Re: [users@httpd] AH01144: No protocol handler was valid for the URL ...

2014-05-16 Thread Falco Schwarz 
Hi Dave,

you are trying to proxy to a fcgi backend so you need to enable the 
proxy_fcgi_module.

Falco

> On 17 May 2014, at 02:59, David Herring  wrote:
> 
> Excuse if this got sent twice...not sure I had been accepted to list first 
> time I sent this.
> 
> Hi,
> 
> Trying to setup apache with php-fpm, using apache 2.4.7 with the event mpm, 
> on Ubuntu 14.04. Get error in apache error.log:-
> 
> [Mon May 12 23:00:14.074848 2014] [proxy:warn] [pid 5735:tid 14052966320] 
> [client 127.0.0.1:47128] AH01144: No protocol handler was valid for the URL 
> /xxx/c2p.php. If you are using a DSO version of mod_proxy, make sure the 
> proxy submodules are included in the configuration using LoadModule.
> 
> Read about this, and have enabled both proxy and proxy_http modules - see 
> list below. Not sure what to do to fix this, or to get more debug information 
> ? 
> 
> Happy to provide any further details to help debug this, any help very much 
> appreciated,
> 
> Dave
> 
> Line from apache conf file for this server is
> 
> ProxyPassMatch ^/xxx/(.*\.php(/.*)?)$ 
> fcgi://127.0.0.1:9000/home/dave/sandbox/c2p/prod/$1
> 
> 
> And these are the modules that are enabled
> 
> root@PenguinWee4:/home/dave# apache2ctl -M
> Loaded Modules:
>  core_module (static)
>  so_module (static)
>  watchdog_module (static)
>  http_module (static)
>  log_config_module (static)
>  logio_module (static)
>  version_module (static)
>  unixd_module (static)
>  access_compat_module (shared)
>  alias_module (shared)
>  auth_basic_module (shared)
>  authn_core_module (shared)
>  authn_file_module (shared)
>  authz_core_module (shared)
>  authz_host_module (shared)
>  authz_user_module (shared)
>  autoindex_module (shared)
>  deflate_module (shared)
>  dir_module (shared)
>  env_module (shared)
>  filter_module (shared)
>  mime_module (shared)
>  mpm_event_module (shared)
>  negotiation_module (shared)
>  proxy_module (shared)
>  proxy_ftp_module (shared)
>  proxy_http_module (shared)
>  rewrite_module (shared)
>  setenvif_module (shared)
>  socache_shmcb_module (shared)
>  ssl_module (shared)
>  status_module (shared)
> 
> -- 
> David Herring

[users@httpd] YOU BROKE MY CODE!

2014-05-16 Thread Andy Canfield 
Last week, if you went to http://www.andycanfield.com, you would see my
web site. Today, if you go there, you will see "Internal Server Error".
Apache broke it.

We had four sites on that computer:
[1] http://210.213.49.151/ took you to /var/www/index.html
[2] http://www.andycanfield.com took you to my personal web site
[3] http://210.213.49.151/fasemat took you to FASEMAT
[4] http://210.213.49.151/opal took you to OPAL

Number 1, 3, and 4 are still working, but number 2 gives "Internal
Server Error". Here is the entry in sites-enabled:

NameVirtualHost *:80


ServerName www.andycanfield.com
ServerAlias andycanfield.com *.andycanfield.com
DocumentRoot /www/andycanfield/Site



AuthType None
Require all granted
Options FollowSymLinks


That was essentially copied from your documentation
(http://httpd.apache.org/docs/2.2/mod/core.html#virtualhost).
It used to read  but that is now
"not recommended".

/var/log/apache2/error.log shows this:

[Sat May 17 10:33:12 2014] [crit] [client 49.49.233.112] configuration
error:  couldn't check user.  Check your authn provider!: /
[Sat May 17 10:33:12 2014] [crit] [client 49.49.233.112] configuration
error:  couldn't check user.  Check your authn provider!: /favicon.ico
[Sat May 17 10:33:13 2014] [crit] [client 49.49.233.112] configuration
error:  couldn't check user.  Check your authn provider!: /favicon.ico

What is 'favicon.ico". I don't have one anywhere. And I explicitly told
you that, for this directory, don't check the user; let everyone in.

How do we get apache 2.2 to route a request to one of several virtual
computers based on what name is used to access the server, and to let
EVERYONE in to that virtual computer?

You broke my code!

[users@httpd] why multiple user-tracking cookies generated?

2014-05-16 Thread Qingshan Xie 
Team, 

    After cleared the browser's cache, we observed multiple user-tracking 
cookies generated when the request proxies to another env. The capture header 
shows, 

In Response Header
CP_GUTC:"10.37.138.15.1400173959753313"    

In Request Header
CP_GUTC:"10.37.145.95.1400173959439209"



we don't know why the 2nd server create another user-tracking cookie  though 
the Request already sent it?

Is it a bug in mod_usertrack or the configuration not right?  Can someone help 
if there is a way to avoid it?

Many Thanks, 
Q.Xie

Re: [users@httpd] Trying to setup php-fpm with latest apache 2.4

2014-05-16 Thread Jeff Trawick 
You need mod_proxy_fcgi to interface with PHP-FPM.

See http://wiki.apache.org/httpd/PHP-FPM

(My previous attempts to post were rejected as suspected SPAM, so I'm
trying again without including the original message.)

Re: [users@httpd] Apache and Upgrading OpenSSL

2014-05-16 Thread Loyall, David 
Please consider updating http://httpd.apache.org/download.cgi to reflect the 
information given in the message below.

> Date: Fri, 18 Apr 2014 15:10:10 -0400
> From: Christopher Schultz 
> Subject: Re: [users@httpd] Apache and Upgrading OpenSSL
[...]
> The httpd project no longer provides binaries of any kind. Most Linux
> distros directly package httpd, and anyone can compile it themselves, too.
> 
> Most Windows folks sadly do not have a compiler handy. The ApacheLounge
> folks have kindly been building binaries for Windows. It appears their
> current version is 2.4.9 with OpenSSL 1.0.1g which sounds like it's
> exactly what you want.
[...]

Cheers, thanks,
--Dave

Lincoln, Nebraska

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Is it possible to evaluate .htaccess before proxying requests? (Apache 2.4.9)

2014-05-16 Thread Eric Covener 
On Tue, May 13, 2014 at 11:51 AM, Tobias Adolph  wrote:
> is the intended behaviour of ProxyPass(Match)-Directives to ignore .htaccess
> files?


Yes, proxy directives stop the URL from being mapped to any location
on disk, so no .htaccess in any directory is applicable.

You could try mod_rewrite in directory context.

-- 
Eric Covener
cove...@gmail.com

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] RewriteCond help

2014-05-16 Thread Michael Streeter 

On 5/12/2014 8:51 AM, Cabell, Jeff wrote:


We’ve noticed attempted injection attacks on one of our servers and 
even though the virus scanners are halting the execution of the 
malicious code, there is still a level of penetration that we are 
trying to stop.


Can anyone give me an idea why this url is not triggering the Rewrite 
rule below?


The intent is to redirect any url containing references to cmd.exe, 
ftp.exe , any .bat file, or anything with a SQL Query 
embedded back to just pull up the site’s homepage.


(Note : it is not the actual attack URL, but one that was modified to 
generate a harmless file, but still mimic the attack method)


https://*[IP* 
*redacted]*/appname/disabilityInfo.action?redirect:$%7b(new+java.lang.ProcessBuilder(new+java.lang.String%5b%5d%7b%27cmd.exe%27%2C%20%27%2Fd%20%2Fc%20md%20rewritetest%26cd%20rewritetest%26del%20*.*%20%2Ff%20%2Fs%20%2Fq%26echo%20bartsimpson.eat.my.shorts%20%3Ej%26echo%20homer%20%3E%3Ej%26echo%20mmmdoughnuts%20%3E%3Ej%26echo%20mget%20*.exe%20%3E%3Ej%26echo%20bye%20%3E%3Ej%26echo%20for%20%25%25i%20in%20(*.exe)%20do%20start%20%25%25i%20%3ED.bat%26echo%20for%20%25%25i%20in%20(*.exe)%20do%20%25%25i%20%3E%3ED.bat%26echo%20del%20%2Ff%20%2Fq%20%250%25%20%3E%3ED.bat%26D.bat%27%7D)).start()%7D


RewriteCond %{QUERY_STRING} 
.*(java\.lang|FTP\.exe|cmd\.exe|\.bat|\.exe|insert|delete|set|declare|drop|update).* 
[NC]


RewriteRule ^(.*)$ https://*[IP* *redacted]*/ [F,L]

Any help would be greatly appreciated.

*Jeff Cabell*

*Applications Administrator*

As far as I can tell, your RewriteCond is triggering the RewriteRule as 
intended. But you mention that you'd like to redirect to the home page. 
If so, try something like this for the RewriteRule line:


RewriteRule ^(.*)$ https://*[IP* *redacted]*/? [R,L]

The F flag was changed to an R to make it redirect rather than fail with 
a 403 error. A ? was added after the rewrite URL to get rid of the query 
string.


Hope that helps.

References:
http://rewritetester.com/ Tested your rules here (Full disclosure: This 
is my site)

http://stackoverflow.com/questions/3457022/mod-rewrite-remove-query-string-from-url
http://httpd.apache.org/docs/2.4/rewrite/flags.html#flag_f

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] Why multiple user-tracking cookies generated?

2014-05-16 Thread Qingshan Xie 
Hello, 

    After cleared the browser's cache, we observed multiple user-tracking 
cookies generated when the request proxies to another env. The capture header 
shows, 

In Response Header
CP_GUTC:"10.37.138.15.1400173959753313"    

In Request Header
CP_GUTC:"10.37.145.95.1400173959439209"



we don't know why the 2nd server create another user-tracking cookie  though 
the Request already sent it?

Is it a bug in mod_usertrack or the configuration not right?  Can someone help 
if there is a way to avoid it?

Many Thanks, 
Q.Xie