Re: [users@httpd] require valid-user with ldap

2014-11-26 Thread Tobias Adolph 

Hi,

do you have an other authorization modules (like mod_shib for 
shibboleth-authentication)?


We had an issue concerning require valid-user, too. I guess that if 
several authorization handlers are active "require valid-user" 
directives asks each of them for approval. At least mod_shib shows this 
behaviour. The fact that if you give the specific user (which determines 
the specific authorization authority) or a require-directive specific to 
an authorization module supports this assumption.


Hope this helps.

Kind regards
Tobias

Am 24.11.2014 um 12:13 schrieb Marc Patermann:

Hi,

I using the following .htaccess

AuthBasicProvider ldap file
AuthType Basic
AuthzLDAPAuthoritative off
Authname "..."
AuthUserFile /srv/www/.htusers-mf
AuthLDAPURL 
"ldap://ldapserver/ou=humans,ou=foo,c=de?mail??(mail=*@ofd-*.foo.de)"


 #Require ldap-group ou=Benutzer-Opst,ou=gruppen,ou=humans,ou=foo,c=de
 #Require user k1-st-01
 Require valid-user

...

The "require valid-user" does not work for ldap users. I get the 
following message in error_log:


/var/log/apache2/error_log:[Thu Nov 21 09:40:48 2014] [error] [client 
10.49.64.85] access to /documents/ failed, reason: user 'u...@foo.de' 
does not meet 'require'ments for user/valid-user to be allowed access


Apache is version 2.2.10

If I set it to "require ldap-user u...@foo.de" or "require ldap-group 
..." it is all fine, so the ldap part does it's thing.



Marc

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



--
###
# Tobias Adolph   # 
# Leibniz-Rechenzentrum   #
# Zimmer I.2.019  #
# Boltzmannstraße 1   # 
# 85748 Garching bei München  # 
###


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] RewriteRules vs ProxyRemote

2014-11-26 Thread Ulrich.Herbst 
Hi all,

we have apache-2.4.10 in use.

We have a forwarding proxy, that should do some rewrite rules (we need some 
decisions about client addresses and such) and then forward everything else to 
some target proxy with RemoteProxy.

Apparently (from logs with LogLevel Trace3), the rewrite-Rules are never used, 
apache just goes straight to the RemoteProxy -config.

Any idea, how we can work on our rewrite rules before the RemoteProxy config ?

Uli

Re: [users@httpd] questions and suggestions related to authentication

2014-11-26 Thread Don Cohen 
Eric Covener writes:
 > On Wed, Nov 26, 2014 at 6:25 PM, Don Cohen  
 > wrote:
 > >  > Sorry, it's mod_authnz_fcgi. http://httpd.apache.org/docs/current/mod/
 > >
 > > still having trouble with this:
 > >
 > > locate mod_authnz_fcgi
 > >  shows nothing
 > >
 > > yum whatprovides mod_authnz_fcgi
 > >  shows nothing.
 > >
 > > Any advice?
 > 
 > 
 > Likely your OS release uses Apache 2.2.x. This module was added in 2.4.x

phpinfo says:
Apache VersionApache/2.4.10 (Fedora) OpenSSL/1.0.1e-fips PHP/5.5.10 

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] questions and suggestions related to authentication

2014-11-26 Thread Eric Covener 
On Wed, Nov 26, 2014 at 6:25 PM, Don Cohen  wrote:
>  > Sorry, it's mod_authnz_fcgi. http://httpd.apache.org/docs/current/mod/
>
> still having trouble with this:
>
> locate mod_authnz_fcgi
>  shows nothing
>
> yum whatprovides mod_authnz_fcgi
>  shows nothing.
>
> Any advice?


Likely your OS release uses Apache 2.2.x. This module was added in 2.4.x

-- 
Eric Covener
cove...@gmail.com

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] questions and suggestions related to authentication

2014-11-26 Thread Don Cohen 
Eric Covener writes:
 > Sorry, it's mod_authnz_fcgi. http://httpd.apache.org/docs/current/mod/

still having trouble with this:

locate mod_authnz_fcgi 
 shows nothing

yum whatprovides mod_authnz_fcgi 
 shows nothing.

Any advice?  

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] mod_proxy / ProxyPass: 400 Bad Request? (UNCLASSIFIED)

2014-11-26 Thread Igor Cicimov 
On 27/11/2014 1:25 AM, "Kristian Rink"  wrote:
>
> Am 26.11.2014 um 15:19 schrieb Stefan Magnus Landrø:
>
>> Check user-agent header too. Mobile phones might just be too slow or get
disconnected
>
>
> Did that already, but wasn't able to find a pattern here. Most of the
clients using our system use some desktop browser to upload larger files or
collections of files, but these issues don't seem specific to a particular
user agent (had severe trouble with earlier MSIE versions, that's why this
was my first thought too)...
>
Any firewall infront the proxy? Are all the timeouts in sync along the
stack?

Re: [users@httpd] mod_proxy / ProxyPass: 400 Bad Request? (UNCLASSIFIED)

2014-11-26 Thread Kristian Rink 

Am 26.11.2014 um 15:19 schrieb Stefan Magnus Landrø:

Check user-agent header too. Mobile phones might just be too slow or get 
disconnected


Did that already, but wasn't able to find a pattern here. Most of the 
clients using our system use some desktop browser to upload larger files 
or collections of files, but these issues don't seem specific to a 
particular user agent (had severe trouble with earlier MSIE versions, 
that's why this was my first thought too)...


Kristian

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] mod_proxy / ProxyPass: 400 Bad Request? (UNCLASSIFIED)

2014-11-26 Thread Stefan Magnus Landrø 
Check user-agent header too. Mobile phones might just be too slow or get 
disconnected 

Sendt fra min iPhone

> Den 26. nov. 2014 kl. 15.11 skrev Kristian Rink :
> 
>> Am 26.11.2014 um 14:48 schrieb Stefan Magnus Landrø:
>> I'd add response time logging %D to the access log config to see if requests 
>> are slow
>> 
>> You can add that to jetty too.
> 
> I'll give it a try and see where it gets me - thanks for the hint!
> Kristian
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
> 

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] mod_proxy / ProxyPass: 400 Bad Request? (UNCLASSIFIED)

2014-11-26 Thread Kristian Rink 

Am 26.11.2014 um 14:48 schrieb Stefan Magnus Landrø:

I'd add response time logging %D to the access log config to see if requests 
are slow

You can add that to jetty too.


I'll give it a try and see where it gets me - thanks for the hint!
Kristian

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] mod_proxy / ProxyPass: 400 Bad Request? (UNCLASSIFIED)

2014-11-26 Thread Stefan Magnus Landrø 
I'd add response time logging %D to the access log config to see if requests 
are slow 

You can add that to jetty too. 

Stefan

Sendt fra min iPhone

> Den 26. nov. 2014 kl. 14.34 skrev Kristian Rink :
> 
> Hi Nick;
> 
> thanks for your comment.
> 
>> Am 26.11.2014 um 14:11 schrieb Folino, Nick E CTR USARMY HRC (US):
>> 
>> You may need to enable chunked encoding for those locations.
>> 
>> 
>> SetEnv proxy-sendchunked
>> 
> 
> As far as I see in our configuration, chunked encoding is already globally 
> enabled. I remember one of our admins enabled this a while ago in order to 
> work around another issue I can't remember well right now... ;)
> 
> Thanks and all the best,
> Kristian
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
> 

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] mod_proxy / ProxyPass: 400 Bad Request? (UNCLASSIFIED)

2014-11-26 Thread Kristian Rink 

Hi Nick;

thanks for your comment.

Am 26.11.2014 um 14:11 schrieb Folino, Nick E CTR USARMY HRC (US):


You may need to enable chunked encoding for those locations.


 SetEnv proxy-sendchunked



As far as I see in our configuration, chunked encoding is already 
globally enabled. I remember one of our admins enabled this a while ago 
in order to work around another issue I can't remember well right now... ;)


Thanks and all the best,
Kristian


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

RE: [users@httpd] mod_proxy / ProxyPass: 400 Bad Request? (UNCLASSIFIED)

2014-11-26 Thread Folino, Nick E CTR USARMY HRC (US) 
Classification: UNCLASSIFIED
Caveats: FOUO

You may need to enable chunked encoding for those locations.


SetEnv proxy-sendchunked


Nick

-Original Message-
From: Kristian Rink [mailto:kawazu...@gmail.com] 
Sent: Wednesday, November 26, 2014 4:22 AM
To: users@httpd.apache.org
Subject: [users@httpd] mod_proxy / ProxyPass: 400 Bad Request?

Folks;

trying to track down a strange error, I am ending up here. Situation: We run a 
web application built on top of Java and Jetty exposed through an
apache2 + mod_proxy reverse proxy.

Generally, this works fine. However, some of our users experience troubles 
doing file uploads this way. In those situations, in example while using an 
upload Java applet such as JUpload, there are three things to be seen:

- the upload component on the Java server complains about an EOF / empty 
request and guesses the client stopped sending data,

- the user client stops upload after throwing a SocketException - "connection 
reset by peer",

- on the mod_proxy machine, I see the request in the log files obviously 
returning a 400 Bad Request:

xx.x.xx.xx - - [26/Nov/2014:09:24:51 +0100] "POST /webprojekt/tasks/upload 
HTTP/1.1" 400 4533 

... but why? So far I have been playing with configuration options on both 
sides (apache2 ProxyPass parameters, configuration options in the Jetty running 
the backend applications) but didn't really manage to get these things 
resolved. So, two questions:

- Is there any way to make apache2 / mod_proxy provide more logging output in 
these situations? I'd not just like to know that it actually does return a 400, 
I'd also like to know _why_ it does so. This would be of great help but I fail 
to see how to set a log level to debug just for mod_proxy.

- In case someone has experience with mod_proxy: What could probably cause a 
400 in such a setup? Temporary connection issues? Resource limitations in the 
backend? Client stuff?

TIA and all the best,
Kristian

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org


Classification: UNCLASSIFIED
Caveats: FOUO




smime.p7s
Description: S/MIME cryptographic signature

[users@httpd] core dump with No symbol table info available.

2014-11-26 Thread nik600 
Dear all

i'm not able to debug some core dump on a debian6 server.

- i've read page at http://httpd.apache.org/dev/debugging.html
- i've installed

ii  apache2-dbg 2.2.16-6+squeeze14   Apache
debugging symbols
ii  libapr1-dbg 1.4.2-6+squeeze4 The
Apache Portable Runtime Library - Debugging Symbols
ii  libaprutil1-dbg 1.3.9+dfsg-5 The
Apache Portable Runtime Utility Library - Debugging Symbols

i use the command:
gdb /usr/sbin/apache2 -c core.20141126

but when i do a

gdb>thread apply all bt full
gdb>bt full

i have only messages with No symbol table info available.

ulimit command gives me "unlimited".

Any hint or suggestion?

Thanks to all in advance.

Bye

/*/
nik600
http://www.kumbe.it

AW: [users@httpd] Load balancing with load detection on backend servers ?

2014-11-26 Thread Ulrich.Herbst 
Maybe this should be a admin-configurable solution.

Something like:
Apache proxy checks backend server port 4711 and expects load data in a defined 
format. And we can configure, how often apache checks this backend server 
(maybe just every 10 seconds and not with every request...).

And everyone can write its own load-detection script to deliver this data on 
port 4711 ?

(in my opinion, we should separate application and application server from 
infrastructure questions. And the load detection is an infrastructure question).

Uli

Von: Daniel Ruggeri [mailto:drugg...@primary.net]
Gesendet: Donnerstag, 20. November 2014 14:50
An: users@httpd.apache.org; Jim Jagielski
Betreff: Re: [users@httpd] Load balancing with load detection on backend 
servers ?

The guts are all there for this to work on the proxy side. We just need to make 
a module out of it. The question of header name and what-not can be solved by 
making it configurable. The real $1,000,000 question is what your backend is 
and how you can gather load information. This would be trivial to do with a 
Servlet filter in a J2EE app, but I am not sure about other implementations (my 
own ignorance rather than it being technically impossible).
--
Daniel Ruggeri

From: Jim Jagielski mailto:j...@jagunet.com>>
Sent: November 20, 2014 7:36:11 AM CST
To: users@httpd.apache.org
Subject: Re: [users@httpd] Load balancing with load detection on backend 
servers ?


The only real question is how the load value of the backend
systems can be known and then "told" to Apache. I had proposed
awhile ago using some sort of custom HTTP X-header to send that
info.

 On Nov 19, 2014, at 3:28 AM, 
ulrich.her...@t-systems.com wrote:

 Hi all,

 I know the load_balancing-policies bybusyness, byrequests, bytraffic and 
heartbeat.

 We have a frontend apache, that acts as forwarding proxy to 8 backend servers.
 BUT: We want do route the next request to that backend server with least load.

 Is there any apache module, that can do this ?
 (We use linux and apache 2.4)

 Heartbeat is not usable, because our backends do not run apache, but something 
else.

 Uli





To unsubscribe, e-mail: 
users-unsubscr...@httpd.apache.org
For additional commands, e-mail: 
users-h...@httpd.apache.org

[users@httpd] Query on Apache Http Server for WebDAV

2014-11-26 Thread Deepak Angeswar 


All,
I am attempting to use WebDAV ('Web-based Distributed Authoring and 
Versioning') functionality for Apache Http.
I have installed Http server. The httpd.conf has been modified as
DavLockDB /usr/local/apache2/var/DavLock

Require all granted
Dav On

AuthType Basic
AuthName "Restricted Files"
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
AuthGroupFile /usr/local/apache/passwd/groups
Require group GroupName

User/Passwords are stored in passwords file, multiple users are added under 
groups.
After starting the Http server, I can see the designated folder
http://{FQDN}:8080/CREF/
However when I access the above link in browser - I can see that I am able to 
access the directory /CREF.
I am also able to map this to a network drive in my Windows machine.
However I see the following issues
1. I am not asked to authenticate - i.e. I am not asked to enter 
username/password
2. I can get files out of the folder /CREF but not able to copy into the 
folder /CREF
3.
Can someone review the httpd.conf changes I had mentioned above?
regards,
D




This e-mail together with any attachments (the "Message") is confidential and 
may contain privileged information. If you are not the intended recipient (or 
have received this e-mail in error) please notify the sender immediately and 
delete this Message from your system.  Any unauthorized copying, disclosure, 
distribution or use of this Message is strictly forbidden.

[users@httpd] mod_proxy / ProxyPass: 400 Bad Request?

2014-11-26 Thread Kristian Rink 

Folks;

trying to track down a strange error, I am ending up here. Situation: We 
run a web application built on top of Java and Jetty exposed through an 
apache2 + mod_proxy reverse proxy.


Generally, this works fine. However, some of our users experience 
troubles doing file uploads this way. In those situations, in example 
while using an upload Java applet such as JUpload, there are three 
things to be seen:


- the upload component on the Java server complains about an EOF / empty 
request and guesses the client stopped sending data,


- the user client stops upload after throwing a SocketException - 
"connection reset by peer",


- on the mod_proxy machine, I see the request in the log files obviously 
returning a 400 Bad Request:


xx.x.xx.xx - - [26/Nov/2014:09:24:51 +0100] "POST 
/webprojekt/tasks/upload HTTP/1.1" 400 4533 


... but why? So far I have been playing with configuration options on 
both sides (apache2 ProxyPass parameters, configuration options in the 
Jetty running the backend applications) but didn't really manage to get 
these things resolved. So, two questions:


- Is there any way to make apache2 / mod_proxy provide more logging 
output in these situations? I'd not just like to know that it actually 
does return a 400, I'd also like to know _why_ it does so. This would be 
of great help but I fail to see how to set a log level to debug just for 
mod_proxy.


- In case someone has experience with mod_proxy: What could probably 
cause a 400 in such a setup? Temporary connection issues? Resource 
limitations in the backend? Client stuff?


TIA and all the best,
Kristian

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org