RE: [us...@httpd] Timestamps of access log entries
Hi there,
I've not had any responses to this problem so I assume no one else has
the same issues. Any offers?
I've already tried changing the timestamp strings in the log format to
localized but this appears to have made no difference...
Cheers
Steve
From: Foster, Stephen (ASPIRE)
Sent: 07 April 2010 13:25
To: users@httpd.apache.org
Subject: [us...@httpd] Timestamps of access log entries
Hi there,
I am having troubles with the switch over between GMT and BST with
respect to the entries going in the log files, I am using apache 2.0.55
BTW.
The timezones on our servers are set to GB and during British Wintertime
the log file entries are stamped correctly, however when moving to BST I
have to add the following to the apache startup script to get the
timestamps in BST format.
TZ=GMT0BST
export TZ
And obviously remember to take this out when returning back to GMT in
October.
For the actual logfile configuration I use the following:
Logformat %{%Y-%m-%d %H:%M:%S}t %{X-Forwarded-For}i %{host}i %r %s %b
%D %q %{User-Agent}i %{IR_PORTAL_COOKIE}C %{Referer}i ORU_extended
CustomLog |/opt/app/apache/bin/rotatelogs
/opt/app/apache/logs/site_access_log.%Y-%m-%d 86400 ORU_extended
Is there any other way of ensuring the correct localtime gets put into
the logfile entries?? I have tried using %X in place of %H:%M:%S but
this has no effect.
Cheers
Steve
Capgemini is a trading name used by the Capgemini Group of companies
which includes Capgemini UK plc, a company registered in England and
Wales (number 943935) whose registered office is at No. 1 Forge End,
Woking, Surrey, GU21 6DB.
This message contains information that may be privileged or confidential
and is the property of the Capgemini Group. It is intended only for the
person to whom it is addressed. If you are not the intended recipient,
you are not authorized to read, print, retain, copy, disseminate,
distribute, or use this message or any part thereof. If you receive this
message in error, please notify the sender immediately and delete all
copies of this message.
Capgemini is a trading name used by the Capgemini Group of companies which
includes Capgemini UK plc, a company registered in England and Wales (number
943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB.
This message contains information that may be privileged or confidential and is
the property of the Capgemini Group. It is intended only for the person to whom
it is addressed. If you are not the intended recipient, you are not authorized
to read, print, retain, copy, disseminate, distribute, or use this message or
any part thereof. If you receive this message in error, please notify the
sender immediately and delete all copies of this message.
[us...@httpd] Timestamps of access log entries
Hi there,
I am having troubles with the switch over between GMT and BST with
respect to the entries going in the log files, I am using apache 2.0.55
BTW.
The timezones on our servers are set to GB and during British Wintertime
the log file entries are stamped correctly, however when moving to BST I
have to add the following to the apache startup script to get the
timestamps in BST format.
TZ=GMT0BST
export TZ
And obviously remember to take this out when returning back to GMT in
October.
For the actual logfile configuration I use the following:
Logformat %{%Y-%m-%d %H:%M:%S}t %{X-Forwarded-For}i %{host}i %r %s %b
%D %q %{User-Agent}i %{IR_PORTAL_COOKIE}C %{Referer}i ORU_extended
CustomLog |/opt/app/apache/bin/rotatelogs
/opt/app/apache/logs/site_access_log.%Y-%m-%d 86400 ORU_extended
Is there any other way of ensuring the correct localtime gets put into
the logfile entries?? I have tried using %X in place of %H:%M:%S but
this has no effect.
Cheers
Steve
Capgemini is a trading name used by the Capgemini Group of companies which
includes Capgemini UK plc, a company registered in England and Wales (number
943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB.
This message contains information that may be privileged or confidential and is
the property of the Capgemini Group. It is intended only for the person to whom
it is addressed. If you are not the intended recipient, you are not authorized
to read, print, retain, copy, disseminate, distribute, or use this message or
any part thereof. If you receive this message in error, please notify the
sender immediately and delete all copies of this message.
[us...@httpd] Authorisation using LDAP
Hi there, I'm wanting to configure apache to provide authorisation using LDAP, my users already authenticate via another method so I only want to authorize access if the user belongs to a particular group or role. And I want to apply this access to both static content in my DocumentRoot and also to allow the users to then be proxied onwards. Does anyone have any examples of configuration for providing authorisation only, all examples I have found related to authentication and then authorization and I can't get it to work. Cheers in advance Steve Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
[us...@httpd] Securing forward proxy for CONNECT
Hi there, I am using apache to proxy https requests to a remote server using the AllowCONNECT method and am using ProxyRemote to send everything. What I really need to do is limit what the proxy will send but everything I try is not giving me what I want. Client issues the request for https://www.anotherdomain.com:8444/URL after setting their browser proxy settings to my proxy server. Which is fine and gets proxied using the CONNECT Method, but if the browser issues any other request, e.g hourly RSS get, different homepage on startup etc. then these all get sent to the Proxy and onwards. This is okay but I want the proxy to stop these requests unless they match the URI specified. My current config is as follows: ProxyRequests On ProxyTimeout 60 Proxy * Order Allow,Deny Allow from all /Proxy ProxyPass /server-status ! ProxyRemote * http://a.n.otherproxy:8080 AllowCONNECT 8444 I have tried using the mod_setenvif to set access control,e.g: SetEnvIf Request_URI ^/URL/* let_me_in Proxy * Order Deny,Allow Deny from all Allow from env=let_me_in /Proxy However this only seems to work on straight HTTP calls and not on the CONNECT method. Any ideas? Cheers Steve Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
[us...@httpd] proxying SSL requests over a non-SSL connection.
Hi there, I've got an issue that may not actually be technically solveable. I need to send a users request for a URI to a remote server via my own apache proxy, but there are some complications to this. The user will issue the URL http://my.proxy.co.uk:8080/WEB The remote system expects to see the full URL combination as https://remote.me.int:8444/WEB (NOTE: HTTPS!!) However I have to proxy this through a remote proxy that only supports HTTP, e.g http://gateway:1998 http://gateway:1998/ , this proxy also needs user/password authentication!!! My current configuration is as follows: Rewriterule to rewrite the incoming URL and re-write it to https://remote.me.int:8444/WEB and has a P flag at the end of the rule to send it to the Proxy engine. The proxy engine then has a ProxyRemote rule to send everything to the remote proxy. The problems I have with this is that the connection made to the remote proxy is in HTTPS, rather than HTTP, it doesn't support HTTPS!! I am under the assumption that the user/password authentication will be made via a webform so I can sort that on the clients browser, my main issue is how to tunnel the HTTPS connection without it being refused by the HTTP proxy. Anyone got any ideas?? Is this technically do-able with Apache??, anyone done this before? Cheers in advance Steve Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
RE: [us...@httpd] Information in mod_status to text file
Why not have a look at log_server_status , google it.. It's a useful perl script that can be used to connect to the server and output the metrics into a logfile for then graphing against. It comes with a very basic set of reports but its quite easy to modify to collect further fields of information to see what the statistical behaviour of the webserver is. HTH Steve Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
RE: [us...@httpd] Information in mod_status to text file
For example, the standard script comes with the following:
while (S) {
$requests=$1 if ( m|^BusyWorkers:\ (\S+)|);
$idle=$1 if ( m|^IdleWorkers:\ (\S+)|);
$number=$1 if ( m|Total Accesses:\ (\S+)|);
$cpu=$1 if (m|^CPULoad:\ (\S+)|);
}
print OUT $time,$requests,$idle,$number,$cpu\n;
I modified this to get the following data:
while (S) {
$accesses=$1 if ( m|^Total Accesses:\ (\S+)|);
$kbytes=$1 if ( m|^Total kBytes:\ (\S+)|);
$cpuload=$1 if ( m|^CPULoad:\ (\S+)|);
$uptime=$1 if ( m|Uptime:\ (\S+)|);
$reqpersec=$1 if (m|^ReqPerSec:\ (\S+)|);
$bytespersec=$1 if (m|^BytesPerSec:\ (\S+)|);
$bytesperreq=$1 if (m|^BytesPerReq:\ (\S+)|);
$busyworkers=$1 if (m|^BusyWorkers:\ (\S+)|);
$idleworkers=$1 if (m|^IdleWorkers:\ (\S+)|);
}
print OUT
$time,$accesses,$kbytes,$cpuload,$uptime,$reqpersec,$bytespersec,$bytes
perreq,$busyworkers,$idleworkers\n;
So its very useful for seeing if you run out of resources and what your
throughput is looking like.
HTH
Steve
From: Foster, Stephen (ASPIRE)
Sent: 08 June 2009 14:22
To: users@httpd.apache.org
Subject: RE: [us...@httpd] Information in mod_status to text file
Why not have a look at log_server_status , google it..
It's a useful perl script that can be used to connect to the server and
output the metrics into a logfile for then graphing against.
It comes with a very basic set of reports but its quite easy to modify
to collect further fields of information to see what the statistical
behaviour of the webserver is.
HTH
Steve
Capgemini is a trading name used by the Capgemini Group of companies
which includes Capgemini UK plc, a company registered in England and
Wales (number 943935) whose registered office is at No. 1 Forge End,
Woking, Surrey, GU21 6DB.
This message contains information that may be privileged or confidential
and is the property of the Capgemini Group. It is intended only for the
person to whom it is addressed. If you are not the intended recipient,
you are not authorized to read, print, retain, copy, disseminate,
distribute, or use this message or any part thereof. If you receive this
message in error, please notify the sender immediately and delete all
copies of this message.
Capgemini is a trading name used by the Capgemini Group of companies which
includes Capgemini UK plc, a company registered in England and Wales (number
943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB.
This message contains information that may be privileged or confidential and is
the property of the Capgemini Group. It is intended only for the person to whom
it is addressed. If you are not the intended recipient, you are not authorized
to read, print, retain, copy, disseminate, distribute, or use this message or
any part thereof. If you receive this message in error, please notify the
sender immediately and delete all copies of this message.
RE: [us...@httpd] Information in mod_status to text file
From: ricardo figueiredo [mailto:ricardoogra...@gmail.com] Sent: 08 June 2009 14:33 To: users@httpd.apache.org Subject: Re: [us...@httpd] Information in mod_status to text file Hi all, thank you by code. But, what's log_server_status ?? a program ?? I google it, but didn't find it. Ricardo You can google it, I just have...http://www.google.co.uk/search?hl=enq=log_server_statusmeta=aq =foq= But it may prove difficult to find the actual code, apache documentation suggests it gets built when you compile apache from source, but I never got it to work. I found it on the web under a CVS source repository and cut and pasted it over. If you get stuck I can send you the code to put into a file. Its only a perl script. Steve Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
[us...@httpd] ProxyTimeout question
Hi there, I have a quick question about the ProxyTimeout value. Does the value equate to the maximum amount of time it takes for the endpoint to make an initial response or does it relate to the whole time it would take to satisfy a request. For example I have a fairly quick responding endpoint so I have the timeout value set at 30 seconds so that if the endpoint goes away I can return a timeout response after 30 seconds is up. But I have also got clients on dialup lines who are going to be downloading large files from the endpoint through my mod_proxy which will take longer than the 30 seconds currently specified. I believe the value relates to the initial response but I would like clarification is anyone can provide it. Many thanks in advance Steve Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
[us...@httpd] Adding headers based on Content-Type
Hi there, I have as situation where I need to add custom headers when the response is of a certain type, for example: If the response type is text/html I want to add a header of Content-Style-Type text/css If the response type is anything other that text/html then don't add anything. Now adding the header is no problem at all but I am struggling to find how to match whether the response type is text/html I can match a filetype no problem, e.g FilesMatch \.(html|htm)$ Header set Content-Style-Type text/css /FilesMatch But the content type will be sent back by dynamic content so that code chunk will not be valid. Anybody have any ideas? Cheers in advance Steve Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
[us...@httpd] Logfile size in apache2.2.8
Hi there, Does Apache 2.2.8 support logfiles over 2Gb in size now? I know it provides large file support for files being served but there is no mention of the size of the logfiles. Our current 2.0.55 version has a limitation of logfiles of only 2Gb in size when using rotatelogs. Cheers Steve Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
RE: [EMAIL PROTECTED] V 2.2.9: configure: WARNING: Unrecognized options: --enable-mod etc
Hi ron, I don't think --enable-mod is a valid argument to the configure command. You should be specifying the module explicitly, e.g --enable-expires etc.. To make it easier on yourself you could do what I do and put your configure command line into a shell script called configure.sh, then you can quickly make changes to this and re-run the configure.sh script. E.g mine below: # more configure.sh ./configure --prefix=/opt/app/apache2.2.8 \ --with-mpm=worker \ --with-ldap \ --with-ldap-lib=/usr/lib64 \ --with-ldap-include=/usr/include \ --enable-mods-shared=all \ --disable-charset-lite \ --disable-include \ --disable-env \ --disable-setenvif \ --disable-status \ --disable-autoindex \ --disable-asis \ --disable-cgi \ --disable-cgid \ --disable-negotiation \ --disable-imagemap \ --disable-actions \ --disable-userdir \ --disable-alias \ --enable-dir \ --enable-rewrite \ --enable-mime \ --enable-so \ --enable-logio \ --enable-expires \ --enable-headers \ --enable-authz_host \ --enable-authn_file \ --with-ssl=/usr/local/ssl \ --enable-mods-shared='actions alias asis auth_basic auth_digest authn_alias auth n_anon authn_dbd authn_dbm authn_default authnz_ldap authz_dbm authz_default aut hz_groupfile authz_owner authz_user autoindex cache cern_meta cgi cgid charset_l ite dav dav_fs dav_lock dbd deflate disk_cache dumpio echo env example ext_filte r file_cache filter ident imagemap include info isapi ldap log_forensic mem_cach e mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http setenvif speling ssl status suexec unique_id userdir usertrack versio n vhost_alias' Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Logging query strings from a re-write rule
Hi there,
I think you may have misunderstood the issue. Functionally my re-write
rule is working okay but its logging the query string of the URL that I
am sending the browser to.
If that makes sense..
Steve
-Original Message-
From: Francois Gingras [mailto:[EMAIL PROTECTED]
Sent: 10 July 2008 14:16
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] Logging query strings from a re-write rule
Steve,
Without digging too much in your particular issue, note that
RewriteCond will only match the query string if you use
%{QUERY_STRING}; You can check the following guide for examples:
http://wiki.apache.org/httpd/RewriteQueryString
Frank
On 7/10/08, Foster, Stephen (ASPIRE) [EMAIL PROTECTED]
wrote:
Hi,
I have implemented a re-write rule that captures the incoming
requests,
checks for a cookie and then directs the user to another system to
authenticate and get a cookie before being allowed to access pages
under the
webserver. E.g:
RewriteCond %{HTTP_HOST} !=
RewriteCond %{REQUEST_URI} !=/server-status
RewriteCond %{REQUEST_URI} !=/server-status?auto
RewriteCond %{REQUEST_URI} !=/heartbeat/heartbeat.htm
RewriteCond %{HTTP_COOKIE} !.*iiswlssignonuser*
RewriteRule .*$
http://www.steve.co.uk/Identification/WLSLogon.asp\?URL=http://%{HTTP_HO
ST}%{REQUEST_URI}path=%{REQUEST_URI}domain=.steve.co.ukname=mwar
e [L]
Functionaly this works perfectly but in the access logs I am getting
the
Query string of the re-direct URL being shown against the initial
request.
E.g
I am accessing
http://internal.steve.co.uk/TestWebApp/index.html
2008-07-10 10:53:02 10.101.X.X internal.steve.co.uk GET
/TestWebApp/index.html HTTP/1.1 302 367 2025
?URL=http://internal.steve.co.uk/TestWebApp/index.htmlpath=/TestWebApp/
index.htmldomain=.steve.co.ukname=mware
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1) -
-
2008-07-10 10:53:05 10.101.X.X internal.steve.co.uk GET
/TestWebApp/index.html HTTP/1.1 200 396 60460 Mozilla/4.0
(compatible; MSIE
6.0; Windows NT 5.1; SV1; InfoPath.1) - -
Any thoughts?? Like I say its working fine, just logging wrongly.
Cheers
Steve
Capgemini is a trading name used by the Capgemini Group of companies
which
includes Capgemini UK plc, a company registered in England and Wales
(number
943935) whose registered office is at No. 1 Forge End, Woking, Surrey,
GU21
6DB.
This message contains information that may be privileged or
confidential and
is the property of the Capgemini Group. It is intended only for the
person
to whom it is addressed. If you are not the intended recipient, you
are not
authorized to read, print, retain, copy, disseminate, distribute, or
use
this message or any part thereof. If you receive this message in
error,
please notify the sender immediately and delete all copies of this
message.
--
Francois Gingras
(i): http://ccds.ca
(p): (514) 243-8233
(f): (514) 731-5834
-
The official User-To-User support forum of the Apache HTTP Server
Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Capgemini is a trading name used by the Capgemini Group of companies which
includes Capgemini UK plc, a company registered in England and Wales (number
943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB.
This message contains information that may be privileged or confidential and is
the property of the Capgemini Group. It is intended only for the person to whom
it is addressed. If you are not the intended recipient, you are not authorized
to read, print, retain, copy, disseminate, distribute, or use this message or
any part thereof. If you receive this message in error, please notify the
sender immediately and delete all copies of this message.
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Logging query strings from a re-write rule
Hi,
I have implemented a re-write rule that captures the incoming requests,
checks for a cookie and then directs the user to another system to
authenticate and get a cookie before being allowed to access pages under
the webserver. E.g:
RewriteCond %{HTTP_HOST} !=
RewriteCond %{REQUEST_URI} !=/server-status
RewriteCond %{REQUEST_URI} !=/server-status?auto
RewriteCond %{REQUEST_URI} !=/heartbeat/heartbeat.htm
RewriteCond %{HTTP_COOKIE} !.*iiswlssignonuser*
RewriteRule .*$
http://www.steve.co.uk/Identification/WLSLogon.asp\?URL=http://%{HTTP_HO
ST}%{REQUEST_URI}path=%{REQUEST_URI}domain=.steve.co.ukname=mwar
e [L]
Functionaly this works perfectly but in the access logs I am getting the
Query string of the re-direct URL being shown against the initial
request. E.g
I am accessing http://internal.steve.co.uk/TestWebApp/index.html
2008-07-10 10:53:02 10.101.X.X internal.steve.co.uk GET
/TestWebApp/index.html HTTP/1.1 302 367 2025
?URL=http://internal.steve.co.uk/TestWebApp/index.htmlpath=/TestWebApp/
index.htmldomain=.steve.co.ukname=mware Mozilla/4.0 (compatible; MSIE
6.0; Windows NT 5.1; SV1; InfoPath.1) - -
2008-07-10 10:53:05 10.101.X.X internal.steve.co.uk GET
/TestWebApp/index.html HTTP/1.1 200 396 60460 Mozilla/4.0 (compatible;
MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1) - -
Any thoughts?? Like I say its working fine, just logging wrongly.
Cheers
Steve
Capgemini is a trading name used by the Capgemini Group of companies which
includes Capgemini UK plc, a company registered in England and Wales (number
943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB.
This message contains information that may be privileged or confidential and is
the property of the Capgemini Group. It is intended only for the person to whom
it is addressed. If you are not the intended recipient, you are not authorized
to read, print, retain, copy, disseminate, distribute, or use this message or
any part thereof. If you receive this message in error, please notify the
sender immediately and delete all copies of this message.
[EMAIL PROTECTED] Odd log_server_status behaviour in Linux Vs. Solaris
Hi there,
I've been using log_server_status to monitor the behaviour of my apache
servers and am getting some odd behaviour between Linux and solaris. On
solaris if I set the $server variable to a non-existent name , such as
www.foo.com http://www.foo.com/ , then the script fails to connect to
the running webserver, which is exactly what I expect. In the linux
implementation (built under SLES10SP2) if I leave the $server variable
set to localhost it also fails as I expect as I don't have a webserver
running on 127.0.0.1. However if I set the variable to anything other
than localhost, e.g notlocalhost or any other name other than that of
my listening server then the script connects and reports back properly.
Has anyone come across this before Obviously it makes my life easy
as on the linux servers I can deliver a generic script with
notlocalhost configured as the server name and I know it will connect
and report back okay. It just doesn't work as you would expect. Ie. A
duff name should result in a no-connection.
Also the standard delivered log_server_status script is faulty for the
following reason:
The request variable comes configured as $request = /status/?auto; ,
whereas it should be $request = /server-status/?auto;
Also the script is limited on what it will report so it would be better
to modify the script output to report more of what /server-status?auto
gives you. I have made the following changes to report more and to
format the outputted file better to allow graphing within the likes of
excel.
Date Format:
Change:
$date = $year . `date +%m%d:%H%M%S`;
To:
$date = $year . `date +%m%d:%H.%M.%S`;
Change:
while (S) {
$requests=$1 if ( m|^BusyServers:\ (\S+)|);
$idle=$1 if ( m|^IdleServers:\ (\S+)|);
$number=$1 if ( m|sses:\ (\S+)|);
$cpu=$1 if (m|^CPULoad:\ (\S+)|);
}
print OUT $time:$requests:$idle:$number:$cpu\n;
To:
while (S) {
$accesses=$1 if ( m|^Total Accesses:\ (\S+)|);
$kbytes=$1 if ( m|^Total kBytes:\ (\S+)|);
$cpuload=$1 if ( m|^CPULoad:\ (\S+)|);
$uptime=$1 if ( m|Uptime:\ (\S+)|);
$reqpersec=$1 if (m|^ReqPerSec:\ (\S+)|);
$bytespersec=$1 if (m|^BytesPerSec:\ (\S+)|);
$bytesperreq=$1 if (m|^BytesPerReq:\ (\S+)|);
$busyworkers=$1 if (m|^BusyWorkers:\ (\S+)|);
$idleworkers=$1 if (m|^IdleWorkers:\ (\S+)|);
}
print OUT
$time,$accesses,$kbytes,$cpuload,$uptime,$reqpersec,$bytespersec,$bytes
perreq,$busyworkers,$idleworkers\n;
Hope this helps someone out, but would there be any mileage in getting
the delivered script to suit the above format and also to apply the fix
to the request variable.
Cheers
Steve
Capgemini is a trading name used by the Capgemini Group of companies which
includes Capgemini UK plc, a company registered in England and Wales (number
943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB.
This message contains information that may be privileged or confidential and is
the property of the Capgemini Group. It is intended only for the person to whom
it is addressed. If you are not the intended recipient, you are not authorized
to read, print, retain, copy, disseminate, distribute, or use this message or
any part thereof. If you receive this message in error, please notify the
sender immediately and delete all copies of this message.
[EMAIL PROTECTED] Roadmap for Apache webserver versions
Hi there, Can anyone point me in the direction of a roadmap for the Apache HTTP server product. I am interested in the support lifecycle for the 2.2 product and also for the 2.0 product. Many thanks in advance Steve Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
RE: [EMAIL PROTECTED] Roadmap for Apache webserver versions
Hi josh, Thanks for the response. I'll make a judgement call on whether I need something more formal or not. Cheers Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joshua Slive Sent: 28 February 2008 15:00 To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] Roadmap for Apache webserver versions On Thu, Feb 28, 2008 at 9:17 AM, Foster, Stephen (ASPIRE) [EMAIL PROTECTED] wrote: Can anyone point me in the direction of a roadmap for the Apache HTTP server product. I am interested in the support lifecycle for the 2.2 product and also for the 2.0 product. There is no formal support cycle for these products. Products get maintained as long as there are developers interested in doing the job. If you look at recent releases, you'll notice that even 1.3 still gets security releases although its been many years since any significant development work was done on this branch. Obviously 2.0 also gets security releases and the occasional very-important bug fix. If you need something formal for your boss, you could try contacting one of the companies that provides commercial support for apache to see if they are interested. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Problems using chroot'd apache under Linux SLES10
Hi all, I have created a chroot to run my apache in under SLES10. I have previously done this in solaris and it worked perfectly , however differences in linux are causing problems for me when starting. Apache 2.2.4 has been built and installed and the required apache and OS libraries and files have been copied into the chroot directory hierarchy. when i start apache it complains of the following: [Mon Sep 17 13:12:11 2007] [crit] (EAI 2)Name or service not known: alloc_listener: failed to set up sockaddr for grid2 Syntax error on line 4 of /opt/app/apache/conf/httpd.conf: Listen setup failed I have tracked this down to required access to the /var/run/nscd/socket file, i can resolve this by doing a read-only mount bind of /var/run/nscd into my jail, however this is not ideal as it exposes my password and shadow files to the world albeit owned by the root user and not readable by anyone else. The built apache seems to want to use nscd as a caching-daemon for any name related call regardless of settings in nsswitch.conf. And i need to use hostnames in my configurations to allow portability across multiple web servers. Has anyone successfully jailed apache in SLES10 and got round this issue? cheers in advance Steve Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Compilation Problem when trinyg to build http 2.2.6 rpm
You probably need to specify the correct location path to the SSL libraries, for example in your configure script (or command) have the following: --with-ssl=/usr/include HTH Steve -Original Message- From: HAMMER Cédric Ext ROSI/DPS [mailto:[EMAIL PROTECTED] Sent: 13 September 2007 10:19 To: users@httpd.apache.org Cc: [EMAIL PROTECTED] Subject: RE: [EMAIL PROTECTED] Compilation Problem when trinyg to build http 2.2.6 rpm No one to help me with this ? Reading the error lines, I've seen checking openssl/ssl.h presence... no But when I can to locate it : # find / -name ssl.h /usr/include/openssl/ssl.h Could it be a problem with httpd.spec ? If then where could be the problem in that file (that's my first rpm building, so I'm not used to the spec files ...) ? _ De : HAMMER Cédric Ext ROSI/DPS [mailto:[EMAIL PROTECTED] Envoyé : mercredi 12 septembre 2007 15:34 À : users@httpd.apache.org Objet : [EMAIL PROTECTED] Compilation Problem when trinyg to build http 2.2.6 rpm Hi everybody, I'm just trying to build a rpm of httpd 2.2.6 using the sources. But I got a problem with SSL during the compilation phase ; here is a copy of this error: mkdir modules/ssl checking whether to enable mod_ssl... checking dependencies checking for SSL/TLS toolkit base... none checking for OpenSSL version... checking openssl/opensslv.h usability... yes checking openssl/opensslv.h presence... yes checking for openssl/opensslv.h... yes checking openssl/ssl.h usability... yes checking openssl/ssl.h presence... no configure: WARNING: openssl/ssl.h: accepted by the compiler, rejected by the preprocessor! configure: WARNING: openssl/ssl.h: proceeding with the preprocessor's result configure: WARNING: ## ## configure: WARNING: ## Report this to https://mail.google.com/mail?view=cmtf=0[EMAIL PROTECTED] [EMAIL PROTECTED] ## configure: WARNING: ## ## checking for openssl/ssl.h... no not encouraging WARNING: OpenSSL version may contain security vulnerabilities! Ensure the latest security patches have been applied! checking openssl/engine.h usability... yes checking openssl/engine.h presence... yes checking for openssl/engine.h... yes checking for SSLeay_version in -lcrypto... no checking for SSL_CTX_new in -lssl... no checking for ENGINE_init... no checking for ENGINE_load_builtin_engines... no checking for SSL_set_cert_store... no configure: error: ... Error, SSL/TLS libraries were missing or unusable error: Bad exit status from /var/tmp/rpm-tmp.46448 (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.46448 (%build) In addition, please note openssl and openssl-devel are installed. I've even tried two different versions, but always got the same error ... # rpm -qa | grep openssl openssl-devel-0.9.7a-33.23 openssl-0.9.7a-33.23 # rpm -qa |grep openssl openssl-0.9.8b-15.fc8 openssl-devel-0.9.8b-15.fc8 Thanks for your help ! Cedric * This message and any attachments (the message) are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited. Messages are susceptible to alteration. France Telecom Group shall not be liable for the message if altered, changed or falsified. If you are not the intended addressee of this message, please cancel it immediately and inform the sender. * This message and any attachments (the message) are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited. Messages are susceptible to alteration. France Telecom Group shall not be liable for the message if altered, changed or falsified. If you are not the intended addressee of this message, please cancel it immediately and inform the sender. Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For
RE: [EMAIL PROTECTED] problem compiling mod_deflate with SLES10 default zlib.
All, I have resolved this now. basically on your build server where you are compiling zlib make sure the following is installed: zlib-devel-1.2.3-15.2 this gives the correct libraries for compiling the product. None of the libraries are used for runtime though so they shouldn't be required on your production webservers. HTH Steve -Original Message- From: Foster, Stephen (ASPIRE) Sent: 06 September 2007 11:28 To: users@httpd.apache.org Subject: [EMAIL PROTECTED] problem compiling mod_deflate with SLES10 default zlib. Hi there, i have an issue are the moment compiling apache2.2.4 with mod_deflate as a shared module. I have the following configured: configure.sh: - has --with-z configure with the path to the zlib.h set as /usr , as the configure process wants to add /include to this path but won't search down into the linux subdirectory to find the zlib.h file. zlib packages: -- zlib-1.2.3-15.2 zlib-32bit-1.2.3-15.2 The zlib.h comes as part of glibc-devel-2.4-31.2 package and is located in /usr/include/linux When i run the configure script this complains with the following: configure:10474: gcc -o conftest -g -O2 -pthread -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -I$(top_builddir)/srclib/pcre -I. -I$(top_srcdir)/os/$(OS_DIR) -I$(top_srcdir)/server/mpm/$(MPM_SUBDIR_NAME) -I$(top_srcdir)/modules/http -I$(top_srcdir)/modules/filters -I$(top_srcdir)/modules/proxy -I$(top_srcdir)/include -I$(top_srcdir)/modules/generators -I$(top_srcdir)/modules/mappers -I$(top_srcdir)/modules/database -I/build/apache/httpd-2.2.4/srclib/apr/include -I/build/apache/httpd-2.2.4/srclib/apr-util/include -I/usr/include/include -L/usr/include/lib conftest.c -lm -lz 5 conftest.c:37:18: error: zlib.h: No such file or directory Has anyone got any pointers for configuring mod_deflate with the SLES10 default zlib? cheers Steve Steve Foster | Capgemini UK | Telford Shared Technology Services T. +44 (0) 1952 296664 | www.capgemini.com Internal: 46664 Together: the Collaborative Business Experience Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] problem compiling mod_deflate with SLES10 default zlib.
Whoops, i should have said where you are compiling apache with mod_deflate -Original Message- From: Foster, Stephen (ASPIRE) Sent: 11 September 2007 12:33 To: users@httpd.apache.org Subject: RE: [EMAIL PROTECTED] problem compiling mod_deflate with SLES10 default zlib. All, I have resolved this now. basically on your build server where you are compiling zlib make sure the following is installed: zlib-devel-1.2.3-15.2 this gives the correct libraries for compiling the product. None of the libraries are used for runtime though so they shouldn't be required on your production webservers. HTH Steve -Original Message- From: Foster, Stephen (ASPIRE) Sent: 06 September 2007 11:28 To: users@httpd.apache.org Subject: [EMAIL PROTECTED] problem compiling mod_deflate with SLES10 default zlib. Hi there, i have an issue are the moment compiling apache2.2.4 with mod_deflate as a shared module. I have the following configured: configure.sh: - has --with-z configure with the path to the zlib.h set as /usr , as the configure process wants to add /include to this path but won't search down into the linux subdirectory to find the zlib.h file. zlib packages: -- zlib-1.2.3-15.2 zlib-32bit-1.2.3-15.2 The zlib.h comes as part of glibc-devel-2.4-31.2 package and is located in /usr/include/linux When i run the configure script this complains with the following: configure:10474: gcc -o conftest -g -O2 -pthread -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -I$(top_builddir)/srclib/pcre -I. -I$(top_srcdir)/os/$(OS_DIR) -I$(top_srcdir)/server/mpm/$(MPM_SUBDIR_NAME) -I$(top_srcdir)/modules/http -I$(top_srcdir)/modules/filters -I$(top_srcdir)/modules/proxy -I$(top_srcdir)/include -I$(top_srcdir)/modules/generators -I$(top_srcdir)/modules/mappers -I$(top_srcdir)/modules/database -I/build/apache/httpd-2.2.4/srclib/apr/include -I/build/apache/httpd-2.2.4/srclib/apr-util/include -I/usr/include/include -L/usr/include/lib conftest.c -lm -lz 5 conftest.c:37:18: error: zlib.h: No such file or directory Has anyone got any pointers for configuring mod_deflate with the SLES10 default zlib? cheers Steve Steve Foster | Capgemini UK | Telford Shared Technology Services T. +44 (0) 1952 296664 | www.capgemini.com Internal: 46664 Together: the Collaborative Business Experience Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you
[EMAIL PROTECTED] problem compiling mod_deflate with SLES10 default zlib.
Hi there, i have an issue are the moment compiling apache2.2.4 with mod_deflate as a shared module. I have the following configured: configure.sh: - has --with-z configure with the path to the zlib.h set as /usr , as the configure process wants to add /include to this path but won't search down into the linux subdirectory to find the zlib.h file. zlib packages: -- zlib-1.2.3-15.2 zlib-32bit-1.2.3-15.2 The zlib.h comes as part of glibc-devel-2.4-31.2 package and is located in /usr/include/linux When i run the configure script this complains with the following: configure:10474: gcc -o conftest -g -O2 -pthread -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -I$(top_builddir)/srclib/pcre -I. -I$(top_srcdir)/os/$(OS_DIR) -I$(top_srcdir)/server/mpm/$(MPM_SUBDIR_NAME) -I$(top_srcdir)/modules/http -I$(top_srcdir)/modules/filters -I$(top_srcdir)/modules/proxy -I$(top_srcdir)/include -I$(top_srcdir)/modules/generators -I$(top_srcdir)/modules/mappers -I$(top_srcdir)/modules/database -I/build/apache/httpd-2.2.4/srclib/apr/include -I/build/apache/httpd-2.2.4/srclib/apr-util/include -I/usr/include/include -L/usr/include/lib conftest.c -lm -lz 5 conftest.c:37:18: error: zlib.h: No such file or directory Has anyone got any pointers for configuring mod_deflate with the SLES10 default zlib? cheers Steve Steve Foster | Capgemini UK | Telford Shared Technology Services T. +44 (0) 1952 296664 | www.capgemini.com Internal: 46664 Together: the Collaborative Business Experience Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] impossible restart apache2 in mod_ssl with 2 pass phrases
Hi, why not strip the passphrase from the keys and then protect the keys from prying eyes. e.g: http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#removepassphrase Then you will never be prompted for the passphrase on startup. its no less secure than calling a password from a script. HTH Steve -Original Message- From: Karim Hamed-abdelouahab [mailto:[EMAIL PROTECTED] Sent: 18 July 2007 14:01 To: users@httpd.apache.org Subject: [EMAIL PROTECTED] impossible restart apache2 in mod_ssl with 2 pass phrases Hello everbody, Environnement: Linux Fedora core 3, Apache/2.2.0 I wanna to restart everyday a apache2 server using a script. The crond should start the srcipt. The problem is that I have a pass phrase to secure each certificat. And I have more that two domains using differents certificats so using differents pass phrases to start properly. How can I do that? Indication: I have writen a shell script to restart the httpd server but for one certificat not for two. I used : SSLPassPhraseDialog exec:/usr/local/apache2/bin/passPhrase.sh And passPhrase script is very simple, it's a stdout of the passphrase. Thank you in advance. Karim - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Configuring a module twice
Why not just use the weblogic9.1 plugin to handle delegation to both the 8.1 and 9.1 servers, it is backwards compatible. you can then configure the module and use different Location blocks with different URI's mapping to different clusters. Steve -Original Message- From: apacheIndian [mailto:[EMAIL PROTECTED] Sent: 11 July 2007 12:18 To: users@httpd.apache.org Subject: [EMAIL PROTECTED] Configuring a module twice Hi, I have a requirement to configure weblogic plugin for Apache, more than once. first, the plugin provided by the Weblogic 8.1 and again the plugin provided by Weblogic 9.1 in the same apache config. The requests coming in need to be handled by these different plugins based on the url, for example 1) http://myserver.com/91example; should be handled by the WL9.1 module and sent to a cluster of Weblogic 9.1 servers 2) http://myserver.com/* (except /91example) should be handled by WL9.1 module and sent to a cluster of Weblogic 8.1 servers. Is there a way we can achieve this ? I have tried using Location directive, but how do we specify that different paths are handled by different modules ? Please help. Thanks -- View this message in context: http://www.nabble.com/Configuring-a-module-twice-tf4061165.html#a11538062 Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] TRACE and Apache 2.x
We never got this to work properly.We ended up moving to 2.0.55 and using the
traceenable feature:
http://httpd.apache.org/docs/2.0/mod/core.html#traceenable
-Original Message-
From: Jeroen Vriezen [mailto:[EMAIL PROTECTED]
Sent: 29 May 2007 09:57
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] TRACE and Apache 2.x
Hello,
Currently we are using Apache 2.0.46. On the 1.3.x version we always used the
following mod_rewrite rule to disable the TRACE option:
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
When using these rules on Apache 2.0.46, TRACE is still possible. Beside the
fact that the whole TRACK TRACE
security issue is not that interesting, I still wonder how TRACE can be
disabled in Apache 2.0.46. I've also tried the TraceEnable option but that
options seems to be supported in 2.0.55 and later only.
Hope someone can point me in the right direction.
Kind Regards,
Jeroen.
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Logging problem using mod_proxy and UsePreserveHost
Hi all,
i am utilising mod_proxy to serve locally held static content but to proxy any
other requests to a different service. This works fine however i am having
problems with the logging of requests. I have set up my logging format to pick
up the client IP address from the headers as the request goes through a
load-balancer first and adds the X-Forwarded-For header. e.g
Logformat %{%Y-%m-%d %H:%M:%S}t %{X-Forwarded-For}i %{host}i %r %s %b %D %q
%{User-Agent}i %{IR_PORTAL_COOKIE}C %{Referer}i ORU_extended
This results in a log file entry such as:
2007-04-23 09:16:13 10.101.212.165 dit3.x.y.uk GET /images/arrowRightGreen.gif
HTTP/1.1 200 828 498 Mozilla/5.0 (Windows; U; Windows NT 5.0; en-GB; rv:1.7.7)
Gecko/20050414 Firefox/1.0.3 -
https://dit3.x.y.uk/login?GAREASONCODE=-1GARESOURCEID=CommonGAURI=https://dit3.x.y.uk/homeReason=-1APPID=CommonURI=https://dit3.x.y.uk/home
This format works fine and logs the client IP and the host that the request is
intended to go to for locally served content such as gif's etc.
However for objects that get proxied of to the other backend servers i get a
log entry with the client IP added with a comma after it, e.g
2007-04-23 09:16:11 10.101.212.165, 10.101.212.165 dit3.x.y.uk GET
/login?GAREASONCODE=-1GARESOURCEID=CommonGAURI=https://dit3.x.y.uk/homeReason=-1APPID=CommonURI=https://dit3.x.y.uk/home
HTTP/1.1 200 9090 310672
?GAREASONCODE=-1GARESOURCEID=CommonGAURI=https://dit3.x.y.uk/homeReason=-1APPID=CommonURI=https://dit3.x.y.uk/home
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-GB; rv:1.7.7) Gecko/20050414
Firefox/1.0.3 - -
My proxy settings are:
# =
# Proxy control
# =
ProxyRequests Off
ProxyTimeout 30
ProxyPreserveHost On
Proxy *
Order deny,allow
Allow from all
/Proxy
ProxyPass /ClientObjects !
ProxyPass /ClientScripts !
ProxyPass /images !
ProxyPass /faq !
ProxyPass /js !
ProxyPass /style !
ProxyPass /error !
ProxyPass /server-status !
ProxyPass /heartbeat !
Location /
ProxyPass http://dit3_bigip_app_vip.x.y.uk:85/
ProxyPassReverse http://dit3_bigip_app_vip.x.y.uk:85/
/Location
Has anyone come across this issue before??? my concern is that it will cause
problems with log analysis software.
cheers
Steve
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Logging problem using mod_proxy and UsePreserveHost
Hi all,
i am utilising mod_proxy to serve locally held static content but to proxy any
other requests to a different service. This works fine however i am having
problems with the logging of requests. I have set up my logging format to pick
up the client IP address from the headers as the request goes through a
load-balancer first and adds the X-Forwarded-For header. e.g
Logformat %{%Y-%m-%d %H:%M:%S}t %{X-Forwarded-For}i %{host}i %r %s %b %D %q
%{User-Agent}i %{IR_PORTAL_COOKIE}C %{Referer}i ORU_extended
This results in a log file entry such as:
2007-04-23 09:16:13 10.101.212.165 dit3.x.y.uk GET /images/arrowRightGreen.gif
HTTP/1.1 200 828 498 Mozilla/5.0 (Windows; U; Windows NT 5.0; en-GB; rv:1.7.7)
Gecko/20050414 Firefox/1.0.3 -
https://dit3.x.y.uk/login?GAREASONCODE=-1GARESOURCEID=CommonGAURI=https://dit3.x.y.uk/homeReason=-1APPID=CommonURI=https://dit3.x.y.uk/home
This format works fine and logs the client IP and the host that the request is
intended to go to for locally served content such as gif's etc.
However for objects that get proxied of to the other backend servers i get a
log entry with the client IP added with a comma after it, e.g
2007-04-23 09:16:11 10.101.212.165, 10.101.212.165 dit3.x.y.uk GET
/login?GAREASONCODE=-1GARESOURCEID=CommonGAURI=https://dit3.x.y.uk/homeReason=-1APPID=CommonURI=https://dit3.x.y.uk/home
HTTP/1.1 200 9090 310672
?GAREASONCODE=-1GARESOURCEID=CommonGAURI=https://dit3.x.y.uk/homeReason=-1APPID=CommonURI=https://dit3.x.y.uk/home
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-GB; rv:1.7.7) Gecko/20050414
Firefox/1.0.3 - -
My proxy settings are:
# =
# Proxy control
# =
ProxyRequests Off
ProxyTimeout 30
ProxyPreserveHost On
Proxy *
Order deny,allow
Allow from all
/Proxy
ProxyPass /ClientObjects !
ProxyPass /ClientScripts !
ProxyPass /images !
ProxyPass /faq !
ProxyPass /js !
ProxyPass /style !
ProxyPass /error !
ProxyPass /server-status !
ProxyPass /heartbeat !
Location /
ProxyPass http://dit3_bigip_app_vip.x.y.uk:85/
ProxyPassReverse http://dit3_bigip_app_vip.x.y.uk:85/
/Location
Has anyone come across this issue before??? my concern is that it will cause
problems with log analysis software.
cheers
Steve
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Reverse Proxy Timeout (http/https)
Hi there,
i have implemented the following on my apache server for the proxytimeout
ProxyTimeout 120
And also set the following to catch the 502 error that mod_proxy gives when it
times out to the server being proxied to. This allows you to produce a branded
page to give to the client rather than the standard Bad Gateway error that is
produced.
e.g:
#
# Error Handling
# ===
ErrorDocument 502 /error/proxytimedout.htm
HTH
Steve
-Original Message-
From: Sim [mailto:[EMAIL PROTECTED]
Sent: 21 March 2007 08:56
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] Reverse Proxy Timeout (http/https)
Hi! I have configurated Apache in Reverse Proxy, for one Apche
front-end of MS Exchange 2003
This work very well, but some times I receved timeout errors from Exchange. [
The average of the most recent [200] heartbeat intervals used by
clients is less than or equal to [9]. Make sure that your firewall
configuration is set to work correctly with Exchange ActiveSync and
direct push technology. Specifically, make sure that your firewall is
configured so that requests to Exchange ActiveSync do not expire
before they have the opportunity to be processed.
http://www.eventid.net/display.asp?eventid=3033eventno=7241source=Server%20ActiveSyncphase=1
]
Is there a solution to increase http/https TimeOut session for reverse
proxy, or another solutions? For example KeepAlive?
Excuse me but I'm not expert in this Reverse Proxy method.
My config: ROUTERETH0-Apache Reverse
Proxy-ETH1---EXCHANGE (192.168.0.2)
-
ProxyRequests Off
ProxyPreserveHost On
SSLProxyEngine On
#OWA % character in email subject fix
RewriteEngine On
RewriteMap percentsubject int:escape
RewriteCond $1 ^/exchange/.*\%.*$
RewriteRule (/exchange/.*) ${percentsubject:$1} [P]
# à è ...
AddDefaultCharset utf-8
# OWA
Location /exchange
ProxyPass https://192.168.0.2/exchange
ProxyPassReverse https://192.168.0.2/exchange
SSLRequireSSL
/Location
Location /exchweb
ProxyPass https://192.168.0.2/exchweb
ProxyPassReverse https://192.168.0.2/exchweb
SSLRequireSSL
/Location
Location /public
ProxyPass https://192.168.0.2/public
ProxyPassReverse https://192.168.0.2/public
SSLRequireSSL
/Location
# OMA
Location /oma
ProxyPass https://192.168.0.2/oma
ProxyPassReverse https://192.168.0.2/oma
SSLRequireSSL
/Location
# ActiveSync (for WM5+ devices)
Location /Microsoft-Server-ActiveSync
ProxyPass http://192.168.0.2/Microsoft-Server-ActiveSync
ProxyPassReverse http://192.168.0.2/Microsoft-Server-ActiveSync
# SSLRequireSSL
/Location
-
Thanks!
Sim
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Serving local static content but proxying all others.
Hi there, I am implementing mod_proxy in order to send all requests to a proxy server but i want to be able to be able to serve some static content (mostly gifs, jpg's and CSS files) locally without proxying the requests to the proxy server. I am happy with the ability to setup mod_proxy but i don't want to maintain a list of URI's to be proxied in my apache configuration, likewise i don't want to have to re-configure apache if the developers add new directories or content types to the DocumentRoot directory. Is it possible to configure apache to serve content if it exists locally but if not to proxy it to a proxy server. I am basically trying to make the apache configuration as static as we possibly can but flexible enought do differentiate between local content and what is has to proxy. Has anyone got any experience of doing this? Cheers Steve - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Serving local static content but proxying all others.
Hi josh, thanks for your reply. I agree with your synopsis that it will be best to specify the static content directories explicitly and then just proxy everything. It just means that if they add any more static content directories then i'll have to add them to the exceptions list. cheers for your help Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Joshua Slive Sent: 20 March 2007 17:40 To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] Serving local static content but proxying all others. On 3/20/07, Foster, Stephen (ASPIRE) [EMAIL PROTECTED] wrote: I am happy with the ability to setup mod_proxy but i don't want to maintain a list of URI's to be proxied in my apache configuration, likewise i don't want to have to re-configure apache if the developers add new directories or content types to the DocumentRoot directory. Is it possible to configure apache to serve content if it exists locally but if not to proxy it to a proxy server. I am basically trying to make the apache configuration as static as we possibly can but flexible enought do differentiate between local content and what is has to proxy. Yes, you can do this using mod_rewrite. But it is complicated and involves checking the local filesystem on every request. But I would highly recommend just setting aside one directory as being local and excluding it from the ProxyPass: ProxyPass /local ! and then proxying everything else. Alternatively, proxy everything, including the static content, but make sure it has proper cache-control headers and use mod_disk_cache on the proxy to eliminate the speed hit. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] re-writing URI's
Hi there,
Does anybody have any ideas about the issues i am seeing below.
cheers
Steve
-Original Message-
From: Foster, Stephen (ASPIRE)
Sent: 22 December 2006 09:03
To: users@httpd.apache.org
Subject: RE: [EMAIL PROTECTED] re-writing URI's
Hi there,
i've tried that and had no joy, what i am trying now is to have a rewrite
condition based on the first part of the query string.
e.g:
RewriteCond %{QUERY_STRING} =?APPURI(.*)
RewriteRule APPURI=http: APPURI=https: [QSA,L]
However i can't get the rule to kick in for the condition, it seems to ignore
it (probably becauses its wrong !!) and tries to apply the rule to the uri. e.g
from the rewrite log:
10.101.212.165 - - [21/Dec/2006:13:04:35 +]
[dit.hmrc.gov.uk/sid#11b360][rid#9d7c88/initial] (3) applying pattern 'APPURI'
to uri '/service/validation/validator.js'
Any thoughts would be greatly appreciated
Steve
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Joshua
Slive
Sent: 15 December 2006 17:02
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] re-writing URI's
On 12/15/06, Foster, Stephen (ASPIRE) [EMAIL PROTECTED] wrote:
hi joshua,
sorry i should have been more specific. Its not actually our app but an
authentication plug-in and backend that changes the URI and then passes back
to the browser. There may be a bug in it that its capturing the incoming URL
and not able to re-write it to https before passing back. This is being
investigated by the provider but in the meantime i would like to re-write the
URI to the proper secure method.
does that make sense?
Sort of. But it is hard to tell where your authentication plug-in is
acting here. What I would do is simply tack a ? on the end of the URL
when redirecting from HTTP to HTTPS. This will eliminate the query
string and hopefully force your plug-in to recreate it. And it also
has the benefit of making sure your don't accidentally have people
submit sensitive information in the query string to the non-secure
server.
Joshua.
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
===
Our e-mail domain has now changed from iraspire.com to hmrcaspire.com. Please
update your address books.
===
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
===
Our e-mail domain has now changed from iraspire.com to hmrcaspire.com. Please
update your address books.
===
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] re-writing URI's
Hi there,
i've tried that and had no joy, what i am trying now is to have a rewrite
condition based on the first part of the query string.
e.g:
RewriteCond %{QUERY_STRING} =?APPURI(.*)
RewriteRule APPURI=http: APPURI=https: [QSA,L]
However i can't get the rule to kick in for the condition, it seems to ignore
it (probably becauses its wrong !!) and tries to apply the rule to the uri. e.g
from the rewrite log:
10.101.212.165 - - [21/Dec/2006:13:04:35 +]
[dit.hmrc.gov.uk/sid#11b360][rid#9d7c88/initial] (3) applying pattern 'APPURI'
to uri '/service/validation/validator.js'
Any thoughts would be greatly appreciated
Steve
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Joshua
Slive
Sent: 15 December 2006 17:02
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] re-writing URI's
On 12/15/06, Foster, Stephen (ASPIRE) [EMAIL PROTECTED] wrote:
hi joshua,
sorry i should have been more specific. Its not actually our app but an
authentication plug-in and backend that changes the URI and then passes back
to the browser. There may be a bug in it that its capturing the incoming URL
and not able to re-write it to https before passing back. This is being
investigated by the provider but in the meantime i would like to re-write the
URI to the proper secure method.
does that make sense?
Sort of. But it is hard to tell where your authentication plug-in is
acting here. What I would do is simply tack a ? on the end of the URL
when redirecting from HTTP to HTTPS. This will eliminate the query
string and hopefully force your plug-in to recreate it. And it also
has the benefit of making sure your don't accidentally have people
submit sensitive information in the query string to the non-secure
server.
Joshua.
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
===
Our e-mail domain has now changed from iraspire.com to hmrcaspire.com. Please
update your address books.
===
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] re-writing URI's
Good point well made,
the current rules are as follows:
non-secure handler:
# =
# Rewrite to HTTPS Settings
# =
RewriteCond %{REQUEST_URI} !=/heartbeat/heartbeat.htm
RewriteCond %{REQUEST_URI} !=/server-status
RewriteCond %{SERVER_PORT} !=443
RewriteRule ^/$ https://www.domain.com/home [R=301,L]
RewriteCond %{HTTP_HOST} !^www\.domain\.com [NC]
RewriteCond %{HTTP_HOST} !=
RewriteCond %{REQUEST_URI} !=/heartbeat/heartbeat.htm
RewriteRule ^/(.*) http://www.domain.com:%{SERVER_PORT}/$1 [R=301,L]
Secure Virtual host:
RewriteRule ^/$ https://www.domain.com/home [R=301,L]
The backend application catches the /home part and assesses whether the client
has already logged in and if not re-directs to /login which then returns the
URL/URI given in the original email further down this thread.
Hope that helps
Steve
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Joshua
Slive
Sent: 14 December 2006 15:07
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] re-writing URI's
On 12/14/06, Foster, Stephen (ASPIRE) [EMAIL PROTECTED] wrote:
Hi there,
i'm having a bit of trouble getting a rewrite rule for a URI to work.
Basically i have the following scenario,
The user enters http://www.domain.com and this gets intercepted by another
API and the browser gets a URL sent back with a URI added including the
original URL of http://www.domain.com , my re-writing rules then re-write the
first part to secure, i.e https://www.domain.com but the URI stays non-secure
,e.g http://www.domain.com
so the outcome to the browser is:
https://www.domain.com/login?APPURI=http://www.domain.com/home
What i need to do when i re-write the first part to secure is also to
intercept the URI and re-write this to secure if it comes back as non-secure,
so i need the URL being sent back to the browser to appear as follows:
https://www.domain.com/login?APPURI=https://www.domain.com/home
I know i can use the RewriteCond %{REQUEST_URI} context but need to be able
to tell it to find http: and re-write this to https: wherever it appears
in the URI in case the developers change it without me knowing. However if
needs be then i can intercept APPURI=http: and rewrite this to
APPURI=https:
Does that make sense to anybody??
Sure, it should be a relatively straightforward regex with
substitution. But I'm not going to try to guess at your entire
config. Show us what you've got already and we can perhaps tell you
what to add.
Joshua.
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
===
Our e-mail domain has now changed from iraspire.com to hmrcaspire.com. Please
update your address books.
===
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] re-writing URI's
hi joshua,
sorry i should have been more specific. Its not actually our app but an
authentication plug-in and backend that changes the URI and then passes back to
the browser. There may be a bug in it that its capturing the incoming URL and
not able to re-write it to https before passing back. This is being
investigated by the provider but in the meantime i would like to re-write the
URI to the proper secure method.
does that make sense?
cheers
Steve
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Joshua
Slive
Sent: 15 December 2006 14:19
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] re-writing URI's
On 12/15/06, Foster, Stephen (ASPIRE) [EMAIL PROTECTED] wrote:
Good point well made,
the current rules are as follows:
non-secure handler:
# =
# Rewrite to HTTPS Settings
# =
RewriteCond %{REQUEST_URI} !=/heartbeat/heartbeat.htm
RewriteCond %{REQUEST_URI} !=/server-status
RewriteCond %{SERVER_PORT} !=443
RewriteRule ^/$ https://www.domain.com/home [R=301,L]
RewriteCond %{HTTP_HOST} !^www\.domain\.com [NC]
RewriteCond %{HTTP_HOST} !=
RewriteCond %{REQUEST_URI} !=/heartbeat/heartbeat.htm
RewriteRule ^/(.*) http://www.domain.com:%{SERVER_PORT}/$1 [R=301,L]
Secure Virtual host:
RewriteRule ^/$ https://www.domain.com/home [R=301,L]
The backend application catches the /home part and assesses whether the
client has already logged in and if not re-directs to /login which then
returns the URL/URI given in the original email further down this thread.
Sorry, but I don't get it. You talked about a query string with
APPURI=http://www.domain.com/home getting added someplace. But I
don't see that above. If it is your application that is adding it,
then your application should be able to set the correct scheme.
Joshua.
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
===
Our e-mail domain has now changed from iraspire.com to hmrcaspire.com. Please
update your address books.
===
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] re-writing URI's
Hi there,
i'm having a bit of trouble getting a rewrite rule for a URI to work.
Basically i have the following scenario,
The user enters http://www.domain.com and this gets intercepted by another API
and the browser gets a URL sent back with a URI added including the original
URL of http://www.domain.com , my re-writing rules then re-write the first part
to secure, i.e https://www.domain.com but the URI stays non-secure ,e.g
http://www.domain.com
so the outcome to the browser is:
https://www.domain.com/login?APPURI=http://www.domain.com/home
What i need to do when i re-write the first part to secure is also to intercept
the URI and re-write this to secure if it comes back as non-secure, so i need
the URL being sent back to the browser to appear as follows:
https://www.domain.com/login?APPURI=https://www.domain.com/home
I know i can use the RewriteCond %{REQUEST_URI} context but need to be able to
tell it to find http: and re-write this to https: wherever it appears in
the URI in case the developers change it without me knowing. However if needs
be then i can intercept APPURI=http: and rewrite this to APPURI=https:
Does that make sense to anybody??
Cheers
Steve
Steve Foster | Capgemini | Telford
Shared Technology Services
T. +44 (0) 1952 296664 | www.capgemini.com
Internal: 46664
Join the Collaborative Business Experience
===
Our e-mail domain has now changed from iraspire.com to hmrcaspire.com. Please
update your address books.
===
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] spawned processes using new config files.
Hi all, I have situation where i have Apache 2.0.55 configured using the worker process model and this is running using a particular configuration file. Prior to an outage i want to deliver a new config file to the server in readiness for a server restart during my outage window. my question though is if we are using a process model that spawns new processes do these spawned processes read the new config file from disk or do they read it from the parent processes memory , if they read from memory then i am cool because i can update the config prior to the outage and then just restart to read it in, otherwise if it reads from disk i am going to have to deliver during the outage. any help would be greatly appreciated. cheers Steve Steve Foster | Capgemini | Telford Shared Technology Services T. +44 (0) 1952 296664 | www.capgemini.com Internal: 46664 Join the Collaborative Business Experience === Our e-mail domain has now changed from iraspire.com to hmrcaspire.com. Please update your address books. === - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] re-write rules
cheers owen,
Thats a useful repository to check.
Thanks
Steve
-Original Message-
From: Boyle Owen [mailto:[EMAIL PROTECTED]
Sent: 21 November 2006 12:12
To: users@httpd.apache.org
Subject: RE: [EMAIL PROTECTED] re-write rules
-Original Message-
From: Foster, Stephen (ASPIRE) [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 21, 2006 12:58 PM
To: users@httpd.apache.org
Subject: RE: [EMAIL PROTECTED] re-write rules
Hi there,
someone posted me a potential fix for this issue in this
thread, however having had mailbox problems it has
disappeared, could someone check their mailbox and see if
they have the rest of the thread.
Your thread is here:
http://marc.theaimsgroup.com/?l=apache-httpd-usersm=116117751501364w=2
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.
many thanks
Steve
-Original Message-
From: Foster, Stephen (ASPIRE)
Sent: 18 October 2006 14:45
To: users@httpd.apache.org
Subject: RE: [EMAIL PROTECTED] re-write rules
hi there,
yes i meant HTTPS ..sorry...
Requests that do work:
a: http://your.domain.com - re-directs to
https://your.domain.com/home
b: http://your.domain.com/heartbeat/heartbeat.htm - returns
file to browser with 200 code
c: http://your.domain.com/server-status - returns
server-status to browser with 200 code
d: http://www.your.domain.com/whatever - redirects to http
because it doesn't match the right incoming domainname and
then to https://your.domain.com/whatever
e: https://your.domain.com - gives 404
f: https://your.domain.com/ - gives 404
does that help?
Cheers
Steve
-Original Message-
From: Boyle Owen [mailto:[EMAIL PROTECTED]
Sent: 18 October 2006 14:29
To: users@httpd.apache.org
Subject: RE: [EMAIL PROTECTED] re-write rules
-Original Message-
From: Foster, Stephen (ASPIRE) [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 18, 2006 3:18 PM
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] re-write rules
hi there,
i am having a slight issue with re-write rules, i have it
setup so that any requests that are not HTTP get re-sent to
do you mean HTTPS ?
HTTPS. However if i connect using https://your.domain.com or
https://your.domain.com/ i get a page not found,
But do you have a DirectoryIndex defined for the HTTPS VH?
so i need to
be able to catch that its https but that there is no request
and to send it to https://your.domain.com/home.
my current rules are:
These are the rules for the HTTP VH, correct?
# =
# Rewrite to HTTPS Settings
# =
RewriteCond %{REQUEST_URI} !=/heartbeat/heartbeat.htm
RewriteCond %{REQUEST_URI} !=/server-status
RewriteCond %{SERVER_PORT} !=443
RewriteRule ^/$ https://your.domain.com/home [R=301,L]
RewriteCond %{HTTP_HOST} !^your\.domain\.com [NC]
RewriteCond %{HTTP_HOST} !=
RewriteCond %{REQUEST_URI} !=/heartbeat/heartbeat.htm
RewriteRule ^/(.*)
http://your.domain.com:%{SERVER_PORT}/$1 [R=301,L]
The first rules handles the fact that i have to serve
heartbeat.htm and server-status as port 80 requests but
anything else thats not HTTPS goes to HTTPS.
The second rule matches the incoming domain request to
re-write to the correct domain, but allows heartbeat.htm to
send a 200 status code rather than a 301.
I read this three times but couldn't understand what your problem is.
Please specify:
- example input/output URLs that work
- example input/output URLs that don't work and why not.
eg
request A
get B - as expected
request C
get D - expected/want E
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.
Any thoughts would be greatly appreciated
cheers
Steve
Steve Foster | Capgemini | Telford
Shared Technology Services
T. +44 (0) 1952 296664 | www.capgemini.com
Internal: 46664
Join the Collaborative Business Experience
===
Our e-mail domain has now changed from iraspire.com to
hmrcaspire.com. Please update your address books.
===
-
The official User-To-User support forum of the Apache HTTP
Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
This message is for the named person's use only. It may
contain confidential, proprietary or legally privileged
information. No confidentiality or privilege is waived or
lost by any mistransmission. If you receive this message in
error, please
RE: [EMAIL PROTECTED] re-write rules
Hi there,
someone posted me a potential fix for this issue in this thread, however having
had mailbox problems it has disappeared, could someone check their mailbox and
see if they have the rest of the thread.
many thanks
Steve
-Original Message-
From: Foster, Stephen (ASPIRE)
Sent: 18 October 2006 14:45
To: users@httpd.apache.org
Subject: RE: [EMAIL PROTECTED] re-write rules
hi there,
yes i meant HTTPS ..sorry...
Requests that do work:
a: http://your.domain.com - re-directs to https://your.domain.com/home
b: http://your.domain.com/heartbeat/heartbeat.htm - returns file to browser
with 200 code
c: http://your.domain.com/server-status - returns server-status to browser
with 200 code
d: http://www.your.domain.com/whatever - redirects to http because it doesn't
match the right incoming domainname and then to https://your.domain.com/whatever
e: https://your.domain.com - gives 404
f: https://your.domain.com/ - gives 404
does that help?
Cheers
Steve
-Original Message-
From: Boyle Owen [mailto:[EMAIL PROTECTED]
Sent: 18 October 2006 14:29
To: users@httpd.apache.org
Subject: RE: [EMAIL PROTECTED] re-write rules
-Original Message-
From: Foster, Stephen (ASPIRE) [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 18, 2006 3:18 PM
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] re-write rules
hi there,
i am having a slight issue with re-write rules, i have it
setup so that any requests that are not HTTP get re-sent to
do you mean HTTPS ?
HTTPS. However if i connect using https://your.domain.com or
https://your.domain.com/ i get a page not found,
But do you have a DirectoryIndex defined for the HTTPS VH?
so i need to
be able to catch that its https but that there is no request
and to send it to https://your.domain.com/home.
my current rules are:
These are the rules for the HTTP VH, correct?
# =
# Rewrite to HTTPS Settings
# =
RewriteCond %{REQUEST_URI} !=/heartbeat/heartbeat.htm
RewriteCond %{REQUEST_URI} !=/server-status
RewriteCond %{SERVER_PORT} !=443
RewriteRule ^/$ https://your.domain.com/home [R=301,L]
RewriteCond %{HTTP_HOST} !^your\.domain\.com [NC]
RewriteCond %{HTTP_HOST} !=
RewriteCond %{REQUEST_URI} !=/heartbeat/heartbeat.htm
RewriteRule ^/(.*) http://your.domain.com:%{SERVER_PORT}/$1 [R=301,L]
The first rules handles the fact that i have to serve
heartbeat.htm and server-status as port 80 requests but
anything else thats not HTTPS goes to HTTPS.
The second rule matches the incoming domain request to
re-write to the correct domain, but allows heartbeat.htm to
send a 200 status code rather than a 301.
I read this three times but couldn't understand what your problem is.
Please specify:
- example input/output URLs that work
- example input/output URLs that don't work and why not.
eg
request A
get B - as expected
request C
get D - expected/want E
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.
Any thoughts would be greatly appreciated
cheers
Steve
Steve Foster | Capgemini | Telford
Shared Technology Services
T. +44 (0) 1952 296664 | www.capgemini.com
Internal: 46664
Join the Collaborative Business Experience
===
Our e-mail domain has now changed from iraspire.com to
hmrcaspire.com. Please update your address books.
===
-
The official User-To-User support forum of the Apache HTTP
Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
This message is for the named person's use only. It may contain confidential,
proprietary or legally privileged information. No confidentiality or privilege
is waived or lost by any mistransmission. If you receive this message in error,
please notify the sender urgently and then immediately delete the message and
any copies of it from your system. Please also immediately destroy any
hardcopies of the message. You must not, directly or indirectly, use, disclose,
distribute, print, or copy any part of this message if you are not the intended
recipient. The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this message are
those of the individual sender, except where the message states otherwise and
the sender is authorised to state them to be the views of the sender's company.
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http
[EMAIL PROTECTED] re-write rules
hi there,
i am having a slight issue with re-write rules, i have it setup so that any
requests that are not HTTP get re-sent to HTTPS. However if i connect using
https://your.domain.com or https://your.domain.com/ i get a page not found, so
i need to be able to catch that its https but that there is no request and to
send it to https://your.domain.com/home.
my current rules are:
# =
# Rewrite to HTTPS Settings
# =
RewriteCond %{REQUEST_URI} !=/heartbeat/heartbeat.htm
RewriteCond %{REQUEST_URI} !=/server-status
RewriteCond %{SERVER_PORT} !=443
RewriteRule ^/$ https://your.domain.com/home [R=301,L]
RewriteCond %{HTTP_HOST} !^your\.domain\.com [NC]
RewriteCond %{HTTP_HOST} !=
RewriteCond %{REQUEST_URI} !=/heartbeat/heartbeat.htm
RewriteRule ^/(.*) http://your.domain.com:%{SERVER_PORT}/$1 [R=301,L]
The first rules handles the fact that i have to serve heartbeat.htm and
server-status as port 80 requests but anything else thats not HTTPS goes to
HTTPS.
The second rule matches the incoming domain request to re-write to the correct
domain, but allows heartbeat.htm to send a 200 status code rather than a 301.
Any thoughts would be greatly appreciated
cheers
Steve
Steve Foster | Capgemini | Telford
Shared Technology Services
T. +44 (0) 1952 296664 | www.capgemini.com
Internal: 46664
Join the Collaborative Business Experience
===
Our e-mail domain has now changed from iraspire.com to hmrcaspire.com. Please
update your address books.
===
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] re-write rules
hi there,
yes i meant HTTPS ..sorry...
Requests that do work:
a: http://your.domain.com - re-directs to https://your.domain.com/home
b: http://your.domain.com/heartbeat/heartbeat.htm - returns file to browser
with 200 code
c: http://your.domain.com/server-status - returns server-status to browser
with 200 code
d: http://www.your.domain.com/whatever - redirects to http because it doesn't
match the right incoming domainname and then to https://your.domain.com/whatever
e: https://your.domain.com - gives 404
f: https://your.domain.com/ - gives 404
does that help?
Cheers
Steve
-Original Message-
From: Boyle Owen [mailto:[EMAIL PROTECTED]
Sent: 18 October 2006 14:29
To: users@httpd.apache.org
Subject: RE: [EMAIL PROTECTED] re-write rules
-Original Message-
From: Foster, Stephen (ASPIRE) [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 18, 2006 3:18 PM
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] re-write rules
hi there,
i am having a slight issue with re-write rules, i have it
setup so that any requests that are not HTTP get re-sent to
do you mean HTTPS ?
HTTPS. However if i connect using https://your.domain.com or
https://your.domain.com/ i get a page not found,
But do you have a DirectoryIndex defined for the HTTPS VH?
so i need to
be able to catch that its https but that there is no request
and to send it to https://your.domain.com/home.
my current rules are:
These are the rules for the HTTP VH, correct?
# =
# Rewrite to HTTPS Settings
# =
RewriteCond %{REQUEST_URI} !=/heartbeat/heartbeat.htm
RewriteCond %{REQUEST_URI} !=/server-status
RewriteCond %{SERVER_PORT} !=443
RewriteRule ^/$ https://your.domain.com/home [R=301,L]
RewriteCond %{HTTP_HOST} !^your\.domain\.com [NC]
RewriteCond %{HTTP_HOST} !=
RewriteCond %{REQUEST_URI} !=/heartbeat/heartbeat.htm
RewriteRule ^/(.*) http://your.domain.com:%{SERVER_PORT}/$1 [R=301,L]
The first rules handles the fact that i have to serve
heartbeat.htm and server-status as port 80 requests but
anything else thats not HTTPS goes to HTTPS.
The second rule matches the incoming domain request to
re-write to the correct domain, but allows heartbeat.htm to
send a 200 status code rather than a 301.
I read this three times but couldn't understand what your problem is.
Please specify:
- example input/output URLs that work
- example input/output URLs that don't work and why not.
eg
request A
get B - as expected
request C
get D - expected/want E
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.
Any thoughts would be greatly appreciated
cheers
Steve
Steve Foster | Capgemini | Telford
Shared Technology Services
T. +44 (0) 1952 296664 | www.capgemini.com
Internal: 46664
Join the Collaborative Business Experience
===
Our e-mail domain has now changed from iraspire.com to
hmrcaspire.com. Please update your address books.
===
-
The official User-To-User support forum of the Apache HTTP
Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
This message is for the named person's use only. It may contain confidential,
proprietary or legally privileged information. No confidentiality or privilege
is waived or lost by any mistransmission. If you receive this message in error,
please notify the sender urgently and then immediately delete the message and
any copies of it from your system. Please also immediately destroy any
hardcopies of the message. You must not, directly or indirectly, use, disclose,
distribute, print, or copy any part of this message if you are not the intended
recipient. The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this message are
those of the individual sender, except where the message states otherwise and
the sender is authorised to state them to be the views of the sender's company.
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
===
Our e-mail domain has now changed from iraspire.com to hmrcaspire.com. Please
update your address books
RE: [EMAIL PROTECTED] mod_jk help
Hi there, How about this: http://tomcat.apache.org/connectors-doc/howto/apache.html This details mod_jk which is used to send requests for tomcat based on the request type. I have used this before and it works a treat. HTH Steve -Original Message- From: long [mailto:[EMAIL PROTECTED] Sent: 26 September 2006 05:52 To: users@httpd.apache.org Subject: [EMAIL PROTECTED] mod_jk help I'd looked and searched the internet and found nothing that tell me how to configure apache to look for static files at its side and if it can't find them then forward requrests to tomcat. I was hoping if someone can help me. I have a redhat linux box with apache2.0.x and tomcat 5.5 with jdk 4.1.x. My mod_jk configurations are working to a degree. Apache is serving all static contents and tomcat is serving all dynamic contents. The problem is that if any of the static contents got put into tomcat, they will not be found. SInce tomcat can also serve static contents, I'll like apache to forward the requests to tomcat as a kind of failover approach. Clusting and load-balancing is pretty much out of the picture. Thanks in advance, Long _ Do you Yahoo!? Get on board. You're http://us.rd.yahoo.com/evt=40791/*http://advision.webevents.yahoo.com/mailbeta invited to try the new Yahoo! Mail. === Our e-mail domain has now changed from iraspire.com to hmrcaspire.com. Please update your address books. === - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Help with re-write rules
Hi robert,
thanks for this, it has been a great help. It now serves the pages as i want
them without any extraneous entries in the log files. Our application
proxies directly to weblogic using the /home context which is why i want all
requests to land at that point except , obviously, for the heartbeat and
server-status pages.
many thanks for your input.
Steve
-Original Message-
From: Robert Ionescu [mailto:[EMAIL PROTECTED]
Sent: 14 August 2006 20:36
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] Help with re-write rules
Foster, Stephen (ASPIRE) wrote:
# =
# Rewrite to HTTPS Settings
# =
RewriteCond %{HTTP_HOST} !^online\.domain\.com [NC]
RewriteCond %{HTTP_HOST} !^$
Use lexicographically equal (!=) here instead of a regular expression
RewriteRule ^/(.*) http://online.domain.com:%{SERVER_PORT}/$1 [R]
RewriteCond %{REQUEST_URI} !^/heartbeat/heartbeat.htm
RewriteCond %{REQUEST_URI} !^/server-status
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*)$ https://%{SERVER_NAME}/home [R,L]
Why are you using Server_Name, if you force this to be
online.domain.com or online.domain.com:%{SERVER_PORT}. Should every
request really go to /home?
I think you're looking for something like
# =
# Rewrite to HTTPS Settings
# =
RewriteCond %{REQUEST_URI} !=/heartbeat/heartbeat.htm
RewriteCond %{REQUEST_URI} !=/server-status
RewriteCond %{SERVER_PORT} !=443
RewriteRule ^/(.*)$ https://online.domain.com/$1 [R=301,L]
RewriteRule ^/$ https://online.domain.com/home [R=301,L]
RewriteCond %{HTTP_HOST} !^online\.domain\.com [NC]
RewriteCond %{HTTP_HOST} !=
RewriteRule ^/(.*) http://online.domain.com:%{SERVER_PORT}/$1 [R=301,L]
--
Robert
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
===
Our e-mail domain has now changed from iraspire.com to hmrcaspire.com. Please
update your address books.
===
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Help with re-write rules
hi joshua,
yes i guess it doesn't read very well, basically i was trying to say that
the pages are being served okay and the browser does not get re-directed to
our /home application however apache seems to continue to process the rules
and connect to the application but doesn't pass it back to the browser.
I think we now have a good set of rules with the help of Robert Ionescu
which work as i need them to.
many thanks for everybodies help on this.
cheers
Steve
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Joshua
Slive
Sent: 14 August 2006 17:02
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] Help with re-write rules
On 8/14/06, Foster, Stephen (ASPIRE) [EMAIL PROTECTED] wrote:
RewriteCond %{HTTP_HOST} !^online\.domain\.com [NC]
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^/(.*) http://online.domain.com:%{SERVER_PORT}/$1 [R]
RewriteCond %{REQUEST_URI} !^/heartbeat/heartbeat.htm
RewriteCond %{REQUEST_URI} !^/server-status
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*)$ https://%{SERVER_NAME}/home [R,L]
This works mostly right and will serve the non-secure URL's properly,
however they are then continuing on to process the rule for 80-443 , but
not actually re-directing the browser, but does appear in the access logs.
Any help on the right way forward for this would be great.
Hmmm... Can you reread that last paragraph again. It doesn't make any
sense to me and is grammatically very ambiguous. Exactly what problem
are you having? Exactly what do the requests look like, and exactly
what do you see in the access log and rewrite log?
Joshua.
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
===
Our e-mail domain has now changed from iraspire.com to hmrcaspire.com. Please
update your address books.
===
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Help with re-write rules
hi all,
quick newbie question if i may. I have been playing about with re-write
rules today in order to acheive the behaviour i want, the situation i
currently have is that i need to match and effect the following:
1: All requests to something other than the the FQDN should be written to
the FQDN. e.g customer access site using http://www.domain.com , i rewrite
customer to http://online.domain.com
2: All requests that are non-secure are written to secure. e.g URL becomes
https://online.domain.com
3: i must be able to support non-secure requests to certain URL's e.g
http://online.domain.com/heartbeat/heartbeat.htm and
http://online.domain.com/server-status
The current ruleset i am using is as follows:
# =
# Rewrite to HTTPS Settings
# =
RewriteCond %{HTTP_HOST} !^online\.domain\.com [NC]
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^/(.*) http://online.domain.com:%{SERVER_PORT}/$1 [R]
RewriteCond %{REQUEST_URI} !^/heartbeat/heartbeat.htm
RewriteCond %{REQUEST_URI} !^/server-status
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*)$ https://%{SERVER_NAME}/home [R,L]
This works mostly right and will serve the non-secure URL's properly,
however they are then continuing on to process the rule for 80-443 , but
not actually re-directing the browser, but does appear in the access logs.
Any help on the right way forward for this would be great.
many thanks in advance
Steve
Steve Foster | Capgemini | Telford
Shared Technology Services
T. +44 (0) 1952 296664 | www.capgemini.com
Internal: 46664
Join the Collaborative Business Experience
===
Our e-mail domain has now changed from iraspire.com to hmrcaspire.com. Please
update your address books.
===
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
