date:20140220

[users@httpd] Running two different versions of httpd in same machine

2014-02-20 Thread Venkatesh Prabu Narayanan

Hi,

We are running apache httpd server of version 1.3.27 in our production
machine RHEL WS 4.0. We are running two process of httpd (same version) one
for proxy listening to 80 and other listening in 8000. Input requests are
received by this proxy and it in turn redirects it to the backend httpd.
Both these httpd are running in RHEL WS 4.0.

Due to some security problems, we were asked to upgrade the httpd version
to 2.2.X. Because of some technical issues, we cannot upgrade the backend
httpd immediately. So we planned to upgrade only the front end proxy httpd
such that front end proxy (facing customer end) runs with 2.2.X version and
the back end httpd continues with the previous one.

I believe running two different versions of httpd in the same machine will
not cause any issues. Please correct me if I am wrong.

As we don't find httpd rpm in any RHEL repo, I compiled it from source
using rpmbuild command and generated httpd rpm with 2.2.X. As we have to
install instead of upgrade over previous version, I have to install this
new version in a different directory (i.e to change prefix in config
options) say 'httpd2' or some thing similar to avoid conflict issues with
the existing version.
What are the changes I have to do in httpd.spec file ?.

Do I have to consider any other scenario for my case ?

Thanks,
Venkatesh

Re: [users@httpd] Apache major features

2014-02-20 Thread Nick Tkach

On Thu, Feb 20, 2014 at 12:28 PM, Joe Jensen (ConAgra Foods) <
joe.jen...@conagrafoods.com> wrote:

> We are on a current patch version and being old software there are likely
> few remaining security vulnerabilities or bugs for me to worry about in the
> version we run.
>
>
>
> Joe Jensen
> (402)-240-3645
> Application Hosting Services
>
>
>
> *From:* Curtis Maurand [mailto:cur...@maurand.com]
> *Sent:* Thursday, February 20, 2014 12:25 PM
> *To:* users@httpd.apache.org
> *Subject:* Re: [users@httpd] Apache major features
>
>
>
>
> Google is your friend in this case.  There are tons of books re: apache
> and even hardening it.
>
> search term: apache books
>
> About 29,700,000 results (0.35 seconds)
>
> http://httpd.apache.org/docs/2.4/
>
>
>
>
> --Curtis
>
> On 2/20/2014 12:38 PM, Joe Jensen (ConAgra Foods) wrote:
>
> What major features have been released in the last 8 years for apache?
> My apache infrastructure is quite dated and behind.  I'd like to update and
> improve it but am new to apache and don't know much more than that I have
> nothing modern.
>
>
>
> Joe Jensen
> (402)-240-3645
> Application Hosting Services
>
>
>
> *From:* Jeff Trawick [mailto:traw...@gmail.com ]
> *Sent:* Wednesday, February 19, 2014 3:50 PM
> *To:* users@httpd.apache.org
> *Subject:* Re: [users@httpd] Available online Training/documentation
>
>
>
> On Wed, Feb 19, 2014 at 3:24 PM, Joe Jensen (ConAgra Foods) <
> joe.jen...@conagrafoods.com> wrote:
>
> I'm looking for some advice on how to learn the intricacies of both apache
> httpd and tomcat.  I'm unlikely to get a paid training class, and failed to
> find any overall training about it online.  Considering it's popularity and
> open source nature it strikes me as very odd that there isn't any good and
> extensive "on your own" training to read through.   If someone can point me
> to something online it would be awesome!
>
>
>
> I'm charged with a series of apache/tomcat servers as part about 70% of my
> job, but we run a ~3-4 year old setup largely unchanged from 7 years ago.
> I'd like to learn what I don't know exists, and am hoping for more than
> just the apache module and configuration manuals.  If I have to though that
> may be what I do learn from.
>
>
>
> Joe Jensen
> (402)-240-3645
> Application Hosting Services
>
>
>
> Look at the User's Guide and Howto/Tutorials parts of the documentation.
>
>
>
> If it were me, I'd start with this:
>
>
>
> 1. Make sure you understand how httpd and Tomcat are installed on all
> systems you support and how updates are obtained.
>
> 2. Check the versions of the software and confirm that they are supported
> branches (e.g., 2.2.x or 2.4.x for httpd, whatever is currently supported
> for Tomcat).
>
> 3. See how old the exact versions are (e.g., 2.2.15), and if they are
> relatively old then ensure that you are getting updates regularly from a
> vendor (e.g., Linux vendor) which applies security fixes to old versions.
>
>
>
> If there's a problem already (unsupported, vulnerable versions), work with
> your team to find out how to deal with it.  You may end up looking through
> CHANGES logs for vulnerabilities and crossing out the ones in modules that
> aren't used in your configuration, and then seeing what is a potential
> concern.
>
>
>
> 4-98. (stuff I can't think of at the moment)
>
>
>
> 99. Try to identify the most common or most important use of httpd in your
> environment (e.g., front-end to Tomcat) and get a fresh VM and set up httpd
> with a sample application (or static site) that requires similar
> configuration features.  Use that to play around and experiment with things
> in the product documentation.  Even if you won't use a particular feature
> in production, the experimentation gives you more insight into how the
> server can be configured.
>
>
>
> --
> Born in Roswell... married an alien...
> http://emptyhammock.com/
>
>
>

Yes, having been through a similar experience in the past I can definitely
say start small.  VMs are your friend!  Make *sure* you're okay right now
so nothing is vulnerable (don't count on it being "old" as meaning it's not
vulnerable to anything).

I've found that if you are making a "big" leap (mostly 1.x -> 2.x) you're
liable to run into trouble with modules.  That big of a jump some have been
absorbed into Apache core httpd, some don't exist any more, some have been
replaced, some won't work with 2.x without patching or re-compiling, etc.

RE: [users@httpd] Apache major features

2014-02-20 Thread Joe Jensen (ConAgra Foods)

We are on a current patch version and being old software there are likely few 
remaining security vulnerabilities or bugs for me to worry about in the version 
we run.

Joe Jensen
(402)-240-3645
Application Hosting Services

From: Curtis Maurand [mailto:cur...@maurand.com]
Sent: Thursday, February 20, 2014 12:25 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Apache major features


Google is your friend in this case.  There are tons of books re: apache and 
even hardening it.

search term: apache books

About 29,700,000 results (0.35 seconds)

http://httpd.apache.org/docs/2.4/




--Curtis

On 2/20/2014 12:38 PM, Joe Jensen (ConAgra Foods) wrote:
What major features have been released in the last 8 years for apache?My 
apache infrastructure is quite dated and behind.  I'd like to update and 
improve it but am new to apache and don't know much more than that I have 
nothing modern.

Joe Jensen
(402)-240-3645
Application Hosting Services

From: Jeff Trawick [mailto:traw...@gmail.com]
Sent: Wednesday, February 19, 2014 3:50 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Available online Training/documentation

On Wed, Feb 19, 2014 at 3:24 PM, Joe Jensen (ConAgra Foods) 
mailto:joe.jen...@conagrafoods.com>> wrote:
I'm looking for some advice on how to learn the intricacies of both apache 
httpd and tomcat.  I'm unlikely to get a paid training class, and failed to 
find any overall training about it online.  Considering it's popularity and 
open source nature it strikes me as very odd that there isn't any good and 
extensive "on your own" training to read through.   If someone can point me to 
something online it would be awesome!

I'm charged with a series of apache/tomcat servers as part about 70% of my job, 
but we run a ~3-4 year old setup largely unchanged from 7 years ago.  I'd like 
to learn what I don't know exists, and am hoping for more than just the apache 
module and configuration manuals.  If I have to though that may be what I do 
learn from.

Joe Jensen
(402)-240-3645
Application Hosting Services

Look at the User's Guide and Howto/Tutorials parts of the documentation.

If it were me, I'd start with this:

1. Make sure you understand how httpd and Tomcat are installed on all systems 
you support and how updates are obtained.
2. Check the versions of the software and confirm that they are supported 
branches (e.g., 2.2.x or 2.4.x for httpd, whatever is currently supported for 
Tomcat).
3. See how old the exact versions are (e.g., 2.2.15), and if they are 
relatively old then ensure that you are getting updates regularly from a vendor 
(e.g., Linux vendor) which applies security fixes to old versions.

If there's a problem already (unsupported, vulnerable versions), work with your 
team to find out how to deal with it.  You may end up looking through CHANGES 
logs for vulnerabilities and crossing out the ones in modules that aren't used 
in your configuration, and then seeing what is a potential concern.

4-98. (stuff I can't think of at the moment)

99. Try to identify the most common or most important use of httpd in your 
environment (e.g., front-end to Tomcat) and get a fresh VM and set up httpd 
with a sample application (or static site) that requires similar configuration 
features.  Use that to play around and experiment with things in the product 
documentation.  Even if you won't use a particular feature in production, the 
experimentation gives you more insight into how the server can be configured.

--
Born in Roswell... married an alien...
http://emptyhammock.com/

Re: [users@httpd] Apache major features

2014-02-20 Thread Curtis Maurand



Google is your friend in this case.  There are tons of books re: apache 
and even hardening it.


search term: apache books

About 29,700,000 results (0.35 seconds)

http://httpd.apache.org/docs/2.4/




--Curtis

On 2/20/2014 12:38 PM, Joe Jensen (ConAgra Foods) wrote:


What major features have been released in the last 8 years for 
apache?My apache infrastructure is quite dated and behind.  I'd 
like to update and improve it but am new to apache and don't know much 
more than that I have nothing modern.


Joe Jensen
(402)-240-3645
Application Hosting Services

*From:*Jeff Trawick [mailto:traw...@gmail.com]
*Sent:* Wednesday, February 19, 2014 3:50 PM
*To:* users@httpd.apache.org
*Subject:* Re: [users@httpd] Available online Training/documentation

On Wed, Feb 19, 2014 at 3:24 PM, Joe Jensen (ConAgra Foods) 
mailto:joe.jen...@conagrafoods.com>> wrote:


I'm looking for some advice on how to learn the intricacies of both 
apache httpd and tomcat.  I'm unlikely to get a paid training class, 
and failed to find any overall training about it online. Considering 
it's popularity and open source nature it strikes me as very odd that 
there isn't any good and extensive "on your own" training to read 
through.   If someone can point me to something online it would be 
awesome!


I'm charged with a series of apache/tomcat servers as part about 70% 
of my job, but we run a ~3-4 year old setup largely unchanged from 7 
years ago.  I'd like to learn what I don't know exists, and am hoping 
for more than just the apache module and configuration manuals.  If I 
have to though that may be what I do learn from.


Joe Jensen
(402)-240-3645 
Application Hosting Services

Look at the User's Guide and Howto/Tutorials parts of the documentation.

If it were me, I'd start with this:

1. Make sure you understand how httpd and Tomcat are installed on all 
systems you support and how updates are obtained.


2. Check the versions of the software and confirm that they are 
supported branches (e.g., 2.2.x or 2.4.x for httpd, whatever is 
currently supported for Tomcat).


3. See how old the exact versions are (e.g., 2.2.15), and if they are 
relatively old then ensure that you are getting updates regularly from 
a vendor (e.g., Linux vendor) which applies security fixes to old 
versions.


If there's a problem already (unsupported, vulnerable versions), work 
with your team to find out how to deal with it.  You may end up 
looking through CHANGES logs for vulnerabilities and crossing out the 
ones in modules that aren't used in your configuration, and then 
seeing what is a potential concern.


4-98. (stuff I can't think of at the moment)

99. Try to identify the most common or most important use of httpd in 
your environment (e.g., front-end to Tomcat) and get a fresh VM and 
set up httpd with a sample application (or static site) that requires 
similar configuration features.  Use that to play around and 
experiment with things in the product documentation.  Even if you 
won't use a particular feature in production, the experimentation 
gives you more insight into how the server can be configured.


--
Born in Roswell... married an alien...
http://emptyhammock.com/

Re: [users@httpd] Apache major features

2014-02-20 Thread Jeff Trawick

On Thu, Feb 20, 2014 at 12:38 PM, Joe Jensen (ConAgra Foods) <
joe.jen...@conagrafoods.com> wrote:

> What major features have been released in the last 8 years for apache?
> My apache infrastructure is quite dated and behind.  I'd like to update and
> improve it but am new to apache and don't know much more than that I have
> nothing modern.
>

I would ignore new features for the moment and ensure that you are in a
position to pick up bug fixes for problems your users may discover as well
as others that may be known to cause severe problems when encountered.
 IOW, migrate to a currently supported version.

There are surely a lot of new features

http://httpd.apache.org/docs/2.4/new_features_2_4.html
http://httpd.apache.org/docs/2.4/new_features_2_2.html

but you probably want to learn about features you're currently using before
such a list would be helpful.



>
>
> Joe Jensen
> (402)-240-3645
> Application Hosting Services
>
>
>
> *From:* Jeff Trawick [mailto:traw...@gmail.com]
> *Sent:* Wednesday, February 19, 2014 3:50 PM
> *To:* users@httpd.apache.org
> *Subject:* Re: [users@httpd] Available online Training/documentation
>
>
>
> On Wed, Feb 19, 2014 at 3:24 PM, Joe Jensen (ConAgra Foods) <
> joe.jen...@conagrafoods.com> wrote:
>
> I'm looking for some advice on how to learn the intricacies of both apache
> httpd and tomcat.  I'm unlikely to get a paid training class, and failed to
> find any overall training about it online.  Considering it's popularity and
> open source nature it strikes me as very odd that there isn't any good and
> extensive "on your own" training to read through.   If someone can point me
> to something online it would be awesome!
>
>
>
> I'm charged with a series of apache/tomcat servers as part about 70% of my
> job, but we run a ~3-4 year old setup largely unchanged from 7 years ago.
> I'd like to learn what I don't know exists, and am hoping for more than
> just the apache module and configuration manuals.  If I have to though that
> may be what I do learn from.
>
>
>
> Joe Jensen
> (402)-240-3645
> Application Hosting Services
>
>
>
> Look at the User's Guide and Howto/Tutorials parts of the documentation.
>
>
>
> If it were me, I'd start with this:
>
>
>
> 1. Make sure you understand how httpd and Tomcat are installed on all
> systems you support and how updates are obtained.
>
> 2. Check the versions of the software and confirm that they are supported
> branches (e.g., 2.2.x or 2.4.x for httpd, whatever is currently supported
> for Tomcat).
>
> 3. See how old the exact versions are (e.g., 2.2.15), and if they are
> relatively old then ensure that you are getting updates regularly from a
> vendor (e.g., Linux vendor) which applies security fixes to old versions.
>
>
>
> If there's a problem already (unsupported, vulnerable versions), work with
> your team to find out how to deal with it.  You may end up looking through
> CHANGES logs for vulnerabilities and crossing out the ones in modules that
> aren't used in your configuration, and then seeing what is a potential
> concern.
>
>
>
> 4-98. (stuff I can't think of at the moment)
>
>
>
> 99. Try to identify the most common or most important use of httpd in your
> environment (e.g., front-end to Tomcat) and get a fresh VM and set up httpd
> with a sample application (or static site) that requires similar
> configuration features.  Use that to play around and experiment with things
> in the product documentation.  Even if you won't use a particular feature
> in production, the experimentation gives you more insight into how the
> server can be configured.
>
>
>
> --
> Born in Roswell... married an alien...
> http://emptyhammock.com/
>



-- 
Born in Roswell... married an alien...
http://emptyhammock.com/

[users@httpd] RE: Apache major features (UNCLASSIFIED)

2014-02-20 Thread Folino, Nick E CTR USARMY HRC (US)

Classification: UNCLASSIFIED
Caveats: FOUO

While you're at it you might want to find a class in web security.  You just 
told the whole world that ConAgra Foods is running some extremely vulnerable 
versions of Apache products.


-Original Message-
From: Joe Jensen (ConAgra Foods) [mailto:joe.jen...@conagrafoods.com] 
Sent: Thursday, February 20, 2014 12:38 PM
To: users@httpd.apache.org
Subject: [users@httpd] Apache major features

What major features have been released in the last 8 years for apache?My 
apache infrastructure is quite dated and behind.  I'd like to update and 
improve it but am new to apache and don't know much more than that I have 
nothing modern.

 

Joe Jensen 
(402)-240-3645 
Application Hosting Services

 

From: Jeff Trawick [mailto:traw...@gmail.com] 
Sent: Wednesday, February 19, 2014 3:50 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Available online Training/documentation

 

On Wed, Feb 19, 2014 at 3:24 PM, Joe Jensen (ConAgra Foods) 
 wrote:

I'm looking for some advice on how to learn the intricacies of both apache 
httpd and tomcat.  I'm unlikely to get a paid training class, and failed to 
find any overall training about it online.  Considering it's popularity and 
open source nature it strikes me as very odd that there isn't any good and 
extensive "on your own" training to read through.   If someone can point me to 
something online it would be awesome!

 

I'm charged with a series of apache/tomcat servers as part about 70% of my job, 
but we run a ~3-4 year old setup largely unchanged from 7 years ago.  I'd like 
to learn what I don't know exists, and am hoping for more than just the apache 
module and configuration manuals.  If I have to though that may be what I do 
learn from.  

 

Joe Jensen 
(402)-240-3645   
Application Hosting Services  

 

Look at the User's Guide and Howto/Tutorials parts of the documentation.

 

If it were me, I'd start with this:

 

1. Make sure you understand how httpd and Tomcat are installed on all systems 
you support and how updates are obtained.

2. Check the versions of the software and confirm that they are supported 
branches (e.g., 2.2.x or 2.4.x for httpd, whatever is currently supported for 
Tomcat).

3. See how old the exact versions are (e.g., 2.2.15), and if they are 
relatively old then ensure that you are getting updates regularly from a vendor 
(e.g., Linux vendor) which applies security fixes to old versions.

 

If there's a problem already (unsupported, vulnerable versions), work with your 
team to find out how to deal with it.  You may end up looking through CHANGES 
logs for vulnerabilities and crossing out the ones in modules that aren't used 
in your configuration, and then seeing what is a potential concern.

 

4-98. (stuff I can't think of at the moment)

 

99. Try to identify the most common or most important use of httpd in your 
environment (e.g., front-end to Tomcat) and get a fresh VM and set up httpd 
with a sample application (or static site) that requires similar configuration 
features.  Use that to play around and experiment with things in the product 
documentation.  Even if you won't use a particular feature in production, the 
experimentation gives you more insight into how the server can be configured.

 

-- 
Born in Roswell... married an alien...
http://emptyhammock.com/


Classification: UNCLASSIFIED
Caveats: FOUO



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] Apache major features

2014-02-20 Thread Joe Jensen (ConAgra Foods)

What major features have been released in the last 8 years for apache?My 
apache infrastructure is quite dated and behind.  I'd like to update and 
improve it but am new to apache and don't know much more than that I have 
nothing modern.

Joe Jensen
(402)-240-3645
Application Hosting Services

From: Jeff Trawick [mailto:traw...@gmail.com]
Sent: Wednesday, February 19, 2014 3:50 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Available online Training/documentation

On Wed, Feb 19, 2014 at 3:24 PM, Joe Jensen (ConAgra Foods) 
mailto:joe.jen...@conagrafoods.com>> wrote:
I'm looking for some advice on how to learn the intricacies of both apache 
httpd and tomcat.  I'm unlikely to get a paid training class, and failed to 
find any overall training about it online.  Considering it's popularity and 
open source nature it strikes me as very odd that there isn't any good and 
extensive "on your own" training to read through.   If someone can point me to 
something online it would be awesome!

I'm charged with a series of apache/tomcat servers as part about 70% of my job, 
but we run a ~3-4 year old setup largely unchanged from 7 years ago.  I'd like 
to learn what I don't know exists, and am hoping for more than just the apache 
module and configuration manuals.  If I have to though that may be what I do 
learn from.

Joe Jensen
(402)-240-3645
Application Hosting Services

Look at the User's Guide and Howto/Tutorials parts of the documentation.

If it were me, I'd start with this:

1. Make sure you understand how httpd and Tomcat are installed on all systems 
you support and how updates are obtained.
2. Check the versions of the software and confirm that they are supported 
branches (e.g., 2.2.x or 2.4.x for httpd, whatever is currently supported for 
Tomcat).
3. See how old the exact versions are (e.g., 2.2.15), and if they are 
relatively old then ensure that you are getting updates regularly from a vendor 
(e.g., Linux vendor) which applies security fixes to old versions.

If there's a problem already (unsupported, vulnerable versions), work with your 
team to find out how to deal with it.  You may end up looking through CHANGES 
logs for vulnerabilities and crossing out the ones in modules that aren't used 
in your configuration, and then seeing what is a potential concern.

4-98. (stuff I can't think of at the moment)

99. Try to identify the most common or most important use of httpd in your 
environment (e.g., front-end to Tomcat) and get a fresh VM and set up httpd 
with a sample application (or static site) that requires similar configuration 
features.  Use that to play around and experiment with things in the product 
documentation.  Even if you won't use a particular feature in production, the 
experimentation gives you more insight into how the server can be configured.

--
Born in Roswell... married an alien...
http://emptyhammock.com/

[users@httpd] Re: suexec policy violation

2014-02-20 Thread Roman Gelfand

Actually, it appears this is the source of the problem

[2014-02-20 12:00:19]: user mismatch (www-data instead of www)

not sure what it means

On Thu, Feb 20, 2014 at 11:48 AM, Roman Gelfand  wrote:
> I am trying to setup forms/ldap based authentication for an existing
> site.  I am getting an error with suexec.  Not sure what is causing
> it.   Below, are log and configuration.
>
> Log
>
> [Thu Feb 20 10:47:35.867218 2014] [core:notice] [pid 26384] AH00094:
> Command line: '/usr/sbin/apache2'
> [Thu Feb 20 10:47:51.311666 2014] [authz_core:debug] [pid 26392]
> mod_authz_core.c(802): [client 192.168.0.209:55675] AH01626:
> authorization result of Require valid-user : denied (no authenticated
> user yet)
> [Thu Feb 20 10:47:51.311744 2014] [authz_core:debug] [pid 26392]
> mod_authz_core.c(802): [client 192.168.0.209:55675] AH01626:
> authorization result of : denied (no authenticated user
> yet)
> [Thu Feb 20 10:47:51.333617 2014] [authnz_ldap:debug] [pid 26392]
> mod_authnz_ldap.c(501): [client 192.168.0.209:55675] AH01691:
> auth_ldap authenticate: using URL
> ldap://192.168.0.22:389/ou=People,dc=doman,dc=local?mail?sub
> [Thu Feb 20 10:47:51.334139 2014] [ldap:debug] [pid 26392]
> util_ldap.c(372): AH01278: LDAP: Setting referrals to On.
> [Thu Feb 20 10:47:51.339220 2014] [authnz_ldap:debug] [pid 26392]
> mod_authnz_ldap.c(593): [client 192.168.0.209:55675] AH01697:
> auth_ldap authenticate: accepting user@domain.local
> [Thu Feb 20 10:47:51.339335 2014] [authz_core:debug] [pid 26392]
> mod_authz_core.c(802): [client 192.168.0.209:55675] AH01626:
> authorization result of Require valid-user : granted
> [Thu Feb 20 10:47:51.339426 2014] [authz_core:debug] [pid 26392]
> mod_authz_core.c(802): [client 192.168.0.209:55675] AH01626:
> authorization result of : granted
> [Thu Feb 20 10:47:51.342397 2014] [cgi:error] [pid 26392] [client
> 192.168.0.209:55675] AH01215: suexec policy violation: see suexec log
> for more details
> [Thu Feb 20 10:47:51.342765 2014] [cgi:error] [pid 26392] [client
> 192.168.0.209:55675] End of script output before headers: dspam.cgi
> [Thu Feb 20 10:47:51.364314 2014] [core:debug] [pid 26392]
> util_cookies.c(59): [client 192.168.0.209:55675] AH7: ap_cookie:
> user 'user@domain.local' set cookie:
> 'session=5NdUE0kHQSGYA+ui0Q3tfOQ9Xe6nEXQIi2bINcDzE5QGKSFto6pcNFFvQFZK4yW+fz9zCqCgK02ibacwHPH+84uyEbqwwuq2h2ZzgD/DvJU9s4g/NUUk13SfoVQdFwyDoFqFxjY2CJYKTUP6dJ9AfoWDMD/EN4uYPQ7/+TzccJ0=;path=/'
>
>
> Directory /var/www/dspam Permissions
>
> drwxr-xr-x 2 dspam dspam  4096 Feb 20 10:10 .
> drwxr-xr-x 3 root  root   4096 Feb 19 19:34 ..
> -rwxr-xr-x 1 dspam dspam 29602 Apr  4  2013 admin.cgi
> -rwxr-xr-x 1 dspam dspam  5853 Apr  4  2013 admingraph.cgi
> -rwxr-xr-x 1 dspam dspam   562 Feb 11 15:47 authenticate.php
> -rwxr-xr-x 1 dspam dspam  3179 Feb  7 10:17 base.css
> -rwxr-xr-x 1 dspam dspam  7137 Feb  7 10:17 configure.pl
> -rw-r--r-- 1 dspam dspam  1394 Feb  6 18:52 default.prefs
> -rw-r--r-- 1 dspam dspam  4792 Feb  7 10:17 dspam-logo-small.gif
> -rwxr-xr-x 1 dspam dspam 55543 Feb 11 13:07 dspam.cgi
> -rw-r--r-- 1 dspam dspam   822 Feb  7 10:17 dspam.js
> -rw-r--r-- 1 dspam dspam 15774 Feb  6 18:52 favicon.ico
> -rwxr-xr-x 1 dspam dspam  4655 Apr  4  2013 graph.cgi
> -rwxr-xr-x 1 dspam dspam 61390 Feb  6 18:52 htmlize.pl
> -rwxr-xr-x 1 dspam dspam20 Feb 19 19:01 info.php
> -rw-r--r-- 1 root  root416 Feb 11 17:16 login.html
> -rw-r--r-- 1 root  root337 Feb 11 15:37 loginb.html
> -rwxr-xr-x 1 dspam dspam   718 Feb  6 18:52 logout.cgi
> -rwxr-xr-x 1 dspam dspam  1192 Feb 20 10:05 logout.php
> -rwxr-xr-x 1 dspam dspam   245 Feb 11 13:34 logout2.php
> -rw-r--r-- 1 dspam dspam 17168 Feb  6 18:52 rgb.txt
> -rw-r--r-- 1 dspam dspam   589 Feb  6 18:52 rtl.css
>
>
>
> site config
>
>
> 
>
>
> LogLevel debug
> SuexecUserGroup dspam dspam
> Addhandler cgi-script .cgi
> Options +ExecCGI -Indexes
>
> DocumentRoot /var/www/dspam
>
> ErrorDocument 401 /login.html
>
> Session On
> SessionCookieName session path=/
> SessionCryptoPassphrase secret
>
> 
> AuthFormProvider ldap
> AuthType form
> AuthName "DSPAM Authentication"
> AuthFormLoginRequiredLocation http://192.168.0.36/login.html
> AuthLDAPURL
> "ldap://192.168.0.22:389/ou=People,dc=domain,dc=local?mail?sub";
> AuthLDAPBindDN "CN=LDAP Lookup,OU=Service
> Accounts,OU=People,DC=domain,DC=local"
> AuthLDAPBindPassword "password"
> Require valid-user
> 
>
> 
> Order allow,Deny
> Allow from all
> require all granted
> 
>
> 
> SetHandler form-logout-handler
> AuthName "DSPAM Authentication"
> AuthFormLogoutLocation http://192.168.0.36/login.html
> 
>
> 
>   SetHandler form-login-handler
>   AuthType form
>   AuthName "DSPAM Authentication"
>   AuthFormProvider ldap
>   AuthFormLoginRequiredLocation http://192.168.0.36/login.html
> 
>
> #ErrorLog logs/DSPAMErro

[users@httpd] suexec policy violation

2014-02-20 Thread Roman Gelfand

I am trying to setup forms/ldap based authentication for an existing
site.  I am getting an error with suexec.  Not sure what is causing
it.   Below, are log and configuration.

Log

[Thu Feb 20 10:47:35.867218 2014] [core:notice] [pid 26384] AH00094:
Command line: '/usr/sbin/apache2'
[Thu Feb 20 10:47:51.311666 2014] [authz_core:debug] [pid 26392]
mod_authz_core.c(802): [client 192.168.0.209:55675] AH01626:
authorization result of Require valid-user : denied (no authenticated
user yet)
[Thu Feb 20 10:47:51.311744 2014] [authz_core:debug] [pid 26392]
mod_authz_core.c(802): [client 192.168.0.209:55675] AH01626:
authorization result of : denied (no authenticated user
yet)
[Thu Feb 20 10:47:51.333617 2014] [authnz_ldap:debug] [pid 26392]
mod_authnz_ldap.c(501): [client 192.168.0.209:55675] AH01691:
auth_ldap authenticate: using URL
ldap://192.168.0.22:389/ou=People,dc=doman,dc=local?mail?sub
[Thu Feb 20 10:47:51.334139 2014] [ldap:debug] [pid 26392]
util_ldap.c(372): AH01278: LDAP: Setting referrals to On.
[Thu Feb 20 10:47:51.339220 2014] [authnz_ldap:debug] [pid 26392]
mod_authnz_ldap.c(593): [client 192.168.0.209:55675] AH01697:
auth_ldap authenticate: accepting user@domain.local
[Thu Feb 20 10:47:51.339335 2014] [authz_core:debug] [pid 26392]
mod_authz_core.c(802): [client 192.168.0.209:55675] AH01626:
authorization result of Require valid-user : granted
[Thu Feb 20 10:47:51.339426 2014] [authz_core:debug] [pid 26392]
mod_authz_core.c(802): [client 192.168.0.209:55675] AH01626:
authorization result of : granted
[Thu Feb 20 10:47:51.342397 2014] [cgi:error] [pid 26392] [client
192.168.0.209:55675] AH01215: suexec policy violation: see suexec log
for more details
[Thu Feb 20 10:47:51.342765 2014] [cgi:error] [pid 26392] [client
192.168.0.209:55675] End of script output before headers: dspam.cgi
[Thu Feb 20 10:47:51.364314 2014] [core:debug] [pid 26392]
util_cookies.c(59): [client 192.168.0.209:55675] AH7: ap_cookie:
user 'user@domain.local' set cookie:
'session=5NdUE0kHQSGYA+ui0Q3tfOQ9Xe6nEXQIi2bINcDzE5QGKSFto6pcNFFvQFZK4yW+fz9zCqCgK02ibacwHPH+84uyEbqwwuq2h2ZzgD/DvJU9s4g/NUUk13SfoVQdFwyDoFqFxjY2CJYKTUP6dJ9AfoWDMD/EN4uYPQ7/+TzccJ0=;path=/'


Directory /var/www/dspam Permissions

drwxr-xr-x 2 dspam dspam  4096 Feb 20 10:10 .
drwxr-xr-x 3 root  root   4096 Feb 19 19:34 ..
-rwxr-xr-x 1 dspam dspam 29602 Apr  4  2013 admin.cgi
-rwxr-xr-x 1 dspam dspam  5853 Apr  4  2013 admingraph.cgi
-rwxr-xr-x 1 dspam dspam   562 Feb 11 15:47 authenticate.php
-rwxr-xr-x 1 dspam dspam  3179 Feb  7 10:17 base.css
-rwxr-xr-x 1 dspam dspam  7137 Feb  7 10:17 configure.pl
-rw-r--r-- 1 dspam dspam  1394 Feb  6 18:52 default.prefs
-rw-r--r-- 1 dspam dspam  4792 Feb  7 10:17 dspam-logo-small.gif
-rwxr-xr-x 1 dspam dspam 55543 Feb 11 13:07 dspam.cgi
-rw-r--r-- 1 dspam dspam   822 Feb  7 10:17 dspam.js
-rw-r--r-- 1 dspam dspam 15774 Feb  6 18:52 favicon.ico
-rwxr-xr-x 1 dspam dspam  4655 Apr  4  2013 graph.cgi
-rwxr-xr-x 1 dspam dspam 61390 Feb  6 18:52 htmlize.pl
-rwxr-xr-x 1 dspam dspam20 Feb 19 19:01 info.php
-rw-r--r-- 1 root  root416 Feb 11 17:16 login.html
-rw-r--r-- 1 root  root337 Feb 11 15:37 loginb.html
-rwxr-xr-x 1 dspam dspam   718 Feb  6 18:52 logout.cgi
-rwxr-xr-x 1 dspam dspam  1192 Feb 20 10:05 logout.php
-rwxr-xr-x 1 dspam dspam   245 Feb 11 13:34 logout2.php
-rw-r--r-- 1 dspam dspam 17168 Feb  6 18:52 rgb.txt
-rw-r--r-- 1 dspam dspam   589 Feb  6 18:52 rtl.css



site config





LogLevel debug
SuexecUserGroup dspam dspam
Addhandler cgi-script .cgi
Options +ExecCGI -Indexes

DocumentRoot /var/www/dspam

ErrorDocument 401 /login.html

Session On
SessionCookieName session path=/
SessionCryptoPassphrase secret


AuthFormProvider ldap
AuthType form
AuthName "DSPAM Authentication"
AuthFormLoginRequiredLocation http://192.168.0.36/login.html
AuthLDAPURL
"ldap://192.168.0.22:389/ou=People,dc=domain,dc=local?mail?sub";
AuthLDAPBindDN "CN=LDAP Lookup,OU=Service
Accounts,OU=People,DC=domain,DC=local"
AuthLDAPBindPassword "password"
Require valid-user



Order allow,Deny
Allow from all
require all granted



SetHandler form-logout-handler
AuthName "DSPAM Authentication"
AuthFormLogoutLocation http://192.168.0.36/login.html



  SetHandler form-login-handler
  AuthType form
  AuthName "DSPAM Authentication"
  AuthFormProvider ldap
  AuthFormLoginRequiredLocation http://192.168.0.36/login.html


#ErrorLog logs/DSPAMError_log
#CustomLog logs/DSPAMAccess_log common


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] Running two different versions of httpd in same machine

Re: [users@httpd] Apache major features

RE: [users@httpd] Apache major features

Re: [users@httpd] Apache major features

Re: [users@httpd] Apache major features

[users@httpd] RE: Apache major features (UNCLASSIFIED)

[users@httpd] Apache major features

[users@httpd] Re: suexec policy violation

[users@httpd] suexec policy violation

9 matches

Site Navigation

Mail list logo

Footer information