RE: [us...@httpd] Timestamps of access log entries
Hi there, I've not had any responses to this problem so I assume no one else has the same issues. Any offers? I've already tried changing the timestamp strings in the log format to localized but this appears to have made no difference... Cheers Steve From: Foster, Stephen (ASPIRE) Sent: 07 April 2010 13:25 To: users@httpd.apache.org Subject: [us...@httpd] Timestamps of access log entries Hi there, I am having troubles with the switch over between GMT and BST with respect to the entries going in the log files, I am using apache 2.0.55 BTW. The timezones on our servers are set to GB and during British Wintertime the log file entries are stamped correctly, however when moving to BST I have to add the following to the apache startup script to get the timestamps in BST format. TZ=GMT0BST export TZ And obviously remember to take this out when returning back to GMT in October. For the actual logfile configuration I use the following: Logformat %{%Y-%m-%d %H:%M:%S}t %{X-Forwarded-For}i %{host}i %r %s %b %D %q %{User-Agent}i %{IR_PORTAL_COOKIE}C %{Referer}i ORU_extended CustomLog |/opt/app/apache/bin/rotatelogs /opt/app/apache/logs/site_access_log.%Y-%m-%d 86400 ORU_extended Is there any other way of ensuring the correct localtime gets put into the logfile entries?? I have tried using %X in place of %H:%M:%S but this has no effect. Cheers Steve Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
[us...@httpd] Timestamps of access log entries
Hi there, I am having troubles with the switch over between GMT and BST with respect to the entries going in the log files, I am using apache 2.0.55 BTW. The timezones on our servers are set to GB and during British Wintertime the log file entries are stamped correctly, however when moving to BST I have to add the following to the apache startup script to get the timestamps in BST format. TZ=GMT0BST export TZ And obviously remember to take this out when returning back to GMT in October. For the actual logfile configuration I use the following: Logformat %{%Y-%m-%d %H:%M:%S}t %{X-Forwarded-For}i %{host}i %r %s %b %D %q %{User-Agent}i %{IR_PORTAL_COOKIE}C %{Referer}i ORU_extended CustomLog |/opt/app/apache/bin/rotatelogs /opt/app/apache/logs/site_access_log.%Y-%m-%d 86400 ORU_extended Is there any other way of ensuring the correct localtime gets put into the logfile entries?? I have tried using %X in place of %H:%M:%S but this has no effect. Cheers Steve Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
[us...@httpd] Authorisation using LDAP
Hi there, I'm wanting to configure apache to provide authorisation using LDAP, my users already authenticate via another method so I only want to authorize access if the user belongs to a particular group or role. And I want to apply this access to both static content in my DocumentRoot and also to allow the users to then be proxied onwards. Does anyone have any examples of configuration for providing authorisation only, all examples I have found related to authentication and then authorization and I can't get it to work. Cheers in advance Steve Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
[us...@httpd] Securing forward proxy for CONNECT
Hi there, I am using apache to proxy https requests to a remote server using the AllowCONNECT method and am using ProxyRemote to send everything. What I really need to do is limit what the proxy will send but everything I try is not giving me what I want. Client issues the request for https://www.anotherdomain.com:8444/URL after setting their browser proxy settings to my proxy server. Which is fine and gets proxied using the CONNECT Method, but if the browser issues any other request, e.g hourly RSS get, different homepage on startup etc. then these all get sent to the Proxy and onwards. This is okay but I want the proxy to stop these requests unless they match the URI specified. My current config is as follows: ProxyRequests On ProxyTimeout 60 Proxy * Order Allow,Deny Allow from all /Proxy ProxyPass /server-status ! ProxyRemote * http://a.n.otherproxy:8080 AllowCONNECT 8444 I have tried using the mod_setenvif to set access control,e.g: SetEnvIf Request_URI ^/URL/* let_me_in Proxy * Order Deny,Allow Deny from all Allow from env=let_me_in /Proxy However this only seems to work on straight HTTP calls and not on the CONNECT method. Any ideas? Cheers Steve Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
[us...@httpd] proxying SSL requests over a non-SSL connection.
Hi there, I've got an issue that may not actually be technically solveable. I need to send a users request for a URI to a remote server via my own apache proxy, but there are some complications to this. The user will issue the URL http://my.proxy.co.uk:8080/WEB The remote system expects to see the full URL combination as https://remote.me.int:8444/WEB (NOTE: HTTPS!!) However I have to proxy this through a remote proxy that only supports HTTP, e.g http://gateway:1998 http://gateway:1998/ , this proxy also needs user/password authentication!!! My current configuration is as follows: Rewriterule to rewrite the incoming URL and re-write it to https://remote.me.int:8444/WEB and has a P flag at the end of the rule to send it to the Proxy engine. The proxy engine then has a ProxyRemote rule to send everything to the remote proxy. The problems I have with this is that the connection made to the remote proxy is in HTTPS, rather than HTTP, it doesn't support HTTPS!! I am under the assumption that the user/password authentication will be made via a webform so I can sort that on the clients browser, my main issue is how to tunnel the HTTPS connection without it being refused by the HTTP proxy. Anyone got any ideas?? Is this technically do-able with Apache??, anyone done this before? Cheers in advance Steve Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
RE: [us...@httpd] Information in mod_status to text file
Why not have a look at log_server_status , google it.. It's a useful perl script that can be used to connect to the server and output the metrics into a logfile for then graphing against. It comes with a very basic set of reports but its quite easy to modify to collect further fields of information to see what the statistical behaviour of the webserver is. HTH Steve Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
RE: [us...@httpd] Information in mod_status to text file
For example, the standard script comes with the following: while (S) { $requests=$1 if ( m|^BusyWorkers:\ (\S+)|); $idle=$1 if ( m|^IdleWorkers:\ (\S+)|); $number=$1 if ( m|Total Accesses:\ (\S+)|); $cpu=$1 if (m|^CPULoad:\ (\S+)|); } print OUT $time,$requests,$idle,$number,$cpu\n; I modified this to get the following data: while (S) { $accesses=$1 if ( m|^Total Accesses:\ (\S+)|); $kbytes=$1 if ( m|^Total kBytes:\ (\S+)|); $cpuload=$1 if ( m|^CPULoad:\ (\S+)|); $uptime=$1 if ( m|Uptime:\ (\S+)|); $reqpersec=$1 if (m|^ReqPerSec:\ (\S+)|); $bytespersec=$1 if (m|^BytesPerSec:\ (\S+)|); $bytesperreq=$1 if (m|^BytesPerReq:\ (\S+)|); $busyworkers=$1 if (m|^BusyWorkers:\ (\S+)|); $idleworkers=$1 if (m|^IdleWorkers:\ (\S+)|); } print OUT $time,$accesses,$kbytes,$cpuload,$uptime,$reqpersec,$bytespersec,$bytes perreq,$busyworkers,$idleworkers\n; So its very useful for seeing if you run out of resources and what your throughput is looking like. HTH Steve From: Foster, Stephen (ASPIRE) Sent: 08 June 2009 14:22 To: users@httpd.apache.org Subject: RE: [us...@httpd] Information in mod_status to text file Why not have a look at log_server_status , google it.. It's a useful perl script that can be used to connect to the server and output the metrics into a logfile for then graphing against. It comes with a very basic set of reports but its quite easy to modify to collect further fields of information to see what the statistical behaviour of the webserver is. HTH Steve Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
RE: [us...@httpd] Information in mod_status to text file
From: ricardo figueiredo [mailto:ricardoogra...@gmail.com] Sent: 08 June 2009 14:33 To: users@httpd.apache.org Subject: Re: [us...@httpd] Information in mod_status to text file Hi all, thank you by code. But, what's log_server_status ?? a program ?? I google it, but didn't find it. Ricardo You can google it, I just have...http://www.google.co.uk/search?hl=enq=log_server_statusmeta=aq =foq= But it may prove difficult to find the actual code, apache documentation suggests it gets built when you compile apache from source, but I never got it to work. I found it on the web under a CVS source repository and cut and pasted it over. If you get stuck I can send you the code to put into a file. Its only a perl script. Steve Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
[us...@httpd] ProxyTimeout question
Hi there, I have a quick question about the ProxyTimeout value. Does the value equate to the maximum amount of time it takes for the endpoint to make an initial response or does it relate to the whole time it would take to satisfy a request. For example I have a fairly quick responding endpoint so I have the timeout value set at 30 seconds so that if the endpoint goes away I can return a timeout response after 30 seconds is up. But I have also got clients on dialup lines who are going to be downloading large files from the endpoint through my mod_proxy which will take longer than the 30 seconds currently specified. I believe the value relates to the initial response but I would like clarification is anyone can provide it. Many thanks in advance Steve Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
[us...@httpd] Adding headers based on Content-Type
Hi there, I have as situation where I need to add custom headers when the response is of a certain type, for example: If the response type is text/html I want to add a header of Content-Style-Type text/css If the response type is anything other that text/html then don't add anything. Now adding the header is no problem at all but I am struggling to find how to match whether the response type is text/html I can match a filetype no problem, e.g FilesMatch \.(html|htm)$ Header set Content-Style-Type text/css /FilesMatch But the content type will be sent back by dynamic content so that code chunk will not be valid. Anybody have any ideas? Cheers in advance Steve Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
[us...@httpd] Logfile size in apache2.2.8
Hi there, Does Apache 2.2.8 support logfiles over 2Gb in size now? I know it provides large file support for files being served but there is no mention of the size of the logfiles. Our current 2.0.55 version has a limitation of logfiles of only 2Gb in size when using rotatelogs. Cheers Steve Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
RE: [EMAIL PROTECTED] V 2.2.9: configure: WARNING: Unrecognized options: --enable-mod etc
Hi ron, I don't think --enable-mod is a valid argument to the configure command. You should be specifying the module explicitly, e.g --enable-expires etc.. To make it easier on yourself you could do what I do and put your configure command line into a shell script called configure.sh, then you can quickly make changes to this and re-run the configure.sh script. E.g mine below: # more configure.sh ./configure --prefix=/opt/app/apache2.2.8 \ --with-mpm=worker \ --with-ldap \ --with-ldap-lib=/usr/lib64 \ --with-ldap-include=/usr/include \ --enable-mods-shared=all \ --disable-charset-lite \ --disable-include \ --disable-env \ --disable-setenvif \ --disable-status \ --disable-autoindex \ --disable-asis \ --disable-cgi \ --disable-cgid \ --disable-negotiation \ --disable-imagemap \ --disable-actions \ --disable-userdir \ --disable-alias \ --enable-dir \ --enable-rewrite \ --enable-mime \ --enable-so \ --enable-logio \ --enable-expires \ --enable-headers \ --enable-authz_host \ --enable-authn_file \ --with-ssl=/usr/local/ssl \ --enable-mods-shared='actions alias asis auth_basic auth_digest authn_alias auth n_anon authn_dbd authn_dbm authn_default authnz_ldap authz_dbm authz_default aut hz_groupfile authz_owner authz_user autoindex cache cern_meta cgi cgid charset_l ite dav dav_fs dav_lock dbd deflate disk_cache dumpio echo env example ext_filte r file_cache filter ident imagemap include info isapi ldap log_forensic mem_cach e mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http setenvif speling ssl status suexec unique_id userdir usertrack versio n vhost_alias' Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Logging query strings from a re-write rule
Hi there, I think you may have misunderstood the issue. Functionally my re-write rule is working okay but its logging the query string of the URL that I am sending the browser to. If that makes sense.. Steve -Original Message- From: Francois Gingras [mailto:[EMAIL PROTECTED] Sent: 10 July 2008 14:16 To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] Logging query strings from a re-write rule Steve, Without digging too much in your particular issue, note that RewriteCond will only match the query string if you use %{QUERY_STRING}; You can check the following guide for examples: http://wiki.apache.org/httpd/RewriteQueryString Frank On 7/10/08, Foster, Stephen (ASPIRE) [EMAIL PROTECTED] wrote: Hi, I have implemented a re-write rule that captures the incoming requests, checks for a cookie and then directs the user to another system to authenticate and get a cookie before being allowed to access pages under the webserver. E.g: RewriteCond %{HTTP_HOST} != RewriteCond %{REQUEST_URI} !=/server-status RewriteCond %{REQUEST_URI} !=/server-status?auto RewriteCond %{REQUEST_URI} !=/heartbeat/heartbeat.htm RewriteCond %{HTTP_COOKIE} !.*iiswlssignonuser* RewriteRule .*$ http://www.steve.co.uk/Identification/WLSLogon.asp\?URL=http://%{HTTP_HO ST}%{REQUEST_URI}path=%{REQUEST_URI}domain=.steve.co.ukname=mwar e [L] Functionaly this works perfectly but in the access logs I am getting the Query string of the re-direct URL being shown against the initial request. E.g I am accessing http://internal.steve.co.uk/TestWebApp/index.html 2008-07-10 10:53:02 10.101.X.X internal.steve.co.uk GET /TestWebApp/index.html HTTP/1.1 302 367 2025 ?URL=http://internal.steve.co.uk/TestWebApp/index.htmlpath=/TestWebApp/ index.htmldomain=.steve.co.ukname=mware Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1) - - 2008-07-10 10:53:05 10.101.X.X internal.steve.co.uk GET /TestWebApp/index.html HTTP/1.1 200 396 60460 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1) - - Any thoughts?? Like I say its working fine, just logging wrongly. Cheers Steve Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. -- Francois Gingras (i): http://ccds.ca (p): (514) 243-8233 (f): (514) 731-5834 - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Logging query strings from a re-write rule
Hi, I have implemented a re-write rule that captures the incoming requests, checks for a cookie and then directs the user to another system to authenticate and get a cookie before being allowed to access pages under the webserver. E.g: RewriteCond %{HTTP_HOST} != RewriteCond %{REQUEST_URI} !=/server-status RewriteCond %{REQUEST_URI} !=/server-status?auto RewriteCond %{REQUEST_URI} !=/heartbeat/heartbeat.htm RewriteCond %{HTTP_COOKIE} !.*iiswlssignonuser* RewriteRule .*$ http://www.steve.co.uk/Identification/WLSLogon.asp\?URL=http://%{HTTP_HO ST}%{REQUEST_URI}path=%{REQUEST_URI}domain=.steve.co.ukname=mwar e [L] Functionaly this works perfectly but in the access logs I am getting the Query string of the re-direct URL being shown against the initial request. E.g I am accessing http://internal.steve.co.uk/TestWebApp/index.html 2008-07-10 10:53:02 10.101.X.X internal.steve.co.uk GET /TestWebApp/index.html HTTP/1.1 302 367 2025 ?URL=http://internal.steve.co.uk/TestWebApp/index.htmlpath=/TestWebApp/ index.htmldomain=.steve.co.ukname=mware Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1) - - 2008-07-10 10:53:05 10.101.X.X internal.steve.co.uk GET /TestWebApp/index.html HTTP/1.1 200 396 60460 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1) - - Any thoughts?? Like I say its working fine, just logging wrongly. Cheers Steve Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
[EMAIL PROTECTED] Odd log_server_status behaviour in Linux Vs. Solaris
Hi there, I've been using log_server_status to monitor the behaviour of my apache servers and am getting some odd behaviour between Linux and solaris. On solaris if I set the $server variable to a non-existent name , such as www.foo.com http://www.foo.com/ , then the script fails to connect to the running webserver, which is exactly what I expect. In the linux implementation (built under SLES10SP2) if I leave the $server variable set to localhost it also fails as I expect as I don't have a webserver running on 127.0.0.1. However if I set the variable to anything other than localhost, e.g notlocalhost or any other name other than that of my listening server then the script connects and reports back properly. Has anyone come across this before Obviously it makes my life easy as on the linux servers I can deliver a generic script with notlocalhost configured as the server name and I know it will connect and report back okay. It just doesn't work as you would expect. Ie. A duff name should result in a no-connection. Also the standard delivered log_server_status script is faulty for the following reason: The request variable comes configured as $request = /status/?auto; , whereas it should be $request = /server-status/?auto; Also the script is limited on what it will report so it would be better to modify the script output to report more of what /server-status?auto gives you. I have made the following changes to report more and to format the outputted file better to allow graphing within the likes of excel. Date Format: Change: $date = $year . `date +%m%d:%H%M%S`; To: $date = $year . `date +%m%d:%H.%M.%S`; Change: while (S) { $requests=$1 if ( m|^BusyServers:\ (\S+)|); $idle=$1 if ( m|^IdleServers:\ (\S+)|); $number=$1 if ( m|sses:\ (\S+)|); $cpu=$1 if (m|^CPULoad:\ (\S+)|); } print OUT $time:$requests:$idle:$number:$cpu\n; To: while (S) { $accesses=$1 if ( m|^Total Accesses:\ (\S+)|); $kbytes=$1 if ( m|^Total kBytes:\ (\S+)|); $cpuload=$1 if ( m|^CPULoad:\ (\S+)|); $uptime=$1 if ( m|Uptime:\ (\S+)|); $reqpersec=$1 if (m|^ReqPerSec:\ (\S+)|); $bytespersec=$1 if (m|^BytesPerSec:\ (\S+)|); $bytesperreq=$1 if (m|^BytesPerReq:\ (\S+)|); $busyworkers=$1 if (m|^BusyWorkers:\ (\S+)|); $idleworkers=$1 if (m|^IdleWorkers:\ (\S+)|); } print OUT $time,$accesses,$kbytes,$cpuload,$uptime,$reqpersec,$bytespersec,$bytes perreq,$busyworkers,$idleworkers\n; Hope this helps someone out, but would there be any mileage in getting the delivered script to suit the above format and also to apply the fix to the request variable. Cheers Steve Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
[EMAIL PROTECTED] Roadmap for Apache webserver versions
Hi there, Can anyone point me in the direction of a roadmap for the Apache HTTP server product. I am interested in the support lifecycle for the 2.2 product and also for the 2.0 product. Many thanks in advance Steve Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
RE: [EMAIL PROTECTED] Roadmap for Apache webserver versions
Hi josh, Thanks for the response. I'll make a judgement call on whether I need something more formal or not. Cheers Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joshua Slive Sent: 28 February 2008 15:00 To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] Roadmap for Apache webserver versions On Thu, Feb 28, 2008 at 9:17 AM, Foster, Stephen (ASPIRE) [EMAIL PROTECTED] wrote: Can anyone point me in the direction of a roadmap for the Apache HTTP server product. I am interested in the support lifecycle for the 2.2 product and also for the 2.0 product. There is no formal support cycle for these products. Products get maintained as long as there are developers interested in doing the job. If you look at recent releases, you'll notice that even 1.3 still gets security releases although its been many years since any significant development work was done on this branch. Obviously 2.0 also gets security releases and the occasional very-important bug fix. If you need something formal for your boss, you could try contacting one of the companies that provides commercial support for apache to see if they are interested. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Problems using chroot'd apache under Linux SLES10
Hi all, I have created a chroot to run my apache in under SLES10. I have previously done this in solaris and it worked perfectly , however differences in linux are causing problems for me when starting. Apache 2.2.4 has been built and installed and the required apache and OS libraries and files have been copied into the chroot directory hierarchy. when i start apache it complains of the following: [Mon Sep 17 13:12:11 2007] [crit] (EAI 2)Name or service not known: alloc_listener: failed to set up sockaddr for grid2 Syntax error on line 4 of /opt/app/apache/conf/httpd.conf: Listen setup failed I have tracked this down to required access to the /var/run/nscd/socket file, i can resolve this by doing a read-only mount bind of /var/run/nscd into my jail, however this is not ideal as it exposes my password and shadow files to the world albeit owned by the root user and not readable by anyone else. The built apache seems to want to use nscd as a caching-daemon for any name related call regardless of settings in nsswitch.conf. And i need to use hostnames in my configurations to allow portability across multiple web servers. Has anyone successfully jailed apache in SLES10 and got round this issue? cheers in advance Steve Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Compilation Problem when trinyg to build http 2.2.6 rpm
You probably need to specify the correct location path to the SSL libraries, for example in your configure script (or command) have the following: --with-ssl=/usr/include HTH Steve -Original Message- From: HAMMER Cédric Ext ROSI/DPS [mailto:[EMAIL PROTECTED] Sent: 13 September 2007 10:19 To: users@httpd.apache.org Cc: [EMAIL PROTECTED] Subject: RE: [EMAIL PROTECTED] Compilation Problem when trinyg to build http 2.2.6 rpm No one to help me with this ? Reading the error lines, I've seen checking openssl/ssl.h presence... no But when I can to locate it : # find / -name ssl.h /usr/include/openssl/ssl.h Could it be a problem with httpd.spec ? If then where could be the problem in that file (that's my first rpm building, so I'm not used to the spec files ...) ? _ De : HAMMER Cédric Ext ROSI/DPS [mailto:[EMAIL PROTECTED] Envoyé : mercredi 12 septembre 2007 15:34 À : users@httpd.apache.org Objet : [EMAIL PROTECTED] Compilation Problem when trinyg to build http 2.2.6 rpm Hi everybody, I'm just trying to build a rpm of httpd 2.2.6 using the sources. But I got a problem with SSL during the compilation phase ; here is a copy of this error: mkdir modules/ssl checking whether to enable mod_ssl... checking dependencies checking for SSL/TLS toolkit base... none checking for OpenSSL version... checking openssl/opensslv.h usability... yes checking openssl/opensslv.h presence... yes checking for openssl/opensslv.h... yes checking openssl/ssl.h usability... yes checking openssl/ssl.h presence... no configure: WARNING: openssl/ssl.h: accepted by the compiler, rejected by the preprocessor! configure: WARNING: openssl/ssl.h: proceeding with the preprocessor's result configure: WARNING: ## ## configure: WARNING: ## Report this to https://mail.google.com/mail?view=cmtf=0[EMAIL PROTECTED] [EMAIL PROTECTED] ## configure: WARNING: ## ## checking for openssl/ssl.h... no not encouraging WARNING: OpenSSL version may contain security vulnerabilities! Ensure the latest security patches have been applied! checking openssl/engine.h usability... yes checking openssl/engine.h presence... yes checking for openssl/engine.h... yes checking for SSLeay_version in -lcrypto... no checking for SSL_CTX_new in -lssl... no checking for ENGINE_init... no checking for ENGINE_load_builtin_engines... no checking for SSL_set_cert_store... no configure: error: ... Error, SSL/TLS libraries were missing or unusable error: Bad exit status from /var/tmp/rpm-tmp.46448 (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.46448 (%build) In addition, please note openssl and openssl-devel are installed. I've even tried two different versions, but always got the same error ... # rpm -qa | grep openssl openssl-devel-0.9.7a-33.23 openssl-0.9.7a-33.23 # rpm -qa |grep openssl openssl-0.9.8b-15.fc8 openssl-devel-0.9.8b-15.fc8 Thanks for your help ! Cedric * This message and any attachments (the message) are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited. Messages are susceptible to alteration. France Telecom Group shall not be liable for the message if altered, changed or falsified. If you are not the intended addressee of this message, please cancel it immediately and inform the sender. * This message and any attachments (the message) are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited. Messages are susceptible to alteration. France Telecom Group shall not be liable for the message if altered, changed or falsified. If you are not the intended addressee of this message, please cancel it immediately and inform the sender. Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For
RE: [EMAIL PROTECTED] problem compiling mod_deflate with SLES10 default zlib.
All, I have resolved this now. basically on your build server where you are compiling zlib make sure the following is installed: zlib-devel-1.2.3-15.2 this gives the correct libraries for compiling the product. None of the libraries are used for runtime though so they shouldn't be required on your production webservers. HTH Steve -Original Message- From: Foster, Stephen (ASPIRE) Sent: 06 September 2007 11:28 To: users@httpd.apache.org Subject: [EMAIL PROTECTED] problem compiling mod_deflate with SLES10 default zlib. Hi there, i have an issue are the moment compiling apache2.2.4 with mod_deflate as a shared module. I have the following configured: configure.sh: - has --with-z configure with the path to the zlib.h set as /usr , as the configure process wants to add /include to this path but won't search down into the linux subdirectory to find the zlib.h file. zlib packages: -- zlib-1.2.3-15.2 zlib-32bit-1.2.3-15.2 The zlib.h comes as part of glibc-devel-2.4-31.2 package and is located in /usr/include/linux When i run the configure script this complains with the following: configure:10474: gcc -o conftest -g -O2 -pthread -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -I$(top_builddir)/srclib/pcre -I. -I$(top_srcdir)/os/$(OS_DIR) -I$(top_srcdir)/server/mpm/$(MPM_SUBDIR_NAME) -I$(top_srcdir)/modules/http -I$(top_srcdir)/modules/filters -I$(top_srcdir)/modules/proxy -I$(top_srcdir)/include -I$(top_srcdir)/modules/generators -I$(top_srcdir)/modules/mappers -I$(top_srcdir)/modules/database -I/build/apache/httpd-2.2.4/srclib/apr/include -I/build/apache/httpd-2.2.4/srclib/apr-util/include -I/usr/include/include -L/usr/include/lib conftest.c -lm -lz 5 conftest.c:37:18: error: zlib.h: No such file or directory Has anyone got any pointers for configuring mod_deflate with the SLES10 default zlib? cheers Steve Steve Foster | Capgemini UK | Telford Shared Technology Services T. +44 (0) 1952 296664 | www.capgemini.com Internal: 46664 Together: the Collaborative Business Experience Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] problem compiling mod_deflate with SLES10 default zlib.
Whoops, i should have said where you are compiling apache with mod_deflate -Original Message- From: Foster, Stephen (ASPIRE) Sent: 11 September 2007 12:33 To: users@httpd.apache.org Subject: RE: [EMAIL PROTECTED] problem compiling mod_deflate with SLES10 default zlib. All, I have resolved this now. basically on your build server where you are compiling zlib make sure the following is installed: zlib-devel-1.2.3-15.2 this gives the correct libraries for compiling the product. None of the libraries are used for runtime though so they shouldn't be required on your production webservers. HTH Steve -Original Message- From: Foster, Stephen (ASPIRE) Sent: 06 September 2007 11:28 To: users@httpd.apache.org Subject: [EMAIL PROTECTED] problem compiling mod_deflate with SLES10 default zlib. Hi there, i have an issue are the moment compiling apache2.2.4 with mod_deflate as a shared module. I have the following configured: configure.sh: - has --with-z configure with the path to the zlib.h set as /usr , as the configure process wants to add /include to this path but won't search down into the linux subdirectory to find the zlib.h file. zlib packages: -- zlib-1.2.3-15.2 zlib-32bit-1.2.3-15.2 The zlib.h comes as part of glibc-devel-2.4-31.2 package and is located in /usr/include/linux When i run the configure script this complains with the following: configure:10474: gcc -o conftest -g -O2 -pthread -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -I$(top_builddir)/srclib/pcre -I. -I$(top_srcdir)/os/$(OS_DIR) -I$(top_srcdir)/server/mpm/$(MPM_SUBDIR_NAME) -I$(top_srcdir)/modules/http -I$(top_srcdir)/modules/filters -I$(top_srcdir)/modules/proxy -I$(top_srcdir)/include -I$(top_srcdir)/modules/generators -I$(top_srcdir)/modules/mappers -I$(top_srcdir)/modules/database -I/build/apache/httpd-2.2.4/srclib/apr/include -I/build/apache/httpd-2.2.4/srclib/apr-util/include -I/usr/include/include -L/usr/include/lib conftest.c -lm -lz 5 conftest.c:37:18: error: zlib.h: No such file or directory Has anyone got any pointers for configuring mod_deflate with the SLES10 default zlib? cheers Steve Steve Foster | Capgemini UK | Telford Shared Technology Services T. +44 (0) 1952 296664 | www.capgemini.com Internal: 46664 Together: the Collaborative Business Experience Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you
[EMAIL PROTECTED] problem compiling mod_deflate with SLES10 default zlib.
Hi there, i have an issue are the moment compiling apache2.2.4 with mod_deflate as a shared module. I have the following configured: configure.sh: - has --with-z configure with the path to the zlib.h set as /usr , as the configure process wants to add /include to this path but won't search down into the linux subdirectory to find the zlib.h file. zlib packages: -- zlib-1.2.3-15.2 zlib-32bit-1.2.3-15.2 The zlib.h comes as part of glibc-devel-2.4-31.2 package and is located in /usr/include/linux When i run the configure script this complains with the following: configure:10474: gcc -o conftest -g -O2 -pthread -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -I$(top_builddir)/srclib/pcre -I. -I$(top_srcdir)/os/$(OS_DIR) -I$(top_srcdir)/server/mpm/$(MPM_SUBDIR_NAME) -I$(top_srcdir)/modules/http -I$(top_srcdir)/modules/filters -I$(top_srcdir)/modules/proxy -I$(top_srcdir)/include -I$(top_srcdir)/modules/generators -I$(top_srcdir)/modules/mappers -I$(top_srcdir)/modules/database -I/build/apache/httpd-2.2.4/srclib/apr/include -I/build/apache/httpd-2.2.4/srclib/apr-util/include -I/usr/include/include -L/usr/include/lib conftest.c -lm -lz 5 conftest.c:37:18: error: zlib.h: No such file or directory Has anyone got any pointers for configuring mod_deflate with the SLES10 default zlib? cheers Steve Steve Foster | Capgemini UK | Telford Shared Technology Services T. +44 (0) 1952 296664 | www.capgemini.com Internal: 46664 Together: the Collaborative Business Experience Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] impossible restart apache2 in mod_ssl with 2 pass phrases
Hi, why not strip the passphrase from the keys and then protect the keys from prying eyes. e.g: http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#removepassphrase Then you will never be prompted for the passphrase on startup. its no less secure than calling a password from a script. HTH Steve -Original Message- From: Karim Hamed-abdelouahab [mailto:[EMAIL PROTECTED] Sent: 18 July 2007 14:01 To: users@httpd.apache.org Subject: [EMAIL PROTECTED] impossible restart apache2 in mod_ssl with 2 pass phrases Hello everbody, Environnement: Linux Fedora core 3, Apache/2.2.0 I wanna to restart everyday a apache2 server using a script. The crond should start the srcipt. The problem is that I have a pass phrase to secure each certificat. And I have more that two domains using differents certificats so using differents pass phrases to start properly. How can I do that? Indication: I have writen a shell script to restart the httpd server but for one certificat not for two. I used : SSLPassPhraseDialog exec:/usr/local/apache2/bin/passPhrase.sh And passPhrase script is very simple, it's a stdout of the passphrase. Thank you in advance. Karim - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Configuring a module twice
Why not just use the weblogic9.1 plugin to handle delegation to both the 8.1 and 9.1 servers, it is backwards compatible. you can then configure the module and use different Location blocks with different URI's mapping to different clusters. Steve -Original Message- From: apacheIndian [mailto:[EMAIL PROTECTED] Sent: 11 July 2007 12:18 To: users@httpd.apache.org Subject: [EMAIL PROTECTED] Configuring a module twice Hi, I have a requirement to configure weblogic plugin for Apache, more than once. first, the plugin provided by the Weblogic 8.1 and again the plugin provided by Weblogic 9.1 in the same apache config. The requests coming in need to be handled by these different plugins based on the url, for example 1) http://myserver.com/91example; should be handled by the WL9.1 module and sent to a cluster of Weblogic 9.1 servers 2) http://myserver.com/* (except /91example) should be handled by WL9.1 module and sent to a cluster of Weblogic 8.1 servers. Is there a way we can achieve this ? I have tried using Location directive, but how do we specify that different paths are handled by different modules ? Please help. Thanks -- View this message in context: http://www.nabble.com/Configuring-a-module-twice-tf4061165.html#a11538062 Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] TRACE and Apache 2.x
We never got this to work properly.We ended up moving to 2.0.55 and using the traceenable feature: http://httpd.apache.org/docs/2.0/mod/core.html#traceenable -Original Message- From: Jeroen Vriezen [mailto:[EMAIL PROTECTED] Sent: 29 May 2007 09:57 To: users@httpd.apache.org Subject: [EMAIL PROTECTED] TRACE and Apache 2.x Hello, Currently we are using Apache 2.0.46. On the 1.3.x version we always used the following mod_rewrite rule to disable the TRACE option: RewriteEngine on RewriteCond %{REQUEST_METHOD} ^TRACE RewriteRule .* - [F] When using these rules on Apache 2.0.46, TRACE is still possible. Beside the fact that the whole TRACK TRACE security issue is not that interesting, I still wonder how TRACE can be disabled in Apache 2.0.46. I've also tried the TraceEnable option but that options seems to be supported in 2.0.55 and later only. Hope someone can point me in the right direction. Kind Regards, Jeroen. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Logging problem using mod_proxy and UsePreserveHost
Hi all, i am utilising mod_proxy to serve locally held static content but to proxy any other requests to a different service. This works fine however i am having problems with the logging of requests. I have set up my logging format to pick up the client IP address from the headers as the request goes through a load-balancer first and adds the X-Forwarded-For header. e.g Logformat %{%Y-%m-%d %H:%M:%S}t %{X-Forwarded-For}i %{host}i %r %s %b %D %q %{User-Agent}i %{IR_PORTAL_COOKIE}C %{Referer}i ORU_extended This results in a log file entry such as: 2007-04-23 09:16:13 10.101.212.165 dit3.x.y.uk GET /images/arrowRightGreen.gif HTTP/1.1 200 828 498 Mozilla/5.0 (Windows; U; Windows NT 5.0; en-GB; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 - https://dit3.x.y.uk/login?GAREASONCODE=-1GARESOURCEID=CommonGAURI=https://dit3.x.y.uk/homeReason=-1APPID=CommonURI=https://dit3.x.y.uk/home This format works fine and logs the client IP and the host that the request is intended to go to for locally served content such as gif's etc. However for objects that get proxied of to the other backend servers i get a log entry with the client IP added with a comma after it, e.g 2007-04-23 09:16:11 10.101.212.165, 10.101.212.165 dit3.x.y.uk GET /login?GAREASONCODE=-1GARESOURCEID=CommonGAURI=https://dit3.x.y.uk/homeReason=-1APPID=CommonURI=https://dit3.x.y.uk/home HTTP/1.1 200 9090 310672 ?GAREASONCODE=-1GARESOURCEID=CommonGAURI=https://dit3.x.y.uk/homeReason=-1APPID=CommonURI=https://dit3.x.y.uk/home Mozilla/5.0 (Windows; U; Windows NT 5.0; en-GB; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 - - My proxy settings are: # = # Proxy control # = ProxyRequests Off ProxyTimeout 30 ProxyPreserveHost On Proxy * Order deny,allow Allow from all /Proxy ProxyPass /ClientObjects ! ProxyPass /ClientScripts ! ProxyPass /images ! ProxyPass /faq ! ProxyPass /js ! ProxyPass /style ! ProxyPass /error ! ProxyPass /server-status ! ProxyPass /heartbeat ! Location / ProxyPass http://dit3_bigip_app_vip.x.y.uk:85/ ProxyPassReverse http://dit3_bigip_app_vip.x.y.uk:85/ /Location Has anyone come across this issue before??? my concern is that it will cause problems with log analysis software. cheers Steve - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Logging problem using mod_proxy and UsePreserveHost
Hi all, i am utilising mod_proxy to serve locally held static content but to proxy any other requests to a different service. This works fine however i am having problems with the logging of requests. I have set up my logging format to pick up the client IP address from the headers as the request goes through a load-balancer first and adds the X-Forwarded-For header. e.g Logformat %{%Y-%m-%d %H:%M:%S}t %{X-Forwarded-For}i %{host}i %r %s %b %D %q %{User-Agent}i %{IR_PORTAL_COOKIE}C %{Referer}i ORU_extended This results in a log file entry such as: 2007-04-23 09:16:13 10.101.212.165 dit3.x.y.uk GET /images/arrowRightGreen.gif HTTP/1.1 200 828 498 Mozilla/5.0 (Windows; U; Windows NT 5.0; en-GB; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 - https://dit3.x.y.uk/login?GAREASONCODE=-1GARESOURCEID=CommonGAURI=https://dit3.x.y.uk/homeReason=-1APPID=CommonURI=https://dit3.x.y.uk/home This format works fine and logs the client IP and the host that the request is intended to go to for locally served content such as gif's etc. However for objects that get proxied of to the other backend servers i get a log entry with the client IP added with a comma after it, e.g 2007-04-23 09:16:11 10.101.212.165, 10.101.212.165 dit3.x.y.uk GET /login?GAREASONCODE=-1GARESOURCEID=CommonGAURI=https://dit3.x.y.uk/homeReason=-1APPID=CommonURI=https://dit3.x.y.uk/home HTTP/1.1 200 9090 310672 ?GAREASONCODE=-1GARESOURCEID=CommonGAURI=https://dit3.x.y.uk/homeReason=-1APPID=CommonURI=https://dit3.x.y.uk/home Mozilla/5.0 (Windows; U; Windows NT 5.0; en-GB; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 - - My proxy settings are: # = # Proxy control # = ProxyRequests Off ProxyTimeout 30 ProxyPreserveHost On Proxy * Order deny,allow Allow from all /Proxy ProxyPass /ClientObjects ! ProxyPass /ClientScripts ! ProxyPass /images ! ProxyPass /faq ! ProxyPass /js ! ProxyPass /style ! ProxyPass /error ! ProxyPass /server-status ! ProxyPass /heartbeat ! Location / ProxyPass http://dit3_bigip_app_vip.x.y.uk:85/ ProxyPassReverse http://dit3_bigip_app_vip.x.y.uk:85/ /Location Has anyone come across this issue before??? my concern is that it will cause problems with log analysis software. cheers Steve - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Reverse Proxy Timeout (http/https)
Hi there, i have implemented the following on my apache server for the proxytimeout ProxyTimeout 120 And also set the following to catch the 502 error that mod_proxy gives when it times out to the server being proxied to. This allows you to produce a branded page to give to the client rather than the standard Bad Gateway error that is produced. e.g: # # Error Handling # === ErrorDocument 502 /error/proxytimedout.htm HTH Steve -Original Message- From: Sim [mailto:[EMAIL PROTECTED] Sent: 21 March 2007 08:56 To: users@httpd.apache.org Subject: [EMAIL PROTECTED] Reverse Proxy Timeout (http/https) Hi! I have configurated Apache in Reverse Proxy, for one Apche front-end of MS Exchange 2003 This work very well, but some times I receved timeout errors from Exchange. [ The average of the most recent [200] heartbeat intervals used by clients is less than or equal to [9]. Make sure that your firewall configuration is set to work correctly with Exchange ActiveSync and direct push technology. Specifically, make sure that your firewall is configured so that requests to Exchange ActiveSync do not expire before they have the opportunity to be processed. http://www.eventid.net/display.asp?eventid=3033eventno=7241source=Server%20ActiveSyncphase=1 ] Is there a solution to increase http/https TimeOut session for reverse proxy, or another solutions? For example KeepAlive? Excuse me but I'm not expert in this Reverse Proxy method. My config: ROUTERETH0-Apache Reverse Proxy-ETH1---EXCHANGE (192.168.0.2) - ProxyRequests Off ProxyPreserveHost On SSLProxyEngine On #OWA % character in email subject fix RewriteEngine On RewriteMap percentsubject int:escape RewriteCond $1 ^/exchange/.*\%.*$ RewriteRule (/exchange/.*) ${percentsubject:$1} [P] # à è ... AddDefaultCharset utf-8 # OWA Location /exchange ProxyPass https://192.168.0.2/exchange ProxyPassReverse https://192.168.0.2/exchange SSLRequireSSL /Location Location /exchweb ProxyPass https://192.168.0.2/exchweb ProxyPassReverse https://192.168.0.2/exchweb SSLRequireSSL /Location Location /public ProxyPass https://192.168.0.2/public ProxyPassReverse https://192.168.0.2/public SSLRequireSSL /Location # OMA Location /oma ProxyPass https://192.168.0.2/oma ProxyPassReverse https://192.168.0.2/oma SSLRequireSSL /Location # ActiveSync (for WM5+ devices) Location /Microsoft-Server-ActiveSync ProxyPass http://192.168.0.2/Microsoft-Server-ActiveSync ProxyPassReverse http://192.168.0.2/Microsoft-Server-ActiveSync # SSLRequireSSL /Location - Thanks! Sim - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Serving local static content but proxying all others.
Hi there, I am implementing mod_proxy in order to send all requests to a proxy server but i want to be able to be able to serve some static content (mostly gifs, jpg's and CSS files) locally without proxying the requests to the proxy server. I am happy with the ability to setup mod_proxy but i don't want to maintain a list of URI's to be proxied in my apache configuration, likewise i don't want to have to re-configure apache if the developers add new directories or content types to the DocumentRoot directory. Is it possible to configure apache to serve content if it exists locally but if not to proxy it to a proxy server. I am basically trying to make the apache configuration as static as we possibly can but flexible enought do differentiate between local content and what is has to proxy. Has anyone got any experience of doing this? Cheers Steve - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Serving local static content but proxying all others.
Hi josh, thanks for your reply. I agree with your synopsis that it will be best to specify the static content directories explicitly and then just proxy everything. It just means that if they add any more static content directories then i'll have to add them to the exceptions list. cheers for your help Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Joshua Slive Sent: 20 March 2007 17:40 To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] Serving local static content but proxying all others. On 3/20/07, Foster, Stephen (ASPIRE) [EMAIL PROTECTED] wrote: I am happy with the ability to setup mod_proxy but i don't want to maintain a list of URI's to be proxied in my apache configuration, likewise i don't want to have to re-configure apache if the developers add new directories or content types to the DocumentRoot directory. Is it possible to configure apache to serve content if it exists locally but if not to proxy it to a proxy server. I am basically trying to make the apache configuration as static as we possibly can but flexible enought do differentiate between local content and what is has to proxy. Yes, you can do this using mod_rewrite. But it is complicated and involves checking the local filesystem on every request. But I would highly recommend just setting aside one directory as being local and excluding it from the ProxyPass: ProxyPass /local ! and then proxying everything else. Alternatively, proxy everything, including the static content, but make sure it has proper cache-control headers and use mod_disk_cache on the proxy to eliminate the speed hit. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] re-writing URI's
Hi there, Does anybody have any ideas about the issues i am seeing below. cheers Steve -Original Message- From: Foster, Stephen (ASPIRE) Sent: 22 December 2006 09:03 To: users@httpd.apache.org Subject: RE: [EMAIL PROTECTED] re-writing URI's Hi there, i've tried that and had no joy, what i am trying now is to have a rewrite condition based on the first part of the query string. e.g: RewriteCond %{QUERY_STRING} =?APPURI(.*) RewriteRule APPURI=http: APPURI=https: [QSA,L] However i can't get the rule to kick in for the condition, it seems to ignore it (probably becauses its wrong !!) and tries to apply the rule to the uri. e.g from the rewrite log: 10.101.212.165 - - [21/Dec/2006:13:04:35 +] [dit.hmrc.gov.uk/sid#11b360][rid#9d7c88/initial] (3) applying pattern 'APPURI' to uri '/service/validation/validator.js' Any thoughts would be greatly appreciated Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Joshua Slive Sent: 15 December 2006 17:02 To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] re-writing URI's On 12/15/06, Foster, Stephen (ASPIRE) [EMAIL PROTECTED] wrote: hi joshua, sorry i should have been more specific. Its not actually our app but an authentication plug-in and backend that changes the URI and then passes back to the browser. There may be a bug in it that its capturing the incoming URL and not able to re-write it to https before passing back. This is being investigated by the provider but in the meantime i would like to re-write the URI to the proper secure method. does that make sense? Sort of. But it is hard to tell where your authentication plug-in is acting here. What I would do is simply tack a ? on the end of the URL when redirecting from HTTP to HTTPS. This will eliminate the query string and hopefully force your plug-in to recreate it. And it also has the benefit of making sure your don't accidentally have people submit sensitive information in the query string to the non-secure server. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] === Our e-mail domain has now changed from iraspire.com to hmrcaspire.com. Please update your address books. === - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] === Our e-mail domain has now changed from iraspire.com to hmrcaspire.com. Please update your address books. === - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] re-writing URI's
Hi there, i've tried that and had no joy, what i am trying now is to have a rewrite condition based on the first part of the query string. e.g: RewriteCond %{QUERY_STRING} =?APPURI(.*) RewriteRule APPURI=http: APPURI=https: [QSA,L] However i can't get the rule to kick in for the condition, it seems to ignore it (probably becauses its wrong !!) and tries to apply the rule to the uri. e.g from the rewrite log: 10.101.212.165 - - [21/Dec/2006:13:04:35 +] [dit.hmrc.gov.uk/sid#11b360][rid#9d7c88/initial] (3) applying pattern 'APPURI' to uri '/service/validation/validator.js' Any thoughts would be greatly appreciated Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Joshua Slive Sent: 15 December 2006 17:02 To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] re-writing URI's On 12/15/06, Foster, Stephen (ASPIRE) [EMAIL PROTECTED] wrote: hi joshua, sorry i should have been more specific. Its not actually our app but an authentication plug-in and backend that changes the URI and then passes back to the browser. There may be a bug in it that its capturing the incoming URL and not able to re-write it to https before passing back. This is being investigated by the provider but in the meantime i would like to re-write the URI to the proper secure method. does that make sense? Sort of. But it is hard to tell where your authentication plug-in is acting here. What I would do is simply tack a ? on the end of the URL when redirecting from HTTP to HTTPS. This will eliminate the query string and hopefully force your plug-in to recreate it. And it also has the benefit of making sure your don't accidentally have people submit sensitive information in the query string to the non-secure server. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] === Our e-mail domain has now changed from iraspire.com to hmrcaspire.com. Please update your address books. === - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] re-writing URI's
Good point well made, the current rules are as follows: non-secure handler: # = # Rewrite to HTTPS Settings # = RewriteCond %{REQUEST_URI} !=/heartbeat/heartbeat.htm RewriteCond %{REQUEST_URI} !=/server-status RewriteCond %{SERVER_PORT} !=443 RewriteRule ^/$ https://www.domain.com/home [R=301,L] RewriteCond %{HTTP_HOST} !^www\.domain\.com [NC] RewriteCond %{HTTP_HOST} != RewriteCond %{REQUEST_URI} !=/heartbeat/heartbeat.htm RewriteRule ^/(.*) http://www.domain.com:%{SERVER_PORT}/$1 [R=301,L] Secure Virtual host: RewriteRule ^/$ https://www.domain.com/home [R=301,L] The backend application catches the /home part and assesses whether the client has already logged in and if not re-directs to /login which then returns the URL/URI given in the original email further down this thread. Hope that helps Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Joshua Slive Sent: 14 December 2006 15:07 To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] re-writing URI's On 12/14/06, Foster, Stephen (ASPIRE) [EMAIL PROTECTED] wrote: Hi there, i'm having a bit of trouble getting a rewrite rule for a URI to work. Basically i have the following scenario, The user enters http://www.domain.com and this gets intercepted by another API and the browser gets a URL sent back with a URI added including the original URL of http://www.domain.com , my re-writing rules then re-write the first part to secure, i.e https://www.domain.com but the URI stays non-secure ,e.g http://www.domain.com so the outcome to the browser is: https://www.domain.com/login?APPURI=http://www.domain.com/home What i need to do when i re-write the first part to secure is also to intercept the URI and re-write this to secure if it comes back as non-secure, so i need the URL being sent back to the browser to appear as follows: https://www.domain.com/login?APPURI=https://www.domain.com/home I know i can use the RewriteCond %{REQUEST_URI} context but need to be able to tell it to find http: and re-write this to https: wherever it appears in the URI in case the developers change it without me knowing. However if needs be then i can intercept APPURI=http: and rewrite this to APPURI=https: Does that make sense to anybody?? Sure, it should be a relatively straightforward regex with substitution. But I'm not going to try to guess at your entire config. Show us what you've got already and we can perhaps tell you what to add. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] === Our e-mail domain has now changed from iraspire.com to hmrcaspire.com. Please update your address books. === - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] re-writing URI's
hi joshua, sorry i should have been more specific. Its not actually our app but an authentication plug-in and backend that changes the URI and then passes back to the browser. There may be a bug in it that its capturing the incoming URL and not able to re-write it to https before passing back. This is being investigated by the provider but in the meantime i would like to re-write the URI to the proper secure method. does that make sense? cheers Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Joshua Slive Sent: 15 December 2006 14:19 To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] re-writing URI's On 12/15/06, Foster, Stephen (ASPIRE) [EMAIL PROTECTED] wrote: Good point well made, the current rules are as follows: non-secure handler: # = # Rewrite to HTTPS Settings # = RewriteCond %{REQUEST_URI} !=/heartbeat/heartbeat.htm RewriteCond %{REQUEST_URI} !=/server-status RewriteCond %{SERVER_PORT} !=443 RewriteRule ^/$ https://www.domain.com/home [R=301,L] RewriteCond %{HTTP_HOST} !^www\.domain\.com [NC] RewriteCond %{HTTP_HOST} != RewriteCond %{REQUEST_URI} !=/heartbeat/heartbeat.htm RewriteRule ^/(.*) http://www.domain.com:%{SERVER_PORT}/$1 [R=301,L] Secure Virtual host: RewriteRule ^/$ https://www.domain.com/home [R=301,L] The backend application catches the /home part and assesses whether the client has already logged in and if not re-directs to /login which then returns the URL/URI given in the original email further down this thread. Sorry, but I don't get it. You talked about a query string with APPURI=http://www.domain.com/home getting added someplace. But I don't see that above. If it is your application that is adding it, then your application should be able to set the correct scheme. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] === Our e-mail domain has now changed from iraspire.com to hmrcaspire.com. Please update your address books. === - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] re-writing URI's
Hi there, i'm having a bit of trouble getting a rewrite rule for a URI to work. Basically i have the following scenario, The user enters http://www.domain.com and this gets intercepted by another API and the browser gets a URL sent back with a URI added including the original URL of http://www.domain.com , my re-writing rules then re-write the first part to secure, i.e https://www.domain.com but the URI stays non-secure ,e.g http://www.domain.com so the outcome to the browser is: https://www.domain.com/login?APPURI=http://www.domain.com/home What i need to do when i re-write the first part to secure is also to intercept the URI and re-write this to secure if it comes back as non-secure, so i need the URL being sent back to the browser to appear as follows: https://www.domain.com/login?APPURI=https://www.domain.com/home I know i can use the RewriteCond %{REQUEST_URI} context but need to be able to tell it to find http: and re-write this to https: wherever it appears in the URI in case the developers change it without me knowing. However if needs be then i can intercept APPURI=http: and rewrite this to APPURI=https: Does that make sense to anybody?? Cheers Steve Steve Foster | Capgemini | Telford Shared Technology Services T. +44 (0) 1952 296664 | www.capgemini.com Internal: 46664 Join the Collaborative Business Experience === Our e-mail domain has now changed from iraspire.com to hmrcaspire.com. Please update your address books. === - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] spawned processes using new config files.
Hi all, I have situation where i have Apache 2.0.55 configured using the worker process model and this is running using a particular configuration file. Prior to an outage i want to deliver a new config file to the server in readiness for a server restart during my outage window. my question though is if we are using a process model that spawns new processes do these spawned processes read the new config file from disk or do they read it from the parent processes memory , if they read from memory then i am cool because i can update the config prior to the outage and then just restart to read it in, otherwise if it reads from disk i am going to have to deliver during the outage. any help would be greatly appreciated. cheers Steve Steve Foster | Capgemini | Telford Shared Technology Services T. +44 (0) 1952 296664 | www.capgemini.com Internal: 46664 Join the Collaborative Business Experience === Our e-mail domain has now changed from iraspire.com to hmrcaspire.com. Please update your address books. === - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] re-write rules
cheers owen, Thats a useful repository to check. Thanks Steve -Original Message- From: Boyle Owen [mailto:[EMAIL PROTECTED] Sent: 21 November 2006 12:12 To: users@httpd.apache.org Subject: RE: [EMAIL PROTECTED] re-write rules -Original Message- From: Foster, Stephen (ASPIRE) [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 21, 2006 12:58 PM To: users@httpd.apache.org Subject: RE: [EMAIL PROTECTED] re-write rules Hi there, someone posted me a potential fix for this issue in this thread, however having had mailbox problems it has disappeared, could someone check their mailbox and see if they have the rest of the thread. Your thread is here: http://marc.theaimsgroup.com/?l=apache-httpd-usersm=116117751501364w=2 Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. many thanks Steve -Original Message- From: Foster, Stephen (ASPIRE) Sent: 18 October 2006 14:45 To: users@httpd.apache.org Subject: RE: [EMAIL PROTECTED] re-write rules hi there, yes i meant HTTPS ..sorry... Requests that do work: a: http://your.domain.com - re-directs to https://your.domain.com/home b: http://your.domain.com/heartbeat/heartbeat.htm - returns file to browser with 200 code c: http://your.domain.com/server-status - returns server-status to browser with 200 code d: http://www.your.domain.com/whatever - redirects to http because it doesn't match the right incoming domainname and then to https://your.domain.com/whatever e: https://your.domain.com - gives 404 f: https://your.domain.com/ - gives 404 does that help? Cheers Steve -Original Message- From: Boyle Owen [mailto:[EMAIL PROTECTED] Sent: 18 October 2006 14:29 To: users@httpd.apache.org Subject: RE: [EMAIL PROTECTED] re-write rules -Original Message- From: Foster, Stephen (ASPIRE) [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 18, 2006 3:18 PM To: users@httpd.apache.org Subject: [EMAIL PROTECTED] re-write rules hi there, i am having a slight issue with re-write rules, i have it setup so that any requests that are not HTTP get re-sent to do you mean HTTPS ? HTTPS. However if i connect using https://your.domain.com or https://your.domain.com/ i get a page not found, But do you have a DirectoryIndex defined for the HTTPS VH? so i need to be able to catch that its https but that there is no request and to send it to https://your.domain.com/home. my current rules are: These are the rules for the HTTP VH, correct? # = # Rewrite to HTTPS Settings # = RewriteCond %{REQUEST_URI} !=/heartbeat/heartbeat.htm RewriteCond %{REQUEST_URI} !=/server-status RewriteCond %{SERVER_PORT} !=443 RewriteRule ^/$ https://your.domain.com/home [R=301,L] RewriteCond %{HTTP_HOST} !^your\.domain\.com [NC] RewriteCond %{HTTP_HOST} != RewriteCond %{REQUEST_URI} !=/heartbeat/heartbeat.htm RewriteRule ^/(.*) http://your.domain.com:%{SERVER_PORT}/$1 [R=301,L] The first rules handles the fact that i have to serve heartbeat.htm and server-status as port 80 requests but anything else thats not HTTPS goes to HTTPS. The second rule matches the incoming domain request to re-write to the correct domain, but allows heartbeat.htm to send a 200 status code rather than a 301. I read this three times but couldn't understand what your problem is. Please specify: - example input/output URLs that work - example input/output URLs that don't work and why not. eg request A get B - as expected request C get D - expected/want E Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. Any thoughts would be greatly appreciated cheers Steve Steve Foster | Capgemini | Telford Shared Technology Services T. +44 (0) 1952 296664 | www.capgemini.com Internal: 46664 Join the Collaborative Business Experience === Our e-mail domain has now changed from iraspire.com to hmrcaspire.com. Please update your address books. === - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please
RE: [EMAIL PROTECTED] re-write rules
Hi there, someone posted me a potential fix for this issue in this thread, however having had mailbox problems it has disappeared, could someone check their mailbox and see if they have the rest of the thread. many thanks Steve -Original Message- From: Foster, Stephen (ASPIRE) Sent: 18 October 2006 14:45 To: users@httpd.apache.org Subject: RE: [EMAIL PROTECTED] re-write rules hi there, yes i meant HTTPS ..sorry... Requests that do work: a: http://your.domain.com - re-directs to https://your.domain.com/home b: http://your.domain.com/heartbeat/heartbeat.htm - returns file to browser with 200 code c: http://your.domain.com/server-status - returns server-status to browser with 200 code d: http://www.your.domain.com/whatever - redirects to http because it doesn't match the right incoming domainname and then to https://your.domain.com/whatever e: https://your.domain.com - gives 404 f: https://your.domain.com/ - gives 404 does that help? Cheers Steve -Original Message- From: Boyle Owen [mailto:[EMAIL PROTECTED] Sent: 18 October 2006 14:29 To: users@httpd.apache.org Subject: RE: [EMAIL PROTECTED] re-write rules -Original Message- From: Foster, Stephen (ASPIRE) [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 18, 2006 3:18 PM To: users@httpd.apache.org Subject: [EMAIL PROTECTED] re-write rules hi there, i am having a slight issue with re-write rules, i have it setup so that any requests that are not HTTP get re-sent to do you mean HTTPS ? HTTPS. However if i connect using https://your.domain.com or https://your.domain.com/ i get a page not found, But do you have a DirectoryIndex defined for the HTTPS VH? so i need to be able to catch that its https but that there is no request and to send it to https://your.domain.com/home. my current rules are: These are the rules for the HTTP VH, correct? # = # Rewrite to HTTPS Settings # = RewriteCond %{REQUEST_URI} !=/heartbeat/heartbeat.htm RewriteCond %{REQUEST_URI} !=/server-status RewriteCond %{SERVER_PORT} !=443 RewriteRule ^/$ https://your.domain.com/home [R=301,L] RewriteCond %{HTTP_HOST} !^your\.domain\.com [NC] RewriteCond %{HTTP_HOST} != RewriteCond %{REQUEST_URI} !=/heartbeat/heartbeat.htm RewriteRule ^/(.*) http://your.domain.com:%{SERVER_PORT}/$1 [R=301,L] The first rules handles the fact that i have to serve heartbeat.htm and server-status as port 80 requests but anything else thats not HTTPS goes to HTTPS. The second rule matches the incoming domain request to re-write to the correct domain, but allows heartbeat.htm to send a 200 status code rather than a 301. I read this three times but couldn't understand what your problem is. Please specify: - example input/output URLs that work - example input/output URLs that don't work and why not. eg request A get B - as expected request C get D - expected/want E Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. Any thoughts would be greatly appreciated cheers Steve Steve Foster | Capgemini | Telford Shared Technology Services T. +44 (0) 1952 296664 | www.capgemini.com Internal: 46664 Join the Collaborative Business Experience === Our e-mail domain has now changed from iraspire.com to hmrcaspire.com. Please update your address books. === - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http
[EMAIL PROTECTED] re-write rules
hi there, i am having a slight issue with re-write rules, i have it setup so that any requests that are not HTTP get re-sent to HTTPS. However if i connect using https://your.domain.com or https://your.domain.com/ i get a page not found, so i need to be able to catch that its https but that there is no request and to send it to https://your.domain.com/home. my current rules are: # = # Rewrite to HTTPS Settings # = RewriteCond %{REQUEST_URI} !=/heartbeat/heartbeat.htm RewriteCond %{REQUEST_URI} !=/server-status RewriteCond %{SERVER_PORT} !=443 RewriteRule ^/$ https://your.domain.com/home [R=301,L] RewriteCond %{HTTP_HOST} !^your\.domain\.com [NC] RewriteCond %{HTTP_HOST} != RewriteCond %{REQUEST_URI} !=/heartbeat/heartbeat.htm RewriteRule ^/(.*) http://your.domain.com:%{SERVER_PORT}/$1 [R=301,L] The first rules handles the fact that i have to serve heartbeat.htm and server-status as port 80 requests but anything else thats not HTTPS goes to HTTPS. The second rule matches the incoming domain request to re-write to the correct domain, but allows heartbeat.htm to send a 200 status code rather than a 301. Any thoughts would be greatly appreciated cheers Steve Steve Foster | Capgemini | Telford Shared Technology Services T. +44 (0) 1952 296664 | www.capgemini.com Internal: 46664 Join the Collaborative Business Experience === Our e-mail domain has now changed from iraspire.com to hmrcaspire.com. Please update your address books. === - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] re-write rules
hi there, yes i meant HTTPS ..sorry... Requests that do work: a: http://your.domain.com - re-directs to https://your.domain.com/home b: http://your.domain.com/heartbeat/heartbeat.htm - returns file to browser with 200 code c: http://your.domain.com/server-status - returns server-status to browser with 200 code d: http://www.your.domain.com/whatever - redirects to http because it doesn't match the right incoming domainname and then to https://your.domain.com/whatever e: https://your.domain.com - gives 404 f: https://your.domain.com/ - gives 404 does that help? Cheers Steve -Original Message- From: Boyle Owen [mailto:[EMAIL PROTECTED] Sent: 18 October 2006 14:29 To: users@httpd.apache.org Subject: RE: [EMAIL PROTECTED] re-write rules -Original Message- From: Foster, Stephen (ASPIRE) [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 18, 2006 3:18 PM To: users@httpd.apache.org Subject: [EMAIL PROTECTED] re-write rules hi there, i am having a slight issue with re-write rules, i have it setup so that any requests that are not HTTP get re-sent to do you mean HTTPS ? HTTPS. However if i connect using https://your.domain.com or https://your.domain.com/ i get a page not found, But do you have a DirectoryIndex defined for the HTTPS VH? so i need to be able to catch that its https but that there is no request and to send it to https://your.domain.com/home. my current rules are: These are the rules for the HTTP VH, correct? # = # Rewrite to HTTPS Settings # = RewriteCond %{REQUEST_URI} !=/heartbeat/heartbeat.htm RewriteCond %{REQUEST_URI} !=/server-status RewriteCond %{SERVER_PORT} !=443 RewriteRule ^/$ https://your.domain.com/home [R=301,L] RewriteCond %{HTTP_HOST} !^your\.domain\.com [NC] RewriteCond %{HTTP_HOST} != RewriteCond %{REQUEST_URI} !=/heartbeat/heartbeat.htm RewriteRule ^/(.*) http://your.domain.com:%{SERVER_PORT}/$1 [R=301,L] The first rules handles the fact that i have to serve heartbeat.htm and server-status as port 80 requests but anything else thats not HTTPS goes to HTTPS. The second rule matches the incoming domain request to re-write to the correct domain, but allows heartbeat.htm to send a 200 status code rather than a 301. I read this three times but couldn't understand what your problem is. Please specify: - example input/output URLs that work - example input/output URLs that don't work and why not. eg request A get B - as expected request C get D - expected/want E Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. Any thoughts would be greatly appreciated cheers Steve Steve Foster | Capgemini | Telford Shared Technology Services T. +44 (0) 1952 296664 | www.capgemini.com Internal: 46664 Join the Collaborative Business Experience === Our e-mail domain has now changed from iraspire.com to hmrcaspire.com. Please update your address books. === - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] === Our e-mail domain has now changed from iraspire.com to hmrcaspire.com. Please update your address books
RE: [EMAIL PROTECTED] mod_jk help
Hi there, How about this: http://tomcat.apache.org/connectors-doc/howto/apache.html This details mod_jk which is used to send requests for tomcat based on the request type. I have used this before and it works a treat. HTH Steve -Original Message- From: long [mailto:[EMAIL PROTECTED] Sent: 26 September 2006 05:52 To: users@httpd.apache.org Subject: [EMAIL PROTECTED] mod_jk help I'd looked and searched the internet and found nothing that tell me how to configure apache to look for static files at its side and if it can't find them then forward requrests to tomcat. I was hoping if someone can help me. I have a redhat linux box with apache2.0.x and tomcat 5.5 with jdk 4.1.x. My mod_jk configurations are working to a degree. Apache is serving all static contents and tomcat is serving all dynamic contents. The problem is that if any of the static contents got put into tomcat, they will not be found. SInce tomcat can also serve static contents, I'll like apache to forward the requests to tomcat as a kind of failover approach. Clusting and load-balancing is pretty much out of the picture. Thanks in advance, Long _ Do you Yahoo!? Get on board. You're http://us.rd.yahoo.com/evt=40791/*http://advision.webevents.yahoo.com/mailbeta invited to try the new Yahoo! Mail. === Our e-mail domain has now changed from iraspire.com to hmrcaspire.com. Please update your address books. === - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Help with re-write rules
Hi robert, thanks for this, it has been a great help. It now serves the pages as i want them without any extraneous entries in the log files. Our application proxies directly to weblogic using the /home context which is why i want all requests to land at that point except , obviously, for the heartbeat and server-status pages. many thanks for your input. Steve -Original Message- From: Robert Ionescu [mailto:[EMAIL PROTECTED] Sent: 14 August 2006 20:36 To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] Help with re-write rules Foster, Stephen (ASPIRE) wrote: # = # Rewrite to HTTPS Settings # = RewriteCond %{HTTP_HOST} !^online\.domain\.com [NC] RewriteCond %{HTTP_HOST} !^$ Use lexicographically equal (!=) here instead of a regular expression RewriteRule ^/(.*) http://online.domain.com:%{SERVER_PORT}/$1 [R] RewriteCond %{REQUEST_URI} !^/heartbeat/heartbeat.htm RewriteCond %{REQUEST_URI} !^/server-status RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*)$ https://%{SERVER_NAME}/home [R,L] Why are you using Server_Name, if you force this to be online.domain.com or online.domain.com:%{SERVER_PORT}. Should every request really go to /home? I think you're looking for something like # = # Rewrite to HTTPS Settings # = RewriteCond %{REQUEST_URI} !=/heartbeat/heartbeat.htm RewriteCond %{REQUEST_URI} !=/server-status RewriteCond %{SERVER_PORT} !=443 RewriteRule ^/(.*)$ https://online.domain.com/$1 [R=301,L] RewriteRule ^/$ https://online.domain.com/home [R=301,L] RewriteCond %{HTTP_HOST} !^online\.domain\.com [NC] RewriteCond %{HTTP_HOST} != RewriteRule ^/(.*) http://online.domain.com:%{SERVER_PORT}/$1 [R=301,L] -- Robert - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] === Our e-mail domain has now changed from iraspire.com to hmrcaspire.com. Please update your address books. === - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Help with re-write rules
hi joshua, yes i guess it doesn't read very well, basically i was trying to say that the pages are being served okay and the browser does not get re-directed to our /home application however apache seems to continue to process the rules and connect to the application but doesn't pass it back to the browser. I think we now have a good set of rules with the help of Robert Ionescu which work as i need them to. many thanks for everybodies help on this. cheers Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Joshua Slive Sent: 14 August 2006 17:02 To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] Help with re-write rules On 8/14/06, Foster, Stephen (ASPIRE) [EMAIL PROTECTED] wrote: RewriteCond %{HTTP_HOST} !^online\.domain\.com [NC] RewriteCond %{HTTP_HOST} !^$ RewriteRule ^/(.*) http://online.domain.com:%{SERVER_PORT}/$1 [R] RewriteCond %{REQUEST_URI} !^/heartbeat/heartbeat.htm RewriteCond %{REQUEST_URI} !^/server-status RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*)$ https://%{SERVER_NAME}/home [R,L] This works mostly right and will serve the non-secure URL's properly, however they are then continuing on to process the rule for 80-443 , but not actually re-directing the browser, but does appear in the access logs. Any help on the right way forward for this would be great. Hmmm... Can you reread that last paragraph again. It doesn't make any sense to me and is grammatically very ambiguous. Exactly what problem are you having? Exactly what do the requests look like, and exactly what do you see in the access log and rewrite log? Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] === Our e-mail domain has now changed from iraspire.com to hmrcaspire.com. Please update your address books. === - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Help with re-write rules
hi all, quick newbie question if i may. I have been playing about with re-write rules today in order to acheive the behaviour i want, the situation i currently have is that i need to match and effect the following: 1: All requests to something other than the the FQDN should be written to the FQDN. e.g customer access site using http://www.domain.com , i rewrite customer to http://online.domain.com 2: All requests that are non-secure are written to secure. e.g URL becomes https://online.domain.com 3: i must be able to support non-secure requests to certain URL's e.g http://online.domain.com/heartbeat/heartbeat.htm and http://online.domain.com/server-status The current ruleset i am using is as follows: # = # Rewrite to HTTPS Settings # = RewriteCond %{HTTP_HOST} !^online\.domain\.com [NC] RewriteCond %{HTTP_HOST} !^$ RewriteRule ^/(.*) http://online.domain.com:%{SERVER_PORT}/$1 [R] RewriteCond %{REQUEST_URI} !^/heartbeat/heartbeat.htm RewriteCond %{REQUEST_URI} !^/server-status RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*)$ https://%{SERVER_NAME}/home [R,L] This works mostly right and will serve the non-secure URL's properly, however they are then continuing on to process the rule for 80-443 , but not actually re-directing the browser, but does appear in the access logs. Any help on the right way forward for this would be great. many thanks in advance Steve Steve Foster | Capgemini | Telford Shared Technology Services T. +44 (0) 1952 296664 | www.capgemini.com Internal: 46664 Join the Collaborative Business Experience === Our e-mail domain has now changed from iraspire.com to hmrcaspire.com. Please update your address books. === - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]