Re: [users@httpd] Four subdomain, fourth redirects to first
On 9/21/21 18:52, Frank Gingras wrote: > I would not rely on the debian scripts. Looking at apachectl -S will tell > you what you need to know. > > On Tue, 21 Sept 2021 at 18:51, Frank Gingras wrote: > >> Why do you have two vhosts with the same ServerName value set? That will Off topic question : WHY DO YOU PEOPLE TOP POST ? -- Dennis Clarke (free/like/beer) RISC-V/SPARC/PPC/ARM/CISC UNIX and Linux spoken GreyBeard and suspenders optional - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Novice configuration question
Can't figure out what I'm doing wrong This is in preperation of installing drupal on a RHEL 7 server Apache MySql Php I have set my dns and the hosts file on the server for three different sites webtest - webdemo - and webphp I have the three directories in var/www/html/ each dir and my httpd.conf has this Listen 80 ServerName webtest.rate-watch.com ServerAdmin netw...@rate-watch.com DocumentRoot /var/www/html/web ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" Options +Indexes +FollowSymLinks +ExecCGI AddHandler php-fastcgi .php Action php-fastcgi /cgi-bin/php.fastcgi AllowOverride All Order allow,deny Allow from All ServerName webdemo.rate-watch.com ServerAdmin netw...@rate-watch.com DocumentRoot /var/www/html/webdemo ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" Options +Indexes +FollowSymLinks +ExecCGI AddHandler php-fastcgi .php Action php-fastcgi /cgi-bin/php.fastcgi AllowOverride All Order allow,deny Allow from All ServerName webphp.rate-watch.com ServerAdmin netw...@rate-watch.com DocumentRoot /var/www/html/webphp ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" Options +Indexes +FollowSymLinks +ExecCGI AddHandler php-fastcgi .php Action php-fastcgi /cgi-bin/php.fastcgi AllowOverride All Order allow,deny Allow from All I can get two of the directories/websites to load - webdemo and webphp but webtest throws a 404 not found What did I miss? or is there an easier way to set three different php enabled web pages to load on one IP? Thanks Dennis Newman The information contained in this message is intended only for the recipient, and may be a confidential attorney-client communication or may otherwise be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the message and deleting it from your computer. S Global Inc. reserves the right, subject to applicable local law, to monitor, review and process the content of any electronic message or information sent to or from S Global Inc. e-mail addresses without informing the sender or recipient of the message. By sending electronic message or information to S Global Inc. e-mail addresses you, as the sender, are consenting to S Global Inc. processing any of your personal data therein.
[users@httpd] require valid-users for location bypasses other unrelated restrictions
Hi, I trying to understand how the "Require" directive works in non-trivial cases. This is one example: ServerName 127.0.0.1 DocumentRoot "/var/www/html/site" Authtype Basic Authname "site" AuthUserFile /etc/httpd/conf/htpasswd Require valid-user Require all denied When I access http://localhost/area/admin/README.txt without a password httpd will respond with a 401 as expected but when I supply the correct credentials not only do I get access to the admin location (expected) but also to the README.txt file (unexpected). Why is the "Require all denied" ignored in this case? When I comment out the location block then I will get the correct 403 Forbidden response so it seems the "Require valid-user" seems to basically erase the restrictions defined elsewhere. How would I specify this correctly so that a password grants me access to the admin area but the limitation on the README files stays intact? Regards, Dennis - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Apache 2.2 and tls 1.2
On 7/23/20 4:41 PM, Tom Jubb wrote: > New certs will successfully installed on Apache 2.2 Apache 2.2 ? That was End of Life a while ago. You have a bigger problem. Migrate to 2.4.43 and then deal with certs and such. -- Dennis Clarke RISC-V/SPARC/PPC/ARM/CISC UNIX and Linux spoken GreyBeard and suspenders optional - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] compiling http-2.4.41 on linux variants
On 9/11/19 4:54 PM, William J Adler wrote: I am trying to compile http-2.4.41 and it works on Fedora 29 and Centos 7 but on Centos 6 and Ubuntu 18 the compile generates the following error: Replace -std=gnu99 with -std=iso9899:1999 and -pedantic and give it another try. -- Dennis Clarke RISC-V/SPARC/PPC/ARM/CISC UNIX and Linux support - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Crash of httpd in Endurance
On 8/23/19 8:51 AM, kishore wrote: We are running 2.4.39 with openssl 1.0.2r on Solaris sparc 64-bit, After running for 1-2 hrs we are getting core dump created and apache is crashed. Has anyone faced such issue. What does file 'core-file-name' say to you ? Do you have dbx installed ? -- Dennis Clarke RISC-V/SPARC/PPC/ARM/CISC UNIX and Linux spoken GreyBeard and suspenders optional - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Question about configure not answered in documentation
On 4/5/19 2:55 PM, Jeff Cauhape wrote: > I am guessing the answer to my question is probably “no”, but I’m hoping > > someone here has a silver bullet. > > I think this is a basic path thing passed along like so : beta $ ./configure --prefix=/some/app/path \ --sysconfdir=/usr/local/www/conf \ --localstatedir=/usr/local/www/var --datadir=/usr/local/www/data \ --htmldir=/usr/local/www/docs \ ... etc etc etc -- Dennis Clarke RISC-V/SPARC/PPC/ARM/CISC UNIX and Linux spoken GreyBeard and suspenders optional - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Memory growth in Apache 2.4.33 on Solaris
On 3/14/19 2:43 AM, Gajanan Kulkarni wrote: > > Hi > > Thanks for taking look in to this mail. appreciate it. > > This is what I get > > httpd -V > > > Server built: Feb 15 2019 10:25:19 Very recent .. good. > Server's Module Magic Number: 20120211:76 > Server loaded: APR 1.6.3, APR-UTIL 1.6.1 > Compiled using: APR 1.6.3, APR-UTIL 1.6.1 Excellent. > Architecture: 64-bit > Server MPM: I was hoping to see 'event' there. Not threaded ? > Server compiled with > -D APR_HAS_SENDFILE > -D APR_HAS_MMAP > -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) > -D APR_USE_PROC_PTHREAD_SERIALIZE > -D APR_USE_PTHREAD_SERIALIZE > -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT > -D APR_HAS_OTHER_CHILD > -D AP_HAVE_RELIABLE_PIPED_LOGS > -D DYNAMIC_MODULE_LIMIT=256 > -D > HTTPD_ROOT="/scratch/osseng/workspace/APACHE_12.2.1.3.0_SOLARIS.SPARC64_BP/apache/stage/install" > > -D > SUEXEC_BIN="/scratch/osseng/workspace/APACHE_12.2.1.3.0_SOLARIS.SPARC64_BP/apache/stage/install/bin/suexec" > > -D DEFAULT_PIDLOG="logs/httpd.pid" > -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" > -D DEFAULT_ERRORLOG="logs/error_log" > -D AP_TYPES_CONFIG_FILE="conf/mime.types" > -D SERVER_CONFIG_FILE="conf/httpd.conf" > Is this a recent Solaris 10 ( up to date ) with Oracle Studio 12.6 or some gcc variation as the compiler ? -- Dennis Clarke RISC-V/SPARC/PPC/ARM/CISC UNIX and Linux spoken GreyBeard and suspenders optional - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Memory growth in Apache 2.4.33 on Solaris
On 3/12/19 6:59 AM, Gajanan Kulkarni wrote: > Hi > > We are seeing memory growth in Apache 2.4.33 on Solaris. > > Is there any known issue or fix for this. > A little data would help. What does httpd -V report ? -- Dennis Clarke RISC-V/SPARC/PPC/ARM/CISC UNIX and Linux spoken GreyBeard and suspenders optional - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] URGENT: Apache HTTP Migration from 1.3 to 2.4 UNIX Solaris
Could you please suggest whether need to make more entries in the httpd.conf of command entries? Can you get the httpd service running without any modifications and without excessive modules ? Dennis - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] URGENT: Apache HTTP Migration from 1.3 to 2.4 UNIX Solaris
On 1/8/19 1:29 PM, singhal.an...@tcs.com wrote: Hi Dennis, Thank you for the response..!! Right, that is an old Sun sparc "coolthreads" server of some sort. Looks like Solaris 11. I do not exactly understand by toolchain? Could you please elaborate more of what information I can provide? Essentially all the tools you are using to build the software with. Don't worry about it. I think the apache 1.3 is provided by Oracle out of the box. Same with some rev of 2.x but I have never looked at it as I always just build my own. Given that you say "understand by toolchain" as a question I'll take this out of the mail list just to reduce noise and clutter. Dennis - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] URGENT: Apache HTTP Migration from 1.3 to 2.4 UNIX Solaris
On 1/8/19 11:48 AM, singhal.an...@tcs.com wrote: Dear All, I have migrated a user module mod_example from 1.3 to 2.4. But when I try to start the apache it is giving a segmentation fault and creating a core. Installed binaries: Apache 2.4.34 apr-1.6.5 apr-util-1.6.1 pcre-8.40 expat-2.1.0 Difficult to say from your email but you will most likely need to build a complete toolchain before running any recent Apache. It shouldn't matter one way or that other, but it does, are you on SPARC or x86_64? Also what compiler and toolchain do you have now? Dennis - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] How do I build trunk and 2.4.x branches of httpd? No ./configure script.
On 12/26/18 12:37 PM, John Pyeatt wrote: I ran into a problem with being unable to modify the WWW-Authentication header as documented here <https://bz.apache.org/bugzilla/show_bug.cgi?id=62025#c3>. In the description it says code is working correctly in the trunk and I suppose httpd-2.4.x branches. So I checked these out from svn with the hopes of trying these branches out myself to see if a fix was forthcoming in a near-future release of httpd. But looking through the checked out code there doesn't appear to be a 'configure' script I would normally run to build the Makefile for either trunk or 2.4.x branches. Try : autoconf --verbose --force --include=/SOMEPATH/include --warnings=all ./buildconf --with-apr=/SOMEPATH/bin/apr-1-config You should have a configure script after all that. Dennis - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Is there a way to intercept all IP accesses in real time?
On 11/01/2018 10:05 AM, David Spector wrote: efficient real-time PHP code There is no such thing. I am only aware of rt priority type code written in C and assembly. At least in the instrumentation and data collection field. dc - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Difficulties with testing TLS 1.3
3: SSL virtual host for servername beta.tls13.net found [Fri Jun 15 00:59:59.788701 2018] [ssl:debug] [pid 2250:tid 27] ssl_engine_kernel.c(): [client 68.179.116.201:34466] AH02041: Protocol: TLSv1.3, Cipher: TLS_AES_256_GCM_SHA384 (256/256 bits) [Fri Jun 15 00:59:59.788742 2018] [ssl:error] [pid 2250:tid 27] [client 68.179.116.201:34466] AH02042: rejecting client initiated renegotiation [Fri Jun 15 00:59:59.789151 2018] [ssl:debug] [pid 2250:tid 27] ssl_engine_io.c(1400): (130)Software caused connection abort: [client 68.179.116.201:34466] AH02007: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] [Fri Jun 15 00:59:59.789341 2018] [ssl:info] [pid 2250:tid 27] [client 68.179.116.201:34466] AH01998: Connection closed to child 152 with abortive shutdown (server beta.tls13.net:443) beta # Weird. Any thoughts would be greatly appreciated. Dennis - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] strangely unable to access http://httpd.apache.org/ or https://subversion.apache.org/ ??
On 5/30/18 5:05 PM, Eric Covener wrote: is there a "fail2ban" type ip block service in place somewhere that is blocking packets? yes, you can open a ticket here to sort out what activity triggered the ban but you may need an infrastructure person from your side handy https://issues.apache.org/jira/projects/INFRA/issues The nice folks there gave me a talking to and then unbanned me. Thanks for the link! This is what happens when one accidentally svn co *everything* by going up the tree a little too far. Really .. I just wanted trunk. Dennis - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] strangely unable to access http://httpd.apache.org/ or https://subversion.apache.org/ ??
On 05/30/2018 05:05 PM, Eric Covener wrote: is there a "fail2ban" type ip block service in place somewhere that is blocking packets? yes, you can open a ticket here to sort out what activity triggered the ban but you may need an infrastructure person from your side handy https://issues.apache.org/jira/projects/INFRA/issues Thank you Eric : After a bit of teeth grinding I created : https://issues.apache.org/jira/browse/INFRA-16599 The only thing that crosses my mind ( from xterm logs ) that *may* have triggered a ban was a big svn checkout wherein I uttered this : $ svn checkout https://svn.apache.org/repos/asf/httpd/httpd . . . Ahttpd/tags/2.4.13/modules/ssl/README Ahttpd/tags/2.4.13/modules/ssl/ssl_util_ocsp.c Ahttpd/tags/2.4.13/modules/ssl/ssl_engine_rand.c svn: E000110: Error running context: Connection timed out $ So everything from soup to nuts and every version was coming down. Who knows ... it was a mistake and all I wanted was trunk. Dennis - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] strangely unable to access http://httpd.apache.org/ or https://subversion.apache.org/ ??
Apache folks : Something strange happened in the last 36 hours or so. I was working away on a trunk build of httpd in order to test tls 1.3 per : Bug 62413 - SSLProtocol: Illegal protocol 'TLSv1.3' https://bz.apache.org/bugzilla/show_bug.cgi?id=62413 Not really a "bug" but a feature that is enabled on the trunk but not in mod_ssl for 2.4.33 but regardless to do anything I need to be able to : $ svn checkout https://svn.apache.org/repos/asf/httpd/httpd/trunk httpd-trunk svn: E170013: Unable to connect to a repository at URL 'https://svn.apache.org/repos/asf/httpd/httpd/trunk' svn: E000110: Error running context: Connection timed out Even sites such as https://subversion.apache.org/ are non-responsive. However only from one subnet and not on another. Both are well known and arin registered subnets. However that was working fine for me 36 hours ago. Also, nearly every site in the apache.org domain will not respond from my local subnet but I am able to access those sites from another subnet at the office. So then, the question is, what is going on here? Is there a "fail2ban" type ip block service in place somewhere that is blocking packets? Dennis - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Re: HTTP 403 after upgrade from Debian old-stable
On Thu, 29 Dec 2016 00:22:09 + Andrew Beverley <a...@andybev.com> wrote: > Go to this page and search for "Require all granted": > https://httpd.apache.org/docs/current/upgrading.html Spot on, though I'm finding I have to pretty much rewrite my configs anyway for other reasons. The pointer is greatly appreciated, guys. =) -Dennis Carr - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] HTTP 403 after upgrade from Debian old-stable
Heya. On Saturday, I did an upgrade of my server from Debian's previous stable version to the current stable version. With this, Apache updated to 2.4.10. In the process of that, I have a situation where it looks like everything immediately off of my web root (/opt/www in this case) and a Pipermail archive (which comes with a Mailman install) are returning a HTTP 403. I've done the following so far: * checked /var/log/apache/error.log, noted that server configuration is denying permission * Verified file system permissions in these directories, nothing has changed. * Inspected the configurations; nothing *seems* out of place, especially in relation to the relevant directories * ...got stuck and went back to doing my "real" job, since I don't get paid to troubleshoot my private server :-) The long and short is that I'm looking to get un-stuck at this point, and can use a bit of guidance. A quick and dirty answer as to where to look would help; failing that, what more information shall I provide? -Dennis Carr - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Help with wilcards SSL certificates and virtual hosts
On 12.03.2015 15:51, Quentin CHARRAUT wrote: Hi all, I really need help to understand what I'm doing wrong and how to solve my problems. Let me first explain the situation. We have an Apache webserver (Linux), in front of a Jboss application server which hosts many different application. Apache is configured to redirect clients based on virtual hosts definitions (depends on client URLs). Note that all applications are available with an URL like https://x.example.com, where x is the client name. We also own a valid SSL wildcard certificate for *.example.com installed on the Apache server and mod_ssl enable. Actually, all the configuration is correct for defined virtual hosts : for example, when the client toto try to access his application, he use the URL toto.example.com and Apache see that the corresponding virtual host exists. For non-defined virtual hosts, for example, if he client tata try to access his application, the default virtual host (*.example.com) handle the request correctly and make some redirection. Now, for development reasons, we decided to reproduce the production environment. We decided to simulate client with URL like https://x.dev.example.com. So we bought the associated wildcard certificate (*.dev.example.com) and installed hit on the same Apache server. Now, here comes the issues. First, I added a virtual host for *.dev.example.com placed after the vhost *.example.com, and when I tried to access https://titi.dev.example.com with a browser, it give a ssl_error_bad_cert_domain error. Note that there is no errors if I define a specific vhost for titi.dev.example.com but it's not sufficient for our needs. Then, I made a test by putting the *.dev.example vhost before *.example.com, and then the URL https://titi.dev.example.com is available without certificates errors. But now, the https://toto.example.com URL give me a ssl_error_bad_cert_domain error. My question is, how can I have both *.example.com and *.rc.example.com vhost working together without any bad certificate errors ? Maybe I missed something ? or maybe it's not possible ? The wildcard only works on one level so you'll need two certificates for this one for *.example.com and one for *.rc.example.com. Regards, Dennis - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Apache make fedora go into corner
In cases like these nmon is a useful tool. It's a top-like tool with the ability to write the stats into a log file for later analysis. It is really nice when you want the basics monitored but not install a full monitoring solution like nagios, zabbix, etc. Regards, Dennis On 27.12.2014 18:03, Dr James Smith wrote: If you have root access you can look in /var/log and this might show up stuff in messages or syslog... Sometimes Apache can leak little bits of memory with each request - along with other processes. You could also write a simple cron job which does something like: echo `date` `cat /proc/meminfo | grep Free | grep kB | cut -d : -f 2 | xargs` ~/mem-free which will give you a log file like: Sat Dec 27 17:01:01 GMT 2014 80908 kB 3549440 kB Sat Dec 27 17:02:01 GMT 2014 79760 kB 3549516 kB and so you can check that the two numbers (mem free + swap free) are not both getting towards 0... On 27/12/2014 15:52, georg chambert wrote: Hi James, well, no, traffic hasn't been very intense, and the machines only task is to be a server, the number of accesses (at least in logg) is quite limited, some hundred at maximum, is there a way to check post-mortem ? - Original Message - *From:* Dr James Smith mailto:j...@sanger.ac.uk *To:* users@httpd.apache.org mailto:users@httpd.apache.org *Sent:* Saturday, December 27, 2014 3:49 PM *Subject:* Re: [users@httpd] Apache make fedora go into corner On 27/12/2014 13:21, georg chambert wrote: Hi, have for a bit of time had trouble with my server PC running Fedora Os and Apache. After some time it goes into non-communicatable mode, does not take any input whatsover, hard shutdown is only way to get out. It can be 24hours and it can be 14days of running before this happes. While if the httpd is not active the machine has no issues. So where do I look to find answers; short look in access_log for servere does not give any specific clues to what happens, possibly because the hard takedown of the machine the file is not closed properly ? Have you checked top regularly to see if you are running the machine out of memory. Any suggestions ? Georg http://www.avast.com/ This email has been checked for viruses by Avast antivirus software. www.avast.com http://www.avast.com/ -- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE. --- This email has been checked for viruses by Avast antivirus software. http://www.avast.com - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Re: MySQL authentication and SSL Config problem
After a bit more experimenting I found some additional information that may shed some light on this. I think this is actually a bug. I created another directory that uses AuthUserFile and that works as expected with SSL. Directory /var/www/html/backupmgr/ AuthType Basic AuthName Backup Manager Administration AuthUserFile /var/www/passwords Require valid-user /Directory It seems reasonable to assume this problem is specific to combining MySQL DBD authentication with SSL since both work independent of each other. I don't believe this is a configuration problem any more and will be submitted as a bug. On 12/2/2014 9:15 AM, Dennis Putnam wrote: I have a directory set up to do MySQL authentication. At the same time I want to encrypt pages in that directory. My config for that virtual host is: LoadModule dbd_module modules/mod_dbd.so LoadModule authn_dbd_module modules/mod_authn_dbd.so VirtualHost *:80 DocumentRoot /var/www/html ServerName myhost.mydomain.com ServerAdmin mailman-ow...@mydomain.com ErrorLog /var/log/httpd/myhost_error_log CustomLog /var/log/httpd/myhost_access_log combined # Force SSL for certain directories RewriteEngine Off RewriteLogLevel 0 RewriteLog /var/log/httpd/rewrite_log RewriteCond %{HTTPS} off [NC] RewriteRule ^/mailman(/.*)$ https://%{HTTP_HOST}/mailman$1 [R,L] RewriteRule ^/cufs(/.*)$ https://%{HTTP_HOST}/cufs$1 [R,L] IfModule mod_dbd.c DBDriver mysql DBDParams dbname=cufsalumni user=myuser pass=xxx DBDMin 1 DBDKeep 8 DBDMax 20 /IfModule Directory /var/www/html/cufs/cufsauth/ AuthName CUFS Alumni Login AuthType Basic require valid-user AuthBasicProvider dbd AuthDBDUserPWQuery SELECT pwd FROM cufsalumni.alumni WHERE us ername=%s /Directory /VirtualHost As long as I turn off the rewrite engine authentication works fine but the pages are obviously unencrypted. However, when I turn it on, authentication is bypassed and the loaded PHP page, rather than rendering, dumps a lot of $_SERVER variables which have little meaning and ends with the string Fatal: 1. That should mean something but I can't find what. If it matters, the encryption for the mailman directory works fine except it does its own authentication so the certificates would seem to be fine. The problem seems to be combining MySQL authentication with SSL. Here is the ssl.conf file: # # This is the Apache server configuration file providing SSL support. # It contains the configuration directives to instruct the server how to # serve pages over an https connection. For detailing information about these # directives see URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html # # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. # LoadModule ssl_module modules/mod_ssl.so # # When we also provide SSL we have to listen to the # the HTTPS port in addition. # Listen 443 ## ## SSL Global Context ## ## All SSL configuration in this context applies both to ## the main server and all SSL-enabled virtual hosts. ## # Pass Phrase Dialog: # Configure the pass phrase gathering process. # The filtering dialog program (`builtin' is a internal # terminal dialog) has to provide the pass phrase on stdout. SSLPassPhraseDialog builtin # Inter-Process Session Cache: # Configure the SSL Session Cache: First the mechanism # to use and second the expiring timeout (in seconds). SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) SSLSessionCacheTimeout 300 # Semaphore: # Configure the path to the mutual exclusion semaphore the # SSL engine uses internally for inter-process synchronization. SSLMutex default # Pseudo Random Number Generator (PRNG): # Configure one or more sources to seed the PRNG of the # SSL library. The seed data should be of good random quality. # WARNING! On some platforms /dev/random blocks if not enough entropy # is available. This means you then cannot use the /dev/random device # because it would lead to very long connection times (as long as # it requires to make more entropy available). But usually those # platforms additionally provide a /dev/urandom device which doesn't # block. So, if available, use this one instead. Read the mod_ssl User # Manual for more details. SSLRandomSeed startup file:/dev/urandom 256 SSLRandomSeed connect builtin #SSLRandomSeed startup file:/dev/random 512 #SSLRandomSeed connect file:/dev/random 512 #SSLRandomSeed connect file:/dev/urandom 512 # # Use
[users@httpd] MySQL authentication and SSL Config problem
I have a directory set up to do MySQL authentication. At the same time I want to encrypt pages in that directory. My config for that virtual host is: LoadModule dbd_module modules/mod_dbd.so LoadModule authn_dbd_module modules/mod_authn_dbd.so VirtualHost *:80 DocumentRoot /var/www/html ServerName myhost.mydomain.com ServerAdmin mailman-ow...@mydomain.com ErrorLog /var/log/httpd/myhost_error_log CustomLog /var/log/httpd/myhost_access_log combined # Force SSL for certain directories RewriteEngine Off RewriteLogLevel 0 RewriteLog /var/log/httpd/rewrite_log RewriteCond %{HTTPS} off [NC] RewriteRule ^/mailman(/.*)$ https://%{HTTP_HOST}/mailman$1 [R,L] RewriteRule ^/cufs(/.*)$ https://%{HTTP_HOST}/cufs$1 [R,L] IfModule mod_dbd.c DBDriver mysql DBDParams dbname=cufsalumni user=myuser pass=xxx DBDMin 1 DBDKeep 8 DBDMax 20 /IfModule Directory /var/www/html/cufs/cufsauth/ AuthName CUFS Alumni Login AuthType Basic require valid-user AuthBasicProvider dbd AuthDBDUserPWQuery SELECT pwd FROM cufsalumni.alumni WHERE us ername=%s /Directory /VirtualHost As long as I turn off the rewrite engine authentication works fine but the pages are obviously unencrypted. However, when I turn it on, authentication is bypassed and the loaded PHP page, rather than rendering, dumps a lot of $_SERVER variables which have little meaning and ends with the string Fatal: 1. That should mean something but I can't find what. If it matters, the encryption for the mailman directory works fine except it does its own authentication so the certificates would seem to be fine. The problem seems to be combining MySQL authentication with SSL. Here is the ssl.conf file: # # This is the Apache server configuration file providing SSL support. # It contains the configuration directives to instruct the server how to # serve pages over an https connection. For detailing information about these # directives see URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html # # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. # LoadModule ssl_module modules/mod_ssl.so # # When we also provide SSL we have to listen to the # the HTTPS port in addition. # Listen 443 ## ## SSL Global Context ## ## All SSL configuration in this context applies both to ## the main server and all SSL-enabled virtual hosts. ## # Pass Phrase Dialog: # Configure the pass phrase gathering process. # The filtering dialog program (`builtin' is a internal # terminal dialog) has to provide the pass phrase on stdout. SSLPassPhraseDialog builtin # Inter-Process Session Cache: # Configure the SSL Session Cache: First the mechanism # to use and second the expiring timeout (in seconds). SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) SSLSessionCacheTimeout 300 # Semaphore: # Configure the path to the mutual exclusion semaphore the # SSL engine uses internally for inter-process synchronization. SSLMutex default # Pseudo Random Number Generator (PRNG): # Configure one or more sources to seed the PRNG of the # SSL library. The seed data should be of good random quality. # WARNING! On some platforms /dev/random blocks if not enough entropy # is available. This means you then cannot use the /dev/random device # because it would lead to very long connection times (as long as # it requires to make more entropy available). But usually those # platforms additionally provide a /dev/urandom device which doesn't # block. So, if available, use this one instead. Read the mod_ssl User # Manual for more details. SSLRandomSeed startup file:/dev/urandom 256 SSLRandomSeed connect builtin #SSLRandomSeed startup file:/dev/random 512 #SSLRandomSeed connect file:/dev/random 512 #SSLRandomSeed connect file:/dev/urandom 512 # # Use SSLCryptoDevice to enable any supported hardware # accelerators. Use openssl engine -v to list supported # engine names. NOTE: If you enable an accelerator and the # server does not start, consult the error logs and ensure # your accelerator is functioning properly. # SSLCryptoDevice builtin #SSLCryptoDevice ubsec ## ## SSL Virtual Host Context ## VirtualHost _default_:443 # General setup for the virtual host, inherited from global configuration #DocumentRoot /var/www/html #ServerName www.example.com:443 # Use separate log files for the SSL virtual host; note that LogLevel # is not inherited from httpd.conf. ErrorLog /var/log/httpd/ssl_error_log TransferLog /var/log/httpd/ssl_access_log LogLevel warn # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on # SSL Protocol
[users@httpd] Virtual Hosts and SSL Puzzler
I have 3 virtual hosts that for all I can see are configured identically other the the obviously needed differences. The same is true of the 3 crt files. VirtualHost *:443 ServerName public.mydomain.com DocumentRoot /var/www/html SSLEngine on SSLCertificateFile /etc/httpd/SSL/public.crt SSLCertificateKeyFile /etc/postfix/SSL/server.key /VirtualHost VirtualHost *:443 ServerName distrib.mydomain.com DocumentRoot /var/www/html/distrib SSLEngine on SSLCertificateFile /etc/httpd/SSL/distrib.crt SSLCertificateKeyFile /etc/postfix/SSL/server.key /VirtualHost VirtualHost *:443 ServerName mail.mydomain.com DocumentRoot /usr/local/squirrelmail/www SSLEngine on SSLCertificateFile /etc/httpd/SSL/mail.crt SSLCertificateKeyFile /etc/postfix/SSL/server.key /VirtualHost The problem is that 2 of them work perfectly and the lock shows up in the browser. With the third (public), I get a gray globe indicating partial encryption which does not prevent eavesdropping. I have no clue how to debug this or even where to look. Can someone point me in the right direction? Thanks. signature.asc Description: OpenPGP digital signature
Re: [users@httpd] Virtual Hosts and SSL Puzzler
On 10/22/2013 9:10 AM, Chris Gordon wrote: Sorry, brevity is not my strong point. Because I do not know what your certs look like as far as what domain(s) are considered CNs I'm going to guess it has something to do with the following... SSL wraps http and you need a cert to decrypt the data sent via SSL. If you have 3 virtual hosts and you are using Name Based Virtual Hosting how does the Apache web server know which cert to use to decrypt and read the header so it can properly route the data. The short answer per my understanding is that Apache has no clue and uses the default vhost's cert (the first one in the confi file) to read the SSL. If these were all the same domain such as tuna.foo.com, seabass.foo.com and marlin.foo.com you could get away with using the same *.foo.com wildcard cert. Here is a good doc with these work arounds: https://www.switch.ch/pki/meetings/2007-01/namebased_ssl_virtualhosts.pdf I'm guessing your problem is somewhere in this domain. I believe that Name Based Virtual Hosting is not the answer for you. Try IP Based: http://httpd.apache.org/docs/2.2/vhosts/ip-based.html or use a wildcard cert... Here is a warning about your config and a better explanation I presume: http://wiki.apache.org/httpd/NameBasedSSLVHosts I just ran into this. Silly me for not realizing that a Web Server that routes bases on headers would need to read the encrypted header to route it. Chicken-Egg problem. Chris --V Dennis Putnam d...@bellsouth.net 10/22/2013 8:26 AM I have 3 virtual hosts that for all I can see are configured identically other the the obviously needed differences. The same is true of the 3 crt files. VirtualHost *:443 ServerName public.mydomain.com DocumentRoot /var/www/html SSLEngine on SSLCertificateFile /etc/httpd/SSL/public.crt SSLCertificateKeyFile /etc/postfix/SSL/server.key /VirtualHost VirtualHost *:443 ServerName distrib.mydomain.com DocumentRoot /var/www/html/distrib SSLEngine on SSLCertificateFile /etc/httpd/SSL/distrib.crt SSLCertificateKeyFile /etc/postfix/SSL/server.key /VirtualHost VirtualHost *:443 ServerName mail.mydomain.com DocumentRoot /usr/local/squirrelmail/www SSLEngine on SSLCertificateFile /etc/httpd/SSL/mail.crt SSLCertificateKeyFile /etc/postfix/SSL/server.key /VirtualHost The problem is that 2 of them work perfectly and the lock shows up in the browser. With the third (public), I get a gray globe indicating partial encryption which does not prevent eavesdropping. I have no clue how to debug this or even where to look. Can someone point me in the right direction? Thanks. The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited. Thanks for the reply. Now I'm confused. Doesn't the SSLCertificate parameter for each VH say which cert to use? Why does it work for 2 of the VH's but not the 3rd? signature.asc Description: OpenPGP digital signature
Re: [users@httpd] Virtual Hosts and SSL Puzzler
On 10/22/2013 9:12 AM, Pete Houston wrote: On Tue, Oct 22, 2013 at 08:26:57AM -0400, Dennis Putnam wrote: I get a gray globe indicating partial encryption which does not prevent eavesdropping. I have no clue how to debug this or even where to look. Can someone point me in the right direction? Thanks. This is usually indicative of a page served over https which references some elements served over http (ie. unencrypted). These unencrypted elements are usually images, stylesheets, script files, etc. As such it is unrelated to your server configuration and is entirely down to the content. HTH, Pete Thanks. That might make more sense (at least to me). After more reading, I am not sure that I don't have SNI capable version of httpd already installed (how do I tell?). The pages that work are very simple but the one that doesn't is complex and has lots of graphics. If that is the case, why are they not encrypted like everything else (assuming they are not referenced on a different server)? signature.asc Description: OpenPGP digital signature
Re: [users@httpd] Virtual Hosts and SSL Puzzler
On 10/22/2013 9:44 AM, Yehuda Katz wrote: On Tue, Oct 22, 2013 at 9:39 AM, Dennis Putnam d...@bellsouth.net mailto:d...@bellsouth.net wrote: Thanks. That might make more sense (at least to me). After more reading, I am not sure that I don't have SNI capable version of httpd already installed (how do I tell?). The pages that work are very simple but the one that doesn't is complex and has lots of graphics. If that is the case, why are they not encrypted like everything else (assuming they are not referenced on a different server)? As I mentioned, if you don't have SNI, then you should see major warnings from the browser that something is wrong when you go to any site but the first one. As far as finding the offending image: Go to the page in your browser, right click on the page and choose view source (or a similar option). Then search in the source for http:// That should let you find which images are not secure. If the URLs are publicly accessible, post them here if you want someone to have a specific look (or email me privately if you don't want them to be public and I will try to have a look). - Y Ah ha! You hit it. There are references to social media on the page that use http (Facebook, LinkedIn and Twitter). Since they reference a different site will just changing it to https be sufficient or is there some other workaround? Thanks. signature.asc Description: OpenPGP digital signature
Re: [users@httpd] Virtual Hosts and SSL Puzzler
On 10/22/2013 10:03 AM, Yehuda Katz wrote: If the sites you are referencing allow you to access them over https, that will solve the problem. My prefered solution is to omit the http: altogether. If a url just starts with //example.com/rest/of/url http://example.com/rest/of/url, the browser will use the appropriate protocol automatically. - Y On Tue, Oct 22, 2013 at 9:59 AM, Dennis Putnam d...@bellsouth.net mailto:d...@bellsouth.net wrote: On 10/22/2013 9:44 AM, Yehuda Katz wrote: On Tue, Oct 22, 2013 at 9:39 AM, Dennis Putnam d...@bellsouth.net mailto:d...@bellsouth.net wrote: Thanks. That might make more sense (at least to me). After more reading, I am not sure that I don't have SNI capable version of httpd already installed (how do I tell?). The pages that work are very simple but the one that doesn't is complex and has lots of graphics. If that is the case, why are they not encrypted like everything else (assuming they are not referenced on a different server)? As I mentioned, if you don't have SNI, then you should see major warnings from the browser that something is wrong when you go to any site but the first one. As far as finding the offending image: Go to the page in your browser, right click on the page and choose view source (or a similar option). Then search in the source for http:// That should let you find which images are not secure. If the URLs are publicly accessible, post them here if you want someone to have a specific look (or email me privately if you don't want them to be public and I will try to have a look). - Y Ah ha! You hit it. There are references to social media on the page that use http (Facebook, LinkedIn and Twitter). Since they reference a different site will just changing it to https be sufficient or is there some other workaround? Thanks. Thanks. I'll give that a try. signature.asc Description: OpenPGP digital signature
[users@httpd] interested in how to get the new mod_auth_form module to work
I see that the new mod_auth_form module should provide a better looking way to do the same old thing : login to Apache. So I ensured that I had this in my httpd.conf : LoadModule auth_form_module modules/mod_auth_form.so I then wanted to try AuthFormLogoutLocation and put in this Location : Location /logout SetHandler form-logout-handler AuthFormLogoutLocation https://my.server.com/logged_out.html Session on /Location This is taken directly from the docs at : http://httpd.apache.org/docs/current/mod/mod_auth_form.html#authformlogoutlocation I am able then to go see my server-info via this : Location /server-info SetHandler server-info AuthType basic AuthName someauthnamehere AuthBasicProvider file AuthUserFile /usr/local/www/conf/.htpasswd AuthGroupFile /usr/local/www/conf/.htgroup Require group webadmin /Location Which shows me that indeed the module is loaded and I have the following config : Module Name: mod_auth_form.c Content handlers: yes Configuration Phase Participation: Create Directory Config, Merge Directory Configs Request Phase Participation: Verify User ID, Note Authentication Failure, Content Handlers Module Directives: AuthFormProvider - specify the auth providers for a directory or location AuthFormUsername - The field of the login form carrying the username AuthFormPassword - The field of the login form carrying the password AuthFormLocation - The field of the login form carrying the URL to redirect on successful login. AuthFormMethod - The field of the login form carrying the original request method. AuthFormMimetype - The field of the login form carrying the original request mimetype. AuthFormBody - The field of the login form carrying the urlencoded original request body. AuthFormSize - Maximum size of body parsed by the form parser AuthFormLoginRequiredLocation - If set, redirect the browser to this URL rather than return 401 Not Authorized. AuthFormLoginSuccessLocation - If set, redirect the browser to this URL when a login processed by the login handler is successful. AuthFormLogoutLocation - The URL of the logout successful page. An attempt to access an URL handled by the handler form-logout-handler will result in an redirect to this page after logout. AuthFormSitePassphrase - If set, use this passphrase to determine whether the user should be authenticated. Bypasses the user authentication check on every website hit, and is useful for high traffic sites. AuthFormAuthoritative - Set to 'Off' to allow access control to be passed along to lower modules if the UserID is not known to this module AuthFormFakeBasicAuth - Set to 'On' to pass through authentication to the rest of the server as a basic authentication header. AuthFormDisableNoStore - Set to 'on' to stop the sending of a Cache-Control no-store header with the login screen. This allows the browser to cache the credentials, but at the risk of it being possible for the login form to be resubmitted and revealed to the backend server through XSS. Use at own risk. Current Configuration: In file: /usr/local/www/conf/httpd.conf 110: Location /logout 112: AuthFormLogoutLocation https://my.server.com/logged_out.html : /Location 129: Directory /usr/local/apache/www/data/htdocs/testfolder 130: AuthFormProvider file : /Directory Not much I know but I wanted to start simply. Well when I try to go to that location /logout I get a big ol' Server Error 401 Unauthorized which is a bit odd given that I am in fact logged in or I could not see the Location for server-info. So what am I missing here ? Do I need to specify a pile of auth requirements in order to allow logout ? Something like this : AuthType basic AuthName someauthnamehere AuthBasicProvider file AuthUserFile /usr/local/www/conf/.htpasswd AuthGroupFile /usr/local/www/conf/.htgroup Require validuser AuthFormLogoutLocation https://my.server.com/logged_out.html Session on ? Seems counter intuitive to need a user to login in order to allow logout via the handler form-logout-handler. What am I missing .. besides everything :-\ Dennis ps: Apache 2.4.4 here - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] concerns about requirements for Apache 2.4.6 release
On 30/07/13 07:46 AM, Rainer Jung wrote: On 30.07.2013 10:27, Rainer Jung wrote: On 30.07.2013 05:08, Dennis Clarke wrote: I'm a bit confused about the requirements for Apache 2.4.6. This page seems very clear : http://www.apache.org/dist/httpd/Announcement2.4.html There is states that This release requires the Apache Portable Runtime (APR) version 1.4.x and APR-Util version 1.4.x The page for the Apache Portable Runtime project shows APR-util at 1.5.2 : http://apr.apache.org/ My most recent build of Apache 2.4.4 seemss to run fine built thus : ( from my servers /server-info page ) Server Version: Apache/2.4.4 (Unix) OpenSSL/1.0.1e PHP/5.4.16 Server Built: Feb 28 2013 10:46:58 Server loaded APR Version: 1.4.6 Compiled with APR Version: 1.4.6 Server loaded APU Version: 1.5.1 Compiled with APU Version: 1.5.1 However this most recent release 2.4.6 seems to require apr and apu 1.4.x only. Is this a firm requirement ? It should say 1.4.x or higher. That's implied by the APR/APU versioning and compatibility rules but of course not obvious to our users. ... and was just fixed by Jim in the announcement text. Not to be a completely obsessive compulsive nit pick, but being OCD helps greatly when writing software. Any chance we could fix the typo? - Higher performant shm-based cache implementation Probably should be performance there. dc ps: good to see PR 54735 was fixed. That drove me nuts for a while. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] concerns about requirements for Apache 2.4.6 release
I'm a bit confused about the requirements for Apache 2.4.6. This page seems very clear : http://www.apache.org/dist/httpd/Announcement2.4.html There is states that This release requires the Apache Portable Runtime (APR) version 1.4.x and APR-Util version 1.4.x The page for the Apache Portable Runtime project shows APR-util at 1.5.2 : http://apr.apache.org/ My most recent build of Apache 2.4.4 seemss to run fine built thus : ( from my servers /server-info page ) Server Version: Apache/2.4.4 (Unix) OpenSSL/1.0.1e PHP/5.4.16 Server Built: Feb 28 2013 10:46:58 Server loaded APR Version: 1.4.6 Compiled with APR Version: 1.4.6 Server loaded APU Version: 1.5.1 Compiled with APU Version: 1.5.1 However this most recent release 2.4.6 seems to require apr and apu 1.4.x only. Is this a firm requirement ? Dennis - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] mod_proxy_fcgi + PHP-FPM on Apache 2.4 solution?
I haven't been able to play with this yet but shouldn't something like this work as well? LocationMatch \.php$ ProxyPass fcgi://127.0.0.1:9000 /LocationMatch Regards, Dennis On 03/05/2012 03:04 PM, Daniel wrote: I have found an alternative method that works nicely, only passes .php files to PHP-FPM and allows the variables to pass. ProxyPassMatch ^(.*\.php)$ fcgi://127.0.0.1:9000/www/danielhe/danielhe.com/cookie.danielhe.com$1 http://127.0.0.1:9000/www/danielhe/danielhe.com/cookie.danielhe.com$1 This is really weird though, because when it's put outside of a vhost, it works properly, but when I put it inside one, it gives a 404. Error logs show up for the same URL, but when put inside the vhost, it says it does not exist. Any idea why? vhost: AH00128: File does not exist: proxy:fcgi://127.0.0.1:9000/www/danielhe/danielhe.com/cookie.danielhe.com//index.php http://127.0.0.1:9000/www/danielhe/danielhe.com/cookie.danielhe.com//index.php outside of vhost: AH00947: connected /www/danielhe/danielhe.com/cookie.danielhe.com//index.php http://danielhe.com/cookie.danielhe.com//index.php to 127.0.0.1:9000 http://127.0.0.1:9000 On Mon, Mar 5, 2012 at 9:34 AM, Mark Montague markm...@umich.edu mailto:markm...@umich.edu wrote: On March 3, 2012 7:22 , Daniel danco...@gmail.com mailto:danco...@gmail.com wrote: Thank you, I just realized that earlier, as I thought Location /www/ meant server side. It works, however it passes all traffic through PHP-FPM and gives a Access denied. message on static files, and does not allow passing variables through the URL with the mod_rewrite method. An alternative rewrite, RewriteRule ^/?(.*\.php)$ fcgi://127.0.0.1:9000/www/$1 http://127.0.0.1:9000/www/$1 [P,L], allows static files to work, but breaks PHP files when you try to pass variables, or even add a symbol, as like before. (ex: info.php?) Is there any 'fully-working' solution for PHP-FPM with Apache 2.4? None of the methods seem to work as intended. Either static files do not work, or variables cannot be passed. I have PHP-FPM fully working with a patched Apache 2.3.12, so it should be workable with 2.4. For passing static files, this is just a guess, but make sure you have default_mimetype set to an empty value in php.ini. If this does not help, let me know and I'll look at my configuration more closely. For the RewriteRule not passing query strings (variables), see https://issues.apache.org/bugzilla/show_bug.cgi?id=51077 Unfortunately, the person with commit access who looked at this did not see the rationale for it, and I have not had time to go back and install the entire testing framework (which is apparently a big pain, according to the recent thread on the topic) to see what tests the patch breaks and how/why it breaks them. I do hope to go back and take another stab at this, but I can't say when it will be, so if anyone else wants to, please feel free. -- Mark Montague LSA Research Systems Group University of Michigan markm...@umich.edu mailto:markm...@umich.edu - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] No Content-Type header despite DefaultType directive
On 12/06/2011 11:13 AM, Tom Evans wrote: On Mon, Dec 5, 2011 at 3:08 PM, Dennis Jacobfeuerborn denni...@conversis.de wrote: Hi, I am trying to get Apache to send a file with the filename test that contains html through a filter for the mime type text/html. The problem is that even when I set a DefaultType in .htaccess the response doesn't contain a Content-Type header. The browser actually displays the content as html (probably by guessing) but since the response itself doesn't contain an explicit mime type the filter does not get applied. Shouldn't Apache always set a mime type when I use DefaultType? Regards, Dennis Are you sure it doesn't set the type, and just not run it through the filter? There is a big warning on AddOutputFilterByType that it will not fire if the type is determined from DefaultType. http://httpd.apache.org/docs/2.2/mod/core.html#addoutputfilterbytype There is not Content-Type header in the response so it's not just the filter issue. I noticed though that DefaultType is deprecated in 2.3 and does nothing so that will not work anyway. Now I'm wondering how I can best implement such a behavior myself. One idea is to implement a filter that checks if the Content-Type header is not set to simply insert it as let's say text/html. The question is if that would result in the real filters defined for text/html actually processing the response. If I have two filters A and B in a FilterChain and A manipulates the Content-Type does filter B then process the response based on that change? My expectation would be that it does. Does this sound like a reasonable approach? Why was the DefaultType directive deprecated and why didn't AddOutputFilterByType operate on responses that had their type set using it? Regards, Dennis - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] FilterProtocol cache=no not working correctly in 2.3.15?
On 12/05/2011 04:06 AM, Nick Kew wrote: On 5 Dec 2011, at 02:27, Dennis Jacobfeuerborn wrote: FilterProvider testfilter TESTFILTER %{CONTENT_TYPE} = 'text/html' FilterProtocol testfilter change=yes,cache=no FilterChain testfilter FilterProtocol is slightly half-baked: filter modules should tell mod_filter their protocol details when they register the filter instead. But still, the above *should* cause it to set Cache-Control: no-cache on requests where the filter is invoked (are you sure it is?) These are the response headers I get with the request: Connection Keep-Alive DateMon, 05 Dec 2011 11:51:13 GMT Etag35d2-2d-432a5e4a73a80 Keep-Alive timeout=5, max=97 Server Apache/2.3.14 (Unix) mod_ssl/2.3.14 OpenSSL/1.0.0-fips DAV/2 On the request itself I see these cache relavant headers: Cache-Control max-age=0 If-Modified-Since Mon, 11 Jun 2007 18:53:14 GMT If-None-Match 35d2-2d-432a5e4a73a80 The filter itself works fine but the problem is that despite specifying cache=no which according to the documentation should render the output uncacheable when I reload the page I only get a 304 Not Modfied response. If your browser sends a conditional request then the server might send a 304 without reference to any filters. The cache=no option just sets the header when the filter is invoked. The filter inserts a header and a footer in the page from two files. I can modify these files and don't see an update when I reload but I *do* see an update when I shift+reload. So the filter definitely gets invoked. I get the desired behavior when I add the following to the server config: Header Set Cache-Control max-age=0, no-store The no-store is key here and without it I see the 304's again. I do not see any headers in the response that actually tell the browser that the content is uncacheable. Any ideas what might be going on here? Is anything going on that might cause an internal redirect? For example, mod_alias, mod_rewrite, mod_negotiation, any error, or anything concerning trailing slashes or directory indexes? Or a subrequest, as in SSI? Not that I know of. This is a new virtual machine that just has the naked default apache 2.3.14 installed (not 2.3.15 yet as indicated in the subject, I will update that later today). The DocumentRoot is /var/www/htdocs which contains an index.html with the content htmlbodyh1It works!/h1/body/html which apparently comes with the apache source. The directory index is the only thing that might be involved here but I also tested this by explicitly calling /index.html with the same result. So right now the whole setup is pretty much as minimal as it gets without any aliases, rewrites, etc. involved. Regards, Dennis - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] FilterProtocol cache=no not working correctly in 2.3.15?
On 12/05/2011 02:12 PM, Nick Kew wrote: On Mon, 05 Dec 2011 13:11:10 +0100 Dennis Jacobfeuerborndenni...@conversis.de wrote: The filter inserts a header and a footer in the page from two files. I can modify these files and don't see an update when I reload but I *do* see an update when I shift+reload. So the filter definitely gets invoked. Is the filter your own, or supplied by a third-party? If you have access to the source, please check whether it sets the AP_FILTER_PROTO_NO_CACHE flag in ap_register_output_filter_protocol. I created the filter myself so I changed the registration from ap_register_output_filter(TESTFILTER, testfilter_filter, NULL, AP_FTYPE_CONTENT_SET); to ap_register_output_filter(TESTFILTER, testfilter_filter, NULL, AP_FTYPE_CONTENT_SET|AP_FILTER_PROTO_NO_CACHE); This doesn't seem to change anything though. I still get the 304 response without any headers that forbid caching. Just out of interest shouldn't the FilterProtocol directive with cache=no have the same effect as the flag and if I set the flag in the code can I remove the directive from the configuration (once cache prevention is working as intended)? Regards, Dennis - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] FilterProtocol cache=no not working correctly in 2.3.15?
On 12/05/2011 03:43 PM, Dennis Jacobfeuerborn wrote: On 12/05/2011 02:12 PM, Nick Kew wrote: On Mon, 05 Dec 2011 13:11:10 +0100 Dennis Jacobfeuerborndenni...@conversis.de wrote: The filter inserts a header and a footer in the page from two files. I can modify these files and don't see an update when I reload but I *do* see an update when I shift+reload. So the filter definitely gets invoked. Is the filter your own, or supplied by a third-party? If you have access to the source, please check whether it sets the AP_FILTER_PROTO_NO_CACHE flag in ap_register_output_filter_protocol. I created the filter myself so I changed the registration from ap_register_output_filter(TESTFILTER, testfilter_filter, NULL, AP_FTYPE_CONTENT_SET); to ap_register_output_filter(TESTFILTER, testfilter_filter, NULL, AP_FTYPE_CONTENT_SET|AP_FILTER_PROTO_NO_CACHE); This doesn't seem to change anything though. I still get the 304 response without any headers that forbid caching. Just out of interest shouldn't the FilterProtocol directive with cache=no have the same effect as the flag and if I set the flag in the code can I remove the directive from the configuration (once cache prevention is working as intended)? Ok, so I just noticed you were talking about ap_register_output_filter_protocol() and not ap_register_output_filter() so I guess the change above is pretty useless. The question is how/where do I add the ap_register_output_filter_protocol() call? Is that something I do in addition to the content filtering I do now or does it replace what I'm currently doing i.e. do I turn my resource filter into a protocol filter (which doesn't sound right)? Regards, Dennis - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] No Content-Type header despite DefaultType directive
Hi, I am trying to get Apache to send a file with the filename test that contains html through a filter for the mime type text/html. The problem is that even when I set a DefaultType in .htaccess the response doesn't contain a Content-Type header. The browser actually displays the content as html (probably by guessing) but since the response itself doesn't contain an explicit mime type the filter does not get applied. Shouldn't Apache always set a mime type when I use DefaultType? Regards, Dennis - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] FilterProtocol cache=no not working correctly in 2.3.15?
On 12/05/2011 06:55 PM, Nick Kew wrote: On Mon, 05 Dec 2011 15:56:27 +0100 Dennis Jacobfeuerborndenni...@conversis.de wrote: Just out of interest shouldn't the FilterProtocol directive with cache=no have the same effect as the flag and if I set the flag in the code can I remove the directive from the configuration (once cache prevention is working as intended)? That's what I'm hoping to establish. We have a number of possibilities here: 1. A bug that affects both no-cache options. 2. A bug that affects the version you posted but not the one I'm suggesting. 3. Your report is missing something relevant, and consequently misleading. If (1) then I want to fix it, which means reproducing it first. If (3) then hopefully you'll get to the bottom of it, possibly with help. If (2) then I'd favour nuking the directive. Ok, so I just noticed you were talking about ap_register_output_filter_protocol() and not ap_register_output_filter() so I guess the change above is pretty useless. Look at the header file. ap_register_output_filter is from 2.0. In 2.2 it's just a #define, with the last argument (proto flags) zero. Ok, so here is what I found out so far. First I commented out the FilterProtocol directive. Then I used the following to register the filter: ap_register_output_filter_protocol(TESTFILTER, testfilter_filter, NULL, AP_FTYPE_CONTENT_SET, AP_FILTER_PROTO_NO_CACHE); The result was that I still got a 304 response. Then I changed the code to this in order to make it more similar to what I expressed with the FilterProtocol directive: ap_register_output_filter_protocol(ADVERT, advert_filter, NULL, AP_FTYPE_CONTENT_SET, AP_FILTER_PROTO_CHANGE|AP_FILTER_PROTO_CHANGE_LENGTH|AP_FILTER_PROTO_NO_CACHE); With this I only get 200 responses as desired. The only difference in the response is that in the first case I receive an Etag header and in the second case that header is not present. So I modified the mod_filter code to remove the Etag header in addition to the Last-Modified header in the case of NO_CACHE and with that change I no longer get a 304 but the expected 200 response. Then I retested the FilterProtocol directive. I removed the protocol flags from the module: ap_register_output_filter_protocol(TESTFILTER, testfilter_filter, NULL, AP_FTYPE_CONTENT_SET, 0); Then I re-inserted the FilterProtocol directive. The result is that the Etag reappears but also no Cache-Control header is sent so I get 304 responses again. I added debug output in the filter function itself that outputs the content of f-frec-proto_flags which is 0x13 which corresponds to AP_FILTER_PROTO_CHANGE | AP_FILTER_PROTO_CHANGE_LENGTH | AP_FILTER_PROTO_NO_CACHE. So it seems the flags are set correctly but somehow ignored when the headers are supposed to be added/removed. Regards, Dennis - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] FilterProtocol cache=no not working correctly in 2.3.15?
On 12/05/2011 08:56 PM, Nick Kew wrote: On Mon, 05 Dec 2011 20:33:57 +0100 Dennis Jacobfeuerborndenni...@conversis.de wrote: Ok, so here is what I found out so far. Thanks! Looks like we have some useful information here. I'll take a look at the source and see if I can see anything that looks like the cause of what you describe. Please bug me if I drop the ball on this! Can I take it the solution you found is a satisfactory solution to your original question? ap_register_output_filter_protocol(ADVERT, advert_filter, NULL, AP_FTYPE_CONTENT_SET, AP_FILTER_PROTO_CHANGE|AP_FILTER_PROTO_CHANGE_LENGTH|AP_FILTER_PROTO_NO_CACHE); With this I only get 200 responses as desired. Yes, this is the best approach I think and it provides the desired result. Regards, Dennis - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] FilterProtocol cache=no not working correctly in 2.3.15?
Hi, I create an output filter and have it configured like this: FilterProvider testfilter TESTFILTER %{CONTENT_TYPE} = 'text/html' FilterProtocol testfilter change=yes,cache=no FilterChain testfilter The filter itself works fine but the problem is that despite specifying cache=no which according to the documentation should render the output uncacheable when I reload the page I only get a 304 Not Modfied response. I do not see any headers in the response that actually tell the browser that the content is uncacheable. Any ideas what might be going on here? Regards, Dennis - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] A rewrite rule
Hi, guys, I want to rewrite from tc.example.com/xyz to example.com/good/tc I tried the following rewrite rule, but it doesnot work. RewriteCond %{HTTP_HOST} \.tc\.example\.com$RewriteRule ^/(.*) /good/$1 [NC,P,L] Any idea how to do it? Thanks.Dennis
Re: [users@httpd] Virtual Host Directory Permissions Problem
Thanks for the reply. I removed the 443 from that directive, since I'm using standard ports, I don't think I need to specify anything. I believe that may have been added automatically by Webmin at some point when I was messing with it. Here is the httpd -S output: VirtualHost configuration: wildcard NameVirtualHosts and _default_ servers: _default_:443 primary.localdomain (/etc/httpd/conf/vhosts.d/01_default_ssl_vhost.conf:13) *:*primary.mydomain.com (/etc/httpd/conf/httpd.conf:1116) *:*newvh.mydomain.com (/etc/httpd/conf/httpd.conf:1127) Syntax OK I don't see anything there that hints at the document root for the virtual hosts which is the crux of my problem. Howevwer, I did find an error in the httpd log that is obviously related. (13)Permission denied: /var/www/html/Scripts/Menu132/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable, referer: http://newvh.mydomain.com/ I don't see why there is a permissions problem with that subdirectory since it is not referenced in the page attempting to load. It must be because it is loading the index.html from the primary document root. Which it does successfully (that seems like a security issue to me) and which also does not reference that menu directory. On 3/13/2011 10:40 PM, Francois Gingras wrote: On Sun, Mar 13, 2011 at 4:59 PM, Hossy hossy-apa...@hossy.com wrote: 1. What are you typing to access it? 2. Try removing the :443 from your primary ServerName entry. I believe the port is defined inside the VirtualHost tag. -Original Message- From: Dennis Putnam [mailto:d...@bellsouth.net] Sent: Sunday, March 13, 2011 1:27 PM To: users@httpd.apache.org Subject: [users@httpd] Virtual Host Directory Permissions Problem I am setting up a new virtual host and am having trouble with the root directory. My new virtual host document root (/var/www/html/vhroot) is a child directory of my primary host root (/var/www/html). Is it legal to do that? When I try to access my new virtual host, I get the index from the primary document root. TIA. Here are my virtual host directives: Primary VirtualHost * DocumentRoot /var/www/html ServerName primary.mydomain.com:443 Directory /var/www/html allow from all Options +Indexes /Directory /VirtualHost New VH VirtualHost * DocumentRoot /var/www/html/vhroot ServerName newvh.mydomain.com Directory /var/www/html/vhroot allow from all Options +Indexes /Directory /VirtualHost - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org There are several issues with your vhosts: 1) Assuming you want those to work on any interface, use *:PORT instead of *. Port 80 is for HTTP, and 443 is for HTTPS, normally. 2) Let's see httpd -S or apache2ctl -S under debian to see the full extent of your virtual hosts configuration. Frank. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org signature.asc Description: OpenPGP digital signature
[users@httpd] FilesMatch Problem
Sometimes the config file seems like black magic and I am no magician. I have a password required for one of my directories but I need for a couple of files to be unprotected. The authorization works just fine but it also requires authorization for the FilesMatch files. Here is my config file for that directory: Directory /var/www/html/cufs AuthName x AuthType Basic AuthMySQLUser AuthMySQLPassword x AuthMySQLEnable on AuthMySQLPwEncryption scrambled AuthMySQLDB cufsalumni AuthMySQLUserTable alumni AuthMySQLNameField username AuthMySQLPasswordField pwdp require valid-user FilesMatch index.htm,cufslogin.html,cufsregister.php allow from all /FilesMatch /Directory Is there some directive I need to add to turn off authentication for these files? Thanks. signature.asc Description: OpenPGP digital signature
Re: [users@httpd] FilesMatch Problem
Thanks for the reply. I tried a few things and I guess I don't really understand where to use it. I can't use it in the directory outer directory block as that would give access to the entire thing. When I use it within the FilesMatch block it does something weird. It displays the page but still puts up the authentication window. I can cancel the window and go on but that doesn't help. On 3/14/2011 7:22 PM, Igor Cicimov wrote: http://wiki.apache.org/httpd/BypassAuthenticationOrAuthorizationRequirements Check the Satisfy directive. On Tue, Mar 15, 2011 at 10:17 AM, Dennis Putnam d...@bellsouth.net mailto:d...@bellsouth.net wrote: Sometimes the config file seems like black magic and I am no magician. I have a password required for one of my directories but I need for a couple of files to be unprotected. The authorization works just fine but it also requires authorization for the FilesMatch files. Here is my config file for that directory: Directory /var/www/html/cufs AuthName x AuthType Basic AuthMySQLUser AuthMySQLPassword x AuthMySQLEnable on AuthMySQLPwEncryption scrambled AuthMySQLDB cufsalumni AuthMySQLUserTable alumni AuthMySQLNameField username AuthMySQLPasswordField pwdp require valid-user FilesMatch index.htm,cufslogin.html,cufsregister.php allow from all /FilesMatch /Directory Is there some directive I need to add to turn off authentication for these files? Thanks. signature.asc Description: OpenPGP digital signature
Re: [users@httpd] FilesMatch Problem
Doh! I didn't. You were the first to notice that. They should be '|'. However, the result is the same. On 3/14/2011 10:37 PM, William A. Rowe Jr. wrote: On 3/14/2011 8:22 PM, Dennis Putnam wrote: Thanks for the reply. I tried a few things and I guess I don't really understand where to use it. I can't use it in the directory outer directory block as that would give access to the entire thing. When I use it within the FilesMatch block it does something weird. It displays the page but still puts up the authentication window. I can cancel the window and go on but that doesn't help. FilesMatch index.htm,cufslogin.html,cufsregister.php Why did you expect commas to work? - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org signature.asc Description: OpenPGP digital signature
[users@httpd] Virtual Host Directory Permissions Problem
I am setting up a new virtual host and am having trouble with the root directory. My new virtual host document root (/var/www/html/vhroot) is a child directory of my primary host root (/var/www/html). Is it legal to do that? When I try to access my new virtual host, I get the index from the primary document root. TIA. Here are my virtual host directives: Primary VirtualHost * DocumentRoot /var/www/html ServerName primary.mydomain.com:443 Directory /var/www/html allow from all Options +Indexes /Directory /VirtualHost New VH VirtualHost * DocumentRoot /var/www/html/vhroot ServerName newvh.mydomain.com Directory /var/www/html/vhroot allow from all Options +Indexes /Directory /VirtualHost signature.asc Description: OpenPGP digital signature
[users@httpd] a few esi:include in a .php file?
Hi, guys, The ESI Language Specification 1.0 (http://www.w3.org/TR/esi-lang) says ESI Processor implementations may limit the number of includes used in a single ESI resource.I am using apache 2.2.Can I use a few !--#esi:include virtual=SOME_URL_HERE esi_end-- in one .php file? Thanks.Dennis
Re: [us...@httpd] Filters not applied with ErrorDocument pages?
On 12/07/2010 08:25 PM, Joost de Heer wrote: On Mon, December 6, 2010 02:56, Dennis Jacobfeuerborn wrote: I just noticed that when I use ErrorDocument to server custom 404 pages the output filter I defined is not getting used anymore. Is there some special configuration required to make the filters also work on custom error pages? How do you define the error pages? I haven't tried it, but I'd guess that ErrorDcument 404 http://your.server/404.html will result in a new request, and that filters will be applied in this case. That doesn't work because if you redirect the forces Apache to use a 30x status which means the 404 cannot be returned anymore. What I'm doing is basically: ErrorDocument 404 /_errors/404.html That way I can serve the error_pages with a proper 404 status. Regards, Dennis - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Filters not applied with ErrorDocument pages?
On 12/06/2010 08:40 PM, Igor Galić wrote: - Dennis Jacobfeuerborndenni...@conversis.de wrote: I just noticed that when I use ErrorDocument to server custom 404 pages the output filter I defined is not getting used anymore. Is there some special configuration required to make the filters also work on custom error pages? I've noticed that myself. But I think it's actually quite good it doesn't. Most HTTP clients have a hard time dealing with HTTP as is. Confusing them with Transfer-Encoding and similar things, while confusing them with Errors -- that just might be too much. If the filter mangles the output so that the client is unable to deal with the response that's arguably a problem with the filter. A custom 404 page is just that a standard html page with a 404 status code and I would expect that since I configured my filter for the vhost that all delivered pages are run through that filter. The fact that this isn't true for ErrorDocument should at least be documented. Perhaps a flag would be nice to be able to turn that behavior on and off on demand. Now, this is my experience (and speculation) using mod_filter+mod_deflate. What's your use-case? What's your config? And why do you think you need filters applied on Errors as well? Because the error pages are supposed to look like all other pages. The filter trivially adds a header and footer to every page and the error pages are supposed to show these as well. One possibility would be to hard-code both directly into the error documents but that's just a hack and I would have to resort to a copypaste every time the header needs to be changed. A more flexible approach would have been to filter all pages and add the ability to not only match the filters according to headers but also to status codes. That way you could run ErrorDocuments through filters or you could just apply them to pages with a 200 status code. Finally, if someone of the Devs is spying, can you explain the reason behind this reasoning? Maybe there is a way to get ErrorDocuments filtered too but it's not documented? Any help would be appreciated. Regards, Dennis - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Filters not applied with ErrorDocument pages?
I just noticed that when I use ErrorDocument to server custom 404 pages the output filter I defined is not getting used anymore. Is there some special configuration required to make the filters also work on custom error pages? Regards, Dennis - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Distributed logging
Hi, what is the best way to handle the logging of multiple Apache instances? I'm looking for a way to have say 10 Apache servers efficiently log to central location so I can analyze the aggregated log-data there. I've seen mod_log_spread but the last changelog entry is from 2006 so I'm not sure if this is still recommended and I've also looked at gearman but I was hoping for something less complex at least for now. What are the recommended options here? Regards, Dennis - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Forcing custom 404 error page instead of autoindex
On 11/05/2010 05:08 AM, Eric Covener wrote: On Thu, Nov 4, 2010 at 10:45 PM, Dennis Jacobfeuerborn denni...@conversis.de wrote: ErrorDocument 404 /_disabled/index.html RewriteEngine on RewriteRule !/_disabled/ /_force_404_ The idea was to use the rewrite rule to rewrite any access to a non-existing page and then have the ErrorDocument directive catch that but instead of a custom error page I only get the default message The requested URL /_force_404_ was not found on this server. That's backwards. You can use R=404 in the flags of a rewriterule. That works indeed, thanks. I could have sworn I tried this before and it failed but that was probably for some other reason since I was juggling around a bit with different configuration options. Anyway this works as intended: ErrorDocument 404 /_disabled/index.html RewriteEngine on RewriteRule .* - [R=404,L] Regards, Dennis Regards, Dennis On 11/05/2010 03:31 AM, Igor Cicimov wrote: Post the rewrite rule here. Igor On Nov 5, 2010 1:11 PM, Dennis Jacobfeuerborndenni...@conversis.de mailto:denni...@conversis.de wrote: Hi, I'm trying to find a way to always generate a 404 error using htaccess when a directory is accessed and with mod_autoindex enabled. That is when I access http://server/directory/ I want to get a 404 error instead of an auto generated index. I tried doing this with a RewriteRule but the autogenerated index gets displayed anyway and disabling the Index with Options -Indexes only gives me a 403 instead of a 404. Is there a way to do this? Regards, Dennis - The official User-To-User support forum of the Apache HTTP Server Project. SeeURL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org mailto:users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org mailto:users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org mailto:users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP Server Project. SeeURL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Certain Pages being served are erroring...
On 11/05/2010 03:34 PM, Tom Evans wrote: On Fri, Nov 5, 2010 at 1:43 PM, Scott Shippeesship...@scoden.net wrote: I maintain a series of web sites for the fraternal organizations I belong to and recently we published a set of web pages to out server for one of the sites and we are getting: Parse error: syntax error, unexpected T_STRING in /home/harmony9/www/harmonylodge9/Doric_Masonic_Center.html on line 1 I have traced it to the first line which is: ?xml version=1.0 encoding=UTF-8? Which if removed allows the page to work, HOWEVER, according to the standards, this line should be there any ideas? I have PHP MySQL installed as well Scott That is a PHP error message. You have configured Apache to serve HTML as PHP scripts, and XML prologs are not valid in PHP (google PHP XML prolog). XML is fine in a php file as long as you disable short_open_tags in php.ini. Regards, Dennis - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Forcing custom 404 error page instead of autoindex
Hi, I'm trying to find a way to always generate a 404 error using htaccess when a directory is accessed and with mod_autoindex enabled. That is when I access http://server/directory/ I want to get a 404 error instead of an auto generated index. I tried doing this with a RewriteRule but the autogenerated index gets displayed anyway and disabling the Index with Options -Indexes only gives me a 403 instead of a 404. Is there a way to do this? Regards, Dennis - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Forcing custom 404 error page instead of autoindex
ErrorDocument 404 /_disabled/index.html RewriteEngine on RewriteRule !/_disabled/ /_force_404_ The idea was to use the rewrite rule to rewrite any access to a non-existing page and then have the ErrorDocument directive catch that but instead of a custom error page I only get the default message The requested URL /_force_404_ was not found on this server. Regards, Dennis On 11/05/2010 03:31 AM, Igor Cicimov wrote: Post the rewrite rule here. Igor On Nov 5, 2010 1:11 PM, Dennis Jacobfeuerborn denni...@conversis.de mailto:denni...@conversis.de wrote: Hi, I'm trying to find a way to always generate a 404 error using htaccess when a directory is accessed and with mod_autoindex enabled. That is when I access http://server/directory/ I want to get a 404 error instead of an auto generated index. I tried doing this with a RewriteRule but the autogenerated index gets displayed anyway and disabling the Index with Options -Indexes only gives me a 403 instead of a 404. Is there a way to do this? Regards, Dennis - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org mailto:users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org mailto:users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org mailto:users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Lots of Reading request status connections with no IP
Hi, I just saw the mention of mod_reqtimeout on the dev mailing list and I'm wondering if this would be a good module to deal with a problem I'm seeing. On one of our server I see a ddos where one IP seems to create lots of new connections to Apache which all show up as Reading Request and a with a Client IP of ?. The timeout directive doesn't work and I'm wondering why since apparently it has already received the new connection (hence the entry in server-status) yet it cannot determine the IP of the connection? Would mod_reqtimeout be able to handle this case? What I'm basically looking for is a way to set a timeout for any sort of connection to be discarded by Apache if the request hasn't been completely sent in 5 seconds. Regards, Dennis - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] I/O accounting for all processes?
On 06/16/2010 06:16 PM, Jakov Sosic wrote: On 06/16/2010 06:49 AM, Scott Gifford wrote: On Tue, Jun 15, 2010 at 5:33 PM, Jakov Sosicjakov.so...@srce.hr mailto:jakov.so...@srce.hr wrote: I'm interested in measuring I/O that all apache processes are generating. I used mod_logio to solve a similar problem not too long ago, with good success: But it seems that this module records network I/O and not the filesystem I/O. Although it's good to know this too, I would prefer more the filesystem I/O currently :) I think this lies outside the scope of Apache and would have to be solved on the OS level. I have no idea how this could be done but if you find a way let us know as that would be interesting for me too. Regards, Dennis - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] NameVirtualHost Directive - - - - Multiple SSL virtual hosts
On 06/06/2010 07:43 PM, Manoj Samtani wrote: Look this link dear, http://www.zdnetasia.com/configure-apache-to-support-multiple-ssl-sites-on-a-single-ip-address-62059501.htm In web hosting environment, one certificate used for single domain and other sites are using by /sitename etc.. but if we use Apache 2.2.12 version we can install multiple Certificates for multiple Domains. You will probably lose all Windows XP users using IE though since IE relies on the OS for SSL handshakes and WinXP doesn't support SNI. Regards, Dennis - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] SSL protocol limits ignored?
Hi, Doesn't work. I added the lines to the virtual host and restartet Apache but I can still connect with SSLv2: openssl s_client -ssl2 -connect SERVERNAME:443 ... New, SSLv2, Cipher is DES-CBC3-MD5 ... Regards, Dennis On 05/22/2010 11:44 AM, Sakthi Esakiappan wrote: Hello, Have a try with restarting apache service, otherwise add the following lines to the Virtual Host configuration SSLProtocol -all +SSLv3 +TLSv1 SSLCipherSuite HIGH:MEDIUM:!SSLv2:!LOW:!EXP:!aNULL restart the apache service and have a try... On 21 May 2010 17:45, Dennis J. denni...@conversis.de mailto:denni...@conversis.de wrote: Hi, I've noticed that my Apache server seems to accept SSLv2 connections even though they are supposed to be disabled. From the mod_ssl.conf: # SSL Protocol support: # List the enable protocol levels with which clients will be able to # connect. Disable SSLv2 access by default: SSLProtocol all -SSLv2 I also tried the following in a global context: SSLProtocol -all +SSLv3 +TLSv1 Still I can connect using SSLv2. I grepped through the config directories but these are the only instances of this directive so I'm not sure why the configuration doesn't apply. Any ideas? Regards, Dennis - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org mailto:users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org mailto:users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org mailto:users-h...@httpd.apache.org -- With Regards, Sakthi Esakiappan.M Server Administrator MercuryMinds Technologies Pvt Ltd www.mercuryminds.com http://www.mercuryminds.com An E-Commerce mentor +91 44 45588587 sakthi.esakiap...@mercuryminds.com mailto:sakthi.esakiap...@mercuryminds.com www.mercuryminds.com http://www.mercuryminds.com Disclaimer: This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you have received this message in error, you are hereby notified that we do not consent to any reading, dissemination, distribution or copying of this message. If you have received this communication in error, please notify the sender immediately and destroy the transmitted information. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] SSL protocol limits ignored?
Hi, I've noticed that my Apache server seems to accept SSLv2 connections even though they are supposed to be disabled. From the mod_ssl.conf: # SSL Protocol support: # List the enable protocol levels with which clients will be able to # connect. Disable SSLv2 access by default: SSLProtocol all -SSLv2 I also tried the following in a global context: SSLProtocol -all +SSLv3 +TLSv1 Still I can connect using SSLv2. I grepped through the config directories but these are the only instances of this directive so I'm not sure why the configuration doesn't apply. Any ideas? Regards, Dennis - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Using ssi include directive overwrites QUERY_STRING variable
Hi, It looks like there is a serious bug in the handling of virtual includes with Apaches SSI filter. Take the following code: htmlbody !--#echo var=QUERY_STRING-- !--#include virtual=/ssi2.php?abc=1-- !--#echo var=QUERY_STRING-- /body/html If this is called with the query string (url)?test=1 then the first echo will print test=1 as expected but the second one will output abc=1. Apparently the include in the middle completely obliterates the original query string making it unusable for subsequent includes. That's a major problem as soon as you use more than one SSI include with QUERY_STRING in your pages. According to the docs for exec the CGI script is given the PATH_INFO and query string (QUERY_STRING) of the original request from the client and The include virtual element should be used in preference to exec cgi. In particular, if you need to pass additional arguments to a CGI program, using the query string, this cannot be done with exec cgi, but can be done with include virtual, as shown here. So I would expect the QUERY_STRING not to change when making virtual includes. If I remove the following code from mod_include's output filter: ... if (r-args) { char *arg_copy = apr_pstrdup(r-pool, r-args); apr_table_setn(r-subprocess_env, QUERY_STRING, r-args); ap_unescape_url(arg_copy); apr_table_setn(r-subprocess_env, QUERY_STRING_UNESCAPED, ap_escape_shell_cmd(r-pool, arg_copy)); } ... The QUERY STRING variable no longer gets changed and the called ssi2.php still gets the abc=1 as query string but I'm sure there is a reason for this code to be there. Regards, Dennis - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Using ssi include directive overwrites QUERY_STRING variable
On 04/05/2010 08:36 PM, Dan Poirier wrote: What version did you see this with? If not 2.2.15, it might be fixed in 2.2.15 by the subrequest headers fix. Give it a try. I'm seeing this with 2.2.14, yesterdays fedora build of 2.2.15 and the latest Centos 5 version 2.2.3-31.el5.centos.4 Regards, Dennis - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Using ssi include directive overwrites QUERY_STRING variable
On 04/05/2010 09:35 PM, Dennis J. wrote: On 04/05/2010 08:36 PM, Dan Poirier wrote: What version did you see this with? If not 2.2.15, it might be fixed in 2.2.15 by the subrequest headers fix. Give it a try. I'm seeing this with 2.2.14, yesterdays fedora build of 2.2.15 and the latest Centos 5 version 2.2.3-31.el5.centos.4 BTW I filed a bug here: https://issues.apache.org/bugzilla/show_bug.cgi?id=49043 Regards, Dennis - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[EMAIL PROTECTED] mod_rewrite: get current working directory
Hello together, I want to create a rule, that maps /images/xyz.png to /foo/images/xyz.png (if that file exists), otherwise to /bar/images/xyz.png. My problem is that i cannot get the current working directory to test if file /foo/... exists because mod_rewrite wants absolute pathnames only, relative pathnames do not work in that case. Has anybody an idea? Greets, Dennis - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] SSL: CA-Certificate is not sent to browser with SSLCACertificatePath
Hello, I have a strange problem using SSL with apache 2.2.9 on Gentoo-Linux (mod_ssl 2.2.9 and OpenSSL 0.9.8g): I have two servers running with exactly the same apache and openssl binaries. On one server i can use the SSLCACertificatePath directive to let apache send the CA chain to the browser (self-signed root ca + intermediate ca), the browser gets the complete chain. On the other server i use the same chain with another certificate signed by the intermediate ca, the browser gets only the certificate but no ca certificates. If i use SSLCertificateChainFile the browser gets the complete chain. The apache/mod_ssl debug log on both servers I see a lot of [Mon Sep 29 07:45:40 2008] [debug] ssl_engine_init.c(1092): CA certificate: /C=DE/... lines so the ca certificates are read correctly from the folder on both systems. On both servers I use the same SSLCipherSuite entry and the configuration except for the virtual hosts is complete equal. The working server is running mod_perl, the other server uses no mod_perl but mod_php5, that is the only difference. Has anybody an idea how to fix this? Thanks, Dennis - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] mod_proxy_ajp problem: ajp_ilink_receive failed
Hi, I have some problems with my application. If there is a high request count, the client will get a 503 error. I have two apaches (accessed by round robin dns) and two tomcats. So if one of them fails, the other one should handle the requests. Unfortunately this doesn't work, both fail at the same time :-( The apache error log shows the following: [error] ajp_read_header: ajp_ilink_receive failed [error] (120006)APR does not understand this error code: proxy: send body failed to (null) (x.x.x.x) [error] (70007)The timeout specified has expired: ajp_ilink_receive() can't receive header The tomcat logs contain broken pipe errors and IOExceptions, but I found here (http://issues.apache.org/bugzilla/show_bug.cgi?id=38489) that this is the expected behaviour. org.apache.jk.core.MsgContext action WARNING: Error sending end packet java.net.SocketException: Broken pipe at java.net.SocketOutputStream.socketWrite0(Native Method) at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92) at java.net.SocketOutputStream.write(SocketOutputStream.java:136) at org.apache.jk.common.ChannelSocket.send(ChannelSocket.java:531) Aug 17, 2007 1:12:44 PM org.apache.jk.common.ChannelSocket processConnection WARNING: processCallbacks status 2 java.io.IOException at org.apache.jk.common.JkInputStream.receive(JkInputStream.java:190) at org.apache.jk.common.JkInputStream.doRead(JkInputStream.java:164) at org.apache.coyote.Request.doRead(Request.java:418) at org.apache.catalina.connector.InputBuffer.realReadBytes(InputBuffer.java:284 ) at org.apache.tomcat.util.buf.ByteChunk.substract(ByteChunk.java:371) at org.apache.catalina.connector.InputBuffer.readByte(InputBuffer.java:293) at org.apache.catalina.connector.CoyoteInputStream.read(CoyoteInputStream.java: 104) The issue http://issues.apache.org/bugzilla/show_bug.cgi?id=36495 deals with similar problems. So I tried to set MaxClients to 512 and keepalive=On (without success). Tomcat maxThreads is 1024. -- start of my config -- ServerLimit 1024 MaxClients 1024 KeepAlive On KeepAliveTimeout 5 MaxKeepAliveRequests 20 IfModule mod_proxy.c ProxyRequests Off ProxyTimeout 60 Location /instance0 ProxyPass balancer://instance0 stickysession=JSESSIONID lbmethod=byrequests /Location Proxy balancer://instance0 BalancerMember ajp://[host1-ip]:20009/instance0 route=node1 min=2 smax=5 BalancerMember ajp://[host2-ip]:20009/instance0 route=node2 min=2 smax=5 /Proxy Location /instance1 ProxyPass balancer://b2binstance1 stickysession=JSESSIONID lbmethod=byrequests /Location Proxy balancer://instance1 BalancerMember ajp://[host1-ip]:21009/instance1 route=node1 min=2 smax=5 BalancerMember ajp://[host2-ip]:21009/instance1 route=node2 min=2 smax=5 /Proxy /IfModule -- config end -- It's exasperating...hope that somebody can give me a hint. environment: Apache 2.2.4, SunOS 5.8, Tomcat 5.5.20, JDK 1.5 Regards Dennis - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Is there a mod_gzip?
Greetings; I was looking at a package today that had mod_gzip listed as a requirement. I don't find that module in any of the versions of Apache that I am running or is it mentioned in the doc. Is this module old and obsolete or too new to be in the doc or config yet? If the latter, where do I find it if I really need it? Many TIA! Dennis - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Advanced Problem with Virtual Host
Hi, I have a running apace-webserver, but have not discovered a problem. When I visit e.g.: http://www.demahost.dk/support/ http://www.demahost.dk/admin/ My browser shows this sites: http://www.demahost.dk/support.php http://www.demahost.dk/admin.php I really dont know why Its very scary. It looks like a rewriterule, but I havnt any htaccess. You can see my httpd.conf here: http://www.demahost.dk/httpd.conf And here my vhost.conf which I include in httpd.conf: http://www.demahost.dk/vhosts.conf (I have removed all my vhosts to simplify the docs) Anybody who can help me? Please tell me if you dont understand the problem. Best regards Dennis Madsen
SV: [EMAIL PROTECTED] Advanced Problem with Virtual Host
Thanks for you fast answer! :) I'm happy :) Med venlig hilsen / Best regards Dennis Madsen DeMaWeb http://www.demaweb.dk CVR-nr.: 2895 9486 -Oprindelig meddelelse- Fra: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] På vegne af Joshua Slive Sendt: 8. marts 2006 20:42 Til: users@httpd.apache.org Emne: Re: [EMAIL PROTECTED] Advanced Problem with Virtual Host On 3/8/06, Dennis Madsen [EMAIL PROTECTED] wrote: When I visit e.g.: http://www.demahost.dk/support/ http://www.demahost.dk/admin/ My browser shows this sites: http://www.demahost.dk/support.php http://www.demahost.dk/admin.php Remove MultiViews from your Options directives and perhaps set AcceptPathInfo off. Multiviews tells apache that if it can't find a file matching a particular request, it should check the directory for files with the same basename. This is used in content negotiation when you want to serve different files depending on what the browser can handle. The slash on the end, which would normally indicate a directory, is treated as PATH_INFO (trailing path information passed to the script) and not as part of the path to the script. This behavior can be modified with the AcceptPathInfo directive. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SV: SV: [EMAIL PROTECTED] Rewrite on Windows-server (subdomain)
Sorry, but can you help me? Med venlig hilsen / Best regards Dennis Madsen DeMaWeb http://www.demaweb.dk CVR-nr.: 2895 9486 -Oprindelig meddelelse- Fra: Robert Ionescu [mailto:[EMAIL PROTECTED] Sendt: 3. marts 2006 15:01 Til: users@httpd.apache.org Emne: Re: SV: [EMAIL PROTECTED] Rewrite on Windows-server (subdomain) Dennis Madsen wrote: Should I insert a rewrite rule in my virtual host for myhp.dk? I have this: VirtualHost * DocumentRoot c:/www/myhp.dk/www ServerName myhp.dk ServerAlias *.myhp.dk ServerAdmin [EMAIL PROTECTED] php_admin_value open_basedir c:/www/myhp.dk/www/ CustomLog c:/www/myhp.dk/access.log combined ErrorLog c:/www/myhp.dk/error.log /VirtualHost Hello Dennis. In this case (rewrite within the document root), you can easily use inside your virtualhost * (just add the rules somewhere between the other directives): RewriteEngine On RewriteCond %{HTTP_HOST} ^([^.]+)\.myhp\.dk$ RewriteCond %1 !^www$ RewriteCond c:/www/myhp.dk/www/%1 -d RewriteRule ^(.*) /%1/$1 [L] You don't need any looping protection here, because there is no internal redirect in per-server context. Since you're on a windows system, there are no concerns about security. But if would use e.g. Linux, I'd strongly recommend to prefix the substitution with the document root (like RewriteRule ^(.*) /var/www/html/%1/$1 [L]), but again, there is no need here to use RewriteRule ^(.*) c:/www/myhp.dk/www/%1/$1 [L] So you might test the rules inside your virtualhost *. -- Robert - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SV: SV: SV: [EMAIL PROTECTED] Rewrite on Windows-server (subdomain)
Hei, I'm so happy - it succeded :) Thanks for your help. Med venlig hilsen / Best regards Dennis Madsen DeMaWeb http://www.demaweb.dk CVR-nr.: 2895 9486 -Oprindelig meddelelse- Fra: Robert Ionescu [mailto:[EMAIL PROTECTED] Sendt: 5. marts 2006 20:49 Til: users@httpd.apache.org Emne: Re: SV: SV: [EMAIL PROTECTED] Rewrite on Windows-server (subdomain) Dennis Madsen wrote: The requested operation has failed. Is this being logged into your error.log? I'm not sure if this is just a posting issue, but some line breaks are missing: RewriteEngine On RewriteCond %{HTTP_HOST} ^([^.]+)\.myhp\.dk$ RewriteCond %1 !^www$ RewriteCond c:/www/myhp.dk/www/%1 -d RewriteRule ^(.*) /%1/$1 [L] This should be 5 lines in total RewriteEngine On RewriteCond %{HTTP_HOST} ^([^.]+)\.myhp\.dk$ RewriteCond %1 !^www$ RewriteCond c:/www/myhp.dk/www/%1 -d RewriteRule ^(.*) /%1/$1 [L] Did you check the syntax of the httpd.conf with apache -t? -- Robert - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SV: SV: [EMAIL PROTECTED] Rewrite on Windows-server (subdomain)
Hei, I still have problems. My Virtual Host is: VirtualHost * DocumentRoot c:/www/myhp.dk/www ServerName myhp.dk ServerAlias *.myhp.dk ServerAdmin [EMAIL PROTECTED] php_admin_value open_basedir c:/www/myhp.dk/www/ CustomLog c:/www/myhp.dk/access.log combined ErrorLog c:/www/myhp.dk/error.log RewriteEngine On RewriteCond %{HTTP_HOST} ^([^.]+)\.myhp\.dk$ RewriteCond %1 !^www$ RewriteCond c:/www/myhp.dk/www/%1 -d RewriteRule ^(.*) /%1/$1 [L] /VirtualHost I restart Apache without any errors, but when I visit myhp.dk I get this error on the server: The requested operation has failed. Can you help me? Any logs? Med venlig hilsen / Best regards Dennis Madsen -Oprindelig meddelelse- Fra: Robert Ionescu [mailto:[EMAIL PROTECTED] Sendt: 3. marts 2006 15:01 Til: users@httpd.apache.org Emne: Re: SV: [EMAIL PROTECTED] Rewrite on Windows-server (subdomain) Dennis Madsen wrote: Should I insert a rewrite rule in my virtual host for myhp.dk? I have this: VirtualHost * DocumentRoot c:/www/myhp.dk/www ServerName myhp.dk ServerAlias *.myhp.dk ServerAdmin [EMAIL PROTECTED] php_admin_value open_basedir c:/www/myhp.dk/www/ CustomLog c:/www/myhp.dk/access.log combined ErrorLog c:/www/myhp.dk/error.log /VirtualHost Hello Dennis. In this case (rewrite within the document root), you can easily use inside your virtualhost * (just add the rules somewhere between the other directives): RewriteEngine On RewriteCond %{HTTP_HOST} ^([^.]+)\.myhp\.dk$ RewriteCond %1 !^www$ RewriteCond c:/www/myhp.dk/www/%1 -d RewriteRule ^(.*) /%1/$1 [L] You don't need any looping protection here, because there is no internal redirect in per-server context. Since you're on a windows system, there are no concerns about security. But if would use e.g. Linux, I'd strongly recommend to prefix the substitution with the document root (like RewriteRule ^(.*) /var/www/html/%1/$1 [L]), but again, there is no need here to use RewriteRule ^(.*) c:/www/myhp.dk/www/%1/$1 [L] So you might test the rules inside your virtualhost *. -- Robert - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SV: [EMAIL PROTECTED] Rewrite on Windows-server (subdomain)
Hei Robert, Thanks for your answer. Sorry, but I don't understand, that you tell me to do? Should I insert a rewrite rule in my virtual host for myhp.dk? I have this: VirtualHost * DocumentRoot c:/www/myhp.dk/www ServerName myhp.dk ServerAlias *.myhp.dk ServerAdmin [EMAIL PROTECTED] php_admin_value open_basedir c:/www/myhp.dk/www/ CustomLog c:/www/myhp.dk/access.log combined ErrorLog c:/www/myhp.dk/error.log /VirtualHost Which rewrite rule should I insert? Best Regards Dennis Madsen -Oprindelig meddelelse- Fra: Robert Ionescu [mailto:[EMAIL PROTECTED] Sendt: 2. marts 2006 22:46 Til: users@httpd.apache.org Emne: Re: [EMAIL PROTECTED] Rewrite on Windows-server (subdomain) Dennis Madsen wrote: I have this rewrite rule: RewriteEngine On RewriteCond %{HTTP_HOST} ^([^.]+)\.myhp\.dk$ RewriteCond %{1} !^www$ RewriteCond c:/www/myhp.dk/www/%1 -d RewriteCond %{REQUEST_FILENAME} !^c:/www/myhp.dk/www/ RewriteRule (.*) c:/www/myhp.dk/www/%1/$1 [l] You cannot rewrite to a full physical path in per-dir context (i.e. .htaccess configuration files, directory... and location... sections). mod_rewrite needs an URL-path (e.g. /abc/) here for the internal redirect. But mod_rewrite fails here to built such an URL-path (which is always tried if you don't rewrite directly to an URL-path). Place your rules in your httpd.conf (=per-server context; if you're using virtualhosts.. in the vhost, otherwise outside of ...-sections. You should be able to rewrite to a full physical path in per-server context. IMHO placing directives directly into httpd.conf should be always preferred instead of using .htaccess. -- Robert - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
octet-streams und dateinamen
Hallo - Ich schreibe an einem CMS und habe geplant, alle binären Dateien (auch Bilder) in dem CMS aufzubewahren. Das führt dazu, dass Querverweise zu binären Dateien stets die Sitzungskennung und sonst nur einen internen Suchcode beinhalten. Wie kann ich über HTTP den zu verwendenden Dateinamen für z.B. den Download an den Browser übergeben, so dass er diesen anstatt des Querverweis-Namens verwendet? Gruß Dennis Heuer [EMAIL PROTECTED] -- Apache HTTP Server Mailing List users-de unsubscribe-Anfragen an [EMAIL PROTECTED] sonstige Anfragen an [EMAIL PROTECTED] --