[users@httpd] Mod_dav configuration question
Hi Since a few months we're using WebDAV (apache mod_dav) to serve files for one of our apps. Everything works alright but when combined with an older WebDAV client (needed for Office 2010 and older) we're running into some issues. The company that made the client has looked into the problem and gives this as a possible cause for our issues: You WebDAV server returns path without domain in href. For example /GOLF/ instead of http://server/GOLF/. This may not work with some mini-redirector versions, especially with older Windows versions. When we check the traffic with Fiddler it seems mod_dav is indeed returning relative paths instead of the full path. I've searched the documentation for an option that might force the use of full paths but couldn't find one. Does anybody have an idea if such an option exists or how I'd be able to force this behavior? We're running on RHEL6 (apache 2.2.15), using mod_dav. Specific webdav config file: Listen 44595 DocumentRoot /shares/webdav LimitXMLRequestBody 131072 Order Allow,Deny Allow from all Dav On Options -Indexes AllowOverride None AddDefaultCharset UTF-8 Thanks in advance for any insights. -- Kind regards, Jeremy DISCLAIMER http://www.cipalschaubroeck.be/disclaimer
Re: [users@httpd] Question regarding ProxyPass and !
We are doing something more like this on our 2.4 servers: Proxy balancer://cd107d9706d71153bafd4ab15f1c6b5d BalancerMember http://backend.example.local status=-SE /Proxy VirtualHost 10.10.10.10:80 ServerName frontend.example.local SSLProxyEngine On RequestHeader set X-Forwarded-Proto http ProxyPass/helloworld/ ! ProxyPass/ balancer://cd107d9706d71153bafd4ab15f1c6b5d ProxyPassReverse / balancer://cd107d9706d71153bafd4ab15f1c6b5d /VirtualHost -- Jeremy On Thu, September 26, 2013 4:58 am, Thomas Eckert wrote: Using a config like this Proxy balancer://cd107d9706d71153bafd4ab15f1c6b5d BalancerMember http://backend.example.local status=-SE /Proxy VirtualHost 10.10.10.10:80 ServerName frontend.example.local SSLProxyEngine On RequestHeader set X-Forwarded-Proto http Location /helloworld/ ProxyPass ! ProxyPassReverse ! /Location Location / ProxyPass balancer://cd107d9706d71153bafd4ab15f1c6b5d ProxyPassReverse balancer://cd107d9706d71153bafd4ab15f1c6b5d /Location /VirtualHost should I not expect requests to /helloworld/ to be mapped to the files being served directly from frontend.example.local instead of being proxied away to backend.example.local ? In other words, backend.example.local should not even see that request. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [users@httpd] Apache Proxy configuration question
Hi,Thanks for your help. I got back into the config and found out that its an application issue.The internal urls were set to http and not https. - so its all good! Thank you very muchJeremy From: lin.supp...@gmail.com Date: Wed, 19 Sep 2012 18:38:41 +0530 To: users@httpd.apache.org Subject: Re: [users@httpd] Apache Proxy configuration question Did you try using SSLProxyEngine On ? Normally, you do not need to use SSL when proxying, as SSL is used to secure contents, and if you install SSL certificate on Apache which is proxing you do not need to have SSL on backend servers On Wed, Sep 19, 2012 at 5:40 PM, Vivek Nambiar vivek1namb...@gmail.com wrote: Hi Jeremy, If you add a / infront of the SSL URL,then does it work? Thanks On Wed, Sep 19, 2012 at 11:43 AM, Jeremy T je...@hotmail.com wrote: Hi All, I had a question about Apache with SSL.Basically came across this issue when configuring a reverse proxy with Apache. Do you know if there is some limitation on the number of ProxyPass and ProxPassReverse entries that you can do when it comes to an SSL virtual host? Consider the following scenario:1. I have a website called http://public1 and have a public SSL cert for that site.2. I have two internal servers with different urls containing self signed SSL certs for both of them. 3. Internal urls are https://internal1:81 and https://internal2:824. I would like to have https://public1 proxy to https://internal1:81 and https://public1/demo proxy to https://internal2:82 Configuration: Proxypass /demo https://internal2:82 ProxyPassReverse /demo https://internal2:82 ProxyPass / https://internal1:81 ProxyPassReverse / https://internal1:81 The problem:It seems that the /demo entries do not work (the first two entries). However these rules work for non SSL virtual hosts. The problem is when I work with SSL virtual hosts. ANY help / tips or limitations with the above would be helpful. Thank you Jeremy
RE: [users@httpd] Apache Proxy configuration question
Hi Vivek, Thanks. Do you mean a trailing slash after /demo/ or do you mean /demo / https://internal2:82 For eg... Proxypass /demo/ https://internal2:82 ProxyPassReverse /demo/ https://internal2:82 ProxyPass / https://internal1:81 ProxyPassReverse / https://internal1:81 or Proxypass /demo / https://internal2:82 ProxyPassReverse /demo / https://internal2:82 ProxyPass / https://internal1:81 ProxyPassReverse / https://internal1:81 ThanksJeremy Date: Wed, 19 Sep 2012 17:40:55 +0530 From: vivek1namb...@gmail.com To: users@httpd.apache.org Subject: Re: [users@httpd] Apache Proxy configuration question Hi Jeremy, If you add a / infront of the SSL URL,then does it work? Thanks On Wed, Sep 19, 2012 at 11:43 AM, Jeremy T je...@hotmail.com wrote: Hi All, I had a question about Apache with SSL.Basically came across this issue when configuring a reverse proxy with Apache. Do you know if there is some limitation on the number of ProxyPass and ProxPassReverse entries that you can do when it comes to an SSL virtual host? Consider the following scenario:1. I have a website called http://public1 and have a public SSL cert for that site.2. I have two internal servers with different urls containing self signed SSL certs for both of them. 3. Internal urls are https://internal1:81 and https://internal2:824. I would like to have https://public1 proxy to https://internal1:81 and https://public1/demo proxy to https://internal2:82 Configuration: Proxypass /demo https://internal2:82 ProxyPassReverse /demo https://internal2:82 ProxyPass / https://internal1:81 ProxyPassReverse / https://internal1:81 The problem:It seems that the /demo entries do not work (the first two entries). However these rules work for non SSL virtual hosts. The problem is when I work with SSL virtual hosts. ANY help / tips or limitations with the above would be helpful. Thank you Jeremy
[users@httpd] Apache Proxy configuration question
Hi All, I had a question about Apache with SSL.Basically came across this issue when configuring a reverse proxy with Apache.Do you know if there is some limitation on the number of ProxyPass and ProxPassReverse entries that you can do when it comes to an SSL virtual host? Consider the following scenario:1. I have a website called http://public1 and have a public SSL cert for that site.2. I have two internal servers with different urls containing self signed SSL certs for both of them.3. Internal urls are https://internal1:81 and https://internal2:824. I would like to have https://public1 proxy to https://internal1:81 and https://public1/demo proxy to https://internal2:82 Configuration: Proxypass /demo https://internal2:82 ProxyPassReverse /demo https://internal2:82 ProxyPass / https://internal1:81 ProxyPassReverse / https://internal1:81 The problem:It seems that the /demo entries do not work (the first two entries). However these rules work for non SSL virtual hosts. The problem is when I work with SSL virtual hosts. ANY help / tips or limitations with the above would be helpful. Thank youJeremy
[us...@httpd] mod_mbox and % in message id, % = %25 defect ?
I am a newbie here, and apologies in advance if this is a repeat or otherwise undesirable. I was trying to understand why in this archive http://mail-archives.apache.org/mod_mbox/incubator-general/201011.mbox/browser messages from Mattmann, Chris A (388J) do not load, such as the second. Using firefox, if I open link in new tab, I get: http://mail-archives.apache.org/mod_mbox/incubator-general/201011.mbox/ajax/%3cc8f432ca.238db%chris.a.mattm...@jpl.nasa.gov%3e which has the obvious perecent escape problem of not having escaped the % in the message id. Fix this and http://mail-archives.apache.org/mod_mbox/incubator-general/201011.mbox/ajax/%3cc8f432ca.238db%25chris.a.mattm...@jpl.nasa.gov%3e returns appropriate XML content c.f. http://mail-archives.apache.org/mod_mbox/incubator-general/201011.mbox/%3cc8f432ca.238db%25chris.a.mattm...@jpl.nasa.gov%3e I do not know which version of httpd and/or mod_mbox is being used on that server. Do I need to report this somewhere? Jeremy - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] info: generic access denied for 'xxx.xxx.xxx.xxx' in error log for ALL requests
This is a new Mandrieva 2010 install and this has not worked at all. When I started httpd I was getting errors with the virtual host stuff, but then I copied the old httpd.conf file from the older server config (older version 2.0) and now httpd is not complaining anymore, (I upgraded a Mandrieva 2008 server, but totally reloaded it from scratch) and there are no startup errors in the logs. But since the beginning every time any machine tries to access the server, I get the following error in the error log: [x] info: generic access denied for 'xxx.xxx.xxx.xxx' with the xxx.xxx.xxx.xxx stating the ip address of the machine doing the request. I am at a loss, I cannot find anything wrong with the directives, or permissions for the directories. This was happening with the server completely at default before I changed or setup anything. I get the same error even with localhost. I have tried to google the issue but I have not found anything useful. Not related with this list, but I am having almost the same issues with ssh, although I have vnc, smtp, pop3 and imap working fine. Any input would be appreciated! Thanks! - Jeremy - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] How to collect host specif error log and how to see those from web interface ?
[1] how can I break the error log as per vhost ? Is it something like my vhost [...] ErrorLog /srv/www/htdocs/myvhost_dir/error.log LogLevel error [...] /my vhost Yes, it's exactly that. Just use the ErrorLog directive within your vhost. (P.S. Putting your error log inside your DocumentRoot is probably not a good idea as you generally don't want that to be visible to the world. At the very least, configure it not to be accessible using Deny from all or similar. [2] Is there any web based tool which can show the error logs in real time ? any chance by awstats ? I'm not aware of one off the top of my head, but if you have shell access, this will do it: tail -f /path/to/error.log -- Jeremy R. Owner, NovaWave Solutions http://www.novawave.net/ - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] How to collect host specif error log and how to see those from web interface ?
Actually I am interested to break the error log too with vlogger. But it seems there is no option to do that. Works the same way as the access log. I don't know much about vlogger specifically, but it appears that it accepts log entries over stdin. In your vhost config: ErrorLog | /path/to/vlogger -s error.log /path/to/logs Or something along those lines. Regarding error log contents, I do have shell access, but it would be nice to provide a web interface so that the developer can see the errors at least. I don't know of one specifically, though it wouldn't be difficult to create such an interface (by watching log files or receiving entries directly as described above, and then pushing them to the user with AJAX or something). Of course, having your developers do development locally (where they have access to the error log) and then pushing working versions to the production server is probably not a bad idea, and would minimize the amount of access they need to production logs. -- Jeremy R. Owner, NovaWave Solutions http://www.novawave.net/ - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Apache hangs on reload
Okay, so here are the salient lines from the error logs (I have two vhosts, webmail and wiki, running through suexec – if I put them through the regular FCGI process without suexec, I don't have this problem). Also, I should not that this problem does not occur on my testing VM, only on our production server (so I'm not quite sure what the problem is). webmail-error.log: [Wed Jan 20 23:38:17 2010] [emerg] mod_fcgid: server is restarted, 32760 must exit wiki-error.log [Sat Jan 23 15:03:25 2010] [emerg] mod_fcgid: server is restarted, 22502 must exit [Sat Jan 23 15:03:25 2010] [emerg] (22)Invalid argument: mod_fcgid: can't get lock, pid: 22502 [Sat Jan 23 15:03:25 2010] [emerg] mod_fcgid: server is restarted, 16264 must exit [Sat Jan 23 15:03:25 2010] [emerg] (22)Invalid argument: mod_fcgid: can't get lock, pid: 16264 [Sat Jan 23 15:03:25 2010] [emerg] mod_fcgid: server is restarted, 22501 must exit [Sat Jan 23 15:03:25 2010] [emerg] (22)Invalid argument: mod_fcgid: can't get lock, pid: 22501 error.log [Sat Jan 23 15:03:27 2010] [notice] mod_fcgid: process /var/lib/mediawiki/index.php(22557) exit(shutting down), terminated by calling exit(), return code: 0 [Sat Jan 23 15:03:27 2010] [notice] mod_fcgid: process /var/lib/mediawiki/index.php(22561) exit(shutting down), terminated by calling exit(), return code: 0 [Sat Jan 23 15:03:27 2010] [notice] mod_fcgid: process /var/lib/mediawiki/index.php(22562) exit(shutting down), terminated by calling exit(), return code: 0 [Sat Jan 23 15:03:27 2010] [notice] mod_fcgid: process /var/lib/roundcube/index.php(2380) exit(shutting down), terminated by calling exit(), return code: 0 [Sat Jan 23 15:03:27 2010] [notice] mod_fcgid: process /var/lib/roundcube/index.php(5653) exit(shutting down), terminated by calling exit(), return code: 0 [Sat Jan 23 15:03:27 2010] [notice] mod_fcgid: process /var/lib/roundcube/index.php(6212) exit(shutting down), terminated by calling exit(), return code: 0 [Sat Jan 23 15:03:27 2010] [notice] mod_webauth: initialized (3.6.0) (Built by bui...@excelsior on 2008-05-02 22:03:49 UTC) [Sat Jan 23 15:03:27 2010] [notice] Apache/2.2.9 (Debian) mod_ssl/2.2.9 OpenSSL/0.9.8g WebAuth/3.6.0 configured -- resuming normal operations [Sat Jan 23 15:03:27 2010] [notice] mod_fcgid: call /var/lib/mediawiki/index.php with wrapper /var/lib/mediawiki/fcgi-wrapper/php-cgi-suexec [Sat Jan 23 15:03:28 2010] [notice] mod_fcgid: call /var/lib/mediawiki/index.php with wrapper /var/lib/mediawiki/fcgi-wrapper/php-cgi-suexec [Sat Jan 23 15:03:28 2010] [notice] mod_fcgid: call /var/lib/mediawiki/index.php with wrapper /var/lib/mediawiki/fcgi-wrapper/php-cgi-suexec It looks like the emergency messages about being unable to get a lock on these processes is what's causing Apache to hang until I forcefully kill them. On 2010-01-22, at 9:24 PM, Daniel Reinhardt wrote: -- From: Jeremy R. jer...@novawave.net Sent: 23 January, 2010 0:59 To: users@httpd.apache.org Subject: [us...@httpd] Apache hangs on reload Hello: I'm running PHP inside suexec with mod_fcgid and a couple wrapper scripts, and though it works properly, Apache now hangs whenever someone issues /etc/init.d/apache2 reload (which happens fairly frequently). Killing off all FCGI processes and the www-data Apache processes seems to let it continue working, but this shouldn't be happening. Here's the setup for one of my vhosts (one other is set up similarly, and suexec is otherwise not used at all - mod_suexec is not enabled): dr-xr-xr-x 2 www-webmail www-webmail 4096 2010-01-20 21:57 /var/lib/roundcube/fcgi-wrapper -r-xr-xr-x 1 www-webmail www-webmail 95 2010-01-20 21:57 php-cgi #!/bin/sh export PHP_FCGI_CHILDREN=0 export PHP_FCGI_MAX_REQUESTS=4000 exec /usr/bin/php5-cgi -rwxr-xr-x 1 rootroot 71 2010-01-20 21:34 php-cgi-suexec #!/bin/sh exec /usr/lib/apache2/suexec www-webmail www-webmail php-cgi And here is the relevant line in the vhost configuration: FCGIWrapper /var/lib/roundcube/fcgi-wrapper/php-cgi-suexec .php Any thoughts or tips? -- Jeremy R. Owner, NovaWave Solutions http://www.novawave.net/ - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org Jeremy, Check your error logs. Thanks, Daniel - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest
Re: [us...@httpd] Apache hangs on reload
On 2010-01-23, at 4:42 PM, Jeff Trawick wrote: mod_fcgid tries to exit the httpd child process right after issuing that message. I think it encounters the error because it is running in a child process from the old generation (before restart) and the lock was removed in the parent process. Did you have to forcefully kill those same processes that said can't get lock? Next time can you attach with gdb and get a backtrace? Do something like this: gdb /path/to/httpd 22501 ... (gdb) where ... (gdb) quit Doesn't seem to work (even when run as root): # gdb /usr/sbin/apache2 14604 GNU gdb 6.8-debian Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type show copying and show warranty for details. This GDB was configured as x86_64-linux-gnu... (no debugging symbols found) Attaching to program: /usr/sbin/apache2, process 14604 ptrace: Operation not permitted. /root/14604: No such file or directory. Also, for some reason the message shows up in the main Apache log, and sometimes in the vhost's error log. If that helps. -- Jeremy R. Owner, NovaWave Solutions http://www.novawave.net/ - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Apache hangs on reload
Hello: I'm running PHP inside suexec with mod_fcgid and a couple wrapper scripts, and though it works properly, Apache now hangs whenever someone issues /etc/init.d/apache2 reload (which happens fairly frequently). Killing off all FCGI processes and the www-data Apache processes seems to let it continue working, but this shouldn't be happening. Here's the setup for one of my vhosts (one other is set up similarly, and suexec is otherwise not used at all - mod_suexec is not enabled): dr-xr-xr-x 2 www-webmail www-webmail 4096 2010-01-20 21:57 /var/lib/roundcube/fcgi-wrapper -r-xr-xr-x 1 www-webmail www-webmail 95 2010-01-20 21:57 php-cgi #!/bin/sh export PHP_FCGI_CHILDREN=0 export PHP_FCGI_MAX_REQUESTS=4000 exec /usr/bin/php5-cgi -rwxr-xr-x 1 rootroot 71 2010-01-20 21:34 php-cgi-suexec #!/bin/sh exec /usr/lib/apache2/suexec www-webmail www-webmail php-cgi And here is the relevant line in the vhost configuration: FCGIWrapper /var/lib/roundcube/fcgi-wrapper/php-cgi-suexec .php Any thoughts or tips? -- Jeremy R. Owner, NovaWave Solutions http://www.novawave.net/ - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] trouble using environment variables in rewriterules
Hi, I'm trying to set an environment variable in httpd.conf and then have it available to the URL-portion of a RewriteRule in a .htaccess file. Please could someone assist: In httpd.conf I have this line setting the environment variable: SetEnv MODPERLPORT 81 and in .htaccess I want to do something like this: RewriteEngine On RewriteRule foo\.cgi http://myserver:%{ENV:MODPERLPORT}%{REQUEST_URI}[P,L] to have Apache proxy the request through to another Apache process running on a different port, but it doesn't seem like any environment variables are available in the URL portion of the rule. I've also tried to do things like this: RewriteEngine On RewriteCond %{ENV:MODPERLPORT} ([0-9]+) RewriteRule foo\.cgi http://myserver:%1%{REQUEST_URI}[P,L] but the condition fails, even though the environment variable is set if I look at a simple dump of the environment e.g. env.cgi through a browser. So far the only hacky way I can get this to work is to set a built-in variable to the value I need, e.g.: httpd.conf: ServerAdmin81 .htaccess RewriteEngine On RewriteRule foo\.cgi http://myserver:%{SERVER_ADMIN}%{REQUEST_URI} [P,L] but that's clearly a very poor solution for many reasons, not least that I need the modperlport to vary for different environments without the .htaccess file having to change for each environment. Can anyone advise if there's a better/correct way to set customised environment variables and then de-reference them within the URL portion of a rewrite rule? Thanks. Jeremy
[us...@httpd] trouble using environment variables in rewriterules
Hi, I'm trying to set an environment variable in httpd.conf and then have it available to the URL-portion of a RewriteRule in a .htaccess file. Please could someone assist: In httpd.conf I have this line setting the environment variable: SetEnv MODPERLPORT 81 and in .htaccess I want to do something like this: RewriteEngine On RewriteRule foo\.cgi http://myserver:%{ENV:MODPERLPORT}%{REQUEST_URI}[P,L] to have Apache proxy the request through to another Apache process running on a different port, but it doesn't seem like any environment variables are available in the URL portion of the rule. I've also tried to do things like this: RewriteEngine On RewriteCond %{ENV:MODPERLPORT} ([0-9]+) RewriteRule foo\.cgi http://myserver:%1%{REQUEST_URI}[P,L] but the condition fails, even though the environment variable is set if I look at a simple dump of the environment e.g. env.cgi through a browser. So far the only hacky way I can get this to work is to set a built-in variable to the value I need, e.g.: httpd.conf: ServerAdmin81 .htaccess RewriteEngine On RewriteRule foo\.cgi http://myserver:%{SERVER_ADMIN}%{REQUEST_URI} [P,L] but that's clearly a very poor solution for many reasons, not least that I need the modperlport to vary for different environments without the .htaccess file having to change for each environment. Can anyone advise if there's a better/correct way to set customised environment variables and then de-reference them within the URL portion of a rewrite rule? Thanks. Jeremy www.jeremyjones.com - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] apache cannot display images
Hi, I'm pretty new to apache , I haven't change httpd.conf much yet, just root directory changed. what happen is I put jpg file in root directory and try to c=access it via , www.somedomain.com/pic.jpg and I get url of file instead in firefox and in IE I get image not displayed thumbnail with propertise of filetype not available I guess apache wouldn't send content type to browser but jpeg Mime is in effect by default. What am I miss here? Jeremy
[us...@httpd] restrict virtualhost to certain type of files
Hi, does anyone know how to do this scenario : restrict virtual host to serve only files with the extensions html, jpg, and png. and also generate custom error msg if client request other type of files Jeremy
[us...@httpd] Auth failure: configuration error: couldn't check access. No groups file?
Hello fellow httpd users. :-) I have an error in my configuration, but I can't seem to figure it out. I've pasted my configuration and resulting error here: http://apache.pastebin.ca/1297361 Any suggestions? - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Auth failure: configuration error: couldn't check access. No groups file?
On Wed, Dec 31, 2008 at 7:09 PM, Eric Covener cove...@gmail.com wrote: Assuming you're in 2.2.x: mod_authz_user is required for Require valid-user. mod_authz_default would have given you a slightly better error message. Fantastic! Thanks! - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[EMAIL PROTECTED] OPTIONS * not being denied
Hi, Some time ago I noticed a large number of OPTIONS requests coming into my web servers and clogging my connections, e.g. OPTIONS / HTTP/1.0. I don't have anything on my sites for which OPTIONS would be appropriate, so I put this into my default site's .htaccess file: LimitExcept GET POST HEAD Deny from all /LimitExcept and that seemed to do the trick: $ telnet ... 80 Trying ... Connected to ... Escape character is '^]'. OPTIONS / HTTP/1.0 HTTP/1.1 403 Forbidden Date: Mon, 13 Oct 2008 14:59:40 GMT Server: Apache Content-Length: 202 Connection: close Content-Type: text/html; charset=iso-8859-1 !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead title403 Forbidden/title /headbody h1Forbidden/h1 pYou don't have permission to access / on this server./p /body/html Connection closed by foreign host. $ however this afternoon my servers again came under load, and checking the Apache status pages there were lots of lines like this: 8-0 -0/0/102. 0.00 1 0 0.0 0.00 0.36 ::1 www.mysite.com OPTIONS * HTTP/1.0 and in checking that I see that although OPTIONS / is denied, OPTIONS * is allowed: $ telnet ... 80 Trying ... Connected to ... Escape character is '^]'. OPTIONS * HTTP/1.0 HTTP/1.1 200 OK Date: Mon, 13 Oct 2008 14:59:47 GMT Server: Apache Content-Length: 0 Connection: close Content-Type: text/plain Connection closed by foreign host. $ Could anyone advise me on what this command does or means, and how I can keep these requests out? Thanks.
RE: [EMAIL PROTECTED] Adding a Header to the httpd response
Hi, Something like this in httpd.conf works for me: IfModule mod_headers.c LocationMatch \.(js|gif|jpe?g|css) Header append Cache-Control public /LocationMatch LocationMatch \.s?html Header append Cache-Control private /LocationMatch /IfModule so without the LocationMatch it could handle everything I think. Jeremy -Original Message- From: Mohammed Salih [mailto:[EMAIL PROTECTED] Sent: 21 April 2008 13:09 To: users@httpd.apache.org Subject: [EMAIL PROTECTED] Adding a Header to the httpd response Hi All, How can I add a header, if it is not set by the application. I want to add Cache-Control header to all http responses, if it is not set by the back-end application like PHP or application server like tomcat. I tried a combination of SetEnvIf and Header, but SetEnvIf is only fused for requests. Can any one please guide me in the right path? (Sorrmy English is poor) Thanks in advance. Salih - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This email has been scanned for viruses and other threats using Newsquest's Ironport email filters This e-mail, including any attachment, is private and confidential. It should not be read, copied, disclosed or otherwise used by any person other than the intended recipient(s). If you have received this e-mail in error, please notify the sender immediately. Newsquest reserves the right to monitor e-mails in accordance with the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000. Newsquest Limited. Registered in England, number 3105111 . Registered office: 58 Church Street, Weybridge, Surrey KT13 8DP - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Controlling the size of the cache used by mod_disk_cache in Apache 2.2.8
Hi, Apache 2.2.8 on Linux. Is there a directive anywhere to allow me to control the size of the cache used by mod_disk_cache? From httpd.conf # Apache 2 caching # IfModule mod_cache.c IfModule mod_mem_cache.c IfModule mod_disk_cache.c CacheRoot /usr/local/apache-common/proxy-80 CacheEnable disk /images CacheIgnoreNoLastMod On CacheDefaultExpire 600 CacheMaxExpire 3600 CacheDirLevels3 CacheDirLength6 /IfModule /IfModule /IfModule but my cache directory is growing and growing. I see MCacheSize but that's only for Apache's memory cache, not the disk one. Do I need to stop start Apache clear out the cache via cron, or is it just controlled indirectly via the cachemaxexpire directive or ? Many thanks. This email has been scanned for viruses and other threats using Newsquest's Ironport email filters This e-mail, including any attachment, is private and confidential. It should not be read, copied, disclosed or otherwise used by any person other than the intended recipient(s). If you have received this e-mail in error, please notify the sender immediately. Newsquest reserves the right to monitor e-mails in accordance with the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000. Newsquest Limited. Registered in England, number 3105111 . Registered office: 58 Church Street, Weybridge, Surrey KT13 8DP
[EMAIL PROTECTED] Mod_rewrite rule for renamed FastCGI scripts
Hi, I have changed a script name suffix from .cgi to .fcgi to enable the script to run under FastCGIThe script works to bring up the initial login form but when I fill the form out and press submit I get a "Not Found The requested URL /mtw/mt.cgi was not found on this server." using the old file suffix.Is there a way to use mod_rewrite to fix this?I have tried:RewriteEngine OnRewriteRule ^mt.fcgi(.) mt.fcgi$1 [L]in the .htaccess file but this does not work.Thanks,Jeremy Sellors
[EMAIL PROTECTED] Mod_rewrite rule for renamed FastCGI scripts
Hi, I have changed a script name suffix from .cgi to .fcgi to enable the script to run under FastCGIThe script works to bring up the initial login form but when I fill the form out and press submit I get a "Not Found The requested URL /mtw/mt.cgi was not found on this server." using the old file suffix.Is there a way to use mod_rewrite to fix this?I have tried:RewriteEngine OnRewriteRule ^mt.fcgi(.) mt.fcgi$1 [L]in the .htaccess file but this does not work.Thanks,Jeremy Sellors
Re: [EMAIL PROTECTED] Mod_rewrite rule for renamed FastCGI scripts
Thanks for your help. The htaccess file seems to work well. Referring back to the the mod_rewrite documentation and URL Rewriting Guide makes more sense now. Jeremy SellorsOn Sep 19, 2006, at 5:53 AM, Eric Covener wrote:On 9/19/06, Jeremy Sellors nwt [EMAIL PROTECTED] wrote: I have changed a script name suffix from .cgi to .fcgi to enable the script to run under FastCGIRewriteEngine OnRewriteRule ^mt.fcgi(.) mt.fcgi$1 [L] ^ ^ in the .htaccess file but this does not work. I put carets under the two things that probably prevent your rule fromeven matching, if I understand correctly.Try setting RewriteBase in that htaccess file, and also reconsideryour RewriteRule. I'd think it'd be more of the formRewriteBase /mtw/RewriteRule ^mt.cgi$ mt.fcgi [PT](Or look at the action parameter of the login form)-- Eric Covener[EMAIL PROTECTED]-The official User-To-User support forum of the Apache HTTP Server Project.See URL:http://httpd.apache.org/userslist.html for more info.To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED] Jeremy Sellors[EMAIL PROTECTED]"I'm addicted to placebos. I could quit but it wouldn't matter." (Steve Wright)
[EMAIL PROTECTED] question about recent ReWrite vulnerability
Hello all, I've just subbed to the list, but have been an apache user for years. I was asked this question recently, and I just wasn't sure so I wanted to pass it along to the experts. ... begin question ... I have some questions about the following Apache web server vulnerability for mod_rewrite: Exploit code publicly released for Apache mod_rewrite vulnerability Update [August 21, 2006] - Exploit code has been publicly released for the Apache vulnerability outlined below. July 28, 2006 - An off-by-one overflow vulnerability has been discovered in the way that the Apache webserver handles certain types of Rewrite rules. Depending on the configuration, a remote attacker could exploit this to execute arbitrary code as the web server user. My question is that the notes on the alert say that only certain configurations are vulnerable, and those configurations are when there is a substitution at the beginning of the replaced URL. The RewriteRule allows the attacker to control the initial part of the rewritten URL (for example if the substitution URL starts with $1) The RewriteRule flags do NOT include any of the following flags: Forbidden (F), Gone (G), or NoEscape (NE). So my question is, the note states: For example, rules with this format expose the vulnerability RewriteRule fred/(.*) $1 While rules with this format do not expose the vulnerability: RewriteRule fred/(.*) joe/$1 So my question is: Is it the fact that there is not any other explicit path to be re-written that makes the first case vulnerable? For example, would this statement be vulnerable? RewriteRule fred/(.*) http://www.joe.com/$1 Again assuming that (F), (G), or (NE) are not options on the rule. ... end question ... thanks, jeremy -- Jeremy Kelley [EMAIL PROTECTED] gpg 1024D/EAB7CA38 6FF4 483B D7EA A09C A3E0 1CE1 F0A4 8C8E EAB7 CA38 The Christian ideal has not been tried and found wanting; it has been found difficult and left untried. - G.K. Chesterton - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] global mod_rewrite before virtualhosts
Thanks. That was my problem. Now I understand what that is for. Jeremy Grant VML [EMAIL PROTECTED] Desk: 816-218-3050 -Original Message- From: Joshua Slive [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 25, 2005 5:48 PM To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] global mod_rewrite before virtualhosts On 10/25/05, Jeremy Grant [EMAIL PROTECTED] wrote: I though I understood mod_rewrite well enough to make this happen, and I can if I add the entire rewrite rules to every VirtualHost but it does not seem to work when I try to uses this globally. To have global rules apply to a VirtualHost you need to put RewriteEngine On RewriteOptions inherit inside the VirtualHost section. Silly, but true. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] global mod_rewrite before virtualhosts
I am the admin for a server that is running over 150+ domains. Most of the Domains uses Vignette to display the pages. Currently we are using Sun One Web Server 6.1 to server the static files and use the weblogic proxy to get the pages from Vignette. The way we have the proxy setup is to pass all traffic starting with /app back to the weblogic server. I am currently converting our Sun One Web Servers to Apache so that we can use mod_rewrite to handle our redirect better along with allowing for domain consolidation. Our goal with mod_rewrite is to be able to only server /app/Colgate/US/* on www.colgate.com and server /app/Colgate/FR/* on www.colgate.fr. This would mean that if someone requested http://www.colgate.fr/app/Colgate/US/HomePage.cvsp I want to have them redirect to http://www.colgate.com/app/COlgate/US/HomePage.cvsp. I though I understood mod_rewrite well enough to make this happen, and I can if I add the entire rewrite rules to every VirtualHost but it does not seem to work when I try to uses this globally. I have my config files split out by domain with the line Include /opt/www/conf/*.conf in my httpd.conf file. This does mean that I have 170 different config files. Here is an example of what I am trying to use: VirtualHost _default_:80 DocumentRoot /opt/VignetteRoot ServerAlias www.colgate.com RewriteRule ^/$ http://www.colgate.com/app/Colgate/US/HomePage.cvsp [R=301] Location /app SetHandler weblogic-handler WebLogicHost localprodapp1 WebLogicPort 7005 PathTrim /app /Location /VirtualHost VirtualHost *:80 DocumentRoot /opt/VignetteRoot ServeriName www.colgate.com ServerAlias origin.www.colgate.com ServerAlias colgate.com ServerAlias globaltoolkit.colgate.com ServerAlias colgatepalmolive.com ServerAlias www.colgatepalmolive.com RewriteEngine on RewriteCond %{HTTP_HOST} ^colgate(|palmolive)\.com$ RewriteRule ^(.*) http://www.colgate.com$1 [R=301] RewriteCond %{HTTP_HOST} ^globaltoolkit\.colgate\.com$ RewriteRule ^/$ /app/GlobalToolKit/US/HomePage.cvsp [PT] RewriteCond %{HTTP_HOST} ^www\.colgate\.com$ RewriteRule ^/$ /edgescape/colgate.html [PT] RewriteRule ^/espanol(|.*|/) http://www.colgate.com/app/Colgate/USES/HomePage.cvsp [R=301] RewriteRule ^/app/ColgateProfessional(.*) http://www.colgateprofessional.com/app/ColgateProfessional$1 [R=301] RewriteRule ^/maxfresh http://www.colgate.com/app/MaxFresh/US/EN/HomePage.cvsp [R=301] RewriteRule ^/app/Colgate/US/OralCare http://www.colgate.com/app/Colgate/US/OC/HomePage.cvsp [R=301] RewriteRule ^/app/Colgate/US/PersonalCare http://www.colgate.com/app/Colgate/US/PC/HomePage.cvsp [R=301] RewriteCond %{HTTP_HOST} ^sensitive\.colgate\.com$ RewriteRule ^(.*) http://www.colgatesensitive.com$1 [PT] RewriteCond %{HTTP_HOST} ^sensitive-gr\.colgate\.com$ RewriteRule ^(.*) http://www.colgatesensitive.gr$1 [PT] Location /app SetHandler weblogic-handler WebLogicHost localprodapp1 WebLogicPort 7005 PathTrim /app /Location /VirtualHost RewriteEngine on RewriteCond %{HTTP_HOST} !^www\.colgate\.com$ [OR] RewriteCond %{REQUEST_URI} ^(/app/BrightSmilesBrightFutures/US)(.*)$ [OR] RewriteCond %{REQUEST_URI} ^(/app/Colgate/US)(.*)$ [OR] RewriteCond %{REQUEST_URI} ^(/app/Colgate/USES)(.*)$ [OR] RewriteCond %{REQUEST_URI} ^(/app/Palmolive/US)(.*)$ [OR] RewriteRule ^(.*)$ http://www.colgate.com$1 [L,R=301] As you can see I have several Rewrite statements. Everything inside of the virtualHost works as I expect. Though the rewrite at the end outside of a vitrualhost does not seem to be called. I have even tried pulling the rewrite out of the conf file for the domain redirects to and place the redirects in their own config file that is Included first from httpd.conf and then the *.conf for all *.conf my config files and no change. Is it possible to do what I am trying? Should I be trying to do this another way?(RewriteMap) Thanks for any help or direction anyone has to give. Jeremy Grant Unix System Specialist - Production Support VML VML Fact: One of the 25 Best Companies to Work for in America. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[users@httpd] LDAP Authorization with Active Directory
Hi, I'm trying to get Apache 2 to authenticate users with mod_auth_ldap based on Active Directory settings. I've got an LDAP browser on my computer and can connect to the Win2k3 server perfectly, but for some reason when I authenticate over the website it brings Apache down with an error in wldap32.dll. I have NO idea what's going on - any clue? Say the word and I'll provide more details. Here's my directory settings in httpd.conf: Directory / Options All ExecCGI -Indexes Order allow,deny Allow from all AuthLDAPAuthoritative on AuthType Basic AuthName Restricted Area AuthLDAPBindDN cn=Administrator,cn=Users,dc=alterthought,dc=com AuthLDAPBindPassword xx #tried the both the string below and the one below that # AuthLDAPURL ldap://vulcan:389/cn=Users,dc=alterthought,dc=com?sAMAccountName?sub?(object Class=*) AuthLDAPURL ldap://vulcan:389/cn=Users,dc=alterthought,dc=com?sAMAccountName?sub?(object Class=User) require valid-user /Directory Thanks - I'm kind of a newbie to Apache but I just got thrown into this, and I've been scouring the web like crazy for tips. Posting here is a last resort, and I do appreciate the help. __ Jeremy Weiland Systems Engineer ALTERthought 4449 Cox Road Glen Allen, VA 23060 www.alterthought.com - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]