Selbstdefinierte HTTP Return Codes
Hallo Zusammen, von einem Tomcat (5.0.30) wird über das mod.jk (1.2.23) eine Seite mit dem r Returncode 210 an den Apachen (2.2.3) übermittelt. Im access.log steht auch das das so angekommen bzw. ausgeliefert wurde, aber an den Client wird ein 500er übermittelt. Returncodes unter 208 werden normal vom Apachen ausgeliefert. Jemand ne Ahnung was da falsch läuft Thanks Bjoern
Re: [EMAIL PROTECTED] Apache mod_rewrite/mod_proxy conflict?
pdt_p wrote: Hi... from this solution: RewriteRule ^/testing/(.*)$ http://myserverB/$1 [P,L] RewriteRule ^/(.*)$ http://myserverA/$1 [P] ProxyPassReverse /testing http://myserverB/ the original server url is fixed. In this case http://myserverB and http://myserverA. What if the original URL is dynamic which is passed from parameter? for example: http://myReveseProxyHostName/testing/myserverB/otherPath -- http://myserverB/otherPath I think for RewriteRule is quite straight forward: RewriteRule ^/testing/(.*)$ http://$1 [P] but how about the ProxyPassReverse? You really don't want to do that... think about the following: http://reverse.proxy/testing/www.google.com/ And any others. Your proxy could be used to launch an attack against a third party. You could however use something like: RewriteRule ^/testing/(servera|serverb|serverc)/(.*)$ http://$1/$2 [P] Gut you'd need to add ProxyPassReverses in for all combinations! HTH, Neil. Neil A. Hillard-2 wrote: Tamer Embaby wrote: I have the following simple setup: [1] LoadModule rewrite_module modules/mod_rewrite.so [2] LoadModule proxy_module modules/mod_proxy.so [3] LoadModule proxy_http_module modules/mod_proxy_http.so [4] RewriteEngine on [5] ProxyPass /testing http://myserverB/ [6] ProxyPassReverse /testing http://myserverB/ [7] RewriteRule ^/(.*)$ http://myserverA/$1 [P] My problem is: When I access http://myserver/testing/index.html, it gets handled by the rewrite rule and not the proxy module. The interesting point if I changed the order of LoadModule directives so now it reads: [1] LoadModule proxy_module modules/mod_proxy.so [2] LoadModule proxy_http_module modules/mod_proxy_http.so [3] LoadModule rewrite_module modules/mod_rewrite.so The proxy module handles the request and not the rewrite module! Is this behavior documented somewhere? Where can I read about it? I tried to Google a lot with no good. How can I control it? Moreover, what if I compiled in the rewrite_mod and proxy_mod statically into Apache, how would I control the order of modules calling then? I did my home work, scanned the FAQ, Googled but I cannot come up with any technical explanation for this. Simple answer - don't mix them in this way (that's what I've been doing, anyway)! Stick to mod_rewrite and you should be fine: RewriteRule ^/testing/(.*)$ http://myserverB/$1 [P,L] RewriteRule ^/(.*)$ http://myserverA/$1 [P] ProxyPassReverse /testing http://myserverB/ You can include: RewriteRule ^/testing$ /testing/ [R,L] before the above if you want to handle a missing trailing slash. -- Neil Hillard[EMAIL PROTECTED] AgustaWestland http://www.whl.co.uk/ Disclaimer: This message does not necessarily reflect the views of Westland Helicopters Ltd. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] access.log problem
Quoting Staf Wagemakers ([EMAIL PROTECTED]): own when apache2 is restarted?, and if they are, what can I do if they have not been regenerated by numerous apache2 restarts, and also complete system reboots. The access-log file is created automatically at a httpd server start if it doesn't exists.. apache2ctl restart should do the trick If, however, you've rm -rf'ed the log directory and recreated it, please make sure the ownerships and mode on the directory (and files therein) are correct so your Apache user can write to them. -Sndr. -- | Intaxication: Euphoria at getting a tax refund, which lasts until you | realize it was your money to start with. | 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Statically link libapr and libapr-util with httpd
Hi All, How can I use static libraries of libapr and libapr-util for building httpd? I want httpd to be statically linked to apr and apr-util. Please can somebody let me know how to do it? Reg Sunil Desai DISCLAIMER: This message (including attachment if any) is confidential and may be privileged. If you have received this message by mistake please notify the sender by return e-mail and delete this message from your system. Any unauthorized use or dissemination of this message in whole or in part is strictly prohibited. E-mail may contain viruses. Before opening attachments please check them for viruses and defects. While MindTree Consulting Limited (MindTree) has put in place checks to minimize the risks, MindTree will not be responsible for any viruses or defects or any forwarded attachments emanating either from within MindTree or outside. Please note that e-mails are susceptible to change and MindTree shall not be liable for any improper, untimely or incomplete transmission. MindTree reserves the right to monitor and review the content of all messages sent to or from MindTree e-mail address. Messages sent to or from this e-mail address may be stored on the MindTree e-mail system or else where.
[EMAIL PROTECTED] response time measurement at apache server
Hi all, How can I measure the response time at Apache server? thanks regards, -Rahul Gundecha - Did you know? You can CHAT without downloading messenger. Click here
RE: [EMAIL PROTECTED] response time measurement at apache server
Have a look at mod_log_config, specifically the %D and %T format strings. -ascs De : rahul gundecha [mailto:[EMAIL PROTECTED] Envoyé : mercredi 12 décembre 2007 10:40 À : users@httpd.apache.org Objet : [EMAIL PROTECTED] response time measurement at apache server Hi all, How can I measure the response time at Apache server? thanks regards, -Rahul Gundecha Did you know? You can CHAT without downloading messenger. Click here http://in.rd.yahoo.com/tagline_webmessenger_2/*http://in.messenger.yahoo.com/webmessengerpromo.php - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Help with AB and authentication
Hi, I'm trying to use AB to benchmark a site within a IIS, but I'm having problems with authentication. I'm currently using ab2 -A domain\user:password url but I can't get through the 401 error page. I've tried some variations: ab2 -A domain\user:password url ab2 -A domain\user,password url etc. When using wget, it works: wget --http-user=domain\user --http-passwd=password url The server is IIS with integrated authentication. Any ideas? Thanks, Joel - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] response time measurement at apache server
On Wed, 2007-12-12 at 09:39 +, rahul gundecha wrote: Hi all, How can I measure the response time at Apache server? you can use apache benchmark which will comes as an executable ab.send the request using ab and it shows all those performance realated informations. thanks regards, -Rahul Gundecha regs lahiru __ Did you know? You can CHAT without downloading messenger. Click here - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] response time measurement at apache server
On Wed, Dec 12, 2007 at 11:27:19AM +0100, Axel-Stephane SMORGRAV wrote:
Have a look at mod_log_config, specifically the %D and %T format strings.
ModSecurity has a few additional timers as well. They do not
appear in the documentation, but are covered in Ivan Ristic's
Apache Security Book, p. 184f.
They allow you to time the request on a reverse proxy and
on the backend seperately within the RP's access log.
It boils down to the following:
LogFormat: ... %D %{mod_security-time1}n %{mod_security-time2}n
%{mod_security-time3}n ...
Afterwards you do calculations on these values.
regs,
Christian
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] access.log problem
Staf Wagemakers wrote: On Dec 10, 2007 12:04 AM, Steve Reilly [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: I admit through fault of my own, the apache2 access logs were deleted. My question is this, are these logs automagically regenerated on their own when apache2 is restarted?, and if they are, what can I do if they have not been regenerated by numerous apache2 restarts, and also complete system reboots. The access-log file is created automatically at a httpd server start if it doesn't exists.. apache2ctl restart should do the trick -- Staf Wagemakers - http://www.wagem http://www.wagemakers.be I wish it was that easy lol, Ive been at this for days now. system restarts dont even cure the problem. All I did was remove all the log files (access.log through access.log.28) written by apache2 in /var/log/apache2/ directory thinking that an apache2 -k restart or apache2ctl restart would rewrite them but it did not. now Im screwed, because everything ive tried is not working. The reason why I did this is because for some reason beyond me apache was no longer writing to access.log.1 . it stopped one day and never continued. Webalizer showed no logs after like the middle of november, and if I did a tail -f /var/log/apache2/access.log.1 nothing showed no matter how many times I accessed any site of mine. I never messed with ownership of any directory in /var. error.log shows normal operations, which im curious about? if apache2 is not able to write logs, wouldnt it say something about it? - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] 'domain.com/foo' = 404 but 'domain.com/foo/' works fine
Hi. I created this .htaccess: - RewriteRule ^([^/]+)/$ /page.php?id=$1 [L] --- And it works fine with: http://domain.com/foo/ (it shows a webpage) But it shows a 404 error page with: http://domain.com/foo I tried adding this line to .htaccess: RewriteRule ^([^/]+)$ /page.php?id=$1 [L] - But now it shows a 500 error webpage in both cases. Any suggestion? Thank you very much. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Re: response time measurement at apache server
thanks all for the reply. Does the time shown by %D/%T include Waiting Time as well? I have tried similar logging in Tomcat server, which actually shows Service Time not the Response Time. As apache server itself does not have any request buffer, how the waiting time is accounted? About apache benchmark, I want to simulate clients from different physical machines and want Response time MEASUREMENT AT SERVER. I came across these tools for measuring Response time at server - CERTES - http://www.research.ibm.com/people/o/olshef/p49-olshefski.shtml ksniffer - http://www.research.ibm.com/people/o/olshef/osdi2004.shtml Accurate End-To-End Performance Management Using NetQoS SuperAgent Cisco WAAS - http://www.cisco.com/en/US/products/ps6870/products_white_paper0900aecd80693006.shtml But I didn't find implementation of these tools for free use. Please help me out. thanks , -Rahul Axel-Stephane SMORGRAV [EMAIL PROTECTED] wrote: Have a look at mod_log_config, specifically the %D and %T format strings. -ascs De : rahul gundecha [mailto:[EMAIL PROTECTED] Envoyé : mercredi 12 décembre 2007 10:40 À : users@httpd.apache.org Objet : [EMAIL PROTECTED] response time measurement at apache server Hi all, How can I measure the response time at Apache server? thanks regards, -Rahul Gundecha - Unlimited freedom, unlimited storage. Get it now
Re: [EMAIL PROTECTED] access.log problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Steve, On Dec 12, 2007, at 1:10 PM, Steve Reilly wrote: I wish it was that easy lol, Ive been at this for days now. system restarts dont even cure the problem. All I did was remove all the log files (access.log through access.log.28) written by apache2 in /var/log/apache2/ directory thinking that an apache2 -k restart or apache2ctl restart would rewrite them but it did not. now Im screwed, because everything ive tried is not working. The reason why I did this is because for some reason beyond me apache was no longer writing to access.log.1 . it stopped one day and never continued. Webalizer showed no logs after like the middle of november, and if I did a tail -f /var/log/apache2/access.log.1 nothing showed no matter how many times I accessed any site of mine. I never messed with ownership of any directory in /var. error.log shows normal operations, which im curious about? if apache2 is not able to write logs, wouldnt it say something about it? Be sure to verify and re-verify permissions. In 90% of the cases that's where the problem lies, even though it may seem otherwise at first. Try the following: root su - apache apache cd /var/log/apache apache echo test access.log That of course assumes that 'apache' is a working user, with a login shell, but you get the idea. Furthermore check what your logrotate does. Are the access.log.* files written by Apache itself (using a log statement configuration that pipes into a log rotator) or via a cron driven logrotate? In the latter case, Apache doesn't need to write access.log.1 and tail -f on the file wouldn't be too useful. What are the exact permissions of: /var, /var/log, /var/log/apache, / var/log/apache/* (especially error_log compared to access*)? HTH, -- Karel Kubat / M +31 6 2956 4861 (+31 6 AWK 6 HUM 1) Blind Spot: What Dick and Jane did to be cruel. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (Darwin) iD8DBQFHX9LF23FrzRzybNURAiRpAJwKhtnoamzX/wHkpnsIUs63lcGKJgCgzdDh mx7w1U4ML8IsTX5AdAmu87E= =uCeK -END PGP SIGNATURE- - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] 'domain.com/foo' = 404 but 'domain.com/foo/' works fine
On Dec 12, 2007 7:18 AM, thomas Armstrong [EMAIL PROTECTED] wrote: Hi. I created this .htaccess: - RewriteRule ^([^/]+)/$ /page.php?id=$1 [L] --- And it works fine with: http://domain.com/foo/ (it shows a webpage) But it shows a 404 error page with: http://domain.com/foo Looks like ending your pattern in /?$ or /*$ would allow you to throw away 0 or more trailing slashes. -- Eric Covener [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Help with AB and authentication
On Wed, 2007-12-12 at 11:30 +, Joel Carlos Martinho Alexandre (DSI) wrote: I'm trying to use AB to benchmark a site within a IIS, but I'm having problems with authentication. I'm currently using ab2 -A domain\user:password url Try ab2 -A domain\\user:password url The command line thinks you're escaping the first character of the username since backslashed are used as escape markers. Pass a pair, and the first backslash escapes the second one, thus passing it to the application. Alternatively, put the whole thing in single quotes: 'domain\user:password' and see if ab takes that. Graeme - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] security issue
hi list,
i installed apache on centos 5 and i have some questions regarding
security for apache. i read security tips on
http://httpd.apache.org/docs/2.2/misc/security_tips.html and get the idea,
but still need some advices from guru here.
/etc/httpd/conf/httpd.conf:
ServerRoot /etc/httpd
User apache
Group apache
DocumentRoot /var/www/html
as of now, /var/www/html/ belongs to root user group.
but i have couple developers here that need to upload files to this folder
that i don't want to give out the root password. what should i change
/var/www/html/ folder to?
i also have a SSI folder (/var/www/html/includes) that i don't want any
web user to have access to because these includes files contain
user/password to mysql.
for example, at the beginning of /var/www/html/index.php, i have:
?
include_once('/var/www/html/includes/global.php');
include_once('/var/www/html/includes/connect.php');
?
i try to prevent web user doing this:
wget http://10.0.0.120/includes/global.php
but at the same time allow apache server to access files in
/var/www/html/inclues/ folder.
any idea/suggestion.
thank you,
t. hiep
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Help with AB and authentication
I already tried that. Didn't work. Maybe it's another thing. With wget, i does 3 request just to get one page. The first two return 401 and only the third is giving a 200. Maybe ab, for some reason, isn't trying enough times to authenticate. In AB with verbose active, I can see it only tries one time. Regards, Joel -Original Message- From: Graeme Fowler [mailto:[EMAIL PROTECTED] Sent: quarta-feira, 12 de Dezembro de 2007 13:51 To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] Help with AB and authentication On Wed, 2007-12-12 at 11:30 +, Joel Carlos Martinho Alexandre (DSI) wrote: I'm trying to use AB to benchmark a site within a IIS, but I'm having problems with authentication. I'm currently using ab2 -A domain\user:password url Try ab2 -A domain\\user:password url The command line thinks you're escaping the first character of the username since backslashed are used as escape markers. Pass a pair, and the first backslash escapes the second one, thus passing it to the application. Alternatively, put the whole thing in single quotes: 'domain\user:password' and see if ab takes that. Graeme - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Help with AB and authentication
That's right. Unfortunately i'm unable to change the virtual directory configuration. Cumprimentos, Joel Alexandre Direcção de Sistemas de Informação PORT - Sector de Portais R. Alexandre Herculano, nº53 - 2º andar 1269-152 Lisboa email: [EMAIL PROTECTED] -Original Message- From: Neil A. Hillard [mailto:[EMAIL PROTECTED] Sent: quarta-feira, 12 de Dezembro de 2007 14:33 To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] Help with AB and authentication Hi, Joel Carlos Martinho Alexandre (DSI) wrote: I already tried that. Didn't work. Maybe it's another thing. With wget, i does 3 request just to get one page. The first two return 401 and only the third is giving a 200. Maybe ab, for some reason, isn't trying enough times to authenticate. In AB with verbose active, I can see it only tries one time. IIRC correctly you mentioned that you were using 'windows integrated authentication'. Try using something standard like basic authentication on your web server and then retry. HTH, Neil. -Original Message- From: Graeme Fowler [mailto:[EMAIL PROTECTED] Sent: quarta-feira, 12 de Dezembro de 2007 13:51 To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] Help with AB and authentication On Wed, 2007-12-12 at 11:30 +, Joel Carlos Martinho Alexandre (DSI) wrote: I'm trying to use AB to benchmark a site within a IIS, but I'm having problems with authentication. I'm currently using ab2 -A domain\user:password url Try ab2 -A domain\\user:password url The command line thinks you're escaping the first character of the username since backslashed are used as escape markers. Pass a pair, and the first backslash escapes the second one, thus passing it to the application. Alternatively, put the whole thing in single quotes: 'domain\user:password' and see if ab takes that. -- Neil Hillard[EMAIL PROTECTED] AgustaWestland http://www.whl.co.uk/ Disclaimer: This message does not necessarily reflect the views of Westland Helicopters Ltd. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Re: response time measurement at apache server
What about Apache Bench (ab)? It's part of the Apache distribution. -ascs De : rahul gundecha [mailto:[EMAIL PROTECTED] Envoyé : mercredi 12 décembre 2007 13:28 À : users@httpd.apache.org Objet : [EMAIL PROTECTED] Re: response time measurement at apache server thanks all for the reply. Does the time shown by %D/%T include Waiting Time as well? I have tried similar logging in Tomcat server, which actually shows Service Time not the Response Time. As apache server itself does not have any request buffer, how the waiting time is accounted? About apache benchmark, I want to simulate clients from different physical machines and want Response time MEASUREMENT AT SERVER. I came across these tools for measuring Response time at server - * CERTES - http://www.research.ibm.com/people/o/olshef/p49-olshefski.shtml http://www.research.ibm.com/people/o/olshef/p49-olshefski.shtml * ksniffer - http://www.research.ibm.com/people/o/olshef/osdi2004.shtml * Accurate End-To-End Performance Management Using NetQoS SuperAgent Cisco WAAS - http://www.cisco.com/en/US/products/ps6870/products_white_paper0900aecd80693006.shtml But I didn't find implementation of these tools for free use. Please help me out. thanks , -Rahul Axel-Stephane SMORGRAV [EMAIL PROTECTED] wrote: Have a look at mod_log_config, specifically the %D and %T format strings. -ascs De : rahul gundecha [mailto:[EMAIL PROTECTED] Envoyé : mercredi 12 décembre 2007 10:40 À : users@httpd.apache.org Objet : [EMAIL PROTECTED] response time measurement at apache server Hi all, How can I measure the response time at Apache server? thanks regards, -Rahul Gundecha Unlimited freedom, unlimited storage. Get it now http://in.rd.yahoo.com/tagline_mail_2/*http://help.yahoo.com/l/in/yahoo/mail/yahoomail/tools/tools-08.html/ - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] 'domain.com/foo' = 404 but 'domain.com/foo/' works fine
Hi, thomas Armstrong wrote: Hi Eric. Thank you very much for you answer. I typed: - RewriteRule ^([^/]+)/*$ /page.php?id=$1 [L] - and got 500 error message on every page on my website. The same with: --- RewriteRule ^([^/]+)/?$ /page.php?id=$1 [L] So what does error_log have to say about things? Neil. On Dec 12, 2007 1:31 PM, Eric Covener [EMAIL PROTECTED] wrote: On Dec 12, 2007 7:18 AM, thomas Armstrong [EMAIL PROTECTED] wrote: Hi. I created this .htaccess: - RewriteRule ^([^/]+)/$ /page.php?id=$1 [L] --- And it works fine with: http://domain.com/foo/ (it shows a webpage) But it shows a 404 error page with: http://domain.com/foo Looks like ending your pattern in /?$ or /*$ would allow you to throw away 0 or more trailing slashes. -- Neil Hillard[EMAIL PROTECTED] AgustaWestland http://www.whl.co.uk/ Disclaimer: This message does not necessarily reflect the views of Westland Helicopters Ltd. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] 'domain.com/foo' = 404 but 'domain.com/foo/' works fine
Hi Eric. Thank you very much for you answer. I typed: - RewriteRule ^([^/]+)/*$ /page.php?id=$1 [L] - and got 500 error message on every page on my website. The same with: --- RewriteRule ^([^/]+)/?$ /page.php?id=$1 [L] Regards, --Thomas On Dec 12, 2007 1:31 PM, Eric Covener [EMAIL PROTECTED] wrote: On Dec 12, 2007 7:18 AM, thomas Armstrong [EMAIL PROTECTED] wrote: Hi. I created this .htaccess: - RewriteRule ^([^/]+)/$ /page.php?id=$1 [L] --- And it works fine with: http://domain.com/foo/ (it shows a webpage) But it shows a 404 error page with: http://domain.com/foo Looks like ending your pattern in /?$ or /*$ would allow you to throw away 0 or more trailing slashes. -- Eric Covener [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] security issue
On Wed, 12 Dec 2007, Karel Kubat wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Hiep,
On Dec 12, 2007, at 3:13 PM, Hiep Nguyen wrote:
i installed apache on centos 5 and i have some questions regarding security
for apache. i read security tips on
http://httpd.apache.org/docs/2.2/misc/security_tips.html and get the idea,
but still need some advices from guru here.
/etc/httpd/conf/httpd.conf:
ServerRoot /etc/httpd
User apache
Group apache
DocumentRoot /var/www/html
as of now, /var/www/html/ belongs to root user group.
Make this apache:apache, it fits better with the User/Group specifiers above.
is there any security risk by changing /var/www/html/ to apache:apache?
how are the developers upload/download files?
should i create a user/group and let all of them use this user to
upload/download files?
but i have couple developers here that need to upload files to this folder
that i don't want to give out the root password. what should i change
/var/www/html/ folder to?
Use apache:apache if you think that all developers are trustworthy ;-)
Definitely not root:root. When you make the ownership change, verify that
apache:apache may indeed read /var/www/html/.
how do i verify this?
i also have a SSI folder (/var/www/html/includes) that i don't want any web
user to have access to because these includes files contain user/password
to mysql.
for example, at the beginning of /var/www/html/index.php, i have:
?
include_once('/var/www/html/includes/global.php');
include_once('/var/www/html/includes/connect.php');
?
PHP includes this way locally, from the file system. There is no need to park
these files in the docroot tree. E.g., stick them in /var/www/includes/,
outside of /var/www/html. Then use
include_once('/var/www/includes/global.php').
i try to prevent web user doing this:
wget http://10.0.0.120/includes/global.php
but at the same time allow apache server to access files in
/var/www/html/inclues/ folder.
Definitely a good idea ;-)
See above..
HTH,
--
Karel Kubat / M +31 6 2956 4861 (+31 6 AWK 6 HUM 1)
From the collection of Wise Quotes:
I'm not into working out. My philosophy: No
pain, no pain. - Carol Leifer
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (Darwin)
iD8DBQFHX/Ma23FrzRzybNURAuoUAJ9Oe+myyzOTcwXTgT2qfoe+lury+ACgmKXZ
r8ZP+UpEyz5jPZAtYknFN2A=
=SPCk
-END PGP SIGNATURE-
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] security issue
Hi, Karel Kubat wrote: Hi Hiep, On Dec 12, 2007, at 3:13 PM, Hiep Nguyen wrote: i installed apache on centos 5 and i have some questions regarding security for apache. i read security tips on http://httpd.apache.org/docs/2.2/misc/security_tips.html and get the idea, but still need some advices from guru here. /etc/httpd/conf/httpd.conf: ServerRoot /etc/httpd User apache Group apache DocumentRoot /var/www/html as of now, /var/www/html/ belongs to root user group. Make this apache:apache, it fits better with the User/Group specifiers above. That's got to be a seriously bad move. Doing that will allow the user that the web server is running as write access to the document root. Someone posted earlier on the list about creating a group, etc. which would seem a much better way of handling things. but i have couple developers here that need to upload files to this folder that i don't want to give out the root password. what should i change /var/www/html/ folder to? Use apache:apache if you think that all developers are trustworthy ;-) Definitely not root:root. When you make the ownership change, verify that apache:apache may indeed read /var/www/html/. See above. How are you suggesting the developers upload files? By adding them to the apache group? Please see a previous post for a much better solution. HTH, Neil. -- Neil Hillard[EMAIL PROTECTED] AgustaWestland http://www.whl.co.uk/ Disclaimer: This message does not necessarily reflect the views of Westland Helicopters Ltd. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Apache 2.0.59 on non-standard port interactions with mod_jk/Tomcat
Hello, I currently have a web farm behind a load balancer. The load balancer is configured to listen only on port 80 and to send requests to a particular URL, say /foo, to TCP port 5001 on the web servers where I have an Apache 2.0.59 instance running. /foo is actually a JkMount to a Tomcat application. The problem is that within Tomcat, the application causes an HTTP redirect to be sent to /foo/blah.jsp. Unfortunately, the response comes back as: HTTP/1.1 301 Moved Permanently Date: Wed, 12 Dec 2007 16:16:11 GMT Server: Apache/2.0.59 (Linux/SuSE) mod_jk/1.2.6-dev Location: http://hostname-of-the-load-balancer:5001/foo/blah.jsp The load balancer isn't listening on port 5001, obviously. What piece of this equation is misconfigured, and what do I need to get Tomcat to send the redirect response without the port number? (It *is* Tomcat doing this, and not Apache per se; I packet-sniffed the AJP traffic to determine that -- but I noticed that the port 5001 does appear in the initial JK request from Apache to Tomcat.) - Julian -- -- Julian C. Dunn, P.Eng. [EMAIL PROTECTED] -- Assistant Team Lead, Media Production Support, CBC Technology -- Digital Programming and Business Development -- Office: 2C310-N * Tel.: (416) 205-3311 x6988 * DID: 1-151-6988 - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Help with AB and authentication
Joel Carlos Martinho Alexandre (DSI) wrote: Hi, I'm trying to use AB to benchmark a site within a IIS, but I'm having problems with authentication. I'm currently using ab2 -A domain\user:password url but I can't get through the 401 error page. I've tried some variations: ab2 -A domain\user:password url ab2 -A domain\user,password url etc. When using wget, it works: wget --http-user=domain\user --http-passwd=password url The server is IIS with integrated authentication. Any ideas? IIS on a client OS (workstation/home/etc) authenticates 10 users and then surrenders; your ELUA permits only 10 connections which MS has for years interpreted as authenticated clients. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Help with AB and authentication
The IIS is running on a Windows server (2003, i think) Rgds, Joel -Original Message- From: William A. Rowe, Jr. [mailto:[EMAIL PROTECTED] Sent: quarta-feira, 12 de Dezembro de 2007 16:26 To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] Help with AB and authentication Joel Carlos Martinho Alexandre (DSI) wrote: Hi, I'm trying to use AB to benchmark a site within a IIS, but I'm having problems with authentication. I'm currently using ab2 -A domain\user:password url but I can't get through the 401 error page. I've tried some variations: ab2 -A domain\user:password url ab2 -A domain\user,password url etc. When using wget, it works: wget --http-user=domain\user --http-passwd=password url The server is IIS with integrated authentication. Any ideas? IIS on a client OS (workstation/home/etc) authenticates 10 users and then surrenders; your ELUA permits only 10 connections which MS has for years interpreted as authenticated clients. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] 'domain.com/foo' = 404 but 'domain.com/foo/' works fine
On Dec 12, 2007 3:41 PM, thomas Armstrong [EMAIL PROTECTED] wrote: Hi Eric. Thank you very much for you answer. I typed: - RewriteRule ^([^/]+)/*$ /page.php?id=$1 [L] - and got 500 error message on every page on my website. The same with: --- RewriteRule ^([^/]+)/?$ /page.php?id=$1 [L] Ad a RewriteLog with high enough log level. That way you will see how your URLs are rewritten. If you don't understand something in the log just post it here. Krist -- [EMAIL PROTECTED] [EMAIL PROTECTED] Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Re: response time measurement at apache server
As I mentioned in earlier mail - About apache benchmark, I want to simulate clients from different physical machines and want Response time MEASUREMENT AT SERVER. Hence I do not want to use ab. So that this can work in practical scenario as well. Axel-Stephane SMORGRAV [EMAIL PROTECTED] wrote: What about Apache Bench (ab)? It's part of the Apache distribution. -ascs De : rahul gundecha [mailto:[EMAIL PROTECTED] Envoyé : mercredi 12 décembre 2007 13:28 À : users@httpd.apache.org Objet : [EMAIL PROTECTED] Re: response time measurement at apache server thanks all for the reply. Does the time shown by %D/%T include Waiting Time as well? I have tried similar logging in Tomcat server, which actually shows Service Time not the Response Time. As apache server itself does not have any request buffer, how the waiting time is accounted? About apache benchmark, I want to simulate clients from different physical machines and want Response time MEASUREMENT AT SERVER. I came across these tools for measuring Response time at server - * CERTES - http://www.research.ibm.com/people/o/olshef/p49-olshefski.shtml * ksniffer - http://www.research.ibm.com/people/o/olshef/osdi2004.shtml * Accurate End-To-End Performance Management Using NetQoS SuperAgent Cisco WAAS - http://www.cisco.com/en/US/products/ps6870/products_white_paper0900aecd80693006.shtml But I didn't find implementation of these tools for free use. Please help me out. thanks , -Rahul Axel-Stephane SMORGRAV wrote: Have a look at mod_log_config, specifically the %D and %T format strings. -ascs De : rahul gundecha [mailto:[EMAIL PROTECTED] Envoyé : mercredi 12 décembre 2007 10:40 À : users@httpd.apache.org Objet : [EMAIL PROTECTED] response time measurement at apache server Hi all, How can I measure the response time at Apache server? thanks regards, -Rahul Gundecha Unlimited freedom, unlimited storage. Get it now - The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -Rahl... exceptions are most common things to happen. - Chat on a cool, new interface. No download required. Click here.
[EMAIL PROTECTED] Wrong HTTP Return Codes
Hello togehter, when i send a page from my tomcat through the mod.jk (1.2.23) to the apache (2.2.3) with the return code 210, then the apache will send a returncode 500 (internal server error) to the client. but in the access.log a 210 logged. The apache will send other pages from tomcat with returncodes less then 208 correct to the client. What is going wrong? Thank for help, bjoern - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Why does a form POST generate a redirect (302) with GET?
On Wed, 12 Dec 2007 21:32:17 +0300 CS Imamu [EMAIL PROTECTED] wrote: The Web server appears to receive the POST request from the browser and then sends a redirect (302) response to the browser. The server won't do that unprompted. Either your application or your configuration is sending a redirect. We don't know why this is happening. This is causing the browser to either display an error That doesn't make sense. 302 isn't an error. or to send the post request again as a GET request. The GET request fails because the browser is putting the form data in the URI, making it too big. That's incredibly broken browser behaviour (unless your application is sending the whole caboodle in the redirect). I don't believe any normal browser is that broken. I infer that your problem description is garbled. -- Nick Kew Application Development with Apache - the Apache Modules Book http://www.apachetutor.org/ - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] SSI of php file inside JSP, almost there.....
Hi all, As the title suggests I'm trying to do a server side include of a .php file in my jsp such that apache will run the php and of course tomcat handles the .jsp. Here's what I've got so far: - httpd.conf in the section for my virtual server: SetEnvIf Request_URI /blog* no-jk IfModule mod_jk.c JkMount /* ajp13 /IfModule /VirtualHost -- It basically appears that the SetEnvIf Request_URI /blog* no-jk line simply does not work. the /blog directory is outside of my war in my apache document root. It holds .php and .css files for my wordpress blog. Whenever I try to access a php file in the blog directory it tries to send the request to tomcat instead. If I take out the SetEnvIf and instead put lots of JkMount /*.XXX ajp13 where XXX is EVERY file extension EXCEPT for .php extension, then the .php files will run in apache perfectly and the SSI in my .jsp works -- however that means when the .php files run if they reference any .css or .js or images, it's going to send the request to tomcat under the base /appname directory, meaning now the relative paths to those files are broken (they live under /blog but because of the JkMount /*.css they now start looking in tomcat /appname). Any idea what I could try to do in order to fix this? Basically what I need is this: a) directory php in my war file where apache will execute everything in that directory and and b) the wordpress /blog directory, that lives outside of my war, to have everything inside it be executed by apache and allowing all other stuff (except for what's in a) to be executed by tomcat. Ideas? Thanks!! Aaron -- View this message in context: http://www.nabble.com/SSI-of-php-file-inside-JSP%2C-almost-there.-tp14301792p14301792.html Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] error reading the headers, referer
Im posting this page 80.176.75.30 - - [12/Dec/2007:20:40:59 +] POST /phpBB3/posting.php?mode=postf=3sid=a9c59ff6c88bb6d8893efd91edb67a18 HTTP/1.1 400 0 http://simontaylor.org.uk/phpBB3/posting.php?mode=postf=3; Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 And getting this error:- [Wed Dec 12 20:45:16 2007] [error] [client 80.176.75.30] request failed: error reading the headers, referer: http://simontaylor.org.uk/phpBB3/posting.php?mode=postf=3 Can someone point me in the right direction please. This may be related to a php misconfiguration but I want to rule out simple apache config issues before I progress down that path of investigation Thanks Simon Taylor Global Tools Development (GTD) Engineer Nortel Email [EMAIL PROTECTED] Office +44.1279 402291 (ESN 6 742 2291) Mobile +44.7740.533743 (ESN 748 3743)
Re: [EMAIL PROTECTED] log file upload
On 13/12/2007, Jean-Christophe Roux [EMAIL PROTECTED] wrote: The users of my site can upload images using regular html forms. I would like to log the uploads so that I know such IP address at such time has uploaded such file. This is the last part that I am unable to do. Going through the docs on custom logs, I am not finding a solution. I could do that from my cgi program but I'd rather Apache to do it. I am running Apache 2.2 on Linux. Apache isn't able to do such logging as the filename is part of the POST request entity and not a request header. mod_security might help.. -- noodl - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] log file upload
Yep, modsecurity's audit_log can capture full request bodies if you desire and this would include the filename data from the multipart-form-data upload sections. You could also optionally intercept and make copies of uploaded files to store them locally. Thanks, Ryan C. Barnett - Original Message - From: Vincent Bray [EMAIL PROTECTED] To: users@httpd.apache.org users@httpd.apache.org Sent: Wed Dec 12 21:14:24 2007 Subject: Re: [EMAIL PROTECTED] log file upload On 13/12/2007, Jean-Christophe Roux [EMAIL PROTECTED] wrote: The users of my site can upload images using regular html forms. I would like to log the uploads so that I know such IP address at such time has uploaded such file. This is the last part that I am unable to do. Going through the docs on custom logs, I am not finding a solution. I could do that from my cgi program but I'd rather Apache to do it. I am running Apache 2.2 on Linux. Apache isn't able to do such logging as the filename is part of the POST request entity and not a request header. mod_security might help.. -- noodl - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] log file upload
Hello, The users of my site can upload images using regular html forms. I would like to log the uploads so that I know such IP address at such time has uploaded such file. This is the last part that I am unable to do. Going through the docs on custom logs, I am not finding a solution. I could do that from my cgi program but I'd rather Apache to do it. I am running Apache 2.2 on Linux. Thanks in advance Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs
