Re: [users@httpd] Apache 2.2 authentication against a Mysql Database
Hello, I am still trying to get my apache to authenticate against a mysql database. I've looked at my available options and it looked like mod_auth_mysql was discontinued so that was a non-starter. My other option was mod_dbd with the apr-util-mysql driver, well that one also didn't work, I kept getting password mismatch errors. My last option is looking like mod_dbd using the ODBC driver so in httpd.conf I set the driver to odbc and specified user and password but I am stuck. According to the mod_dbd docs odbc needs a data source I am not sure how to provide this. Do I need myodbc installed at all? If it helps my database server is on localhost. Thanks. Dave. On 11/18/12, David Mehler wrote: > Hello, > > Do you have this working? If so can I get a look at your config? > > Thanks. > Dave. > > > On 11/18/12, Igor Galić wrote: >> >> >> - Original Message - >>> Hello, >>> >>> I'm wanting to set up Apache 2.2 to authenticate using either basic >>> or >>> digest authentication whichever I decide to do, against a Mysql >>> Database. I am running Apache 2.2 and mysql 5.52. >>> >>> Ive set up authentication using textfiles in the past now I am >>> wanting >>> to utilize a database. I've been googling and not finding anything >>> clear specifically for Mysql on this process. If anyone has any >>> pointers please let me know, the docs kind of get me pointed right, >>> i.e. I think I have the right modules loaded, but getting the table >>> and provider right that's not happening. >>> >>> If anyone has this working i'd appreciate it. >> >> http://httpd.apache.org/docs/current/mod/mod_authn_dbd.html >> authenticates users against a SQL database such as MySQL or PostgreSQL >> (or whatever your APR supports, see mod_dbd's docs for more info: >> http://httpd.apache.org/docs/2.2/mod/mod_dbd.html ) >> >>> Thanks. >>> Dave. >>> >> >> i >> >> -- >> Igor Galić >> >> Tel: +43 (0) 664 886 22 883 >> Mail: i.ga...@brainsware.org >> URL: http://brainsware.org/ >> GPG: 6880 4155 74BD FD7C B515 2EA5 4B1D 9E08 A097 C9AE >> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> >> > - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Exploit?
not sure what it thinks its matching but both of those urls will return 200 with the homepage on a static site... Sent from my mobile. Please excuse any typos, spelling or other weirdness. Sent with AquaMail for Android http://www.aqua-mail.com On November 19, 2012 4:39:58 AM Knute Johnson wrote: A total of 2 possible successful probes were detected (the following URLs contain strings that match one or more of a listing of strings that indicate a possible exploit): /?mod=../../../../../../../../proc/self/environ%00 HTTP Response 200 /?page=../../../../../../../../proc/self/environ%00 HTTP Response 200 Above showed up in my log this morning. Anybody know what the exploit could be and how one can prevent this? Thanks, knute... - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] How to prevent mod_proxy from rewriting redirects into absolute URLs?
On Mon, Nov 19, 2012 at 12:56 PM, Yang Zhang wrote: > (The app server is this: > http://gitit.net/README#proxying-to-httpmysite.comwiki) > > On Sun, Nov 18, 2012 at 5:55 PM, Yang Zhang > wrote: > > This is not an option because the point of my using the proxy in this > > case is that I need to rewrite the URLs and content (with > > mod_proxy_html). The app server hosts at / and I need to translate it > > to a subdirectory /sub. > > > > On Sun, Nov 18, 2012 at 5:53 PM, Igor Cicimov > wrote: > >> > >> > >> > >> On Mon, Nov 19, 2012 at 12:38 PM, Yang Zhang > wrote: > >>> > >>> On Sun, Nov 18, 2012 at 3:21 PM, Igor Cicimov > wrote: > >>> > > >>> > On Mon, Nov 19, 2012 at 9:48 AM, Yang Zhang > >>> > wrote: > >>> >> > >>> >> I have: nginx (port 80) reverse-proxying to apache2 (port 88) > >>> >> reverse-proxying to a web app (port 5001). > >>> >> > >>> >> However, when the web app responds with a redirect like `Location: > >>> >> /foo`, apache2 rewrites this into `Location: > >>> >> http://host.com:88/sub/foo`, > >>> > > >>> > > >>> > Yes that's what reverse proxy is all about, it rewrites the Location > >>> > header > >>> > using ProxyPassReverseso it doesn't get bypassed in case of backend > >>> > server > >>> > redirection. > >>> > >>> nginx doesn't do the same rewrite from host.com:88 to host.com - I'd > >>> also be fine with a solution where nginx does this rewrite as well. > >>> > >>> > > >>> >> even though port 88 is publicly > >>> >> inaccessible. I'd like it to just redirect to the relative URL > >>> >> `Location: /sub/foo`. > >>> > > >>> > > >>> > So use a redirect then. Looks like reverse proxy is not applicable > for > >>> > your > >>> > user case. > >>> > >>> What specifically do you mean when you suggest to "use a redirect"? > >>> Are you suggesting redirecting host.com:88 to host.com? That's not > >>> possible because port 88 is not (and should not be) publicly > >>> reachable. > >> > >> > >> I meant redirecting /notes/ to the backend using [P] flag if you like > >> instead of proxying it. > >> > >>> > >>> > > >>> >> > >>> >> > >>> >> Any ideas? > >>> >> > >>> >> My apache config (using mod_proxy_http, mod_proxy_html, > >>> >> mod_substitute): > >>> >> > >>> >> > >>> >> Allow from all > >>> >> ProxyPass http://127.0.0.1:5001/ > >>> >> SetOutputFilter proxy-html > >>> >> ProxyPassReverse / > >>> >> ProxyHTMLURLMap / /notes/ > >>> >> RequestHeader unset Accept-Encoding > >>> >> AddOutputFilterByType SUBSTITUTE application/atom+xml > >>> >> Substitute "s|127.0.0.1:5001|host.com/notes|" > >>> >> > >>> >> > >>> >> Thanks. > >>> >> > >>> >> > - > >>> >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > >>> >> For additional commands, e-mail: users-h...@httpd.apache.org > >>> >> > >>> > > >>> > >>> > >>> > >>> -- > >>> Yang Zhang > >>> http://yz.mit.edu/ > >>> > >>> - > >>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > >>> For additional commands, e-mail: users-h...@httpd.apache.org > >>> > >> > > > > > > > > -- > > Yang Zhang > > http://yz.mit.edu/ > > > > -- > Yang Zhang > http://yz.mit.edu/ > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > Can't you solve this in nginx? Rewrite the Location header set by apache using proxy_redirect?
[users@httpd] Exploit?
A total of 2 possible successful probes were detected (the following URLs contain strings that match one or more of a listing of strings that indicate a possible exploit): /?mod=../../../../../../../../proc/self/environ%00 HTTP Response 200 /?page=../../../../../../../../proc/self/environ%00 HTTP Response 200 Above showed up in my log this morning. Anybody know what the exploit could be and how one can prevent this? Thanks, knute... - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] How to prevent mod_proxy from rewriting redirects into absolute URLs?
(The app server is this: http://gitit.net/README#proxying-to-httpmysite.comwiki) On Sun, Nov 18, 2012 at 5:55 PM, Yang Zhang wrote: > This is not an option because the point of my using the proxy in this > case is that I need to rewrite the URLs and content (with > mod_proxy_html). The app server hosts at / and I need to translate it > to a subdirectory /sub. > > On Sun, Nov 18, 2012 at 5:53 PM, Igor Cicimov wrote: >> >> >> >> On Mon, Nov 19, 2012 at 12:38 PM, Yang Zhang wrote: >>> >>> On Sun, Nov 18, 2012 at 3:21 PM, Igor Cicimov wrote: >>> > >>> > On Mon, Nov 19, 2012 at 9:48 AM, Yang Zhang >>> > wrote: >>> >> >>> >> I have: nginx (port 80) reverse-proxying to apache2 (port 88) >>> >> reverse-proxying to a web app (port 5001). >>> >> >>> >> However, when the web app responds with a redirect like `Location: >>> >> /foo`, apache2 rewrites this into `Location: >>> >> http://host.com:88/sub/foo`, >>> > >>> > >>> > Yes that's what reverse proxy is all about, it rewrites the Location >>> > header >>> > using ProxyPassReverseso it doesn't get bypassed in case of backend >>> > server >>> > redirection. >>> >>> nginx doesn't do the same rewrite from host.com:88 to host.com - I'd >>> also be fine with a solution where nginx does this rewrite as well. >>> >>> > >>> >> even though port 88 is publicly >>> >> inaccessible. I'd like it to just redirect to the relative URL >>> >> `Location: /sub/foo`. >>> > >>> > >>> > So use a redirect then. Looks like reverse proxy is not applicable for >>> > your >>> > user case. >>> >>> What specifically do you mean when you suggest to "use a redirect"? >>> Are you suggesting redirecting host.com:88 to host.com? That's not >>> possible because port 88 is not (and should not be) publicly >>> reachable. >> >> >> I meant redirecting /notes/ to the backend using [P] flag if you like >> instead of proxying it. >> >>> >>> > >>> >> >>> >> >>> >> Any ideas? >>> >> >>> >> My apache config (using mod_proxy_http, mod_proxy_html, >>> >> mod_substitute): >>> >> >>> >> >>> >> Allow from all >>> >> ProxyPass http://127.0.0.1:5001/ >>> >> SetOutputFilter proxy-html >>> >> ProxyPassReverse / >>> >> ProxyHTMLURLMap / /notes/ >>> >> RequestHeader unset Accept-Encoding >>> >> AddOutputFilterByType SUBSTITUTE application/atom+xml >>> >> Substitute "s|127.0.0.1:5001|host.com/notes|" >>> >> >>> >> >>> >> Thanks. >>> >> >>> >> - >>> >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >>> >> For additional commands, e-mail: users-h...@httpd.apache.org >>> >> >>> > >>> >>> >>> >>> -- >>> Yang Zhang >>> http://yz.mit.edu/ >>> >>> - >>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >>> For additional commands, e-mail: users-h...@httpd.apache.org >>> >> > > > > -- > Yang Zhang > http://yz.mit.edu/ -- Yang Zhang http://yz.mit.edu/ - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] How to prevent mod_proxy from rewriting redirects into absolute URLs?
This is not an option because the point of my using the proxy in this case is that I need to rewrite the URLs and content (with mod_proxy_html). The app server hosts at / and I need to translate it to a subdirectory /sub. On Sun, Nov 18, 2012 at 5:53 PM, Igor Cicimov wrote: > > > > On Mon, Nov 19, 2012 at 12:38 PM, Yang Zhang wrote: >> >> On Sun, Nov 18, 2012 at 3:21 PM, Igor Cicimov wrote: >> > >> > On Mon, Nov 19, 2012 at 9:48 AM, Yang Zhang >> > wrote: >> >> >> >> I have: nginx (port 80) reverse-proxying to apache2 (port 88) >> >> reverse-proxying to a web app (port 5001). >> >> >> >> However, when the web app responds with a redirect like `Location: >> >> /foo`, apache2 rewrites this into `Location: >> >> http://host.com:88/sub/foo`, >> > >> > >> > Yes that's what reverse proxy is all about, it rewrites the Location >> > header >> > using ProxyPassReverseso it doesn't get bypassed in case of backend >> > server >> > redirection. >> >> nginx doesn't do the same rewrite from host.com:88 to host.com - I'd >> also be fine with a solution where nginx does this rewrite as well. >> >> > >> >> even though port 88 is publicly >> >> inaccessible. I'd like it to just redirect to the relative URL >> >> `Location: /sub/foo`. >> > >> > >> > So use a redirect then. Looks like reverse proxy is not applicable for >> > your >> > user case. >> >> What specifically do you mean when you suggest to "use a redirect"? >> Are you suggesting redirecting host.com:88 to host.com? That's not >> possible because port 88 is not (and should not be) publicly >> reachable. > > > I meant redirecting /notes/ to the backend using [P] flag if you like > instead of proxying it. > >> >> > >> >> >> >> >> >> Any ideas? >> >> >> >> My apache config (using mod_proxy_http, mod_proxy_html, >> >> mod_substitute): >> >> >> >> >> >> Allow from all >> >> ProxyPass http://127.0.0.1:5001/ >> >> SetOutputFilter proxy-html >> >> ProxyPassReverse / >> >> ProxyHTMLURLMap / /notes/ >> >> RequestHeader unset Accept-Encoding >> >> AddOutputFilterByType SUBSTITUTE application/atom+xml >> >> Substitute "s|127.0.0.1:5001|host.com/notes|" >> >> >> >> >> >> Thanks. >> >> >> >> - >> >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> >> For additional commands, e-mail: users-h...@httpd.apache.org >> >> >> > >> >> >> >> -- >> Yang Zhang >> http://yz.mit.edu/ >> >> - >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> > -- Yang Zhang http://yz.mit.edu/ - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] How to prevent mod_proxy from rewriting redirects into absolute URLs?
On Mon, Nov 19, 2012 at 12:38 PM, Yang Zhang wrote: > On Sun, Nov 18, 2012 at 3:21 PM, Igor Cicimov wrote: > > > > On Mon, Nov 19, 2012 at 9:48 AM, Yang Zhang > wrote: > >> > >> I have: nginx (port 80) reverse-proxying to apache2 (port 88) > >> reverse-proxying to a web app (port 5001). > >> > >> However, when the web app responds with a redirect like `Location: > >> /foo`, apache2 rewrites this into `Location: > >> http://host.com:88/sub/foo`, > > > > > > Yes that's what reverse proxy is all about, it rewrites the Location > header > > using ProxyPassReverseso it doesn't get bypassed in case of backend > server > > redirection. > > nginx doesn't do the same rewrite from host.com:88 to host.com - I'd > also be fine with a solution where nginx does this rewrite as well. > > > > >> even though port 88 is publicly > >> inaccessible. I'd like it to just redirect to the relative URL > >> `Location: /sub/foo`. > > > > > > So use a redirect then. Looks like reverse proxy is not applicable for > your > > user case. > > What specifically do you mean when you suggest to "use a redirect"? > Are you suggesting redirecting host.com:88 to host.com? That's not > possible because port 88 is not (and should not be) publicly > reachable. > I meant redirecting /notes/ to the backend using [P] flag if you like instead of proxying it. > > > >> > >> > >> Any ideas? > >> > >> My apache config (using mod_proxy_http, mod_proxy_html, mod_substitute): > >> > >> > >> Allow from all > >> ProxyPass http://127.0.0.1:5001/ > >> SetOutputFilter proxy-html > >> ProxyPassReverse / > >> ProxyHTMLURLMap / /notes/ > >> RequestHeader unset Accept-Encoding > >> AddOutputFilterByType SUBSTITUTE application/atom+xml > >> Substitute "s|127.0.0.1:5001|host.com/notes|" > >> > >> > >> Thanks. > >> > >> - > >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > >> For additional commands, e-mail: users-h...@httpd.apache.org > >> > > > > > > -- > Yang Zhang > http://yz.mit.edu/ > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
Re: [users@httpd] How to prevent mod_proxy from rewriting redirects into absolute URLs?
`fgrep -ir usecanonicalname /etc/apache2/` turns up nothing. (FWIW I'm using the apache2 from Ubuntu 12.04) On Sun, Nov 18, 2012 at 5:04 PM, Igor Cicimov wrote: > > > > On Mon, Nov 19, 2012 at 11:03 AM, Nick Kew wrote: >> >> On Sun, 18 Nov 2012 14:48:35 -0800 >> Yang Zhang wrote: >> >> > I have: nginx (port 80) reverse-proxying to apache2 (port 88) >> > reverse-proxying to a web app (port 5001). >> > >> > However, when the web app responds with a redirect like `Location: >> > /foo`, >> >> That is not valid HTTP. A Location header must be an absolute URI. >> >> apache2 rewrites this into `Location: >> > http://host.com:88/sub/foo`, even though port 88 is publicly >> > inaccessible. >> >> So where does :88 come from? Looks like a misconfiguration >> somewhere outside the section you quoted. > > > Maybe from UseCanonicalName ?? >> >> >> >> -- >> Nick Kew >> >> - >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> > -- Yang Zhang http://yz.mit.edu/ - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] How to prevent mod_proxy from rewriting redirects into absolute URLs?
On Sun, Nov 18, 2012 at 3:21 PM, Igor Cicimov wrote: > > On Mon, Nov 19, 2012 at 9:48 AM, Yang Zhang wrote: >> >> I have: nginx (port 80) reverse-proxying to apache2 (port 88) >> reverse-proxying to a web app (port 5001). >> >> However, when the web app responds with a redirect like `Location: >> /foo`, apache2 rewrites this into `Location: >> http://host.com:88/sub/foo`, > > > Yes that's what reverse proxy is all about, it rewrites the Location header > using ProxyPassReverseso it doesn't get bypassed in case of backend server > redirection. nginx doesn't do the same rewrite from host.com:88 to host.com - I'd also be fine with a solution where nginx does this rewrite as well. > >> even though port 88 is publicly >> inaccessible. I'd like it to just redirect to the relative URL >> `Location: /sub/foo`. > > > So use a redirect then. Looks like reverse proxy is not applicable for your > user case. What specifically do you mean when you suggest to "use a redirect"? Are you suggesting redirecting host.com:88 to host.com? That's not possible because port 88 is not (and should not be) publicly reachable. > >> >> >> Any ideas? >> >> My apache config (using mod_proxy_http, mod_proxy_html, mod_substitute): >> >> >> Allow from all >> ProxyPass http://127.0.0.1:5001/ >> SetOutputFilter proxy-html >> ProxyPassReverse / >> ProxyHTMLURLMap / /notes/ >> RequestHeader unset Accept-Encoding >> AddOutputFilterByType SUBSTITUTE application/atom+xml >> Substitute "s|127.0.0.1:5001|host.com/notes|" >> >> >> Thanks. >> >> - >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> > -- Yang Zhang http://yz.mit.edu/ - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] How to prevent mod_proxy from rewriting redirects into absolute URLs?
On Sun, Nov 18, 2012 at 4:03 PM, Nick Kew wrote: > On Sun, 18 Nov 2012 14:48:35 -0800 > Yang Zhang wrote: > >> I have: nginx (port 80) reverse-proxying to apache2 (port 88) >> reverse-proxying to a web app (port 5001). >> >> However, when the web app responds with a redirect like `Location: >> /foo`, > > That is not valid HTTP. A Location header must be an absolute URI. OK, in that case I'd like `Location: http://host.com/sub/foo` and not `http://host.com:88/sub/foo`. > > apache2 rewrites this into `Location: >> http://host.com:88/sub/foo`, even though port 88 is publicly >> inaccessible. > > So where does :88 come from? Looks like a misconfiguration > somewhere outside the section you quoted. Well, I know from inspecting the wire traffic that this is coming from apache's response to nginx (since, again, apache listens on 88). The top of the config is what specifies this: > > > -- > Nick Kew > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > -- Yang Zhang http://yz.mit.edu/ - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] How to prevent mod_proxy from rewriting redirects into absolute URLs?
On Mon, Nov 19, 2012 at 11:03 AM, Nick Kew wrote: > On Sun, 18 Nov 2012 14:48:35 -0800 > Yang Zhang wrote: > > > I have: nginx (port 80) reverse-proxying to apache2 (port 88) > > reverse-proxying to a web app (port 5001). > > > > However, when the web app responds with a redirect like `Location: > > /foo`, > > That is not valid HTTP. A Location header must be an absolute URI. > > apache2 rewrites this into `Location: > > http://host.com:88/sub/foo`, even though port 88 is publicly > > inaccessible. > > So where does :88 come from? Looks like a misconfiguration > somewhere outside the section you quoted. > Maybe from UseCanonicalName ?? > > > -- > Nick Kew > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
Re: [users@httpd] How to prevent mod_proxy from rewriting redirects into absolute URLs?
On Sun, 18 Nov 2012 14:48:35 -0800 Yang Zhang wrote: > I have: nginx (port 80) reverse-proxying to apache2 (port 88) > reverse-proxying to a web app (port 5001). > > However, when the web app responds with a redirect like `Location: > /foo`, That is not valid HTTP. A Location header must be an absolute URI. apache2 rewrites this into `Location: > http://host.com:88/sub/foo`, even though port 88 is publicly > inaccessible. So where does :88 come from? Looks like a misconfiguration somewhere outside the section you quoted. -- Nick Kew - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] How to prevent mod_proxy from rewriting redirects into absolute URLs?
On Mon, Nov 19, 2012 at 9:48 AM, Yang Zhang wrote: > I have: nginx (port 80) reverse-proxying to apache2 (port 88) > reverse-proxying to a web app (port 5001). > > However, when the web app responds with a redirect like `Location: > /foo`, apache2 rewrites this into `Location: > http://host.com:88/sub/foo`, Yes that's what reverse proxy is all about, it rewrites the Location header using ProxyPassReverseso it doesn't get bypassed in case of backend server redirection. even though port 88 is publicly > inaccessible. I'd like it to just redirect to the relative URL > `Location: /sub/foo`. > So use a redirect then. Looks like reverse proxy is not applicable for your user case. > > Any ideas? > > My apache config (using mod_proxy_http, mod_proxy_html, mod_substitute): > > > Allow from all > ProxyPass http://127.0.0.1:5001/ > SetOutputFilter proxy-html > ProxyPassReverse / > ProxyHTMLURLMap / /notes/ > RequestHeader unset Accept-Encoding > AddOutputFilterByType SUBSTITUTE application/atom+xml > Substitute "s|127.0.0.1:5001|host.com/notes|" > > > Thanks. > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
[users@httpd] How to prevent mod_proxy from rewriting redirects into absolute URLs?
I have: nginx (port 80) reverse-proxying to apache2 (port 88) reverse-proxying to a web app (port 5001). However, when the web app responds with a redirect like `Location: /foo`, apache2 rewrites this into `Location: http://host.com:88/sub/foo`, even though port 88 is publicly inaccessible. I'd like it to just redirect to the relative URL `Location: /sub/foo`. Any ideas? My apache config (using mod_proxy_http, mod_proxy_html, mod_substitute): Allow from all ProxyPass http://127.0.0.1:5001/ SetOutputFilter proxy-html ProxyPassReverse / ProxyHTMLURLMap / /notes/ RequestHeader unset Accept-Encoding AddOutputFilterByType SUBSTITUTE application/atom+xml Substitute "s|127.0.0.1:5001|host.com/notes|" Thanks. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Can Apache Forward/Proxy a Port?
Just for those following this or need the same thing. How i got it to work:
-Made ProxyPass/Reverse entries in the default vhost SSL conf
-For users that type http://, in the non-SSL vhost i made a rewrite rule to
rewrite http: to https:
-Stop/start apache and test
Actually the http:// rewrite test failed with:
500 internal server error
My rewrite rule is:
RewriteRule ^/(.*) https://%{HTTP_HOST}/ [L]
- Original Message -
From: "Chris Arnold"
To: users@httpd.apache.org
Sent: Sunday, November 18, 2012 2:16:42 PM
Subject: Re: [users@httpd] Can Apache Forward/Proxy a Port?
- Original Message -
> I have a server that is sharing port 443. I need to use apache on a
> different server to forward/proxy https traffic to another apache
> server running on a different port, 2443. So, a user types in
> https://mail.domain.com and is sent to https://ip.com:2443. Can
> apache do this and keep the URL https://mail.domain.com?
>>What you're looking for is actually called Reverse Proxy and is
>>(of of) mod_proxy's core capabilities.
>>See http://www.apachetutor.org/admin/reverseproxies
>>for Nick Kew's explanation on how to do that.
Thanks for that link. However, the same error i have been getting is the the
error i am getting when i follow that link (that error is a 403 Access
forbidden).
Actually, i have decided to keep the 443 port on both servers (i think this is
possible for apche to work with this). So my vhost looks like:
ServerAdmin administra...@domain.net
ServerName mail.teknerds.net
ProxyPass /https://mail.domain.net/
ProxyPassReverse /https://mail.domain.net/
# if not specified, the global error log is used
ErrorLog /var/log/apache2/mail.domain.net-error_log
CustomLog /var/log/apache2/mail.domain.net-access_log combined
I have tried with and without the ProxyPass entry and SSLProxyEngine On. Both
give me the access forbidden. The server doing the proxing seems to look for
the directory on itself. Here is the error log:
[Sun Nov 18 13:42:54 2012] [error] (110)Connection timed out: proxy: HTTP:
attempt to connect to 192.168.124.3:80 (mail.domain.net) failed
[Sun Nov 18 13:42:54 2012] [error] ap_proxy_connect_backend disabling worker
for (mail.domain.net)
[Sun Nov 18 13:42:54 2012] [error] proxy: HTTP: disabled connection for
(mail.domain.net)
[Sun Nov 18 13:58:47 2012] [error] Server should be SSL-aware but has no
certificate configured [Hint: SSLCertificateFile]
Not sure why it is looking om port 80 as the proxypass/reverse point to
https://.
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Can Apache Forward/Proxy a Port?
- Original Message - > I have a server that is sharing port 443. I need to use apache on a > different server to forward/proxy https traffic to another apache > server running on a different port, 2443. So, a user types in > https://mail.domain.com and is sent to https://ip.com:2443. Can > apache do this and keep the URL https://mail.domain.com? >>What you're looking for is actually called Reverse Proxy and is >>(of of) mod_proxy's core capabilities. >>See http://www.apachetutor.org/admin/reverseproxies >>for Nick Kew's explanation on how to do that. Thanks for that link. However, the same error i have been getting is the the error i am getting when i follow that link (that error is a 403 Access forbidden). Actually, i have decided to keep the 443 port on both servers (i think this is possible for apche to work with this). So my vhost looks like: ServerAdmin administra...@domain.net ServerName mail.teknerds.net ProxyPass /https://mail.domain.net/ ProxyPassReverse /https://mail.domain.net/ # if not specified, the global error log is used ErrorLog /var/log/apache2/mail.domain.net-error_log CustomLog /var/log/apache2/mail.domain.net-access_log combined I have tried with and without the ProxyPass entry and SSLProxyEngine On. Both give me the access forbidden. The server doing the proxing seems to look for the directory on itself. Here is the error log: [Sun Nov 18 13:42:54 2012] [error] (110)Connection timed out: proxy: HTTP: attempt to connect to 192.168.124.3:80 (mail.domain.net) failed [Sun Nov 18 13:42:54 2012] [error] ap_proxy_connect_backend disabling worker for (mail.domain.net) [Sun Nov 18 13:42:54 2012] [error] proxy: HTTP: disabled connection for (mail.domain.net) [Sun Nov 18 13:58:47 2012] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] Not sure why it is looking om port 80 as the proxypass/reverse point to https://. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Apache 2.2 authentication against a Mysql Database
Hello, Do you have this working? If so can I get a look at your config? Thanks. Dave. On 11/18/12, Igor Galić wrote: > > > - Original Message - >> Hello, >> >> I'm wanting to set up Apache 2.2 to authenticate using either basic >> or >> digest authentication whichever I decide to do, against a Mysql >> Database. I am running Apache 2.2 and mysql 5.52. >> >> Ive set up authentication using textfiles in the past now I am >> wanting >> to utilize a database. I've been googling and not finding anything >> clear specifically for Mysql on this process. If anyone has any >> pointers please let me know, the docs kind of get me pointed right, >> i.e. I think I have the right modules loaded, but getting the table >> and provider right that's not happening. >> >> If anyone has this working i'd appreciate it. > > http://httpd.apache.org/docs/current/mod/mod_authn_dbd.html > authenticates users against a SQL database such as MySQL or PostgreSQL > (or whatever your APR supports, see mod_dbd's docs for more info: > http://httpd.apache.org/docs/2.2/mod/mod_dbd.html ) > >> Thanks. >> Dave. >> > > i > > -- > Igor Galić > > Tel: +43 (0) 664 886 22 883 > Mail: i.ga...@brainsware.org > URL: http://brainsware.org/ > GPG: 6880 4155 74BD FD7C B515 2EA5 4B1D 9E08 A097 C9AE > > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Apache 2.2 authentication against a Mysql Database
- Original Message - > Hello, > > I'm wanting to set up Apache 2.2 to authenticate using either basic > or > digest authentication whichever I decide to do, against a Mysql > Database. I am running Apache 2.2 and mysql 5.52. > > Ive set up authentication using textfiles in the past now I am > wanting > to utilize a database. I've been googling and not finding anything > clear specifically for Mysql on this process. If anyone has any > pointers please let me know, the docs kind of get me pointed right, > i.e. I think I have the right modules loaded, but getting the table > and provider right that's not happening. > > If anyone has this working i'd appreciate it. http://httpd.apache.org/docs/current/mod/mod_authn_dbd.html authenticates users against a SQL database such as MySQL or PostgreSQL (or whatever your APR supports, see mod_dbd's docs for more info: http://httpd.apache.org/docs/2.2/mod/mod_dbd.html ) > Thanks. > Dave. > i -- Igor Galić Tel: +43 (0) 664 886 22 883 Mail: i.ga...@brainsware.org URL: http://brainsware.org/ GPG: 6880 4155 74BD FD7C B515 2EA5 4B1D 9E08 A097 C9AE - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Can Apache Forward/Proxy a Port?
- Original Message - > I have a server that is sharing port 443. I need to use apache on a > different server to forward/proxy https traffic to another apache > server running on a different port, 2443. So, a user types in > https://mail.domain.com and is sent to https://ip.com:2443. Can > apache do this and keep the URL https://mail.domain.com? What you're looking for is actually called Reverse Proxy and is (of of) mod_proxy's core capabilities. See http://www.apachetutor.org/admin/reverseproxies for Nick Kew's explanation on how to do that. i -- Igor Galić Tel: +43 (0) 664 886 22 883 Mail: i.ga...@brainsware.org URL: http://brainsware.org/ GPG: 6880 4155 74BD FD7C B515 2EA5 4B1D 9E08 A097 C9AE - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
