Re: [users@httpd] Question about order of execution

[Eric Covener]

>   My question is: Does the certificate validation occur before or after
> processing <.htaccess>?

Long before, the handshake is complete before any HTTP request.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] Question about order of execution

[James Moe]

apache 2.4.38
linux 2.26.32 x86_64

  We have de-commissioned a domain, businessmastery.us, and have added
Redirects to point to the new locations for its information.
  We recently received a query that a visitor's browser was complaining
about how unsafe businessmastery.us was, what with an expired SSL
certificate and all. I am unclear how they got to the old site at all.

  My question is: Does the certificate validation occur before or after
processing <.htaccess>?

[ .htaccess ]
#
Options +ExecCGI
#
#
# 20180722 jmm: De-commissioned. Refer to sohnen-moe.com
#
Redirect Permanent /register/ https://sohnen-moe.com/bm5-registration/
Redirect Permanent /workbook.php
https://sohnen-moe.com/bm5-workbook-request/
Redirect Permanent /workbook5/ https://sohnen-moe.com/bm5-workbook-request/
# Redirect Permanent
#
# Catchall for other bizmast URLs.
ReDirectMatch Permanent ^.*$
"https://sohnen-moe.com/products/books/#product-business-mastery;
#
#
# 20180315 jmm: Always use a secure connection
#
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R]
[ end ]


-- 
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
Think.



signature.asc
Description: OpenPGP digital signature

Re: [users@httpd] Stupid question time - VirtualHost

[Frank Gingras]

Depending on the error returned by the OS, httpd can't do much in some
cases. It would be useful if you were to share the verbatim error, as a
start.

On Mon, 4 Feb 2019 at 13:17, Jeff Cauhape  wrote:

> Yes, it was the Secure Linux preventing the use of the port.  I wonder if
> the error message should be broadened to include
> the possibility that security policies are not allowing it's use, rather
> than just assuming that the port is not available because
> it's already in use.
>
> I added the port to the security policy with this command:
>
> # semanage port -a -t http_port_t -p tcp 280
>
> I had already added the port to the firewall
>
> [root@web1e conf]# firewall-cmd --info-zone=public
>
> public (active)
>   target: default
>   ...
>   services: dhcpv6-client https http ssh
>   ports: 9100/tcp 9101/tcp   ...  280/tcp
>  ...
>
> Jeffrey Cauhape – IT Professional III – Linux and Solaris Administrator
> Nevada Department of Employment, Training and Rehabilitation
> (775) 684-3804 (office) jpcauh...@detr.nv.gov
>
> -Original Message-
> From: Jeff Cauhape [mailto:jpcauh...@detr.nv.gov]
> Sent: Monday, February 4, 2019 8:29 AM
> To: users@httpd.apache.org
> Subject: RE: [users@httpd] Stupid question time - VirtualHost
>
> Luca,
>
> Thanks for the suggestion. It looks like we may have stumbled over the
> Secure Linux policy settings. I'll know more later this morning. I'll post
> a follow up when I figure it out.
>
> Thanks,
>
> Jeffrey Cauhape – IT Professional III – Linux and Solaris Administrator
> Nevada Department of Employment, Training and Rehabilitation
> (775) 684-3804 (office) jpcauh...@detr.nv.gov
>
> -Original Message-
> From: Luca Toscano [mailto:toscano.l...@gmail.com]
> Sent: Saturday, February 2, 2019 11:29 AM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Stupid question time - VirtualHost
>
> Hi Jeff!
>
> Il giorno ven 1 feb 2019 alle ore 16:02 Jeff Cauhape <
> jpcauh...@detr.nv.gov> ha scritto:
> >
> > My usage of Apache has been pretty plain vanilla, and now I am
> > required to
> >
> > add a virtual host to a system, and I’m wondering what doing wrong. My
> > hunch
> >
> > is that it’s obvious to others.
> >
> >
> >
> > I am using Apache 2.4.6 as reported by httpd -v
> >
> >
> >
> > In my httpd.conf file I have:
> >
> > …
> >
> > Listen web1e.detr.nv:80
> >
> > Listen web1e.detr.nv:280
> >
> > …
> >
> > and
> >
> > 
> >
> > ServerName survey.nvdetr.org
> >
> > UseCanonicalName Off
> >
> > DocumentRoot "/var/www/html/survey/"
> >
> > ScriptAlias /cgi-bin/ "/var/www/cig-bin/survey/cgi-bin/"
> >
> > …
> >
> > 
> >
> >
> >
> > Question: Isn’t it true that I must have a Listen directive for each
> VirtualHost?
> >
> >
> >
> > However, if I try to start the apache server configured like this I
> > get an error message that
> >
> > the port 8090 (or any other number I choose) is already in use and not
> > available. This causes
> >
> > apache to fail to start.
> >
> >
> >
> > # lsof -I :280
> >
> >
> >
> > and
> >
> >
> >
> > # netstat -ltnp
> >
> >
> >
> > Do not show the port in use by anything. I can change the port number
> > to anything I choose
> >
> > and the results are the same. This suggests to me that the problem is in
> apache config somewhere.
> >
> >
> >
> > If I comment out the Listen director for the VirtualHost, I don’t get
> > the error, but I don’t see any
> >
> > process listening on the port either.
> >
> >
> >
> > Ideas? Suggestions?
>
> Did you check https://httpd.apache.org/docs/2.4/vhosts/examples.html ?
> There are useful examples in there, it should clarify all doubts.
>
> Hope that helps!
>
> Luca
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>  B CB
>   [  X  ܚX K  K[XZ[
>   \ \  ][  X  ܚX P
>  \ X  K ܙ B  ܈ Y  ] [ۘ[[X[ K[XZ[
>   \ \  Z [
>  \ X  K ܙ B
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>

Re: [users@httpd] Redirection to https only for the top-level page

[Frank Gingras]

If you're stuck with .htaccess, then mod_rewrite is likely your only
recourse.
I would recommend debugging mod_rewrite on your development / staging
server with the rewrite log, too.

Lastly, look up the "http2https" recipe on the httpd wiki.

On Sat, 2 Feb 2019 at 12:51, R. Diez 
wrote:

> First of all, thanks for your answer.
>
> > [...]
> > Htaccess is only used for clients on a host server (such as a
> godaddy.com website)
> > where the client does NOT have access to configuration files of the
> server…
>
> That is exactly my case.
>
> HSTS does not seem suitable either.
>
> I hope someone can help me with that kind of .htaccess rules. Most people
> on that sort of cheap server tariff should be using the rules I am looking
> for, so it is not something that would help me alone.
>
> Best regards,
>rdiez
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

RE: [users@httpd] Stupid question time - VirtualHost

[Jeff Cauhape]

Yes, it was the Secure Linux preventing the use of the port.  I wonder if the 
error message should be broadened to include
the possibility that security policies are not allowing it's use, rather than 
just assuming that the port is not available because
it's already in use.

I added the port to the security policy with this command:

# semanage port -a -t http_port_t -p tcp 280

I had already added the port to the firewall

[root@web1e conf]# firewall-cmd --info-zone=public

public (active)
  target: default
  ...
  services: dhcpv6-client https http ssh
  ports: 9100/tcp 9101/tcp   ...  280/tcp
 ...

Jeffrey Cauhape – IT Professional III – Linux and Solaris Administrator
Nevada Department of Employment, Training and Rehabilitation
(775) 684-3804 (office) jpcauh...@detr.nv.gov

-Original Message-
From: Jeff Cauhape [mailto:jpcauh...@detr.nv.gov] 
Sent: Monday, February 4, 2019 8:29 AM
To: users@httpd.apache.org
Subject: RE: [users@httpd] Stupid question time - VirtualHost

Luca,

Thanks for the suggestion. It looks like we may have stumbled over the Secure 
Linux policy settings. I'll know more later this morning. I'll post a follow up 
when I figure it out.

Thanks,

Jeffrey Cauhape – IT Professional III – Linux and Solaris Administrator Nevada 
Department of Employment, Training and Rehabilitation
(775) 684-3804 (office) jpcauh...@detr.nv.gov

-Original Message-
From: Luca Toscano [mailto:toscano.l...@gmail.com]
Sent: Saturday, February 2, 2019 11:29 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Stupid question time - VirtualHost

Hi Jeff!

Il giorno ven 1 feb 2019 alle ore 16:02 Jeff Cauhape  ha 
scritto:
>
> My usage of Apache has been pretty plain vanilla, and now I am 
> required to
>
> add a virtual host to a system, and I’m wondering what doing wrong. My 
> hunch
>
> is that it’s obvious to others.
>
>
>
> I am using Apache 2.4.6 as reported by httpd -v
>
>
>
> In my httpd.conf file I have:
>
> …
>
> Listen web1e.detr.nv:80
>
> Listen web1e.detr.nv:280
>
> …
>
> and
>
> 
>
> ServerName survey.nvdetr.org
>
> UseCanonicalName Off
>
> DocumentRoot "/var/www/html/survey/"
>
> ScriptAlias /cgi-bin/ "/var/www/cig-bin/survey/cgi-bin/"
>
> …
>
> 
>
>
>
> Question: Isn’t it true that I must have a Listen directive for each 
> VirtualHost?
>
>
>
> However, if I try to start the apache server configured like this I 
> get an error message that
>
> the port 8090 (or any other number I choose) is already in use and not 
> available. This causes
>
> apache to fail to start.
>
>
>
> # lsof -I :280
>
>
>
> and
>
>
>
> # netstat -ltnp
>
>
>
> Do not show the port in use by anything. I can change the port number 
> to anything I choose
>
> and the results are the same. This suggests to me that the problem is in 
> apache config somewhere.
>
>
>
> If I comment out the Listen director for the VirtualHost, I don’t get 
> the error, but I don’t see any
>
> process listening on the port either.
>
>
>
> Ideas? Suggestions?

Did you check https://httpd.apache.org/docs/2.4/vhosts/examples.html ?
There are useful examples in there, it should clarify all doubts.

Hope that helps!

Luca

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

B CB  [  
X  ܚX KK[XZ[
 \ \  ][  X  ܚX P
 \X K ܙ B  ܈Y][ۘ[  [X[  K[XZ[
 \ \  Z[
 \X K ܙ B

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

RE: [users@httpd] Stupid question time - VirtualHost

[Jeff Cauhape]

Luca,

Thanks for the suggestion. It looks like we may have stumbled over the Secure 
Linux
policy settings. I'll know more later this morning. I'll post a follow up when 
I figure it out.

Thanks,

Jeffrey Cauhape – IT Professional III – Linux and Solaris Administrator
Nevada Department of Employment, Training and Rehabilitation
(775) 684-3804 (office) jpcauh...@detr.nv.gov

-Original Message-
From: Luca Toscano [mailto:toscano.l...@gmail.com] 
Sent: Saturday, February 2, 2019 11:29 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Stupid question time - VirtualHost

Hi Jeff!

Il giorno ven 1 feb 2019 alle ore 16:02 Jeff Cauhape  ha 
scritto:
>
> My usage of Apache has been pretty plain vanilla, and now I am 
> required to
>
> add a virtual host to a system, and I’m wondering what doing wrong. My 
> hunch
>
> is that it’s obvious to others.
>
>
>
> I am using Apache 2.4.6 as reported by httpd -v
>
>
>
> In my httpd.conf file I have:
>
> …
>
> Listen web1e.detr.nv:80
>
> Listen web1e.detr.nv:280
>
> …
>
> and
>
> 
>
> ServerName survey.nvdetr.org
>
> UseCanonicalName Off
>
> DocumentRoot "/var/www/html/survey/"
>
> ScriptAlias /cgi-bin/ "/var/www/cig-bin/survey/cgi-bin/"
>
> …
>
> 
>
>
>
> Question: Isn’t it true that I must have a Listen directive for each 
> VirtualHost?
>
>
>
> However, if I try to start the apache server configured like this I 
> get an error message that
>
> the port 8090 (or any other number I choose) is already in use and not 
> available. This causes
>
> apache to fail to start.
>
>
>
> # lsof -I :280
>
>
>
> and
>
>
>
> # netstat -ltnp
>
>
>
> Do not show the port in use by anything. I can change the port number 
> to anything I choose
>
> and the results are the same. This suggests to me that the problem is in 
> apache config somewhere.
>
>
>
> If I comment out the Listen director for the VirtualHost, I don’t get 
> the error, but I don’t see any
>
> process listening on the port either.
>
>
>
> Ideas? Suggestions?

Did you check https://httpd.apache.org/docs/2.4/vhosts/examples.html ?
There are useful examples in there, it should clarify all doubts.

Hope that helps!

Luca

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org