Re: [users@httpd] general module question
On Sun, Apr 22, 2012 at 2:28 AM, Will william.leon...@lxcenter.org wrote: I was wondering just generally speaking if this would be possible. mod_php can only load a single php.ini file, but it does allow php_admin_value to set the values. I wonder if I could make a module that allows you to add a directive to point to an ini file on a per domain basis and would parse that ini file and set all the values similarly to php_admin_value. -Will I doubt it. php.ini is most likely read when the PHP interpreter is loaded in each child. The interpreter is unlikely to be loaded on each request, and requests are routed to the first available child, not on a per-domain basis. If you require different PHP settings per domain, why not just run under fastcgi? Cheers Tom - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Apache SSL issue.
Gentlepeople, Got the following situation that I can't seem to solve. Would love some suggestions or a faq/link on how to solve this: Running a Ubuntu LAMP with 2 virtual hosts, let's say site1.example.com site2.example.com. site1 is on port 80 and site 2 is on 443. Both working fine and if I switch site1 to 443 and site2 to 80, both still work fine. Now for the issue. I want, using Redirect Permanent, for site1 to run on port 5001 and site2 to run on port 5002 both using SSL. Port 443 can then be closed. But if I replace port 443 with port 5001 or 5002, it all falls apart with an Error code: ssl_error_rx_record_too_long. Seems I can't find the correct syntax for the Redirect Permanent. Somehow there should be something like: Redirect permanent / https://site1.example.com:5001, but that does not work. A redirect to https://site1.example.com works, but gives the ssl_error. Current working config (with parts left out): ports.conf NameVirtualHost *:80 IfModule mod_ssl.c Listen 443 /IfModule IfModule mod_gnutls.c Listen 443 /IfModule Host definition in sites-available for the ssl site VirtualHost *:80 ServerAdmin some...@example.com ServerName site2.example.com Redirect permanent / https://site2.example.com /VirtualHost VirtualHost *:443 ServerAdmin some...@example.com ServerName site2.example.com SSLEngine on SSLCertificateFile /etc/apache2/apache.pem /VirtualHost Changing all 443 for 5001 does not do the trick what am I missing here...? If it helps, I run my one DNS forward and reverse working fine and private proxy also working fine. Met vriendelijke groet, Kind regards, M. Lebbink PhotographITy Almere - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Session shared in between tabs - loadbalancer
Hi All, I have apache load balancer (header, cookie) and two apache tomcat backend servers. It is possible to setup apache to handle session between browser tabs? in this moment I can log in to my backend through my LB but when I try to open this same link in other tab I get backend tomcat hello page ( why no my application?) How can I achieve session sharing? or at least how can I reconfigure my LB or backend to show my webapp in second tab not hello page? Regards - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] How setting byte-range header field?
Hi! I'm trying to set byte-range header field(iOS require this field in media playback). But httpd cannot set byte-range field in reponse header. I wander how do I configure apache configuration file? version info # cat /etc/redhat-release CentOS release 5.8 (Final) #httpd -v httpd Apache/2.2.3 TAKAGI Masaya - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] rewrite to https website
Hi all, I have a question on apache rewrite, I have a https website: https://www.a.com I want add another url(http://www.b.com),and this url will be forward to https://www.b.com I using the rewite rules, but I seem doesn't work. any suggestions? -- Tianjing - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] How setting byte-range header field?
2012/4/24 Takagi tak...@x-ics.com: Hi! I'm trying to set byte-range header field(iOS require this field in media playback). But httpd cannot set byte-range field in reponse header. I wander how do I configure apache configuration file? version info # cat /etc/redhat-release CentOS release 5.8 (Final) #httpd -v httpd Apache/2.2.3 TAKAGI Masaya Servers normally indicate support for byte range requests by sending the header Accept-Ranges, which Apache seems to do for me: $ wget -S http://httpd.apache.org/images/httpd_logo_wide.gif 21 | grep 'Accept-Ranges' Accept-Ranges: bytes Cheers Tom - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] PHP doesn't process pages
On Sun, 2012-04-22 at 20:42 -0400, John Iliffe wrote: Hi Noel: At the risk of becoming a real pest, can you tell me what version of PCRE you used? I installed PCRE-8.30 and PHP 5.3.10 will not compile with it. PHP-5.4.0 was OK but with PHP-5.3.10 I get It does seem horribly broken, I use the PCRE version with Slackware, 8.02 from 2010, not that badm they seem to have massive jumps in version numbers...strange.. but each to their own, I tried building php with 5.3.10 and yes, it failed, I have no idea what they've done, but left hand doesnt know what the rights doing, and neither seem to know what the connecting limbs or upper torso are doing, seems a right mess. When I build 5.3.10, checking the configure history, indicated bundled, so ar you sure they have removed it? Problem with 5.4.0, is, its still so green, its not in wide enough use to be called stable, but thats just my personal opinion /tmp/php-5.3.10/ext/pcre/php_pcre.c:258: undefined reference to `pcre_info' collect2: ld returned 1 exit status make: *** [sapi/cli/php] Error 1 signature.asc Description: This is a digitally signed message part
Re: [users@httpd] PHP doesn't process pages
On Sun, 2012-04-22 at 21:00 -0400, John Iliffe wrote: O - the FilesMatch bit came from the PHP installation on the default Apache config file. I don't think I coded it, but at this point I can't be sure. That's strange, I only ever do source builds, because no package maintainer can build packages for every scenario, and I've never seen php ad that, it will however always add AddType, and module section, but, IIRC , only adds the module section if a pre existing module entry exists signature.asc Description: This is a digitally signed message part
Re: [users@httpd] rewrite to https website
On Tue, Apr 24, 2012 at 12:24 PM, TianJing jingtian.seu...@gmail.com wrote: Hi all, I have a question on apache rewrite, I have a https website: https://www.a.com I want add another url(http://www.b.com),and this url will be forward to https://www.b.com I using the rewite rules, but I seem doesn't work. any suggestions? You need to give more information. You haven't said anything useful. What did you try? Show your config What happened? In a general sense, what you are trying to do is easy. You've gone from one SSL vhost to two SSL vhosts and a non SSL vhost that redirects to one of the SSL vhosts: VirtualHost 12.34.56.78:443 ServerName a.com # a.com's SSL settings, etc /VirtualHost VirtualHost 12.34.56.79:443 ServerName b.com # b.com's SSL settings, etc /VirtualHost VirtualHost *:80 ServerName b.com Redirect / https://b.com/ /VirtualHost Cheers Tom - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Deny directives silently ignored in config files
On Mon, 2012-04-23 at 09:04 +0200, Matthieu Moy wrote: Noel Butler noel.but...@ausics.net writes: Right, so have you changed it to Directory and does it now work? I tried Directory, and it did not work. - You definitely have something broken then if Deny does not work in a Directory statement For 2.2... Directory / -- Default for everything on filesystem, which would include /tmp AllowOverride None Order Deny,Allow Deny from all /Directory Directory /var/www/html Order Deny,Allow Allow from all /Directory Which of course has all changed with 2.4, but I wont confuse you with those :) attachment: face-smile.png signature.asc Description: This is a digitally signed message part
Re: [users@httpd] rewrite to https website
On Tue, 2012-04-24 at 19:24 +0800, TianJing wrote: Hi all, I have a question on apache rewrite, I have a https website: https://www.a.com I want add another url(http://www.b.com),and this url will be forward to https://www.b.com I using the rewite rules, but I seem doesn't work. any suggestions? Just use a simple redirect VirtualHost *:80 ServerName www.b.com redirect permanent / https://www.a.com /VirtualHost signature.asc Description: This is a digitally signed message part
Re: [users@httpd] rewrite to https website
sorry, more detail info: ssl: NameVirtualHost *:443 VirtualHost *:443 DocumentRoot /usr/local/webapps ServerName www.a.com ErrorLog /var/log/httpd/error_log TransferLog /var/log/httpd/access_log SSLEngine on SSLCertificateFile /etc/pki/tls/certs/a.com.crt SSLCertificateKeyFile /etc/pki/tls/private/a.key /VirtualHost VirtualHost *:80 ServerAdmin x...@a.com DocumentRoot /usr/local/webapps/ ServerName www.a.com RewriteEngine on RewriteCond %{HTTPS} off RewriteRule (.*) https://%{SERVER_NAME}:443%{REQUEST_URI} /VirtualHost VirtualHost *:80 ServerName www.b.com RewriteEngine on RewriteOptions Inherit RewriteRule ^/(.*) http://www.a.com/$1 [R,L] ErrorLog logserror_log CustomLog logs/access_log common /VirtualHost i want that when i using www.b.com,then it will redirect to https://www.a.com. thanks, On Tue, Apr 24, 2012 at 7:31 PM, Tom Evans tevans...@googlemail.com wrote: On Tue, Apr 24, 2012 at 12:24 PM, TianJing jingtian.seu...@gmail.com wrote: Hi all, I have a question on apache rewrite, I have a https website: https://www.a.com I want add another url(http://www.b.com),and this url will be forward to https://www.b.com I using the rewite rules, but I seem doesn't work. any suggestions? You need to give more information. You haven't said anything useful. What did you try? Show your config What happened? In a general sense, what you are trying to do is easy. You've gone from one SSL vhost to two SSL vhosts and a non SSL vhost that redirects to one of the SSL vhosts: VirtualHost 12.34.56.78:443 ServerName a.com # a.com's SSL settings, etc /VirtualHost VirtualHost 12.34.56.79:443 ServerName b.com # b.com's SSL settings, etc /VirtualHost VirtualHost *:80 ServerName b.com Redirect / https://b.com/ /VirtualHost Cheers Tom - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org -- Tianjing
Re: [users@httpd] rewrite to https website
thanks, but it doesn't work, i got a ssl error. and it do not redirect to https://www.a.com [image: Inline image 1] On Tue, Apr 24, 2012 at 7:41 PM, Noel Butler noel.but...@ausics.net wrote: ** On Tue, 2012-04-24 at 19:24 +0800, TianJing wrote: Hi all, I have a question on apache rewrite, I have a https website: https://www.a.com I want add another url(http://www.b.com),and this url will be forward to https://www.b.com I using the rewite rules, but I seem doesn't work. any suggestions? Just use a simple redirect VirtualHost *:80 ServerName www.b.com redirect permanent / https://www.a.comhttps://mail.ausics.net/ /VirtualHost -- Tianjing image.png
Re: [users@httpd] rewrite to https website
i forget to open NameVirtualHost option so it donot work... On Tue, Apr 24, 2012 at 7:52 PM, TianJing jingtian.seu...@gmail.com wrote: thanks, but it doesn't work, i got a ssl error. and it do not redirect to https://www.a.com [image: Inline image 1] On Tue, Apr 24, 2012 at 7:41 PM, Noel Butler noel.but...@ausics.netwrote: ** On Tue, 2012-04-24 at 19:24 +0800, TianJing wrote: Hi all, I have a question on apache rewrite, I have a https website: https://www.a.com I want add another url(http://www.b.com),and this url will be forward to https://www.b.com I using the rewite rules, but I seem doesn't work. any suggestions? Just use a simple redirect VirtualHost *:80 ServerName www.b.com redirect permanent / https://www.a.comhttps://mail.ausics.net/ /VirtualHost -- Tianjing -- Tianjing image.png
Re: [users@httpd] Inheritance of variable COLUMNS in apache2
On 23.04.12 13:45, Petr Hracek wrote: I have observed some tricky problem with environtment variable COLUMNS during the starting of apache2-2.2.21 Sometimes this variable is set to more then 80 characters and higher variable causes problems with CGI scripts which check ps output Do you have any idea why this variable is set to more then 80 characters and how to unset them? I found this to be a problem in Debian 6.0 and some Ubuntu versions, which set COLUMNS and LINES in /etc/csh.cshrc environment variables. I have filled up bugreport because that pretty sucks (bash sets COLUMNS and LINES too, but as its variables, not environment). It should be fixed already, but you may comment it on your system. To fix, use ww as option for 'ps' so it does not truncats its output. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. To Boot or not to Boot, that's the question. [WD1270 Caviar] - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Apache SSL issue.
So where are your Listen statements for ports 5001/2? On Apr 24, 2012 7:56 PM, M. Lebbink mlebb...@photographity.nl wrote: Gentlepeople, Got the following situation that I can't seem to solve. Would love some suggestions or a faq/link on how to solve this: Running a Ubuntu LAMP with 2 virtual hosts, let's say site1.example.com site2.example.com. site1 is on port 80 and site 2 is on 443. Both working fine and if I switch site1 to 443 and site2 to 80, both still work fine. Now for the issue. I want, using Redirect Permanent, for site1 to run on port 5001 and site2 to run on port 5002 both using SSL. Port 443 can then be closed. But if I replace port 443 with port 5001 or 5002, it all falls apart with an Error code: ssl_error_rx_record_too_long. Seems I can't find the correct syntax for the Redirect Permanent. Somehow there should be something like: Redirect permanent / https://site1.example.com:5001, but that does not work. A redirect to https://site1.example.com works, but gives the ssl_error. Current working config (with parts left out): ports.conf NameVirtualHost *:80 IfModule mod_ssl.c Listen 443 /IfModule IfModule mod_gnutls.c Listen 443 /IfModule Host definition in sites-available for the ssl site VirtualHost *:80 ServerAdmin some...@example.com ServerName site2.example.com Redirect permanent / https://site2.example.com /VirtualHost VirtualHost *:443 ServerAdmin some...@example.com ServerName site2.example.com SSLEngine on SSLCertificateFile /etc/apache2/apache.pem /VirtualHost Changing all 443 for 5001 does not do the trick what am I missing here...? If it helps, I run my one DNS forward and reverse working fine and private proxy also working fine. Met vriendelijke groet, Kind regards, M. Lebbink PhotographITy Almere - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [users@httpd] Apache SSL issue.
You are correct that these are missing When switching to the 5001 5002 the actual ports.conf would look more like this: NameVirtualHost *:80 IfModule mod_ssl.c Listen 5001 Listen 5002 /IfModule IfModule mod_gnutls.c Listen 5001 Listen 5002 /IfModule Host definition would be like (does not work!): VirtualHost *:80 ServerAdmin some...@example.com ServerName site2.example.com Redirect permanent / https://site2.example.com /VirtualHost VirtualHost *:5001 ServerAdmin some...@example.com ServerName site2.example.com # Setup security SSLEngine on SSLCertificateFile /etc/apache2/apache.pem # Indexes + Directory Root. DirectoryIndex index.html index.htm index.php DocumentRoot /var/www/site2.example.com/htdocs/ # CGI Directory ScriptAlias /cgi-bin/ /var/www/site2.example.com/cgi-bin/ Location /cgi-bin Options +ExecCGI /Location # Logfiles ErrorLog /var/www/site2.example.com/log/error.log CustomLog /var/www/site2.example.com/log/access.log combined /VirtualHost With this setup (5001 replacing the 443), after restarting apache, I get the SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long) message and i can't figure out why... again, on 443 it works fine. Somehow I think a need to change more, but i don;t know what From: Igor Cicimov [mailto:icici...@gmail.com] Sent: dinsdag 24 april 2012 17:05 To: users@httpd.apache.org Subject: Re: [users@httpd] Apache SSL issue. So where are your Listen statements for ports 5001/2? On Apr 24, 2012 7:56 PM, M. Lebbink mlebb...@photographity.nl wrote: Gentlepeople, Got the following situation that I can't seem to solve. Would love some suggestions or a faq/link on how to solve this: Running a Ubuntu LAMP with 2 virtual hosts, let's say site1.example.com site2.example.com. site1 is on port 80 and site 2 is on 443. Both working fine and if I switch site1 to 443 and site2 to 80, both still work fine. Now for the issue. I want, using Redirect Permanent, for site1 to run on port 5001 and site2 to run on port 5002 both using SSL. Port 443 can then be closed. But if I replace port 443 with port 5001 or 5002, it all falls apart with an Error code: ssl_error_rx_record_too_long. Seems I can't find the correct syntax for the Redirect Permanent. Somehow there should be something like: Redirect permanent / https://site1.example.com:5001, but that does not work. A redirect to https://site1.example.com works, but gives the ssl_error. Current working config (with parts left out): ports.conf NameVirtualHost *:80 IfModule mod_ssl.c Listen 443 /IfModule IfModule mod_gnutls.c Listen 443 /IfModule Host definition in sites-available for the ssl site VirtualHost *:80 ServerAdmin some...@example.com ServerName site2.example.com Redirect permanent / https://site2.example.com /VirtualHost VirtualHost *:443 ServerAdmin some...@example.com ServerName site2.example.com SSLEngine on SSLCertificateFile /etc/apache2/apache.pem /VirtualHost Changing all 443 for 5001 does not do the trick what am I missing here...? If it helps, I run my one DNS forward and reverse working fine and private proxy also working fine. Met vriendelijke groet, Kind regards, M. Lebbink PhotographITy Almere - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org No virus found in this message. Checked by AVG - www.avg.com Version: 2012.0.1913 / Virus Database: 2411/4955 - Release Date: 04/23/12 - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Community best practices WRT PHP processing
I'm looking for some input on what the community best practices are with regard to specifying which files to apply PHP processing to. Historically, many distributions have used AddHandler to accomplish this, but depending on the environment where PHP is being used, this can lead to other unintended consequences, such as processing files as PHP source when they should not be (due to Apache's multiple file extension handling)[1]. PHP's solution to this seems to be to use a FilesMatch directive with SetHandler to ensure only files ending in .php are processed, and processed only as PHP files. Should this be considered the correct way to define files to process as PHP to work around this problem[2]? What are the performance implications of doing a FilesMatch for every request? Are there any other consequences of adopting this[3]? [1] A simple illustration of this is that file.php.txt or file.php.1 will be processed as PHP, not shown or offered for download. When combined with any sort of software that allows uploading to a web location (which may blacklist based on extension), if file.php.txt or file.php.pdf is uploaded, we may have an exploitable situation where arbitrary code can be executed on the server. [2] While the best solutionis probably a white list (at the server configuration level and/or at the web application level for uploads), the truth is that relying on others to do the right thing for your security is a failed model from the beginning. Additionally, this issue is clouded by the fact there may be two sets of best practices; what to do if you have full control over the web server configuration for your small set of applications it services, and what to do when running a hosting platform where what is served by Apache is constantly changing and can't be reasonably vetted by security conscious personnel. [3] One that comes to mind is how to handle the numerous locations where people have made naive backups of PHP files by adding extensions such .bak, .save, .old, etc to existing PHP files. Often these are configuration files, and exposing them to the public may constitute its own security implications. A second FilesMatch for \.php\. could be used to prevent these from display at all, possibly with a custom error message. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Problems with TLS connections
Having problems making TLS connections to an instance of apache. The server version is: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8t The ssl config includes: SSLProtocol TLSv1 SSLv3 SSLCipherSuite RC4-SHA:AES256-SHA:ALL:!ADH:!MD5:!EXP:!LOW:!NULL SSLHonorCipherOrder on # See http://journal.paul.querna.org/articles/2010/07/10/overclocking-mod_ssl/ SSLVerifyClient none #SSLInsecureRenegotiation on If I try and connect using Firefox with only TLS enabled, the connection fails (get the message 'The connection to the server was reset while the page was loading'). With SSLv3 enabled in Firefox, the connection works fine. Trying using openssl command line: openssl s_client -connect 127.0.0.1:443 -tls1 gets CONNECTED(0003) 15265:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:284: When trying with openssl s_client -connect 127.0.0.1:443 -sslv3 the connection works New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 4096 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv3 Cipher: DHE-RSA-AES256-SHA Session-ID: F86A80F46AF9AD0626B1051223C184553FC25B92AF1763E6728CAEF984C4CB58 Session-ID-ctx: Master-Key: E0BE122F6671905DB5BBC40F874157F1A4625FC32A19AE1D67EC2255DC05DC7723A69A26A942E874C8CC219A28BB4936 Key-Arg : None Start Time: 1335292940 Timeout : 7200 (sec) Any clues as to why the TLS connection is not working - is there some config value I am missing or have wrong? Thanks for any help.
Re: [users@httpd] Unable to build 2.4 because Bundled APR not found FreeBSD 9.0
Hello, Many thanks! Though it is pretty clear reading your instructions, one has to manually change the names of the extracted apr directories since the script uses apr-1 and apr-util while tar creates directories with the version number in the names. Worked like a charm. Thanks again Bernard Higonnet On 23/04/2012 17:15, Shuvalov Roman wrote: Hi, Bernard, I had similar issue, though I tried to compile Apache 2.4.2 under CentOS 6.2 - see of these tips will be usefull to you: 1. For Apache 2.4.x - you need apr and apr-util 1.4.x or later (means most probably you do not have them yet in you OS repos and need manually download them form http://apr.apache.org/download.cgi 2. Extract them to ./srclib/apr and ./srclib/apr-util directory respectively. 3. Download -deps files for your Apache build from http://httpd.apache.org/download.cgi#apache24 (I used this one - http://www.sai.msu.su/apache//httpd/httpd-2.4.2-deps.tar.gz ) 4. Extract -deps files to your ./srclib/apr directory 5. Use --with-included-apr switch with ./configure script Also, I have error messages issued by ./configure script on APR stuff just because I did not have gcc compiler installed on my machine. Well, whatever - I installed gcc package and ./configure run smoothly. Also, in my case I needed to install pcre-devel package - see if you need it too. After all these steps I was able to ./configure the sources, make and make install them without problems. One more tip: I do not know how to remove it if you do not like it, make uninstall will not work :) . So, to install the Apache, I used ./configure with no --prefix switch (and any other directory fine-tuning switches) which, I believe, put the all the files into /usr/local/apache2 directory, so removal should be simply removing this directory, but again I am not sure, I just avoided to abuse all those directory fine tuning switched to prevent the product be all over the place. I wonder if any of those tips helped you, Good luck, Roman. -Original Message- From: Bernard T. Higonnet [mailto:bth...@higonnet.net] Sent: Monday, April 23, 2012 12:15 PM To: users@httpd.apache.org Subject: [users@httpd] Unable to build 2.4 because Bundled APR not found FreeBSD 9.0 The exact error message during ./config_nice (of a working 2.2 installation on another machine) is Bundled APR requested but not found at ./srclib/. Download and unpack the corresponding apr and apr-util packages to ./srclib/. I went to http://apr.apache.org/download.cgi and downloaded apr-1 and apr-util. As for apr-1, I found a a setup for building (configure, make etc.) which appeared to be successful. Nowhere did I see anything to unpack to srclib As for apr-util, I can't build because configure: error: APR could not be located. Please use the --with-apr option. This option requires a path to installed APR or the full path to apr-config So I seem to be going around in circles and any help would of course be appreciated. Bernard Higonnet - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Problems with TLS connections
On Tue, 24 Apr 2012 19:46:40 +0100 plot.lost articulated: Having problems making TLS connections to an instance of apache. The server version is: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8t The ssl config includes: SSLProtocol TLSv1 SSLv3 SSLCipherSuite RC4-SHA:AES256-SHA:ALL:!ADH:!MD5:!EXP:!LOW:!NULL SSLHonorCipherOrder on # See http://journal.paul.querna.org/articles/2010/07/10/overclocking-mod_ssl/ SSLVerifyClient none #SSLInsecureRenegotiation on If I try and connect using Firefox with only TLS enabled, the connection fails (get the message 'The connection to the server was reset while the page was loading'). With SSLv3 enabled in Firefox, the connection works fine. Trying using openssl command line: openssl s_client -connect 127.0.0.1:443 -tls1 gets CONNECTED(0003) 15265:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:284: When trying with openssl s_client -connect 127.0.0.1:443 -sslv3 the connection works New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 4096 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv3 Cipher: DHE-RSA-AES256-SHA Session-ID: F86A80F46AF9AD0626B1051223C184553FC25B92AF1763E6728CAEF984C4CB58 Session-ID-ctx: Master-Key: E0BE122F6671905DB5BBC40F874157F1A4625FC32A19AE1D67EC2255DC05DC7723A69A26A942E874C8CC219A28BB4936 Key-Arg : None Start Time: 1335292940 Timeout : 7200 (sec) Any clues as to why the TLS connection is not working - is there some config value I am missing or have wrong? What version of SSL are you using? There was a problem with the update of openssl-1.0.1a that caused problems with Postfix with certain domains. Try this for starters: openssl s_client -connect 127.0.0.1:443 -tls1_2 openssl s_client -connect 127.0.0.1:443 -tls1_1 openssl s_client -connect 127.0.0.1:443 -tls1 openssl s_client -connect 127.0.0.1:443 -ssl3 Post the connect or fail results back here. -- Carmel ✌ carmel...@hotmail.com Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Problems with TLS connections
On 24/04/2012 20:19, Carmel wrote: On Tue, 24 Apr 2012 19:46:40 +0100 plot.lost articulated: Having problems making TLS connections to an instance of apache. The server version is: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8t The ssl config includes: SSLProtocol TLSv1 SSLv3 SSLCipherSuite RC4-SHA:AES256-SHA:ALL:!ADH:!MD5:!EXP:!LOW:!NULL SSLHonorCipherOrder on # See http://journal.paul.querna.org/articles/2010/07/10/overclocking-mod_ssl/ SSLVerifyClient none #SSLInsecureRenegotiation on If I try and connect using Firefox with only TLS enabled, the connection fails (get the message 'The connection to the server was reset while the page was loading'). With SSLv3 enabled in Firefox, the connection works fine. Trying using openssl command line: openssl s_client -connect 127.0.0.1:443 -tls1 gets CONNECTED(0003) 15265:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:284: When trying with openssl s_client -connect 127.0.0.1:443 -sslv3 the connection works New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 4096 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv3 Cipher: DHE-RSA-AES256-SHA Session-ID: F86A80F46AF9AD0626B1051223C184553FC25B92AF1763E6728CAEF984C4CB58 Session-ID-ctx: Master-Key: E0BE122F6671905DB5BBC40F874157F1A4625FC32A19AE1D67EC2255DC05DC7723A69A26A942E874C8CC219A28BB4936 Key-Arg : None Start Time: 1335292940 Timeout : 7200 (sec) Any clues as to why the TLS connection is not working - is there some config value I am missing or have wrong? What version of SSL are you using? There was a problem with the update of openssl-1.0.1a that caused problems with Postfix with certain domains. Try this for starters: openssl s_client -connect 127.0.0.1:443 -tls1_2 openssl s_client -connect 127.0.0.1:443 -tls1_1 openssl s_client -connect 127.0.0.1:443 -tls1 openssl s_client -connect 127.0.0.1:443 -ssl3 Post the connect or fail results back here. Command line openssl version is: OpenSSL 0.9.8t 18 Jan 2012 (Library: OpenSSL 0.9.8k 25 Mar 2009) -tls1_1 and -tls1_2 are not recognised options -tls1 fails -ssl3 connects fine. The apache httpd has been compiled against the same openssl (and is running on the same box, ubuntu 10.04 LTS) Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8t - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Upgrading OpenSSL without upgrading Apache. Can it be done???
I have installed Apache HTTP Server with OpenSSL 0.9.8t (MSI Installer) From the Apache.org Site. Here is the file I downloaded and installed: httpd-2.2.22-win32-x86-openssl-0.9.8t.msi I want to upgrade OpenSSL on that machine without having to upgrade Apache too. How do I do that? step by step? Do i just need to get the binaries and install them over the old files? If so what files and locations, etc.. Never done it before and not sure what to do. Thanks, Brad Finkeldei
Re: [users@httpd] Upgrading OpenSSL without upgrading Apache. Can it be done???
I'm assuming you're using some sort of Windows operating system. I haven't done one in a few years, but I would assume the 1.0 version from http://slproweb.com/products/Win32OpenSSL.html should work like installing any other Windows Installer. If someone else can't answer this, I'd suggest setting up a virtual environment and giving it a try before doing it on a production system. On Apr 24, 2012, at 4:02 PM, bfinkel...@aaamissouri.com wrote: I have installed Apache HTTP Server with OpenSSL 0.9.8t (MSI Installer) From the Apache.org Site. Here is the file I downloaded and installed: httpd-2.2.22-win32-x86-openssl-0.9.8t.msi I want to upgrade OpenSSL on that machine without having to upgrade Apache too. How do I do that? step by step? Do i just need to get the binaries and install them over the old files? If so what files and locations, etc.. Never done it before and not sure what to do. Thanks, Brad Finkeldei
Re: [users@httpd] Upgrading OpenSSL without upgrading Apache. Can it be done???
TFML, Thanks for the info. Yes I am on windows server 2003 that looks like a great way to start if you already have things seperated bu this is a combined version of Apache and OpenSSL So, I am not sure.. I want to see if anyone else knows? TFML mailingl...@theflux.net 04/24/2012 03:09 PM Please respond to users@httpd.apache.org To users@httpd.apache.org cc Subject Re: [users@httpd] Upgrading OpenSSL without upgrading Apache. Can it be done??? I'm assuming you're using some sort of Windows operating system. I haven't done one in a few years, but I would assume the 1.0 version from http://slproweb.com/products/Win32OpenSSL.html should work like installing any other Windows Installer. If someone else can't answer this, I'd suggest setting up a virtual environment and giving it a try before doing it on a production system. On Apr 24, 2012, at 4:02 PM, bfinkel...@aaamissouri.com wrote: I have installed Apache HTTP Server with OpenSSL 0.9.8t (MSI Installer) From the Apache.org Site. Here is the file I downloaded and installed: httpd-2.2.22-win32-x86-openssl-0.9.8t.msi I want to upgrade OpenSSL on that machine without having to upgrade Apache too. How do I do that? step by step? Do i just need to get the binaries and install them over the old files? If so what files and locations, etc.. Never done it before and not sure what to do. Thanks, Brad Finkeldei
Re: [users@httpd] Problems with TLS connections
On 24/04/2012 20:40, plot.lost wrote: On 24/04/2012 20:19, Carmel wrote: On Tue, 24 Apr 2012 19:46:40 +0100 plot.lost articulated: Having problems making TLS connections to an instance of apache. The server version is: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8t The ssl config includes: SSLProtocol TLSv1 SSLv3 SSLCipherSuite RC4-SHA:AES256-SHA:ALL:!ADH:!MD5:!EXP:!LOW:!NULL SSLHonorCipherOrder on # See http://journal.paul.querna.org/articles/2010/07/10/overclocking-mod_ssl/ SSLVerifyClient none #SSLInsecureRenegotiation on If I try and connect using Firefox with only TLS enabled, the connection fails (get the message 'The connection to the server was reset while the page was loading'). With SSLv3 enabled in Firefox, the connection works fine. Trying using openssl command line: openssl s_client -connect 127.0.0.1:443 -tls1 gets CONNECTED(0003) 15265:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:284: When trying with openssl s_client -connect 127.0.0.1:443 -sslv3 the connection works New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 4096 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv3 Cipher: DHE-RSA-AES256-SHA Session-ID: F86A80F46AF9AD0626B1051223C184553FC25B92AF1763E6728CAEF984C4CB58 Session-ID-ctx: Master-Key: E0BE122F6671905DB5BBC40F874157F1A4625FC32A19AE1D67EC2255DC05DC7723A69A26A942E874C8CC219A28BB4936 Key-Arg : None Start Time: 1335292940 Timeout : 7200 (sec) Any clues as to why the TLS connection is not working - is there some config value I am missing or have wrong? What version of SSL are you using? There was a problem with the update of openssl-1.0.1a that caused problems with Postfix with certain domains. Try this for starters: openssl s_client -connect 127.0.0.1:443 -tls1_2 openssl s_client -connect 127.0.0.1:443 -tls1_1 openssl s_client -connect 127.0.0.1:443 -tls1 openssl s_client -connect 127.0.0.1:443 -ssl3 Post the connect or fail results back here. Command line openssl version is: OpenSSL 0.9.8t 18 Jan 2012 (Library: OpenSSL 0.9.8k 25 Mar 2009) -tls1_1 and -tls1_2 are not recognised options -tls1 fails -ssl3 connects fine. The apache httpd has been compiled against the same openssl (and is running on the same box, ubuntu 10.04 LTS) Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8t I've tried re-compiling Apache with OpenSSL 1.0.1a and now get the following results when using the command line to check (with -tls1 as the option) /usr/local/ssl/bin/openssl s_client -connect 127.0.0.1:443 -tls1 -state -msg CONNECTED(0003) SSL_connect:before/connect initialization TLS 1.0 Handshake [length 00de], ClientHello 01 00 00 da 03 01 4f 97 0e bf c2 4c 7f d4 63 4f ae fd 04 d0 36 74 2b 65 93 e3 f9 8d 1e c4 11 0b 59 b1 00 7b f7 96 00 00 68 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88 00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09 c0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44 c0 0e c0 04 00 2f 00 96 00 41 00 07 c0 11 c0 07 c0 0c c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04 03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19 00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08 00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00 00 0f 00 01 01 SSL_connect:SSLv3 write client hello A SSL 3.0 Alert [length 0002], fatal handshake_failure 02 28 SSL3 alert write:fatal:handshake failure SSL_connect:error in SSLv3 read server hello A 3077580424:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:340: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 5 bytes and written 7 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher: Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1335299775 Timeout : 7200 (sec) Verify return code: 0 (ok) --- When trying with tls1_1 for example, the connection works as follows: CONNECTED(0003) SSL_connect:before/connect initialization TLS 1.1 [length 00de] 01 00 00 da 03 02 4f 97 0f d4 6a 42 30 b2 b7 43 46 9b 70 e6 5f 61 db 09 1d bb 8c 24 78 6a 4c 8c 8d d3 91 66 5f 06 00 00 68 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88 00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09 c0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44 c0 0e c0 04 00 2f 00 96 00 41 00 07 c0 11 c0 07 c0 0c c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04 03
Re: [users@httpd] Upgrading OpenSSL without upgrading Apache. Can it be done???
On 4/24/2012 3:09 PM, TFML wrote: I'm assuming you're using some sort of Windows operating system. I haven't done one in a few years, but I would assume the 1.0 version from http://slproweb.com/products/Win32OpenSSL.html should work like installing any other Windows Installer. If someone else can't answer this, I'd suggest setting up a virtual environment and giving it a try before doing it on a production system. Just as on unix, you can never drop in a x.y.n change with a new x value. That's called a major bump and usually does not work. OP could obtain a 0.9.8X flavor later than 0.9.8t and aught to be fine so long as no special build options were changed, and it was built to run against msvcrt.dll (the *system* c library). It's the same quandry as on Ubuntu with glibc vs eglibc packages. If OP reviewed the patch release notes, they would be aware that an upgrade is unnecessary between 0.9.8t and 0.9.8w for anyone running httpd 2.2. The new features in httpd 2.4 were vulnerable to issues there, however. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Problems with TLS connections
On Tue, 24 Apr 2012 20:40:30 +0100 plot.lost articulated: On 24/04/2012 20:19, Carmel wrote: On Tue, 24 Apr 2012 19:46:40 +0100 plot.lost articulated: Having problems making TLS connections to an instance of apache. The server version is: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8t The ssl config includes: SSLProtocol TLSv1 SSLv3 SSLCipherSuite RC4-SHA:AES256-SHA:ALL:!ADH:!MD5:!EXP:!LOW:!NULL SSLHonorCipherOrder on # See http://journal.paul.querna.org/articles/2010/07/10/overclocking-mod_ssl/ SSLVerifyClient none #SSLInsecureRenegotiation on If I try and connect using Firefox with only TLS enabled, the connection fails (get the message 'The connection to the server was reset while the page was loading'). With SSLv3 enabled in Firefox, the connection works fine. Trying using openssl command line: openssl s_client -connect 127.0.0.1:443 -tls1 gets CONNECTED(0003) 15265:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:284: When trying with openssl s_client -connect 127.0.0.1:443 -sslv3 the connection works New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 4096 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv3 Cipher: DHE-RSA-AES256-SHA Session-ID: F86A80F46AF9AD0626B1051223C184553FC25B92AF1763E6728CAEF984C4CB58 Session-ID-ctx: Master-Key: E0BE122F6671905DB5BBC40F874157F1A4625FC32A19AE1D67EC2255DC05DC7723A69A26A942E874C8CC219A28BB4936 Key-Arg : None Start Time: 1335292940 Timeout : 7200 (sec) Any clues as to why the TLS connection is not working - is there some config value I am missing or have wrong? What version of SSL are you using? There was a problem with the update of openssl-1.0.1a that caused problems with Postfix with certain domains. Try this for starters: openssl s_client -connect 127.0.0.1:443 -tls1_2 openssl s_client -connect 127.0.0.1:443 -tls1_1 openssl s_client -connect 127.0.0.1:443 -tls1 openssl s_client -connect 127.0.0.1:443 -ssl3 Post the connect or fail results back here. Command line openssl version is: OpenSSL 0.9.8t 18 Jan 2012 (Library: OpenSSL 0.9.8k 25 Mar 2009) -tls1_1 and -tls1_2 are not recognised options -tls1 fails -ssl3 connects fine. The apache httpd has been compiled against the same openssl (and is running on the same box, ubuntu 10.04 LTS) Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8t I have Firefox 11.0 and Apache-2.2.22 and OpenSSL 1.0.1a installed so all of those protocols work correctly. You might want to consider updating your openssl to the latest version. Unfortunately, you will have to recompile everything linked against it. That can be trivial or major depending on your system. -- Carmel ✌ carmel...@hotmail.com Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ Love is staying up all night with a sick child, or a healthy adult. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Upgrading OpenSSL without upgrading Apache. Can it be done???
Great thanks for the info! Where can I find out when apache.org will be bundling the latest version of OpenSSL with apache? PCI compliance calls for using level u as of today. Brad Finkeldei William A. Rowe Jr. wr...@rowe-clan.net 04/24/2012 03:49 PM Please respond to users@httpd.apache.org To users@httpd.apache.org cc Subject Re: [users@httpd] Upgrading OpenSSL without upgrading Apache. Can it be done??? On 4/24/2012 3:09 PM, TFML wrote: I'm assuming you're using some sort of Windows operating system. I haven't done one in a few years, but I would assume the 1.0 version from http://slproweb.com/products/Win32OpenSSL.html should work like installing any other Windows Installer. If someone else can't answer this, I'd suggest setting up a virtual environment and giving it a try before doing it on a production system. Just as on unix, you can never drop in a x.y.n change with a new x value. That's called a major bump and usually does not work. OP could obtain a 0.9.8X flavor later than 0.9.8t and aught to be fine so long as no special build options were changed, and it was built to run against msvcrt.dll (the *system* c library). It's the same quandry as on Ubuntu with glibc vs eglibc packages. If OP reviewed the patch release notes, they would be aware that an upgrade is unnecessary between 0.9.8t and 0.9.8w for anyone running httpd 2.2. The new features in httpd 2.4 were vulnerable to issues there, however. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Problems with TLS connections
On 24/04/2012 21:56, Carmel wrote: On Tue, 24 Apr 2012 20:40:30 +0100 plot.lost articulated: On 24/04/2012 20:19, Carmel wrote: On Tue, 24 Apr 2012 19:46:40 +0100 plot.lost articulated: Having problems making TLS connections to an instance of apache. [snipped] Any clues as to why the TLS connection is not working - is there some config value I am missing or have wrong? What version of SSL are you using? There was a problem with the update of openssl-1.0.1a that caused problems with Postfix with certain domains. Try this for starters: openssl s_client -connect 127.0.0.1:443 -tls1_2 openssl s_client -connect 127.0.0.1:443 -tls1_1 openssl s_client -connect 127.0.0.1:443 -tls1 openssl s_client -connect 127.0.0.1:443 -ssl3 Post the connect or fail results back here. Command line openssl version is: OpenSSL 0.9.8t 18 Jan 2012 (Library: OpenSSL 0.9.8k 25 Mar 2009) -tls1_1 and -tls1_2 are not recognised options -tls1 fails -ssl3 connects fine. The apache httpd has been compiled against the same openssl (and is running on the same box, ubuntu 10.04 LTS) Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8t I have Firefox 11.0 and Apache-2.2.22 and OpenSSL 1.0.1a installed so all of those protocols work correctly. You might want to consider updating your openssl to the latest version. Unfortunately, you will have to recompile everything linked against it. That can be trivial or major depending on your system. I've found the problem, a simple configuration error... I had SSLProtocol TLSv1 SSLv3 as my config, ssl3 worked fine by tls1 failed. Changing this to SSLProtocol SSLv3 TLSv1 caused tls1 to work, but now ssl3 failed. Problem was not using '+' infront of the protocols when trying to add one in, so it resulted in only the last protocol listed actually working. Changed the config to SSLProtocol TLSv1 +SSLv3 and now both work fine Thanks for the help - and sorry for wasting time on what turned out to be a simple config error! - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Upgrading OpenSSL without upgrading Apache. Can it be done???
On 4/24/2012 4:05 PM, bfinkel...@aaamissouri.com wrote: Great thanks for the info! Where can I find out when apache.org will be bundling the latest version of OpenSSL with apache? PCI compliance calls for using level u as of today. If you had read the notices from the OpenSSL project you would be aware that the particular flaws in openssl 0.9.8 .u, .v and .w do not pertain to the operation or deployment of httpd 2.2.x. They do apply to the operation of httpd 2.4, and adminstrators of 2.4 should upgrade ASAP. (And if you were running 2.3-beta, upgrading httpd to 2.4 would be a very wise move as well for httpd security flaws). AFAIK only the windows binary 'bundles' openssl. As that binary is not affected it will not be updated, certainly not unless an httpd 2.2.23 is released. The ASF provides binaries only as a convenience and at our leisure; if you are professionally responsible for an installation of httpd, openssl and so forth which you refuse to compile yourself, you would probably benefit from contracting for the services you are demanding. The ASF is here to collaboratively produce source code. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Redirect http to https problem
Hello, Java: 1.6 Tomcat: 6 Httpd: 2.2 I have developed a java/flex application hosted on tomcat/httpd. I want to prevent users from accessing this site via http, but I can't get my rediect working. This page: http://httpd.apache.org/docs/2.2/rewrite/avoid.html suggests that I should user a rediect so I have configure this as follows: VirtualHost *:80 Redirect / https://sean.home:443 /VirtualHost VirtualHost _default_:443 # General setup for the virtual host DocumentRoot C:/Program Files/Apache Software Foundation/Apache2.2/htdocs ServerName sean.home:443 ... /VirtualHost This hasn't had the desired affect, and so I have a few questions. Starting with the obvious, have I done this correctly? Also, I have added some extra configuration so that my flex app loads and works correctly and I'm wondering if this has affected my redirect. The additional configuration includes: VirtualHost _default_:443 configuration contains these lines: ProxyPass /buildnet/ http://localhost:8080/buildnet/ ProxyPassReverse /buildnet/ http://localhost:8080/buildnet/ httpd-jk.conf file which includes: JkWorkersFile conf/workers.properties JkMountFile conf/uriworkermap.properties JkLogLevel debug Any help at all appreciated. Regards, Sean And
[users@httpd] Need help for setup rewrite rule
Hello, I need some help in setting up a Rewrite condition Rule in .htaccess My goal: I want all requests which contain @ to be forwarded to another path. Clear example: Let's say I own domain.com I would like all requests like domain.com/s...@sada.ss or www.domain.com/s...@sada.ss to be forwarded (or 301 permanently moved I don't know how it is best for performance) to the following path: domain.com/uploads/list.php?email=s...@sada.ss (or whatever the string after domain.com/ is) so: http://domain.com/$1 to http://domain.com/uploads/list.php?email=$1 Thanks in advance for your help! s7r - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org