[us...@httpd] Re: [announce] Apache HTTP Server 2.2.17 and 2.0.64 Released
On 19.10.10 11:27, William A. Rowe Jr. wrote: Subject: [announce] Apache HTTP Server 2.2.17 and 2.0.64 Released The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.2.17 of the Apache HTTP Server (Apache). This version of Apache is principally a bug fix release, and a security fix release of the APR-util 1.3.10 dependency; * SECURITY: CVE-2010-1623 (cve.mitre.org) Fix a denial of service attack against apr_brigade_split_line(). * SECURITY: CVE-2009-3560, CVE-2009-3720 (cve.mitre.org) Fix two buffer over-read flaws in the bundled copy of expat which could cause httpd to crash while parsing specially-crafted XML documents. does this mean that if I have apache compiled with external apr-util-1.3.10 and external expat, I am safe? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Where do you want to go to die? [Microsoft] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] SSL vulnerability question
- Denise Edwards denise.edwa...@bowne.com wrote: Received security can results which had two issues: 1-SSL Server Supports Weak Encryption Vulnerability 2-SSL Server Has SSLv2 Enabled Vulnerability [...] - SSLCipherSuite property includes high, medium, low and SSLv2 On 18.10.10 17:25, Igor Galić wrote: And that's your problem. SSLProtocol TLSv1 SSLv3 SSLCipherSuite RC4-SHA:AES256-SHA:ALL:!ADH:!MD5 I use: SSLCipherSuite DEFAULT:!EXP:!LOW you can list those by issuing: openssl ciphers -v 'cipherlist' -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Chernobyl was an Windows 95 beta test site. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Re: [announce] Apache HTTP Server 2.2.17 and 2.0.64 Released
- Matus UHLAR - fantomas uh...@fantomas.sk wrote: On 19.10.10 11:27, William A. Rowe Jr. wrote: Subject: [announce] Apache HTTP Server 2.2.17 and 2.0.64 Released The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.2.17 of the Apache HTTP Server (Apache). This version of Apache is principally a bug fix release, and a security fix release of the APR-util 1.3.10 dependency; * SECURITY: CVE-2010-1623 (cve.mitre.org) Fix a denial of service attack against apr_brigade_split_line(). * SECURITY: CVE-2009-3560, CVE-2009-3720 (cve.mitre.org) Fix two buffer over-read flaws in the bundled copy of expat which could cause httpd to crash while parsing specially-crafted XML documents. does this mean that if I have apache compiled with external apr-util-1.3.10 and external expat, I am safe? Unless that external expat is the same version as the bundled copy. -- Igor Galić Tel: +43 (0) 664 886 22 883 Mail: i.ga...@brainsware.org URL: http://brainsware.org/ - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] mod_authnz_ldap with kerberos?
Hi all, I use mod_authnz_ldap today with simple ldap bind. Our security team wants me to use to use Kerberos instead to make it more secure. This will allow them to specify from where the service account can login and will also protect the credentials from eavesdropping. Is it possible to make mod_authnz_ldap to use a keytab instead? Or do anyone have a suggestion how to solve this in a even better way? Best regards Emil Assarsson Sony Ericsson Mobile Communications AB The information in this email, and attachment(s) thereto, is strictly confidential and may be legally privileged. It is intended solely for the named recipient(s), and access to this e-mail, or any attachment(s) thereto, by anyone else is unauthorized. Violations hereof may result in legal actions. Any attachment(s) to this e-mail has been checked for viruses, but please rely on your own virus-checker and procedures. If you contact us by e-mail, we will store your name and address to facilitate communications in the matter concerned. If you do not consent to us storing your name and address for above stated purpose, please notify the sender promptly. Also, if you are not the intended recipient please inform the sender by replying to this transmission, and delete the e-mail, its attachment(s), and any copies of it without, disclosing it. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] mod_authnz_ldap with kerberos?
Hi, On Wed, 2010-10-20 at 12:27 +0200, Assarsson, Emil wrote: Hi all, I use mod_authnz_ldap today with simple ldap bind. Our security team wants me to use to use Kerberos instead to make it more secure. This will allow them to specify from where the service account can login and will also protect the credentials from eavesdropping. Is it possible to make mod_authnz_ldap to use a keytab instead? Or do anyone have a suggestion how to solve this in a even better way? mod_auth_kerb: http://modauthkerb.sourceforge.net/ Complex but does work, even with Active Directory. Best regards Emil Assarsson Sony Ericsson Mobile Communications AB The information in this email, and attachment(s) thereto, is strictly confidential and may be legally privileged. It is intended solely for the named recipient(s), and access to this e-mail, or any attachment(s) thereto, by anyone else is unauthorized. Violations hereof may result in legal actions. Any attachment(s) to this e-mail has been checked for viruses, but please rely on your own virus-checker and procedures. If you contact us by e-mail, we will store your name and address to facilitate communications in the matter concerned. If you do not consent to us storing your name and address for above stated purpose, please notify the sender promptly. Also, if you are not the intended recipient please inform the sender by replying to this transmission, and delete the e-mail, its attachment(s), and any copies of it without, disclosing it. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ -- Best Regards, Brett Delle Grazie __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Re-use of a Setenv directive
Hi I have defined a SetEnv Directive this way: SetEnv BASE_PATH /tmp/smthg I would like to re-use this variable in another SetEnv Directive, e.g.: SetEnv PATHS $BASE_PATH/a:$BASE_PATH/b:$BASE_PATH/c:... But $BASE_PATH is not interpreted as a variable. I tried with quotes, back-splash, ... How can I re-use this variable in another SetEnv Directive ? Thanks Apache 2.2.3, Linux kernel 2.6.18, x86_64 -- Sébastien Moretti Department of Ecology and Evolution, Biophore, University of Lausanne, CH-1015 Lausanne, Switzerland - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [us...@httpd] SSL vulnerability question
Thanks. -Original Message- From: Matus UHLAR - fantomas [mailto:uh...@fantomas.sk] Sent: Wednesday, October 20, 2010 3:54 AM To: users@httpd.apache.org Subject: Re: [us...@httpd] SSL vulnerability question - Denise Edwards denise.edwa...@bowne.com wrote: Received security can results which had two issues: 1-SSL Server Supports Weak Encryption Vulnerability 2-SSL Server Has SSLv2 Enabled Vulnerability [...] - SSLCipherSuite property includes high, medium, low and SSLv2 On 18.10.10 17:25, Igor Galić wrote: And that's your problem. SSLProtocol TLSv1 SSLv3 SSLCipherSuite RC4-SHA:AES256-SHA:ALL:!ADH:!MD5 I use: SSLCipherSuite DEFAULT:!EXP:!LOW you can list those by issuing: openssl ciphers -v 'cipherlist' -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Chernobyl was an Windows 95 beta test site. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org CONFIDENTIALITY NOTICE: The information in this Internet email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Re: [announce] Apache HTTP Server 2.2.17 and 2.0.64 Released
On 20.10.2010 11:47, Igor Galić wrote: - Matus UHLAR - fantomasuh...@fantomas.sk wrote: On 19.10.10 11:27, William A. Rowe Jr. wrote: Subject: [announce] Apache HTTP Server 2.2.17 and 2.0.64 Released The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.2.17 of the Apache HTTP Server (Apache). This version of Apache is principally a bug fix release, and a security fix release of the APR-util 1.3.10 dependency; * SECURITY: CVE-2010-1623 (cve.mitre.org) Fix a denial of service attack against apr_brigade_split_line(). * SECURITY: CVE-2009-3560, CVE-2009-3720 (cve.mitre.org) Fix two buffer over-read flaws in the bundled copy of expat which could cause httpd to crash while parsing specially-crafted XML documents. does this mean that if I have apache compiled with external apr-util-1.3.10 and external expat, I am safe? Unless that external expat is the same version as the bundled copy. It seems there http://svn.apache.org/viewvc?view=revisionrevision=1002628 contains additional expat fixes, which have not been released as part of expat. Apr-Util conains expat 1.95.7 with those fixes added. There exists 1.95.8, but that doesn't seem to contain them. I don't know whether 1.95.8 or 2.0.1 are vulnerable or not. Concerning the split brigade fix, note that a similar problem has been fixed in the module mod_reqtimeout. This module is relatively young, so not many configurations already activate it. Regards, Rainer - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Re-use of a Setenv directive
Sébastien, hello. I don't have a solution for you but I'm waiting for a
similar reply.
I hope the following helps:
From my e-mail thread entitled, 'Setting CGI environment variables,
dynamically, from httpd.conf leveraging exising variables':
...
2. Technique 2: setenv DAVESETENV text
--
Result: DAVESETENV=text
But, I've read that this is only a static string.
http://www.usenet-forums.com/apache-web-server/10179-setenv-dynamic-variable.html
Eric Covenor replied:
setenvif is a bit more flexible:
http://httpd.apache.org/docs/current/mod/mod_setenvif.html#setenvif
== So I reckon you should look at setenvif, rather.
--
From my Email entitled, 'RewriteRule .* -
[E=TEMP_SMUSER:%{SSL:OID(2.5.29.17)}] # Subject Alternate Name':
...
Question 2: Also, I've never gotten SetEnvIf to work, for example:
SetEnvIf LA-U:REMOTE_PORT (.*)
A_SETENVIF_LA_U_REMOTE_PORT=$1
SetEnvIf ${LA-U:REMOTE_PORT} (.*)
A_SETENVIF_LA_U_REMOTE_PORT_PERCENT=$1
SetEnvIf LA-F:REMOTE_PORT (.*)
A_SETENVIF_LA_F_REMOTE_PORT=$1
SetEnvIf ${LA-F:REMOTE_PORT} (.*)
A_SETENVIF_LA_F_REMOTE_PORT_PERCENT=$1
SetEnvIf ENV:REMOTE_PORT (.*)
A_SETENVIF_ENV_REMOTE_PORT=$1
SetEnvIf ${ENV:REMOTE_PORT} (.*)
A_SETENVIF_ENV_REMOTE_PORT_PERCENT=$1
SetEnvIf SSL:REMOTE_PORT (.*)
A_SETENVIF_SSL_REMOTE_PORT=$1
SetEnvIf ${SSL:REMOTE_PORT} (.*)
A_SETENVIF_SSL_REMOTE_PORT_PERCENT=$1
SetenvIf %{OID(0.9.2342.19200300.100.1.1)} (.*)
A_SETENVIF_OIDTEST_WITH_PERCENT=3D$1
SetenvIf OID(0.9.2342.19200300.100.1.1) (.*)
A_SETENVIF_OIDTEST=3D$1
Result:
A_SETENVIF_ENV_REMOTE_PORT=
A_SETENVIF_ENV_REMOTE_PORT_PERCENT=
A_SETENVIF_LA_F_REMOTE_PORT=
A_SETENVIF_LA_F_REMOTE_PORT_PERCENT=
A_SETENVIF_LA_U_REMOTE_PORT=
A_SETENVIF_LA_U_REMOTE_PORT_PERCENT=
A_SETENVIF_OIDTEST=3D
A_SETENVIF_OIDTEST_WITH_PERCENT=3D
A_SETENVIF_SSL_REMOTE_PORT=
If I receive an answer I'll let you know.
Cdlt, Dave
-
Sébastien Moretti wrote:
Hi
I have defined a SetEnv Directive this way:
SetEnv BASE_PATH /tmp/smthg
I would like to re-use this variable in another SetEnv Directive, e.g.:
SetEnv PATHS $BASE_PATH/a:$BASE_PATH/b:$BASE_PATH/c:...
But $BASE_PATH is not interpreted as a variable.
I tried with quotes, back-splash, ...
How can I re-use this variable in another SetEnv Directive ?
Thanks
Apache 2.2.3, Linux kernel 2.6.18, x86_64
Re: [users@httpd] Re-use of a Setenv directive
Hello Dave,
thanks for your help.
In fact, I just want to define BASE_PATH in order to re-use it in PATHS.
PATHS contains several times BASE_PATH and I would like to change
BASE_PATH value once instead of several times in PATHS.
Sébastien, hello. I don't have a solution for you but I'm waiting for a
similar reply.
I hope the following helps:
From my e-mail thread entitled, 'Setting CGI environment variables,
dynamically, from httpd.conf leveraging exising variables':
...
2. Technique 2: setenv DAVESETENV text
--
Result: DAVESETENV=text
But, I've read that this is only a static string.
http://www.usenet-forums.com/apache-web-server/10179-setenv-dynamic-variable.html
Eric Covenor replied:
setenvif is a bit more flexible:
http://httpd.apache.org/docs/current/mod/mod_setenvif.html#setenvif
== So I reckon you should look at setenvif, rather.
--
From my Email entitled, 'RewriteRule .* -
[E=TEMP_SMUSER:%{SSL:OID(2.5.29.17)}]# Subject Alternate Name':
...
Question 2: Also, I've never gotten SetEnvIf to work, for example:
SetEnvIf LA-U:REMOTE_PORT (.*) A_SETENVIF_LA_U_REMOTE_PORT=$1
SetEnvIf ${LA-U:REMOTE_PORT} (.*)
A_SETENVIF_LA_U_REMOTE_PORT_PERCENT=$1
SetEnvIf LA-F:REMOTE_PORT (.*) A_SETENVIF_LA_F_REMOTE_PORT=$1
SetEnvIf ${LA-F:REMOTE_PORT} (.*)
A_SETENVIF_LA_F_REMOTE_PORT_PERCENT=$1
SetEnvIf ENV:REMOTE_PORT (.*) A_SETENVIF_ENV_REMOTE_PORT=$1
SetEnvIf ${ENV:REMOTE_PORT} (.*) A_SETENVIF_ENV_REMOTE_PORT_PERCENT=$1
SetEnvIf SSL:REMOTE_PORT (.*) A_SETENVIF_SSL_REMOTE_PORT=$1
SetEnvIf ${SSL:REMOTE_PORT} (.*) A_SETENVIF_SSL_REMOTE_PORT_PERCENT=$1
SetenvIf %{OID(0.9.2342.19200300.100.1.1)} (.*)
A_SETENVIF_OIDTEST_WITH_PERCENT=3D$1
SetenvIf OID(0.9.2342.19200300.100.1.1) (.*) A_SETENVIF_OIDTEST=3D$1
Result:
A_SETENVIF_ENV_REMOTE_PORT=
A_SETENVIF_ENV_REMOTE_PORT_PERCENT=
A_SETENVIF_LA_F_REMOTE_PORT=
A_SETENVIF_LA_F_REMOTE_PORT_PERCENT=
A_SETENVIF_LA_U_REMOTE_PORT=
A_SETENVIF_LA_U_REMOTE_PORT_PERCENT=
A_SETENVIF_OIDTEST=3D
A_SETENVIF_OIDTEST_WITH_PERCENT=3D
A_SETENVIF_SSL_REMOTE_PORT=
If I receive an answer I'll let you know.
Cdlt, Dave
-
Sébastien Moretti wrote:
Hi
I have defined a SetEnv Directive this way:
SetEnv BASE_PATH /tmp/smthg
I would like to re-use this variable in another SetEnv Directive, e.g.:
SetEnv PATHS $BASE_PATH/a:$BASE_PATH/b:$BASE_PATH/c:...
But $BASE_PATH is not interpreted as a variable.
I tried with quotes, back-splash, ...
How can I re-use this variable in another SetEnv Directive ?
Thanks
Apache 2.2.3, Linux kernel 2.6.18, x86_64
--
Sébastien Moretti
Department of Ecology and Evolution,
Biophore, University of Lausanne,
CH-1015 Lausanne, Switzerland
Tel.: +41 (21) 692 4221/4079
http://bioinfo.unil.ch/
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Re-use of a Setenv directive
Oups my test cases weren't tidy.
from vhost443.conf:
SetEnvIf LA-U:REMOTE_PORT (.*)
A_SETENVIF_LA_U_REMOTE_PORT=$1
SetEnvIf %{LA-U:REMOTE_PORT} (.*)
A_SETENVIF_LA_U_REMOTE_PORT_PERCENT=$1
SetEnvIf ${LA-U:REMOTE_PORT} (.*)
A_SETENVIF_LA_U_REMOTE_PORT_DOLLAR=$1
SetEnvIf LA-F:REMOTE_PORT (.*)
A_SETENVIF_LA_F_REMOTE_PORT=$1
SetEnvIf %{LA-F:REMOTE_PORT} (.*)
A_SETENVIF_LA_F_REMOTE_PORT_PERCENT=$1
SetEnvIf ${LA-F:REMOTE_PORT} (.*)
A_SETENVIF_LA_F_REMOTE_PORT_DOLLAR=$1
SetEnvIf ENV:REMOTE_PORT (.*)
A_SETENVIF_ENV_REMOTE_PORT=$1
SetEnvIf %{ENV:REMOTE_PORT} (.*)
A_SETENVIF_ENV_REMOTE_PORT_PERCENT=$1
SetEnvIf ${ENV:REMOTE_PORT} (.*)
A_SETENVIF_ENV_REMOTE_PORT_DOLLAR=$1
SetEnvIf SSL:REMOTE_PORT (.*)
A_SETENVIF_SSL_REMOTE_PORT=$1
SetEnvIf %{SSL:REMOTE_PORT} (.*)
A_SETENVIF_SSL_REMOTE_PORT_PERCENT=$1
SetEnvIf ${SSL:REMOTE_PORT} (.*)
A_SETENVIF_SSL_REMOTE_PORT_DOLLAR=$1
SetenvIf OID(0.9.2342.19200300.100.1.1) (.*)
A_SETENVIF_OIDTEST=3D$1
SetenvIf %{OID(0.9.2342.19200300.100.1.1)} (.*)
A_SETENVIF_OIDTEST_WITH_PERCENT=3D$1
SetenvIf ${OID(0.9.2342.19200300.100.1.1)} (.*)
A_SETENVIF_OIDTEST_WITH_DOLLAR=3D$1
And the result from printenv.pl:
A_SETENVIF_ENV_REMOTE_PORT=
A_SETENVIF_ENV_REMOTE_PORT_DOLLAR=
A_SETENVIF_ENV_REMOTE_PORT_PERCENT=
A_SETENVIF_LA_F_REMOTE_PORT=
A_SETENVIF_LA_F_REMOTE_PORT_DOLLAR=
A_SETENVIF_LA_F_REMOTE_PORT_PERCENT=
A_SETENVIF_LA_U_REMOTE_PORT=
A_SETENVIF_LA_U_REMOTE_PORT_DOLLAR=
A_SETENVIF_LA_U_REMOTE_PORT_PERCENT=
A_SETENVIF_OIDTEST=3D
A_SETENVIF_OIDTEST_WITH_DOLLAR=3D
A_SETENVIF_OIDTEST_WITH_PERCENT=3D
A_SETENVIF_SSL_REMOTE_PORT=
A_SETENVIF_SSL_REMOTE_PORT_DOLLAR=
Cdlt, Dave
-
A_SETENVIF_SSL_REMOTE_PORT_PERCENT=
David (Dave) Donnan wrote:
Sébastien, hello. I don't have a solution for you but I'm waiting for
a similar reply.
I hope the following helps:
From my e-mail thread entitled, 'Setting CGI environment variables,
dynamically, from httpd.conf leveraging exising variables':
...
2. Technique 2: setenv DAVESETENV text
--
Result: DAVESETENV=text
But, I've read that this is only a static string.
http://www.usenet-forums.com/apache-web-server/10179-setenv-dynamic-variable.html
Eric Covenor replied:
setenvif is a bit more flexible:
http://httpd.apache.org/docs/current/mod/mod_setenvif.html#setenvif
== So I reckon you should look at setenvif, rather.
--
From my Email entitled, 'RewriteRule .* -
[E=TEMP_SMUSER:%{SSL:OID(2.5.29.17)}] # Subject Alternate Name':
...
Question 2: Also, I've never gotten SetEnvIf to work, for example:
SetEnvIf LA-U:REMOTE_PORT (.*)
A_SETENVIF_LA_U_REMOTE_PORT=$1
SetEnvIf ${LA-U:REMOTE_PORT} (.*)
A_SETENVIF_LA_U_REMOTE_PORT_PERCENT=$1
SetEnvIf LA-F:REMOTE_PORT (.*)
A_SETENVIF_LA_F_REMOTE_PORT=$1
SetEnvIf ${LA-F:REMOTE_PORT} (.*)
A_SETENVIF_LA_F_REMOTE_PORT_PERCENT=$1
SetEnvIf ENV:REMOTE_PORT (.*)
A_SETENVIF_ENV_REMOTE_PORT=$1
SetEnvIf ${ENV:REMOTE_PORT} (.*)
A_SETENVIF_ENV_REMOTE_PORT_PERCENT=$1
SetEnvIf SSL:REMOTE_PORT (.*)
A_SETENVIF_SSL_REMOTE_PORT=$1
SetEnvIf ${SSL:REMOTE_PORT} (.*)
A_SETENVIF_SSL_REMOTE_PORT_PERCENT=$1
SetenvIf %{OID(0.9.2342.19200300.100.1.1)} (.*)
A_SETENVIF_OIDTEST_WITH_PERCENT=3D$1
SetenvIf OID(0.9.2342.19200300.100.1.1) (.*)
A_SETENVIF_OIDTEST=3D$1
Result:
A_SETENVIF_ENV_REMOTE_PORT=
A_SETENVIF_ENV_REMOTE_PORT_PERCENT=
A_SETENVIF_LA_F_REMOTE_PORT=
A_SETENVIF_LA_F_REMOTE_PORT_PERCENT=
A_SETENVIF_LA_U_REMOTE_PORT=
A_SETENVIF_LA_U_REMOTE_PORT_PERCENT=
A_SETENVIF_OIDTEST=3D
A_SETENVIF_OIDTEST_WITH_PERCENT=3D
A_SETENVIF_SSL_REMOTE_PORT=
If I receive an answer I'll let you know.
Cdlt, Dave
-
Sébastien Moretti wrote:
Hi
I have defined a SetEnv Directive this way:
SetEnv BASE_PATH /tmp/smthg
I would like to re-use this variable in another SetEnv Directive, e.g.:
SetEnv PATHS $BASE_PATH/a:$BASE_PATH/b:$BASE_PATH/c:...
But $BASE_PATH is not interpreted as a variable.
I tried with quotes, back-splash, ...
How can I re-use this variable in
Re: [users@httpd] Re-use of a Setenv directive
On 20.10.2010 14:49, Sébastien Moretti wrote:
Hi
I have defined a SetEnv Directive this way:
SetEnv BASE_PATH /tmp/smthg
I would like to re-use this variable in another SetEnv Directive, e.g.:
SetEnv PATHS $BASE_PATH/a:$BASE_PATH/b:$BASE_PATH/c:...
But $BASE_PATH is not interpreted as a variable.
I tried with quotes, back-splash, ...
How can I re-use this variable in another SetEnv Directive ?
Thanks
You should be able to do this via:
- Use a RewriteCond to match against the BASE_PATH variable
- Use a RewriteRuke with an ENV= flag to set PATHS using the back
reference to the matched variable
Clumsy, but should work.
If the values are in fact static, i.e. do not depend in the request,
virtual host etc., you can actually use the fact, that Apache allows you
to resolve unix environment variables (not the same as Apache
environment variables) inside the Apache configuration. The syntax is
${VARNAME} (do not drop the curly braces).
- Set env var outside of Apache before starting:
BASE_PATH=/var/smthg
export BASE_PATH
Use variable inside Apache config:
SetEnv PATHS ${BASE_PATH}/a:${BASE_PATH}/b:${BASE_PATH}/c:...
or
Directory ${BASE_PATH}/somesubdir
etc.
Regards,
Rainer
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Re-use of a Setenv directive
Rainer Jung wrote:
If the values are in fact static, i.e. do not depend in the request,
virtual host etc., you can actually use the fact, that Apache allows you
to resolve unix environment variables (not the same as Apache
environment variables) inside the Apache configuration. The syntax is
${VARNAME} (do not drop the curly braces).
- Set env var outside of Apache before starting:
BASE_PATH=/var/smthg
export BASE_PATH
Use variable inside Apache config:
SetEnv PATHS ${BASE_PATH}/a:${BASE_PATH}/b:${BASE_PATH}/c:...
Is this post-Apache 2.2.x functionality, or are you talking about
mod_define to get this functionality?
--
J.Lance Wilkinson (Lance) InterNet: lance.wilkin...@psu.edu
Systems Design Specialist - LeadPhone: (814) 865-4870
Digital Library TechnologiesFAX: (814) 863-3560
E3 Paterno Library
Penn State University
University Park, PA 16802
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Re-use of a Setenv directive
Hi
I have defined a SetEnv Directive this way:
SetEnv BASE_PATH /tmp/smthg
I would like to re-use this variable in another SetEnv Directive, e.g.:
SetEnv PATHS $BASE_PATH/a:$BASE_PATH/b:$BASE_PATH/c:...
But $BASE_PATH is not interpreted as a variable.
I tried with quotes, back-splash, ...
How can I re-use this variable in another SetEnv Directive ?
Thanks
You should be able to do this via:
- Use a RewriteCond to match against the BASE_PATH variable
- Use a RewriteRuke with an ENV= flag to set PATHS using the back
reference to the matched variable
Clumsy, but should work.
If the values are in fact static, i.e. do not depend in the request,
virtual host etc., you can actually use the fact, that Apache allows you
to resolve unix environment variables (not the same as Apache
environment variables) inside the Apache configuration. The syntax is
${VARNAME} (do not drop the curly braces).
- Set env var outside of Apache before starting:
It does exactly what I want.
But I cannot do it automatically if apache is started automatically at
boot time. Except if I add this in /etc/init.d/httpd2 script but will
have to re-do it each time apache is updated.
BASE_PATH=/var/smthg
export BASE_PATH
Use variable inside Apache config:
SetEnv PATHS ${BASE_PATH}/a:${BASE_PATH}/b:${BASE_PATH}/c:...
or
Directory ${BASE_PATH}/somesubdir
etc.
Regards,
Rainer
--
Sébastien Moretti
Department of Ecology and Evolution,
Biophore, University of Lausanne,
CH-1015 Lausanne, Switzerland
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Apache with MPI?
Was this in the correct mailinglist? I checked the mailinglist rules, and it didn't seem like a problem asking here. -- Daniel Theisen On Thu, 14 Oct 2010 21:06:09 -0400 Daniel Theisen dthei...@nexcess.net wrote: Hello, I was wondering if there is any implementation of the Apache Webserver that utilizes MPICH or OpenMPI. Does anyone have any experience using a MPI implementation? I'm interested in the performance difference between a webserver that is distributed across multiple servers using MPI and a proxy based load distributor. If anyone has any kind of experience with this kind of thing, information on it would be great! -- Daniel Theisen - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org -- Daniel Theisen dthei...@nexcess.net - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] MOD_PROXY Open CSV Content Into Excel
Hello All We develop web applications using Weblogic and JSP pages. Our web app has the functionality to export to excel where data is pulled from a database and presented to the web client, at that point the web client recognizes the content stream and opens excel with the CSV file. The code from the JSP page is below: response.setHeader(Expires, Sat, 6 May 1995 12:00:00 GMT); response.setHeader(Cache-control, no-store, no-cache, must-revalidate); response.addHeader(Cache-Control, post-check=0, pre-check=0); response.setHeader(Content-Type, text/html; charset= + encoding); response.setHeader(Pragma, no-cache); response.setHeader(Content-Disposition, dispType + ; filename=grid.csv); Where dispType = attachment encoding = UTF-8 When accessing the Web app directly, this works great, but when accessing through an Apache Reverse Proxy, the CSV content is displayed in the browser window. Our Reverse Proxy settings are listed below. !--http.conf snip-- ProxyRequests Off ProxyPreserveHost Off ProxyPass /app/ http://internalhost/app/ ProxyPassReverse /app/ http://internalhost/app/ Proxy https://*/app/*; Order deny,allow Deny from All #Allow from Us Allow from 10.0.0.0/20 #Allow from Customer Allow from 162.x.x.x/24 /Proxy !--http.conf snip-- Has anyone seen this before? ___ Todd Simons Principal IT Engineer tsim...@*.com CONFIDENTIALITY NOTICE This e-mail message from Delphi Technology, Inc. is intended only for the individual or entity to which it is addressed. This e-mail may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you received this e-mail by accident, please notify the sender immediately and destroy this e-mail and all copies of it.
Re: [us...@httpd] Apache with MPI?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/20/2010 04:34 PM, Daniel Theisen wrote: Was this in the correct mailinglist? I checked the mailinglist rules, and it didn't seem like a problem asking here. -- Daniel Theisen On Thu, 14 Oct 2010 21:06:09 -0400 Daniel Theisen dthei...@nexcess.net wrote: Hello, I was wondering if there is any implementation of the Apache Webserver that utilizes MPICH or OpenMPI. Does anyone have any experience using a MPI implementation? I'm interested in the performance difference between a webserver that is distributed across multiple servers using MPI and a proxy based load distributor. If anyone has any kind of experience with this kind of thing, information on it would be great! I suspect there hasn't been much, if any, work in porting httpd to MPI simply because scaling httpd is a solved problem. As CPU core and thread counts grow, so httpd scales within the box. If you're hitting the limits of your box, you add more and load balance. Network load balancers (ipvsadm, F5 BigIP, Cisco etc) are one approach. Application load balancers (mod_proxy, squid etc) are the other. Mark - -- Mark Watts BSc RHCE MBCS Senior Systems Engineer, IPR Secure Managed Hosting www.QinetiQ.com QinetiQ - Delivering customer-focused solutions GPG Key: http://www.linux-corner.info/mwatts.gpg -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAky/EJ0ACgkQBn4EFUVUIO2F7gCgwLbWWIibzqCGeHR65UWIbF3t ccMAmwfU+fwpJXSjZSFGhnjpodXJd8tp =wjVn -END PGP SIGNATURE- - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Re-use of a Setenv directive
On 20.10.2010 17:04, Igor Galić wrote:
- J.Lance Wilkinsonjl...@psulias.psu.edu wrote:
Rainer Jung wrote:
If the values are in fact static, i.e. do not depend in the request,
virtual host etc., you can actually use the fact, that Apache allows
you
to resolve unix environment variables (not the same as Apache
environment variables) inside the Apache configuration. The syntax
is
${VARNAME} (do not drop the curly braces).
- Set env var outside of Apache before starting:
BASE_PATH=/var/smthg
export BASE_PATH
Use variable inside Apache config:
SetEnv PATHS ${BASE_PATH}/a:${BASE_PATH}/b:${BASE_PATH}/c:...
Is this post-Apache 2.2.x functionality, or are you talking about
mod_define to get this functionality?
Nope. That's in 2.2 -- it's (heavily) (ab)used by Distros like
Debian and their like.
... and it was finally documented after being a secret for many years:
http://httpd.apache.org/docs/2.2/configuring.html#syntax
Also, what's mod_define?
That's a module that lets your define variables inside Apache
configuration. They are resolved with the same syntax ${XXX}. The
difference to the shell environment variables is, that
- you can redefine (change config) and do (graceful) restart.
This won't work for shell variables, because all children are still
forked from the same original parent process, which hasn't changes its
environment
- you can use the features of the normal config files (include etc) and
define the variables closer to were you use them.
mod_define was part of the 1.3 mod_ssl written by Ralf Engelschall. I
ported it to 2.x and offered to include into trunk some time ago. At
least Stefan Fritsch liked the idea :)
One minor problem: The ${xxx} syntax clashes with RewriteMap syntax.
You can find the port at
http://people.apache.org/~rjung/mod_define/
Feedback welcome.
Regards,
Rainer
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] MOD_PROXY Open CSV Content Into Excel
On 20.10.2010 17:50, Todd Simons wrote: Hello All We develop web applications using Weblogic and JSP pages. Our web app has the functionality to export to excel where data is pulled from a database and presented to the web client, at that point the web client recognizes the content stream and opens excel with the CSV file. The code from the JSP page is below: response.setHeader(Expires, Sat, 6 May 1995 12:00:00 GMT); response.setHeader(Cache-control, no-store, no-cache, must-revalidate); response.addHeader(Cache-Control, post-check=0, pre-check=0); response.setHeader(Content-Type, text/html; charset= + encoding); response.setHeader(Pragma, no-cache); response.setHeader(Content-Disposition, dispType + ; filename=grid.csv); Where dispType = attachment encoding = UTF-8 When accessing the Web app directly, this works great, but when accessing through an Apache Reverse Proxy, the CSV content is displayed in the browser window. Our Reverse Proxy settings are listed below. !-—http.conf snip-- ProxyRequests Off ProxyPreserveHost Off ProxyPass /app/ http://internalhost/app/ ProxyPassReverse /app/ http:// internalhost / app / http://internalhost/app/ Proxy https://*/app/*; Order deny,allow Deny from All #Allow from Us Allow from 10. 0 .0.0/20 #Allow from Customer Allow from 162. x . x.x /24 /Proxy !-—http.conf snip-- Has anyone seen this before? Can you check the headers that are sent to the browser by using a browser plugin (Firefox: Firebug etc., MSIE: Fiddler etc.). Any differences between direct access and proxy? Regards, Rainer - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Re: [announce] Apache HTTP Server 2.2.17 and 2.0.64 Released
On 10/20/2010 1:44 AM, Matus UHLAR - fantomas wrote: On 19.10.10 11:27, William A. Rowe Jr. wrote: Subject: [announce] Apache HTTP Server 2.2.17 and 2.0.64 Released The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.2.17 of the Apache HTTP Server (Apache). This version of Apache is principally a bug fix release, and a security fix release of the APR-util 1.3.10 dependency; * SECURITY: CVE-2010-1623 (cve.mitre.org) Fix a denial of service attack against apr_brigade_split_line(). * SECURITY: CVE-2009-3560, CVE-2009-3720 (cve.mitre.org) Fix two buffer over-read flaws in the bundled copy of expat which could cause httpd to crash while parsing specially-crafted XML documents. does this mean that if I have apache compiled with external apr-util-1.3.10 and external expat, I am safe? From these two flaws? Only if your external expat is also up-to-date, refer that question to the expat community. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [us...@httpd] Host-header from requests are ignored?
Hi ! Thanks for your reply! I read the docs several times and, again today, read several hours tips from groups in the internet, without any help. I just now made a VM with debian and put the following in httpd.conf and left off debians's enabled-sites and available-sites directories: VirtualHost *:80 ServerName wl1 ServerAlias wl1 DocumentRoot /var/www/test80 Directory /var/www/test80 Options Indexes FollowSymLinks MultiViews AllowOverride None Order Allow,Deny Allow from All /Directory LogLevel debug ErrorLog /var/log/apache2/test80-error.log CustomLog /var/log/apache2/test80-access.log combined /VirtualHost VirtualHost *:80 ServerName wl2 ServerAlias wl2 DocumentRoot /var/www/test81 Directory / Options FollowSymLinks AllowOverride None /Directory Directory /var/www/test81 Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny Allow from all /Directory LogLevel info ErrorLog /var/log/apache2/error-test81.log CustomLog /var/log/apache2/test81-access.log combined /VirtualHost VirtualHost _default_:* ServerName localhost ServerAlias localhost DocumentRoot /var/www /VirtualHost Anyway, which host-header I specify - any valid ip-address pointing to this machine - strands in the same directory! I have really not any clue, what's going wrong. I tried with different ports also, with no luck. I put the default host on top or on bottom, the result remains the same. It looks like apache never sees or acts on the hostheader! Could you possibly offer more help?? ::Eric Covener:I left off the name/ip in the VirtualHost now. Thanks a lot!! br++mabra -Original Message- From: Igor Galic [mailto:i.ga...@brainsware.org] Sent: Monday, October 18, 2010 1:00 PM To: users@httpd.apache.org Subject: Re: [us...@httpd] Host-header from requests are ignored? - ma...@manfbraun.de wrote: Hello ! I read the apache docs [using 2.2.9], but there is a lot of stuff, which is different in Debian [lenny, 5.0.6]. Apache ignores the host-header given by the browser: http://x or http://x:81 or http://x.mbg.local are all served, but should be blocked. The definition for x stems from my hosts file [which everyone could do this way]. I am new new to apache, but on my IIS this works as expected. All browsers act equal [so no browser header problem]. I configured two VirtualHosts, an excerpt: NameVirtualHost hugo:80 VirtualHost hugo:80 This looks like bad practice on Apache httpd. DocumentRoot /usr/share/doc Alias /doc/ /usr/share/doc/ Directory /usr/share/doc/ Options Indexes MultiViews FollowSymLinks Allow from 192.168.24.0/24 /Directory /VirtualHost The other VirtualHost is configured for port 81. The I go to my hosts file on any box, and add hugo's ip-address under the new name x. Then, x is served [with and without specifying a port], although the host-header in apache is hugo!! Every user coming from the internet could make the same! I am out of hope now. Does anyone has any help for me? Check http://wiki.apache.org/httpd/ExampleVhosts or http://httpd.apache.org/docs/current/vhosts/examples.html out to see some examples for vhosts. What I prefer to do is something like this: # Enable name-based virtual hosts for all interfaces, on port 80 NameVirtualHost *:80 # the first listed vhost will be the default vhost, # it catches all names which do not match: VirtualHost *:80 Location / Deny from all /Location # Alternatively, you could use mod_rewrite to send 410, as per RFC. /VirtualHost VirtualHost *:80 ServerName Hugo /VirtualHost etc... Would really very good! br++mabra - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org -- Igor Galic Tel: +43 (0) 664 886 22 883 Mail: i.ga...@brainsware.org URL: http://brainsware.org/ - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP
Re: [us...@httpd] Host-header from requests are ignored?
Anyway, which host-header I specify - any valid ip-address pointing to this machine - strands in the same directory! http://httpd.apache.org/docs/current/mod/core.html#namevirtualhost -- Eric Covener cove...@gmail.com - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Host-header from requests are ignored?
Anyway, which host-header I specify - any valid ip-address pointing to this machine - strands in the same directory! What's the output of 'httpd -S'? Joost - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Apache rewriterule generator with multiple null query string
Hi All, Do we have any tool that can generate based on the input / rule I select ? I have an URL that contain a query string. The condition should check if the query string parameter is Null and Or the query string parameter is not passed at all should go to a specific page ? Please advice. Best Regards, Arun Janarthanan
RE: [us...@httpd] Host-header from requests are ignored? [solved]
Hi All ! I really have had not understand how far the consistence of properties have to be driven . Now, I have a) in debians ports.conf: NameVirtualHost 192.168.26.92:80 b) in httpd.conf: VirtualHost 192.168.26.92:80 #ServerName localhost #ServerAlias localhost DocumentRoot /var/www/block Directory /var/www/block Options Indexes FollowSymLinks MultiViews AllowOverride None Order Allow,Deny Allow from All ##would just like to see, this is the end!!! /Directory /VirtualHost VirtualHost 192.168.26.92:80 ServerName wl1 ServerAlias wl1 DocumentRoot /var/www/test80 Directory /var/www/test80 Options Indexes FollowSymLinks MultiViews AllowOverride None Order Allow,Deny Allow from All /Directory LogLevel debug ErrorLog /var/log/apache2/test80-error.log CustomLog /var/log/apache2/test80-access.log vhost_combined /VirtualHost VirtualHost 192.168.26.92:80 ServerName wl2 ServerAlias wl2 DocumentRoot /var/www/test81 Directory / Options FollowSymLinks AllowOverride None /Directory Directory /var/www/test81 Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny Allow from all /Directory LogLevel info ErrorLog /var/log/apache2/error-test81.log CustomLog /var/log/apache2/test81-access.log vhost_combined /VirtualHost After I removed any mixture between names/ip's and ports, the result is as I expected Hurray!! Many, many thanks:All contributions finally brought me into the right directions br++mabra -Original Message- From: Igor Galic [mailto:i.ga...@brainsware.org] Sent: Monday, October 18, 2010 1:00 PM To: users@httpd.apache.org Subject: Re: [us...@httpd] Host-header from requests are ignored? - ma...@manfbraun.de wrote: Hello ! I read the apache docs [using 2.2.9], but there is a lot of stuff, which is different in Debian [lenny, 5.0.6]. Apache ignores the host-header given by the browser: http://x or http://x:81 or http://x.mbg.local are all served, but should be blocked. The definition for x stems from my hosts file [which everyone could do this way]. I am new new to apache, but on my IIS this works as expected. All browsers act equal [so no browser header problem]. I configured two VirtualHosts, an excerpt: NameVirtualHost hugo:80 VirtualHost hugo:80 This looks like bad practice on Apache httpd. DocumentRoot /usr/share/doc Alias /doc/ /usr/share/doc/ Directory /usr/share/doc/ Options Indexes MultiViews FollowSymLinks Allow from 192.168.24.0/24 /Directory /VirtualHost The other VirtualHost is configured for port 81. The I go to my hosts file on any box, and add hugo's ip-address under the new name x. Then, x is served [with and without specifying a port], although the host-header in apache is hugo!! Every user coming from the internet could make the same! I am out of hope now. Does anyone has any help for me? Check http://wiki.apache.org/httpd/ExampleVhosts or http://httpd.apache.org/docs/current/vhosts/examples.html out to see some examples for vhosts. What I prefer to do is something like this: # Enable name-based virtual hosts for all interfaces, on port 80 NameVirtualHost *:80 # the first listed vhost will be the default vhost, # it catches all names which do not match: VirtualHost *:80 Location / Deny from all /Location # Alternatively, you could use mod_rewrite to send 410, as per RFC. /VirtualHost VirtualHost *:80 ServerName Hugo /VirtualHost etc... Would really very good! br++mabra - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org -- Igor Galic Tel: +43 (0) 664 886 22 883 Mail: i.ga...@brainsware.org URL: http://brainsware.org/ - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Weird behaviour of Apache
Hello *,
I have reinstalled Debian/Lenny and apache and disabled all VHosts
except server08 but now I get following Error:
[ command 'invoke-rc.d apache2 start' ]-
Restarting web server: apache2no listening sockets available, shutting down
Unable to open logs
failed!
invoke-rc.d: initscript apache2, action start failed.
1) Where could the Socket problem come from?
2) I have checked all directories and they have the right permission
[ command 'apache2ctl configtest' ]-
Syntax OK
This sounds not very funny, because in general it is the same config as
the the sever where http://www.tamay-dogan.net/ is.
[ '/VServer_08/APACHE_enabled/0_vserver08.tamay-dogan.net' ]
NameVirtualHost 192.168.0.208:80
VirtualHost 192.168.0.208:80
ServerAdmin hostmas...@tamay-dogan.net
ServerName vserver08.tamay-dogan.net
DocumentRoot/VServer_08/htdocs/
Directory /
Options FollowSymLinks Indexes
AllowOverride None
/Directory
# debug, info, notice, warn, error, crit, alert, emerg.
LogLevelwarn
ErrorLog
/VServer_08/CONFIG_vserver08.tamay-dogan.net/log/apache/error.log
LogFormat %{[%Y-%m-%d %H:%M:%S %z]}t %h [%V] %l %u \%r\ %s %b
\%{Referer}i\ \%{User-Agent}i\ vhost
CustomLog
/VServer_08/CONFIG_vserver08.tamay-dogan.net/log/apache/access.log vhost
ServerSignature On
/VirtualHost
If I use -x in the apache2ctl Script I get:
[ command 'apache2ctl start' ]--
+ ARGV=start
+ test -z ''
+ APACHE_ENVVARS=/etc/apache2/envvars
+ test -f /etc/apache2/envvars
+ . /etc/apache2/envvars
++ export APACHE_RUN_USER=www-data
++ APACHE_RUN_USER=www-data
++ export APACHE_RUN_GROUP=www-data
++ APACHE_RUN_GROUP=www-data
++ export APACHE_PID_FILE=/var/run/apache2.pid
++ APACHE_PID_FILE=/var/run/apache2.pid
+ HTTPD=/usr/sbin/apache2
+ LYNX='www-browser -dump'
+ STATUSURL=http://localhost:80/server-status
++ ulimit -H -n
+ ULIMIT_MAX_FILES='ulimit -S -n 1024'
+ '[' 'xulimit -S -n 1024' '!=' x ']'
+ ulimit -S -n 1024
+ ERROR=0
+ '[' xstart = x ']'
+ '[' xstart = xusage ']'
+ '[' xstart = x--help ']'
+ case $ARGV in
+ mkdir -p /var/run/apache2
+ install -d -o www-data /var/lock/apache2
+ rm -f '/var/run/apache2/*ssl_scache*'
+ /usr/sbin/apache2 -k start
no listening sockets available, shutting down
Unable to open logs
+ ERROR=1
+ exit 1
Here is the config (lines with # at the beginning striped)
[ '/etc/apache2/apache2.conf' ]-
ServerRoot /etc/apache2
LockFile /var/lock/apache2/accept.lock
PidFile ${APACHE_PID_FILE}
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
IfModule mpm_prefork_module
StartServers 5
MinSpareServers 5
MaxSpareServers 10
MaxClients 150
MaxRequestsPerChild 0
/IfModule
IfModule mpm_worker_module
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
/IfModule
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
AccessFileName .htaccess
Files ~ ^\.ht
Order allow,deny
Deny from all
/Files
DefaultType text/plain
HostnameLookups Off
ErrorLog /var/log/apache2/error.log
LogLevel warn
Include /etc/apache2/mods-enabled/*.load
Include /etc/apache2/mods-enabled/*.conf
Include /etc/apache2/httpd.conf
Include /etc/apache2/ports.conf
LogFormat %v:%p %h %l %u %t \%r\ %s %b \%{Referer}i\ \%{User-Agent}i\
vhost_combined
LogFormat %h %l %u %t \%r\ %s %b \%{Referer}i\ \%{User-Agent}i\
combined
LogFormat %h %l %u %t \%r\ %s %b common
LogFormat %{Referer}i - %U referer
LogFormat %{User-agent}i agent
CustomLog /var/log/apache2/other_vhosts_access.log vhost_combined
Include /etc/apache2/conf.d/
Include /VServer_08/APACHE_enabled/
[ '/etc/apache2/envvars' ]--
export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data
export APACHE_PID_FILE=/var/run/apache2.pid
[ '/etc/apache2/ports.conf' ]---
IfModule mod_ssl.c
Listen 443
/IfModule
Thanks, Greetings and nice Day/Evening
Michelle Konzack
--
# Debian GNU/Linux Consultant ##
Development of Intranet and Embedded Systems with Debian GNU/Linux
Re: [us...@httpd] Weird behaviour of Apache
Restarting web server: apache2no listening sockets available, shutting down IfModule mod_ssl.c Listen 443 /IfModule You need to define at least 1 Listen directive. This is the only one in your post, and it's obviously not part of your config due to absence of mod_ssl. -- Eric Covener cove...@gmail.com - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Weird behaviour of Apache
-Original Message-
From: Michelle Konzack
Sent: 21 October, 2010 0:37
To: Apache EN
Subject: [us...@httpd] Weird behaviour of Apache
//
Restarting web server: apache2no listening sockets available, shutting down
Unable to open logs
failed!
invoke-rc.d: initscript apache2, action start failed.
LogLevelwarn
ErrorLog
/VServer_08/CONFIG_vserver08.tamay-dogan.net/log/apache/error.log
LogFormat %{[%Y-%m-%d %H:%M:%S %z]}t %h [%V] %l %u \%r\ %s %b
\%{Referer}i\ \%{User-Agent}i\ vhost
CustomLog
/VServer_08/CONFIG_vserver08.tamay-dogan.net/log/apache/access.log vhost
//
It states that you do not have any logs where you have them configured. Please
make sure you have the logs in the following
Thanks,
Daniel
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
