[us...@httpd] Re: Apache module that enables ActiveX
I'm sorry but someone mayebe help me? There are apache module that enables ActiveX? Thanks for any suggest. Cheers, Mauri 2010/4/15 Mauri lai...@gmail.com Hi, I have a proxy with SSL that forward any request to a backend platform. In this moment I have a problem if I'm trying to execute an activex on the backend platform. I'm reading that the mod_proxy blocks any activex request because it don't trust for the system. How I can do? I'm reading about mod_security. I'm finding on internet this website: http://brice.free.fr/ mod_activex_filter is an Apache module that enables ActiveX filtering for Apache proxy this module was wrote for 2.0.x in the year 2003 I don't know if I can use this or what i can find... anyone can help me? thanks. # uname -a Linux SRV01 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686 i386 GNU/Linux # rpm -qa | grep http httpd-manual-2.2.3-31.el5_4.2 system-config-httpd-1.3.3.3-1.el5 jakarta-commons-httpclient-3.0-7jpp.1 httpd-2.2.3-31.el5_4.2 httpd-devel-2.2.3-31.el5_4.2 # rpm -qa | grep ssl openssl-devel-0.9.8e-7.el5 mod_ssl-2.2.3-31.el5_4.2 docbook-style-dsssl-1.79-4.1 openssl-0.9.8e-7.el
Re: [us...@httpd] Re: Apache module that enables ActiveX
On Fri, Apr 16, 2010 at 11:13 AM, Mauri lai...@gmail.com wrote: I'm sorry but someone mayebe help me? There are apache module that enables ActiveX? Thanks for any suggest. Cheers, Mauri 2010/4/15 Mauri lai...@gmail.com Hi, I have a proxy with SSL that forward any request to a backend platform. In this moment I have a problem if I'm trying to execute an activex on the backend platform. I'm reading that the mod_proxy blocks any activex request because it don't trust for the system. How I can do? I'm reading about mod_security. I'm finding on internet this website: http://brice.free.fr/ mod_activex_filter is an Apache module that enables ActiveX filtering for Apache proxy this module was wrote for 2.0.x in the year 2003 I don't know if I can use this or what i can find... anyone can help me? thanks. # uname -a Linux SRV01 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686 i386 GNU/Linux # rpm -qa | grep http httpd-manual-2.2.3-31.el5_4.2 system-config-httpd-1.3.3.3-1.el5 jakarta-commons-httpclient-3.0-7jpp.1 httpd-2.2.3-31.el5_4.2 httpd-devel-2.2.3-31.el5_4.2 # rpm -qa | grep ssl openssl-devel-0.9.8e-7.el5 mod_ssl-2.2.3-31.el5_4.2 docbook-style-dsssl-1.79-4.1 openssl-0.9.8e-7.el mod_proxy does not alter the HTML presented to the browser, therefore it does not interfere with ActiveX as far as I can tell. The module you pointed to actually disables ActiveX controls by rewriting the html to remove references to the object tag, it would not help 'enabling' ActiveX. Cheers Tom - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] RewriteRule with [P] Flag
Am 16.04.2010 12:12, schrieb Krist van Besien: On Wed, Apr 14, 2010 at 11:10 AM, achristian...@softreset.de wrote: A request to https://inthewild.org gets forwarded all right to http://localhost:9090/index.jsp. The server on localhost:9090 itself does a http 302 (redirect) to http://localhost:9090/setup/login.jsp and returns that to the browser. The browser ends up with a not working URL: http://localhost:9090/setup/login.jsp I would like getting back URL's like this one: https://inthewild.org/setup/login.jsp Please point me to the right direction. What you need to do is look at the configuration of whatever it is you use on port 9090. You must configure that piece of software to issue redirects that use the right hostname. Often there is a base url or base hostname or something similar that you can set in your config. When running an application server behing a reverse proxy (a very common scenario) you should configure the application server as if it was running without a reverse proxy, as if it was the front end server. If you can't do that there are workarounds in volving proxypassrevers or even mod_proxy_html, but these are complicated. Try solving the problem at the source first. Thank you. Yes that works. I was hoping to avoid setting a base URL for more flexibility. Axel - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Re: Apache module that enables ActiveX
in this moment I don't use any others modules. I use mod_proxy and mod_ssl, only. Then you mean that the apache mod_proxy don't blocks any activex request? I don't have any problems in this request: client -- SERVERA mod_proxy (ex.192.168.0.10) over HTTPS -- SERVERB web server with activex (ex. 192.168.0.11) over HTTP If I try to connect to SERVERB the browser read the activex, if I try to connect to SERVERA the browser don't read the activex from the SERVERB. I'll find the problem on SERVERB? many thanks for your suggest. Cheers, Mauri 2010/4/16 Tom Evans tevans...@googlemail.com On Fri, Apr 16, 2010 at 11:13 AM, Mauri lai...@gmail.com wrote: I'm sorry but someone mayebe help me? There are apache module that enables ActiveX? Thanks for any suggest. Cheers, Mauri 2010/4/15 Mauri lai...@gmail.com Hi, I have a proxy with SSL that forward any request to a backend platform. In this moment I have a problem if I'm trying to execute an activex on the backend platform. I'm reading that the mod_proxy blocks any activex request because it don't trust for the system. How I can do? I'm reading about mod_security. I'm finding on internet this website: http://brice.free.fr/ mod_activex_filter is an Apache module that enables ActiveX filtering for Apache proxy this module was wrote for 2.0.x in the year 2003 I don't know if I can use this or what i can find... anyone can help me? thanks. # uname -a Linux SRV01 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686 i386 GNU/Linux # rpm -qa | grep http httpd-manual-2.2.3-31.el5_4.2 system-config-httpd-1.3.3.3-1.el5 jakarta-commons-httpclient-3.0-7jpp.1 httpd-2.2.3-31.el5_4.2 httpd-devel-2.2.3-31.el5_4.2 # rpm -qa | grep ssl openssl-devel-0.9.8e-7.el5 mod_ssl-2.2.3-31.el5_4.2 docbook-style-dsssl-1.79-4.1 openssl-0.9.8e-7.el mod_proxy does not alter the HTML presented to the browser, therefore it does not interfere with ActiveX as far as I can tell. The module you pointed to actually disables ActiveX controls by rewriting the html to remove references to the object tag, it would not help 'enabling' ActiveX. Cheers Tom - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Re: Apache module that enables ActiveX
On Fri, Apr 16, 2010 at 11:43 AM, Mauri lai...@gmail.com wrote: in this moment I don't use any others modules. I use mod_proxy and mod_ssl, only. Then you mean that the apache mod_proxy don't blocks any activex request? I don't have any problems in this request: client -- SERVERA mod_proxy (ex.192.168.0.10) over HTTPS -- SERVERB web server with activex (ex. 192.168.0.11) over HTTP If I try to connect to SERVERB the browser read the activex, if I try to connect to SERVERA the browser don't read the activex from the SERVERB. I'll find the problem on SERVERB? many thanks for your suggest. Cheers, Mauri So when you go direct to server b it works, and when you go via server a it doesn't work? Doesn't sound like anything to do with mod_proxy, sounds more like the browser refusing to run activex from a different security context. Is the HTML the same? Do either of the servers report any errors in error_log? Does the browser? Have you tried different browsers? Tom - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Re: Apache module that enables ActiveX
On Fri, Apr 16, 2010 at 7:28 AM, Mauri lai...@gmail.com wrote: I'm checking about security context. The html request is the same. I have set LogLevel to debug. In attach the log during the activex request. There aren't errors. On this list, you'll have to describe in concrete terms what it means to enable activex and what you want an apache module to do, beyond make it work. Perhaps you'd have better luck on a list more oriented towards activex. -- Eric Covener cove...@gmail.com - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Re: Apache module that enables ActiveX
On Fri, Apr 16, 2010 at 12:28 PM, Mauri lai...@gmail.com wrote: I'm checking about security context. The html request is the same. I have set LogLevel to debug. In attach the log during the activex request. There aren't errors. I use I.E. 7 as browser, only. If I connect to SERVERB the browser get the file .CAB (activex). The same if I'm try to connect to SERVERA (proxy). Thanks Tom. Cheers, Mauri Is SERVERB under your control, or is it a third party site, like eg, facebook.com, gmail.com etc. Are you trying to proxy some site with a signed activex control, which would indicate the website that the control should be used under, and hence would fail to work if proxied to a different host. I still don't think this has anything to do with Apache or mod_proxy - mod_proxy will not change the HTML, the HTML indicates how the ActiveX control should be loaded, and the control itself indicates the sites it will run on. Apache cannot do anything about that.. Cheers Tom - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Re: Apache module that enables ActiveX
the SERVERB is under my control in my VLAN. good question signed activex control...but in my case the problem exist in the HTTPS connection, and HTTP, also. Scenario 1 client -- SERVERA mod_proxy (ex.192.168.0.10) over HTTPS -- SERVERB web server with activex (ex. 192.168.0.11) over HTTP Scenario 2 client -- SERVERA mod_proxy (ex.192.168.0.10) over HTTP -- SERVERB web server with activex (ex. 192.168.0.11) over HTTP I have the same problem. Then I don't need to this. [quote] mod_proxy will not change the HTML, the HTML indicates how the ActiveX control should be loaded [quote] that is clear. For Eric: i'm trying to find towards activex Tom: Many thanks for all. Cheers, Mauri 2010/4/16 Tom Evans tevans...@googlemail.com On Fri, Apr 16, 2010 at 12:28 PM, Mauri lai...@gmail.com wrote: I'm checking about security context. The html request is the same. I have set LogLevel to debug. In attach the log during the activex request. There aren't errors. I use I.E. 7 as browser, only. If I connect to SERVERB the browser get the file .CAB (activex). The same if I'm try to connect to SERVERA (proxy). Thanks Tom. Cheers, Mauri Is SERVERB under your control, or is it a third party site, like eg, facebook.com, gmail.com etc. Are you trying to proxy some site with a signed activex control, which would indicate the website that the control should be used under, and hence would fail to work if proxied to a different host. I still don't think this has anything to do with Apache or mod_proxy - mod_proxy will not change the HTML, the HTML indicates how the ActiveX control should be loaded, and the control itself indicates the sites it will run on. Apache cannot do anything about that.. Cheers Tom - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Re: Apache module that enables ActiveX
On Fri, Apr 16, 2010 at 8:39 AM, Mauri lai...@gmail.com wrote: For Eric: i'm trying to find towards activex That's not really any clearer. -- Eric Covener cove...@gmail.com - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] proxypass only https
anyone know how can i do a ProxyPass /foo/http://foo.bar.com but only where protocol is http and not https? so http://www.apache.org/foo/ would proxy to http://foo.bar.com but https://www.apache.org/foo/ would be denied i looked at ProxyPassMatch, but it didn't seem right.
Re: [us...@httpd] proxypass only https
On Fri, Apr 16, 2010 at 10:56 AM, Michael Ni michael...@gmail.com wrote: anyone know how can i do a ProxyPass /foo/ http://foo.bar.com but only where protocol is http and not https? so http://www.apache.org/foo/ would proxy to http://foo.bar.com but https://www.apache.org/foo/ would be denied i looked at ProxyPassMatch, but it didn't seem right. Put your ProxyPass rules in your HTTP-only virtual-host. If you're using a vhost for SSL and the base config for HTTP, create a virtualhost *:80 and use move your ProxyPass into it. -- Eric Covener cove...@gmail.com - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] proxypass only https
thank you On Fri, Apr 16, 2010 at 7:58 AM, Eric Covener cove...@gmail.com wrote: On Fri, Apr 16, 2010 at 10:56 AM, Michael Ni michael...@gmail.com wrote: anyone know how can i do a ProxyPass /foo/http://foo.bar.com but only where protocol is http and not https? so http://www.apache.org/foo/ would proxy to http://foo.bar.com but https://www.apache.org/foo/ would be denied i looked at ProxyPassMatch, but it didn't seem right. Put your ProxyPass rules in your HTTP-only virtual-host. If you're using a vhost for SSL and the base config for HTTP, create a virtualhost *:80 and use move your ProxyPass into it. -- Eric Covener cove...@gmail.com - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] loadbalancer not working as expected
Hello all. Please, bear with me. I have made a configuration on workers.properties file to balance dynamic servlet content through three application servers, using Tomcat as our web server. As per the configuration, I am not seeing the load being balance across all three app servers, but rather the load goes especifically to one of them. Once I shutdown this Tomcat server, the load goes to another server and so on. I am seeing this through the Sessions column under Tomcat's manager application on each server. It is my understanding the the load should be almost round-robin. So, Im going to show you my configuration to see if you can light me on any errors. First, we are using apache Apache/2.0.58 and Tomcat Tomcat/5.5.23. Operating system is HP-UX 11.31, Both components comes bundled with HP-UX Web Server Suite. Here's the content of the workers.properties file. worker.list=loadbalancer,jkstatus worker.appsvr1.port=8009 worker.appsvr1.lbfactor=37 worker.appsvr1.host=192.168.4.21 worker.appsvr1.connection_pool_timeout=600 worker.appsvr1.retries=2 worker.appsvr1.socket_keepalive=true worker.appsvr1.type=ajp13 worker.appsvr2.port=8009 worker.appsvr2.lbfactor=25 worker.appsvr2.host=192.168.4.22 worker.appsvr2.connection_pool_timeout=600 worker.appsvr2.retries=2 worker.appsvr2.socket_keepalive=true worker.appsvr2.type=ajp13 worker.appsvr3.port=8009 worker.appsvr3.lbfactor=37 worker.appsvr3.host=192.168.4.23 worker.appsvr3.connection_pool_timeout=600 worker.appsvr3.retries=2 worker.appsvr3.socket_keepalive=true worker.appsvr3.type=ajp13 worker.jkstatus.type=status worker.loadbalancer.type=lb worker.loadbalancer.balance_workers=appsvr1,appsvr2,appsvr3 worker.loadbalancer.sticky_session=true NOTE: Previously, I had lbfactor set to 37 on all three. and in an attemp to change the behaivour I have been flirting with lower values for appsvr2, but with not avail. Currently, the appsvr that is getting the most load is appsvr2. It is annoying, because to solve the problem I have to bounce Tomcat every time, since the application starts to gets slow. So, how do I do to get Apache to distribuite the load uniformily (at least round-robin) across all three ? Is there any missing configuration you can point out on the workers.properties ? At your request, I can show you the mod_jk.conf file. Thansk! appreciate any help! - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] info: generic access denied for 'xxx.xxx.xxx.xxx' in error log for ALL requests
This is a new Mandrieva 2010 install and this has not worked at all. When I started httpd I was getting errors with the virtual host stuff, but then I copied the old httpd.conf file from the older server config (older version 2.0) and now httpd is not complaining anymore, (I upgraded a Mandrieva 2008 server, but totally reloaded it from scratch) and there are no startup errors in the logs. But since the beginning every time any machine tries to access the server, I get the following error in the error log: [x] info: generic access denied for 'xxx.xxx.xxx.xxx' with the xxx.xxx.xxx.xxx stating the ip address of the machine doing the request. I am at a loss, I cannot find anything wrong with the directives, or permissions for the directories. This was happening with the server completely at default before I changed or setup anything. I get the same error even with localhost. I have tried to google the issue but I have not found anything useful. Not related with this list, but I am having almost the same issues with ssh, although I have vnc, smtp, pop3 and imap working fine. Any input would be appreciated! Thanks! - Jeremy - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org