Re: [users@httpd] Question about order of execution
> My question is: Does the certificate validation occur before or after > processing <.htaccess>? Long before, the handshake is complete before any HTTP request. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Question about order of execution
apache 2.4.38 linux 2.26.32 x86_64 We have de-commissioned a domain, businessmastery.us, and have added Redirects to point to the new locations for its information. We recently received a query that a visitor's browser was complaining about how unsafe businessmastery.us was, what with an expired SSL certificate and all. I am unclear how they got to the old site at all. My question is: Does the certificate validation occur before or after processing <.htaccess>? [ .htaccess ] # Options +ExecCGI # # # 20180722 jmm: De-commissioned. Refer to sohnen-moe.com # Redirect Permanent /register/ https://sohnen-moe.com/bm5-registration/ Redirect Permanent /workbook.php https://sohnen-moe.com/bm5-workbook-request/ Redirect Permanent /workbook5/ https://sohnen-moe.com/bm5-workbook-request/ # Redirect Permanent # # Catchall for other bizmast URLs. ReDirectMatch Permanent ^.*$ "https://sohnen-moe.com/products/books/#product-business-mastery; # # # 20180315 jmm: Always use a secure connection # RewriteEngine on RewriteCond %{HTTPS} !=on RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R] [ end ] -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 Think. signature.asc Description: OpenPGP digital signature
Re: [users@httpd] Stupid question time - VirtualHost
Depending on the error returned by the OS, httpd can't do much in some cases. It would be useful if you were to share the verbatim error, as a start. On Mon, 4 Feb 2019 at 13:17, Jeff Cauhape wrote: > Yes, it was the Secure Linux preventing the use of the port. I wonder if > the error message should be broadened to include > the possibility that security policies are not allowing it's use, rather > than just assuming that the port is not available because > it's already in use. > > I added the port to the security policy with this command: > > # semanage port -a -t http_port_t -p tcp 280 > > I had already added the port to the firewall > > [root@web1e conf]# firewall-cmd --info-zone=public > > public (active) > target: default > ... > services: dhcpv6-client https http ssh > ports: 9100/tcp 9101/tcp ... 280/tcp > ... > > Jeffrey Cauhape – IT Professional III – Linux and Solaris Administrator > Nevada Department of Employment, Training and Rehabilitation > (775) 684-3804 (office) jpcauh...@detr.nv.gov > > -Original Message- > From: Jeff Cauhape [mailto:jpcauh...@detr.nv.gov] > Sent: Monday, February 4, 2019 8:29 AM > To: users@httpd.apache.org > Subject: RE: [users@httpd] Stupid question time - VirtualHost > > Luca, > > Thanks for the suggestion. It looks like we may have stumbled over the > Secure Linux policy settings. I'll know more later this morning. I'll post > a follow up when I figure it out. > > Thanks, > > Jeffrey Cauhape – IT Professional III – Linux and Solaris Administrator > Nevada Department of Employment, Training and Rehabilitation > (775) 684-3804 (office) jpcauh...@detr.nv.gov > > -Original Message- > From: Luca Toscano [mailto:toscano.l...@gmail.com] > Sent: Saturday, February 2, 2019 11:29 AM > To: users@httpd.apache.org > Subject: Re: [users@httpd] Stupid question time - VirtualHost > > Hi Jeff! > > Il giorno ven 1 feb 2019 alle ore 16:02 Jeff Cauhape < > jpcauh...@detr.nv.gov> ha scritto: > > > > My usage of Apache has been pretty plain vanilla, and now I am > > required to > > > > add a virtual host to a system, and I’m wondering what doing wrong. My > > hunch > > > > is that it’s obvious to others. > > > > > > > > I am using Apache 2.4.6 as reported by httpd -v > > > > > > > > In my httpd.conf file I have: > > > > … > > > > Listen web1e.detr.nv:80 > > > > Listen web1e.detr.nv:280 > > > > … > > > > and > > > > > > > > ServerName survey.nvdetr.org > > > > UseCanonicalName Off > > > > DocumentRoot "/var/www/html/survey/" > > > > ScriptAlias /cgi-bin/ "/var/www/cig-bin/survey/cgi-bin/" > > > > … > > > > > > > > > > > > Question: Isn’t it true that I must have a Listen directive for each > VirtualHost? > > > > > > > > However, if I try to start the apache server configured like this I > > get an error message that > > > > the port 8090 (or any other number I choose) is already in use and not > > available. This causes > > > > apache to fail to start. > > > > > > > > # lsof -I :280 > > > > > > > > and > > > > > > > > # netstat -ltnp > > > > > > > > Do not show the port in use by anything. I can change the port number > > to anything I choose > > > > and the results are the same. This suggests to me that the problem is in > apache config somewhere. > > > > > > > > If I comment out the Listen director for the VirtualHost, I don’t get > > the error, but I don’t see any > > > > process listening on the port either. > > > > > > > > Ideas? Suggestions? > > Did you check https://httpd.apache.org/docs/2.4/vhosts/examples.html ? > There are useful examples in there, it should clarify all doubts. > > Hope that helps! > > Luca > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > B CB > [ X ܚX K K[XZ[ > \ \ ][ X ܚX P > \ X K ܙ B ܈ Y ] [ۘ[[X[ K[XZ[ > \ \ Z [ > \ X K ܙ B > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org >
Re: [users@httpd] Redirection to https only for the top-level page
If you're stuck with .htaccess, then mod_rewrite is likely your only recourse. I would recommend debugging mod_rewrite on your development / staging server with the rewrite log, too. Lastly, look up the "http2https" recipe on the httpd wiki. On Sat, 2 Feb 2019 at 12:51, R. Diez wrote: > First of all, thanks for your answer. > > > [...] > > Htaccess is only used for clients on a host server (such as a > godaddy.com website) > > where the client does NOT have access to configuration files of the > server… > > That is exactly my case. > > HSTS does not seem suitable either. > > I hope someone can help me with that kind of .htaccess rules. Most people > on that sort of cheap server tariff should be using the rules I am looking > for, so it is not something that would help me alone. > > Best regards, >rdiez > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
RE: [users@httpd] Stupid question time - VirtualHost
Yes, it was the Secure Linux preventing the use of the port. I wonder if the error message should be broadened to include the possibility that security policies are not allowing it's use, rather than just assuming that the port is not available because it's already in use. I added the port to the security policy with this command: # semanage port -a -t http_port_t -p tcp 280 I had already added the port to the firewall [root@web1e conf]# firewall-cmd --info-zone=public public (active) target: default ... services: dhcpv6-client https http ssh ports: 9100/tcp 9101/tcp ... 280/tcp ... Jeffrey Cauhape – IT Professional III – Linux and Solaris Administrator Nevada Department of Employment, Training and Rehabilitation (775) 684-3804 (office) jpcauh...@detr.nv.gov -Original Message- From: Jeff Cauhape [mailto:jpcauh...@detr.nv.gov] Sent: Monday, February 4, 2019 8:29 AM To: users@httpd.apache.org Subject: RE: [users@httpd] Stupid question time - VirtualHost Luca, Thanks for the suggestion. It looks like we may have stumbled over the Secure Linux policy settings. I'll know more later this morning. I'll post a follow up when I figure it out. Thanks, Jeffrey Cauhape – IT Professional III – Linux and Solaris Administrator Nevada Department of Employment, Training and Rehabilitation (775) 684-3804 (office) jpcauh...@detr.nv.gov -Original Message- From: Luca Toscano [mailto:toscano.l...@gmail.com] Sent: Saturday, February 2, 2019 11:29 AM To: users@httpd.apache.org Subject: Re: [users@httpd] Stupid question time - VirtualHost Hi Jeff! Il giorno ven 1 feb 2019 alle ore 16:02 Jeff Cauhape ha scritto: > > My usage of Apache has been pretty plain vanilla, and now I am > required to > > add a virtual host to a system, and I’m wondering what doing wrong. My > hunch > > is that it’s obvious to others. > > > > I am using Apache 2.4.6 as reported by httpd -v > > > > In my httpd.conf file I have: > > … > > Listen web1e.detr.nv:80 > > Listen web1e.detr.nv:280 > > … > > and > > > > ServerName survey.nvdetr.org > > UseCanonicalName Off > > DocumentRoot "/var/www/html/survey/" > > ScriptAlias /cgi-bin/ "/var/www/cig-bin/survey/cgi-bin/" > > … > > > > > > Question: Isn’t it true that I must have a Listen directive for each > VirtualHost? > > > > However, if I try to start the apache server configured like this I > get an error message that > > the port 8090 (or any other number I choose) is already in use and not > available. This causes > > apache to fail to start. > > > > # lsof -I :280 > > > > and > > > > # netstat -ltnp > > > > Do not show the port in use by anything. I can change the port number > to anything I choose > > and the results are the same. This suggests to me that the problem is in > apache config somewhere. > > > > If I comment out the Listen director for the VirtualHost, I don’t get > the error, but I don’t see any > > process listening on the port either. > > > > Ideas? Suggestions? Did you check https://httpd.apache.org/docs/2.4/vhosts/examples.html ? There are useful examples in there, it should clarify all doubts. Hope that helps! Luca - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org B CB [ X ܚX KK[XZ[ \ \ ][ X ܚX P \X K ܙ B ܈Y][ۘ[ [X[ K[XZ[ \ \ Z[ \X K ܙ B - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [users@httpd] Stupid question time - VirtualHost
Luca, Thanks for the suggestion. It looks like we may have stumbled over the Secure Linux policy settings. I'll know more later this morning. I'll post a follow up when I figure it out. Thanks, Jeffrey Cauhape – IT Professional III – Linux and Solaris Administrator Nevada Department of Employment, Training and Rehabilitation (775) 684-3804 (office) jpcauh...@detr.nv.gov -Original Message- From: Luca Toscano [mailto:toscano.l...@gmail.com] Sent: Saturday, February 2, 2019 11:29 AM To: users@httpd.apache.org Subject: Re: [users@httpd] Stupid question time - VirtualHost Hi Jeff! Il giorno ven 1 feb 2019 alle ore 16:02 Jeff Cauhape ha scritto: > > My usage of Apache has been pretty plain vanilla, and now I am > required to > > add a virtual host to a system, and I’m wondering what doing wrong. My > hunch > > is that it’s obvious to others. > > > > I am using Apache 2.4.6 as reported by httpd -v > > > > In my httpd.conf file I have: > > … > > Listen web1e.detr.nv:80 > > Listen web1e.detr.nv:280 > > … > > and > > > > ServerName survey.nvdetr.org > > UseCanonicalName Off > > DocumentRoot "/var/www/html/survey/" > > ScriptAlias /cgi-bin/ "/var/www/cig-bin/survey/cgi-bin/" > > … > > > > > > Question: Isn’t it true that I must have a Listen directive for each > VirtualHost? > > > > However, if I try to start the apache server configured like this I > get an error message that > > the port 8090 (or any other number I choose) is already in use and not > available. This causes > > apache to fail to start. > > > > # lsof -I :280 > > > > and > > > > # netstat -ltnp > > > > Do not show the port in use by anything. I can change the port number > to anything I choose > > and the results are the same. This suggests to me that the problem is in > apache config somewhere. > > > > If I comment out the Listen director for the VirtualHost, I don’t get > the error, but I don’t see any > > process listening on the port either. > > > > Ideas? Suggestions? Did you check https://httpd.apache.org/docs/2.4/vhosts/examples.html ? There are useful examples in there, it should clarify all doubts. Hope that helps! Luca - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org