Re: [us...@httpd] beginner's mod_rewrite recursion problem
Try this one RewriteRule ^/frobooz/(.*) /foo/bar/$1 [L] Cheers, Igor On Wed, May 6, 2009 at 1:49 AM, André Warnier wrote: > Kynn Jones wrote: > ... > > Hi. > The best way to understand what is at stake here is to get yourself a > Firefox extension like HttpFox, activate it, and then get your page from the > server. > Then look in the HttpFox window what your /browser/ is actually asking from > the server. > > The key part to understand, is that the browser never sends a request to > the server for "../../file.img". > It is the browser which interprets these relative links (relative to where > it got the current page from), and transforms them to make them "absolute", > before requesting the object from the server. > Once you really understand that (which is easier when you look at the > result in HttpFox), then what you need to do will become much much clearer. > > > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
Re: [us...@httpd] Newbie. Apache doesnt start ok
tirengarfio wrote: Hi, im new to Apache. I have been doing some web devs till now but with XAMPP. When I try to start it i get this error: * Starting web server apache2 apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName and i cant see localhost page (It works!). I would like to send you also the conf file, but i have open /etc/apache2/httpd.conf and it is empty... Can you help me? To get good help, you may want to : - say on what kind of system this is - what version of Apache this is - with what command you are "starting Apache" - what you enter in the browser as URL - what error you see in the browser after that - and maybe look at /etc/apache2/apache2.conf. Is it empty too ? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] mod_security
Julien Gerhards wrote:
Hi,
I try to use mod_security but it doesn t filter anything !
My vhostconf :
ServerSignature Off
ServerName cache-ext
ErrorLog logs/cache-ext_error.log
CustomLog logs/cache-ext_access.log combined
Deny from all
RewriteEngine On
#RewriteCond %{REQUEST_URI} ^/img=(.+)$
RewriteRule ^/img=(.+)$ $1 [L,P]
RewriteLog /var/log/RewriteLog.log
RewriteRule ^[/img=](.+)$ - [F]
AllowEncodedSlashes on
ProxyRequests On
ProxyVia On
CacheEnable disk /
CacheRoot "/var/cache/mod_proxy"
CacheEnable mem /
MCacheMaxObjectSize 1024000
MCacheSize 102400
# deny from all
allow from all
SecFilterEngine On
SecFilterDefaultAction "deny,log,status:403"
SecFilterDebugLevel 9
SecFilterSelective macbidouille.com
SecAuditLog logs/audit_log
It should respond me an 403 error for every URL with a macbidouille.com in the
URL.
Any ideas?
Yes.
mod_security is not a standard Apache module. As the site for
mod_security (http://www.modsecurity.org/) states :
Community support is available on the
mod-security-users/lists.sourceforge.net mailing list. You must
subscribe first (by clicking here) in order to post. The list archives
are available as News (NNTP), Threaded HTTP, Bloggy HTTP, and RSS.
So I think you will have more chances there.
Apart from that, the above rule
RewriteRule ^[/img=](.+)$ - [F]
actually means :
for URLs starting with either one of the characters /,i,m,g or =,..
do the following..
I'm not quite sure that this is what you want.
And apart from that, for your original question which was that you only
want to "forward proxy" to some 100 selected and willing external sites,
I suggest that you have a look at this
http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html
the section entitled "RewriteMap Directive", and in there the part about
a plain text rewrite map.
I am not familiar with it, and have not tried it, but I would suggest
something like this :
- you have incoming URLs like :
/img=http://somewillinghost.company.com/some/path/some.jpg
- you want to forward-proxy these requests to the given willing site
"somewillinghost.company.com", and to 99 other similar willing ones, but
not proxy requests to "cia.gov.us" or the whole planet.
- so you want to do a RewriteRule that will do
RewriteRule "^/img=(.+)$" $1 [P,L]
but *only* if the target site in your list of allowed ones.
Fair enough ?
Then you would first create a small text file, for example
/etc/apache2/allowed-sites.txt
containing lines like
somewillinghost.company.com somewillinghost.company.com
someotherwillinghost.company2.biz someotherwillinghost.company2.biz
athirdhost.stillwilling.org athirdhost.stillwilling.org
etc... (all your willing targets)
then you would put the following directives in your httpd.conf :
RewriteMap willing /etc/apache2/allowed-sites.txt
RewriteRule "^/img=http://([^.]+\.[^.]+\.[^/]+)/(.+)$
http://${willing:$1 | some.bad.host}/$2 [P,L]
(the RewriteRule above is one line).
(some.bad.host is the "default value". If the right allowed host is not
found in your rewritemap file, then this hostname will be substituted.
That could be another virtual host on your server which always answers
"forbidden".
The idea is :
in the RewriteRule above, the first parenthesised group () matches the
hostname of the part after "img=" in the incoming URL, and becomes $1.
The part after the host is $2.
Then with $1 (the hostname), you find a match in the first column of
your text rewritemap file. If you find it, the whole expression
"${willing:$1 | some.bad.host}" is replaced by the content of column 2
(which is the same as column one, or as $1). So this call gets proxied
to the requested host.
If $1 does not match a line in your rewritemap file however, then
"${willing:$1 | some.bad.host}" is replaced by "some.bad.host", which
essentially leads nowhere (I have checked).
I have never tried something like the above, but it should be fun.
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Newbie. Apache doesnt start ok
that is a warning not an error. Mostly httpd.conf will be inside conf directory under apache folder. Did you see one? /etc/apache2/conf/httpd.conf If yes, probably thats the one apache is using. Search "ServerName" (and put FQDN of your machine there maybe) and make sure you uncomment it. Regards Prasanna Ram On Thu, May 7, 2009 at 12:00 AM, tirengarfio wrote: > > Hi, > > im new to Apache. I have been doing some web devs till now but with XAMPP. > > When I try to start it i get this error: > > * Starting web server apache2 > apache2: Could not reliably determine the server's fully qualified domain > name, using 127.0.1.1 for ServerName > > and i cant see localhost page (It works!). > > I would like to send you also the conf file, but i have open > /etc/apache2/httpd.conf and it is empty... > > Can you help me? > > Bye > -- > View this message in context: > http://www.nabble.com/Newbie.-Apache-doesnt-start-ok-tp23412802p23412802.html > Sent from the Apache HTTP Server - Users mailing list archive at > Nabble.com. > > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
[us...@httpd] Newbie. Apache doesnt start ok
Hi, im new to Apache. I have been doing some web devs till now but with XAMPP. When I try to start it i get this error: * Starting web server apache2 apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName and i cant see localhost page (It works!). I would like to send you also the conf file, but i have open /etc/apache2/httpd.conf and it is empty... Can you help me? Bye -- View this message in context: http://www.nabble.com/Newbie.-Apache-doesnt-start-ok-tp23412802p23412802.html Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] httpd service not starting on Windows 2008 (64bit) through Microsoft Failover Cluster
Indeed :), it wud wrk great i guess ( just remember a recetnt thread running for this :)) Just now I noticed that log. may be he need to escape double quotes as well (\"\") when starting from that cluster?? Regards Prasanna Ram On Wed, May 6, 2009 at 10:46 PM, André Warnier wrote: > In addition to Jonathan's remarks, when looking at the detail of these log > messages (the ones mentioning the arguments along with an argument number), > I have the feeling that this illustrates once again the fundamental idiocy > and error-proneness of paths with embedded spaces. > > It looks very much like the command-line is being parsed by splitting on > space chars. Probably again a case where initial quoting is stripped at > step 1, and confuses subsequent steps no end. > > To the OP : what would happen if you installed Apache in, say, C:\Apache ? > > > > > > Jonathan Zuckerman wrote: > >> On Wednesday, May 6, 2009, Raja Shekar CS wrote: >> >>> Hi, >>> @Jonathan: error output I get is the complete usage help. There is no >>> specific error seen. >>> I added some debug logging to the httpd startup code, and it looks like >>> Microsoft Failover Cluster server is passing invalid arguments: >>> >>> When started from Microsoft Failover Cluster: >>> [Wed May 06 19:28:09 2009] [warn] INPUT ARGS 0 of 8 (8):: C:\\Program >>> Files (x86)\\NetApp\\DataFabric Manager\\DFM\\bin\\httpd.exe >>> [Wed May 06 19:28:09 2009] [warn] INPUT ARGS 1 of 8 (8):: -d[Wed May 06 >>> 19:28:09 2009] [warn] INPUT ARGS 2 of 8 (8):: C:/Program Files >>> (x86)/NetApp/DataFabric Manager/DFM[Wed May 06 19:28:09 2009] [warn] INPUT >>> ARGS 3 of 8 (8):: -f >>> [Wed May 06 19:28:09 2009] [warn] INPUT ARGS 4 of 8 (8):: C:\\Program >>> Files (x86)\\NetApp\\DataFabric Manager\\DFM\\conf\\httpd.conf[Wed May 06 >>> 19:28:09 2009] [warn] INPUT ARGS 5 of 8 (8):: Files >>> [Wed May 06 19:28:09 2009] [warn] INPUT ARGS 6 of 8 (8):: >>> (x86)\\NetApp\\DataFabric[Wed May 06 19:28:09 2009] [warn] INPUT ARGS 7 of >>> 8 (8):: Manager\\DFM\\bin\\httpd.exe -k runservice >>> >>> The last three are causing the issue. These three are automatically taken >>> as startup parameter when apache service as added as Generic Service to >>> failover cluster (screenshot attached). >>> When started from Service Control Manager (on the same system): >>> >>> [Wed May 06 19:29:24 2009] [warn] INPUT ARGS 0 of 5 (5):: C:\\Program >>> Files (x86)\\NetApp\\DataFabric Manager\\DFM\\bin\\httpd.exe[Wed May 06 >>> 19:29:24 2009] [warn] INPUT ARGS 1 of 5 (5):: -d >>> [Wed May 06 19:29:24 2009] [warn] INPUT ARGS 2 of 5 (5):: C:/Program >>> Files (x86)/NetApp/DataFabric Manager/DFM[Wed May 06 19:29:24 2009] [warn] >>> INPUT ARGS 3 of 5 (5):: -f[Wed May 06 19:29:24 2009] [warn] INPUT ARGS 4 >>> of 5 (5):: C:\\Program Files (x86)\\NetApp\\DataFabric >>> Manager\\DFM\\conf\\httpd.conf >>> >>> By ignoring the error for the additional parameters, I was able to start >>> httpd through Failover Cluster. >>> However, I am looking for one clarification: >>> Service installed in service control manager with "Path to executable" >>> as: >>> >>> "C:\\Program Files (x86)\\NetApp\\DataFabric >>> Manager\\DFM\\bin\\httpd.exe" -k runservice >>> I am not able to understand why the "-k runservice" argument is not >>> showing up when started through service control manager. Just want to be >>> sure that i haven't made a mistake in logging, and that this is the expected >>> behavior. >>> >>> Thanks for your inputs, >>> Raj. >>> On Wed, May 6, 2009 at 2:34 AM, Jonathan Zuckerman < >>> j.zucker...@gmail.com> wrote: >>> On Tue, May 5, 2009 at 5:26 AM, Raja Shekar CS >>> wrote: >>> Hi, I tried an earlier version of apache (2.0.63) and also at simpler path. No luck. Any other hints ? Pls let me know. Thanks, Raj. On Mon, May 4, 2009 at 5:57 PM, Eric Covener wrote: > On Mon, May 4, 2009 at 7:57 AM, Raja Shekar CS > wrote: > >> I am facing an issue in bringing up httpd (2.2.10) configured in >> Microsoft >> Failover Cluster (MSCS) on Windows 2008 64 bit system. >> >>> Usage: C:\\Program Files (x86)\\DFM\\bin\\httpd.exe [-D name] [-d > Tried simplifying the path? > > -- > Eric Covener > cove...@gmail.com > > - > The official User-To-User support forum of the Apache HTTP Server > Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > >> Is it normal for the backslashrs in the path to be doubled up like that? >> Also why is the -k parameter outside the string delimiters? >> Sorry I'm not familiar with the microsoft technologies.. >> >>> Could you paste the error
Re: [us...@httpd] httpd service not starting on Windows 2008 (64bit) through Microsoft Failover Cluster
In addition to Jonathan's remarks, when looking at the detail of these log messages (the ones mentioning the arguments along with an argument number), I have the feeling that this illustrates once again the fundamental idiocy and error-proneness of paths with embedded spaces. It looks very much like the command-line is being parsed by splitting on space chars. Probably again a case where initial quoting is stripped at step 1, and confuses subsequent steps no end. To the OP : what would happen if you installed Apache in, say, C:\Apache ? Jonathan Zuckerman wrote: On Wednesday, May 6, 2009, Raja Shekar CS wrote: Hi, @Jonathan: error output I get is the complete usage help. There is no specific error seen. I added some debug logging to the httpd startup code, and it looks like Microsoft Failover Cluster server is passing invalid arguments: When started from Microsoft Failover Cluster: [Wed May 06 19:28:09 2009] [warn] INPUT ARGS 0 of 8 (8):: C:\\Program Files (x86)\\NetApp\\DataFabric Manager\\DFM\\bin\\httpd.exe [Wed May 06 19:28:09 2009] [warn] INPUT ARGS 1 of 8 (8):: -d[Wed May 06 19:28:09 2009] [warn] INPUT ARGS 2 of 8 (8):: C:/Program Files (x86)/NetApp/DataFabric Manager/DFM[Wed May 06 19:28:09 2009] [warn] INPUT ARGS 3 of 8 (8):: -f [Wed May 06 19:28:09 2009] [warn] INPUT ARGS 4 of 8 (8):: C:\\Program Files (x86)\\NetApp\\DataFabric Manager\\DFM\\conf\\httpd.conf[Wed May 06 19:28:09 2009] [warn] INPUT ARGS 5 of 8 (8):: Files [Wed May 06 19:28:09 2009] [warn] INPUT ARGS 6 of 8 (8):: (x86)\\NetApp\\DataFabric[Wed May 06 19:28:09 2009] [warn] INPUT ARGS 7 of 8 (8):: Manager\\DFM\\bin\\httpd.exe -k runservice The last three are causing the issue. These three are automatically taken as startup parameter when apache service as added as Generic Service to failover cluster (screenshot attached). When started from Service Control Manager (on the same system): [Wed May 06 19:29:24 2009] [warn] INPUT ARGS 0 of 5 (5):: C:\\Program Files (x86)\\NetApp\\DataFabric Manager\\DFM\\bin\\httpd.exe[Wed May 06 19:29:24 2009] [warn] INPUT ARGS 1 of 5 (5):: -d [Wed May 06 19:29:24 2009] [warn] INPUT ARGS 2 of 5 (5):: C:/Program Files (x86)/NetApp/DataFabric Manager/DFM[Wed May 06 19:29:24 2009] [warn] INPUT ARGS 3 of 5 (5):: -f[Wed May 06 19:29:24 2009] [warn] INPUT ARGS 4 of 5 (5):: C:\\Program Files (x86)\\NetApp\\DataFabric Manager\\DFM\\conf\\httpd.conf By ignoring the error for the additional parameters, I was able to start httpd through Failover Cluster. However, I am looking for one clarification: Service installed in service control manager with "Path to executable" as: "C:\\Program Files (x86)\\NetApp\\DataFabric Manager\\DFM\\bin\\httpd.exe" -k runservice I am not able to understand why the "-k runservice" argument is not showing up when started through service control manager. Just want to be sure that i haven't made a mistake in logging, and that this is the expected behavior. Thanks for your inputs, Raj. On Wed, May 6, 2009 at 2:34 AM, Jonathan Zuckerman wrote: On Tue, May 5, 2009 at 5:26 AM, Raja Shekar CS wrote: Hi, I tried an earlier version of apache (2.0.63) and also at simpler path. No luck. Any other hints ? Pls let me know. Thanks, Raj. On Mon, May 4, 2009 at 5:57 PM, Eric Covener wrote: On Mon, May 4, 2009 at 7:57 AM, Raja Shekar CS wrote: I am facing an issue in bringing up httpd (2.2.10) configured in Microsoft Failover Cluster (MSCS) on Windows 2008 64 bit system. Usage: C:\\Program Files (x86)\\DFM\\bin\\httpd.exe [-D name] [-d Tried simplifying the path? -- Eric Covener cove...@gmail.com - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org Is it normal for the backslashrs in the path to be doubled up like that? Also why is the -k parameter outside the string delimiters? Sorry I'm not familiar with the microsoft technologies.. Could you paste the error output? From what you've sent us it looks like you're not substituting actual values for the optional parameter descriptions of the program signature, and are also using two slashes to separate directories instead of one.. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP Ser
Re: [us...@httpd] httpd service not starting on Windows 2008 (64bit) through Microsoft Failover Cluster
Yes Jonathan, Its normal in some cases. But i dont know whether we will get double slashes in "path to executable" of a service. I am not getting it in my machine for apache!. And -k runservice outside of quotes is also normal, whatever inside of double quotes is called and whatever is after that is passed as arguments to it. Regards Prasanna Ram On Wed, May 6, 2009 at 10:37 PM, Jonathan Zuckerman wrote: > On Wednesday, May 6, 2009, Raja Shekar CS wrote: > > Hi, > > @Jonathan: error output I get is the complete usage help. There is no > specific error seen. > > I added some debug logging to the httpd startup code, and it looks like > Microsoft Failover Cluster server is passing invalid arguments: > > > > When started from Microsoft Failover Cluster: > > [Wed May 06 19:28:09 2009] [warn] INPUT ARGS 0 of 8 (8):: C:\\Program > Files (x86)\\NetApp\\DataFabric Manager\\DFM\\bin\\httpd.exe > > [Wed May 06 19:28:09 2009] [warn] INPUT ARGS 1 of 8 (8):: -d[Wed May 06 > 19:28:09 2009] [warn] INPUT ARGS 2 of 8 (8):: C:/Program Files > (x86)/NetApp/DataFabric Manager/DFM[Wed May 06 19:28:09 2009] [warn] INPUT > ARGS 3 of 8 (8):: -f > > [Wed May 06 19:28:09 2009] [warn] INPUT ARGS 4 of 8 (8):: C:\\Program > Files (x86)\\NetApp\\DataFabric Manager\\DFM\\conf\\httpd.conf[Wed May 06 > 19:28:09 2009] [warn] INPUT ARGS 5 of 8 (8):: Files > > [Wed May 06 19:28:09 2009] [warn] INPUT ARGS 6 of 8 (8):: > (x86)\\NetApp\\DataFabric[Wed May 06 19:28:09 2009] [warn] INPUT ARGS 7 of > 8 (8):: Manager\\DFM\\bin\\httpd.exe -k runservice > > > > The last three are causing the issue. These three are automatically taken > as startup parameter when apache service as added as Generic Service to > failover cluster (screenshot attached). > > When started from Service Control Manager (on the same system): > > > > [Wed May 06 19:29:24 2009] [warn] INPUT ARGS 0 of 5 (5):: C:\\Program > Files (x86)\\NetApp\\DataFabric Manager\\DFM\\bin\\httpd.exe[Wed May 06 > 19:29:24 2009] [warn] INPUT ARGS 1 of 5 (5):: -d > > [Wed May 06 19:29:24 2009] [warn] INPUT ARGS 2 of 5 (5):: C:/Program > Files (x86)/NetApp/DataFabric Manager/DFM[Wed May 06 19:29:24 2009] [warn] > INPUT ARGS 3 of 5 (5):: -f[Wed May 06 19:29:24 2009] [warn] INPUT ARGS 4 > of 5 (5):: C:\\Program Files (x86)\\NetApp\\DataFabric > Manager\\DFM\\conf\\httpd.conf > > > > By ignoring the error for the additional parameters, I was able to start > httpd through Failover Cluster. > > However, I am looking for one clarification: > > Service installed in service control manager with "Path to executable" > as: > > > > "C:\\Program Files (x86)\\NetApp\\DataFabric > Manager\\DFM\\bin\\httpd.exe" -k runservice > > I am not able to understand why the "-k runservice" argument is not > showing up when started through service control manager. Just want to be > sure that i haven't made a mistake in logging, and that this is the expected > behavior. > > > > Thanks for your inputs, > > Raj. > > On Wed, May 6, 2009 at 2:34 AM, Jonathan Zuckerman < > j.zucker...@gmail.com> wrote: > > On Tue, May 5, 2009 at 5:26 AM, Raja Shekar CS > wrote: > >> Hi, > >> > >> I tried an earlier version of apache (2.0.63) and also at simpler path. > No > >> luck. > >> > >> Any other hints ? Pls let me know. > >> > >> Thanks, > >> Raj. > >> > >> On Mon, May 4, 2009 at 5:57 PM, Eric Covener wrote: > >>> > >>> On Mon, May 4, 2009 at 7:57 AM, Raja Shekar CS > wrote: > >>> > I am facing an issue in bringing up httpd (2.2.10) configured in > >>> > Microsoft > >>> > Failover Cluster (MSCS) on Windows 2008 64 bit system. > >>> Usage: C:\\Program Files (x86)\\DFM\\bin\\httpd.exe [-D name] [-d > >>> > >>> Tried simplifying the path? > >>> > >>> -- > >>> Eric Covener > >>> cove...@gmail.com > >>> > >>> - > >>> The official User-To-User support forum of the Apache HTTP Server > Project. > >>> See http://httpd.apache.org/userslist.html> for more info. > >>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > >>> " from the digest: users-digest-unsubscr...@httpd.apache.org > >>> For additional commands, e-mail: users-h...@httpd.apache.org > >>> > > Is it normal for the backslashrs in the path to be doubled up like that? > Also why is the -k parameter outside the string delimiters? > Sorry I'm not familiar with the microsoft technologies.. > >> > >> > >> > > > > Could you paste the error output? From what you've sent us it looks > > like you're not substituting actual values for the optional parameter > > descriptions of the program signature, and are also using two slashes > > to separate directories instead of one.. > > > > - > > The official User-To-User support forum of the Apache HTTP Server > Project. > > See http://httpd.apache.org/userslist.html> for more info. > > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > >" from the digest: users-digest
Re: [us...@httpd] httpd service not starting on Windows 2008 (64bit) through Microsoft Failover Cluster
On Wednesday, May 6, 2009, Raja Shekar CS wrote: > Hi, > @Jonathan: error output I get is the complete usage help. There is no > specific error seen. > I added some debug logging to the httpd startup code, and it looks like > Microsoft Failover Cluster server is passing invalid arguments: > > When started from Microsoft Failover Cluster: > [Wed May 06 19:28:09 2009] [warn] INPUT ARGS 0 of 8 (8):: C:\\Program Files > (x86)\\NetApp\\DataFabric Manager\\DFM\\bin\\httpd.exe > [Wed May 06 19:28:09 2009] [warn] INPUT ARGS 1 of 8 (8):: -d[Wed May 06 > 19:28:09 2009] [warn] INPUT ARGS 2 of 8 (8):: C:/Program Files > (x86)/NetApp/DataFabric Manager/DFM[Wed May 06 19:28:09 2009] [warn] INPUT > ARGS 3 of 8 (8):: -f > [Wed May 06 19:28:09 2009] [warn] INPUT ARGS 4 of 8 (8):: C:\\Program Files > (x86)\\NetApp\\DataFabric Manager\\DFM\\conf\\httpd.conf[Wed May 06 19:28:09 > 2009] [warn] INPUT ARGS 5 of 8 (8):: Files > [Wed May 06 19:28:09 2009] [warn] INPUT ARGS 6 of 8 (8):: > (x86)\\NetApp\\DataFabric[Wed May 06 19:28:09 2009] [warn] INPUT ARGS 7 of 8 > (8):: Manager\\DFM\\bin\\httpd.exe -k runservice > > The last three are causing the issue. These three are automatically taken as > startup parameter when apache service as added as Generic Service to failover > cluster (screenshot attached). > When started from Service Control Manager (on the same system): > > [Wed May 06 19:29:24 2009] [warn] INPUT ARGS 0 of 5 (5):: C:\\Program Files > (x86)\\NetApp\\DataFabric Manager\\DFM\\bin\\httpd.exe[Wed May 06 19:29:24 > 2009] [warn] INPUT ARGS 1 of 5 (5):: -d > [Wed May 06 19:29:24 2009] [warn] INPUT ARGS 2 of 5 (5):: C:/Program Files > (x86)/NetApp/DataFabric Manager/DFM[Wed May 06 19:29:24 2009] [warn] INPUT > ARGS 3 of 5 (5):: -f[Wed May 06 19:29:24 2009] [warn] INPUT ARGS 4 of 5 > (5):: C:\\Program Files (x86)\\NetApp\\DataFabric > Manager\\DFM\\conf\\httpd.conf > > By ignoring the error for the additional parameters, I was able to start > httpd through Failover Cluster. > However, I am looking for one clarification: > Service installed in service control manager with "Path to executable" as: > > "C:\\Program Files (x86)\\NetApp\\DataFabric Manager\\DFM\\bin\\httpd.exe" -k > runservice > I am not able to understand why the "-k runservice" argument is not showing > up when started through service control manager. Just want to be sure that i > haven't made a mistake in logging, and that this is the expected behavior. > > Thanks for your inputs, > Raj. > On Wed, May 6, 2009 at 2:34 AM, Jonathan Zuckerman > wrote: > On Tue, May 5, 2009 at 5:26 AM, Raja Shekar CS wrote: >> Hi, >> >> I tried an earlier version of apache (2.0.63) and also at simpler path. No >> luck. >> >> Any other hints ? Pls let me know. >> >> Thanks, >> Raj. >> >> On Mon, May 4, 2009 at 5:57 PM, Eric Covener wrote: >>> >>> On Mon, May 4, 2009 at 7:57 AM, Raja Shekar CS wrote: >>> > I am facing an issue in bringing up httpd (2.2.10) configured in >>> > Microsoft >>> > Failover Cluster (MSCS) on Windows 2008 64 bit system. >>> Usage: C:\\Program Files (x86)\\DFM\\bin\\httpd.exe [-D name] [-d >>> >>> Tried simplifying the path? >>> >>> -- >>> Eric Covener >>> cove...@gmail.com >>> >>> - >>> The official User-To-User support forum of the Apache HTTP Server Project. >>> See http://httpd.apache.org/userslist.html> for more info. >>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >>> " from the digest: users-digest-unsubscr...@httpd.apache.org >>> For additional commands, e-mail: users-h...@httpd.apache.org >>> Is it normal for the backslashrs in the path to be doubled up like that? Also why is the -k parameter outside the string delimiters? Sorry I'm not familiar with the microsoft technologies.. >> >> >> > > Could you paste the error output? From what you've sent us it looks > like you're not substituting actual values for the optional parameter > descriptions of the program signature, and are also using two slashes > to separate directories instead of one.. > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > > > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] apache response time
Hi all I'm using apache connected to 2 tomcat in mod_jk (ajp). on tomcat is running in the same box as apache (sun solaris 8GB of ram, 2 CPU) and another tomcat is running on another box (windows 2003). the apache config is : timeout set to 120 seconds keepalive set to 3 seconds maxclient set to 256 and the reply timeout in jk worker sets to 1 minute (6 millisecond). Apache seems to be allways so busy and all threads are working even if the each tomcat is responding around 1 second by request. Is someone have recommandations to make apache resoponding immediatelly? thanks for help. Inas. _ Vous voulez savoir ce que vous pouvez faire avec le nouveau Windows Live ? Lancez-vous ! http://www.microsoft.com/windows/windowslive/default.aspx
Re: [us...@httpd] Reverse Proxy Balancer ?
On Wed, May 6, 2009 at 10:29 AM, James Wuerflein wrote: > Anybody have an example of how to setup a Reverse Proxy Load Balancer ? > > This works as a regular proxy, but I need a Reverse Proxy! > > ProxyRequests Off > ProxyPass / balancer://mycluster/ stickysession=JSESSIONID|jsessionid > nofailover=On > > > BalancerMember https://10.1.10.10:443 > BalancerMember https://10.1.10.11:443 > > > > > Why can't I use ProxyPassReverse and use the proxy balancer like this? > > ProxyPassReverse / balancer://mycluster2/ > stickysession=JSESSIONID|jsessionid nofailover=On > > > BalancerMember https://10.1.10.10:443 > BalancerMember https://10.1.10.11:443 > That's not what ProxyPassReverse does. Your first ProxyPass is a reverse proxy. -- Eric Covener cove...@gmail.com - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Reverse Proxy Balancer ?
Anybody have an example of how to setup a Reverse Proxy Load Balancer ? This works as a regular proxy, but I need a Reverse Proxy! ProxyRequests Off ProxyPass / balancer://mycluster/ stickysession=JSESSIONID|jsessionid nofailover=On BalancerMember https://10.1.10.10:443 BalancerMember https://10.1.10.11:443 Why can't I use ProxyPassReverse and use the proxy balancer like this? ProxyPassReverse / balancer://mycluster2/ stickysession=JSESSIONID|jsessionid nofailover=On BalancerMember https://10.1.10.10:443 ( https://10.1.10.10/ ) BalancerMember https://10.1.10.11:443 ( https://10.1.10.11/ ) __ This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. Katun Corporation -- Earning Your Trust for Thirty Years - Thank You! www.katun.com _
Re: [us...@httpd] httpd service not starting on Windows 2008 (64bit) through Microsoft Failover Cluster
Hi, @Jonathan: error output I get is the complete usage help. There is no specific error seen. I added some debug logging to the httpd startup code, and it looks like Microsoft Failover Cluster server is passing invalid arguments: When started from Microsoft Failover Cluster: [Wed May 06 19:28:09 2009] [warn] INPUT ARGS 0 of 8 (8):: C:\\Program Files (x86)\\NetApp\\DataFabric Manager\\DFM\\bin\\httpd.exe [Wed May 06 19:28:09 2009] [warn] INPUT ARGS 1 of 8 (8):: -d [Wed May 06 19:28:09 2009] [warn] INPUT ARGS 2 of 8 (8):: C:/Program Files (x86)/NetApp/DataFabric Manager/DFM [Wed May 06 19:28:09 2009] [warn] INPUT ARGS 3 of 8 (8):: -f [Wed May 06 19:28:09 2009] [warn] INPUT ARGS 4 of 8 (8):: C:\\Program Files (x86)\\NetApp\\DataFabric Manager\\DFM\\conf\\httpd.conf [Wed May 06 19:28:09 2009] [warn] INPUT ARGS 5 of 8 (8):: Files [Wed May 06 19:28:09 2009] [warn] INPUT ARGS 6 of 8 (8):: (x86)\\NetApp\\DataFabric [Wed May 06 19:28:09 2009] [warn] INPUT ARGS 7 of 8 (8):: Manager\\DFM\\bin\\httpd.exe -k runservice The last three are causing the issue. These three are automatically taken as startup parameter when apache service as added as Generic Service to failover cluster (screenshot attached). When started from Service Control Manager (on the same system): [Wed May 06 19:29:24 2009] [warn] INPUT ARGS 0 of 5 (5):: C:\\Program Files (x86)\\NetApp\\DataFabric Manager\\DFM\\bin\\httpd.exe [Wed May 06 19:29:24 2009] [warn] INPUT ARGS 1 of 5 (5):: -d [Wed May 06 19:29:24 2009] [warn] INPUT ARGS 2 of 5 (5):: C:/Program Files (x86)/NetApp/DataFabric Manager/DFM [Wed May 06 19:29:24 2009] [warn] INPUT ARGS 3 of 5 (5):: -f [Wed May 06 19:29:24 2009] [warn] INPUT ARGS 4 of 5 (5):: C:\\Program Files (x86)\\NetApp\\DataFabric Manager\\DFM\\conf\\httpd.conf By ignoring the error for the additional parameters, I was able to start httpd through Failover Cluster. However, I am looking for one clarification: Service installed in service control manager with "Path to executable" as: "C:\\Program Files (x86)\\NetApp\\DataFabric Manager\\DFM\\bin\\httpd.exe" -k runservice I am not able to understand why the "-k runservice" argument is not showing up when started through service control manager. Just want to be sure that i haven't made a mistake in logging, and that this is the expected behavior. Thanks for your inputs, Raj. On Wed, May 6, 2009 at 2:34 AM, Jonathan Zuckerman wrote: > On Tue, May 5, 2009 at 5:26 AM, Raja Shekar CS wrote: > > Hi, > > > > I tried an earlier version of apache (2.0.63) and also at simpler path. > No > > luck. > > > > Any other hints ? Pls let me know. > > > > Thanks, > > Raj. > > > > On Mon, May 4, 2009 at 5:57 PM, Eric Covener wrote: > >> > >> On Mon, May 4, 2009 at 7:57 AM, Raja Shekar CS > wrote: > >> > I am facing an issue in bringing up httpd (2.2.10) configured in > >> > Microsoft > >> > Failover Cluster (MSCS) on Windows 2008 64 bit system. > >> Usage: C:\\Program Files (x86)\\DFM\\bin\\httpd.exe [-D name] [-d > >> > >> Tried simplifying the path? > >> > >> -- > >> Eric Covener > >> cove...@gmail.com > >> > >> - > >> The official User-To-User support forum of the Apache HTTP Server > Project. > >> See http://httpd.apache.org/userslist.html> for more info. > >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > >> " from the digest: users-digest-unsubscr...@httpd.apache.org > >> For additional commands, e-mail: users-h...@httpd.apache.org > >> > > > > > > > > Could you paste the error output? From what you've sent us it looks > like you're not substituting actual values for the optional parameter > descriptions of the program signature, and are also using two slashes > to separate directories instead of one.. > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > <> - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] renewing a certificate
Melanie Pfefer wrote: > Hi , > > I created the .pem file using keytool > > keytool -export -alias tomcat -rfc > tomcat.pem > > and then moved this file to apache directory and ran c_rehash > /usr/local/apache/conf/ssl > > this created a link file cc5d41ae.0 -> tomcat.pem > > what are the missing steps to create the server.key and server.crt on apache > using openssl? from the openssl howto (http://www.openssl.org/docs/HOWTO/) openssl genrsa -des3 -out privkey.pem 2048 will make a private key (privkey.pem) encrypted with a passphrase, if you dont' want the passphrase leave the '-des3' bit out to make a certificate: openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095 this will make a self-signed certificate using the previously created key. Davide -- I used to be interested in Windows NT, but the more I see of it the more it looks like traditional Windows with a stabler kernel. I don't find anything technically interesting there. In my opinion MS is a lot better at making money than it is at making good operating systems. -- Linus Torvalds - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] renewing a certificate
Hi , I created the .pem file using keytool keytool -export -alias tomcat -rfc > tomcat.pem and then moved this file to apache directory and ran c_rehash /usr/local/apache/conf/ssl this created a link file cc5d41ae.0 -> tomcat.pem what are the missing steps to create the server.key and server.crt on apache using openssl? thanks --- On Wed, 6/5/09, Prasanna Ram Venkatachalam wrote: > From: Prasanna Ram Venkatachalam > Subject: Re: [us...@httpd] renewing a certificate > To: users@httpd.apache.org > Date: Wednesday, 6 May, 2009, 3:15 PM > oh.. i hope server.crt is the > certificate you are using? right? > > > On Wed, May 6, 2009 at 5:44 PM, > Prasanna Ram Venkatachalam > wrote: > > > Melanie, i think keytool does not create any > certificate. Its just a key/certificate management > utility. > http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html > > What did you use to get server.crt? openssl ,selfssl > or some free sites available?? > > Regards > Prasanna Ram > > > > > On Wed, May 6, 2009 at 12:22 PM, > Melanie Pfefer > wrote: > > > Hi, > > I have tomcat server running as a backend server and apache > running as front-end, both on the same machine > > > In httpd.conf, I have: > > SSLProxyEngine On > RewriteEngine On > SSLProxyCACertificatePath /usr/local/apache/conf/ssl > RewriteRule ^/(abc.*) https://host:port/$1 [P,L] > > > I am getting an error that the certificate is out of date. > > > What I did before was: > > keytool -export -alias tomcat -rfc > tomcat.pem > c_rehash /usr/local/apache/conf/ssl > > now /usr/local/apache/conf/ssl has > > server.crt > server.key > tomcat.pem > cc5d41ae.0 -> tomcat.pem > > > > I need to know how to renew the certificate. > > Is it sufficient to redo: > > keytool -export -alias tomcat -rfc > tomcat.pem > c_rehash /usr/local/apache/conf/ssl > > how to rollback in case of failures? > > > Thank you > > > > > > - > The official User-To-User support forum of the Apache HTTP > Server Project. > See http://httpd.apache.org/userslist.html> > for more info. > > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > > For additional commands, e-mail: users-h...@httpd.apache.org > > > > > > -- > Prasanna Ram > > > > > -- > Prasanna Ram > > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Apache/2.0.47 - AIX - DEFLATE enabled - Content-Encoding for a page - shows blank - although it's gzip encoded
Arabinda Sahoo wrote: Yes, I can always indentify my URL where Content-Encoding="" by a pattern. Good, that is something we might be able to use. Basically the application is Actuate Reports version 8. You already mentioned that. But you should not assume that the rest of the world knows what "Actuate Reports version 8" actually is. I have no idea if this is a cgi-bin that you wrote yourself, a PHP application you downloaded from the web, a java application running on some java servlet engine to which you proxy with Apache (that's a guess), or whatever. The URL for this page which doesn't set header properly - is https://punirtweb1/acweb/servlet/ViewPage?outputType=ROI&outputname=%2fs1%2fBtmu%2fGiroDetails%2eroi&id=10&serverurl=http%3a%2f%2fpunirtapp1%3a8000&connectionHandle=s7whmBpUho%2btg5MUYUgZxq1%2brbtKHLkAq7RmnwSbegyRYEMWxKx8m0pEgUAaXCZHB8OyjFlgo4wmr6%2bgY7wBuIMEv18lQxjMqYBDZL6PJauwr3iZqoReZ6WDG2wLwrh9Vj99AyqFYQrZpg%3d%3d&volume=punirtapp1&closex=false&%5f%5fexecutableid=680&saveoutput=false&format=DHTML&page=1&scalingfactor=100 That's an internal URL that does not help us a lot. I can identify all these pages - by "format=DHTML" in the URL string. Also, there is a server URL involved " serverurl=http://"; Good, that is something we might be able to use. Actuate Report Server has its own servlets to create content and set type and send them. It is a paginated report - first page, next page etc - type - text/html "servlets" sounds java, which sounds back-end servlet engine. Tomcat ? We really need to pull out these things from you one by one, don't we ? :-( So, these are URLs that your front-end Apache is proxying to another server at the back-end. It even looks like there may be even another hop behind. What you (and we) would really need to know, is if that back-end itself sends any kind of headers that could interfere with mod_deflate doing it's job and setting headers properly. Is there any chance that you can access that back-end server directly, without going through Apache, and see what you then get as HTTP headers back ? (All of them, not just the content-encoding one). Can you also tell us /how/ the Apache front-end passes these request to the back-end ? in other words, if you are doing proxying, with what ? Else you could try the following : SetEnvIf Request_URI "format=DHTML" when-bad Header unset Content-Encoding env=when-bad Header set Content-Encoding "gzip" env=when-bad One issue is that there is an order in which various output filters are called by Apache, and I am not quite sure whether the DEFLATE filter is called before or after the Headers filter. Maybe the order in which you specify them in the apache conf file matters, so I would try the lines above, either before, or after the SetOutputFilter DEFLATE But it's a bit like groping in the dark at this stage.. Nick is probably going to mumble again (and he'll be right). Now also just in case : if your back-end server is Tomcat, there exists also the possibility of having /it/ compress what it sends back to Apache. And I am quite sure that if Apache gets something that is already compressed, DEFLATE is smart enough not to do it again. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] renewing a certificate
oh.. i hope server.crt is the certificate you are using? right? On Wed, May 6, 2009 at 5:44 PM, Prasanna Ram Venkatachalam < vpra...@gmail.com> wrote: > Melanie, i think keytool does not create any certificate. Its just a > key/certificate management utility. > http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html > > What did you use to get server.crt? openssl ,selfssl or some free sites > available?? > Regards > Prasanna Ram > On Wed, May 6, 2009 at 12:22 PM, Melanie Pfefer < > melanie_pfe...@yahoo.co.uk> wrote: > >> >> Hi, >> >> I have tomcat server running as a backend server and apache running as >> front-end, both on the same machine >> >> In httpd.conf, I have: >> >> SSLProxyEngine On >> RewriteEngine On >> SSLProxyCACertificatePath /usr/local/apache/conf/ssl >> RewriteRule ^/(abc.*) https://host:port/$1 [P,L] >> >> >> I am getting an error that the certificate is out of date. >> >> What I did before was: >> >> keytool -export -alias tomcat -rfc > tomcat.pem >> c_rehash /usr/local/apache/conf/ssl >> >> now /usr/local/apache/conf/ssl has >> >> server.crt >> server.key >> tomcat.pem >> cc5d41ae.0 -> tomcat.pem >> >> >> I need to know how to renew the certificate. >> >> Is it sufficient to redo: >> >> keytool -export -alias tomcat -rfc > tomcat.pem >> c_rehash /usr/local/apache/conf/ssl >> >> how to rollback in case of failures? >> >> Thank you >> >> >> >> >> >> - >> The official User-To-User support forum of the Apache HTTP Server Project. >> See http://httpd.apache.org/userslist.html> for more info. >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> " from the digest: users-digest-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> >> > > > -- > Prasanna Ram > -- Prasanna Ram
Re: [us...@httpd] renewing a certificate
Melanie, i think keytool does not create any certificate. Its just a key/certificate management utility. http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html What did you use to get server.crt? openssl ,selfssl or some free sites available?? Regards Prasanna Ram On Wed, May 6, 2009 at 12:22 PM, Melanie Pfefer wrote: > > Hi, > > I have tomcat server running as a backend server and apache running as > front-end, both on the same machine > > In httpd.conf, I have: > > SSLProxyEngine On > RewriteEngine On > SSLProxyCACertificatePath /usr/local/apache/conf/ssl > RewriteRule ^/(abc.*) https://host:port/$1 [P,L] > > > I am getting an error that the certificate is out of date. > > What I did before was: > > keytool -export -alias tomcat -rfc > tomcat.pem > c_rehash /usr/local/apache/conf/ssl > > now /usr/local/apache/conf/ssl has > > server.crt > server.key > tomcat.pem > cc5d41ae.0 -> tomcat.pem > > > I need to know how to renew the certificate. > > Is it sufficient to redo: > > keytool -export -alias tomcat -rfc > tomcat.pem > c_rehash /usr/local/apache/conf/ssl > > how to rollback in case of failures? > > Thank you > > > > > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > -- Prasanna Ram
Re: [us...@httpd] renewing a certificate
OK Krist. Just few more questions please: When I create a new certificate using keytool, how to specify a long-term expiry date? thanks, --- On Wed, 6/5/09, Krist van Besien wrote: > From: Krist van Besien > Subject: Re: [us...@httpd] renewing a certificate > To: users@httpd.apache.org > Date: Wednesday, 6 May, 2009, 2:53 PM > On Wed, May 6, 2009 at 1:37 PM, > Melanie Pfefer > > wrote: > > > > you are right. > > > > But I tried now a replica of what I have: > > apache > > tomcat > > > > The certificate is self-signed and I just generated > it. Is it normal to have on the browser: > sec_error_expired_certificate > > When you generate a certificate yourself it will also have > an expery > date. You can check this with keytool or openssl. So you > might need to > generate a new one (and generate one with an expiry date > sufficiently > in the future to avoid having to repeat this to often...) > > Krist > > > -- > krist.vanbes...@gmail.com > kr...@vanbesien.org > Bremgarten b. Bern, Switzerland > -- > A: It reverses the normal flow of conversation. > Q: What's wrong with top-posting? > A: Top-posting. > Q: What's the biggest scourge on plain text email > discussions? > > - > The official User-To-User support forum of the Apache HTTP > Server Project. > See http://httpd.apache.org/userslist.html> for more > info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] renewing a certificate
On Wed, May 6, 2009 at 1:37 PM, Melanie Pfefer wrote: > > you are right. > > But I tried now a replica of what I have: > apache > tomcat > > The certificate is self-signed and I just generated it. Is it normal to have > on the browser: sec_error_expired_certificate When you generate a certificate yourself it will also have an expery date. You can check this with keytool or openssl. So you might need to generate a new one (and generate one with an expiry date sufficiently in the future to avoid having to repeat this to often...) Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] renewing a certificate
you are right. But I tried now a replica of what I have: apache tomcat The certificate is self-signed and I just generated it. Is it normal to have on the browser: sec_error_expired_certificate thank you --- On Wed, 6/5/09, Krist van Besien wrote: > From: Krist van Besien > Subject: Re: [us...@httpd] renewing a certificate > To: users@httpd.apache.org > Date: Wednesday, 6 May, 2009, 12:11 PM > On Wed, May 6, 2009 at 8:52 AM, > Melanie Pfefer > > wrote: > > > > Hi, > > > > I have tomcat server running as a backend server and > apache running as front-end, both on the same machine > > > > In httpd.conf, I have: > > > > SSLProxyEngine On > > RewriteEngine On > > SSLProxyCACertificatePath /usr/local/apache/conf/ssl > > RewriteRule ^/(abc.*) https://host:port/$1 [P,L] > > > > > > I am getting an error that the certificate is out of > date. > > It looks like the ssl certificate used by your tomcat > server is out of > date. You first need to isntall a new certificate in your > tomcat > server, and then repeat what you did before to import it in > to your > apache server. > > Krist > > -- > krist.vanbes...@gmail.com > kr...@vanbesien.org > Bremgarten b. Bern, Switzerland > -- > A: It reverses the normal flow of conversation. > Q: What's wrong with top-posting? > A: Top-posting. > Q: What's the biggest scourge on plain text email > discussions? > > - > The official User-To-User support forum of the Apache HTTP > Server Project. > See http://httpd.apache.org/userslist.html> for more > info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Information about .DAV directory
Hi, in a WebDAV directory apache* creates a .DAV subdirectory in which files like document_in_dir_above.dir and document_in_dir_above.pag are stored. I think, this is for the "V" in "DAV" (Versioning), right? How can I make use of this DBM database file and or "control" them? Thanks! Marc * Or is this somethong the client does? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [us...@httpd] Apache/2.0.47 - AIX - DEFLATE enabled - Content-Encoding for a page - shows blank - although it's gzip encoded
Yes, I can always indentify my URL where Content-Encoding="" by a pattern. Basically the application is Actuate Reports version 8. The URL for this page which doesn't set header properly - is https://punirtweb1/acweb/servlet/ViewPage?outputType=ROI&outputname=%2fs1%2fBtmu%2fGiroDetails%2eroi&id=10&serverurl=http%3a%2f%2fpunirtapp1%3a8000&connectionHandle=s7whmBpUho%2btg5MUYUgZxq1%2brbtKHLkAq7RmnwSbegyRYEMWxKx8m0pEgUAaXCZHB8OyjFlgo4wmr6%2bgY7wBuIMEv18lQxjMqYBDZL6PJauwr3iZqoReZ6WDG2wLwrh9Vj99AyqFYQrZpg%3d%3d&volume=punirtapp1&closex=false&%5f%5fexecutableid=680&saveoutput=false&format=DHTML&page=1&scalingfactor=100 I can identify all these pages - by "format=DHTML" in the URL string. Also, there is a server URL involved " serverurl=http://"; Actuate Report Server has its own servlets to create content and set type and send them. It is a paginated report - first page, next page etc - type - text/html 1) Fiddler - header for the above page Content-Encoding: 2) For other pages Content-Encoding: gzip So, how can I force this in Apache? Regards, Arabinda -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Wednesday, May 06, 2009 3:16 PM To: users@httpd.apache.org Subject: Re: [us...@httpd] Apache/2.0.47 - AIX - DEFLATE enabled - Content-Encoding for a page - shows blank - although it's gzip encoded Arabinda Sahoo wrote: > Yes, Andre. > > MOD_DEFLATE setting as done in my httpd.conf as follows - perfectly does - > one part of work - which is - Compression - for all Pages. > > >SetOutputFilter DEFLATE >SetEnvIfNoCase Request_URI \ > \.(?:gif|jpe?g|png|tar)$ no-gzip dont-vary > > > And also it does set "Content-Encoding=gzip" (Which I can see using "Fiddler" > tool) - 90% of the time. > > But for 10% of my pages - the Compression happens, but Content-Encoding="" is > set. I can check this using Fiddler again. > > I will tend to think that it is an Apache issue. > Because, my application is not aware that - Apache compression has been > enabled. > > And if Apache is indeed compressing a page, now whose responsibility it > becomes - to set the Content-Encoding=gzip??? > > Apache is not behaving as expected. > So, IE7 explorer cannot recognize this as a compressed page and fails. > > I am happy to send you and Nick the entire httpd.conf file - if attachments > are allowed in this forum. > Ok, taking all that you write above at face value, is there /something/ (URL, size, type, whatever) that distinguishes the 10% of pages that result in a 'Content-encoding: "" ' header, from the others ? Also, can you give us a short explanation of how these pages are being generated ? I mean what is the application that generates them, where does it live, how does Apache get that content, etc.. And does that application /ever/ by itself generate compressed content ? Can you give us an example of the response headers in both cases (copy and paste from Fiddler) ? I'm just plucking at straws here, trying to figure out the reason for the 10%.. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Apache/2.0.47 - AIX - DEFLATE enabled - Content-Encoding for a page - shows blank - although it's gzip encoded
On 6 May 2009, at 10:16, André Warnier wrote: Also (for Nick), while we are at it, /why/ would it be that a content-encoding response header set unconditionally by mod_headers would not come out ? (the OP earlier posted the "Header" line used.) mod_deflate will check content-encoding, to avoid nonsense like compressing already-gzipped contents. If you're *also* messing with mod_headers, that could screw with mod_deflate. -- Nick Kew - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] mod_security
Hi,
I try to use mod_security but it doesn t filter anything !
My vhostconf :
ServerSignature Off
ServerName cache-ext
ErrorLog logs/cache-ext_error.log
CustomLog logs/cache-ext_access.log combined
Deny from all
RewriteEngine On
#RewriteCond %{REQUEST_URI} ^/img=(.+)$
RewriteRule ^/img=(.+)$ $1 [L,P]
RewriteLog /var/log/RewriteLog.log
RewriteRule ^[/img=](.+)$ - [F]
AllowEncodedSlashes on
ProxyRequests On
ProxyVia On
CacheEnable disk /
CacheRoot "/var/cache/mod_proxy"
CacheEnable mem /
MCacheMaxObjectSize 1024000
MCacheSize 102400
# deny from all
allow from all
SecFilterEngine On
SecFilterDefaultAction "deny,log,status:403"
SecFilterDebugLevel 9
SecFilterSelective macbidouille.com
SecAuditLog logs/audit_log
It should respond me an 403 error for every URL with a macbidouille.com in the
URL.
Any ideas?
Re: [us...@httpd] Apache/2.0.47 - AIX - DEFLATE enabled - Content-Encoding for a page - shows blank - although it's gzip encoded
Arabinda Sahoo wrote: Yes, Andre. MOD_DEFLATE setting as done in my httpd.conf as follows - perfectly does - one part of work - which is - Compression - for all Pages. SetOutputFilter DEFLATE SetEnvIfNoCase Request_URI \ \.(?:gif|jpe?g|png|tar)$ no-gzip dont-vary And also it does set "Content-Encoding=gzip" (Which I can see using "Fiddler" tool) - 90% of the time. But for 10% of my pages - the Compression happens, but Content-Encoding="" is set. I can check this using Fiddler again. I will tend to think that it is an Apache issue. Because, my application is not aware that - Apache compression has been enabled. And if Apache is indeed compressing a page, now whose responsibility it becomes - to set the Content-Encoding=gzip??? Apache is not behaving as expected. So, IE7 explorer cannot recognize this as a compressed page and fails. I am happy to send you and Nick the entire httpd.conf file - if attachments are allowed in this forum. Ok, taking all that you write above at face value, is there /something/ (URL, size, type, whatever) that distinguishes the 10% of pages that result in a 'Content-encoding: "" ' header, from the others ? Also, can you give us a short explanation of how these pages are being generated ? I mean what is the application that generates them, where does it live, how does Apache get that content, etc.. And does that application /ever/ by itself generate compressed content ? Can you give us an example of the response headers in both cases (copy and paste from Fiddler) ? I'm just plucking at straws here, trying to figure out the reason for the 10%.. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [us...@httpd] Apache/2.0.47 - AIX - DEFLATE enabled - Content-Encoding for a page - shows blank - although it's gzip encoded
Yes, Andre.
MOD_DEFLATE setting as done in my httpd.conf as follows - perfectly does - one
part of work - which is - Compression - for all Pages.
SetOutputFilter DEFLATE
SetEnvIfNoCase Request_URI \
\.(?:gif|jpe?g|png|tar)$ no-gzip dont-vary
And also it does set "Content-Encoding=gzip" (Which I can see using "Fiddler"
tool) - 90% of the time.
But for 10% of my pages - the Compression happens, but Content-Encoding="" is
set. I can check this using Fiddler again.
I will tend to think that it is an Apache issue.
Because, my application is not aware that - Apache compression has been enabled.
And if Apache is indeed compressing a page, now whose responsibility it becomes
- to set the Content-Encoding=gzip???
Apache is not behaving as expected.
So, IE7 explorer cannot recognize this as a compressed page and fails.
I am happy to send you and Nick the entire httpd.conf file - if attachments are
allowed in this forum.
Regards,
Arabinda
-Original Message-
From: André Warnier [mailto:a...@ice-sa.com]
Sent: Wednesday, May 06, 2009 2:46 PM
To: users@httpd.apache.org
Subject: Re: [us...@httpd] Apache/2.0.47 - AIX - DEFLATE enabled -
Content-Encoding for a page - shows blank - although it's gzip encoded
Nick Kew wrote:
> On 6 May 2009, at 08:41, Arabinda Sahoo wrote:
>
>> Actually I have a compelling reason to set - Content-Encoding to gzip
>> - for performance improvement.
>
> For s sake, take a step back!
>
> There's no way Apache makes such a meal of this. You have either a very
> broken
> application or a very confused configuration. Maybe both.
>
>> Although Compression is set for Apache - DEFLATE module, a few Pages
>> which are rendered by Actuate 8 report server - don't honour them.
>
> That just doesn't make sense (maybe English isn't your first language?).
> What are you expecting of mod_deflate, and how is it not performing?
>
>> As per you - I tried - mod_headers - but unsuccessfully
>> (Although Apache doc for mod_headers say that - these settings take
>> effect just before it is sent over the network)
>
> mod_headers should not be necessary for this. It adds to your complexity.
>
> Bottom line: for contents that are stored compressed on the server, use
> AddEncoding. For contents compressed on the fly, use mod_deflate.
> For anything else, RTFM and tell us why you're not using standard
> solutions.
>
Hi Nick.
No need to get upset.
As I understand the issue now (and as stated above by the OP),
mod_deflate seems to be doing fine in most cases.
However, it also seems that /some/ pages which are rendered by something
("Actuate 8 report server", which I have no idea what it is) are
actually compressed (?), but do /not/ come out with the correct
content-encoding.
From all that, I gather (now) that these specific pages are not static,
but generated on-the-fly (Arabinda, is that right ?).
So the question now would be : is there something (in the URI used to
request such a page for example) that allows to distinguish it from
other pages that do work ?
And does the problem concern /all/ the pages produced by that "Actuate 8
report server", or just some of them ?
Also (for Nick), while we are at it, /why/ would it be that a
content-encoding response header set unconditionally by mod_headers
would not come out ?
(the OP earlier posted the "Header" line used.)
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Apache/2.0.47 - AIX - DEFLATE enabled - Content-Encoding for a page - shows blank - although it's gzip encoded
Nick Kew wrote:
On 6 May 2009, at 08:41, Arabinda Sahoo wrote:
Actually I have a compelling reason to set - Content-Encoding to gzip
- for performance improvement.
For s sake, take a step back!
There's no way Apache makes such a meal of this. You have either a very
broken
application or a very confused configuration. Maybe both.
Although Compression is set for Apache - DEFLATE module, a few Pages
which are rendered by Actuate 8 report server - don't honour them.
That just doesn't make sense (maybe English isn't your first language?).
What are you expecting of mod_deflate, and how is it not performing?
As per you - I tried - mod_headers - but unsuccessfully
(Although Apache doc for mod_headers say that - these settings take
effect just before it is sent over the network)
mod_headers should not be necessary for this. It adds to your complexity.
Bottom line: for contents that are stored compressed on the server, use
AddEncoding. For contents compressed on the fly, use mod_deflate.
For anything else, RTFM and tell us why you're not using standard
solutions.
Hi Nick.
No need to get upset.
As I understand the issue now (and as stated above by the OP),
mod_deflate seems to be doing fine in most cases.
However, it also seems that /some/ pages which are rendered by something
("Actuate 8 report server", which I have no idea what it is) are
actually compressed (?), but do /not/ come out with the correct
content-encoding.
From all that, I gather (now) that these specific pages are not static,
but generated on-the-fly (Arabinda, is that right ?).
So the question now would be : is there something (in the URI used to
request such a page for example) that allows to distinguish it from
other pages that do work ?
And does the problem concern /all/ the pages produced by that "Actuate 8
report server", or just some of them ?
Also (for Nick), while we are at it, /why/ would it be that a
content-encoding response header set unconditionally by mod_headers
would not come out ?
(the OP earlier posted the "Header" line used.)
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] renewing a certificate
On Wed, May 6, 2009 at 8:52 AM, Melanie Pfefer wrote: > > Hi, > > I have tomcat server running as a backend server and apache running as > front-end, both on the same machine > > In httpd.conf, I have: > > SSLProxyEngine On > RewriteEngine On > SSLProxyCACertificatePath /usr/local/apache/conf/ssl > RewriteRule ^/(abc.*) https://host:port/$1 [P,L] > > > I am getting an error that the certificate is out of date. It looks like the ssl certificate used by your tomcat server is out of date. You first need to isntall a new certificate in your tomcat server, and then repeat what you did before to import it in to your apache server. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Apache/2.0.47 - AIX - DEFLATE enabled - Content-Encoding for a page - shows blank - although it's gzip encoded
On 6 May 2009, at 08:41, Arabinda Sahoo wrote: Actually I have a compelling reason to set - Content-Encoding to gzip - for performance improvement. For s sake, take a step back! There's no way Apache makes such a meal of this. You have either a very broken application or a very confused configuration. Maybe both. Although Compression is set for Apache - DEFLATE module, a few Pages which are rendered by Actuate 8 report server - don't honour them. That just doesn't make sense (maybe English isn't your first language?). What are you expecting of mod_deflate, and how is it not performing? As per you - I tried - mod_headers - but unsuccessfully (Although Apache doc for mod_headers say that - these settings take effect just before it is sent over the network) mod_headers should not be necessary for this. It adds to your complexity. Bottom line: for contents that are stored compressed on the server, use AddEncoding. For contents compressed on the fly, use mod_deflate. For anything else, RTFM and tell us why you're not using standard solutions. -- Nick Kew - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] proxy and proxied site limitation
Hi, I've made a proxy conf qith URL rewriting and i must limit the use of this proxy : what is the simpliest way to limit proxied site access ? In this case, there's about 100 sites.. Mod_security ? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [us...@httpd] Apache/2.0.47 - AIX - DEFLATE enabled - Content-Encoding for a page - shows blank - although it's gzip encoded
Hi, Thanks. Actually I have a compelling reason to set - Content-Encoding to gzip - for performance improvement. Although Compression is set for Apache - DEFLATE module, a few Pages which are rendered by Actuate 8 report server - don't honour them. As per you - I tried - mod_headers - but unsuccessfully (Although Apache doc for mod_headers say that - these settings take effect just before it is sent over the network) So, who is changing my header? Okay, I will try see - mod_perl and install it and see what else can I do. Please guide me once you are back next week. Regards Arabinda -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Wednesday, May 06, 2009 12:49 PM To: users@httpd.apache.org Subject: Re: [us...@httpd] Apache/2.0.47 - AIX - DEFLATE enabled - Content-Encoding for a page - shows blank - although it's gzip encoded Arabinda Sahoo wrote: > > Hi, > > Thanks for the more detailed reply. > Yes, I think that Content-Encoding may be of a category of "Content-Type". > So, it will be useful for me at lease try the mod_perl once. > > So, could you please let me know - what all you did? > Steps for using mod_perl? > And your sample code where you are setting "Content-Type" to the type you > want. > I will not have the time this week anymore. Next week is better. Just this for now : If you have no prior exposure to mod_perl : mod_perl is a very powerful piece of software, allowing one to really do interesting things with Apache, things you could not do with anything else apart from writing your own Apache add-on modules in C. I personally love it and use it on all my servers. But there are implications : - it has a learning curve (perl, for instance) - it can be heavy on the server (memory) - it may or may not be easy to install, depending on the platform (and I don't know about AIX). So, if mod_perl is not yet installed on your machine (*), and before you go in that direction : - really make sure first that you have the problem well-understood, and that the other alternatives do not work - find out what is needed to install perl and mod_perl on your AIX machine (for example, if there exists some standard package under the AIX package manager) (*) the first line in the Apache error log after restarting Apache, will tell you so. If mod_perl is installed, it will show up like this : Apache/2.2.3 (Debian) DAV/2 SVN/1.4.2 mod_jk/1.2.18 PHP/4.4.4-8+etch4 mod_ssl/2.2.3 OpenSSL/0.9.8c mod_perl/2.0.2 Perl/v5.8.8 configured -- resuming normal operations In other words, if modifying this Content-encoding response header is all you ever want to do with mod_perl, I am not sure that I would recommend installing mod_perl just for that. Unless it is a really critical issue, and you have really no solution with standard Apache modules. If after all the above, you decide to persist, then I will gladly try to help you, because I cannot resist trying to convince someone else of the beauties of mod_perl. But I will not be able to do that before next week. In the meantime then, install perl and mod_perl, and start reading the documentation, here : http://perl.apache.org/ and here : http://perl.apache.org/docs/2.0/user/index.html - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Apache/2.0.47 - AIX - DEFLATE enabled - Content-Encoding for a page - shows blank - although it's gzip encoded
Arabinda Sahoo wrote: Hi, Thanks for the more detailed reply. Yes, I think that Content-Encoding may be of a category of "Content-Type". So, it will be useful for me at lease try the mod_perl once. So, could you please let me know - what all you did? Steps for using mod_perl? And your sample code where you are setting "Content-Type" to the type you want. I will not have the time this week anymore. Next week is better. Just this for now : If you have no prior exposure to mod_perl : mod_perl is a very powerful piece of software, allowing one to really do interesting things with Apache, things you could not do with anything else apart from writing your own Apache add-on modules in C. I personally love it and use it on all my servers. But there are implications : - it has a learning curve (perl, for instance) - it can be heavy on the server (memory) - it may or may not be easy to install, depending on the platform (and I don't know about AIX). So, if mod_perl is not yet installed on your machine (*), and before you go in that direction : - really make sure first that you have the problem well-understood, and that the other alternatives do not work - find out what is needed to install perl and mod_perl on your AIX machine (for example, if there exists some standard package under the AIX package manager) (*) the first line in the Apache error log after restarting Apache, will tell you so. If mod_perl is installed, it will show up like this : Apache/2.2.3 (Debian) DAV/2 SVN/1.4.2 mod_jk/1.2.18 PHP/4.4.4-8+etch4 mod_ssl/2.2.3 OpenSSL/0.9.8c mod_perl/2.0.2 Perl/v5.8.8 configured -- resuming normal operations In other words, if modifying this Content-encoding response header is all you ever want to do with mod_perl, I am not sure that I would recommend installing mod_perl just for that. Unless it is a really critical issue, and you have really no solution with standard Apache modules. If after all the above, you decide to persist, then I will gladly try to help you, because I cannot resist trying to convince someone else of the beauties of mod_perl. But I will not be able to do that before next week. In the meantime then, install perl and mod_perl, and start reading the documentation, here : http://perl.apache.org/ and here : http://perl.apache.org/docs/2.0/user/index.html - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] dynamic/mass virtual hosts with www.* alias and localhost...
Hi, actually your description of you want to achieve, and what already works is a bit confusing. Do you want to serve the dynamic hosts only, or do you have an additional default site? More comments inline. On Wednesday 06 May 2009 04:04:39 wayne wrote: > enable mass/dynamic virtual hosts, allowing each virtual host to be > accessed via example.com AND www.example.com, without creating a > VirtualHost directive for each host. > > NameVirtualHost * This is not needed for dynamic vhosts, and has no influence on the configuration that is outside any vhost directive. > UseCanonicalName Off > VirtualDocumentRoot /var/www/sites/%0/www > VirtualScriptAlias /var/www/sites/%0/cgi-bin > > which works fine. i can access all the sites listed in /var/www/sites/ > (once they are added to /etc/hosts of course, in both their > www.example.com and example.com forms). So at that point, what does work? Only the domain, or also the www.domain? I assume that the latter does not work. You have two ways: 1. change the directory interpolation of the VirtualDocumentRoot and VirtualScriptAlias e.g. to /var/www/sites/%-2.0.%-1 that means the directory name is the second last domain part, a dot, and then the last domain part. This enables www.domain as well as any subdomain that resolves to your apache. 2. simply symlink the domain directory, e.g. www.domain.tld -> domain.tld and leave the directory interpolation as is. > then, i attempt to make a > VirtualHost directive for the default host that lists the alias: > > > ServerName default > ServerAlias www.* wildcards are only supported for the first domain part of the alias AFAIK. > DocumentRoot /var/www/ I think it is a bad idea to have (Virtual)DocumentRoots of hostzs overlap each other. > > unfortunately this does nothing. the virtual hosts are only accessible > via their domain names WITHOUT the www. prefix. What is this this VHost supposed to do? Define the default site, or provide common configuration for the dynamic vhosts? The latter thas not work at all, dynamic vhosts have nothing to do with a container. You also cannot define ServerAliases for the dynamic vhosts at all, use directory interpolation or symlinks as described above. > in addition, i can no longer access the default DocumentRoot via > localhost or 127.0.0.1. Sure, you defined NameVirtualHost * and . All requests are directed to VHosts, none reaches the main server configuration > here are my details: running Apache/2.2.8 (Ubuntu) Mar 10 2009 18:09:05 > on Ubuntu Hardy 8.04 with kernel 2.6.24-23 and all latest updates > applied. i have tried it with/without the default "sites-enabled" > Debian config, to no luck. If you use the debian package, I'd recommend using its site configuration mechanism, it is quite convenient. If you only need the dynamic vhosts, put the config in the default site. If you have one or more other sites, put the dynamic vhosts inside a with a specific IP address. Rainer - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
