the application servers based on the
>> URL,
>> using the configuration below. The direct request reaches the app
>> servers but the ProxyPassReverse doesn't work, instead of getting:
>>
>> http://myhost.com/prod/ on the client I get http://myhost.com/.
>>
>>
>
> This is because your directives below are incorrect...
>
>
> They should read :
>
>
> ProxyPass / ajp://tomcat_prod:8009/
> ProxyPassReverse / http://myhost.com/
>
>

Sorry, mistake, they should read:

ProxyPass / ajp://tomcat_prod:8009/
ProxyPassReverse / ajp://tomcat_prod:8009/

Where the 2nd string passed the to the ProxyPassReverse directive matches
the one above it.  In this case "ajp://tomcat_prod:8009/"

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] ProxyPassReverse not working

2007-06-18 Thread Tony Stevenson

On Mon, June 18, 2007 3:47 pm, [EMAIL PROTECTED] wrote:
> Hello,
>
>
> I'm trying to route requests to the application servers based on the URL,
>  using the configuration below. The direct request reaches the app servers
> but the ProxyPassReverse doesn't work, instead of getting:
>
> http://myhost.com/prod/ on the client I get http://myhost.com/.
>

This is because your directives below are incorrect...

They should read :

ProxyPass / ajp://tomcat_prod:8009/
ProxyPassReverse / http://myhost.com/

You basically missed out the two /'s that were required in all your
examples.  You need to add them too all of them.

>
> ==
>
>
> ProxyPreserveHost On
> RewriteEngine On
>
>
> 
> ProxyPass ajp://tomcat_prod:8009/
> ProxyPassReverse http://myhost.com/
>
>
> 
>

...

--
Tony

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] ProxyPassReverse not working

2007-06-18 Thread GKapitany

Hello,

I'm trying to route requests to the application servers based on the URL,
using the configuration below.
The direct request reaches the app servers but the ProxyPassReverse doesn't
work, instead of getting:

http://myhost.com/prod/ on the client I get http://myhost.com/.

==

ProxyPreserveHost On
RewriteEngine On


  ProxyPass ajp://tomcat_prod:8009/
  ProxyPassReverse http://myhost.com/




  ProxyPass ajp://tomcat_qa:8009/
  ProxyPassReverse http://myhost.com/



==

Any help would be appreciated.

Thanks,
Gabriel

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] RE: Apache 2.0.59 authnetication in OpenLdap

2007-06-18 Thread Radulescu Iulian

These are the modules:

LoadModule auth_ldap_module modules/mod_auth_ldap.so
LoadModule ldap_module modules/util_ldap.so

They are coming with the distribution of Apache 2.0.59

The anonymous bind works as well.
How can I check the URL from command line?

I will check now the link. 

Thank you,
Iulian.

-Original Message-
From: Tony Stevenson [mailto:[EMAIL PROTECTED] 
Sent: Monday, June 18, 2007 5:40 PM
To: Radulescu Iulian
Subject: RE: [EMAIL PROTECTED] RE: Apache 2.0.59 authnetication in OpenLdap

On Mon, June 18, 2007 3:29 pm, Radulescu Iulian wrote:
> Also, please note that the same configuration (just the server and the
> port I changed), connecting to a Netscape Directory Server works like
a
> charm. :)
>
> I am using the modules which comes with apache 2.0.59 for LDAP.
>
>

Ok, you have to tell Apache to bind to OpenLDAP using specific
credentials, unless you allow anonymous binding to your LDAP Directory.

Can you please state which modules you have loaded exactly as well.

Have you read that link I gave you last time? It shows how to setup
basic
LDAP authentication, which would work fine in your scenario.

Also, triple check your LDAP Auth URL, is that correct? Is that the same
if you test from the command line of your server?



Iulian, as as aside note please do not CC me directly on these emails as
I
will get two copies of them, and that is just plain annoying  :)


--
Tony

> Thank you,
> Iulian.
>
>
> -Original Message-
> From: Radulescu Iulian [mailto:[EMAIL PROTECTED]
> Sent: Monday, June 18, 2007 5:26 PM
> To: users@httpd.apache.org; [EMAIL PROTECTED]
> Subject: RE: [EMAIL PROTECTED] RE: Apache 2.0.59 authnetication in
OpenLdap
>
>
> Here it is:
>
>
> 
>
>
> ErrorLog logs/host-1571-error.log
> CustomLog logs/host-1571-access.log common
>
>
> LogLevel debug
>
>
>
> 
> Order Deny,Allow
> Deny from all
> Allow from 127 172
>
>
> AuthType Basic
> AuthName "CONF"
>
>
> AuthLDAPURL "ldap://server:3939/o=root?uid?sub?(objectClass=*)"
> require valid-user
>
> 
> 
>
>
> -Original Message-
> From: Tony Stevenson [mailto:[EMAIL PROTECTED]
> Sent: Monday, June 18, 2007 5:24 PM
> To: users@httpd.apache.org
> Subject: Re: [EMAIL PROTECTED] RE: Apache 2.0.59 authnetication in
OpenLdap
>
>
> Radulescu Iulian wrote:
>
>> Hello,
>>
>
> ...
>
>
>>
>> /[Mon Jun 18 16:32:06 2007] [warn] [client 127.0.0.1] [796] auth_ldap
>> authenticate: user fidesAdmin authentication failed; URI
>> /servlet/HtmlUiServlet [ldap_search_ext_s() for user failed][Protocol
>> Error]/
>>
>>
>> / /
>>
>>
>> I checked the ldap logs, and it seems the request does not reach the
>> server. The machine is visible, I try to connect using LdapBrowser
and
> I
>
>> succedded it. Any ideas?
>>
>>
>>
>> Here is the configuration:
>>
>>
>>
>>
>> AuthType Basic
>>
>>
>> AuthName "CONF"
>>
>>
>>
>>
>> AuthLDAPURL "ldap://server:3939/o=root?uid?sub?(objectClass=*)"
>>
>>
>> require valid-user
>>
>>
>>
>
> Lulian, we would really need to see more of your Apache confiugration
> that these few lines. Can you paste your entire vhost configuration,
and
> all related  and  blocks that may apply?
>
> I am guessing you may not have configured Apache correctly, but would
> like to see more of your config before suggesting any definitive
answers.
> Though you can read this page to get some ideas for yourself:
>
>
> http://wiki.apache.org/httpd/Recipes/UseLDAPToPasswordProtectAFolder
>
>
>
> --
> Tony
>
>
>
> -
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> "   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
> -
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> "   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] RE: Apache 2.0.59 authnetication in OpenLdap

2007-06-18 Thread Tony Stevenson

On Mon, June 18, 2007 3:29 pm, Radulescu Iulian wrote:
> Also, please note that the same configuration (just the server and the
> port I changed), connecting to a Netscape Directory Server works like a
> charm. :)
>
> I am using the modules which comes with apache 2.0.59 for LDAP.
>
>

Ok, you have to tell Apache to bind to OpenLDAP using specific
credentials, unless you allow anonymous binding to your LDAP Directory.

Can you please state which modules you have loaded exactly as well.

Have you read that link I gave you last time? It shows how to setup basic
LDAP authentication, which would work fine in your scenario.

Also, triple check your LDAP Auth URL, is that correct? Is that the same
if you test from the command line of your server?


--
Tony

> Thank you,
> Iulian.
>
>
> -Original Message-
> From: Radulescu Iulian [mailto:[EMAIL PROTECTED]
> Sent: Monday, June 18, 2007 5:26 PM
> To: users@httpd.apache.org; [EMAIL PROTECTED]
> Subject: RE: [EMAIL PROTECTED] RE: Apache 2.0.59 authnetication in OpenLdap
>
>
> Here it is:
>
>
> 
>
>
> ErrorLog logs/host-1571-error.log
> CustomLog logs/host-1571-access.log common
>
>
> LogLevel debug
>
>
>
> 
> Order Deny,Allow
> Deny from all
> Allow from 127 172
>
>
> AuthType Basic
> AuthName "CONF"
>
>
> AuthLDAPURL "ldap://server:3939/o=root?uid?sub?(objectClass=*)"
> require valid-user
>
> 
> 
>
>
> -Original Message-
> From: Tony Stevenson [mailto:[EMAIL PROTECTED]
> Sent: Monday, June 18, 2007 5:24 PM
> To: users@httpd.apache.org
> Subject: Re: [EMAIL PROTECTED] RE: Apache 2.0.59 authnetication in OpenLdap
>
>
> Radulescu Iulian wrote:
>
>> Hello,
>>
>
> ...
>
>
>>
>> /[Mon Jun 18 16:32:06 2007] [warn] [client 127.0.0.1] [796] auth_ldap
>> authenticate: user fidesAdmin authentication failed; URI
>> /servlet/HtmlUiServlet [ldap_search_ext_s() for user failed][Protocol
>> Error]/
>>
>>
>> / /
>>
>>
>> I checked the ldap logs, and it seems the request does not reach the
>> server. The machine is visible, I try to connect using LdapBrowser and
> I
>
>> succedded it. Any ideas?
>>
>>
>>
>> Here is the configuration:
>>
>>
>>
>>
>> AuthType Basic
>>
>>
>> AuthName "CONF"
>>
>>
>>
>>
>> AuthLDAPURL "ldap://server:3939/o=root?uid?sub?(objectClass=*)"
>>
>>
>> require valid-user
>>
>>
>>
>
> Lulian, we would really need to see more of your Apache confiugration
> that these few lines. Can you paste your entire vhost configuration, and
> all related  and  blocks that may apply?
>
> I am guessing you may not have configured Apache correctly, but would
> like to see more of your config before suggesting any definitive answers.
> Though you can read this page to get some ideas for yourself:
>
>
> http://wiki.apache.org/httpd/Recipes/UseLDAPToPasswordProtectAFolder
>
>
>
> --
> Tony
>
>
>
> -
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> "   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
> -
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> "   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] RE: Apache 2.0.59 authnetication in OpenLdap

2007-06-18 Thread Radulescu Iulian

Also, please note that the same configuration (just the server and the
port I changed), connecting to a Netscape Directory Server works like a
charm. :)

I am using the modules which comes with apache 2.0.59 for LDAP.

Thank you,
Iulian.

-Original Message-
From: Radulescu Iulian [mailto:[EMAIL PROTECTED] 
Sent: Monday, June 18, 2007 5:26 PM
To: users@httpd.apache.org; [EMAIL PROTECTED]
Subject: RE: [EMAIL PROTECTED] RE: Apache 2.0.59 authnetication in OpenLdap

Here it is:

ErrorLog logs/host-1571-error.log
CustomLog logs/host-1571-access.log common

LogLevel debug

Order Deny,Allow
Deny from all
Allow from 127 172

AuthType Basic
AuthName "CONF"

AuthLDAPURL "ldap://server:3939/o=root?uid?sub?(objectClass=*)"
require valid-user

-Original Message-
From: Tony Stevenson [mailto:[EMAIL PROTECTED] 
Sent: Monday, June 18, 2007 5:24 PM
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] RE: Apache 2.0.59 authnetication in OpenLdap

Radulescu Iulian wrote:
> Hello,

...

>
> /[Mon Jun 18 16:32:06 2007] [warn] [client 127.0.0.1] [796] auth_ldap
> authenticate: user fidesAdmin authentication failed; URI
> /servlet/HtmlUiServlet [ldap_search_ext_s() for user failed][Protocol
> Error]/
>
> / /
>
> I checked the ldap logs, and it seems the request does not reach the
> server. The machine is visible, I try to connect using LdapBrowser and
I
> succedded it. Any ideas?
>
>
>
> Here is the configuration:
>
>
>
> AuthType Basic
>
> AuthName "CONF"
>
>
>
> AuthLDAPURL "ldap://server:3939/o=root?uid?sub?(objectClass=*)"
>
> require valid-user
>
>
>

Lulian, we would really need to see more of your Apache confiugration
that
these few lines. Can you paste your entire vhost configuration, and all
related  and  blocks that may apply?

I am guessing you may not have configured Apache correctly, but would
like
to see more of your config before suggesting any definitive answers. 
Though you can read this page to get some ideas for yourself:

http://wiki.apache.org/httpd/Recipes/UseLDAPToPasswordProtectAFolder

--
Tony

-
The official User-To-User support forum of the Apache HTTP Server
Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
The official User-To-User support forum of the Apache HTTP Server
Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] RE: Apache 2.0.59 authnetication in OpenLdap

2007-06-18 Thread Radulescu Iulian

Here it is:

ErrorLog logs/host-1571-error.log
CustomLog logs/host-1571-access.log common

LogLevel debug

Order Deny,Allow
Deny from all
Allow from 127 172

AuthType Basic
AuthName "CONF"

AuthLDAPURL "ldap://server:3939/o=root?uid?sub?(objectClass=*)"
require valid-user

-Original Message-
From: Tony Stevenson [mailto:[EMAIL PROTECTED] 
Sent: Monday, June 18, 2007 5:24 PM
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] RE: Apache 2.0.59 authnetication in OpenLdap

Radulescu Iulian wrote:
> Hello,

...

>
> /[Mon Jun 18 16:32:06 2007] [warn] [client 127.0.0.1] [796] auth_ldap
> authenticate: user fidesAdmin authentication failed; URI
> /servlet/HtmlUiServlet [ldap_search_ext_s() for user failed][Protocol
> Error]/
>
> / /
>
> I checked the ldap logs, and it seems the request does not reach the
> server. The machine is visible, I try to connect using LdapBrowser and
I
> succedded it. Any ideas?
>
>
>
> Here is the configuration:
>
>
>
> AuthType Basic
>
> AuthName "CONF"
>
>
>
> AuthLDAPURL "ldap://server:3939/o=root?uid?sub?(objectClass=*)"
>
> require valid-user
>
>
>

Lulian, we would really need to see more of your Apache confiugration
that
these few lines. Can you paste your entire vhost configuration, and all
related  and  blocks that may apply?

I am guessing you may not have configured Apache correctly, but would
like
to see more of your config before suggesting any definitive answers. 
Though you can read this page to get some ideas for yourself:

http://wiki.apache.org/httpd/Recipes/UseLDAPToPasswordProtectAFolder

--
Tony

-
The official User-To-User support forum of the Apache HTTP Server
Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] RE: Apache 2.0.59 authnetication in OpenLdap

2007-06-18 Thread Tony Stevenson

Radulescu Iulian wrote:
> Hello,

...

>
> /[Mon Jun 18 16:32:06 2007] [warn] [client 127.0.0.1] [796] auth_ldap
> authenticate: user fidesAdmin authentication failed; URI
> /servlet/HtmlUiServlet [ldap_search_ext_s() for user failed][Protocol
> Error]/
>
> / /
>
> I checked the ldap logs, and it seems the request does not reach the
> server. The machine is visible, I try to connect using LdapBrowser and I
> succedded it. Any ideas?
>
>
>
> Here is the configuration:
>
>
>
> AuthType Basic
>
> AuthName "CONF"
>
>
>
> AuthLDAPURL "ldap://server:3939/o=root?uid?sub?(objectClass=*)"
>
> require valid-user
>
>
>

Lulian, we would really need to see more of your Apache confiugration that
these few lines. Can you paste your entire vhost configuration, and all
related  and  blocks that may apply?

I am guessing you may not have configured Apache correctly, but would like
to see more of your config before suggesting any definitive answers. 
Though you can read this page to get some ideas for yourself:

http://wiki.apache.org/httpd/Recipes/UseLDAPToPasswordProtectAFolder

--
Tony

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] virtual host configuration

2007-06-18 Thread Tony Stevenson

On Mon, June 18, 2007 3:25 am, Thufir wrote:
> I've previously configured a FQDN through  for
>  and plan to do so again.  I run apache
> for personal, home use for apps such as   feeds/> and plan on doing some ruby.  I don't want to have an actual
> website, this is just for my use.

What do you mean when you say "I don't want to have an actual website"??

>
> However, when I configure my box with a FQDN this interferes with Apache,
>  which assumes that I want to actually have a web page.  The apparent
> work around is to use virtual hosts?

Where do you configure this FQDN? In your hosts file?

>
> Feed-on-Feeds, for example, is just looking for localhost and that's
> fine.  but leafnode needs that FQDN.
>

Can you please state what exactly it is you are trying to do?
Would you please also paste your Apache config so we can see what we are
dealing with?

...

>
>
> I'll probably be install fedora core 7 soon.

I'm sure the Fedora team will be happy to hear that, albeit without the
'core' part of the name.

--
Tony

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] RE: Apache 2.0.59 authnetication in OpenLdap

2007-06-18 Thread Radulescu Iulian

Hello,

 

I have the following problem: I configured apache to authenticate in an
OpenLdap and Keep getting the following error in the log file:

 

[Mon Jun 18 16:31:48 2007] [debug] mod_auth_ldap.c(337): [client
127.0.0.1] [796] auth_ldap authenticate: using URL
ldap://server:3939/o=root?uid?sub?(objectClass=*)

[Mon Jun 18 16:31:48 2007] [debug] mod_auth_ldap.c(342): [client
127.0.0.1] [796] auth_ldap authenticate: ap_get_basic_auth_pw() returns
401

[Mon Jun 18 16:31:53 2007] [debug] mod_auth_ldap.c(337): [client
127.0.0.1] [796] auth_ldap authenticate: using URL
ldap://server:3939/o=root?uid?sub?(objectClass=*)

[Mon Jun 18 16:31:53 2007] [warn] [client 127.0.0.1] [796] auth_ldap
authenticate: user fidesAdmin authentication failed; URI
/servlet/HtmlUiServlet [ldap_search_ext_s() for user failed][Protocol
Error]

[Mon Jun 18 16:32:00 2007] [debug] mod_auth_ldap.c(337): [client
127.0.0.1] [796] auth_ldap authenticate: using URL
ldap://server:3939/o=root?uid?sub?(objectClass=*)

[Mon Jun 18 16:32:00 2007] [warn] [client 127.0.0.1] [796] auth_ldap
authenticate: user fidesAdmin authentication failed; URI
/servlet/HtmlUiServlet [ldap_search_ext_s() for user failed][Protocol
Error]

[Mon Jun 18 16:32:06 2007] [debug] mod_auth_ldap.c(337): [client
127.0.0.1] [796] auth_ldap authenticate: using URL
ldap://server:3939/o=root?uid?sub?(objectClass=*)

[Mon Jun 18 16:32:06 2007] [warn] [client 127.0.0.1] [796] auth_ldap
authenticate: user fidesAdmin authentication failed; URI
/servlet/HtmlUiServlet [ldap_search_ext_s() for user failed][Protocol
Error]

 

I checked the ldap logs, and it seems the request does not reach the
server. The machine is visible, I try to connect using LdapBrowser and I
succedded it. Any ideas?

 

Here is the configuration:

 

AuthType Basic

AuthName "CONF"



AuthLDAPURL "ldap://server:3939/o=root?uid?sub?(objectClass=*)"

require valid-user

 

Thanks,

Iulian.

[EMAIL PROTECTED] Apache 2.0.59 authnetication in OpenLdap

2007-06-18 Thread Radulescu Iulian

Hello,

 

I have the following problem: I configured apache to authenticate in an
OpenLdap and Keep getting the following error in the log file:

 

[Mon Jun 18 16:31:48 2007] [debug] mod_auth_ldap.c(337): [client
127.0.0.1] [796] auth_ldap authenticate: using URL
ldap://server:3939/o=root?uid?sub?(objectClass=*)

[Mon Jun 18 16:31:48 2007] [debug] mod_auth_ldap.c(342): [client
127.0.0.1] [796] auth_ldap authenticate: ap_get_basic_auth_pw() returns
401

[Mon Jun 18 16:31:53 2007] [debug] mod_auth_ldap.c(337): [client
127.0.0.1] [796] auth_ldap authenticate: using URL
ldap://server:3939/o=root?uid?sub?(objectClass=*)

[Mon Jun 18 16:31:53 2007] [warn] [client 127.0.0.1] [796] auth_ldap
authenticate: user fidesAdmin authentication failed; URI
/servlet/FidesHtmlUiServlet [ldap_search_ext_s() for user
failed][Protocol Error]

[Mon Jun 18 16:32:00 2007] [debug] mod_auth_ldap.c(337): [client
127.0.0.1] [796] auth_ldap authenticate: using URL
ldap://server:3939/o=root?uid?sub?(objectClass=*)

[Mon Jun 18 16:32:00 2007] [warn] [client 127.0.0.1] [796] auth_ldap
authenticate: user fidesAdmin authentication failed; URI
/servlet/FidesHtmlUiServlet [ldap_search_ext_s() for user
failed][Protocol Error]

[Mon Jun 18 16:32:06 2007] [debug] mod_auth_ldap.c(337): [client
127.0.0.1] [796] auth_ldap authenticate: using URL
ldap://server:3939/o=root?uid?sub?(objectClass=*)

[Mon Jun 18 16:32:06 2007] [warn] [client 127.0.0.1] [796] auth_ldap
authenticate: user fidesAdmin authentication failed; URI
/servlet/FidesHtmlUiServlet [ldap_search_ext_s() for user
failed][Protocol Error]

 

I checked the ldap logs, and it seems the request does not reach the
server. The machine is visible, I try to connect using LdapBrowser and I
succedded it. Any ideas?

 

Here is the configuration:

Re: [EMAIL PROTECTED] mod_authn_dbd with Postgres on Win32

2007-06-18 Thread Alexis Paul Bertolini


Tom Donovan wrote:
You will need to rebuild Apache (specifically, the APR-util library) 
to enable loading a DBD driver, in addition to building or finding 
apr_dbd_pgsql.so.



:-( I spent the best part of Sunday trying to compile apr-util with VC
express to little avail. It turns out you also need the postgresql
headers handy!

Thanks for the input, I will follow the forum you suggested.
It's not as easy as building Apache on Unix or Cygwin, but it's doable 
if you are inclined to build your own Windows binaries.

Or even downloading those fancy RPMs...

Alex.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Re: SSL and virtual hosts

2007-06-18 Thread Xavier Noria


On Jun 17, 2007, at 10:38 PM, Totte wrote:

Does anyone know how to generate a certificate for a main domain  
and any numbers of sub-domains for a domain in Linux?


I got my subdomains working using one cert for the main domain and  
the same cert for the subdomains. However, I get the "certificate  
issued to another domain" error when accessing the sub domains.


I am no expert, but google for "wildcard SSL certificate".

-- fxn




-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Log entries in a very odd order

2007-06-18 Thread Ashley Ward

Hi all,

I've had a bit of a strange problem with one of our servers yesterday.
It appeared to grind almost to a halt - I'm thinking it's run our of
apache processes (we're using Apache 2.0.52 with the prefork MPM).
Looking at the logs, there are quite a number of strange entries with
user agent "SiteXpert". The strange thing about them is that the time on
them seems to be completely defferent to the normal entries around them.
Are these requests which have taken ages to be handled (in some cases
several hours) or is there some other reason that could cause this to
happen? I have pasted in a very short extract from the logs below:

74.6.29.23 - - [17/Jun/2007:12:34:36 +0100] "GET
/detail.php?prodLineID=64653 HTTP/1.0" 200 17120 "-" "Mozilla/5.0
(compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)"
74.6.27.24 - - [17/Jun/2007:12:34:36 +0100] "GET
/detail.php?prodLineID=42075&detailPage=rev HTTP/1.0" 200 17152 "-"
"Mozilla/5.0 (compatible; Yahoo! Slurp;
http://help.yahoo.com/help/us/ysearch/slurp)"
64.1.215.165 - - [17/Jun/2007:12:34:36 +0100] "GET
/detail.php?prodLineID=41817 HTTP/1.0" 200 17079 "-" "Mozilla/5.0
(Twiceler-0.9 http://www.cuill.com/twiceler/robot.html)"
90.192.223.236 - - [17/Jun/2007:12:22:23 +0100] "GET
/detail.php?prodLineID=63141 HTTP/1.1" 200 17257 "-" "SiteXpert"
90.192.223.236 - - [17/Jun/2007:07:38:53 +0100] "GET
/detail.php?prodLineID=62780 HTTP/1.1" 200 8903 "-" "SiteXpert"
134.146.0.12 - - [17/Jun/2007:12:36:36 +0100] "GET
/browse.php?a=p&prodLineID=107903 HTTP/1.1" 200 8809 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; .NET CLR
2.0.50727)"
87.75.128.180 - - [17/Jun/2007:12:34:37 +0100] "GET
/browse.php?a=p&prodLineID=40192 HTTP/1.0" 200 17009 "-" "-"
74.6.75.14 - - [17/Jun/2007:12:36:37 +0100] "GET /robots.txt HTTP/1.0"
200 74 "-" "Mozilla/5.0 (compatible; Yahoo! Slurp;
http://help.yahoo.com/help/us/ysearch/slurp)"
74.6.86.161 - - [17/Jun/2007:12:36:37 +0100] "GET
/detail.php?prodLineID=104806 HTTP/1.0" 200 17226 "-" "Mozilla/5.0
(compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)"
134.146.0.12 - - [17/Jun/2007:12:36:37 +0100] "GET / HTTP/1.1" 200 62725
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR
1.1.4322; .NET CLR 2.0.50727)"
74.6.21.20 - - [17/Jun/2007:12:36:38 +0100] "GET
/detail.php?prodLineID=106156 HTTP/1.0" 200 16943 "-" "Mozilla/5.0
(compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)"

The traffic on this day was way, way down on normal so the server was
definitely having a problem. SiteXpert seems to be some kind of software
which crawls a website and creates a site map.

Thanks in advance for any help!

Ash

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] bandwidth problem on windows

2007-06-18 Thread William A. Rowe, Jr.

patrick wrote:
> hi,
> 
> search the archive, but didn't found the solution for this problem: i'm
> using apache 2.2.4 (same behaviour with 2.0.59) on windows server 2003.
> i have an issue with the bandwidth, apache is "limiting" my download to
> 230k/sec, the same server running IIS 6.0 is delivering around 380k/sec.
> why apache is not using my full bandwidth while other applications (like
> filezilla server, IIS, hmailserver is doing fine)?

Try tweaking EnableSendfile off, EnableMMAP off (seperately) and report
back if you see any variation.

Bill

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Ajax Recipe

2007-06-18 Thread Nick Kew

On Sun, 17 Jun 2007 17:00:02 -0700
Adam Bragg <[EMAIL PROTECTED]> wrote:

> Hi All,
> 
> I am trying to build as lean as an Apache as possible. Please
> forgive my extended explanation. I only include all the excess here
> so that I might find help that will remove the excess from my Apache
> build. I am a web developer/designer who is great with Javascript and
> decent with plsql and mysql. I can do a standard and modified install
> of apache and configure the server to work well out to the real
> world but I am not very experienced with Apache.
> 
> MY GOAL is to build as lean of an Apache as possible with  
> functionality that will act as a pass through to the database from  
> the client. After some research I found that Nick Kew at Webthing
> has created what I think I need but I am having difficulty
> implementing the modules and component that follow:
> 1. mod_form - http://apache.webthing.com/mod_form/ (to accept post  
> ajax calls)
> 2. mod_upload - http://apache.webthing.com/mod_upload/ (to accept  
> images posted)
> 3. mod_xmlns - http://apache.webthing.com/mod_xmlns/ (to support  
> mod_sql)
> 4. mod_sql - http://apache.webthing.com/database/mod_sql.html (to  
> insert sql requests and replies from mysql)
> 5. apr_dbd_mysql.c - http://apache.webthing.com/svn/apache/apr/ 
> apr_dbd_mysql.c (to connect to mysql) ( I placed it in httpNN/srclib/ 
> apr-util/dbd before the ./config)

Please note that some of those modules are very experimental,
and mod_sql in particular needs updating.  Joachim Zobel's
mod_sqil presents a more up-to-date alternative.  But I guess
you're expecting to have to put some work into this:-)

> After reading the Apache documentation, I decided to attempt to load  
> all my needed modules during the configuration and install so that  
> Apache would run as efficiently as possible.

Sounds like a waste of time & effort.

> Some excess excess information:
> I am trying to build a web server diminishing the middle tier as
> much as possible. I code all day long writing ColdFusion, Javascript,
> and PL/SQL, but I find myself relying on ColdFusion as just a
> passthrough for my Ajax calls to the database. I am most often just
> returning datasets to my Javascript on the client which is making
> ColdFusion seem a bit bloated for my needs. So, I want to find an
> architecture that will allow me to make requests to the database tier
> and return preformatted results. Specifically, I want to return JSON
> strings from my PL/SQL, which I already do, but use Apache to write
> the strings in the reply to the request.

You might want to add mod_cache to your toolkit!

> In the end, after I have everything running, I want to write this up  
> as a recipe because I think this type of architecture will become  
> much more popular with the trend of more of the application moving  
> away from the middle tier to the front-end and to the back end.

Good idea!

-- 
Nick Kew

Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

47 matches

Mail list logo