Re: [users@httpd] How to disable IndexStylesheet on a subdirectory

[Frank Gingras]

On Mon, Sep 30, 2024 at 8:31 PM Dan Mahoney (Gushi) 
wrote:

> Hey there all,
>
> I can't find this in the manual.  Assume I've set IndexStylesheet for some
> directory of downloads, but on a subdirectory, would like apache to not
> add the CSS header.
>
> (Specifically, we want as simple HTML as possible, for use with automated
> fetching scripts).
>
> I don't want to simply point at a null file, that looks to Google
> Analytics like a broken link.  I just want to disable the inclusion of any
> style sheet, and there doesn't seem to be a way to do this.  Once you turn
> it on, you cannot seem to turn it off in a subdir.  Even if you set it to
> None, you just get a ref to a CSS file called None.
>
> If it is possible, could you clue me in (and maybe fix the docs?)
>
> -Dan
>
> --
>
> Dan Mahoney
> Techie,  Sysadmin,  WebGeek
> Gushi on efnet/undernet IRC
> FB:  fb.com/DanielMahoneyIV
> LI:   linkedin.com/in/gushi
> Site:  http://www.gushi.org
> ---
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
Using DirectoryMatch to limit the scope should work.

Re: [users@httpd] AH00051: child pid 3886730 exit signal Segmentation fault (11), possible coredump in /etc/httpd

[Frank Gingras]

On Thu, Sep 26, 2024 at 10:27 PM Dave Wreski
 wrote:

> Hi,
>
> I'm using httpd-2.4.62 on fedora40 and noticed periodic errors related to
> core dumps. Is this a potential bug? I see there are several similar bug
> reports with previous versions but never a resolution.
>
> [Wed Sep 25 11:07:16.786647 2024] [core:notice] [pid 1616:tid 1616]
> AH00051: child pid 3886730 exit signal Segmentation fault (11), possible
> coredump in /etc/httpd
>
> Have there been other reports of this version having such problems? Before
> I run memtest to see if it's a physical memory problem, I'm hoping someone
> has some insight. I do see a handful of other similar reports over the
> years, but none recently.
>
> Is it possible a configuration change has caused this?
>
> The gdb trace of the coredump is entirely too involved for me to spend
> time tracing it.
>
> dave
>

What mpm are you using on that server?  Can you share apachectl -M?

Re: [users@httpd] Tomcat anibm semeru

[Frank Gingras]

On Mon, Sep 23, 2024 at 10:56 AM  wrote:

> Hello,
>
> we would like to use tomcat with ibm semeru as jre.
> I searched the web, but found no documentation.
>
> Is this combination supported and is there documentation on how to
> configure it?
>
> Greetings
> Andreas
>
> Institut für den sozialen Wohnbau des Landes Südtirol
> Istituto per l’edilizia sociale della Provincia autonoma di Bolzano
> 39100 Bozen Horazstraße 14 / 39100 Bolzano via Orazio, 14
> *wobi.bz.it*    *ipes.bz.it*
> 
>
>
>
>
>
> Dies ist eine vertrauliche Nachricht und nur für den Adressaten bestimmt.
> Sollten Sie diese Nachricht irrtümlich erhalten haben, bitten wir um Ihre
> diesbezügliche Benachrichtigung und um die Löschung der Nachricht. Eine
> Veröffentlichung oder Verbreitung des Inhaltes sowie jegliche anderweitige
> Verwendung sind untersagt.
>
> Il contenuto di questa e-mail è rivolto esclusivamente al destinatario
> della stessa e deve intendersi riservato e personale. Laddove questa e-mail
> Le fosse pervenuta per errore, Le chiediamo di comunicarci l’errata
> notifica e di cancellarne il contenuto. Sono sempre vietate la
> pubblicazione o diffusione del contenuto, nonché l'utilizzo per qualsiasi
> altro scopo.


This mailing list is for the apache httpd project, try:

https://tomcat.apache.org/lists.html

Re: [users@httpd] SSL setup assistance

[Frank Gingras]

On Wed, Sep 18, 2024 at 3:02 PM Marc  wrote:

> >
> > I am running Apache on a Windows server with at least close to latest
> > release.  It host my personal website and a website for my home Christmas
> > light show.  Just simple static web pages - nothing fancy at all.  There
> > is absolutely nothing that needs any degree of security.  As such I have
> > never made any attempt to set up SSL on the server.
> >
> > This is becoming an issue because more and more browsers are getting
> > picky about http only traffic - in particular imbedding an image from a
> > http website into an otherwise https website (lighting forums running
> > https with images imbedded from my website is the specific issue).
> >
> > I tried to set up SSL on my server a couple years ago and after whatever
> > changes were made, Apache would not even start (and I don't remember what
> > error message were logged).  So I reverted the Apache config back to what
> > it had been and ignored the issue for a few more years.
> >
> > So can someone either point me to a good step by step or walk me through
> > what I need to do to get this working.  I had gotten the cert back then
> > via Let's Encrypt, and that was the easy part.
>
> just add this and change your port
>
> SSLEngine on
> SSLCertificateFile "/home/acme/www.x.cer"
> SSLCertificateChainFile "/home/acme/www.xx.cer"
> SSLCertificateKeyFile "/home/acme/www.x.key"
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org


Marc,

You should not be using SSLCertificateChainFile any more, in fact.
Nowadays, the CA is handled differently.

Re: [users@httpd] SSL setup assistance

[Frank Gingras]

On Wed, Sep 18, 2024 at 2:52 PM j...@k6ccc.org  wrote:

> I know this is going to be very basic for most of you.
>
> I am running Apache on a Windows server with at least close to latest
> release.  It host my personal website and a website for my home Christmas
> light show.  Just simple static web pages - nothing fancy at all.  There is
> absolutely nothing that needs any degree of security.  As such I have never
> made any attempt to set up SSL on the server.
>
> This is becoming an issue because more and more browsers are getting picky
> about http only traffic - in particular imbedding an image from a http
> website into an otherwise https website (lighting forums running https with
> images imbedded from my website is the specific issue).
>
> I tried to set up SSL on my server a couple years ago and after whatever
> changes were made, Apache would not even start (and I don't remember what
> error message were logged).  So I reverted the Apache config back to what
> it had been and ignored the issue for a few more years.
>
> So can someone either point me to a good step by step or walk me through
> what I need to do to get this working.  I had gotten the cert back then via
> Let's Encrypt, and that was the easy part.
>
> 73
> -
> Jim Walls - K6CCC
> j...@k6ccc.org
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
You basically need to load the mod_ssl module with LoadModule, edit the
:443 vhost and add SSLEngine on, SSLCertificateFile and
SSLCertificateKeyFile.

Re: [users@httpd] Update Apache httpd to the latest version 2.4.62

[Frank Gingras]

On Tue, Sep 3, 2024 at 12:45 AM Kaushal Shriyan 
wrote:

>
>
> On Tue, Sep 3, 2024 at 9:08 AM Yehuda Katz  wrote:
>
>> On Mon, Sep 2, 2024 at 11:30 PM Kaushal Shriyan 
>> wrote:
>>
>>> I am running Ubuntu server version 24.04 LTS. Is there a way to update
>>> Apache httpd to the latest version 2.4.62?
>>>
>>
>> You can always download and compile HTTPD for yourself. The instructions
>> in the documentation are pretty clear.
>> https://httpd.apache.org/docs/2.4/install.html
>>
>> If you are using the Ubuntu-supplied packages, Ubuntu engineers (or
>> volunteers) backport security changes from newer versions of HTTPD to the
>> official Ubuntu package.
>>
>
>
> Thanks, Yehuda, for the quick response. I really appreciate it. Are there
> any release notes where the security changes related to Apache HTTPD
> version 2.4.62 have been backported to the Apache HTTPD packages supplied
> by Ubuntu?
>
> Please guide me. Thanks in advance.
>
> Best regards,
>
> Kaushal
>
>
>
Kaushal,

Best ask the ubuntu mailing list / forums / IRC channels for that question.

Re: [users@httpd] Location of Web Site Pages

[Frank Gingras]

On Sat, Aug 24, 2024 at 4:32 PM Paul  wrote:

...

I think it's about time that you move the matter to a web/html/js forum -
this thread was not really pertinent to httpd, as far as the asked
questions are concerned.

Re: [users@httpd] reverse proxy -- showing directory index

[Frank Gingras]

On Thu, Aug 22, 2024 at 11:54 AM bruce  wrote:

> Hi.
>
> I'm testing out a github site. I had posted most of this awhile ago,
> and it had appears to work. However, something is amiss/screwing up on
> my part. In other words, FUBAR!
>
> Instead of getting the site content, getting the directory index.
>
>
> The test app:
>  https://github.com/berat/waitlist-landing-page
>  It's a node app that I'm running -- http://127.0.0.1:3000
>  and using "pm2" and reverse proxy with apache2 to serve the page.
>
>  The test url is -->> http://161.35.5.174/berat (if it were to work,
> as it did for a bit)
>
> The docroot
>  /var/www/html/berat
>
> config file
>  /etc/apache2/berat.conf
>  cat berat.conf
>
> 
> ServerAdmin f...@yahoo.com
> ServerName  temp22
> ServerAlias temp
>
> DocumentRoot   /var/www/html/berat
>
>  RewriteEngine On
>
>  ProxyPass /berat http://127.0.0.1:3000
>  ProxyPassReverse /berat http://127.0.0.1:3000
>
>  RewriteEngine On
>
> SetOutputFilter INFLATE;proxy-html;SUBSTITUTE;DEFLATE;
> ProxyHTMLInterp On
> ProxyHTMLExtended Off
>
>
>   AddOutputFilterByType SUBSTITUTE text/html
>   Substitute "s|/_next/static/|\.\./\.next/static/|"
>
>   Substitute
>
> "s|/_next/image\?url=\%2Fhero.jpg\&w=1920\&q=75|\.\./public/hero1|i"
>
>
> 
>
>   Header Set Pragma "no-cache"
>   Header Set Expires "Thu, 1 Jan 1970 00:00:00 GMT"
>   Header Set Cache-Control "max-age=0, no-store, no-cache, must-revalidate"
>   Header Unset ETag
>   FileETag None
>
> Options +FollowSymLinks   +MultiViews
> AllowOverride All
>
> #use for 2.4?
> Require all granted
>
> 
>
> LogLevel debug
> ErrorLog ${APACHE_LOG_DIR}/error.log
> CustomLog ${APACHE_LOG_DIR}/access.log combined
> 
>
> for the above berat.conf file, I tested the following as well
>
>  ProxyPass /berat/ http://127.0.0.1:3000/
>  ProxyPassReverse /berat/ http://127.0.0.1:3000/
>
>  ProxyPass /berat/ http://127.0.0.1:3000/
>  ProxyPassReverse /berat http://127.0.0.1:3000
>
>  ProxyPass "/berat" http://127.0.0.1:3000";
>  ProxyPassReverse "/berat" http://127.0.0.1:3000";
>
>  ProxyPass "/berat/" http://127.0.0.1:3000/";
>  ProxyPassReverse "/berat/" http://127.0.0.1:3000/";
>
>  ProxyPass "/berat/" http://127.0.0.1:3000/";
>  ProxyPassReverse "/berat" http://127.0.0.1:3000";
>
>  ProxyPass / http://127.0.0.1:3000
>  ProxyPassReverse / http://127.0.0.1:3000
>
> the process was
>  a2dissite berat
>  a2ensite berat
>
>  systemctl reload apache2
>
>  at the same time, from the /var/www/html/berat
>   the "pm2" is stopped/restarted
>
>   "stop"
>   rm -rf /root/.pm2
>   ls -al /root/.pm2
>   pkill -f PM2
>   ps -aux | grep -i "PM2"
>
>   "restart"
> sudo -u www-data pm2 start npm --name "waitlist-landing-page" -- start
> curl http://127.0.0.1:3000
>
>  at this point, the "pm2" server is generating the content, which
> should be displayed via apache/server
>
>
> Any/all pointers (frank!!) will be tested.
>
> For the life of me, I can't seem to get this to work. I've
> looked/rechecked the past email threads, but I'm still missing
> something.
>
> ps. The test process is running on a throwaway digitalocean
> instacne/ubuntu.
>
> thanks
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
If you request http://temp22/berat/foo, that will translate to
http://127.0.0.1:3000/berat/foo

If you request http://temp22/berat/, that will translate to
http://127.0.0.1:3000/berat/

The absence of pathinfo parameters might be triggering the directory index
here, unless you see a httpd directory index and the backend server isn't
even reached; confirm what is happening first.

Re: [users@httpd] Location of Web Site Pages

[Frank Gingras]

On Tue, Aug 20, 2024 at 8:18 PM Lawrence Taylor
 wrote:

> Yehuda
>
> I attach the images of the directories in CPanel for the web site user.
> These directories do not have html files.
>
> What do you suggest now?
>
> Regards
>
> Lawrence
>
>
>
> On Tue, Aug 20, 2024 at 2:36 PM Lawrence Taylor 
> wrote:
>
>> Thanks Yahuda I will try that!
>>
>> Sent from my iPhone
>>
>> On 20 Aug 2024, at 2:28 p.m., Yehuda Katz  wrote:
>>
>> 
>> Based on the links you posted, it looks like your server is running
>> cPanel. cPanel stores each website it hosts in its own user directory.
>> You need to figure out which user your website is running as, then look
>> at the public_html directory in the user account's home directory.
>> If a single cPanel account has multiple associated domains, they can have
>> different paths, but that is a cPanel question, not an HTTPD question.
>>
>> - Y
>>
>> On Tue, Aug 20, 2024 at 4:19 PM Lawrence Taylor
>>  wrote:
>>
>>> Hi
>>>
>>> I have been trying to find the location of the actual html pages that
>>> you see on my website so I can edit them. But in my document root I only
>>> have
>>>
>>> 400.shtml
>>> 
>>> 229 28-Oct-2021 07:25:02 root(0)/root(0)
>>> 
>>> 644
>>> 
>>> 
>>> 
>>>
>>> 
>>>
>>> 
>>>
>>> 
>>> 401.shtml
>>> 
>>> 207 28-Oct-2021 07:25:02 root(0)/root(0)
>>> 
>>> 644
>>> 
>>> 
>>> 
>>>
>>> 
>>>
>>> 
>>>
>>> 
>>> 403.shtml
>>> 
>>> 203 28-Oct-2021 07:25:02 root(0)/root(0)
>>> 
>>> 644
>>> 
>>> 
>>> 
>>>
>>> 
>>>
>>> 
>>>
>>> 
>>> 404.shtml
>>> 
>>> 203 28-Oct-2021 07:25:02 root(0)/root(0)
>>> 
>>> 644
>>> 
>>> 
>>> 
>>>
>>> 
>>>
>>> 
>>>
>>

Re: [users@httpd] RewriteRule and redirect loop with htaccess

[Frank Gingras]

On Sun, Aug 4, 2024 at 9:54 PM Dave Wreski
 wrote:

> Hi,
>
> I have a rewrite that's creating a loop because the origin is contained in
>>> the final destination. I know it then is processed again by the .htaccess
>>> in the document root, but I don't understand why or how to stop it. What's
>>> the solution here?
>>>
>>> RewriteRule
>>> ^/features/linux-malware-the-truth-about-this-growing-threat$
>>> https://linuxsecurity.com/features/linux-malware-the-truth-about-this-growing-threat-updated
>>> [L,R=301,END]
>>>
>>> I've tried variations of the above but it always creates a loop.
>>>
>>> $ wget -O /dev/null
>>> https://linuxsecurity.com/features/linux-malware-the-truth-about-this-growing-threat
>>> 2>&1|grep -E 'Location|HTTP'
>>> HTTP response 302  [
>>> https://linuxsecurity.com/features/linux-malware-the-truth-about-this-growing-threat
>>> ]
>>> HTTP response 301  [
>>> https://linuxsecurity.com/features/linux-malware-the-truth-about-this-growing-threat-updated
>>> ]
>>> HTTP response 200  [https://linuxsecurity.com//feature
>>> 
>>>
>> If you don't depend on mod_rewrite for anything else, I would recommend
>> using RedirectMatch instead.
>>
>> Yes, we have many existing rules. Can't it be used in combination with
> mod_rewrite? I also tried this rewritematch and it has the same loop
> problem.
>
> That rule on its own won't loop, unless you have other conflicting
>> directive or rewrite rules.
>>
>> If you must use mod_rewrite, then enabling the rewrite log will help you
>> pinpoint the source of the loop.
>>
>> I thought the problem was that it is a subset of the destination URL?
>
> RewriteRule ^/features/linux-malware-the-truth-about-this-growing-threat$
> https://linuxsecurity.com/features/linux-malware-the-truth-about-this-growing-threat-updated
> [L,R=301]
>
> This is what the request looks like with the above rewriterule:
>
> $ wget -O /dev/null
> https://linuxsecurity.com/features/linux-malware-the-truth-about-this-growing-threat
> 2>&1|grep -E 'Location|HTTP'
> HTTP response 301  [
> https://linuxsecurity.com/features/linux-malware-the-truth-about-this-growing-threat
> ]
> HTTP response 301  [
> https://linuxsecurity.com/features/linux-malware-the-truth-about-this-growing-threat-updated
> ]
> HTTP response 200  [https://linuxsecurity.com//features]
>
> I don't understand why this didn't match? After this rule, it went on to
> check other rules below it. I've spent an exhausting number of hours
> stepping through the rewriterules to understand what's happening. I hope
> you can follow to help me fix this.
>
> applying pattern
> '^/features/linux-malware-the-truth-about-this-growing-threat$' to uri
> '/features/linux-malware-the-truth-about-this-growing-threat-updated'
>
> After it processed all rules, it passed it to .htaccess:
>
> pass through
> /features/linux-malware-the-truth-about-this-growing-threat-updated
>
> When there was no match until the very end of .htaccess, it replaced the
> URI with index.php:
> applying pattern '.*' to uri
> 'features/linux-malware-the-truth-about-this-growing-threat-updated'
> rewrite
> 'features/linux-malware-the-truth-about-this-growing-threat-updated' ->
> 'index.php'
> add per-dir prefix: index.php -> /var/www/linuxsec/html/index.php
> trying to replace prefix /var/www/linuxsec/html/ with /
> internal redirect with /index.php [INTERNAL REDIRECT]
>
> What does [INTERNAL REDIRECT] mean and how is it different from other
> redirects?
>
> It then loops through the rewrite rules, doesn't match any, then loops
> through .htaccess again (as you said) until it matches /index.php.
> RewriteRule ^index.php(/.*){0,1}$ - [L]
>
> $ wget -O /dev/null
> https://linuxsecurity.com/features/linux-malware-the-truth-about-this-growing-threat
> 2>&1|grep -E 'Location|HTTP'
> HTTP response 301  [
> https://linuxsecurity.com/features/linux-malware-the-truth-about-this-growing-threat
> ]
> HTTP response 301  [
> https://linuxsecurity.com/features/linux-malware-the-truth-about-this-growing-threat-updated
> ]
> HTTP response 200  [https://linuxsecurity.com//features]
>
> What am I missing?
>
> You likely should be using FallbackResource for that as well.
>
> As well? I need both?
>
> I'm trying to confirm whether the problem is related to the match being a
> subset of the final destination? I really don't see any other matches
>
> Lastly, why are you using .htaccess files?
>
> Primarily it consists of rules to manage bots, run our image resizer, and
> an explicit list of files that are accessible - it's a default deny policy,
> which is why it redirects to the index.php at the end.
>
> RewriteCond %{REQUEST_URI} !^/index\.php
> RewriteCond %{REQUEST_FILENAME} !-f
> RewriteCond %{REQUEST_FILENAME} !-d
> RewriteRule .* index.php [L]
>
> Thanks,
> Dave
>
>
>
>
Replace the following:

RewriteCond %{REQUEST_URI} !^/index\.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* index.php [L]

With:

FallbackReso

Re: [users@httpd] RewriteRule and redirect loop with htaccess

[Frank Gingras]

On Fri, Aug 2, 2024 at 11:08 AM Dave Wreski
 wrote:

> Hi,
>
> I have a rewrite that's creating a loop because the origin is contained in
>> the final destination. I know it then is processed again by the .htaccess
>> in the document root, but I don't understand why or how to stop it. What's
>> the solution here?
>>
>> RewriteRule ^/features/linux-malware-the-truth-about-this-growing-threat$
>> https://linuxsecurity.com/features/linux-malware-the-truth-about-this-growing-threat-updated
>> [L,R=301,END]
>>
>> I've tried variations of the above but it always creates a loop.
>>
>> $ wget -O /dev/null
>> https://linuxsecurity.com/features/linux-malware-the-truth-about-this-growing-threat
>> 2>&1|grep -E 'Location|HTTP'
>> HTTP response 302  [
>> https://linuxsecurity.com/features/linux-malware-the-truth-about-this-growing-threat
>> ]
>> HTTP response 301  [
>> https://linuxsecurity.com/features/linux-malware-the-truth-about-this-growing-threat-updated
>> ]
>> HTTP response 200  [https://linuxsecurity.com//features]
>>
>> Thanks,
>> Dave
>>
>>
>>
> If you don't depend on mod_rewrite for anything else, I would recommend
> using RedirectMatch instead.
>
> That rule on its own won't loop, unless you have other conflicting
> directive or rewrite rules.
>
> If you must use mod_rewrite, then enabling the rewrite log will help you
> pinpoint the source of the loop.
>
> Are you suggesting RedirectMatch because using RewriteRule when the origin
> is a subset of the destination is a known problem?
>
> Here's what the rewrite log trace looks like:
>
> rewrite '/features/linux-malware-the-truth-about-this-growing-threat' -> '
> https://linuxsecurity.com/features/linux-malware-the-truth-about-this-growing-threat-updated
> '
> explicitly forcing redirect with
> https://linuxsecurity.com/features/linux-malware-the-truth-about-this-growing-threat-updated
> escaping
> https://linuxsecurity.com/features/linux-malware-the-truth-about-this-growing-threat-updated
> for redirect
> redirect to
> https://linuxsecurity.com/features/linux-malware-the-truth-about-this-growing-threat-updated
> [REDIRECT/301]
> init rewrite engine with requested uri
> /features/linux-malware-the-truth-about-this-growing-threat-updated
>
> it then appears to loop through the htaccess:
>
> rewrite
> 'features/linux-malware-the-truth-about-this-growing-threat-updated' ->
> 'index.php'
> add per-dir prefix: index.php -> /var/www/linuxsec/html/index.php
> trying to replace prefix /var/www/linuxsec/html/ with /
> internal redirect with /index.php [INTERNAL REDIRECT]
> init rewrite engine with requested uri /index.php
>
> Thanks,
> Dave
>

This shows that you have another greedy rule that rewrite everything to
index.php, and then the loop starts:

 rewrite
'features/linux-malware-the-truth-about-this-growing-threat-updated' ->
'index.php'

Remember, .htaccess files are re-parsed over and over and over and over and
over until it stops matching.

You likely should be using FallbackResource for that as well.

Lastly, why are you using .htaccess files?

Re: [users@httpd] RewriteRule and redirect loop with htaccess

[Frank Gingras]

On Fri, Aug 2, 2024 at 10:18 AM Dave Wreski
 wrote:

> Hi,
>
> I have a rewrite that's creating a loop because the origin is contained in
> the final destination. I know it then is processed again by the .htaccess
> in the document root, but I don't understand why or how to stop it. What's
> the solution here?
>
> RewriteRule ^/features/linux-malware-the-truth-about-this-growing-threat$
> https://linuxsecurity.com/features/linux-malware-the-truth-about-this-growing-threat-updated
> [L,R=301,END]
>
> I've tried variations of the above but it always creates a loop.
>
> $ wget -O /dev/null
> https://linuxsecurity.com/features/linux-malware-the-truth-about-this-growing-threat
> 2>&1|grep -E 'Location|HTTP'
> HTTP response 302  [
> https://linuxsecurity.com/features/linux-malware-the-truth-about-this-growing-threat
> ]
> HTTP response 301  [
> https://linuxsecurity.com/features/linux-malware-the-truth-about-this-growing-threat-updated
> ]
> HTTP response 200  [https://linuxsecurity.com//features]
>
> Thanks,
> Dave
>
>
>
If you don't depend on mod_rewrite for anything else, I would recommend
using RedirectMatch instead.

That rule on its own won't loop, unless you have other conflicting
directive or rewrite rules.

If you must use mod_rewrite, then enabling the rewrite log will help you
pinpoint the source of the loop.

Re: [users@httpd] temporary enable/disable access

[Frank Gingras]

On Fri, Aug 2, 2024 at 6:55 AM Eric Covener  wrote:

> > >46   Order deny,allow
>
> This allows access by default.
> "Order allow,deny" denies access by default.
>
> > >   The idea is that I can quickly limit access to the website by
> > > uncommenting just a single line in the config. However when I change it
> > > to
> > >
> > >47   #Deny from all
> > >48   Allow from all
>
> This doesn't work. Port to Require here first as Frank said.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
As a side note, try to avoid snarky remarks about the helper's experience
in the future, thanks.

Re: [users@httpd] temporary enable/disable access

[Frank Gingras]

On Thu, Aug 1, 2024 at 5:18 PM Marc  wrote:

>
> I have currently such virtual host config:
>
>
>   1 
>   2   AllowOverride All
>   3   Require all granted
>   4 
>
>  45 
>  46   Order deny,allow
>  47   Deny from all
>  48   #Allow from all
>  49   Allow from 1.1.1.1
>  50   #Allow from 2.2.2.2
>  51   # allow cron
>
> The idea is that I can quickly limit access to the website by uncommenting
> just a single line in the config. However when I change it to
>
>  47   #Deny from all
>  48   Allow from all
>
> Such files in dirs are not protecting files any more
>
> [@]# cat /aaa/////.htaccess
> Order deny,allow
> Deny from all
>
> Anyone know what I need to add to the location /  section?
>
>
>
>
>
Why are you still using 2.2 authz directives here, out of curiosity?

Re: [users@httpd] setting up/running apache reverse proxy/PM2 node server

[Frank Gingras]

On Sat, Jul 27, 2024 at 6:59 PM bruce  wrote:

> Hi all/Frank!
>
> I've managed to "get" 2 different test sites running separately. They
> each have different "vhost" config files. They each have different pm2
> server port addresses
>
> However, when I
>   a2ensite berat_h chainsafe
>   systemctl stop apache2
>   systemctl start apache2
>   and in each dir run the pm2 server to generate the display for the
> test page/sites
>
>   /var/www/html/berat
>  pm2 start npm --name "waitlist-landing-page" -- start
> curl http://127.0.0.01:3000
>/var/www/html/chainsafe
>  pm2 start npm --name "mlanding" -- start
> curl http://127.0.0.01:3001
>
> data is present..
>
> and as i said, when doing the above for one of the test sites at a
> time, things appear to work..
>
> when doing both, the 1st test site -- the "berat" works/displays.. But
> the 2nd generates an err if the error.log
> [Sat Jul 27 22:45:43.549642 2024] [core:info] [pid 49527] [client
> 162.234.196.167:51832] AH00128: File does not exist:
> /var/www/html/berat/chainsafe
> as if the "docroot/directory is combined???
>
> the two vhosts, stripped down to relevant sections...
>
> cat chainsafe.conf
> 
> ServerAdmin f...@yahoo.com
> ServerName  temp22cs
> ServerAlias tempcs
>
> DocumentRoot   /var/www/html/chainsafe
>
>
> ## gets the 200 code for the content..
>  ProxyPass /chainsafe http://127.0.0.1:3001/
>  ProxyPassReverse /chainsafe http://127.0.0.1:3001/
>
>
> 
>
> Options -Indexes +FollowSymLinks
>
> AllowOverride None
> Require all granted
> #Require all granted
> 
>
>
> LogLevel debug
> ErrorLog ${APACHE_LOG_DIR}/error.log
> CustomLog ${APACHE_LOG_DIR}/access.log combined
> 
>
>
> 
>
> cat berat_h.conf
>
> 
> ServerAdmin f...@yahoo.com
> ServerName  temp223h
> ServerAlias temp3h
>
> DocumentRoot   /var/www/html/berat
>
> #test for styles..
> #does order matter??? -- the actual ip is used to test..
>
>
> ## gets the 200 code for the content..
>  ProxyPass /berat http://127.0.0.1:3000/
>  ProxyPassReverse /berat http://127.0.0.1:3000/
>
>
> 
>
>         Options  -Indexes +FollowSymLinks
> AllowOverride None
> Require all granted
>
> 
>
> LogLevel debug
> ErrorLog ${APACHE_LOG_DIR}/error.log
> CustomLog ${APACHE_LOG_DIR}/access.log combined
> 
>
> any thoughts/ideas??
>  thanks
>
>
> On Fri, Jul 26, 2024 at 6:50 PM Frank Gingras  wrote:
> >
> >
> >
> > On Fri, Jul 26, 2024 at 6:14 PM bruce  wrote:
> >>
> >> Hi, for those who have followed my attempts, thanks. This is a trimmed
> >> down attempt.
> >>
> >> Found some additional examples, and managed to get the following to
> >> "work", once!
> >>
> >> Not sure why it stopped, but I now get a 403/Fobidden err. error.log
> >> inspection shows
> >> /
> >> Cannot serve directory /var/www/html/berat/: No matching
> >> DirectoryIndex (index.html,index.cgi,index.pl
> ,index.php,index.xhtml,index.htm)
> >> found, and server-generated directory index forbidden by Options
> >> directive
> >> 
> >> Which is odd.. as the PM2 server doesn't create any of these file
> >> types as far as I can tell.
> >>
> >> I think I did a
> >>   "systemctl stop apache2"
> >>"systemctl start apache2"
> >>   to test
> >> and after the "start", the 403 was displayed.
> >>
> >> Here's the test vhost. The initial apache2.conf is the default with no
> changes.
> >>
> >> The test site that has the 403 is
> >>  http://161.35.5.174/berat
> >>
> >> The working test site is..
> >> http://198.211.116.12/berat
> >>
> >> the berat_h.conf file is
> >> 
> >> ServerAdmin f...@yahoo.com
> >> ServerName  temp223a
> >> ServerAlias temp3a
> >> #
> >> #
> https://medium.com/@unishubh1/production-ready-node-js-using-reverse-proxy-smartscribs-2cf95e58e002
> >> #
> >> # as test.. run from html2 berat_h
> >> # all other apps are in html
> >> # this is the same as the "clone" vhost
> >> #jul25/24
> >> #stripped out
> >> DocumentRoot   /var/www/h

Re: [users@httpd] setting up/running apache reverse proxy/PM2 node server

[Frank Gingras]

On Fri, Jul 26, 2024 at 6:14 PM bruce  wrote:

> Hi, for those who have followed my attempts, thanks. This is a trimmed
> down attempt.
>
> Found some additional examples, and managed to get the following to
> "work", once!
>
> Not sure why it stopped, but I now get a 403/Fobidden err. error.log
> inspection shows
> /
> Cannot serve directory /var/www/html/berat/: No matching
> DirectoryIndex (index.html,index.cgi,index.pl
> ,index.php,index.xhtml,index.htm)
> found, and server-generated directory index forbidden by Options
> directive
> 
> Which is odd.. as the PM2 server doesn't create any of these file
> types as far as I can tell.
>
> I think I did a
>   "systemctl stop apache2"
>"systemctl start apache2"
>   to test
> and after the "start", the 403 was displayed.
>
> Here's the test vhost. The initial apache2.conf is the default with no
> changes.
>
> The test site that has the 403 is
>  http://161.35.5.174/berat
>
> The working test site is..
> http://198.211.116.12/berat
>
> the berat_h.conf file is
> 
> ServerAdmin f...@yahoo.com
> ServerName  temp223a
> ServerAlias temp3a
> #
> #
> https://medium.com/@unishubh1/production-ready-node-js-using-reverse-proxy-smartscribs-2cf95e58e002
> #
> # as test.. run from html2 berat_h
> # all other apps are in html
> # this is the same as the "clone" vhost
> #jul25/24
> #stripped out
> DocumentRoot   /var/www/html/berat
>
> #test for styles..
> #does order matter??? -- the actual ip is used to test..
>
>
>  #
>
>
> #RewriteEngine On
>
>  #test frm web
>  ProxyRequests Off
>  ProxyPreserveHost On
> ProxyVia Full
>
> ## gets the 200 code for the content..
>  ProxyPass /berat http://127.0.0.1:3000/
>  ProxyPassReverse /berat http://127.0.0.1:3000/
>
> #test
>
> #ttest substitute below
>  #RewriteEngine On
> SetOutputFilter INFLATE;proxy-html;SUBSTITUTE;DEFLATE;
> ProxyHTMLInterp On
> ProxyHTMLExtended Off
>
>
>   AddOutputFilterByType SUBSTITUTE text/html
>   Substitute "s|/_next/static/|\.\./\.next/static/|"
>
> #  Substitute
> "s|/_next/image?url=\%2Fhero.jpg\&w=1920\&q=75|\.\./public/hero1|i"
>   Substitute
>
> "s|/_next/image\?url=\%2Fhero.jpg\&w=1920\&q=75|\.\./public/hero1|i"
>
>
> #EnableSendfile off
> # test above
>
>
> #DocumentRoot   /var/www/html/berat
>
>
> 
>
>   #Header Set Pragma "no-cache"
>   #Header Set Expires "Thu, 1 Jan 1970 00:00:00 GMT"
>   #Header Set Cache-Control "max-age=0, no-store, no-cache,
> must-revalidate"
>   #Header Unset ETag
>   #FileETag None
>
>
> #DirectoryIndex index.html index.php
>
> #Options -Indexes +FollowSymLinks +MultiViews
> Options  -Indexes +FollowSymLinks
>
> #AllowOverride All
> AllowOverride None
> #Options -MultiViews
> #i think or 2.4 Order allow,deny
> #i think for 2.4 Allow from all
>
> #use for 2.4?
> Require all granted
>
> 
>
> LogLevel debug
> ErrorLog ${APACHE_LOG_DIR}/error.log
> CustomLog ${APACHE_LOG_DIR}/access.log combined
> 
>
> OK.. WTH
>
> Just retried the err srvr.. and the page is now showing...!!!
> So something is happening that's not in the conf file?
>
> Could it be some cache thing? Some node/PM2 thing? Some timing thing?
> Something else??
>
> I'm completely at a loss to explain this behaviour.
>
> thanks
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
You need to match the trailing slashes when proxying/redirecting.

Re: [users@httpd] apachectl -S question/confusion?

[Frank Gingras]

On Wed, Jul 24, 2024 at 10:22 AM bruce  wrote:

> Oh...
>
> So more or less a "dummy"/fall through location in the event the
> "vhost" isn't set properly?
>
> so having the vhost -- berat.conf  set to "/var/www/html2/berat"  is
> the defined docRoot..
>
> On Wed, Jul 24, 2024 at 10:07 AM Eric Covener  wrote:
> >
> > > Main DocumentRoot: "/var/www/html"  <<<  why
> >
> > There is an implicit global server configuration used when requests
> > don't match any IP-based virtual host.
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> > For additional commands, e-mail: users-h...@httpd.apache.org
> >
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
The vhost wins in that case, yes.

Re: [users@httpd] apachectl -S question/confusion?

[Frank Gingras]

On Wed, Jul 24, 2024 at 10:02 AM bruce  wrote:

> Hi.
>
> Trying to track down an issue, and I'm going back to basics to figure
> out exactly what the DocRoot should be for my test.
>
> I've copied my test site to "/var/www/html2/berat"
>
> I've got the vhost file in
>  /etc/apache2/sites-available/berat.conf
>   in the file I have
>documentroot  /var/www/html2/berat
>directory /var/www/html/berat
>
> a2dissiteshows only the "berat" site/app so no other site/app is
> configured..
>
> so when I run
> apachectl -S
>
> I get
> VirtualHost configuration:
> *:80   temp22 (/etc/apache2/sites-enabled/berat.conf:3)
> ServerRoot: "/etc/apache2"
> Main DocumentRoot: "/var/www/html"  <<<  why
> Main ErrorLog: "/var/log/apache2/error.log"
> Mutex proxy: using_defaults
> Mutex default: dir="/var/run/apache2/" mechanism=default
> Mutex mpm-accept: using_defaults
> Mutex watchdog-callback: using_defaults
> Mutex rewrite-map: using_defaults
> PidFile: "/var/run/apache2/apache2.pid"
> Define: DUMP_VHOSTS
> Define: DUMP_RUN_CFG
> User: name="www-data" id=33
> Group: name="www-data" id=33
>
> which has
> Main DocumentRoot: "/var/www/html"  <<<  why
>
> where would this be set.. why wouldn't this be in the "berat.conf" ??
>
> thanks
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
That is the document root set in the server context, and it does not apply
when using a http:// link, since you have a *:80 vhost that will handle the
request.  Look at your vhost instead.

Re: [users@httpd] apache setup/config properly..

[Frank Gingras]

>
> #ww ProxyPass /berat http://127.0.0.1:3000/
> #ww ProxyPassReverse /berat http://127.0.0.1:3000/
>
> ##--- leave this alone.. it works jul22/24
> ## gets the 200 code for the content..
>  ProxyPass /berat http://127.0.0.1:3000/
>  ProxyPassReverse /berat http://127.0.0.1:3000/
>
> # ProxyPass /_next/static/chunks/
> http://198.211.116.12/berat/.next/static/chunks/
> # ProxyPassReverse /_next/static/chunks
> http://198.211.116.12/berat/.next/static/chunks/
>
> #test
>
> #ttest substitute below
>  RewriteEngine On
> SetOutputFilter INFLATE;proxy-html;SUBSTITUTE;DEFLATE;
> ProxyHTMLInterp On
> ProxyHTMLExtended Off
>
>
>   AddOutputFilterByType SUBSTITUTE text/html
> #text/xml text/javascript application/json
>   #Substitute "s|Ideal Experience|zz zz |"
>   Substitute "s|/_next/static/|\.\./\.next/static/|"
>
>  #Substitute "s|/_next/static/chunks|\.\./\.next/static/chunks|"
>  #ProxyPass /_next/static/   http://198.211.116.12/berat/.next/static/
>
>  #Substitute
> "s|/_next/image?url=%2Fhero.jpg&w=640&q=75|
> http://161.35.5.174/berat/public/hero2|i"
> # Substitute
> "s|/_next/image?url=\%2Fhero.jpg\&w=640\&q=75|\.\./public/hero2|i"
>
> #  Substitute
> "s|/_next/image?url=%2Fhero.jpg&w=750&q=75|
> http://161.35.5.174/berat/public/hero1|i"
> #  Substitute
> "s|/_next/image?url=\%2Fhero.jpg\&w=1920\&q=75|\.\./public/hero1|i"
>   Substitute
>
> "s|/_next/image\?url=\%2Fhero.jpg\&w=1920\&q=75|\.\./public/hero1|i"
>
> #  Substitute
> "s|/_next/image?url=\%2Fhero.jpg\&w=750\&q=75|\.\./public/hero1|i"
> #  Substitute
> "s|/_next/image?url=\%2Fhero.jpg\&w=1920\&q=75|\.\./public/hero1|i"
>
> #http://198.211.116.12
> #/_next/image?url=%2Fhero.jpg&w=1920&q=75
>
>
> #EnableSendfile off
> # test above
>
> #a RewriteCond %{HTTP:Connection} Upgrade [NC]
> #a RewriteCond %{HTTP:Upgrade} websocket [NC]
> #a RewriteRule /(.*) ws://127.0.0.1:3000/$1 [P,L]
>
>
> #a  AddOutputFilterByType SUBSTITUTE text/html text/xml
> text/javascript application/json
> #a  Substitute "s|1920|744|i"
> #a  Substitute "s|648|6488811|i"
>
>
>
> #test2
>  #ProxyPass /_next/image/http://161.35.5.174/berat/public/hero1
> #http://161.35.5.174/berat/public
> <http://161.35.5.174/berat/public/hero1#http://161.35.5.174/berat/public>
>  #ProxyPassReverse /_next/image/
> http://161.35.5.174/berat/public/hero1
> #http://161.35.5.174/berat/public
> <http://161.35.5.174/berat/public/hero1#http://161.35.5.174/berat/public>
>
>
> # ProxyPass "/_next/image?url=%2Fhero.jpg&w=750&q=75"
> http://161.35.5.174/berat/public/hero1
> # ProxyPassReverse "/_next/image?url=%2Fhero.jpg&w=750&q=75"
> http://161.35.5.174/berat/public/hero1
>
> # ProxyPass "/_next/image?url=/hero.jpg&w=640&q=75"
> http://161.35.5.174/berat/public/hero2
> # ProxyPassReverse "/_next/image?url=/hero.jpg&w=640&q=75"
> http://161.35.5.174/berat/public/hero2
>
>
>
> #DocumentRoot   /var/www/html/berat
>
>
> 
>
>   Header Set Pragma "no-cache"
>   Header Set Expires "Thu, 1 Jan 1970 00:00:00 GMT"
>   Header Set Cache-Control "max-age=0, no-store, no-cache, must-revalidate"
>   Header Unset ETag
>   FileETag None
>
> #ProxyRequests Off
> #ProxyPreserveHost On
> #
> #  Require all granted
> #
>
> #ProxyPass / http://127.0.0.1:3000/
>
>     #ProxyPassReverse / http://127.0.0.1:3000/
>
> #DirectoryIndex index.html index.php
>
> #Options -Indexes +FollowSymLinks +MultiViews
> Options +FollowSymLinks   +MultiViews
>
> AllowOverride All
> #Options -MultiViews
> #i think or 2.4 Order allow,deny
> #i think for 2.4 Allow from all
>
> #use for 2.4?
> Require all granted
> ##Options -Indexes +FollowSymLinks +MultiViews
> AllowOverride All Require all granted
>
>
> ##Options Indexes FollowSymLinks MultiViews
> ##Options -Indexes FollowSymlinks
> #Options FollowSymlinks
> #AllowOverride All
> ##Order allow,deny
> ##allow from all
> #Require all granted
>
>
>
>
> 
>
>

Re: [users@httpd] apache setup/config properly..

[Frank Gingras]

On Tue, Jul 23, 2024 at 6:39 PM bruce  wrote:

> My issue?
>
> I'm trying to understand why having what appears to be two copies of
> the same setup has one showing the dir/index, with the other showing
> the err that i expect..
>
> http://198.211.116.12/berat
> The server is temporarily unable to service your request due to
> maintenance downtime or capacity problems...
>
> the working srvr...
>
> --
>
> http://161.35.5.174/berat/
> Index of /berat
> [ICO]NameLast modifiedSizeDescription
> [PARENTDIR]Parent Directory -
> [TXT]README.md2024-07-21 22:20 1.0K
> [DIR]app/2024-07-21 22:20 -
> .
> .
> .
>
> the dir listing, instead of the "err" statement
> -from the 2nd/err server
>
>
> they should be the same output.
>
> the 2 systems are using the ipaddress as they're tmp servers..
>
> On Tue, Jul 23, 2024 at 5:25 PM Frank Gingras  wrote:
> >
> >
> >
> > On Tue, Jul 23, 2024 at 5:16 PM bruce  wrote:
> >>
> >> Hi Frank..
> >>
> >> The 2 test servers..have pretty much the same test sites/dirs in the
> >> /var/www/html dir...
> >>
> >> They have the same config files. I basically did a clone of the srvr
> >> from digital ocean..
> >>
> >> As a curiosity, I did a shutdown/restart of both test apache server,
> >> thinking the "tail -300 /var/logs/apache/error.log" would have pretty
> >> much the same output...
> >>
> >> I was wrong..
> >> the error apache is...
> >> [Tue Jul 23 21:05:02.477041 2024] [proxy:debug] [pid 189806]
> >> proxy_util.c(2214): AH00927: initializing worker
> >> http://161.35.5.174/berat/.next/static/chunks/ local
> >> [Tue Jul 23 21:05:02.477180 2024] [proxy:debug] [pid 189806]
> >> proxy_util.c(2262): AH00931: initialized single connection worker in
> >> child 189806 for (161.35.5.174:80)
> >> [Tue Jul 23 21:05:02.477194 2024] [proxy:debug] [pid 189806]
> >> proxy_util.c(2154): AH00925: initializing worker
> >> http://161.35.5.174/berat/.next/static/media/ shared
> >> [Tue Jul 23 21:05:02.477210 2024] [proxy:debug] [pid 189806]
> >> proxy_util.c(2214): AH00927: initializing worker
> >> http://161.35.5.174/berat/.next/static/media/ local
> >> [Tue Jul 23 21:05:02.477254 2024] [proxy:debug] [pid 189806]
> >> proxy_util.c(2262): AH00931: initialized single connection worker in
> >> child 189806 for (161.35.5.174:80)
> >> [Tue Jul 23 21:05:02.477259 2024] [proxy:debug] [pid 189806]
> >> proxy_util.c(2154): AH00925: initializing worker
> >> http://161.35.5.174/berat/public/down.svg shared
> >> [Tue Jul 23 21:05:02.477263 2024] [proxy:debug] [pid 189806]
> >> proxy_util.c(2214): AH00927: initializing worker
> >> http://161.35.5.174/berat/public/down.svg local
> >> [Tue Jul 23 21:05:02.477302 2024] [proxy:debug] [pid 189806]
> >> proxy_util.c(2262): AH00931: initialized single connection worker in
> >> child 189806 for (161.35.5.174:80)
> >> [Tue Jul 23 21:05:02.477318 2024] [proxy:debug] [pid 189806]
> >> proxy_util.c(2154): AH00925: initializing worker
> >> http://161.35.5.174/berat/public/logo.svg shared
> >> [Tue Jul 23 21:05:02.477329 2024] [proxy:debug] [pid 189806]
> >> proxy_util.c(2214): AH00927: initializing worker
> >> http://161.35.5.174/berat/public/logo.svg local
> >> [Tue Jul 23 21:05:02.477368 2024] [proxy:debug] [pid 189806]
> >> proxy_util.c(2262): AH00931: initialized single connection worker in
> >> child 189806 for (161.35.5.174:80)
> >> [Tue Jul 23 21:05:02.477373 2024] [proxy:debug] [pid 189806]
> >> proxy_util.c(2154): AH00925: initializing worker
> >> http://161.35.5.174/berat/publicfoo/ shared
> >> [Tue Jul 23 21:05:02.477377 2024] [proxy:debug] [pid 189806]
> >> proxy_util.c(2214): AH00927: initializing worker
> >> http://161.35.5.174/berat/publicfoo/ local
> >> [Tue Jul 23 21:05:02.477408 2024] [proxy:debug] [pid 189806]
> >> proxy_util.c(2262): AH00931: initialized single connection worker in
> >> child 189806 for (161.35.5.174:80)
> >> [Tue Jul 23 21:05:02.477413 2024] [proxy:debug] [pid 189806]
> >> proxy_util.c(2154): AH00925: initializing worker
> >> http://127.0.0.1:3000/ shared
> >> [Tue Jul 23 21:05:02.477424 2024] [proxy:debug] [pid 189806]
> >> proxy_util.c(2214): AH00927: initializing worker
> >> http://127.0.0.1:3000/ local
> >> [Tue Jul 23 21:05:02

Re: [users@httpd] apache setup/config properly..

[Frank Gingras]

448 2024] [deflate:debug] [pid 76009]
> mod_deflate.c(904): [client 143.110.222.166:57950] AH01384: Zlib:
> Compressed 4677 to 787 : URL /
> [Tue Jul 23 20:59:59.913291 2024] [mpm_prefork:notice] [pid 58743]
> AH00170: caught SIGWINCH, shutting down gracefully
> [Tue Jul 23 21:00:00.314389 2024] [proxy:debug] [pid 83188]
> proxy_util.c(2154): AH00925: initializing worker
> http://127.0.0.1:3000/ shared
> [Tue Jul 23 21:00:00.314465 2024] [proxy:debug] [pid 83188]
> proxy_util.c(2214): AH00927: initializing worker
> http://127.0.0.1:3000/ local
> [Tue Jul 23 21:00:00.314514 2024] [proxy:debug] [pid 83188]
> proxy_util.c(2262): AH00931: initialized single connection worker in
> child 83188 for (127.0.0.1:3000)
> [Tue Jul 23 21:00:00.321607 2024] [proxy:debug] [pid 83189]
> proxy_util.c(2154): AH00925: initializing worker
> http://127.0.0.1:3000/ shared
> [Tue Jul 23 21:00:00.321690 2024] [proxy:debug] [pid 83189]
> proxy_util.c(2214): AH00927: initializing worker
> http://127.0.0.1:3000/ local
> [Tue Jul 23 21:00:00.321747 2024] [proxy:debug] [pid 83189]
> proxy_util.c(2262): AH00931: initialized single connection worker in
> child 83189 for (127.0.0.1:3000)
> [Tue Jul 23 21:00:00.329192 2024] [proxy:debug] [pid 83190]
> proxy_util.c(2154): AH00925: initializing worker
> http://127.0.0.1:3000/ shared
> [Tue Jul 23 21:00:00.329269 2024] [proxy:debug] [pid 83190]
> proxy_util.c(2214): AH00927: initializing worker
> http://127.0.0.1:3000/ local
> [Tue Jul 23 21:00:00.329320 2024] [proxy:debug] [pid 83190]
> proxy_util.c(2262): AH00931: initialized single connection worker in
> child 83190 for (127.0.0.1:3000)
> [Tue Jul 23 21:00:00.333077 2024] [mpm_prefork:notice] [pid 83186]
> AH00163: Apache/2.4.58 (Ubuntu) configured -- resuming normal
> operations
> [Tue Jul 23 21:00:00.333201 2024] [core:notice] [pid 83186] AH00094:
> Command line: '/usr/sbin/apache2'
> [Tue Jul 23 21:00:00.335050 2024] [proxy:debug] [pid 83191]
> proxy_util.c(2154): AH00925: initializing worker
> http://127.0.0.1:3000/ shared
> [Tue Jul 23 21:00:00.335132 2024] [proxy:debug] [pid 83191]
> proxy_util.c(2214): AH00927: initializing worker
> http://127.0.0.1:3000/ local
> [Tue Jul 23 21:00:00.335196 2024] [proxy:debug] [pid 83191]
> proxy_util.c(2262): AH00931: initialized single connection worker in
> child 83191 for (127.0.0.1:3000)
> [Tue Jul 23 21:00:00.339094 2024] [proxy:debug] [pid 83192]
> proxy_util.c(2154): AH00925: initializing worker
> http://127.0.0.1:3000/ shared
> [Tue Jul 23 21:00:00.339160 2024] [proxy:debug] [pid 83192]
> proxy_util.c(2214): AH00927: initializing worker
> http://127.0.0.1:3000/ local
> [Tue Jul 23 21:00:00.339205 2024] [proxy:debug] [pid 83192]
> proxy_util.c(2262): AH00931: initialized single connection worker in
> child 83192 for (127.0.0.1:3000)
> r
>
> my question is...
> why/what is causing this in the err system???
> [Tue Jul 23 21:05:02.477373 2024] [proxy:debug] [pid 189806]
> proxy_util.c(2154): AH00925: initializing worker
> http://161.35.5.174/berat/publicfoo/ shared
> [Tue Jul 23 21:05:02.477377 2024] [proxy:debug] [pid 189806]
> proxy_util.c(2214): AH00927: initializing worker
> http://161.35.5.174/berat/publicfoo/ local
>
>
> On Tue, Jul 23, 2024 at 3:16 PM Frank Gingras  wrote:
> >
> >
> >
> > On Tue, Jul 23, 2024 at 2:40 PM bruce  wrote:
> >>
> >>  By vhosts, I'm assuming you mean the conf files in the
> >>  /etc/apache/sites-available
> >>  /etc/apache/sites-enabled
> >> dirs.
> >>
> >> I have a lot of these files. I had removed/copied then to a separate
> >> dir, and then did a global a2dissite * to test if this made a diff in
> >> that when I test the http://1.2.3.4/foo if I get an err.. instead of
> >> the app or the dir index.
> >>
> >> when I copy the files back to the dir.. and redo the a2ensite for all
> >> the test sites..
> >>
> >> apachectl -S
> >> AH00112: Warning: DocumentRoot [/var/www/html/berat_1] does not exist
> >> AH00112: Warning: DocumentRoot [/var/www/html/chainsafe2] does not exist
> >> AH00558: apache2: Could not reliably determine the server's fully
> >> qualified domain name, using 10.10.0.9. Set the 'ServerName' directive
> >> globally to suppress this message
> >> VirtualHost configuration:
> >> *:80   is a NameVirtualHost
> >>  default server temp22
> (/etc/apache2/sites-enabled/ajparrah.conf:1)
> >>  port 80 namevhost temp22
> (/etc/apache2/sites-enabled/ajparrah.conf:1)
> >>  alias temp
> >>  port 80 namevhost temp22
>

Re: [users@httpd] apache setup/config properly..

[Frank Gingras]

 alias temp
>  port 80 namevhost temp22
> (/etc/apache2/sites-enabled/minthcm.conf:1)
>  alias temp
>  port 80 namevhost temp22
> (/etc/apache2/sites-enabled/petronius.conf:1)
>  alias temp
>  port 80 namevhost temp22
> (/etc/apache2/sites-enabled/priyansh.conf:1)
>  alias temp
>  port 80 namevhost temp22
> (/etc/apache2/sites-enabled/sendportal.conf:1)
>  alias temp
>  port 80 namevhost temp22 (/etc/apache2/sites-enabled/snipe.conf:1)
>  alias temp
>  port 80 namevhost temp22
> (/etc/apache2/sites-enabled/uideck.conf:1)
>      alias temp
>  port 80 namevhost temp22
> (/etc/apache2/sites-enabled/userlp.conf:1)
>  alias temp
>  port 80 namevhost temp22 (/etc/apache2/sites-enabled/wave.conf:1)
>  alias temp
>  port 80 namevhost temp22
> (/etc/apache2/sites-enabled/zentaopms.conf:1)
>  alias temp
> ServerRoot: "/etc/apache2"
> Main DocumentRoot: "/var/www/html"
> Main ErrorLog: "/var/log/apache2/error.log"
> Mutex watchdog-callback: using_defaults
> Mutex rewrite-map: using_defaults
> Mutex proxy: using_defaults
> Mutex default: dir="/var/run/apache2/" mechanism=default
> Mutex mpm-accept: using_defaults
> PidFile: "/var/run/apache2/apache2.pid"
> Define: DUMP_VHOSTS
> Define: DUMP_RUN_CFG
> User: name="www-data" id=33
> Group: name="www-data" id=33
>
>
>
>
>
>
> On Tue, Jul 23, 2024 at 1:32 PM Frank Gingras  wrote:
> >
> >
> >
> > On Tue, Jul 23, 2024 at 1:29 PM bruce  wrote:
> >>
> >> Hi Frank.
> >>
> >> Thanks for reply.
> >>
> >> apachectl -S
> >> AH00558: apache2: Could not reliably determine the server's fully
> >> qualified domain name, using 10.10.0.9. Set the 'ServerName' directive
> >> globally to suppress this message
> >> VirtualHost configuration:
> >> ServerRoot: "/etc/apache2"
> >> Main DocumentRoot: "/var/www/html"
> >> Main ErrorLog: "/var/log/apache2/error.log"
> >> Mutex default: dir="/var/run/apache2/" mechanism=default
> >> Mutex mpm-accept: using_defaults
> >> Mutex watchdog-callback: using_defaults
> >> Mutex rewrite-map: using_defaults
> >> Mutex proxy: using_defaults
> >> PidFile: "/var/run/apache2/apache2.pid"
> >> Define: DUMP_VHOSTS
> >> Define: DUMP_RUN_CFG
> >> User: name="www-data" id=33
> >> Group: name="www-data" id=33
> >>
> >> As a test, I did a complete "a2edissite * to disable "all" test sites
> >> on the srvr that's weird.
> >>
> >> I expected that a 1.2.3.4/foo  in the browser would result in an err...
> >>
> >> Nope, it displayed the reg site.
> >>
> >> At the same time, the test site that displays the dir/ndx still
> >> displays the "dir/ndx" listing.
> >>
> >> Some research online shows that others have run into similar issues,
> >> but as of yet, I haven't figured out what I've done wrong.
> >>
> >> thanks
> >>
> >> On Tue, Jul 23, 2024 at 1:16 PM Frank Gingras 
> wrote:
> >> >
> >> >
> >> >
> >> > On Tue, Jul 23, 2024 at 12:07 PM bruce  wrote:
> >> >>
> >> >> ok.
> >> >>
> >> >> I've screwed something up...
> >> >>
> >> >> on the "working" test system
> >> >> I took a "working" test site, copied it to /var/www/html/mmm
> >> >>
> >> >> did a 1.2.3.4/mmm in the browser -- 1.2.3.4 points to the working
> test srvr..
> >> >>  and I get the
> >> >>   "The requested URL was not found on this server."
> >> >>(expected)..
> >> >>
> >> >> do the same thing on the "weird" test server...
> >> >>   and i get the copy of the running test site.. not the "err" for the
> >> >> "mmm" site dir..
> >> >>
> >> >> I'm missing something...
> >> >>  there is no "mmm.conf" for the mmm dir..
> >> >>  there's nothing under the list of the available sites for "mmm"
> >> >>  it's as if I've installed/enabled something that's screwing up
> >> >> Apache/setup/config.
> >> >>
> >> >> This could also explain why I'm getting the dir/index listing.
> >> >>
> >> >> thoughts?
> >> >>
> >> >> thanks
> >> >>
> >> >> ps. As a test, I copied/tested the "apache.conf" from the working
> srvr
> >> >> to the srvr that's screwing up... no change in action/behaviour.
> >> >> Also copied/tested the foo.conf from the working srvr to the test
> >> >> srvr, and re-enabled it and restarted apache..
> >> >>
> >> >> no behavior difference..
> >> >>
> >> >> -
> >> >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> >> >> For additional commands, e-mail: users-h...@httpd.apache.org
> >> >>
> >> >
> >> > Start by providing the output from apachectl -S.
> >> >
> >> > As for the directory listing, if you alias a directory and have no
> directory index file in the target, you *will* get a directory listing if
> Options +Indexes is set.
> >>
> >> -
> >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> >> For additional commands, e-mail: users-h...@httpd.apache.org
> >>
> >
> > Since you have no vhosts, the DocumentRoot, Alias and Directory
> directives in the server context will apply here.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
You had no *included* or *defined* virtual host, as per the previous
apachectl -S output.
In that case, everything happens in the server context.

Once you define vhosts, you have to add the relevant configuration in that
context.

Every single included/defined vhost on a given port requires a
distinct/unique ServerName set.

Re: [users@httpd] apache setup/config properly..

[Frank Gingras]

On Tue, Jul 23, 2024 at 1:29 PM bruce  wrote:

> Hi Frank.
>
> Thanks for reply.
>
> apachectl -S
> AH00558: apache2: Could not reliably determine the server's fully
> qualified domain name, using 10.10.0.9. Set the 'ServerName' directive
> globally to suppress this message
> VirtualHost configuration:
> ServerRoot: "/etc/apache2"
> Main DocumentRoot: "/var/www/html"
> Main ErrorLog: "/var/log/apache2/error.log"
> Mutex default: dir="/var/run/apache2/" mechanism=default
> Mutex mpm-accept: using_defaults
> Mutex watchdog-callback: using_defaults
> Mutex rewrite-map: using_defaults
> Mutex proxy: using_defaults
> PidFile: "/var/run/apache2/apache2.pid"
> Define: DUMP_VHOSTS
> Define: DUMP_RUN_CFG
> User: name="www-data" id=33
> Group: name="www-data" id=33
>
> As a test, I did a complete "a2edissite * to disable "all" test sites
> on the srvr that's weird.
>
> I expected that a 1.2.3.4/foo  in the browser would result in an err...
>
> Nope, it displayed the reg site.
>
> At the same time, the test site that displays the dir/ndx still
> displays the "dir/ndx" listing.
>
> Some research online shows that others have run into similar issues,
> but as of yet, I haven't figured out what I've done wrong.
>
> thanks
>
> On Tue, Jul 23, 2024 at 1:16 PM Frank Gingras  wrote:
> >
> >
> >
> > On Tue, Jul 23, 2024 at 12:07 PM bruce  wrote:
> >>
> >> ok.
> >>
> >> I've screwed something up...
> >>
> >> on the "working" test system
> >> I took a "working" test site, copied it to /var/www/html/mmm
> >>
> >> did a 1.2.3.4/mmm in the browser -- 1.2.3.4 points to the working test
> srvr..
> >>  and I get the
> >>   "The requested URL was not found on this server."
> >>(expected)..
> >>
> >> do the same thing on the "weird" test server...
> >>   and i get the copy of the running test site.. not the "err" for the
> >> "mmm" site dir..
> >>
> >> I'm missing something...
> >>  there is no "mmm.conf" for the mmm dir..
> >>  there's nothing under the list of the available sites for "mmm"
> >>  it's as if I've installed/enabled something that's screwing up
> >> Apache/setup/config.
> >>
> >> This could also explain why I'm getting the dir/index listing.
> >>
> >> thoughts?
> >>
> >> thanks
> >>
> >> ps. As a test, I copied/tested the "apache.conf" from the working srvr
> >> to the srvr that's screwing up... no change in action/behaviour.
> >> Also copied/tested the foo.conf from the working srvr to the test
> >> srvr, and re-enabled it and restarted apache..
> >>
> >> no behavior difference..
> >>
> >> -
> >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> >> For additional commands, e-mail: users-h...@httpd.apache.org
> >>
> >
> > Start by providing the output from apachectl -S.
> >
> > As for the directory listing, if you alias a directory and have no
> directory index file in the target, you *will* get a directory listing if
> Options +Indexes is set.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
Since you have no vhosts, the DocumentRoot, Alias and Directory directives
in the server context will apply here.

Re: [users@httpd] apache setup/config properly..

[Frank Gingras]

On Tue, Jul 23, 2024 at 12:07 PM bruce  wrote:

> ok.
>
> I've screwed something up...
>
> on the "working" test system
> I took a "working" test site, copied it to /var/www/html/mmm
>
> did a 1.2.3.4/mmm in the browser -- 1.2.3.4 points to the working test
> srvr..
>  and I get the
>   "The requested URL was not found on this server."
>(expected)..
>
> do the same thing on the "weird" test server...
>   and i get the copy of the running test site.. not the "err" for the
> "mmm" site dir..
>
> I'm missing something...
>  there is no "mmm.conf" for the mmm dir..
>  there's nothing under the list of the available sites for "mmm"
>  it's as if I've installed/enabled something that's screwing up
> Apache/setup/config.
>
> This could also explain why I'm getting the dir/index listing.
>
> thoughts?
>
> thanks
>
> ps. As a test, I copied/tested the "apache.conf" from the working srvr
> to the srvr that's screwing up... no change in action/behaviour.
> Also copied/tested the foo.conf from the working srvr to the test
> srvr, and re-enabled it and restarted apache..
>
> no behavior difference..
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
Start by providing the output from apachectl -S.

As for the directory listing, if you alias a directory and have no
directory index file in the target, you *will* get a directory listing if
Options +Indexes is set.

Re: [users@httpd] apache reverse proxy question -- i think

[Frank Gingras]

On Sat, Jul 13, 2024 at 5:25 AM Marc  wrote:

> You can't do this with something like alias?
>
> Alias "/images/logo.svg" "/var/www/html/berat/public/logo.svg"
>
> >
> > I'd like something like::
> >
> >ProxyPass /logo.svg   http://1.2.3.4/berat/public/logo.svg
> >ProxyPassReverse /logo.svg   http://1.2.3.4/berat/public/logo.svg
> > doesn't work
> >
> >ProxyPass logo.svg   http://1.2.3.4/berat/public/logo.svg
> >ProxyPassReverse logo.svg   http://1.2.3.4/berat/public/logo.svg
> >   doesn't work
> >
> > in the page source
> >href="/logo.svg"
> >
> >  which should redirect to --  /var/www/html/berat/public/logo.svg
> > or http://1.2.3.4/berat/public/logo.svg
> >
> > thanks
> >
> >
> >
> > >
> > >
> > >
> > >>
> > >> I have a situation where I'm trying to create a foo.config file for a
> > >> test apache app.
> > >>
> > >> in the html of the app, i have a href="/test.svg".
> > >>
> > >> the actual test.svg resides in the physical dir:
> > >>  /var/www/html/berat/public/test.svg
> > >>
> > >> so I'm trying to figure out how to handle this. As far as I can tell,
> > >> this is a reverse proxie issue
> > >>
> > >> but I can't do
> > >>
> > >> another
> > >>  ProxyPass '
> > >>
> > >>  as I'm already doing the following which works...
> > >>   ProxyPass / http://127.0.0.1:3000/
> > >>   ProxyPassReverse / http://127.0.0.1:3000/
> > >>
> > >>  is there some method that I trigger off the actual "filename"
> > >>
> > >> are there any pointers/examples you can point me to..
> > >>
> > >> This appears to be the last issue I'm grappling with.
> > >>
> > >> thanks
> > >>
>
>
If /logo.svg should be mapped, to  http://1.2.3.4/berat/public/logo.svg,
then use a single ProxyPass directive before the other:

ProxyPass /logo.svg http://1.2.3.4/berat/public/logo.svg

Re: [users@httpd] apache reverse proxy question -- i think

[Frank Gingras]

On Fri, Jul 12, 2024 at 6:12 PM bruce  wrote:

> I have a situation where I'm trying to create a foo.config file for a
> test apache app.
>
> in the html of the app, i have a href="/test.svg".
>
> the actual test.svg resides in the physical dir:
>  /var/www/html/berat/public/test.svg
>
> so I'm trying to figure out how to handle this. As far as I can tell,
> this is a reverse proxie issue
>
> but I can't do
>
> another
>  ProxyPass '
>
>  as I'm already doing the following which works...
>   ProxyPass / http://127.0.0.1:3000/
>   ProxyPassReverse / http://127.0.0.1:3000/
>
>  is there some method that I trigger off the actual "filename"
>
> are there any pointers/examples you can point me to..
>
> This appears to be the last issue I'm grappling with.
>
> thanks
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
You'll have to clarify what "trigger the filename" means, first.

Re: [users@httpd] reverse proxy setup

[Frank Gingras]

On Fri, Jul 12, 2024 at 5:49 AM bruce  wrote:

> A bit of progress...
>
> I can get the "content/data", but not the styles "css/js/etc.. as well
> as misc files...
>
> Looking over the browser/devtools/network, I see the styles comes from
> the following dirs:
>berat/public/
>berat/.next/static
>berat/.next/static/chunks/app/
>
> The test url --- http://161.35.5.174/berat
>
> the dir struct
>  /var/www/html/berat
>
> the berat.conf is
> 
> ServerAdmin f...@yahoo.com
> ServerName  temp22
> ServerAlias temp
>
> DocumentRoot   /var/www/html/berat
>
>  ProxyPass /berat http://127.0.0.1:3000/
>
>  ProxyPassReverse /berat http://127.0.0.1:3000/
>
>
> #DocumentRoot   /var/www/html/berat
>
>
> 
>
> #ProxyRequests Off
> #ProxyPreserveHost On
> #
> #  Require all granted
> #
>
> #ProxyPass / http://127.0.0.1:3000/
>
> #ProxyPassReverse / http://127.0.0.1:3000/
>
> #DirectoryIndex index.html index.php
>
> #Options -Indexes +FollowSymLinks +MultiViews
> Options +FollowSymLinks
>
> AllowOverride All
> Options -MultiViews
> #i think or 2.4 Order allow,deny
> #i think for 2.4 Allow from all
>
> #use for 2.4?
> Require all granted
> ##Options -Indexes +FollowSymLinks +MultiViews
> AllowOverride All Require all granted
>
>
> ##Options Indexes FollowSymLinks MultiViews
> ##Options -Indexes FollowSymlinks
> #Options FollowSymlinks
> #AllowOverride All
> ##Order allow,deny
> ##allow from all
> #Require all granted
> 
>
> ##Alias "/berat" "/var/www/html/berat/"
>
>
> LogLevel debug
> ErrorLog ${APACHE_LOG_DIR}/error.log
> CustomLog ${APACHE_LOG_DIR}/access.log combined
> 
>
> thoughts/pointers on how to "merge" the styles files from the other dirs?
>
> also, the favicon.ico doesn't seem to exist in the test dir tree!
>
>
> On Thu, Jul 11, 2024 at 3:06 PM bruce  wrote:
> >
> > right..
> >
> > and that appears to be from sending the "berat" to the PM2 server...
> >
> > when I test  -- curl http://127.0.0.1:3001/berat
> >  throws a "Internal Server Error"
> >
> > and when I examine the
> >  /root/.pm2/logs/waitlist-landing-page-error.log
> >  there appears to be a stacktrace/error data..
> >
> > so this might be due to screwed up berat.conf config file... which is
> > my expectation.
> >
> >
> > On Thu, Jul 11, 2024 at 2:59 PM Frank Gingras  wrote:
> > >
> > >
> > >
> > > On Thu, Jul 11, 2024 at 2:55 PM bruce  wrote:
> > >>
> > >> on the options.. ok. But I have no clue if they're the right options,
> > >> as I'm looking over numerous sites, and copious testing -- trial/error
> > >> to understand.
> > >>
> > >> there is no php involved, and the apache error log data I pasted
> > >> appears to be the relevant data
> > >>
> > >> On Thu, Jul 11, 2024 at 2:50 PM Frank Gingras 
> wrote:
> > >> >
> > >> >
> > >> >
> > >> > On Thu, Jul 11, 2024 at 2:41 PM bruce  wrote:
> > >> >>
> > >> >> Hi Frank!
> > >> >>
> > >> >> Again, thanks for all your replies... Hopefully, I'll eventually
> have
> > >> >> the "light" turn on!
> > >> >>
> > >> >> Here's updated information
> > >> >>  -updated berat,conf  -- for the virthost/config
> > >> >> -output from the  --  /var/logs/apache/error.log
> > >> >> -output from the ---  apachectl -S
> > >> >> and the display from the browser/url
> > >> >>
> > >> >> cat /etc/apache2/sites-available/berat.conf
> > >> >> 
> > >> >> ServerAdmin f...@yahoo.com
> > >> >> ServerName  temp22
> > >> >> ServerAlias temp
> > >> >>
> > >> >> DocumentRoot   /var/www/html/berat
> > >> >>
> > >> >>  ProxyPass / http://127.0.0.1:3000/
> > >> >>
> > >> >>  ProxyPassR

Re: [users@httpd] reverse proxy setup

[Frank Gingras]

On Thu, Jul 11, 2024 at 2:55 PM bruce  wrote:

> on the options.. ok. But I have no clue if they're the right options,
> as I'm looking over numerous sites, and copious testing -- trial/error
> to understand.
>
> there is no php involved, and the apache error log data I pasted
> appears to be the relevant data
>
> On Thu, Jul 11, 2024 at 2:50 PM Frank Gingras  wrote:
> >
> >
> >
> > On Thu, Jul 11, 2024 at 2:41 PM bruce  wrote:
> >>
> >> Hi Frank!
> >>
> >> Again, thanks for all your replies... Hopefully, I'll eventually have
> >> the "light" turn on!
> >>
> >> Here's updated information
> >>  -updated berat,conf  -- for the virthost/config
> >> -output from the  --  /var/logs/apache/error.log
> >> -output from the ---  apachectl -S
> >> and the display from the browser/url
> >>
> >> cat /etc/apache2/sites-available/berat.conf
> >> 
> >> ServerAdmin f...@yahoo.com
> >> ServerName  temp22
> >> ServerAlias temp
> >>
> >> DocumentRoot   /var/www/html/berat
> >>
> >>  ProxyPass / http://127.0.0.1:3000/
> >>
> >>  ProxyPassReverse / http://127.0.0.1:3000/
> >>
> >>
> >> 
> >>
> >> Options +FollowSymLinks
> >>
> >> AllowOverride All
> >> Options -MultiViews
> >>
> >> Require all granted
> >> ##Options -Indexes +FollowSymLinks +MultiViews
> >> AllowOverride All Require all granted
> >>
> >>
> >> 
> >>
> >> LogLevel debug
> >> ErrorLog ${APACHE_LOG_DIR}/error.log
> >> CustomLog ${APACHE_LOG_DIR}/access.log combined
> >> 
> >>
> >> 
> >> apachectl -S
> >> AH00558: apache2: Could not reliably determine the server's fully
> >> qualified domain name, using 10.10.0.9. Set the 'ServerName' directive
> >> globally to suppress this message
> >> VirtualHost configuration:
> >> *:80   is a NameVirtualHost
> >>  default server temp22
> >> (/etc/apache2/sites-enabled/berat.conf:1)<<<<<<<<<<<<<<<<<<<<
> >>  port 80 namevhost temp22
> >> (/etc/apache2/sites-enabled/berat.conf:1) <<<<<<<<<<<<<<<<<<<<
> >>  alias temp
> >>  port 80 namevhost temp22
> (/etc/apache2/sites-enabled/dolibarr.conf:1)
> >>  alias temp
> >>  port 80 namevhost temp22
> (/etc/apache2/sites-enabled/domainmod.conf:1)
> >>  alias temp
> >>  port 80 namevhost temp22
> (/etc/apache2/sites-enabled/drougnov.conf:1)
> >>  alias temp
> >>  port 80 namevhost temp22
> (/etc/apache2/sites-enabled/filgeary.conf:1)
> >>  alias temp
> >>  port 80 namevhost temp22
> (/etc/apache2/sites-enabled/flatpress.conf:1)
> >>  alias temp
> >>  port 80 namevhost temp22
> (/etc/apache2/sites-enabled/freescout.conf:1)
> >>  alias temp
> >>  port 80 namevhost temp22
> (/etc/apache2/sites-enabled/glozzome.conf:1)
> >>  alias temp
> >>  port 80 namevhost temp22
> >> (/etc/apache2/sites-enabled/invoiceninja.conf:1)
> >>  alias temp
> >>  port 80 namevhost temp22
> >> (/etc/apache2/sites-enabled/invoiceplane.conf:1)
> >>  alias temp
> >>  port 80 namevhost temp22
> (/etc/apache2/sites-enabled/larap.conf:1)
> >>  alias temp
> >>  port 80 namevhost temp22
> (/etc/apache2/sites-enabled/mantisbt.conf:1)
> >>  alias temp
> >>  port 80 namevhost temp22
> (/etc/apache2/sites-enabled/matomo.conf:1)
> >>  alias temp
> >>  port 80 namevhost temp22
> (/etc/apache2/sites-enabled/minthcm.conf:1)
> >>  alias temp
> >>  port 80 namevhost temp22
> (/etc/apache2/sites-enabled/petronius.conf:1)
> >>  alias temp
> >>  port 80 namevhost temp22
> (/etc/apache2/sites-enabled/priyansh.conf:1)
> >>  alias temp

Re: [users@httpd] reverse proxy setup

[Frank Gingras]

emp
> >  port 80 namevhost temp22
> (/etc/apache2/sites-enabled/userlp.conf:1)
> >  alias temp
> >  port 80 namevhost temp22
> (/etc/apache2/sites-enabled/wave.conf:1)
> >  alias temp
> >  port 80 namevhost temp22
> (/etc/apache2/sites-enabled/zentaopms.conf:1)
> >  alias temp
> > ServerRoot: "/etc/apache2"
> > Main DocumentRoot: "/var/www/html"
> > Main ErrorLog: "/var/log/apache2/error.log"
> > Mutex default: dir="/var/run/apache2/" mechanism=default
> > Mutex mpm-accept: using_defaults
> > Mutex watchdog-callback: using_defaults
> > Mutex rewrite-map: using_defaults
> > Mutex proxy: using_defaults
> > PidFile: "/var/run/apache2/apache2.pid"
> > Define: DUMP_VHOSTS
> > Define: DUMP_RUN_CFG
> > User: name="www-data" id=33
> > Group: name="www-data" id=33
> > //
> >
> > more /var/logs/apache2/error.log
> > [Thu Jul 11 18:34:26.962982 2024] [proxy:debug] [pid 75271]
> > proxy_util.c(2154): AH00925: initializing worker
> > http://127.0.0.1:3000/ shared
> > [Thu Jul 11 18:34:26.963057 2024] [proxy:debug] [pid 75271]
> > proxy_util.c(2214): AH00927: initializing worker
> > http://127.0.0.1:3000/ local
> > [Thu Jul 11 18:34:26.963128 2024] [proxy:debug] [pid 75271]
> > proxy_util.c(2262): AH00931: initialized single connection worker in
> > child 75271 for (127.0.0.1:3000)
> > [Thu Jul 11 18:34:36.463332 2024] [authz_core:debug] [pid 75267]
> > mod_authz_core.c(843): [client 162.234.196.167:60276] AH01628:
> > authorization result: granted (no directives)
> > [Thu Jul 11 18:34:36.463485 2024] [proxy:debug] [pid 75267]
> > mod_proxy.c(1521): [client 162.234.196.167:60276] AH01143: Running
> > scheme http handler (attempt 0)
> > [Thu Jul 11 18:34:36.463499 2024] [proxy:debug] [pid 75267]
> > proxy_util.c(2576): AH00942: http: has acquired connection for
> > (127.0.0.1:3000)
> > [Thu Jul 11 18:34:36.463530 2024] [proxy:debug] [pid 75267]
> > proxy_util.c(2641): [client 162.234.196.167:60276] AH00944: connecting
> > http://127.0.0.1:3000/berat to 127.0.0.1:3000
> > [Thu Jul 11 18:34:36.463645 2024] [proxy:debug] [pid 75267]
> > proxy_util.c(2864): [client 162.234.196.167:60276] AH00947: connected
> > /berat to 127.0.0.1:3000
> > [Thu Jul 11 18:34:36.464155 2024] [proxy:debug] [pid 75267]
> > proxy_util.c(3336): AH02824: http: connection established with
> > 127.0.0.1:3000 (127.0.0.1:3000)
> > [Thu Jul 11 18:34:36.464203 2024] [proxy:debug] [pid 75267]
> > proxy_util.c(3525): AH00962: http: connection complete to
> > 127.0.0.1:3000 (127.0.0.1)
> > [Thu Jul 11 18:34:36.466804 2024] [proxy:debug] [pid 75267]
> > proxy_util.c(2592): AH00943: http: has released connection for
> > (127.0.0.1:3000)
> >
> >
> >
> > when accessing the server, running the PM2 server, and using curl..
> >
> > curl http://127.0.0.1:3001
> >  this generates the data/content.. which should (hopefully)
> >  be returned/displayed in the browser
> >
> > but for now..
> > http://161.35.5.174/berat
> >
> >  gets --->> "Internal Server Error"
> >
> >
> > On Thu, Jul 11, 2024 at 1:06 PM Frank Gingras  wrote:
> > >
> > >
> > >
> > > On Thu, Jul 11, 2024 at 12:43 PM bruce  wrote:
> > >>
> > >> updated typo..
> > >>
> > >> weird thing now.. based on the current/listed apache conf file...
> > >> i get the"Internal Server Error" page now..
> > >>
> > >> On Thu, Jul 11, 2024 at 12:39 PM bruce  wrote:
> > >> >
> > >> > Hi Frank,
> > >> >
> > >> > Thanks for the reply.
> > >> >
> > >> > I'm still going through suggestions, as well as information from
> other
> > >> > sites. I'm still confused, and think I might be making things worse.
> > >> >
> > >> > Not sure if this is accepted as a question, but if you have
> > >> > apache/proxy skills, are you up for making a few $$!
> > >> >
> > >> > I'm thinking this is reasonably simple, but I'm missing something.
> > >> >
> > >> > The test server has multiple test apps, running off subfolders
> > >> > /var/www/html/test1
> > >> > /var/www/html/test2
> > >> > /var/www/html/berat
> > >

Re: [users@httpd] reverse proxy setup

[Frank Gingras]

name="www-data" id=33
> //
>
> more /var/logs/apache2/error.log
> [Thu Jul 11 18:34:26.962982 2024] [proxy:debug] [pid 75271]
> proxy_util.c(2154): AH00925: initializing worker
> http://127.0.0.1:3000/ shared
> [Thu Jul 11 18:34:26.963057 2024] [proxy:debug] [pid 75271]
> proxy_util.c(2214): AH00927: initializing worker
> http://127.0.0.1:3000/ local
> [Thu Jul 11 18:34:26.963128 2024] [proxy:debug] [pid 75271]
> proxy_util.c(2262): AH00931: initialized single connection worker in
> child 75271 for (127.0.0.1:3000)
> [Thu Jul 11 18:34:36.463332 2024] [authz_core:debug] [pid 75267]
> mod_authz_core.c(843): [client 162.234.196.167:60276] AH01628:
> authorization result: granted (no directives)
> [Thu Jul 11 18:34:36.463485 2024] [proxy:debug] [pid 75267]
> mod_proxy.c(1521): [client 162.234.196.167:60276] AH01143: Running
> scheme http handler (attempt 0)
> [Thu Jul 11 18:34:36.463499 2024] [proxy:debug] [pid 75267]
> proxy_util.c(2576): AH00942: http: has acquired connection for
> (127.0.0.1:3000)
> [Thu Jul 11 18:34:36.463530 2024] [proxy:debug] [pid 75267]
> proxy_util.c(2641): [client 162.234.196.167:60276] AH00944: connecting
> http://127.0.0.1:3000/berat to 127.0.0.1:3000
> [Thu Jul 11 18:34:36.463645 2024] [proxy:debug] [pid 75267]
> proxy_util.c(2864): [client 162.234.196.167:60276] AH00947: connected
> /berat to 127.0.0.1:3000
> [Thu Jul 11 18:34:36.464155 2024] [proxy:debug] [pid 75267]
> proxy_util.c(3336): AH02824: http: connection established with
> 127.0.0.1:3000 (127.0.0.1:3000)
> [Thu Jul 11 18:34:36.464203 2024] [proxy:debug] [pid 75267]
> proxy_util.c(3525): AH00962: http: connection complete to
> 127.0.0.1:3000 (127.0.0.1)
> [Thu Jul 11 18:34:36.466804 2024] [proxy:debug] [pid 75267]
> proxy_util.c(2592): AH00943: http: has released connection for
> (127.0.0.1:3000)
>
>
>
> when accessing the server, running the PM2 server, and using curl..
>
> curl http://127.0.0.1:3001
>  this generates the data/content.. which should (hopefully)
>  be returned/displayed in the browser
>
> but for now..
> http://161.35.5.174/berat
>
>  gets --->> "Internal Server Error"
>
>
> On Thu, Jul 11, 2024 at 1:06 PM Frank Gingras  wrote:
> >
> >
> >
> > On Thu, Jul 11, 2024 at 12:43 PM bruce  wrote:
> >>
> >> updated typo..
> >>
> >> weird thing now.. based on the current/listed apache conf file...
> >> i get the"Internal Server Error" page now..
> >>
> >> On Thu, Jul 11, 2024 at 12:39 PM bruce  wrote:
> >> >
> >> > Hi Frank,
> >> >
> >> > Thanks for the reply.
> >> >
> >> > I'm still going through suggestions, as well as information from other
> >> > sites. I'm still confused, and think I might be making things worse.
> >> >
> >> > Not sure if this is accepted as a question, but if you have
> >> > apache/proxy skills, are you up for making a few $$!
> >> >
> >> > I'm thinking this is reasonably simple, but I'm missing something.
> >> >
> >> > The test server has multiple test apps, running off subfolders
> >> > /var/www/html/test1
> >> > /var/www/html/test2
> >> > /var/www/html/berat
> >> >
> >> > Right now, for the test "berat" app, the changes I made are generating
> >> > an internal 500 server error.
> >> >
> >> > The test url -- http://161.35.5.174/berat
> >> >
> >> > Thanks for your pointers/insight!
> >> >
> >> > weird thing now.. based on the current/listed apache conf file...
> >> > i get the base "ubuntu/apache" default page now..
> >> >  --the "berat" is trimed...
> >> >
> >> > =
> >> > cat /etc/apache2/sites-available/berat.conf
> >> > 
> >> > ServerAdmin f...@yahoo.com
> >> > ServerName  temp22
> >> > ServerAlias temp
> >> >
> >> > DocumentRoot   /var/www/html/berat
> >> >
> >> >  ProxyPass / http://127.0.0.1:3000/
> >> >
> >> >  ProxyPassReverse / http://127.0.0.1:3000/
> >> >
> >> >
> >> >     #DocumentRoot   /var/www/html/berat
> >> >
> >> >
> >> > 
> >> >
> >> > #ProxyRequests Off
> >> > #ProxyPreserveHost On
> 

Re: [users@httpd] reverse proxy setup

[Frank Gingras]

On Thu, Jul 11, 2024 at 12:43 PM bruce  wrote:

> updated typo..
>
> weird thing now.. based on the current/listed apache conf file...
> i get the"Internal Server Error" page now..
>
> On Thu, Jul 11, 2024 at 12:39 PM bruce  wrote:
> >
> > Hi Frank,
> >
> > Thanks for the reply.
> >
> > I'm still going through suggestions, as well as information from other
> > sites. I'm still confused, and think I might be making things worse.
> >
> > Not sure if this is accepted as a question, but if you have
> > apache/proxy skills, are you up for making a few $$!
> >
> > I'm thinking this is reasonably simple, but I'm missing something.
> >
> > The test server has multiple test apps, running off subfolders
> > /var/www/html/test1
> > /var/www/html/test2
> > /var/www/html/berat
> >
> > Right now, for the test "berat" app, the changes I made are generating
> > an internal 500 server error.
> >
> > The test url -- http://161.35.5.174/berat
> >
> > Thanks for your pointers/insight!
> >
> > weird thing now.. based on the current/listed apache conf file...
> > i get the base "ubuntu/apache" default page now..
> >  --the "berat" is trimed...
> >
> > =
> > cat /etc/apache2/sites-available/berat.conf
> > 
> > ServerAdmin f...@yahoo.com
> > ServerName  temp22
> > ServerAlias temp
> >
> > DocumentRoot   /var/www/html/berat
> >
> >  ProxyPass / http://127.0.0.1:3000/
> >
> >  ProxyPassReverse / http://127.0.0.1:3000/
> >
> >
> > #DocumentRoot   /var/www/html/berat
> >
> >
> > 
> >
> > #ProxyRequests Off
> > #ProxyPreserveHost On
> > #
> > #  Require all granted
> > #
> >
> > #ProxyPass / http://127.0.0.1:3000/
> >
> > #ProxyPassReverse / http://127.0.0.1:3000/
> >
> > #DirectoryIndex index.html index.php
> >
> > #Options -Indexes +FollowSymLinks +MultiViews
> > Options +FollowSymLinks
> >
> > AllowOverride All
> > Options -MultiViews
> > Order allow,deny
> > Allow from all
> >
> > #Require all granted
> > ##Options -Indexes +FollowSymLinks +MultiViews
> > AllowOverride All Require all granted
> >
> >
> >     ##Options Indexes FollowSymLinks MultiViews
> > ##Options -Indexes FollowSymlinks
> > #Options FollowSymlinks
> > #AllowOverride All
> > ##Order allow,deny
> > ##allow from all
> > #Require all granted
> > 
> >
> > ##Alias "/berat" "/var/www/html/berat/"
> >
> >
> > LogLevel debug
> > ErrorLog ${APACHE_LOG_DIR}/error.log
> > CustomLog ${APACHE_LOG_DIR}/access.log combined
> > 
> >
> > On Thu, Jul 11, 2024 at 9:40 AM Frank Gingras  wrote:
> > >
> > >
> > >
> > > On Thu, Jul 11, 2024 at 8:02 AM Marc  wrote:
> > >>
> > >>  I am testing a bit with this:
> > >>
> > >>  32 
> > >>  33 # files are still loaded from default host
> > >>  34 Define defaulthost ""
> > >>  35 Define proxyhost ""
> > >>  36
> > >>  37 ProxyPreserveHost Off
> > >>  38 ProxyAddHeaders On
> > >>  39 SetOutputFilter  proxy-html
> > >>  40 ProxyHTMLEnable On
> > >>  41 ProxyHTMLExtended On
> > >>  42
> > >>  43 ProxyPass"https://${proxyhost}/";
> > >>  44 ProxyPassReverse "https://${proxyhost}/";
> > >>  45
> > >>  46 ProxyPassReverseCookieDomain "${proxyhost}"
> "${defaulthost}"
> > >>  47 ProxyPassReverseCookiePath   "/" "//"
> > >>  48
> > >>  49 Header edit Set-Cookie ^(.*)$
> $1;HttpOnly;Secure;SameSite=None
> > >>  50
> > >>  51 ProxyHTMLURLMap https://${proxyhost}/ https://
> ${defaulthost}/
> > >>  52
> > >>  53 Options +ExecCGI +FollowSymLinks -Mul

Re: [users@httpd] Simulating rewrite rules?

[Frank Gingras]

On Thu, Jul 11, 2024 at 4:49 AM Marc  wrote:

> >
> > RewriteCond %{HTTP_USER_AGENT} ^$
> > [OR]
> > RewriteCond %{HTTP_USER_AGENT} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).*
> > [NC,OR]
> > RewriteCond %{HTTP_USER_AGENT}
> > ^.*(HTTrack|clshttp|archiver|loader|email|nikto|miner|python).* [NC,OR]
> > RewriteCond %{HTTP_USER_AGENT} ^.*(winhttp|libwww\-
> > perl|curl|wget|harvest|scan|grab|extract).* [NC,OR]
> > RewriteCond %{HTTP_USER_AGENT}
> > ^.*(Googlebot|SemrushBot|PetalBot|Bytespider|bingbot).* [NC]
> > RewriteRule (.*)https://guardiandigital.com/$1 [L,R=301]
> >
> >
> > SetEnvIf user-agent "(?i:GoogleBot)" googlebot=1
> > SetEnvIf user-agent "(?i:SemrushBot)" googlebot=1
> > SetEnvIf user-agent "(?i:PetalBot)" googlebot=1
> > SetEnvIf user-agent "(?i:Bytespider)" googlebot=1
> > SetEnvIf user-agent "(?i:bingbot)" googlebot=1
> >
> >
> >   
> > Require ip 1.2.3.4
> > Require env googlebot
> >   
> >
>
> I would think that mod_security is more efficient for this
> SecRule REQUEST_HEADERS:User-Agent ""
> "id:'13006',phase:2,log,deny,status:200"
>
> Why allow SemrushBot, PetalBot and Bytespider? If they don't give you
> traffic, block them. Better add things for yandex and duckduckgo.
> Duckduckgo is getting better than google. Maybe start looking for ai
> crawlers also.
>
> > I was also originally trying to associate the rewriterules with the
> > requireany using  but then realized I didn't even have to do that -
> > it would just automatically get processed independently. It looks so
> > simple now, but took me a while to make it this simple.
> >
> >
>
> What also helps is blocking these clouds, just get their ip ranges
>
> - amazon
> - googleusercontent
> - digital ocean
> - ovh
>
>
>
> PS. Don't give google the credit to have bot variable named after them ;).
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org


The follow bit:

"has to appear in .htaccess because it's processed after the virtualhost
config and any requireall/requireany entries are overridden that already
appear there"

Makes no sense.  You can just create your vhost properly to produce the
expected behaviour.

Re: [users@httpd] Stripping trailing slashes (again)

[Frank Gingras]

On Thu, Jul 11, 2024 at 6:55 AM Konstantin Kolinko 
wrote:

> чт, 13 июн. 2024 г. в 17:41, Dave Wreski  .invalid>:
> >
> > Hi,
> >
> > Some time ago I requested help with a rewrite rule to strip trailing
> slash(es) from all URLs in our joomla website, but I'm still having
> problems. This is the rule I am currently working with:
> >
> > RewriteRule ^(.*)/+$ https://linuxsecurity.com$1 [R=301,L]
> >
> > It works fine for any URL other than the homepage. Somehow for the
> homepage it creates an infinite loop, despite using "L", so perhaps I don't
> understand what it's doing. The (.*) is supposed to match any character,
> but there wouldn't be any preceding elements for the homepage.
> >
> > The problem as I see it is that, for the homepage, (.*) would be null,
> so $1 would also be null? This then creates the same URL as the one we're
> trying to fix.
>
> (.*) means "any character, 0 or more times".
> "0 times" here means that it matches an empty string. (Technically, it
> is an empty string, not null).
>
> URL for the home page is "/".
>
> (The first line of an HTTP 1.x request will be "GET / HTTP/1.1".
> By definition of the protocol, there has to be some text between the
> verb (GET) and the version.)
>
> A possible solution that I see is to make the first '/' explicit.
> adding it both to the regexp and to the replacement string:
>
>   RewriteRule ^/(.*)/+$ https://linuxsecurity.com/$1 [R=301,L]
>
> Alternatively, use '+' instead of '*' (meaning 1 or more times):
>
>   RewriteRule ^(.+)/+$ https://linuxsecurity.com$1 [R=301,L]
>
> Best regards,
> Konstantin Kolinko
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
You're missing a key part of the engine here; in the per-directory context,
the leading / cannot be matched.  Per-directory means either .htaccess,
 or .  To make the rule work in both server and
per-directory context, use the conditional modifier:

^/?()

To stop loops, add a proper RewriteCond directive prior, and exclude
whatever URI you need.

Re: [users@httpd] reverse proxy setup

[Frank Gingras]

On Thu, Jul 11, 2024 at 8:02 AM Marc  wrote:

>  I am testing a bit with this:
>
>  32 
>  33 # files are still loaded from default host
>  34 Define defaulthost ""
>  35 Define proxyhost ""
>  36
>  37 ProxyPreserveHost Off
>  38 ProxyAddHeaders On
>  39 SetOutputFilter  proxy-html
>  40 ProxyHTMLEnable On
>  41 ProxyHTMLExtended On
>  42
>  43 ProxyPass"https://${proxyhost}/";
>  44 ProxyPassReverse "https://${proxyhost}/";
>  45
>  46 ProxyPassReverseCookieDomain "${proxyhost}" "${defaulthost}"
>  47 ProxyPassReverseCookiePath   "/" "//"
>  48
>  49 Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure;SameSite=None
>  50
>  51 ProxyHTMLURLMap https://${proxyhost}/ https://
> ${defaulthost}/
>  52
>  53 Options +ExecCGI +FollowSymLinks -MultiViews
>  54 
>
> > -Original Message-
> > From: bruce 
> > Sent: Thursday, 11 July 2024 13:20
> > To: users@httpd.apache.org
> > Subject: [users@httpd] reverse proxy setup
> >
> > Hi.
> >
> > Testing a github app that appears to use/require reverse proxy to
> > display results on the browser.
> >
> > The basic app uses npm/nextjs to generate content, Per different
> > sites, the process uses PM2 to run the process, and to be able to show
> > the content via an internal/local "server". This is accessed via  --
> > http://127.0.0.1:3000.
> >
> > Using curl on the local/test server, content can be accessed via the site
> >  curl  http://127.0.0.1:3000.
> >
> > My issue now, is how to create the Apache conf to be able to have the
> > user at http://1.2.3.4/berat, be able to display the content. This
> > requires somehow setting up the reverse proxy process, in the VirtHost
> > of the config file. The test site is being run from a subdir
> >   /var/www/html/berat <<<
> >
> > Researching/testing hasn't had the light go off yet!
> >
> > Here's what I've got, but it's not correct.
> >
> > Pointers would be useful. (and possible explanation!)
> >
> > cat /etc/apache2/sites-available/berat.conf
> > 
> > ServerAdmin f...@yahoo.com
> > ServerName  temp22
> > ServerAlias temp
> >
> > DocumentRoot   /var/www/html/berat
> >
> > ProxyRequests Off
> > ProxyPreserveHost On
> > 
> > Require all granted
> > 
> >
> > ProxyPreserveHost On
> >
> > 
> >   ProxyPreserveHost Off
> >   ProxyErrorOverride Off
> > 
> >
> >  #ProxyPass/api/system-a/
> > https://external-domain.example2.org/system-a/
> >
> >  ProxyPass /berat http://127.0.0.1:3000/
> >
> >  ProxyPassReverse /berat http://127.0.0.1:3000/
> >
> >
> > #DocumentRoot   /var/www/html/berat
> >
> >
> > 
> >
> > #ProxyRequests Off
> > #ProxyPreserveHost On
> > #
> > #  Require all granted
> > #
> >
> > #ProxyPass / http://127.0.0.1:3000/
> >
> > #ProxyPassReverse / http://127.0.0.1:3000/
> >
> > #DirectoryIndex index.html index.php
> >
> > #Options -Indexes +FollowSymLinks +MultiViews
> > Options +FollowSymLinks
> >
> > AllowOverride All
> > Require all granted
> > ##Options -Indexes +FollowSymLinks +MultiViews
> > AllowOverride All Require all granted
> >
> >
> > ##Options Indexes FollowSymLinks MultiViews
> > ##Options -Indexes FollowSymlinks
> > #Options FollowSymlinks
> > #AllowOverride All
> > ##Order allow,deny
> > ##allow from all
> > #Require all granted
> > 
> >
> > ##Alias "/berat" "/var/www/html/berat/"
> >
> >
> > LogLevel debug
> > ErrorLog ${APACHE_LOG_DIR}/error.log
> > CustomLog ${APACHE_LOG_DIR}/access.log combined
> > 
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> > For additional commands, e-mail: users-h...@httpd.apache.org
>
>
A couple points here:

1) Avoid proxying from  blocks, unless you have a good reason to
2) Always match the trailing slashes when proxying or redirecting, i.e.
/foo -> /foo and /foo/ -> /foo/
3)  is for forward proxies, so remove that

Re: [users@httpd] Simulating rewrite rules?

[Frank Gingras]

On Tue, Jul 9, 2024 at 9:11 AM Dave Wreski
 wrote:

> Hi, I have the following rewrite rule in place on one of our staging sites
> to redirect bots and malicious scripts to our corporate page:
>
>   RewriteCond %{HTTP_USER_AGENT}
> ^$  [OR]
>   RewriteCond %{HTTP_USER_AGENT}
> ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).*[NC,OR]
>   RewriteCond %{HTTP_USER_AGENT}
> ^.*(HTTrack|clshttp|archiver|loader|email|nikto|miner|python).* [NC,OR]
>   RewriteCond %{HTTP_USER_AGENT}
> ^.*(winhttp|libwww\-perl|curl|wget|harvest|scan|grab|extract).* [NC,OR]
>   RewriteCond %{HTTP_USER_AGENT}
> ^.*(Googlebot|SemrushBot|PetalBot|Bytespider|bingbot).* [NC]
>   RewriteRule (.*)https://guardiandigital.com$1 [L,R=301]
>
> However, it doesn't appear to always work properly:
>
> 66.249.68.6 - - [08/Jul/2024:11:43:41 -0400] "GET /robots.txt HTTP/1.1"
> 200 343 r:"-" "Mozilla/5.0 (compatible; Googlebot/2.1; +
> http://www.google.com/bot.html)" 0/5493 1145/6615/343 H:HTTP/1.1
> U:/robots.txt s:200
>
> Instead of making changes to my rules then having to wait until the
> condition is met (Googlebot scans the site again), I'd like to simulate the
> above request against my ruleset to see if it matches. Is this possible?
>
> Thanks,
> Dave
>
>
>
For the user agent, just install an extension in your browser to "fake" the
value, and make a HTTP request.  Alternatively, you can use curl as well.

Re: [users@httpd] VirtualHost with ServerAlias and SSLCertificateFile no friends?

[Frank Gingras]

On Mon, Jul 8, 2024 at 4:18 AM Michael Osipov  wrote:

> On 2024/07/04 13:57:06 Frank Gingras wrote:
> > On Thu, Jul 4, 2024 at 8:44 AM Michael Osipov 
> wrote:
> >
> > > Folks,
> > >
> > > please consider the following example:
> > > > 
> > > > ServerAdmin m...@example.com
> > > > ServerName foo.example.com
> > > > ServerAlias foo.sub.example.net
> > > > DocumentRoot /usr/local/www/apache24/data
> > > > ErrorLog "/var/log/apache/foo-ssl-errors.log"
> > > > CustomLog "/var/log/apache/foo-ssl-access.log" common
> > > >
> > > > SSLEngine On
> > > > SSLCertificateFile /etc/ssl/foo.example.com/cert.crt
> > > > SSLCertificateKeyFile /etc/ssl/foo.example.com/key.crt
> > > > SSLCertificateFile /etc/ssl/foo.sub.example.net/cert.crt
> > > > SSLCertificateKeyFile /etc/ssl/foo.sub.example.net/key.crt
> > > >
> > > > Include "..."
> > > > 
> > >
> > > I'd like to run a single vhost serving the same content under multiple
> > > FQDNs to the users
> > >
> > > As far as I understand mod_ssl it does not seem to support to have SNI
> on
> > > a single vhost with multiple hostnames. I get error messages in the log
> > > file.
> > > I am running "Apache/2.4.59 (FreeBSD) OpenSSL/1.1.1w-freebsd".
> > > FWIW: the same concept is support with Tomcat: One connector, one
> default
> > > host, aliases and several SSLHostConfig elements.
> > > Is the approach to run two vhosts here? I am sure that a SAN
> certificate
> > > will do the trick, but for €€€ reasons I won' able to order one.
> > >
> > > Michael
> > >
> > > -
> > > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> > > For additional commands, e-mail: users-h...@httpd.apache.org
> > >
> > >
> > In that case, define separate :443 vhosts for each name, and redirect to
> > the main one.
>
> As sad it is sounds and also looking into the source code there is no
> alternative to duplicate it.
> There is a long standing issue open in Bugzilla:
> https://bz.apache.org/bugzilla/show_bug.cgi?id=61081
>
> At least the docs should tell that using ServerAlias requires a SAN
> certificate to function properly.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
Your options were always to use a wildcard certificate, or a SAN.  This
falls more into the common knowledge of TLS and certificates.

mod_ssl does tie in to openssl, sure, but explaining every concept isn't
the role of the docs.

That being said, a small note to that effect should not be harmful, I will
see if the docs team can come up with some alteration.

Re: [users@httpd] VirtualHost with ServerAlias and SSLCertificateFile no friends?

[Frank Gingras]

On Sun, Jul 7, 2024 at 5:09 AM rexkogit...@gmx.at.INVALID
 wrote:

> Hi,
>
> well, Apache httpd uses SNI to decide which vhost to use. Otherwise, it
> would not even be possible to have multiple TLS secured domains on the same
> port. However, this is indeed possible, but you have to put the into
> multiple vhosts. These vhosts can be as similar as they share everything
> but the TLS certificate files and ServerNames. They can have the same
> DocumentRoot and so on.
>
> Otherwise, you could also try Haproxy infront of Apache.  Haproxy supports
> SNI and can perform TLS offloading, so that the Apache webserver is to be
> configured with HTTP only.
>
> Kind regards,
> rexkogitans.
> Am 05.07.24 um 16:28 schrieb Frank Gingras:
>
>
>
> On Fri, Jul 5, 2024 at 10:23 AM rexkogit...@gmx.at.INVALID
>   wrote:
>
>> Hi Michael,
>>
>>
>> you can add any number of domain names to a TLS certificate. These
>> entries are known as  SAN (Subject Alternative Name). So, you want a single
>> TLS certificate with multiple domain names instead of multiple TLS
>> certificates each with a single domain name.
>>
>>
>> Kind regards,
>> rexkogitans
>> Am 04.07.24 um 15:57 schrieb Frank Gingras:
>>
>>
>>
>> On Thu, Jul 4, 2024 at 8:44 AM Michael Osipov 
>> wrote:
>>
>>> Folks,
>>>
>>> please consider the following example:
>>> > 
>>> > ServerAdmin m...@example.com
>>> > ServerName foo.example.com
>>> > ServerAlias foo.sub.example.net
>>> > DocumentRoot /usr/local/www/apache24/data
>>> > ErrorLog "/var/log/apache/foo-ssl-errors.log"
>>> > CustomLog "/var/log/apache/foo-ssl-access.log" common
>>> >
>>> > SSLEngine On
>>> > SSLCertificateFile /etc/ssl/foo.example.com/cert.crt
>>> > SSLCertificateKeyFile /etc/ssl/foo.example.com/key.crt
>>> > SSLCertificateFile /etc/ssl/foo.sub.example.net/cert.crt
>>> > SSLCertificateKeyFile /etc/ssl/foo.sub.example.net/key.crt
>>> >
>>> > Include "..."
>>> > 
>>>
>>> I'd like to run a single vhost serving the same content under multiple
>>> FQDNs to the users
>>>
>>> As far as I understand mod_ssl it does not seem to support to have SNI
>>> on a single vhost with multiple hostnames. I get error messages in the log
>>> file.
>>> I am running "Apache/2.4.59 (FreeBSD) OpenSSL/1.1.1w-freebsd".
>>> FWIW: the same concept is support with Tomcat: One connector, one
>>> default host, aliases and several SSLHostConfig elements.
>>> Is the approach to run two vhosts here? I am sure that a SAN certificate
>>> will do the trick, but for €€€ reasons I won' able to order one.
>>>
>>> Michael
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>>> For additional commands, e-mail: users-h...@httpd.apache.org
>>>
>>>
>> In that case, define separate :443 vhosts for each name, and redirect to
>> the main one.
>>
>>
>
> They already said that for price reasons, that consideration is not on the
> table.
>
>
That was literally was I suggested prior.

Re: [users@httpd] VirtualHost with ServerAlias and SSLCertificateFile no friends?

[Frank Gingras]

On Fri, Jul 5, 2024 at 10:23 AM rexkogit...@gmx.at.INVALID
 wrote:

> Hi Michael,
>
>
> you can add any number of domain names to a TLS certificate. These entries
> are known as  SAN (Subject Alternative Name). So, you want a single TLS
> certificate with multiple domain names instead of multiple TLS certificates
> each with a single domain name.
>
>
> Kind regards,
> rexkogitans
> Am 04.07.24 um 15:57 schrieb Frank Gingras:
>
>
>
> On Thu, Jul 4, 2024 at 8:44 AM Michael Osipov  wrote:
>
>> Folks,
>>
>> please consider the following example:
>> > 
>> > ServerAdmin m...@example.com
>> > ServerName foo.example.com
>> > ServerAlias foo.sub.example.net
>> > DocumentRoot /usr/local/www/apache24/data
>> > ErrorLog "/var/log/apache/foo-ssl-errors.log"
>> > CustomLog "/var/log/apache/foo-ssl-access.log" common
>> >
>> > SSLEngine On
>> > SSLCertificateFile /etc/ssl/foo.example.com/cert.crt
>> > SSLCertificateKeyFile /etc/ssl/foo.example.com/key.crt
>> > SSLCertificateFile /etc/ssl/foo.sub.example.net/cert.crt
>> > SSLCertificateKeyFile /etc/ssl/foo.sub.example.net/key.crt
>> >
>> > Include "..."
>> > 
>>
>> I'd like to run a single vhost serving the same content under multiple
>> FQDNs to the users
>>
>> As far as I understand mod_ssl it does not seem to support to have SNI on
>> a single vhost with multiple hostnames. I get error messages in the log
>> file.
>> I am running "Apache/2.4.59 (FreeBSD) OpenSSL/1.1.1w-freebsd".
>> FWIW: the same concept is support with Tomcat: One connector, one default
>> host, aliases and several SSLHostConfig elements.
>> Is the approach to run two vhosts here? I am sure that a SAN certificate
>> will do the trick, but for €€€ reasons I won' able to order one.
>>
>> Michael
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>>
>>
> In that case, define separate :443 vhosts for each name, and redirect to
> the main one.
>
>

They already said that for price reasons, that consideration is not on the
table.

Re: [users@httpd] VirtualHost with ServerAlias and SSLCertificateFile no friends?

[Frank Gingras]

On Thu, Jul 4, 2024 at 8:44 AM Michael Osipov  wrote:

> Folks,
>
> please consider the following example:
> > 
> > ServerAdmin m...@example.com
> > ServerName foo.example.com
> > ServerAlias foo.sub.example.net
> > DocumentRoot /usr/local/www/apache24/data
> > ErrorLog "/var/log/apache/foo-ssl-errors.log"
> > CustomLog "/var/log/apache/foo-ssl-access.log" common
> >
> > SSLEngine On
> > SSLCertificateFile /etc/ssl/foo.example.com/cert.crt
> > SSLCertificateKeyFile /etc/ssl/foo.example.com/key.crt
> > SSLCertificateFile /etc/ssl/foo.sub.example.net/cert.crt
> > SSLCertificateKeyFile /etc/ssl/foo.sub.example.net/key.crt
> >
> > Include "..."
> > 
>
> I'd like to run a single vhost serving the same content under multiple
> FQDNs to the users
>
> As far as I understand mod_ssl it does not seem to support to have SNI on
> a single vhost with multiple hostnames. I get error messages in the log
> file.
> I am running "Apache/2.4.59 (FreeBSD) OpenSSL/1.1.1w-freebsd".
> FWIW: the same concept is support with Tomcat: One connector, one default
> host, aliases and several SSLHostConfig elements.
> Is the approach to run two vhosts here? I am sure that a SAN certificate
> will do the trick, but for €€€ reasons I won' able to order one.
>
> Michael
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
In that case, define separate :443 vhosts for each name, and redirect to
the main one.

Re: [users@httpd] Javascript xmlhttprequest send error

[Frank Gingras]

On Wed, Jul 3, 2024 at 7:49 PM Ted Hickox  wrote:

> And a hearty good evening everyone.  Here is my Javascript code.
>
> var SVG_Data;
> var Retrieved_Data;
> var Attribute_List;
> var Coordinate_List;
> var Counter;
> function Setup() {
>  SVG_Data = new XMLHttpRequest();
>  SVG_Data.open("GET","
> http://localhost:8080/exist/rest/db/apps/HTML_Student/SVG_Ellipse.xq";,
> true);
>  SVG_Data.onreadystatechange = function () {
>  if (SVG_Data.readyState == 4) {
> Retrieved_Data = SVG_Data.responseText;
> Retrieved_Data = Retrieved_Data.split("*");
> Attribute_List = "";
> Coordinate_List = "";
> for (Counter = 0; Counter < 8; Counter++) {
>   Attribute_List = Attribute_List + Retrieved_Data[Counter] + "*";
>   Counter = Counter + 1;
>   Coordinate_List = Coordinate_List + Retrieved_Data[Counter] + "*";}
>   Attribute_List = Attribute_List.split("*");
>   Coordinate_List = Coordinate_List.split("*");
>   Coordinate = " for (Counter = 0; Counter < 4; Counter++) {
>  Coordinate = Coordinate + " " + Attribute_List[Counter] + " = '"
> + Coordinate_List[Counter] + "'";}
> Coordinate = Coordinate + ">";
>  document.getElementById("Image_Box").innerHTML = Coordinate;
>  }
>  };
>
>SVG_Data.send();}
>
> When I run this code, I get the following error:
>
> uncaught typeerror.  cannot read properties of undefined reading send.
>
> I know this has to do with SVG_Data.send().  But I don't know what I've
> done wrong.  Can anyone here assist me with this problem?
>
>
>
>
You should ask a JavaScript mailing list / support forum instead.

Re: [users@httpd] weird/basic issue/question

[Frank Gingras]

On Wed, Jul 3, 2024 at 1:02 PM bruce  wrote:

> Hi frank.
>
> I know apache doesn't maintain php apps.
>
> pretty sure this isn't a php app issue, unless there's been something
> cut/copy/paste in the diff apps.
>
> I'm actually thinking that there's something in apache configs causing
> this.. given that i'm getting the issue in apache err logs, from diff
> apps..
>
> On Wed, Jul 3, 2024 at 12:54 PM Frank Gingras  wrote:
> >
> >
> >
> > On Wed, Jul 3, 2024 at 12:45 PM bruce  wrote:
> >>
> >> Hi Frank.
> >>
> >> It does.
> >>
> >> I also tried an additional test app
> >> http://161.35.5.174/invoiceninja/
> >>
> >> it also shows the "minthcm" in the error.log..
> >>
> >> I've been researching this, and as of yet, haven't found a aha moment.
> >>
> >> I've got plenty of other test apps in the /var/www/html dirtree.. and
> >> they aren't showing..
> >> I did a quick search/find in the /etc/sites-available and only find
> >> "minthcm" in the disabled conf file.
> >>
> >> any pointers as to where I might look?
> >>
> >> thanks
> >>
> >>
> >> On Wed, Jul 3, 2024 at 12:20 PM Frank Gingras 
> wrote:
> >> >
> >> >
> >> >
> >> > On Wed, Jul 3, 2024 at 12:15 PM bruce  wrote:
> >> >>
> >> >> I have a test/local apache server - digitalocean instance.
> >> >>
> >> >> Testing a php app. I have the
> >> >>  /etc/sites-available
> >> >>  /etc/mods-available
> >> >>
> >> >> I stopped the service, and restarted it.
> >> >>
> >> >> I tested the url:
> >> >>  http://161.35.5.174/invoiceplane/sessions/login
> >> >>  I then examined the
> >> >>   tail -50 /var/log/apache/error.log
> >> >>
> >> >>  and I expected to see something with the above url...
> >> >>
> >> >> instead, I get lines like..
> >> >> [Wed Jul 03 15:56:00.454162 2024] [deflate:debug] [pid 23847]
> >> >> mod_deflate.c(869): [client 162.234.196.167:39160] AH01384: Zlib:
> >> >> Compressed 595 to 276 : URL /minthcm/install/index.php, referer:
> >> >> http://161.35.5.174/minthcm/
> >> >>
> >> >> now... the minthcm is a disabled test app.. but I don't get why I'm
> >> >> seeing it in the err log when/right after testing the "invoiceplane"
> >> >> url.
> >> >>
> >> >> Haven't found anything yet via searching.
> >> >>
> >> >> thoughts/comments would be helpful.
> >> >>
> >> >> thanks
> >> >>
> >> >> -
> >> >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> >> >> For additional commands, e-mail: users-h...@httpd.apache.org
> >> >>
> >> >
> >> > Your php application is redirecting / loading additional resources.
> Does invoiceplane have a mailing list or other support venues?
> >>
> >> -
> >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> >> For additional commands, e-mail: users-h...@httpd.apache.org
> >>
> >
> > I still recommend asking the invoiceplane folks, preferably on their
> mailing list, or most active support venue.
> >
> > Apache HTTPd doesn't maintain that php application.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
Bruce, if a redirect was involved, you would see a 3xx entry in the logs.
If mod_rewrite is involved, use the rewrite log to debug.

Re: [users@httpd] weird/basic issue/question

[Frank Gingras]

On Wed, Jul 3, 2024 at 12:45 PM bruce  wrote:

> Hi Frank.
>
> It does.
>
> I also tried an additional test app
> http://161.35.5.174/invoiceninja/
>
> it also shows the "minthcm" in the error.log..
>
> I've been researching this, and as of yet, haven't found a aha moment.
>
> I've got plenty of other test apps in the /var/www/html dirtree.. and
> they aren't showing..
> I did a quick search/find in the /etc/sites-available and only find
> "minthcm" in the disabled conf file.
>
> any pointers as to where I might look?
>
> thanks
>
>
> On Wed, Jul 3, 2024 at 12:20 PM Frank Gingras  wrote:
> >
> >
> >
> > On Wed, Jul 3, 2024 at 12:15 PM bruce  wrote:
> >>
> >> I have a test/local apache server - digitalocean instance.
> >>
> >> Testing a php app. I have the
> >>  /etc/sites-available
> >>  /etc/mods-available
> >>
> >> I stopped the service, and restarted it.
> >>
> >> I tested the url:
> >>  http://161.35.5.174/invoiceplane/sessions/login
> >>  I then examined the
> >>   tail -50 /var/log/apache/error.log
> >>
> >>  and I expected to see something with the above url...
> >>
> >> instead, I get lines like..
> >> [Wed Jul 03 15:56:00.454162 2024] [deflate:debug] [pid 23847]
> >> mod_deflate.c(869): [client 162.234.196.167:39160] AH01384: Zlib:
> >> Compressed 595 to 276 : URL /minthcm/install/index.php, referer:
> >> http://161.35.5.174/minthcm/
> >>
> >> now... the minthcm is a disabled test app.. but I don't get why I'm
> >> seeing it in the err log when/right after testing the "invoiceplane"
> >> url.
> >>
> >> Haven't found anything yet via searching.
> >>
> >> thoughts/comments would be helpful.
> >>
> >> thanks
> >>
> >> -
> >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> >> For additional commands, e-mail: users-h...@httpd.apache.org
> >>
> >
> > Your php application is redirecting / loading additional resources.
> Does invoiceplane have a mailing list or other support venues?
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
I still recommend asking the invoiceplane folks, preferably on their
mailing list, or most active support venue.

Apache HTTPd doesn't maintain that php application.

Re: [users@httpd] weird/basic issue/question

[Frank Gingras]

On Wed, Jul 3, 2024 at 12:15 PM bruce  wrote:

> I have a test/local apache server - digitalocean instance.
>
> Testing a php app. I have the
>  /etc/sites-available
>  /etc/mods-available
>
> I stopped the service, and restarted it.
>
> I tested the url:
>  http://161.35.5.174/invoiceplane/sessions/login
>  I then examined the
>   tail -50 /var/log/apache/error.log
>
>  and I expected to see something with the above url...
>
> instead, I get lines like..
> [Wed Jul 03 15:56:00.454162 2024] [deflate:debug] [pid 23847]
> mod_deflate.c(869): [client 162.234.196.167:39160] AH01384: Zlib:
> Compressed 595 to 276 : URL /minthcm/install/index.php, referer:
> http://161.35.5.174/minthcm/
>
> now... the minthcm is a disabled test app.. but I don't get why I'm
> seeing it in the err log when/right after testing the "invoiceplane"
> url.
>
> Haven't found anything yet via searching.
>
> thoughts/comments would be helpful.
>
> thanks
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
Your php application is redirecting / loading additional resources.  Does
invoiceplane have a mailing list or other support venues?

Re: [users@httpd] DirectoryIndex broken in Apache 2.4.60?

[Frank Gingras]

On Mon, Jul 1, 2024 at 2:53 PM Eric Covener  wrote:

> On Mon, Jul 1, 2024 at 2:51 PM Matthew Goebel 
> wrote:
> >
> > Going from 2.4.59 to 2.5.60 I had to make the following change in my
> httpd.conf file.
> >
> > AddType application/x-httpd-php .php
> >
> > to
> >
> > AddHandler application/x-httpd-php .php
>
> Thanks Matthew, this makes perfect sense. I will add this to the
> changelogs.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
To be fair, this has been invalid for at least 15 years:

AddType application/x-httpd-php .php

Re: [users@httpd] Stripping trailing slashes (again)

[Frank Gingras]

On Thu, Jun 13, 2024 at 10:41 AM Dave Wreski
 wrote:

> Hi,
>
> Some time ago I requested help with a rewrite rule to strip trailing
> slash(es) from all URLs in our joomla website, but I'm still having
> problems. This is the rule I am currently working with:
>
> RewriteRule ^(.*)/+$ https://linuxsecurity.com$1 [R=301,L]
>
> It works fine for any URL other than the homepage. Somehow for the
> homepage it creates an infinite loop, despite using "L", so perhaps I don't
> understand what it's doing. The (.*) is supposed to match any character,
> but there wouldn't be any preceding elements for the homepage.
>
> The problem as I see it is that, for the homepage, (.*) would be null, so
> $1 would also be null? This then creates the same URL as the one we're
> trying to fix.
>
> First it appears to work properly (trimmed for legibility):
>
> init rewrite engine with requested uri /
> applying pattern '^(.*)/+$' to uri '/'
> rewrite '/' -> 'https://linuxsecurity.com'
> explicitly forcing redirect with https://linuxsecurity.com
> escaping https://linuxsecurity.com for redirect
> redirect to https://linuxsecurity.com [REDIRECT/301]
>
> then it looks like it inits the rewrite engine again?
>
> init rewrite engine with requested uri /, referer:
> https://linuxsecurity.com/
> applying pattern '^(.*)/+$' to uri '/', referer:
> https://linuxsecurity.com/
> rewrite '/' -> 'https://linuxsecurity.com', referer:
> https://linuxsecurity.com/
> explicitly forcing redirect with https://linuxsecurity.com, referer:
> https://linuxsecurity.com/
> escaping https://linuxsecurity.com for redirect, referer:
> https://linuxsecurity.com/
> redirect to https://linuxsecurity.com [REDIRECT/301], referer:
> https://linuxsecurity.com/
>
> This just loops repeatedly until it dies. I've also made sure there's only
> one "RewriteEngine on" in the virtual host config and the .htaccess. Would
> that even matter?
>
> What am I doing wrong? I've tried a thousand variations of this to no
> avail.
>
>
>
>
>
You will need to stop using .htaccess files to prevent looping, as a first
step.  Edit your vhost.

Re: [users@httpd] Multi site SSL problems

[Frank Gingras]

On Fri, May 10, 2024 at 5:53 PM Tatsuki Makino 
wrote:

> Hello.
>
> By the way, do you have the setting enabled to use the Host header used to
> switch NameVirtualHost during TLS negotiation?
> I don't know how to do that since the Japanese documentation is rarely
> updated :)
> Were those things implemented?
>
> Regards.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
Tatsuki,

You're thinking of SNI, and it works out of the box with OpenSSL 0.9.8f or
later, and with NameVirtualHost *:443.

So, again, I highly recommend using *:PORT to define all your vhosts,
unless you know exactly what you are doing.

Re: [users@httpd] Multi site SSL problems

[Frank Gingras]

On Fri, May 10, 2024 at 4:10 PM John  wrote:

> On Fri, 2024-05-10 at 15:48 -0400, Sean Conner wrote:
> > It was thus said that the Great Chris me once stated:
> > > I set up each entry with  but when I do that, the
> > > second site will complain that the cert is for site1. So if I go to
> > > site2.com, I get a browser error that the cert is for site1. It will
> show
> > > me the content for site1.
> >
> >   On my development server, I have the following:
> >
> > 
> >   ServerName  playground.roswell.area51
> >   SSLEngine   on
> >   SSLCertificateFile  /home/spc/web/playground/cert.pem
> >   SSLCertificateKeyFile   /home/spc/web/playground/key.pem
> >   ...
> > 
> >
> > 
> >   ServerName  wiki.roswell.area51
> >   SSLEngine   on
> >   SSLCertificateFile  /home/spc/web/wiki/cert.pem
> >   SSLCertificateKeyFile   /home/spc/web/wiki/key.pem
> >   ...
> > 
> >
> > > I am not sure how to do this part:
> > > Do not use the 2.2 authz directives (Allow/Deny/Order) and use Require
> instead
> > > I am running Apache 2.2, does it still apply?
> > > It does not look like mod_access_compat is listed under mods-enabled
> >
> >   That I don't remember as I've been running Apache 2.4 for a couple of
> > years now.
> >
> >   -spc
> >
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> > For additional commands, e-mail: users-h...@httpd.apache.org
> >
> Typo in the 2nd virtual host "1932.168.1.10:"  probably should be
> "192.168.1.10"
>
> John
> ==
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
Show the apachectl -S output, and each vhost.  Make sure that every single
:443 vhost has SSLEngine on and SSLCertificateFile set.

Re: [users@httpd] Multi site SSL problems

[Frank Gingras]

On Thu, May 9, 2024 at 6:54 PM Chris me  wrote:

> Hi, I am having an issue trying to get multiple sites with their own SSL
> cert. I purchased AlphaSSL certs for them.
>
> The strange thing, the first cert works, the second gives me an
> ERR_SSL_PROTOCOL_ERROR, but only on some systems.
>
>
>
> This is what I am using now:
>
>
>
> (
>
> Site1 is fine, Site2 gives me the error.
>
>
>
> I originally tried with NameVirtualHost *.443
>
> And then 
>
> But when I go to site2, it complains that the cert is invalid because it
> is using the cert from site1?
>
> )
>
>
>
>
>
> 
>
> NameVirtualHost 192.99.9.188:443
>
>
>
> 
>
> ServerName www.site1.com
>
> ServerAdmin webmas...@site1.com
>
> DocumentRoot /home/httpd/sites/site1
>
> 
>
>
>
> Order allow,deny
>
> Allow from all
>
> 
>
>
>
> SSLEngine on
>
> SSLProtocol all -SSLv2 -SSLv3
>
> SSLCertificateFile/etc/ssl/site1.ca/server.crt
>
> SSLCertificateKeyFile /etc/ssl/site1.ca/server.key
>
> SSLCertificateChainFile /etc/ssl/site1.ca/bundle.crt
>
> 
>
>
>
> 
>
> ServerName www.site2.com
>
> ServerAdmin webmas...@site2.com
>
> DocumentRoot /home/httpd/sites/site2
>
> 
>
>
>
> Order allow,deny
>
> Allow from all
>
> 
>
>
>
> SSLEngine on
>
> SSLProtocol all -SSLv2 -SSLv3
>
> SSLCertificateFile/etc/ssl/site2.ca/server.crt
>
> SSLCertificateKeyFile /etc/ssl/site2.ca/server.key
>
> SSLCertificateChainFile /etc/ssl/site2.ca/bundle.crt
>
> 
>
> 
>

So many red flags here:

- Always use *:PORT when defining a vhost, unless you know exactly what you
are doing
- Set the ServerName directive in every single vhost
- Do not use the 2.2 authz directives (Allow/Deny/Order) and use Require
instead
- Unload the mod_access_compat module when apachectl configtest passes

Lastly, show the output from apachectl -S when the fixes are applied

Re: [users@httpd] Stripping query string except from specific URL

[Frank Gingras]

On Sun, Apr 28, 2024 at 4:05 PM Dave Wreski
 wrote:

> Hi,
>
> I'm really quite stuck and hoped you could help.
>
> My apologies - the output was from wget, as that's what I typically use.
>>
>> $ curl 'https://guardiandigital.com/resources/blog?start=48'
>> 
>> 
>> 301 Moved Permanently
>> 
>> Moved Permanently
>> The document has moved https://guardiandigital.com/index.php";
>> >here.
>> 
>>
>>
>>
> The next step is to find out where the 301 is coming from - your rules
> will generate a 302.
>
> That may have been the result of me trying many different things and
> getting a bit confused (again). Here's what I know - when I insert the
> following code into my virtual host config, it strips the query string off
> the pages that don't involve /resources/blog, but redirects to a 404 when
> attempting to access a page involving "/resources/blog" and the "?start="
> query string.
>
> RewriteCond %{REQUEST_URI} !/resources/blog
> RewriteCond %{QUERY_STRING} ^start=\d+$
> RewriteRule (.*)   /$1?[L,R=301,QSD]
>
> [Sun Apr 28 15:40:02.614893 2024] ... rewrite 'resources/blog' ->
> 'index.php'
> [Sun Apr 28 15:40:02.614921 2024] ... internal redirect with /index.php
> [INTERNAL REDIRECT]
>
> If I don't involve the first RewriteCond, it successfully strips off the
> start= from every URL I tried.
>
> What does "INTERNAL REDIRECT" mean? Is that something done outside of
> apache? Perhaps by joomla? I believe there are other relevant redirects
> after these, but it's very difficult to isolate what's relevant.
>
>
>
The internal redirect is the result of your rewrite rule, without a fully
qualified URL as a target.

Side note: the "rewrite 'resources/blog' -> 'index.php'" line seems to
contradict your RewriteCond logic, so increasing the verbosity of the
logging and looking at the previous lines will help fix that.

Re: [users@httpd] Stripping query string except from specific URL

[Frank Gingras]

On Wed, Apr 24, 2024 at 7:05 PM Dave Wreski
 wrote:

>
> 13 62.111.193.42 - - [24/Apr/2024:15:19:36 -0400] "GET /index.php
>> HTTP/1.1" 200 33921 r:"-" "Wget/1.21.4" X:"SAMEORIGIN" 0/129431
>> 573/35481/33921 H:HTTP/1.1 U:/index.php gd443 s:200
>>
>
> It did exactly what you asked, yes.
>
> Further, I asked you to use curl to see if you get redirected from
> https://guardiandigital.com/index.php to another URL, but you seem to
> have ignored that part of the answer.
>
> My apologies - the output was from wget, as that's what I typically use.
>
> $ curl 'https://guardiandigital.com/resources/blog?start=48'
> 
> 
> 301 Moved Permanently
> 
> Moved Permanently
> The document has moved https://guardiandigital.com/index.php";
> >here.
> 
>
>
>
The next step is to find out where the 301 is coming from - your rules will
generate a 302.

Re: [users@httpd] Stripping query string except from specific URL

[Frank Gingras]

On Wed, Apr 24, 2024 at 4:58 PM Dave Wreski
 wrote:

> Hi,
>
> We have a situation where we need to strip a query string from all URLs
>>> except ones matching a particular pattern. However, when I try the rules
>>> below, it redirects to the homepage for some reason.
>>>
>>> In this example, I'd like to strip off the query string from all URLs
>>> except those involving /resources/blog:
>>>
>>> RewriteCond %{REQUEST_URI} !/resources/blog
>>> RewriteCond %{QUERY_STRING} ^start=
>>> RewriteRule (.*)   https://guardiandigital.com$1[L,QSD]
>>>
>>> What am I missing?
>>>
>>> Thanks,
>>> Dave
>>>
>>>
>>>
>> To remove the query string, see the QSD flag, or append a ? at the end of
>> the target.
>>
>> That's what I'm doing, I think. What am I missing? It just redirects to
>> the homepage somehow.
>>
>> Shouldn't I be able to stack RewriteConds in this way, followed by a
>> RewriteRule?
>>
>> I have no idea what could be wrong.
>>
>
> Test with curl, and see if you get redirected after the fact.
>
> I've enabled trace3 to try and figure this out. But line 8 says
> "discarding query string, no parse from substitution" and I don't know why
> or what really that means.
>
> 1 [Wed Apr 24 15:19:36.440500 2024] [rewrite:trace2] [pid 748062:tid
> 748212] mod_rewrite.c(493): [client 62.111.193.42:0] 62.111.193.42 - - [
> guardiandigital.com/sid#55743f0bbb58][rid#7f9cd4016af0/initial
> ]
> init rewrite engine with requested uri /resources/blog
>
> 2 [Wed Apr 24 15:19:36.445306 2024] [rewrite:trace1] [pid 748062:tid
> 748212] mod_rewrite.c(493): [client 62.111.193.42:0] 62.111.193.42 - - [
> guardiandigital.com/sid#55743f0bbb58][rid#7f9cd4016af0/initial
> ]
> pass through /resources/blog
>
> 3 [Wed Apr 24 15:19:36.449369 2024] [rewrite:trace3] [pid 748062:tid
> 748212] mod_rewrite.c(493): [client 62.111.193.42:0] 62.111.193.42 - - [
> guardiandigital.com/sid#55743f0bbb58][rid#7f9cd4016af0/initial
> ]
> [perdir /home/docroot/] applying pattern '.*' to uri 'resources/blog'
>
> 4 [Wed Apr 24 15:19:36.449413 2024] [rewrite:trace2] [pid 748062:tid
> 748212] mod_rewrite.c(493): [client 62.111.193.42:0] 62.111.193.42 - - [
> guardiandigital.com/sid#55743f0bbb58][rid#7f9cd4016af0/initial
> ]
> [perdir /home/docroot/] rewrite 'resources/blog' -> 'index.php'
>
> 5 [Wed Apr 24 15:19:36.449453 2024] [rewrite:trace1] [pid 748062:tid
> 748212] mod_rewrite.c(493): [client 62.111.193.42:0] 62.111.193.42 - - [
> guardiandigital.com/sid#55743f0bbb58][rid#7f9cd4016af0/initial
> ]
> [perdir /home/docroot/] internal redirect with /index.php [INTERNAL
> REDIRECT]
>
> 6 [Wed Apr 24 15:19:36.449830 2024] [rewrite:trace3] [pid 748062:tid
> 748212] mod_rewrite.c(493): [client 62.111.193.42:0] 62.111.193.42 - - [
> guardiandigital.com/sid#55743f0bbb58][rid#7f9ccc0e6000/initial/redir#1
> ]
> applying pattern '(.*)' to uri '/index.php'
>
> 7 [Wed Apr 24 15:19:36.449848 2024] [rewrite:trace2] [pid 748062:tid
> 748212] mod_rewrite.c(493): [client 62.111.193.42:0] 62.111.193.42 - - [
> guardiandigital.com/sid#55743f0bbb58][rid#7f9ccc0e6000/initial/redir#1
> ]
> rewrite '/index.php' -> 'https://guardiandigital.com/index.php'
>
> 8 [Wed Apr 24 15:19:36.449857 2024] [rewrite:trace2] [pid 748062:tid
> 748212] mod_rewrite.c(493): [client 62.111.193.42:0] 62.111.193.42 - - [
> guardiandigital.com/sid#55743f0bbb58][rid#7f9ccc0e6000/initial/redir#1
> ]
> discarding query string, no parse from substitution
>
> 9 [Wed Apr 24 15:19:36.449864 2024] [rewrite:trace2] [pid 748062:tid
> 748212] mod_rewrite.c(493): [client 62.111.193.42:0] 62.111.193.42 - - [
> guardiandigital.com/sid#55743f0bbb58][rid#7f9ccc0e6000/initial/redir#1
> ]
> explicitly forcing redirect with https://guardiandigital.com/index.php
>
> 10 [Wed Apr 24 15:19:36.449871 2024] [rewrite:trace1] [pid 748062:tid
> 748212] mod_rewrite.c(493): [client 62.111.193.42:0] 62.111.193.42 - - [
> guardiandigital.com/sid#55743f0bbb58][rid#7f9ccc0e6000/initial/redir#1
> ]
> escaping https://guardiandigital.com/index.php for redirect
>
> 11 [Wed Apr 24 15:19:36.449880 2024] [rewrite:trace1] [pid 748062:tid
> 748212] mod_rewrite.c(493): [client 62.111.193.42:0] 62.111.193.42 - - [
> guardiandigital.com/sid#55743f0bbb58][rid#7f9ccc0e6000/initial

Re: [users@httpd] Stripping query string except from specific URL

[Frank Gingras]

On Wed, Apr 24, 2024 at 12:43 PM Dave Wreski
 wrote:

> Hi,
>
> We have a situation where we need to strip a query string from all URLs
>> except ones matching a particular pattern. However, when I try the rules
>> below, it redirects to the homepage for some reason.
>>
>> In this example, I'd like to strip off the query string from all URLs
>> except those involving /resources/blog:
>>
>> RewriteCond %{REQUEST_URI} !/resources/blog
>> RewriteCond %{QUERY_STRING} ^start=
>> RewriteRule (.*)   https://guardiandigital.com$1[L,QSD]
>>
>> What am I missing?
>>
>> Thanks,
>> Dave
>>
>>
>>
> To remove the query string, see the QSD flag, or append a ? at the end of
> the target.
>
> That's what I'm doing, I think. What am I missing? It just redirects to
> the homepage somehow.
>
> Shouldn't I be able to stack RewriteConds in this way, followed by a
> RewriteRule?
>
> I have no idea what could be wrong.
>
>
>
Test with curl, and see if you get redirected after the fact.

Re: [users@httpd] Stripping query string except from specific URL

[Frank Gingras]

On Fri, Apr 19, 2024 at 11:16 AM Dave Wreski
 wrote:

> Hi,
>
> We have a situation where we need to strip a query string from all URLs
> except ones matching a particular pattern. However, when I try the rules
> below, it redirects to the homepage for some reason.
>
> In this example, I'd like to strip off the query string from all URLs
> except those involving /resources/blog:
>
> RewriteCond %{REQUEST_URI} !/resources/blog
> RewriteCond %{QUERY_STRING} ^start=
> RewriteRule (.*)   https://guardiandigital.com$1[L,QSD]
>
> What am I missing?
>
> Thanks,
> Dave
>
>
>
To remove the query string, see the QSD flag, or append a ? at the end of
the target.

Re: [users@httpd] MTLS Setup issue - Apache HTTP Server and Weblogic

[Frank Gingras]

On Thu, Apr 18, 2024 at 3:22 AM Daiya, Devendra singh
 wrote:

> Hi Team,
>
>
>
> Need help in setting up MTLS between Apache HTTP server and Weblogic
> server (App Server).
>
>
>
> I have gone through few links but those are not working. Post following
> suggested steps I was able to start Apache HTTP server but Application is
> not working. Getting below messages in the Error while accessing the
> application.
>
>
>
> *Could anyone please look at it and share some suggestion on how we should
> setup MTLS b/w Web and App server. Please let me know if any additional
> info needed.*
>
>
>
> *Error message: -*
>
>
>
> "message" : "AH02645: Server name not provided via TLS extension (using
> default/first virtual host)" , "referer" : },
>
> "message" : "AH02008: SSL library error 1 in handshake (server
> hostname:port)" , "referer" : }
>
> "message" : "SSL Library Error: error:1417C0C7:SSL
> routines:tls_process_client_certificate:peer did not return a certificate
> -- No CAs known to server for verification?" , "referer" : }
>
> "message" : "AH01998: Connection closed to child 138 with abortive
> shutdown (server hostname:port , "referer" : }
>
> "message" : "AH01964: Connection to child 24 established (server
> hostname:port)" , "referer" : }
>
> "message" : "AH02645: Server name not provided via TLS extension (using
> default/first virtual host)" , "referer" : }
>
> "message" : "AH02008: SSL library error 1 in handshake (server
> hostname:port)" , "referer" : }
>
> "message" : "SSL Library Error: error:1417C0C7:SSL
> routines:tls_process_client_certificate:peer did not return a certificate
> -- No CAs known to server for verification?" , "referer" : }
>
>
>
> *SSL.conf file has below directives set.*
>
>
>
> SSLEngine on
>
> ProxyRequests Off
>
> RewriteEngine on
>
> SSLProxyEngine on
>
> SSLProxyVerify on
>
> SSLProxyCheckPeerCN off
>
> SSLProxyCheckPeerName off
>
> SSLProxyCheckPeerExpire off
>
> SSLVerifyCLient require
>
> SSLVerifyDepth 10
>
> SSLProxyVerifyDepth 10
>
>
>
> SSLOptions +ExportCertData
>
>
>
> SSLProxyMachineCertificateFile "/apps/certs/Appcert.pem"
>
> SSLProxyCACertificateFile "/apps/certs/trustedca.pem"
>
>
>
> SSLCertificateFile "/path/to/hostname.crt"
>
> SSLCertificateKeyFile "/path/to/hostname.key"
>
> SSLCertificateChainFile "/path/to/hostname.crt"
>
> SSLCACertificateFile "/path/to/trustedca.pem"
>
>
>
>
>
> Thanks.
>
>
>
> *Regards,*
>
> *Devendra*
>

Rough guess:

 http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost

Otherwise, we would need to see the full vhost.

Might be worth running apachectl -S to make sure you don't have
misconfigured / overlapping vhosts, as well.

Re: [users@httpd] openssl comand(s) for https mode on apache 2.4 on windows.

[Frank Gingras]

On Tue, Apr 16, 2024 at 11:11 AM Marc  wrote:

> >
> >
> >   But should your development be not protocol independent? If your
> > code works on http it should also work on https. I am getting sick of
> > these wordpress idiots where they still have hardcoded links everywhere
> > and I can't even convert a website from http to https.
> >
> >
> >
> > Are you saying that I am a wordpress idiot?
> >
>
> No :) Development/management team of wordpress are idiots. They are still
> advising people incorrectly to upgrade eg while distributions are
> backporting security stuff. A developer should just do developing. A
> dentist is also not telling an ophthalmologist what to do. Why do you care
> if you are using http or https? Unless you are developing something
> specific to the https protocol (eg. sni) forget about it.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org


Marc, let's try to be friendly towards users and adopt a more neutral
tone.  New users have questions, and it's normal. Calling folks "idiots"
isn't helping here.

Thanks.

Re: [users@httpd] Cannot Delete a WordPress Database. Trying to Install a Second Database.

[Frank Gingras]

On Mon, Mar 18, 2024 at 12:34 AM  wrote:

> I'll start off by saying I know nothing about servers and the technical
> details of WordPress.
>
>
>
> I had installed WordPress to one of my local hard drives so I can design
> two separate websites and test them both offline. However, when I try to
> connect, the browser displays a page that states there is an error and it
> cannot connect to the database.
>
>
>
> I have not yet designed anything or otherwise created any content. Also,
> since I’m going to design two sites that will have different domain names,
> I decided, that I should have two separate WordPress installations on my
> one server (hard drive). But that was after I had already installed one set
> of the basic WordPress files (but no content yet for the site).
>
>
>
> Given the errors and the fact that I hadn’t created any content, I decided
> it would be better to just uninstall all the WordPress files, then
> reinstall them from scratch. But now, the phpMyAdmin app (via XAMPP) will
> not allow me to drop (delete) the WordPress database. Please see the
> attached screenshot.
>
>
>
> What should I do to 1. remove all traces of WordPress, then 2. install two
> separate copies of the WordPress package (in different folders) on my one
> hard drive?
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>

You are asking the wrong mailing list - neither Wordpress or Phpmyadmin are
supported here.  I would suggest finding the appropriate mailing list for
either, and even trying on the libera.chat IRC network.

Re: [users@httpd] Apache Keeps Crashing in XAMPP.

[Frank Gingras]

On Tue, Mar 5, 2024 at 11:04 PM  wrote:

> Hello.
>
>
>
> I’ve been trying to install WordPress on an external drive on my local
> computer so I can build and test a website locally.
>
>
>
> But I continue to have issues with Apache, which I’m trying to use via the
> XAMPP Control Panel.
>
>
>
> It was advised that I restart XAMPP with the boxes under Service left
> unchecked for both Apache and MySQL, which I did.
>
>
>
> MySQL has started successfully. But Apache still will not start. In the
> log, the error reads...
>
>
>
> 6:09:53 PM [Apache] Error: Apache shutdown unexpectedly.
>
> 6:09:53 PM [Apache] This may be due to a blocked port, missing
> dependencies,
>
> 6:09:53 PM [Apache] improper privileges, a crash, or a shutdown by
> another method.
>
> 6:09:53 PM [Apache] Press the Logs button to view error logs and check
>
> 6:09:53 PM [Apache] the Windows Event Viewer for more clues
>
> 6:09:53 PM [Apache] If you need more help, copy and post this
>
> 6:09:53 PM [Apache] entire log window on the forums
>
>
>
> I thought I changed the port already. So, I guess something else is
> causing Apache to crash. But, what, exactly? I'm not really sure which log
> to check.
>
>
>
> Help, please.
>
>
>

Let's start, again, with the instructions provided to you by that snippet?

Re: [users@httpd] Apache Not Starting via XAMPP.

[Frank Gingras]

On Sun, Mar 3, 2024 at 6:43 PM  wrote:

> Here's an update:
>
> I restarted the XAMPP Control Panel with the boxes under Service left
> unchecked for both Apache and MySQL.
>
> MySQL has started successfully. I'm still having issues starting Apache,
> but now the error is different. It reads...
>
> 6:09:53 PM [Apache] Error: Apache shutdown unexpectedly.
> 6:09:53 PM [Apache] This may be due to a blocked port, missing
> dependencies,
> 6:09:53 PM [Apache] improper privileges, a crash, or a shutdown by
> another method.
> 6:09:53 PM [Apache] Press the Logs button to view error logs and check
> 6:09:53 PM [Apache] the Windows Event Viewer for more clues
> 6:09:53 PM [Apache] If you need more help, copy and post this
> 6:09:53 PM [Apache] entire log window on the forums
>
> I thought I changed the port already. So, I guess something else is
> causing Apache to crash. But, what, exactly? I'm not really sure which log
> to check.
>
> Help, please.
>
> > -Original Message-
> > From: Frank Gingras 
> > Sent: Saturday, March 2, 2024 8:54 PM
> > To: users@httpd.apache.org
> > Subject: Re: [users@httpd] Apache Not Starting via XAMPP.
> >
> > On Fri, Mar 1, 2024 at 8:04 PM  wrote:
> >
> > > Greetings.
> > >
> > > I would like to install WordPress on an external USB drive connected
> > > to my local Windows 11 workstation so I can design and try out new
> > > websites without immediately posting to an online and public hosting
> service.
> > >
> > > To that end, I installed XAMPP on the above-mentioned hard drive and
> > > need to be able to use Apache through the XAMPP control panel.
> > > However, Apache will not start. Every time I try to start Apache the
> > > log in the bottom portion of the XAMPP control panel has a line that
> > > states "Attempting to start Apache service..." and nothing more. And I
> > > can't connect to my localhost using any of my browsers.
> > >
> > > I tried to change, via the Config button, the port associated with
> > > Apache but that didn't work.
> > >
> > > Also, I noticed that, when I open the XAMPP Control Panel (always in
> > > Administrator Mode), the log section in the control panel window
> > > includes, in red,...
> > >
> > > ---
> > > 2:49:58 AM [Apache] Apache Service detected with wrong path
> > > 2:49:58 AM [Apache] Change XAMPP Apache and Control Panel settings or
> > > 2:49:58 AM [Apache] Uninstall/disable the other service manually first
> > > 2:49:58 AM [Apache] Found Path: "C:\Program Files
> > > (x86)\Promise\Pegasus Utility\apache\bin\httpd.exe" -k runservice
> > > 2:49:58 AM [Apache] Expected Path: "i:\xampp\apache\bin\httpd.exe" -k
> > > runservice
> > > ---
> > >
> > > So, Apache was already installed earlier on the startup (C:) drive of
> > > my computer. But, I'm trying to have Apache, MySQL and the rest of the
> > > XAMPP apps reside on my separate (I:) drive, because I want to use
> > > that I: drive to build my new websites offline with WordPress.
> > >
> > > I suppose I could uninstall/remove the copy of Apache that's on the C:
> > > drive. However, given its location in the Promise and Promise Utility
> > > folders, I think my Promise Pegasus RAID drive relies on it. I need my
> > > RAID to be available at all times. Therefore, I don't really want to
> > > tamper with any files related to it, including the copy of Apache on
> that C: drive.
> > >
> > > So, could you please provide suggestions on how can I have a copy of
> > > Apache work via the XAMPP Control Panel on my external drive?
> > >
> > > Thanks.
> > >
> > >
> > > -
> > > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> > > For additional commands, e-mail: users-h...@httpd.apache.org
> > >
> > >
> > Why would a RAID utility need a HTTP server?  In any case, you could
> always re-
> > install it, if needed.
> >
> > Or you could fix the path errors, or use WSL2 to install httpd.
> >
> > --4887a60612b7e251
> > Content-Type: text/html; charset=TF-8"
> > Content-Transfer-Encoding: quoted-printable
> >
> >  > dir="ltr" class="gmail_attr">On Fri, Mar 1, 2024 at 8:04 PM < > href="mailto:webad...@

Re: [users@httpd] Apache Not Starting via XAMPP.

[Frank Gingras]

On Fri, Mar 1, 2024 at 8:04 PM  wrote:

> Greetings.
>
> I would like to install WordPress on an external USB drive connected to my
> local Windows 11 workstation so I can design and try out new websites
> without immediately posting to an online and public hosting service.
>
> To that end, I installed XAMPP on the above-mentioned hard drive and need
> to
> be able to use Apache through the XAMPP control panel. However, Apache will
> not start. Every time I try to start Apache the log in the bottom portion
> of
> the XAMPP control panel has a line that states "Attempting to start Apache
> service..." and nothing more. And I can't connect to my localhost using any
> of my browsers.
>
> I tried to change, via the Config button, the port associated with Apache
> but that didn't work.
>
> Also, I noticed that, when I open the XAMPP Control Panel (always in
> Administrator Mode), the log section in the control panel window includes,
> in red,...
>
> ---
> 2:49:58 AM [Apache] Apache Service detected with wrong path
> 2:49:58 AM [Apache] Change XAMPP Apache and Control Panel settings or
> 2:49:58 AM [Apache] Uninstall/disable the other service manually first
> 2:49:58 AM [Apache] Found Path: "C:\Program Files (x86)\Promise\Pegasus
> Utility\apache\bin\httpd.exe" -k runservice
> 2:49:58 AM [Apache] Expected Path: "i:\xampp\apache\bin\httpd.exe" -k
> runservice
> ---
>
> So, Apache was already installed earlier on the startup (C:) drive of my
> computer. But, I'm trying to have Apache, MySQL and the rest of the XAMPP
> apps reside on my separate (I:) drive, because I want to use that I: drive
> to build my new websites offline with WordPress.
>
> I suppose I could uninstall/remove the copy of Apache that's on the C:
> drive. However, given its location in the Promise and Promise Utility
> folders, I think my Promise Pegasus RAID drive relies on it. I need my RAID
> to be available at all times. Therefore, I don't really want to tamper with
> any files related to it, including the copy of Apache on that C: drive.
>
> So, could you please provide suggestions on how can I have a copy of Apache
> work via the XAMPP Control Panel on my external drive?
>
> Thanks.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
Why would a RAID utility need a HTTP server?  In any case, you could always
re-install it, if needed.

Or you could fix the path errors, or use WSL2 to install httpd.

Re: [users@httpd] Limiting redirects with rewriterule/rewritecond

[Frank Gingras]

On Thu, Feb 29, 2024 at 7:18 AM Dave Wreski
 wrote:

>
> In my ongoing effort to reduce the number of redirects for
>> linuxsecurity.com, I could use a bit more help. Currently we have one
>> redirect to strip off any potential trailing slash as well as another that
>> strips out any preceding 'www'.
>>
>> RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
>> RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
>>
>> RewriteCond %{REQUEST_FILENAME} !-d
>> RewriteRule ^(.*)/$ $1 [R=301,L]
>>
>> The rest of our redirects are of the form:
>>
>> RewriteRule ^/about/us /about [L,R=301]
>>
>> Should I be combining each of these to also do the above with something
>> like:
>>
>> RewriteRule ^/about/us/? https://linuxsecurity.com/about [L,R=301]
>>
>> It seems like that would reduce the number of redirects by two, but I'm
>> unsure of what implications that would otherwise have. Maybe if I instead
>> performed the RewriteConds without R=301 and just rewrote the URL itself?
>> I'm not sure how that works.
>>
>> Any ideas greatly appreciated.
>> Thanks,
>> Dave
>>
>>
>>
> Perhaps you can, but be careful about not creating loops, especially if
> using .htaccess files.
>
> Do you mean because of patterns matching itself?
>
>
> Also, is there a specific reason why you're not using Redirect with
> mod_alias instead?
>
> I'm not as familiar with how mod_alias works, but also thought its
> functionality was more limited?
>
> Ideas for how to do the above using mod_alias would be appreciated.
>
> Thanks,
> Dave
>
>
>
>
>
>
The general idea is to use separate vhosts to redirect to https://, or
enforce a canonical hostname, first.

Then, for more specific redirects, use Redirect or RedirectMatch - you can
even specify the return code (301,302,304).

Re: [users@httpd] Limiting redirects with rewriterule/rewritecond

[Frank Gingras]

On Sun, Feb 25, 2024 at 5:29 PM Dave Wreski
 wrote:

> Hi,
>
> In my ongoing effort to reduce the number of redirects for
> linuxsecurity.com, I could use a bit more help. Currently we have one
> redirect to strip off any potential trailing slash as well as another that
> strips out any preceding 'www'.
>
> RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
> RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
>
> RewriteCond %{REQUEST_FILENAME} !-d
> RewriteRule ^(.*)/$ $1 [R=301,L]
>
> The rest of our redirects are of the form:
>
> RewriteRule ^/about/us /about [L,R=301]
>
> Should I be combining each of these to also do the above with something
> like:
>
> RewriteRule ^/about/us/? https://linuxsecurity.com/about [L,R=301]
>
> It seems like that would reduce the number of redirects by two, but I'm
> unsure of what implications that would otherwise have. Maybe if I instead
> performed the RewriteConds without R=301 and just rewrote the URL itself?
> I'm not sure how that works.
>
> Any ideas greatly appreciated.
> Thanks,
> Dave
>
>
>
Perhaps you can, but be careful about not creating loops, especially if
using .htaccess files.

Also, is there a specific reason why you're not using Redirect with
mod_alias instead?

Re: [users@httpd] working with a reverse proxy

[Frank Gingras]

On Tue, Feb 27, 2024 at 5:10 PM Marc  wrote:

>
> >
> > > What would a best practice of 'informing' the proxyhost about that it
> is
> > being proxied and it should send the defaulthost hostname?
> >
> > can try
> > https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypreservehost
>
> Proxy only works when I am having ProxyPreserveHost Off, I can't change
> that.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org


What happens when you use ProxyPreserveHost, exactly?

Re: [users@httpd] Tracing redirects

[Frank Gingras]

On Sat, Feb 24, 2024 at 12:18 PM Alec Burgess  wrote:

> Alec Burgess passed away please remove home from your mailing list
>
> Regards Pattie
> Regards ... Alec
> --
>
>
> On Fri, Nov 24, 2023 at 8:24 PM Will Fatherley 
> wrote:
>
>>
>>
>>> - use a client on the first url, and write the location header to file
>>> or stdout each time your 3xx response comes through
>>>
 … using a script that has access to a set data structure that can store
>> each request url, so as to break before the second request to the first
>> resource :)
>
>
Condolences, but you must do that on your end, see the instructions on:

https://httpd.apache.org/userslist.html

Re: [users@httpd] Forwarding question.

[Frank Gingras]

On Thu, Feb 8, 2024 at 10:53 PM joe a  wrote:

> On 2/5/2024 14:19:24, joe a wrote:
> > On 2/5/2024 13:24:22, Frank Gingras wrote:
> >>
> >>
> >> On Mon, Feb 5, 2024 at 1:20 PM joe a  >> <mailto:joea-li...@j4computers.com>> wrote:
> >>
> >> On 2/5/2024 11:58:55, Frank Gingras wrote:
> >>  >
> >>  >
> >>  > On Mon, Feb 5, 2024 at 11:55 AM joe a <
> joea-li...@j4computers.com
> >> <mailto:joea-li...@j4computers.com>
> >>  > <mailto:joea-li...@j4computers.com
> >> <mailto:joea-li...@j4computers.com>>> wrote:
> >>  >
> >>  > In a case where there is only one available incoming IP, is
> >> there a
> >>  > way,
> >>  > within apache, to host different domains, each on its own
> >> internal
> >>  > server, without requiring the external "calling browser"
> >> being any the
> >>  > wiser?  That is, without requiring the browser to "ask again"
> >> in a
> >>  > different manner?
> >>  >
> >>  > Want to host a low volume (and low cost) family oriented site
> >> (not
> >>  > apache) without having to resort to additional static IP or
> >> move to an
> >>  > off site "hosted" service.
> >>  >
> >>  >
> >>  >
> >>  -
> >>  > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> >> <mailto:users-unsubscr...@httpd.apache.org>
> >>  > <mailto:users-unsubscr...@httpd.apache.org
> >> <mailto:users-unsubscr...@httpd.apache.org>>
> >>  > For additional commands, e-mail: users-h...@httpd.apache.org
> >> <mailto:users-h...@httpd.apache.org>
> >>  > <mailto:users-h...@httpd.apache.org
> >> <mailto:users-h...@httpd.apache.org>>
> >>  >
> >>  >
> >>  > All you need here is name-based vhosts, and reverse proxy to the
> >>  > internal server when needed.
> >>  >
> >>
> >> Since I am not that experienced in apache configuation, I may have
> >> some
> >> simple questions.
> >>
> >> In the modern scheme, should the modules required be specified in
> >> httpd.conf or in loadmodule.conf?   Does it really matter other than
> >> for
> >> consistency?
> >>
> >>
> -
> >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> >> <mailto:users-unsubscr...@httpd.apache.org>
> >> For additional commands, e-mail: users-h...@httpd.apache.org
> >> <mailto:users-h...@httpd.apache.org>
> >>
> >>
> >> The config file name(s) do not matter, as long as you know what you
> >> added and where, and it makes sense for you.
> >>
> >> Make sure additional config files are included with the Include
> >> directive, if you're creating a new file.
> >
> > Woo Hoo!  Even I managed it.  And, as a bonus, the originally served
> > stuff still works.  Well . . . so far.
> >
> > Thanks much.
> >
> >
>
> There are some issues accessing from off premises, that is, when
> requests are entering via the internet facing router.  Like 301 and 400
> errors.
>
> Configuration is like this:
>
> Internet router->
> server-with-apache-redirect-to->server-eith-docker-nginx-reverse-proxy-acme-custom-app.
>
> The domain names are the same on each server.  Currently believe they
> must be for certificate generation and use.
>
> The virtual host on apache is configured thusly:
>
> 
>   ServerName www.my-domain.com
>   ServerAlias www.my-domain.org my-domain.com my-domain.org
>   ProxyPass "/"  "http://www.my-domain.com/";
>   ProxyPassReverse "/"  "http://my-domain.com/";
> 
> 
> # SSLEngine ON
>   ServerName www.my-domain.com
>   ServerAlias www.my-domain.org my-domain.com my-domain.org
>   ProxyPass "/"  "https://www.my-domain.com/";
>   ProxyPassReverse "/"  "https://www.my-domain.com/";
> 
>
> On the apache server the hosts files is used to resolve the host names
> to the target server.
>
> Where have I gone wrong?
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
Why are you using nginx at all in this set up?

Re: [users@httpd] Forwarding question.

[Frank Gingras]

On Mon, Feb 5, 2024 at 1:20 PM joe a  wrote:

> On 2/5/2024 11:58:55, Frank Gingras wrote:
> >
> >
> > On Mon, Feb 5, 2024 at 11:55 AM joe a  > <mailto:joea-li...@j4computers.com>> wrote:
> >
> > In a case where there is only one available incoming IP, is there a
> > way,
> > within apache, to host different domains, each on its own internal
> > server, without requiring the external "calling browser" being any
> the
> > wiser?  That is, without requiring the browser to "ask again" in a
> > different manner?
> >
> > Want to host a low volume (and low cost) family oriented site (not
> > apache) without having to resort to additional static IP or move to
> an
> > off site "hosted" service.
> >
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> > <mailto:users-unsubscr...@httpd.apache.org>
> > For additional commands, e-mail: users-h...@httpd.apache.org
> > <mailto:users-h...@httpd.apache.org>
> >
> >
> > All you need here is name-based vhosts, and reverse proxy to the
> > internal server when needed.
> >
>
> Since I am not that experienced in apache configuation, I may have some
> simple questions.
>
> In the modern scheme, should the modules required be specified in
> httpd.conf or in loadmodule.conf?   Does it really matter other than for
> consistency?
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
The config file name(s) do not matter, as long as you know what you added
and where, and it makes sense for you.

Make sure additional config files are included with the Include directive,
if you're creating a new file.

Re: [users@httpd] Forwarding question.

[Frank Gingras]

On Mon, Feb 5, 2024 at 11:55 AM joe a  wrote:

> In a case where there is only one available incoming IP, is there a way,
> within apache, to host different domains, each on its own internal
> server, without requiring the external "calling browser" being any the
> wiser?  That is, without requiring the browser to "ask again" in a
> different manner?
>
> Want to host a low volume (and low cost) family oriented site (not
> apache) without having to resort to additional static IP or move to an
> off site "hosted" service.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
All you need here is name-based vhosts, and reverse proxy to the internal
server when needed.

Re: [users@httpd] missing image

[Frank Gingras]

On Wed, Jan 31, 2024 at 2:54 PM Sherrard Burton 
wrote:

>
>
> On 1/31/24 02:26 PM, Adam Weremczuk wrote:
> >
> > I've already tried replacing relative path to the image with absolute
> > but it made no difference.
> >
> > Any ideas?
> >
>
> do you have a live example with the absolute path? the broken ones that
> i looked at all had the relative paths which (understandably) doesn't work.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
This sounds more like an html/content issue, unless httpd is mangling the
request via mod_rewrite or another directive.

In any case, if you get 404 responses, increase the log level and check the
error log first.

Re: [users@httpd] Script behaving differently when run by Apache and when run from a shell by user www-data?

[Frank Gingras]

On Tue, Jan 23, 2024 at 2:12 PM EML  wrote:

>
> Let's take a step back - why are you unmounting from a cgi script?
>
> It's a one-time setup when a user configures a new system. Most of these
> users aren't shell-literate, so they configure by ticking boxes on a web
> page. The system is a VPS, so is actually a VM, which I hope isn't relevant.
>
> Anyway, when configuration completes, all the scripts are deleted and
> Apache runs 'normally'.
>

IMO suexec would be better suited to handle more sensitive operations such
as unmounting.

CGI is not an interactive shell, as you discovered.

Calling a separate script with the suid bit might work too.

Re: [users@httpd] Script behaving differently when run by Apache and when run from a shell by user www-data?

[Frank Gingras]

On Tue, Jan 23, 2024 at 2:02 PM EML  wrote:

> The CGI Howto page contains some basic information on how Apache actually
> runs a program, but is there any more detailed information anywhere?
>
> Specifically, I have a problem where a bash script runs as expected when
> run from an interactive shell by user www-data (this is Ubuntu). However,
> the script behaves differently when run via Apache from a web client. This
> is nothing to do with PATH or envvar differences: when run by Apache, an
> operation to unmount a disk appears to succeed, but actually doesn't
> unmount the disk. When run from the interactive shell, as the same user,
> the operation unmounts the disk.
>
> This is a basic Apache install on Ubuntu 22.04 - no suexec, no chroot,
> plain CGI, etc. I've been running scripts via Apache this way for years,
> but this is the first script which attempts to carry out disk operations.
> All these scripts appear in the sudoers file to allow Apache to carry out
> specific privileged operations.
>
> I asked this question 
> today on StackExchange (https://unix.stackexchange.com/q/767587/212513,
> if the link is scrubbed), with much more detail, but I think that was
> probably the wrong place to ask.
>
>  Thanks.
>

Let's take a step back - why are you unmounting from a cgi script?

Re: [users@httpd] Removing trailing slashes with query strings

[Frank Gingras]

On Thu, Jan 18, 2024 at 7:44 AM Dave Wreski
 wrote:

> Hi,
>
> [Tue Jan 16 08:55:13.289205 2024] [rewrite:trace1] [pid 904886:tid 904938]
 mod_rewrite.c(493): [client 68.111.193.42:0] 68.195.193.42 - - [
 webstage.example.com/sid#560ba7f01a68][rid#7f2b1c0bc210/initial
 ]
 redirect to
 https://webstage.example.com/administrator/sqlantern-joomla/php?cms_settings
 [REDIRECT/301]

>>>
>>> Based on those log entries, the rewrite worked fine.
>>>
>>> Perhaps you're dealing with DirectorySlash here.
>>>
>>> Notice the last line redirected to itself, causing an infinite loop of
>>> redirects.
>>>
>>> I also wanted to add that, given the RewriteCond rule may be working
>>> correctly, how can I change it to accommodate query strings, or this
>>> particular query string?
>>>
>>> Thanks,
>>> Dave
>>>
>>>
>>>
>> If your rules are in .htaccess, the latter file will be parsed over and
>> over until it stops matching, so use the appropriate RewriteCond to break
>> that loop, or better yet, edit your vhost instead.
>>
>> Yes, that's what I'm asking for help to do :-) This rewritecond is
>> included in my vhost config using an Include statement.
>>
>> Thanks,
>> Dave
>>
>
> What context is the include directive placed in?
>
> It's in the VirtualHost directly, not in a Directory.
>
>
>
>
>
>
The following RewriteCond won't work in the vhost context:

RewriteCond %{REQUEST_FILENAME} !-d

You need to use:

RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-d

Re: [users@httpd] Removing trailing slashes with query strings

[Frank Gingras]

On Wed, Jan 17, 2024 at 9:21 AM Dave Wreski
 wrote:

> Hi,
>
> [Tue Jan 16 08:55:13.289205 2024] [rewrite:trace1] [pid 904886:tid 904938]
>>> mod_rewrite.c(493): [client 68.111.193.42:0] 68.195.193.42 - - [
>>> webstage.example.com/sid#560ba7f01a68][rid#7f2b1c0bc210/initial
>>> ]
>>> redirect to
>>> https://webstage.example.com/administrator/sqlantern-joomla/php?cms_settings
>>> [REDIRECT/301]
>>>
>>
>> Based on those log entries, the rewrite worked fine.
>>
>> Perhaps you're dealing with DirectorySlash here.
>>
>> Notice the last line redirected to itself, causing an infinite loop of
>> redirects.
>>
>> I also wanted to add that, given the RewriteCond rule may be working
>> correctly, how can I change it to accommodate query strings, or this
>> particular query string?
>>
>> Thanks,
>> Dave
>>
>>
>>
> If your rules are in .htaccess, the latter file will be parsed over and
> over until it stops matching, so use the appropriate RewriteCond to break
> that loop, or better yet, edit your vhost instead.
>
> Yes, that's what I'm asking for help to do :-) This rewritecond is
> included in my vhost config using an Include statement.
>
> Thanks,
> Dave
>

What context is the include directive placed in?

Re: [users@httpd] Removing trailing slashes with query strings

[Frank Gingras]

On Tue, Jan 16, 2024 at 3:33 PM Dave Wreski
 wrote:

> Hi,
> On 1/16/24 3:03 PM, Dave Wreski wrote:
>
>
> [Tue Jan 16 08:55:13.289205 2024] [rewrite:trace1] [pid 904886:tid 904938]
>> mod_rewrite.c(493): [client 68.111.193.42:0] 68.195.193.42 - - [
>> webstage.example.com/sid#560ba7f01a68][rid#7f2b1c0bc210/initial
>> ]
>> redirect to
>> https://webstage.example.com/administrator/sqlantern-joomla/php?cms_settings
>> [REDIRECT/301]
>>
>
> Based on those log entries, the rewrite worked fine.
>
> Perhaps you're dealing with DirectorySlash here.
>
> Notice the last line redirected to itself, causing an infinite loop of
> redirects.
>
> I also wanted to add that, given the RewriteCond rule may be working
> correctly, how can I change it to accommodate query strings, or this
> particular query string?
>
> Thanks,
> Dave
>
>
>
If your rules are in .htaccess, the latter file will be parsed over and
over until it stops matching, so use the appropriate RewriteCond to break
that loop, or better yet, edit your vhost instead.

DirectorySlash off won't help you if the user decides to add the "/" to the
URI and you want to remove it, for some reason. It will also break other
things.

Re: [users@httpd] Removing trailing slashes with query strings

[Frank Gingras]

On Tue, Jan 16, 2024 at 9:30 AM Dave Wreski
 wrote:

> Hi,
>
> I have the following rule that works well to remove trailing slashes from
>> URLs:
>>
>> RewriteCond %{REQUEST_FILENAME} !-d
>> RewriteRule ^(.*)/$ $1 [R=301,L]
>>
>> This is done to prevent the non-slash URL from being treated as duplicate
>> content with the URL with a slash.
>>
>> The problem is that there are exceptions, such as when we want to add
>> query strings to the end of a URL:
>>
>> https://example.com/administrator/path/?cms_settings
>>
>> I've also tried a variation, like:
>>
>> https://example.com/administrator/path?cms_settings
>>
>> but somehow the slash is replaced back into the URL and I don't know
>> where it comes from.
>>
>> Adding index.php to the path works properly because it's then not a
>> directory:
>>
>> https://example.com/administrator/path/index.php?cms_settings
>>
>> Any ideas greatly appreciated.
>>
>> Thanks,
>> Dave
>>
>>
>>
> What does the rewrite log say, exactly?
>
> There's a tremendous amount of noise at trace5 (although probably only
> trace4 was apparently really necessary), and I've had trouble generally
> identifying the entries related to this specific rule, but here are a few
> entries I think represent what's happening.
>
>
> https://webstage.example.com/administrator/sqlantern-joomla/php/?cms_settings
> [Tue Jan 16 08:55:13.289102 2024] [rewrite:trace3] [pid 904886:tid 904938]
> mod_rewrite.c(493): [client 68.111.193.42:0] 68.195.193.42 - - [
> webstage.example.com/sid#560ba7f01a68][rid#7f2b1c0bc210/initial
> ]
> applying pattern '^(.*)/$' to uri '/administrator/sqlantern-joomla/php/'
>
> [Tue Jan 16 08:55:13.289129 2024] [rewrite:trace4] [pid 904886:tid 904938]
> mod_rewrite.c(493): [client 68.195.193.42:0] 68.111.193.42 - - [
> webstage.example.com/sid#560ba7f01a68][rid#7f2b1c0bc210/initial
> ]
> RewriteCond: input='/administrator/sqlantern-joomla/php/' pattern='!-d' =>
> matched
>
> [Tue Jan 16 08:55:13.289143 2024] [rewrite:trace2] [pid 904886:tid 904938]
> mod_rewrite.c(493): [client 68.111.193.42:0] 68.195.193.42 - - [
> webstage.example.com/sid#560ba7f01a68][rid#7f2b1c0bc210/initial
> ]
> rewrite '/administrator/sqlantern-joomla/php/' ->
> '/administrator/sqlantern-joomla/php'
>
> [Tue Jan 16 08:55:13.289156 2024] [rewrite:trace2] [pid 904886:tid 904938]
> mod_rewrite.c(493): [client 68.111.193.42:0] 68.195.193.42 - - [
> webstage.example.com/sid#560ba7f01a68][rid#7f2b1c0bc210/initial
> ]
> explicitly forcing redirect with
> https://webstage.example.com/administrator/sqlantern-joomla/php
>
> [Tue Jan 16 08:55:13.289181 2024] [rewrite:trace1] [pid 904886:tid 904938]
> mod_rewrite.c(493): [client 68.111.193.42:0] 68.195.193.42 - - [
> webstage.example.com/sid#560ba7f01a68][rid#7f2b1c0bc210/initial
> ]
> escaping https://webstage.example.com/administrator/sqlantern-joomla/php
> for redirect
>
> [Tue Jan 16 08:55:13.289195 2024] [rewrite:trace1] [pid 904886:tid 904938]
> mod_rewrite.c(493): [client 68.111.193.42:0] 68.195.193.42 - - [
> webstage.example.com/sid#560ba7f01a68][rid#7f2b1c0bc210/initial
> ]
> copying cms_settings to query string for redirect
>
> [Tue Jan 16 08:55:13.289205 2024] [rewrite:trace1] [pid 904886:tid 904938]
> mod_rewrite.c(493): [client 68.111.193.42:0] 68.195.193.42 - - [
> webstage.example.com/sid#560ba7f01a68][rid#7f2b1c0bc210/initial
> ]
> redirect to
> https://webstage.example.com/administrator/sqlantern-joomla/php?cms_settings
> [REDIRECT/301]
>
> Thanks,
> Dave
>
>
>
Based on those log entries, the rewrite worked fine.

Perhaps you're dealing with DirectorySlash here.

Re: [users@httpd] Removing trailing slashes with query strings

[Frank Gingras]

On Mon, Jan 15, 2024 at 10:16 PM Dave Wreski
 wrote:

> Hi,
>
> I have the following rule that works well to remove trailing slashes from
> URLs:
>
> RewriteCond %{REQUEST_FILENAME} !-d
> RewriteRule ^(.*)/$ $1 [R=301,L]
>
> This is done to prevent the non-slash URL from being treated as duplicate
> content with the URL with a slash.
>
> The problem is that there are exceptions, such as when we want to add
> query strings to the end of a URL:
>
> https://example.com/administrator/path/?cms_settings
>
> I've also tried a variation, like:
>
> https://example.com/administrator/path?cms_settings
>
> but somehow the slash is replaced back into the URL and I don't know where
> it comes from.
>
> Adding index.php to the path works properly because it's then not a
> directory:
>
> https://example.com/administrator/path/index.php?cms_settings
>
> Any ideas greatly appreciated.
>
> Thanks,
> Dave
>
>
>
What does the rewrite log say, exactly?

Re: [users@httpd] Rewrite query string?

[Frank Gingras]

On Thu, Jan 4, 2024 at 5:03 PM Will Fatherley  wrote:

>
> https://example.com/search?searchword=CVE-2021-4014&Search=
>>
>> I've tried the following RewriteCond/RewriteRule in various forms, but not 
>> sure what I'm doing wrong.
>>
>> RewriteCond %{QUERY_STRING} ^searchword=(.*)
>> RewriteRule ^   q=$1 [NC,L]
>>
>> Ideas for what I'm doing wrong would be greatly appreciated.
>>
>> Is the query parameter case sensitive? That’d be important for
> RewriteCond to know. Also, isn’t that the “starts with” operator, ^? What
> if the parameter comes second? A bit verbose, but:
>
>  ^.*searchword=(\w{1})[&]{0,1}.*$
>

You don't want to use ^.* - just use the substring match behaviour by
removing ^.* if you want to match searchword anywhere in the value.

Re: [users@httpd] Rewrite query string?

[Frank Gingras]

On Thu, Jan 4, 2024 at 2:53 PM Dave Wreski
 wrote:

> Hi,
>
> I'm trying to replace "searchword" with just "search" in the following URL:
>
> https://example.com/search?searchword=CVE-2021-4014&Search=
>
> I've tried the following RewriteCond/RewriteRule in various forms, but not
> sure what I'm doing wrong.
>
> RewriteCond %{QUERY_STRING} ^searchword=(.*)
> RewriteRule ^   q=$1 [NC,L]
>
> Ideas for what I'm doing wrong would be greatly appreciated.
>
> Thanks,
> Dave
>
>
>
Captured values via a RewriteCond are referenced with %1 and not $1.

Either way, I recommend using the rewrite log to see what is actually
happening.

Re: [users@httpd] Problems with "VirtualHost"

[Frank Gingras]

On Mon, Dec 18, 2023 at 2:51 AM Gestió Servidors
 wrote:

> Hi,
>
>
>
> I define both vhost with : because each “hostname” links
> to different hosts. Machines A and B are differents and they are serving
> its sites, so in Apache I must declare (I think…) each host because I need
> to differentiate them. If I use *:, how are I differentiating both
> hosts if they are different?
>
>
>
> Output of “apachectl -S”:
>
>- in my running R (CentOS), where redirection works:
>
> VirtualHost configuration:
>
> my_ip_address:80 is a NameVirtualHost
>
>  default server A.mydomain (/etc/httpd/conf.d/000-default.conf:1)
>
>  port 80 namevhost A.mydomain
> (/etc/httpd/conf.d/000-default.conf:1)
>
>  alias A
>
>  alias A.mydomain.v2
>
>  port 80 namevhost B.mydomain
> (/etc/httpd/conf.d/000-default.conf:101)
>
>  alias B
>
>  alias B.mydomain.v2
>
> ServerRoot: "/etc/httpd"
>
> Main DocumentRoot: "/var/www/html"
>
> Main ErrorLog: "/etc/httpd/logs/error_log"
>
> Mutex mpm-accept: using_defaults
>
> Mutex authdigest-opaque: using_defaults
>
> Mutex proxy-balancer-shm: using_defaults
>
> Mutex rewrite-map: using_defaults
>
> Mutex authdigest-client: using_defaults
>
> Mutex proxy: using_defaults
>
> Mutex authn-socache: using_defaults
>
> Mutex default: dir="/run/httpd/" mechanism=default
>
> PidFile: "/run/httpd/httpd.pid"
>
> Define: _RH_HAS_HTTPPROTOCOLOPTIONS
>
> Define: DUMP_VHOSTS
>
> Define: DUMP_RUN_CFG
>
> User: name="apache" id=48
>
> Group: name="apache" id=48
>
>- in my new R (Rocky-8.9), where redirection doesn’t work:
>
> VirtualHost configuration:
>
> 192.168.1.2:80 A.mydomain (/etc/httpd/conf.d/000-default.conf:1)
>
> 192.168.1.5:80 B.mydomain (/etc/httpd/conf.d/000-default.conf:101)
>
> ServerRoot: "/etc/httpd"
>
> Main DocumentRoot: "/var/www/html"
>
> Main ErrorLog: "/etc/httpd/logs/error_log"
>
> Mutex authdigest-opaque: using_defaults
>
> Mutex watchdog-callback: using_defaults
>
> Mutex proxy-balancer-shm: using_defaults
>
> Mutex rewrite-map: using_defaults
>
> Mutex authdigest-client: using_defaults
>
> Mutex lua-ivm-shm: using_defaults
>
> Mutex proxy: using_defaults
>
> Mutex authn-socache: using_defaults
>
> Mutex default: dir="/etc/httpd/run/" mechanism=default
>
> Mutex cache-socache: using_defaults
>
> PidFile: "/etc/httpd/run/httpd.pid"
>
> Define: DUMP_VHOSTS
>
> Define: DUMP_RUN_CFG
>
> User: name="apache" id=48
>
> Group: name="apache" id=48
>
>
>
> Thanks a lot!
>
>
>
> *De:* Frank Gingras 
> *Enviat:* divendres, 15 de desembre de 2023 15:49
> *Per a:* users@httpd.apache.org
> *Tema:* Re: [users@httpd] Problems with "VirtualHost"
>
>
>
>
>
>
>
> On Fri, Dec 15, 2023 at 2:57 AM Gestió Servidors <
> sysadmin.c...@uab.cat.invalid> wrote:
>
> Hello,
>
>
>
> I have a small Apache where I run a redirection to two private hosts. My
> machine (R, router) is connected to Interned and to a private LAN
> (192.168.x.x/16). Behind “R”, there are two machines (A and B) that are
> serving two websites. R has an DNS alias with two public DNS names for A
> and B (because some years ago, A and B were machines with public IP
> addresses). Now, I want to change R and configure a new R machine (newest
> distribution). However, in new R, redirect doesn’t run and I can’t get
> browing from Internet to A and B websites. I copypaste here all information:
>
>
>
>- R:
>
>
>- CentOS-7.9.2009
>   - Apache: 2.4.6-99.el7.centos.1
>
>
>- new R:
>
>
>- Rocky Linux 8.9
>   - Apache: 2.4.37-62.module+el8.9.0+1436+2b7d5021
>
>
>
> My configuration file where I have configured “VirtualHost” is the same in
> both servers:
>
>
>
> 
>
> ServerAdmin foo@boo 
>
> ServerName A.mydomain
>
> ServerAlias A A.mydomain
>
> LogLevel info
>
> ErrorLog /var/log/httpd/virtualhost-A.log
>
> ProxyPass / http://192.168.1.2/
>
> ProxyPassReverse / http://192.168.1.2/
>
> 
>
> 
>
> Require ip my_network
>
> 
>
> 
>
>
>
> 
>
> Options FollowSymLinks
>
>  

Re: [users@httpd] Problems with "VirtualHost"

[Frank Gingras]

On Fri, Dec 15, 2023 at 2:57 AM Gestió Servidors
 wrote:

> Hello,
>
>
>
> I have a small Apache where I run a redirection to two private hosts. My
> machine (R, router) is connected to Interned and to a private LAN
> (192.168.x.x/16). Behind “R”, there are two machines (A and B) that are
> serving two websites. R has an DNS alias with two public DNS names for A
> and B (because some years ago, A and B were machines with public IP
> addresses). Now, I want to change R and configure a new R machine (newest
> distribution). However, in new R, redirect doesn’t run and I can’t get
> browing from Internet to A and B websites. I copypaste here all information:
>
>
>
>- R:
>   - CentOS-7.9.2009
>   - Apache: 2.4.6-99.el7.centos.1
>- new R:
>   - Rocky Linux 8.9
>   - Apache: 2.4.37-62.module+el8.9.0+1436+2b7d5021
>
>
>
> My configuration file where I have configured “VirtualHost” is the same in
> both servers:
>
>
>
> 
>
> ServerAdmin foo@boo 
>
> ServerName A.mydomain
>
> ServerAlias A A.mydomain
>
> LogLevel info
>
> ErrorLog /var/log/httpd/virtualhost-A.log
>
> ProxyPass / http://192.168.1.2/
>
> ProxyPassReverse / http://192.168.1.2/
>
> 
>
> 
>
> Require ip my_network
>
> 
>
> 
>
>
>
> 
>
> Options FollowSymLinks
>
> AllowOverride None
>
> 
>
> 
>
> Options Indexes FollowSymLinks MultiViews
>
> AllowOverride all
>
> 
>
> Require ip my_network
>
> 
>
> 
>
> 
>
>
>
> 
>
> ServerAdmin foo@boo 
>
> ServerName B.mydomain
>
> ServerAlias B B.mydomain
>
> LogLevel info
>
> ErrorLog /var/log/httpd/virtualhost-B.log
>
> ProxyPass / http://192.168.1.5/
>
> ProxyPassReverse / http://192.168.1.5/
>
> 
>
> 
>
> Require ip my_network
>
> 
>
> 
>
>
>
> 
>
> Options FollowSymLinks
>
> AllowOverride None
>
> 
>
> 
>
> Options Indexes FollowSymLinks MultiViews
>
> AllowOverride all
>
> 
>
> Require ip my_domain
>
> 
>
> 
>
> 
>
>
>
> With this file, in server R, redirection runs perfectly and when I browse
> http://A/mysiteA, R redirect connection to private machine A (the same
> when I browse to http://B/mysiteB). However, in new R, when I browse to
> http://A/mysiteA (or http://B/mysiteB), there are no redirection and I
> can see at logs this message: File does not exist: /var/www/html/mysiteA
> (or  File does not exist: /var/www/html/mysiteB).
>
>
>
> Where is the problem?
>
>
>
> Thanks!
>
>
>

You don't want to define a vhost as :, unless you know
exactly what you are doing.  When unsure, always use *:.

Show the output from apachectl -S or httpd -S after you applied the fixes.

Re: [users@httpd] Removing trailing slashes?

[Frank Gingras]

On Thu, Dec 14, 2023 at 10:21 AM Dave Wreski
 wrote:

> Hi,
>
> I would stop using .htaccess files, first, and merge all rewrite rules in
> the relevant vhost / Directory block.  Then, I would use the rewrite log to
> see what is really happening.
>
> Using multiple .htaccess files is a recipe to lose all your hair.
>
> These are Included in the directory block. My apologies for not making
> that more clear.
>
>Include /etc/httpd/conf.d/domain-htaccess.htaccess
>
> This is a site with content going back to 1996, so a lot has changed in
> that time, including a conversion to SEF URLs that we're currently
> redirecting.
>
> I've also posted here separately about trying to figure out how to trace
> rewrites using LogLevel and trace, but it is very difficult to follow.
>
> Thanks,
> Dave
>
>
>
>
>
>
Create a paste link with the updated and complete set of rules, as well as
the relevant rewrite log entries with verbosity 5.

Re: [users@httpd] Removing trailing slashes?

[Frank Gingras]

On Thu, Dec 14, 2023 at 8:52 AM Dave Wreski
 wrote:

> Hi,
>
> I have a FAQ, but need some additional info I haven't been able to find.
>> I'm trying to process links Google has indicated are 404s that never really
>> ever existed on our site.
>>
>> I have an htaccess file I'm Including with my main apache config that
>> only contains RewriteConds. This file is processed before any of the other
>> htaccess files that contain standard RewriteRules. This is what I'm using
>> to strip off any trailing slashes in URLs:
>>
>> RewriteCond %{REQUEST_FILENAME} !-d
>> RewriteRule ^(.*)/$ /$1 [R=301,L]
>>
>> I just want to confirm that this means none of the RewriteRules that
>> follow should contain a trailing slash or they will not match, correct?
>>
>> Some of my existing RewriteRules that were created before I realized I
>> should be stripping off the trailing slash actually contain a trailing
>> slash.
>>
>> Perhaps I should instead be using '/?' instead of just '/' at the end of
>> URLs?
>>
>> Thanks,
>> Dave
>>
>>
>>
> If the following rules look for a trailing slash and you remove it prior,
> in theory it won't match.  However, remember that .htaccess files will be
> parsed over and over until it stops matching, so you are likely to create a
> rewrite loop.
>
> Oh, good info. I didn't realize that.
>
> What is the rationale for removing trailing slashes here?
>
> Because apparently Google considers it duplicated content when it sees one
> version with a slash and one version without. Here's a few articles that
> discuss the issues.
>
> https://authenticdigital.nz/blog/trailing-slashes-and-seo/
> https://ahrefs.com/blog/trailing-slash/
>
> https://stackoverflow.com/questions/5948659/when-should-i-use-a-trailing-slash-in-my-url
>
> Also, I learned my RewriteCond above to strip off the trailing slash
> doesn't work with URLs involving query strings.
>
> RewriteCond %{REQUEST_FILENAME} !-d
> RewriteRule ^(.*)/$ /$1 [R=301,L]
>
> I believe it also has the potential to add a duplicate slash in the
> beginning if $1 already has a slash in it, but using just $1 alone doesn't
> fix the problem with losing query strings. Even ahrefs uses the above
> example in their blog post without considering query strings or the
> potential for creating duplicate slashes.
>
> Ideas greatly appreciated.
>
> Thanks,
> Dave
>
>
>
>
I would stop using .htaccess files, first, and merge all rewrite rules in
the relevant vhost / Directory block.  Then, I would use the rewrite log to
see what is really happening.

Using multiple .htaccess files is a recipe to lose all your hair.

Re: [users@httpd] Removing trailing slashes?

[Frank Gingras]

On Wed, Dec 13, 2023 at 7:13 PM Dave Wreski
 wrote:

> Hi,
>
> I have a FAQ, but need some additional info I haven't been able to find.
> I'm trying to process links Google has indicated are 404s that never really
> ever existed on our site.
>
> I have an htaccess file I'm Including with my main apache config that only
> contains RewriteConds. This file is processed before any of the other
> htaccess files that contain standard RewriteRules. This is what I'm using
> to strip off any trailing slashes in URLs:
>
> RewriteCond %{REQUEST_FILENAME} !-d
> RewriteRule ^(.*)/$ /$1 [R=301,L]
>
> I just want to confirm that this means none of the RewriteRules that
> follow should contain a trailing slash or they will not match, correct?
>
> Some of my existing RewriteRules that were created before I realized I
> should be stripping off the trailing slash actually contain a trailing
> slash.
>
> Perhaps I should instead be using '/?' instead of just '/' at the end of
> URLs?
>
> Thanks,
> Dave
>
>
>
If the following rules look for a trailing slash and you remove it prior,
in theory it won't match.  However, remember that .htaccess files will be
parsed over and over until it stops matching, so you are likely to create a
rewrite loop.

What is the rationale for removing trailing slashes here?

Re: [users@httpd] RE: [External][users@httpd] Building 32-bit Apache-httpd

[Frank Gingras]

On Tue, Nov 28, 2023 at 12:11 PM Daga, Navin (Navin) 
wrote:

> On Tue, Nov 28, 2023 at 9:19 AM Will Fatherley 
> wrote:
>
>
>
> >> Any help on this? How to build 32-bit Apache httpd on a 64-bit server?
>
> I am unsure of recommended workarounds as I usually have my package
> manager build httpd directly from that OSs package index. That said, a
> container or VM might be a possibility.
>
>
>
> Does your distribution not provide 32 bit packages?
>
> >> No, Rocky Linux does not have a 32-bit package.
>

Might be worth looking at the srpm for CentOS 7 or earlier, there was a 32
bit ISO.

Re: [users@httpd] RE: [External][users@httpd] Building 32-bit Apache-httpd

[Frank Gingras]

On Tue, Nov 28, 2023 at 9:19 AM Will Fatherley 
wrote:

>
>
>> >> Any help on this? How to build 32-bit Apache httpd on a 64-bit server?
>>
> I am unsure of recommended workarounds as I usually have my package
> manager build httpd directly from that OSs package index. That said, a
> container or VM might be a possibility.


Does your distribution not provide 32 bit packages?

Re: [users@httpd] Still have messed up TLS

[Frank Gingras]

On Mon, Nov 27, 2023 at 2:47 PM John  wrote:

> On Sun, 2023-11-26 at 18:06 -0500, Paul wrote:
> > On 2023-11-26 16:12, John wrote:
> > > After a week of chasing this around I have managed to change the
> problem several times but I'm
> > > still
> > > unable to get Apache started.  I **think** there is something
> unrelated to the error that I'm
> > > seeing
> > > that may have been included in the default config but before I go down
> that rabbit hole I
> > > realize
> > > that I am making a number of assumptions because I don't know how to
> check, so if everyone would
> > > please bear with me, and my apologies in advance:
> > >
> > > Here are the relevant parts of the full configuration:
> > >
> > > /usr/sbin/httpd -M
> >
> > I think you said you were using "Rocky Linux" associated with RHEL which
> > may use /usr/sbin/httpd rather than /usr/share/apache2 (debian).  If
> > "Rocky" is a spin-off (I have no knowledge of it) perhaps they have a
> > "users list" that could help you?
> >
> > In any case what is the output of 'apachectl -S' (or perhaps 'httpd
> > -S')?  Is it only your TLS that is problematic, or are there other
> > underlying glitches?  You write "httpd.service: Main process exited,
> > code=exited, status=1/FAILURE" and this looks to me that it could
> > preceed any TLS certs.
> >
> > Also, your "SSLCACertificateFile" probably has to be used carefully.  It
> > "can be used alternatively and/or additionally to "SSLCACertificatePath"
> > and should only be used if "SSLCADNRequestPath or SSLCADNRequestFile"
> > are missing. See .
> > Yours appear to be missing from what you write (please delete all rem'ed
> > out lines, it's rather boring) - are you sure this is what you want?
> >
> > Good luck -- Paul
> > >
> > > ***89 deleted module lines here**
> > > ssl_module (shared)
> > > systemd_module (shared)
> > >
> > > the full config file for the ONLY https virtual server
> > > --
> > > # SSL Support for Coax Publications ONLY!
> > > 
> > > ServerName www.coaxpublications.ca
> > > #   ServerAlias t.coaxpublications.ca
> > > DocumentRoot /usr/httpd/coax
> > > Options -MultiViews
> > > H2Direct on
> > > ProxyPassMatch "^/.*\.php(/.*)?$" fcgi://
> 127.0.0.1:9002/usr/httpd/coax
> > > SSLEngine on
> > > #   SSLCipherSuite HIGH: !ADH: !SSLv2: !SSLv3: !TLSv1: !RC4: !PSK: !MD5
> > > SSLCipherSuite TLSv1.3
> > > SSLCertificateFile
> /etc/httpd/conf/sslcert/www.coaxpublications.ca.pem
> > > SSLCertificateKeyFile
> /etc/httpd/conf/sslcert/www.coaxpublications.ca.key
> > > SSLCACertificateFile /etc/httpd/conf/sslcert/intermediate.crt
> > > SSLHonorCipherOrder on
> > > Header always set Strict-Transport-Security
> "max-age-63072000;includeSubDomains"
> > > 
> > >
> > > # Redirect if logon is to coaxpublications without the 'www'
> > > 
> > > ServerName coaxpublications.ca
> > > Redirect permanent / https://www.coaxpublications.ca
> > > 
> > > --
> > >
> > > the systemctl status on attempting to start:
> > > --
> > > # systemctl status httpd
> > > × httpd.service - The Apache HTTP Server
> > >   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled;
> preset: disabled)
> > >  Drop-In: /usr/lib/systemd/system/httpd.service.d
> > >   └─php-fpm.conf
> > >   Active: failed (Result: exit-code) since Sun 2023-11-26 15:14:50
> EST; 25min ago
> > > Duration: 1d 22h 32min 36.626s
> > > Docs: man:httpd.service(8)
> > >  Process: 56733 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND
> (code=exited,
> > > status=1/FAILURE)
> > > Main PID: 56733 (code=exited, status=1/FAILURE)
> > >   Status: "Reading configuration..."
> > >  CPU: 25ms
> > >
> > > Nov 26 15:14:50 prod02 systemd[1]: Starting The Apache HTTP Server...
> > > Nov 26 15:14:50 prod02 systemd[1]: httpd.service: Main process exited,
> code=exited,
> > > status=1/FAILURE
> > > Nov 26 15:14:50 prod02 systemd[1]: httpd.service: Failed with result
> 'exit-code'.
> > > Nov 26 15:14:50 prod02 systemd[1]: Failed to start The Apache HTTP
> Server.
> > > --
> > >
> > > our production TLS certificate.  The one on the problem server is a
> .pem version of the same
> > > thing
> > > because it will eventually replace this server.  What I don't know is
> how to confirm that the
> > > .pem
> > > cert is identical to this one.
> > >
> > > --
> > > 
> > > 
> > > 
> > > 
> > >  
> > >  
> > >  
> > >  
> > >  
> > >   src="chrome://global/content/certviewer/certviewer.mjs">
> > >   src="chrome://global/content/certviewer/components/certificate-
> > > section.mjs">
> > >   src="chrome://global/content/certviewer/components/about-certificate-
> > > section.mjs">
> > >   href="chrome://global/skin/in-content/common.css">
> > >   href="chrome://global/content/certviewer/certviewer.css">
> > >   > > args="{"firstCertName":"www.coaxpublications.ca"}

Re: [users@httpd] Still have messed up TLS

[Frank Gingras]

On Sun, Nov 26, 2023 at 4:13 PM John  wrote:

> After a week of chasing this around I have managed to change the problem
> several times but I'm still
> unable to get Apache started.  I **think** there is something unrelated to
> the error that I'm seeing
> that may have been included in the default config but before I go down
> that rabbit hole I realize
> that I am making a number of assumptions because I don't know how to
> check, so if everyone would
> please bear with me, and my apologies in advance:
>
> Here are the relevant parts of the full configuration:
>
> /usr/sbin/httpd -M
>
> ***89 deleted module lines here**
> ssl_module (shared)
> systemd_module (shared)
>
> the full config file for the ONLY https virtual server
> --
> # SSL Support for Coax Publications ONLY!
> 
>ServerName www.coaxpublications.ca
> #   ServerAlias t.coaxpublications.ca
>DocumentRoot /usr/httpd/coax
>Options -MultiViews
>H2Direct on
>ProxyPassMatch "^/.*\.php(/.*)?$" fcgi://127.0.0.1:9002/usr/httpd/coax
>SSLEngine on
> #   SSLCipherSuite HIGH: !ADH: !SSLv2: !SSLv3: !TLSv1: !RC4: !PSK: !MD5
>SSLCipherSuite TLSv1.3
>SSLCertificateFile /etc/httpd/conf/sslcert/www.coaxpublications.ca.pem
>SSLCertificateKeyFile
> /etc/httpd/conf/sslcert/www.coaxpublications.ca.key
>SSLCACertificateFile /etc/httpd/conf/sslcert/intermediate.crt
>SSLHonorCipherOrder on
>Header always set Strict-Transport-Security
> "max-age-63072000;includeSubDomains"
> 
>
> # Redirect if logon is to coaxpublications without the 'www'
> 
>ServerName coaxpublications.ca
>Redirect permanent / https://www.coaxpublications.ca
> 
> --
>
> the systemctl status on attempting to start:
> --
> # systemctl status httpd
> × httpd.service - The Apache HTTP Server
>  Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled;
> preset: disabled)
> Drop-In: /usr/lib/systemd/system/httpd.service.d
>  └─php-fpm.conf
>  Active: failed (Result: exit-code) since Sun 2023-11-26 15:14:50 EST;
> 25min ago
>Duration: 1d 22h 32min 36.626s
>Docs: man:httpd.service(8)
> Process: 56733 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND
> (code=exited, status=1/FAILURE)
>Main PID: 56733 (code=exited, status=1/FAILURE)
>  Status: "Reading configuration..."
> CPU: 25ms
>
> Nov 26 15:14:50 prod02 systemd[1]: Starting The Apache HTTP Server...
> Nov 26 15:14:50 prod02 systemd[1]: httpd.service: Main process exited,
> code=exited, status=1/FAILURE
> Nov 26 15:14:50 prod02 systemd[1]: httpd.service: Failed with result
> 'exit-code'.
> Nov 26 15:14:50 prod02 systemd[1]: Failed to start The Apache HTTP Server.
> --
>
> our production TLS certificate.  The one on the problem server is a .pem
> version of the same thing
> because it will eventually replace this server.  What I don't know is how
> to confirm that the .pem
> cert is identical to this one.
>
> --
> 
> 
> 
> 
> 
> 
> 
> 
> 
>  src="chrome://global/content/certviewer/certviewer.mjs">
>  src="chrome://global/content/certviewer/components/certificate-
> section.mjs">
>  src="chrome://global/content/certviewer/components/about-certificate-
> section.mjs">
>  href="chrome://global/skin/in-content/common.css">
>  href="chrome://global/content/certviewer/certviewer.css">
>  args="{"firstCertName":"www.coaxpublications.ca"}"
> data-l10n-id="certificate-
> viewer-tab-title">Certificate for www.coaxpublications.ca
>   
>   
> 
>href="chrome://global/content/certviewer/components/certificate-
> section.css">
>   
> 
>
> 
>   
> 
>
>  
>
> 
>href="chrome://global/skin/in-content/common.css">
>href="chrome://global/content/certviewer/components/info-item.css">
>   
>   
> 
>
> 
>href="chrome://global/content/certviewer/components/info-group.css">
>   
>  data-l10n-
> id="certificate-viewer-critical-extension">
> 
>   
>   
> 
>
> 
>href="chrome://global/content/certviewer/components/error-section.css">
>   
>   
> 
>
> 
>href="chrome://global/content/certviewer/components/certificate-
> section.css">
>   
> 
>
> 
>href="chrome://global/content/certviewer/components/about-certificate-
> section.css">
> 
>
> 
>href="chrome://global/content/certviewer/components/list-item.css">
>   
>   
> 
>
>
> 
> --
>
> the error log for mod_ssl
>
> --
> Sun Nov 26 15:14:50.745976 2023] [ssl:warn] [pid 56733:tid 56733] AH01909:
> www.iliffe.ca:443:0
> server certificate does NOT include an ID which matches the server name
> --
> Now here is where I get really confused: there is NO config file for
> virtual server iliffe.ca that
> makes it an HTTPS server.  It is simply our test server and runs as http
> on port 80.  The only
> possible reason that I can think of why this should have bee

Re: [users@httpd] Connection TLS Error

[Frank Gingras]

On Sun, Nov 19, 2023 at 3:25 PM John  wrote:

> On Sun, 2023-11-19 at 15:17 -0500, Eric Covener wrote:
> > On Sun, Nov 19, 2023 at 3:15 PM John  wrote:
> > >
> > > On Sun, 2023-11-19 at 14:35 -0500, Eric Covener wrote:
> > > > On Sun, Nov 19, 2023 at 2:31 PM John  wrote:
> > > > >
> > > > > When I try to connect to Apache (2.4.53) using TLS 1.3 I get a
> browser error:
> > > > > Error code: SSL_ERROR_RX_RECORD_TOO_LONG(Firefox)
> > > >
> > > > What does your SSL-enabled virtualhost look like
> > >
> > > Here is the example.conf include file; ssl.conf follows
> > >
> > > # SSL Support for example.ca ONLY!
> > > 
> > >ServerName www.example.ca
> > > ServerAlias t.example.ca
> > >DocumentRoot /usr/httpd/example
> > >Options -MultiViews
> > >H2Direct on
> > >ProxyPassMatch "^/.*\.php(/.*)?$" fcgi://
> 127.0.0.1:9002/usr/httpd/example
> > > #   SSLEngine on
> >
> > ^^^ Pretty suspicious?
> >
>
>
> SSLEngine being commented out?  It is already turned on in ssl.conf and
> one of the problems that I
> already had to fix was duplicate entries between conf file sections.
> > -
> > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> > For additional commands, e-mail: users-h...@httpd.apache.org
> >
>
>

>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
You can't inherit SSLEngine on like that - you must either set it in the
vhost context, or include a file that sets it.  I don't see an include
directive in your vhost, either.

Re: [users@httpd] Tightening security on my webserver

[Frank Gingras]

You could look at the AcceptPathInfo directive in the meantime as well.

On Tue, Nov 14, 2023 at 4:04 PM Frank Gingras  wrote:

> The URI path part of pathinfo is not "ignored", nor "considered" by the
> web server. It is simply passed to the php application. If your application
> chooses to include it in the response, then the application must be
> corrected.
>
> On Tue, Nov 14, 2023 at 3:57 PM Murray Collingwood <
> mur...@focus-computing.com.au> wrote:
>
>> Hi Frank
>>
>> Yes, and I can do this, but I'm really surprised that this extra content
>> is even being reflected back to the web user.  My assumption was if I
>> ignore anything beyond my "appwaz.php" it will be ignored by the web
>> server so why is this text being reflected back as part of the
>> response???  Is it something I'm doing in my php script? (I don't think so).
>>
>> Cheers
>> Murray
>>
>>
>>
>> On Wed, 15 Nov 2023 at 09:47, Frank Gingras  wrote:
>>
>>> Since you're using appwaz.php to serve your content and parsing the
>>> pathinfo, it falls back on your php application to discard values that are
>>> malicious or incorrect.
>>>
>>> On Tue, Nov 14, 2023 at 3:37 PM Murray Collingwood <
>>> mur...@focus-computing.com.au> wrote:
>>>
>>>> Good question @Frank, and yes it is.
>>>>
>>>> Cheers
>>>> Murray
>>>>
>>>>
>>>>
>>>> On Wed, 15 Nov 2023 at 07:36, Frank Gingras  wrote:
>>>>
>>>>> To be clear, is sobs.com.au your domain name?
>>>>>
>>>>> On Tue, Nov 14, 2023 at 1:26 PM Murray Collingwood <
>>>>> mur...@focus-computing.com.au> wrote:
>>>>>
>>>>>> Hi folks
>>>>>>
>>>>>> First time poster.  I recently became aware that hackers were able to
>>>>>> include scripts in my URLs that would run (when reflected back to the
>>>>>> client web browser).
>>>>>>
>>>>>> Is there a simple configuration in Apache that allows me to apply
>>>>>> strict rules to the URLs that would stop this happening?
>>>>>>
>>>>>> Alternatively, is there something I have opened / allowed that
>>>>>> enables this?
>>>>>>
>>>>>> For example:
>>>>>> https://sobs.com.au/ui/appwaz.php/jiwzk%22onload%3d%22alert(1)%22tyysj
>>>>>>
>>>>>>
>>>>>> Hope you can help.
>>>>>>
>>>>>> Cheers
>>>>>> Murray
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Murray Collingwood
>>>>>> Focus Computing
>>>>>>
>>>>>> Australia ph 07 3175 0575
>>>>>> New Zealand ph 03 928 1699
>>>>>>
>>>>>> http://www.focus-computing.com.au
>>>>>>
>>>>>>
>>>>
>>>> --
>>>> Murray Collingwood
>>>> Focus Computing
>>>>
>>>> Australia ph 07 3175 0575
>>>> New Zealand ph 03 928 1699
>>>>
>>>> http://www.focus-computing.com.au
>>>>
>>>
>>
>> --
>> Murray Collingwood
>> Focus Computing
>>
>> Australia ph 07 3175 0575
>> New Zealand ph 03 928 1699
>>
>> http://www.focus-computing.com.au
>>
>

Re: [users@httpd] Tightening security on my webserver

[Frank Gingras]

The URI path part of pathinfo is not "ignored", nor "considered" by the web
server. It is simply passed to the php application. If your application
chooses to include it in the response, then the application must be
corrected.

On Tue, Nov 14, 2023 at 3:57 PM Murray Collingwood <
mur...@focus-computing.com.au> wrote:

> Hi Frank
>
> Yes, and I can do this, but I'm really surprised that this extra content
> is even being reflected back to the web user.  My assumption was if I
> ignore anything beyond my "appwaz.php" it will be ignored by the web
> server so why is this text being reflected back as part of the
> response???  Is it something I'm doing in my php script? (I don't think so).
>
> Cheers
> Murray
>
>
>
> On Wed, 15 Nov 2023 at 09:47, Frank Gingras  wrote:
>
>> Since you're using appwaz.php to serve your content and parsing the
>> pathinfo, it falls back on your php application to discard values that are
>> malicious or incorrect.
>>
>> On Tue, Nov 14, 2023 at 3:37 PM Murray Collingwood <
>> mur...@focus-computing.com.au> wrote:
>>
>>> Good question @Frank, and yes it is.
>>>
>>> Cheers
>>> Murray
>>>
>>>
>>>
>>> On Wed, 15 Nov 2023 at 07:36, Frank Gingras  wrote:
>>>
>>>> To be clear, is sobs.com.au your domain name?
>>>>
>>>> On Tue, Nov 14, 2023 at 1:26 PM Murray Collingwood <
>>>> mur...@focus-computing.com.au> wrote:
>>>>
>>>>> Hi folks
>>>>>
>>>>> First time poster.  I recently became aware that hackers were able to
>>>>> include scripts in my URLs that would run (when reflected back to the
>>>>> client web browser).
>>>>>
>>>>> Is there a simple configuration in Apache that allows me to apply
>>>>> strict rules to the URLs that would stop this happening?
>>>>>
>>>>> Alternatively, is there something I have opened / allowed that enables
>>>>> this?
>>>>>
>>>>> For example:
>>>>> https://sobs.com.au/ui/appwaz.php/jiwzk%22onload%3d%22alert(1)%22tyysj
>>>>>
>>>>>
>>>>> Hope you can help.
>>>>>
>>>>> Cheers
>>>>> Murray
>>>>>
>>>>>
>>>>> --
>>>>> Murray Collingwood
>>>>> Focus Computing
>>>>>
>>>>> Australia ph 07 3175 0575
>>>>> New Zealand ph 03 928 1699
>>>>>
>>>>> http://www.focus-computing.com.au
>>>>>
>>>>>
>>>
>>> --
>>> Murray Collingwood
>>> Focus Computing
>>>
>>> Australia ph 07 3175 0575
>>> New Zealand ph 03 928 1699
>>>
>>> http://www.focus-computing.com.au
>>>
>>
>
> --
> Murray Collingwood
> Focus Computing
>
> Australia ph 07 3175 0575
> New Zealand ph 03 928 1699
>
> http://www.focus-computing.com.au
>

Re: [users@httpd] Tightening security on my webserver

[Frank Gingras]

Since you're using appwaz.php to serve your content and parsing the
pathinfo, it falls back on your php application to discard values that are
malicious or incorrect.

On Tue, Nov 14, 2023 at 3:37 PM Murray Collingwood <
mur...@focus-computing.com.au> wrote:

> Good question @Frank, and yes it is.
>
> Cheers
> Murray
>
>
>
> On Wed, 15 Nov 2023 at 07:36, Frank Gingras  wrote:
>
>> To be clear, is sobs.com.au your domain name?
>>
>> On Tue, Nov 14, 2023 at 1:26 PM Murray Collingwood <
>> mur...@focus-computing.com.au> wrote:
>>
>>> Hi folks
>>>
>>> First time poster.  I recently became aware that hackers were able to
>>> include scripts in my URLs that would run (when reflected back to the
>>> client web browser).
>>>
>>> Is there a simple configuration in Apache that allows me to apply strict
>>> rules to the URLs that would stop this happening?
>>>
>>> Alternatively, is there something I have opened / allowed that enables
>>> this?
>>>
>>> For example:
>>> https://sobs.com.au/ui/appwaz.php/jiwzk%22onload%3d%22alert(1)%22tyysj
>>>
>>>
>>> Hope you can help.
>>>
>>> Cheers
>>> Murray
>>>
>>>
>>> --
>>> Murray Collingwood
>>> Focus Computing
>>>
>>> Australia ph 07 3175 0575
>>> New Zealand ph 03 928 1699
>>>
>>> http://www.focus-computing.com.au
>>>
>>>
>
> --
> Murray Collingwood
> Focus Computing
>
> Australia ph 07 3175 0575
> New Zealand ph 03 928 1699
>
> http://www.focus-computing.com.au
>

Re: [users@httpd] Tightening security on my webserver

[Frank Gingras]

To be clear, is sobs.com.au your domain name?

On Tue, Nov 14, 2023 at 1:26 PM Murray Collingwood <
mur...@focus-computing.com.au> wrote:

> Hi folks
>
> First time poster.  I recently became aware that hackers were able to
> include scripts in my URLs that would run (when reflected back to the
> client web browser).
>
> Is there a simple configuration in Apache that allows me to apply strict
> rules to the URLs that would stop this happening?
>
> Alternatively, is there something I have opened / allowed that enables
> this?
>
> For example:
> https://sobs.com.au/ui/appwaz.php/jiwzk%22onload%3d%22alert(1)%22tyysj
>
>
> Hope you can help.
>
> Cheers
> Murray
>
>
> --
> Murray Collingwood
> Focus Computing
>
> Australia ph 07 3175 0575
> New Zealand ph 03 928 1699
>
> http://www.focus-computing.com.au
>
>

Re: [users@httpd] Ubuntu/Apache2/laravel - test project setup in subdirs

[Frank Gingras]

On Sun, Nov 12, 2023 at 6:47 PM bruce  wrote:

> Hi.
>
> Setting up a test laravel app to run as a subdir:
>  ie   /var/www/html/wave/wave/public   (index.php)
>
> the idea is to have the url
>   http://1.2.3.4/wave  (is this possible? or dies it need to be
>   http://1.2.3.4/wave/index.php  in the url ??
>
> I'd also like the base url to be
>http://1.2.3.4   --- to have a default page
>
> Having the test laravel apps in subdirs gives the project multiple test
> apps.
>
> I'd like the urls to be similar to
>  http//1.2.3.4/app1
>  http//1.2.3.4/app2..
>
> which means changes to the
>/etc/apache2/mods-available/alias.conf file
>
>   and the
>   /etc/apache2/sites-available/wave1.confwave2.conf... for the
> VirtHost setup
>
> As far as I can tell.. I think the basic "laravel" app displays sort of
> ok..
>  at least from the top url...
>
> However, the current test setup gives errs from the subdir.. which
> implies something amiss.
>
> So, I'm posting here, hoping that someone has set something up similar
> to what I'm going through.
>
> I'm more than willing to give complete access to the test digital
> ocean Ubuntu droplet/instance to check out this issue.
>
> thanks
>
> the test url  --- http:  //  161.35.5.174   http:  //
> 161.35.5.174/  wave
>
> I realize this is more for laravel...  but I'm throwing this out on a
> prayer!!
>
> thanks! again
>
> ps..
>
> the basic dirr tree
> /var/www/html/wave/wave/public/index.php
>
> so the 2nd would be
> /var/www/htmlwave2/wave/public/index.php
> (at least I think it would be this...)
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
Again, all you need is the Alias directive, and you didn't show the errors
you encountered.

And you created a new thread, yet again.

Re: [users@httpd] ubuntu apache2

[Frank Gingras]

On Sat, Nov 11, 2023 at 10:37 PM bruce  wrote:

> Weird
>
> Seems the "DocumentRoot" as displayed in
> apachectl -S
> AH00558: apache2: Could not reliably determine the server's fully
> qualified domain name, using 127.0.1.1. Set the 'ServerName' directive
> globally to suppress this message
> VirtualHost configuration:
> *:80   161.35.5.174
> (/etc/apache2/sites-enabled/wave.conf:1)
> ServerRoot: "/etc/apache2"
> Main DocumentRoot: "/var/www/html"  <<<<<
>
> never gets changed regardless of what I do with "wave.conf" in the
> /etc/apache2/sites-available/wave.conf
>
> Researching the 'net.. seems others have experienced the same issue...
>
> just weird..
>
>
>
>
> On Sat, Nov 11, 2023 at 9:43 PM Frank Gingras  wrote:
> >
> >
> >
> > On Sat, Nov 11, 2023 at 9:25 PM bruce  wrote:
> >>
> >> I wasnt sure if servername is optional, or used. Since I have no
> >> domain/server, I'm assuming I can the use the test ipAddress..
> >>
> >> still testing!
> >>
> >> thanks
> >>
> >> On Sat, Nov 11, 2023 at 8:46 PM Frank Gingras 
> wrote:
> >> >
> >> >
> >> >
> >> > On Sat, Nov 11, 2023 at 8:41 PM bruce  wrote:
> >> >>
> >> >> arrggg..
> >> >>
> >> >> Ok. something's going on that I'm missing..
> >> >>
> >> >> I changed the wave.conf in the /etc/apache/sites-available
> >> >> /etc/apache2/sites-enabled
> >> >>
> >> >> I actually renamed the file to wave.conf1
> >> >> I did the a2dissites *.conf as well as stopped/restarted apache2
> >> >>
> >> >> I then did
> >> >>  apachectl -S
> >> >> AH00558: apache2: Could not reliably determine the server's fully
> >> >> qualified domain name, using 127.0.1.1. Set the 'ServerName'
> directive
> >> >> globally to suppress this message
> >> >> VirtualHost configuration:
> >> >> *:80   127.0.1.1
> (/etc/apache2/sites-enabled/wave.conf:1)
> >> >> ServerRoot: "/etc/apache2"
> >> >> Main DocumentRoot: "/var/www/html"   <<<<<<<< what the heck!!!
> >> >> Main ErrorLog: "/var/log/apache2/error.log"
> >> >> Mutex mpm-accept: using_defaults
> >> >> Mutex watchdog-callback: using_defaults
> >> >> Mutex rewrite-map: using_defaults
> >> >> Mutex default: dir="/var/run/apache2/" mechanism=default
> >> >> PidFile: "/var/run/apache2/apache2.pid"
> >> >> Define: DUMP_VHOSTS
> >> >> Define: DUMP_RUN_CFG
> >> >> User: name="www-data" id=33
> >> >> Group: name="www-data" id=33
> >> >>
> >> >> Main DocumentRoot: "/var/www/html"   <<<<<<<< what the heck!!!
> >> >> and I get this as the default... where/why is this set?
> >> >>
> >> >> did a "find" and only saw it in the /etc/apache/* files I had
> >> >> renamed.. there are no *.conf for the testing... (for now..)
> >> >>
> >> >> any thoughts/ideas!
> >> >>
> >> >>
> >> >> thanks
> >> >>
> >> >> On Sat, Nov 11, 2023 at 6:24 PM Frank Gingras 
> wrote:
> >> >> >
> >> >> >
> >> >> >
> >> >> > On Sat, Nov 11, 2023 at 6:20 PM bruce  wrote:
> >> >> >>
> >> >> >> Thanks..
> >> >> >>
> >> >> >> Tried again. Same results. As far as 2.2 directives vs 2.4..
> could you clarify?
> >> >> >>
> >> >> >> Pretty sure this is simple.. but can't see what's missing...
> >> >> >>
> >> >> >> thanks
> >> >> >>
> >> >> >> On Sat, Nov 11, 2023 at 6:05 PM Frank Gingras 
> wrote:
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > On Sat, Nov 11, 2023 at 5:46 PM bruce 
> wrote:
> >> >> >> >>
> >> >> >> >> Hi Frank!!
> >> >> >> >>
> >> >> >> >

Re: [users@httpd] ubuntu apache2

[Frank Gingras]

On Sat, Nov 11, 2023 at 9:25 PM bruce  wrote:

> I wasnt sure if servername is optional, or used. Since I have no
> domain/server, I'm assuming I can the use the test ipAddress..
>
> still testing!
>
> thanks
>
> On Sat, Nov 11, 2023 at 8:46 PM Frank Gingras  wrote:
> >
> >
> >
> > On Sat, Nov 11, 2023 at 8:41 PM bruce  wrote:
> >>
> >> arrggg..
> >>
> >> Ok. something's going on that I'm missing..
> >>
> >> I changed the wave.conf in the /etc/apache/sites-available
> >> /etc/apache2/sites-enabled
> >>
> >> I actually renamed the file to wave.conf1
> >> I did the a2dissites *.conf as well as stopped/restarted apache2
> >>
> >> I then did
> >>  apachectl -S
> >> AH00558: apache2: Could not reliably determine the server's fully
> >> qualified domain name, using 127.0.1.1. Set the 'ServerName' directive
> >> globally to suppress this message
> >> VirtualHost configuration:
> >> *:80   127.0.1.1
> (/etc/apache2/sites-enabled/wave.conf:1)
> >> ServerRoot: "/etc/apache2"
> >> Main DocumentRoot: "/var/www/html"   <<<<<<<< what the heck!!!
> >> Main ErrorLog: "/var/log/apache2/error.log"
> >> Mutex mpm-accept: using_defaults
> >> Mutex watchdog-callback: using_defaults
> >> Mutex rewrite-map: using_defaults
> >> Mutex default: dir="/var/run/apache2/" mechanism=default
> >> PidFile: "/var/run/apache2/apache2.pid"
> >> Define: DUMP_VHOSTS
> >> Define: DUMP_RUN_CFG
> >> User: name="www-data" id=33
> >> Group: name="www-data" id=33
> >>
> >> Main DocumentRoot: "/var/www/html"   <<<<<<<< what the heck!!!
> >> and I get this as the default... where/why is this set?
> >>
> >> did a "find" and only saw it in the /etc/apache/* files I had
> >> renamed.. there are no *.conf for the testing... (for now..)
> >>
> >> any thoughts/ideas!
> >>
> >>
> >> thanks
> >>
> >> On Sat, Nov 11, 2023 at 6:24 PM Frank Gingras 
> wrote:
> >> >
> >> >
> >> >
> >> > On Sat, Nov 11, 2023 at 6:20 PM bruce  wrote:
> >> >>
> >> >> Thanks..
> >> >>
> >> >> Tried again. Same results. As far as 2.2 directives vs 2.4.. could
> you clarify?
> >> >>
> >> >> Pretty sure this is simple.. but can't see what's missing...
> >> >>
> >> >> thanks
> >> >>
> >> >> On Sat, Nov 11, 2023 at 6:05 PM Frank Gingras 
> wrote:
> >> >> >
> >> >> >
> >> >> >
> >> >> > On Sat, Nov 11, 2023 at 5:46 PM bruce  wrote:
> >> >> >>
> >> >> >> Hi Frank!!
> >> >> >>
> >> >> >> thanks for the reply.
> >> >> >>
> >> >> >> If you don't mind.. here's my setup
> >> >> >> ubuntu -- apache2
> >> >> >>
> >> >> >>
> >> >> >> /etc/apache2/mods-available/alias.conf
> >> >> >> --
> >> >> >> Alias /icons/ "/usr/share/apache2/icons/"
> >> >> >> #Alias /wave/ "/var/www/html/wave"
> >> >> >> Alias /wave/ "/var/www/html/wave/wave/public"
> >> >> >>
> >> >> >> 
> >> >> >> Options FollowSymlinks
> >> >> >> AllowOverride None
> >> >> >> Require all granted
> >> >> >> 
> >> >> >>
> >> >> >> ---
> >> >> >> ls -al /var/www/html/wave/wave/public
> >> >> >>  www-data:www-data  (775)
> >> >> >>
> >> >> >> ls -al /var/www/html/wave/wave/storage
> >> >> >>  www-data:www-data  (775)
> >> >> >>
> >> >> >>
> >> >> >> /etc/apache2/sites-available/wave
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >> ls -al /etc/apache2/sites-available
> >> >

Re: [users@httpd] ubuntu apache2

[Frank Gingras]

On Sat, Nov 11, 2023 at 8:41 PM bruce  wrote:

> arrggg..
>
> Ok. something's going on that I'm missing..
>
> I changed the wave.conf in the /etc/apache/sites-available
> /etc/apache2/sites-enabled
>
> I actually renamed the file to wave.conf1
> I did the a2dissites *.conf as well as stopped/restarted apache2
>
> I then did
>  apachectl -S
> AH00558: apache2: Could not reliably determine the server's fully
> qualified domain name, using 127.0.1.1. Set the 'ServerName' directive
> globally to suppress this message
> VirtualHost configuration:
> *:80   127.0.1.1 (/etc/apache2/sites-enabled/wave.conf:1)
> ServerRoot: "/etc/apache2"
> Main DocumentRoot: "/var/www/html"   <<<<<<<< what the heck!!!
> Main ErrorLog: "/var/log/apache2/error.log"
> Mutex mpm-accept: using_defaults
> Mutex watchdog-callback: using_defaults
> Mutex rewrite-map: using_defaults
> Mutex default: dir="/var/run/apache2/" mechanism=default
> PidFile: "/var/run/apache2/apache2.pid"
> Define: DUMP_VHOSTS
> Define: DUMP_RUN_CFG
> User: name="www-data" id=33
> Group: name="www-data" id=33
>
> Main DocumentRoot: "/var/www/html"   <<<<<<<< what the heck!!!
> and I get this as the default... where/why is this set?
>
> did a "find" and only saw it in the /etc/apache/* files I had
> renamed.. there are no *.conf for the testing... (for now..)
>
> any thoughts/ideas!
>
>
> thanks
>
> On Sat, Nov 11, 2023 at 6:24 PM Frank Gingras  wrote:
> >
> >
> >
> > On Sat, Nov 11, 2023 at 6:20 PM bruce  wrote:
> >>
> >> Thanks..
> >>
> >> Tried again. Same results. As far as 2.2 directives vs 2.4.. could you
> clarify?
> >>
> >> Pretty sure this is simple.. but can't see what's missing...
> >>
> >> thanks
> >>
> >> On Sat, Nov 11, 2023 at 6:05 PM Frank Gingras 
> wrote:
> >> >
> >> >
> >> >
> >> > On Sat, Nov 11, 2023 at 5:46 PM bruce  wrote:
> >> >>
> >> >> Hi Frank!!
> >> >>
> >> >> thanks for the reply.
> >> >>
> >> >> If you don't mind.. here's my setup
> >> >> ubuntu -- apache2
> >> >>
> >> >>
> >> >> /etc/apache2/mods-available/alias.conf
> >> >> --
> >> >> Alias /icons/ "/usr/share/apache2/icons/"
> >> >> #Alias /wave/ "/var/www/html/wave"
> >> >> Alias /wave/ "/var/www/html/wave/wave/public"
> >> >>
> >> >> 
> >> >> Options FollowSymlinks
> >> >> AllowOverride None
> >> >> Require all granted
> >> >> 
> >> >>
> >> >> ---
> >> >> ls -al /var/www/html/wave/wave/public
> >> >>  www-data:www-data  (775)
> >> >>
> >> >> ls -al /var/www/html/wave/wave/storage
> >> >>  www-data:www-data  (775)
> >> >>
> >> >>
> >> >> /etc/apache2/sites-available/wave
> >> >>
> >> >>
> >> >>
> >> >> ls -al /etc/apache2/sites-available
> >> >> -rw-r--r-- 1 root root  516 Nov  2 19:11 wave.conf
> >> >>
> >> >> cat /etc/apache2/sites-available/wave.conf
> >> >> 
> >> >> ServerAdmin ad...@example.com
> >> >> ServerName  temp
> >> >> ServerAlias temp
> >> >>  DocumentRoot   /var/www/html/wave/wave/public
> >> >>
> >> >> 
> >> >> Options Indexes FollowSymLinks MultiViews
> >> >> AllowOverride All
> >> >> Order allow,deny
> >> >> allow from all
> >> >> Require all granted
> >> >> 
> >> >>
> >> >> LogLevel debug
> >> >> ErrorLog ${APACHE_LOG_DIR}/error.log
> >> >> CustomLog ${APACHE_LOG_DIR}/access.log combined
> >> >> 
> >> >>
> >> >>
> 
> >> >>
> >> >> and then simply run
&g

Re: [users@httpd] Unicode Chars not working

[Frank Gingras]

On Sat, Nov 11, 2023 at 8:31 PM phunction  wrote:

> Seeing how it's an exact copy from the other server and the other server
> is fine I would think that's more of a Apache configuration isn't it?
>
> The content itself does not specify a character set.
>
>
>
> Sent from my Galaxy
>
>
> ---- Original message 
> From: Frank Gingras 
> Date: 2023-11-11 4:02 p.m. (GMT-08:00)
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Unicode Chars not working
>
>
>
> On Sat, Nov 11, 2023 at 6:49 PM Chris me  wrote:
>
>> Hi,
>>
>> I am moving my site from one server to another, both are apache 2. The
>> files where tarred and zipped on one linux server and copied to another
>> linux server.
>>
>>
>>
>> On the new server, any pages with a Unicode character is getting served
>> with the black diamond and question mark.
>>
>>
>>
>> I enabled AddDefaultCharset UTF-8 on the new server it does not make a
>> difference.
>>
>>
>>
>> What else do I need to change?
>>
>
> Are you sure your content is not producing html header with the wrong
> charset? I would inspect it.
>

Try to inspect the response headers with your browser (F12) next.

Re: [users@httpd] Unicode Chars not working

[Frank Gingras]

On Sat, Nov 11, 2023 at 6:49 PM Chris me  wrote:

> Hi,
>
> I am moving my site from one server to another, both are apache 2. The
> files where tarred and zipped on one linux server and copied to another
> linux server.
>
>
>
> On the new server, any pages with a Unicode character is getting served
> with the black diamond and question mark.
>
>
>
> I enabled AddDefaultCharset UTF-8 on the new server it does not make a
> difference.
>
>
>
> What else do I need to change?
>

Are you sure your content is not producing html header with the wrong
charset? I would inspect it.

Re: [users@httpd] ubuntu apache2

[Frank Gingras]

On Sat, Nov 11, 2023 at 6:20 PM bruce  wrote:

> Thanks..
>
> Tried again. Same results. As far as 2.2 directives vs 2.4.. could you
> clarify?
>
> Pretty sure this is simple.. but can't see what's missing...
>
> thanks
>
> On Sat, Nov 11, 2023 at 6:05 PM Frank Gingras  wrote:
> >
> >
> >
> > On Sat, Nov 11, 2023 at 5:46 PM bruce  wrote:
> >>
> >> Hi Frank!!
> >>
> >> thanks for the reply.
> >>
> >> If you don't mind.. here's my setup
> >> ubuntu -- apache2
> >>
> >>
> >> /etc/apache2/mods-available/alias.conf
> >> --
> >> Alias /icons/ "/usr/share/apache2/icons/"
> >> #Alias /wave/ "/var/www/html/wave"
> >> Alias /wave/ "/var/www/html/wave/wave/public"
> >>
> >> 
> >> Options FollowSymlinks
> >> AllowOverride None
> >> Require all granted
> >> 
> >>
> >> ---
> >> ls -al /var/www/html/wave/wave/public
> >>  www-data:www-data  (775)
> >>
> >> ls -al /var/www/html/wave/wave/storage
> >>  www-data:www-data  (775)
> >>
> >>
> >> /etc/apache2/sites-available/wave
> >>
> >>
> >>
> >> ls -al /etc/apache2/sites-available
> >> -rw-r--r-- 1 root root  516 Nov  2 19:11 wave.conf
> >>
> >> cat /etc/apache2/sites-available/wave.conf
> >> 
> >> ServerAdmin ad...@example.com
> >> ServerName  temp
> >> ServerAlias temp
> >>  DocumentRoot   /var/www/html/wave/wave/public
> >>
> >> 
> >> Options Indexes FollowSymLinks MultiViews
> >> AllowOverride All
> >> Order allow,deny
> >> allow from all
> >> Require all granted
> >> 
> >>
> >> LogLevel debug
> >> ErrorLog ${APACHE_LOG_DIR}/error.log
> >> CustomLog ${APACHE_LOG_DIR}/access.log combined
> >> 
> >>
> >>
> 
> >>
> >> and then simply run
> >> a2ensite wave.conf
> >> service apache2 reload
> >> systemctl restart apache2
> >>
> >> to restart apache...
> >>
> >> and the test site
> >>  http://161.35.5.174/wave
> >>
> >> should appear??
> >>
> >> Is there anything else you see that I need to implement?
> >>
> >> thanks
> >>
> >>
> >> On Sat, Nov 11, 2023 at 5:24 PM Frank Gingras 
> wrote:
> >> >
> >> >
> >> >
> >> > On Sat, Nov 11, 2023 at 5:16 PM bruce  wrote:
> >> >>
> >> >> Hi.
> >> >>
> >> >> Trying to set up a test http://1.2.3.4/foo
> >> >>
> >> >> where I have a laravel/php setup
> >> >>  /var/www/html/foo/foo/public <<<
> >> >>
> >> >> As far as I can tell, there should be an "alias.conf" -- foo.conf in
> the
> >> >> /etc/apache2/conf-availables/alias.conf
> >> >> /etc/apache2/sites-available/foo
> >> >>
> >> >> and the base httpd.conf
> >> >>
> >> >> I think there needs to be "rewrite" in there somewhere as well.
> >> >>
> >> >> Anyone have a solid example of how this should be put together, the
> >> >> steps required.
> >> >>
> >> >> I seem to be getting an index list.
> >> >>
> >> >>
> >> >> At the same time, once this works, I'm going to also "test/try" to
> get
> >> >> a javascript app running that can be viewed/displayed from the same
> >> >> test server.
> >> >>
> >> >> The test server is a digitalocean ubuntu, easily accessible if you
> >> >> want to look at the dir/tree/files.
> >> >>
> >> >> thanks
> >> >>
> >> >> -
> >> >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> >> >> For additional commands, e-mail: users-h...@httpd.apache.org
> >> >>
> >> >
> >> > All you need is Alias /foo /var/www/html/foo/foo/public in your
> vhost. Why do you think you need to use mod_rewrite, as well?
> >> >
> >> > Finally, you'll need to configure httpd to parse php content, see:
> >> >
> >> > https://cwiki.apache.org/confluence/display/HTTPD/PHP-FPM
> >> >
> >> >
> >>
> >> -
> >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> >> For additional commands, e-mail: users-h...@httpd.apache.org
> >>
> >
> > This isn't really a ubuntu-centric mailing list, to be fair.
> >
> > I would recommend you run apachectl -S to verify that:
> >
> > 1) Your vhosts are properly defined
> > 2) Then examine the configuration of each vhost
> >
> > I would also certainly not use 2.2 authz directives, so I would stop
> reading whatever site or howto recommended that.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
The Order/Allow/Deny directives should not be used any more, and you should
unload the mod_access_compat module as well.

As for seeing the directory listing, you are probably missing the
DirectoryIndex directive.

Re: [users@httpd] ubuntu apache2

[Frank Gingras]

On Sat, Nov 11, 2023 at 5:46 PM bruce  wrote:

> Hi Frank!!
>
> thanks for the reply.
>
> If you don't mind.. here's my setup
> ubuntu -- apache2
>
>
> /etc/apache2/mods-available/alias.conf
> --
> Alias /icons/ "/usr/share/apache2/icons/"
> #Alias /wave/ "/var/www/html/wave"
> Alias /wave/ "/var/www/html/wave/wave/public"
>
> 
> Options FollowSymlinks
> AllowOverride None
> Require all granted
> 
>
> ---
> ls -al /var/www/html/wave/wave/public
>  www-data:www-data  (775)
>
> ls -al /var/www/html/wave/wave/storage
>  www-data:www-data  (775)
>
>
> /etc/apache2/sites-available/wave
>
>
>
> ls -al /etc/apache2/sites-available
> -rw-r--r-- 1 root root  516 Nov  2 19:11 wave.conf
>
> cat /etc/apache2/sites-available/wave.conf
> 
> ServerAdmin ad...@example.com
> ServerName  temp
> ServerAlias temp
>  DocumentRoot   /var/www/html/wave/wave/public
>
> 
> Options Indexes FollowSymLinks MultiViews
> AllowOverride All
> Order allow,deny
> allow from all
> Require all granted
> 
>
> LogLevel debug
> ErrorLog ${APACHE_LOG_DIR}/error.log
> CustomLog ${APACHE_LOG_DIR}/access.log combined
> 
>
>
> 
>
> and then simply run
> a2ensite wave.conf
> service apache2 reload
> systemctl restart apache2
>
> to restart apache...
>
> and the test site
>  http://161.35.5.174/wave
>
> should appear??
>
> Is there anything else you see that I need to implement?
>
> thanks
>
>
> On Sat, Nov 11, 2023 at 5:24 PM Frank Gingras  wrote:
> >
> >
> >
> > On Sat, Nov 11, 2023 at 5:16 PM bruce  wrote:
> >>
> >> Hi.
> >>
> >> Trying to set up a test http://1.2.3.4/foo
> >>
> >> where I have a laravel/php setup
> >>  /var/www/html/foo/foo/public <<<
> >>
> >> As far as I can tell, there should be an "alias.conf" -- foo.conf in the
> >> /etc/apache2/conf-availables/alias.conf
> >> /etc/apache2/sites-available/foo
> >>
> >> and the base httpd.conf
> >>
> >> I think there needs to be "rewrite" in there somewhere as well.
> >>
> >> Anyone have a solid example of how this should be put together, the
> >> steps required.
> >>
> >> I seem to be getting an index list.
> >>
> >>
> >> At the same time, once this works, I'm going to also "test/try" to get
> >> a javascript app running that can be viewed/displayed from the same
> >> test server.
> >>
> >> The test server is a digitalocean ubuntu, easily accessible if you
> >> want to look at the dir/tree/files.
> >>
> >> thanks
> >>
> >> -
> >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> >> For additional commands, e-mail: users-h...@httpd.apache.org
> >>
> >
> > All you need is Alias /foo /var/www/html/foo/foo/public in your vhost.
> Why do you think you need to use mod_rewrite, as well?
> >
> > Finally, you'll need to configure httpd to parse php content, see:
> >
> > https://cwiki.apache.org/confluence/display/HTTPD/PHP-FPM
> >
> >
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
This isn't really a ubuntu-centric mailing list, to be fair.

I would recommend you run apachectl -S to verify that:

1) Your vhosts are properly defined
2) Then examine the configuration of each vhost

I would also certainly not use 2.2 authz directives, so I would stop
reading whatever site or howto recommended that.

Re: [users@httpd] ubuntu apache2

[Frank Gingras]

On Sat, Nov 11, 2023 at 5:16 PM bruce  wrote:

> Hi.
>
> Trying to set up a test http://1.2.3.4/foo
>
> where I have a laravel/php setup
>  /var/www/html/foo/foo/public <<<
>
> As far as I can tell, there should be an "alias.conf" -- foo.conf in the
> /etc/apache2/conf-availables/alias.conf
> /etc/apache2/sites-available/foo
>
> and the base httpd.conf
>
> I think there needs to be "rewrite" in there somewhere as well.
>
> Anyone have a solid example of how this should be put together, the
> steps required.
>
> I seem to be getting an index list.
>
>
> At the same time, once this works, I'm going to also "test/try" to get
> a javascript app running that can be viewed/displayed from the same
> test server.
>
> The test server is a digitalocean ubuntu, easily accessible if you
> want to look at the dir/tree/files.
>
> thanks
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
All you need is Alias /foo /var/www/html/foo/foo/public in your vhost. Why
do you think you need to use mod_rewrite, as well?

Finally, you'll need to configure httpd to parse php content, see:

https://cwiki.apache.org/confluence/display/HTTPD/PHP-FPM

Re: [users@httpd] Weird issue with "H2Push" combined with FilesMatch

[Frank Gingras]

On Tue, Oct 24, 2023 at 2:02 PM Paul  wrote:

> On 2023-10-24 13:17, Jose Stefan wrote:
>
> Please don't top-post
>
> > No, not that I am aware off. The push is only triggered by the
> > "H2PushResource" directive shown. Which I tried to showcase with the
> > 3^rd  test.
> >
> > Within fileA.php and fileB.php the stylesheet is loaded with this line:
> > 
> >
> > A tag within the html content, and not a header.
> >
> > To perform my tests I'm mostly using the command line:
> > nghttp -vn URL
>
>^^
> What version of Apache / httpd? What server system / version?  I
> personally had never heard of Nghttp, and their website appears to have
> last been updated in 2015. ()
>
>
> >
> > But to remove PHP from the equation. I've now peformed the following
> test.
> >
> >  1. saved the generated content as a static fileA.html
> >  2. changed to this line: 
> >
> > And after the test I still get the push.
> >
> > --Jose Stefan
> >
> > 
> > *From:* Paul 
> > *Sent:* Tuesday, October 24, 2023 12:55 PM
> > *To:* users@httpd.apache.org 
> > *Subject:* Re: [users@httpd] Weird issue with "H2Push" combined with
> > FilesMatch
> > On 2023-10-24 11:31, Jose Stefan wrote:
> >> Hello,
> >>
> >> I have a weird issue while using "H2Push". I'm turning it off, but
> >> depending where it's nested it doesn't work as expected. Subset of
> >> config shown at the end. I'm using version: 2.4.52-1ubuntu4.6 on Ubuntu
> >> 22.04 LTS.
> >>
> >> With the code as presented, it still triggers a push for "fileC.css". I
> >> expect NO push to happen as it is turned off before
> >> the"H2PushResource..." line.
> >
> > Quick question, not a solution.  Does you php (or other static
> > environment) have any 'rel=preload'?
> >>
> >> Here's where I'm confused. I've performed the following individual
> tests:
> >>
> >>   * If I use the "H2Push off" outside of the FilesMatch (and comment the
> >> one inside), The push doesn't happen.
> >>   *
> >> If I use both "H2Push off" and "H2PushResource..." outside of the
> >> FilesMatch (and comment the ones inside), The push doesn't happen.
> >>   * If I comment out the "H2PushResource..." inside the FilesMatch, the
> >> push doesn't happen. Therefore, I know the config is hitting that
> part.
> >>
> >> It's only when both lines are inside the FilesMatch that I don't get
> the
> >> expected results. Yet the context for h2push reads:
> >> Context: server config, virtual host, directory, .htaccess
> >>
> >> The plan, eventually, is to enable just the early hints and not the
> >> push. But I haven't even gotten to testing that part yet. My version of
> >> httpd doesn't support "H2EarlyHint".
> >>
> >> Subset of the config:
> >> --
> >> H2Push on
> >> ...
> >> 
> >> 
> >> ...
> >> 
> >> #H2EarlyHints on
> >> #H2Push off
> >> #H2PushResource /fileC.css
> >> 
> >> H2Push off
> >> H2PushResource /fileC.css
> >> #H2EarlyHint ... Available in version 2.4.58 and
> >> later.
> >> 
> >> 
> >> ...
> >> 
> >> ...
> >>
> >
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> > For additional commands, e-mail: users-h...@httpd.apache.org
> >
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
Keep in mind that nghttp2 is a build requirement for HTTP/2, which was
outlined in the threads pertaining to CVE 2033-44487. Testing with that
tool should be fine.