Re: [users@httpd] htaccess file and computer names
On Tue, Feb 19, 2013 at 7:49 PM, Marc Fromm wrote: > I am using some htaccess files to control access to a few web pages. > > The htaccess file works if I use the ip address of the computer to grant > access, but not its name. If you want apache to be able to grant access based on computer name you must be sure that revers DNS lookups for those machines works. >From the point of view of the apache webserver all requests come from an ip address. If you use a hostname in an access directive apache will perform a reverse lookup on that ip address, and compares the name it gets with the directive. So what you first need to check is if reverse dns works. Be warned however that having apache check dns with every request will incur a performance penalty. However if convenience is more important than performance this can be something that one can live with... Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bern, Switzerland - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] mod_proxy_html not working when using carriage returns
On Mon, Feb 18, 2013 at 10:52 AM, Pablo Florencio wrote: > The problem I see is that mod_proxy_html can't convert urls when there is a > carry return inside it. For example, here there are two links: > > > href="https://10.10.10.10/example/working_OK.html"; > > https://10.10.10.10/example/not_working.html"; > > > The second one has a CR right after href definition, and as a result > mod_proxy_html can't convert it. I would like to ask if someone knows a way > to let mod_proxy_html understand how to interpret that CR, or just a way to > remove that CR. URIs can't contain a CR. I suggest you edite the html source so that it looks like this: https://10.10.10.10/example/not_working.html"; Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bern, Switzerland - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] apache revealing the hostname of backend tomcat server.
On Thu, Feb 21, 2013 at 12:44 PM, Amol Puglia wrote: > Hello Team, > > I am redirecting request from apache to backend server tomcat using > mod_proxy_balancer. > > The request is getting redirected but url is getting converted to backend > server url. > > For example :- > > If apache web server url is http:\\server and backend server url is > http:\\serverA. > > when i access url http:\\server the request is redirecting to http:\\serverA > but url is also getting changed and in browser it is showing http:\\serverA. The server is doing exactly what you ask it to do. When you ask it to "redirect" to another server it will respond to client requests by telling the client to go get the content somewhere else. As a result the browser then makes a new request and the URL in the address bar changes. If you want to hide the backend tomcat server what you need to do is: a) proxy requests, not redirect them. b) configure the tomcat server itself not to use its own URL, but that of the proxy whenever generating a redirect. HTH, Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bern, Switzerland - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] how to configure ProxyPass for tomcat for app which generates url at root /
On Thu, Feb 24, 2011 at 8:39 AM, James Godrej wrote: > Let me know if some one has some suggestion for this part. Firstly: Have you correctly configured mod_jk? Do you have a mod_jk log file? What is in it? What is in your error log? Secondlyl: If in ProxyPass the LHS ends in a / the RHS must end in a slash too. But better not use slash at all: ProxyPass /sakai ajp://192.168.1.14:8009 And have a look at what links your application generates. ProxyPass and ProxyPassReverse do not change anything in the content of the html returned by the app. You can use mod_proxyhtml to mangle the html for you, but a better solution is to make your application aware of the fact that it is behind a proxy. Look at the documentation of the application and see if there is a configuration setting to define the base URL, and set that to http://research.openitup.in/sakai Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Re: ssl-vhost-mixing issue
On Mon, Feb 21, 2011 at 10:09 AM, Hajo Locke wrote: > > Nobody has an opinion about this issue? I think this is critical. Either a > bug in apache or a bug in my conf. my conf seems clean, i cannot solve this. > it should be impossible that apache is mixing vhost-special directives. i > can reproduce this on demand. You don't have a NameVirtualHost directive? What happens if you enter https://ip2.ip2.ip2.ip2 in your browser? Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] How to Retain https protocal
On Sun, Feb 20, 2011 at 8:45 AM, Tushar Chavan wrote: > Hi , > > We have below configuration in httpd-ssl.conf file. > > ProxyPass /irj http://essdevwd01:8100/irj > ProxyPassreverse /irj http://essdevwd01:8100/irj > > > Now when we execute https://Apache_host/irj it goes to > http://essdevwd01:8100/irj as excepted but ProxyPassreverse is not working > properly > > Url changes to http://Apache_host:8100/irj with blank page. How to retain > this https protocol ? Look at what the application running on http://Apache_host:8100/irj is doing. It could be returning something that causes a page refresh with an absolute URL in your browser. (There are some good plugins for Firefox that show you what goes on between the browser and the server) Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] database expires and kills website
On Mon, Feb 14, 2011 at 4:54 PM, Norman Fournier wrote: > I have a website running with an expiry date set for 1 week in the database > file. Once the .db file expires the site goes offline. I then have increment > the serial number, to grep for "named" and -HUP the process to bring the > site online again. > > All of my other sites use the same configuration of .conf and .db files and > stay online, except this particular URL. As a matter of fact, I copied a > successful .conf and .db file and edited them to create them. The other sites > have a .db expiry of 1 week also. > > Where would you suggest I begin to look for the error or do you have any > ideas what could be the cause of this behaviour. I have no idea what you mean with an expiry date on a database file. Could you be more specific? Apache itself does not use db files. Some website you have installed might, but you are not telling us enough... > I am running Apache 1.3.41 on OSX 10.4.11 Why are you using such an old version of apache? Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Adding multiple keys and cert to a virtual host
On Sun, Jan 2, 2011 at 8:21 PM, Mohit Anchlia wrote: > Apache 2: > > I have a need to add multiple certs and keys to a given virtual host. > I don't see a way to add multiple keys or certs to one virtual host. > For eg: key and cert for abc.com and def.com in 10.10.10.101:80> > > Is there a way to do this? For java security for eg we use keytool. > Can someone please suggest how to do it if it possible? For different certificates presented to different hostnames you will need to define seperate virtualhosts for them. There is just no other way. -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] New to Apache
On Fri, Dec 3, 2010 at 6:15 AM, Ahmad Pakhri Yahya wrote: > I don’t know where to start. MOD_REWRITE? IP based virtual host. Name based > virtual > host? Can someone point me to the right direction. What you probably need is a reverse proxy. You could start here: http://www.apachetutor.org/admin/reverseproxies Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] How to proxy FTP protocol with WinSCP client ?
On Mon, Nov 8, 2010 at 11:56 AM, wrote: > The AlllowCONNECT directive permits only to use static ports, and I didn't > find other directives to solve my problem ! > The same configuration with WinSCP client works fine with "squid", but I > prefer to use apache for other reasons, so can you help me to solve this > problem ? For information, when I use another client like IE, it works fine > also but the HTTP method used is GET and not CONNECT... The solution is to use passive FTP in your ftp client. For CONNECT to a dynamic port to work it would be necessary for apache to listen in on the FTPO control connection to know what port the client will attempt to use. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Why do apache-devs not provide the x64 version of httpd binary?
On Mon, Nov 8, 2010 at 5:02 AM, Sharl.Jimh.Tsin wrote: > well,thanks for your reply.it seems to be that i have to bulid it by myself > now. You could also choose not to run it on Windows. Install a modern Linux distritbution, and you'll have a 64bit server with apache in less than half an hour. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Re: possible to add multiple locations for the document root
On Mon, Oct 25, 2010 at 3:28 PM, e-letter wrote: > Below is extract from the file '/etc/httpd/logs/error_log': > > [Mon Oct 25 12:35:59 2010] [notice] Apache/2.2.6 (Mandriva > Linux/PREFORK-8.2mdv2008.0) PHP/5.2.4 with Suhosin-Patch mod_put/2.0.8 > configured -- resuming normal operations > [Mon Oct 25 13:30:59 2010] [error] [client 127.0.0.1] client denied by > server configuration: /usr/local/phppgadmin/phppgadmin/login.php > > This doesn't explain anything to me. Advice please? It says that the "client", (ie. you, your browser) was denied access to the resource by something in your server configuration. Now, I suspect that it has something to do whith how you configured php. Probably apache looks at the file, notices it is php, knows that it has a handler for it, and thus looks if you have permission to execute scripts from that directory. Probably you don't. So rewrite your directory block like this: Options +ExecCGI Order allow,deny Allow from all Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Options for multiple SSL domains on 1 server
On Fri, Oct 1, 2010 at 11:04 PM, Grant wrote: > I need to set up SSL certificates for multiple domain names on a > single server. I've done some research and I think these are my > options: > > 1. use multiple IPs > drawbacks: requires separate apache2 config for each SSL domain, extra > IPs must be allocated by the hosting company > > 2. use multiple ports > drawbacks: requires separate apache2 & firewall config for each SSL > domain, port numbers look weird in the URL > > 3. Server Name Indication > drawbacks: browser support is not widespread enough yet > > 4. X.509 v3 with subjectAltName > drawbacks: ??? > > Are there other options? Are there drawbacks to relying on X.509 v3 > with subjectAltName, or is that the way to go? Options 1) and 2) don't require seperate apache2 configs. You can have apache listen to multiple IPs or Ports. Just add the necessary "Listen" statements to your config, and than a virtualhost for each SSL host. Personally I think that until SNI adoption gets more widespread the best option is 1) if you have the IPs to spare, as it doesn't have any more config overhead than the other options and is going to work as expected. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Centralla managing a collection of apache hosts.
Hello all, My current POE uses the ZEUS Webserver quite extensively. Zeus has some advantages from the point of veiw of daily management, but is not free. We are about to implement a new CMS system that depends heavily on a custom module that the supplier can provide in an apache compatible form, or an IIS compatible form. This would replace an existing system that runs on the ZEUS platform. The problem I now have is that our department head is not that happy to replace Zeus with Apache. The argument is that he considers Zeus to have suerpior management features. To a certain extent he has a point, as with ZEus you have on single Web Gui where you can change configuration settings, that then get deployed to a whole cluster of servers. Zeus is also has a very good updating mechanism. So currently he is demanding that the new CMS project delivers a comparable management solution for managing Apache if it wants us to consider deploying the new Apache based CMS. I'm currently a bit affraid that in the end we will get IIS forced upon us in stead. So my question: Does there exist a good management application for Apache, free or commercial that will give us: - A Web GUI to make changes to the config. - A deployment mechanism so that changes only have to be made once, and are then deployed to x Servers. Free would be nice, but commercial would be acceptable too. For people familiar with the Zeus Webserver: How do I get the same operational comfort with Apache? Thanks in advance, Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Unable to load perl file
On Mon, Sep 6, 2010 at 1:39 PM, aparna aryan wrote: > Please suggest us what needs to be done. Just look carefully at the error message, as it litterally says what is missing: Can't locate ARS.pm in @INC Either the ARS:pm is not present, or present in a directory not included on @INC. It's up to you to correct this. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] httpd.conf: Invalid argument
On Mon, Jun 21, 2010 at 8:30 AM, Carlos _ wrote: > Hi, i have checked permissions and they are ok, the sintax of the file i > think is ok. About the default httpd.conf i only make two changes > Listen --> 80 to 7000 > User and Group --> nobody to myuser. > > I compiled Apache with the option --prefix, it's the one option i have used > They aren't logs and the error isn't like other error about Syntax Error Just do a "su - myuser" and check if you can read the file... Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Apache/2.2.12 Reverse Proxy
On Tue, Jun 8, 2010 at 11:43 AM, Andy Ee wrote: > Hi, > > To be more detail, the output of Live HTML Headers is correct. The home.html > does internal redirection to login.jsp, but somehow reverse proxy is unable > to map properly. Any idea? Thanks. So when the browser requests home.html the proxy maps that to home.jsp on the backend? The backend generates html and passes it back to the browser. But what should happen then that isn't happening? Krist (forget my remark about php in the previous post. You are using jsp I see) -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Apache/2.2.12 Reverse Proxy
On Tue, Jun 8, 2010 at 11:31 AM, Andy Ee wrote: > Hi Krist, > > I went to install Live HTML Headers and tested it with FireFox browser. > > The output: > > http://10.0.0.7/abc/mysite/home.html > > GET /abc/mysite/home.html HTTP/1.1 > Host: 10.0.0.7 > User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.3) > Gecko/20100401 Firefox/3.6.3 > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > Accept-Language: en-gb,en;q=0.5 > Accept-Encoding: gzip,deflate > Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 > Keep-Alive: 115 > Connection: keep-alive > Referer: http://10.0.0.7/abc/mysite/login.jsp > Cookie: JSESSIONID=B39216C807E1F2457B4E43911AF7F5ED > > HTTP/0.9 200 OK > -- > > It is suppose to redirect me to the page - > http://10.0.0.7/abc/mysite/login.jsp, but somehow it does not. What I see here is: - You ask for home.html. - The server gives you home.html. - I can also see that you were on login.jsp before that. So it looks like you were at login.jsp before, then got to home.html. You really need to look at this from the beginning of a session. Also look at the html code your browser gets. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Apache/2.2.12 Reverse Proxy
On Tue, Jun 8, 2010 at 8:28 AM, Andy Ee wrote: > However, when I click on hyperlink on the website that does internal PAGE > > REDIRECT, the browser could not display the page. Apparently, the page > > redirect action breaks the reverse proxy. Have you looked at what passes back and forth between browser and servers using a tool like LiveHTMLHeaders? Krist krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] [Fwd: Reverse Proxy Configuration]
On Tue, Jun 8, 2010 at 4:34 AM, John Iliffe wrote: > If I try to use either of the ProxyHTMLEnable On or ProxyHTMLURLMap > directives apachectl -S still flags them as errors. You have proxy_html 3.0.1. ProxyHTMLEnable is new to 3.1 ... Have a look here: http://apache.webthing.com/mod_proxy_html30/ Also pay attention to your URL substitutions. You need to substitute / with /mymail/. Always keep the slash... Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] NameVirtualHost Directive - - - - Multiple SSL virtual hosts
On Sun, Jun 6, 2010 at 8:04 PM, Jeff Shearer wrote:
>
> I also carefully verified that my /etc/hosts include a fqdn for each of the
> VirtualHosts served from my development server. Yet, I get the following
> error:
>
> [Sun Jun 06 14:02:11 2010] [warn] NameVirtualHost 192.168.0.93:80 has no
> VirtualHosts
>
> I am going nuts here with this. What am I missing?
What you are missing is, amongst others, that the message you get is a
"Warming ("[warn]") not an error. There are two situations which can
trigger this warning:
- A NameVirtualHost without any blocks.
- A second NameVirtualHost statement identical to an existing one.
The warning serves the purpose of warning you that you might have
overlooked something, but it is not an error. Having a duplicate
NameVirtualHost statement does not cause any malfunctioning. It's just
a bit untidy.
Krist
--
krist.vanbes...@gmail.com
kr...@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] mod_rewrite problem IP address coming in URL instead of domain name.
Hello, I'm not entirely sure what your problem is. There is not a single question in your mail. What is your problem? What are you trying to achieve? What are you getting in stead? Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] NameVirtualHost *:80 has no VirtualHosts
On Wed, May 12, 2010 at 3:21 PM, Tapas Mishra wrote: > I have 5 websites and all of them are different. > i.e. /etc/apache2/sites-enabled/site1.conf > /etc/apache2/sites-enabled/site2.conf > /etc/apache2/sites-enabled/site3.conf > /etc/apache2/sites-enabled/site4.conf > /etc/apache2/sites-enabled/site5.conf > > So in which of them should I have NameVirtualHost thing. What I do is just put a namevirtualhost statement in to each of my virtual host config files, so that I can be sure that disabling one of them doesn't break the server. The warning message this results in can be safely ignored. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] URL is replaced with IP address
On Tue, May 11, 2010 at 9:35 AM, Tapas Mishra wrote: > I am having a weird situation.If some one points to my domain www.mydomain.com > then he does get redirected to the right server but instead of URL it > shows the IP address. > What should I search for or look for. Start here: http://catb.org/~esr/faqs/smart-questions.html Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Reverse Proxy https to http
On Thu, Apr 22, 2010 at 4:31 PM, GB GB wrote: > basically > > this is what the client gets after the POST > http://mydomain.com/lsw/clientele/ses/pagePersonnelle.jsp?Mouftah=VXV744A9SVZMU9P > > rather then getting > > https://mydomain.com/lsw/clientele/ses/pagePersonnelle.jsp?Mouftah=VXV744A9SVZMU9P What the client "gets" after the "post" is not primarily influenced by the apache config. It is the backend that tells the client what is should request (or post to) next. Have a look at your network traffic. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Re: HTTPS only for login page (when apache front tomcat)
On Thu, Apr 22, 2010 at 1:38 PM, Nicholas Sherlock wrote: > On 22/04/2010 5:29 p.m., Krist van Besien wrote: >> >> Just consider the following: >> - You direct a user to a login form. He enters username and password, >> gets authenticated and receives a session cookie from the server. >> - This session cookie is sent with each subsequent request, so that >> the requests can be associated with an authenticated user. >> - Someone intercepts this cookie by eavesdropping on the line. With >> this cookie this person can now impersonate the user without knowing >> the user's username or password... > > Very true. However, it does protect the user's username and password. A > large proportion of users use the same password for everything online. You > don't want a login sniffed from your site to be used to breach the user's > bank account. There is in my opinion no good reason not to have https for the whole session. The "performance" argument doesn't really apply anymore in a time that you can buy several webservers for the cost of employing one webserver specialist for a day... Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Reverse Proxy https to http
On Thu, Apr 22, 2010 at 2:21 PM, GB GB wrote: > and in the browser I get the following: The connection has timed out > > http://backend2.ca/lsw/clientele/ses/pagePersonnelle.jsp?Mouftah=VXV744A9SVZMU9P If the browser tries to access the backend directly this is because it was told to do so, probably by the backend itself. Have a look at the HTTP traffic coming from the browser When apache is used as a forward proxy it will only forward requests to the backend, and then forward the responses back to the browser. It does not modify the response. If the backend sends a webpage that contains a link that points directly at the backend than you have a problem. Basically when you have a forward-proxy / backend combination you need to configure the backend so that it knows that is should return correct URLs that point to the frontend. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] HTTPS only for login page (when apache front tomcat)
On Thu, Apr 22, 2010 at 6:37 AM, chamila piyasena wrote: > > > actually there are some performance problems. thats why I was thinking of > using https only for login. Yahoo still uses it, Google used it before. The problem is that with the nature of HTTP having only the login dialog protected by https is really rather pointless. The HTTP protocol is "atomic". There is no such thing as a "logged in user" or a "session" defined in the protocol. That means that whatever is used to link a request with a particular authenticated user is send with every request. That is why an authenticated session should be protected by https the whole time, not just during login. Just consider the following: - You direct a user to a login form. He enters username and password, gets authenticated and receives a session cookie from the server. - This session cookie is sent with each subsequent request, so that the requests can be associated with an authenticated user. - Someone intercepts this cookie by eavesdropping on the line. With this cookie this person can now impersonate the user without knowing the user's username or password... You must realise that whatever data a browser sends to associate a request with an authenticated session is basically equivalent to authentication data. That is why it should never be send in the clear. And that is why session cookies that are obtained after logging in over https should have the secure flag set. It is possible that Yahoo doesn't do this, but then it is entirely possible that Yahoo doesn't care about its users... Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] HTTPS only for login page (when apache front tomcat)
On Wed, Apr 21, 2010 at 12:38 PM, chamila piyasena wrote: > > Hi, > My application is running on tomcat. And I have fronted tomcat by Apache web > server using mod_jk. And I have successfully added https in apache to all > the pages in my application. But I want to https only for the login page. I > have tried several configurations but unable to do so. can any one help me > on this please? First think about why you want this. Is there any particular reason why users couldn't just stay on https? Think about the possible security risks of allowing authenticated sessions over plain http. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Reverse Proxy https to http
On Tue, Apr 20, 2010 at 6:41 PM, GB GB wrote: > #this for some reason becomes http from client perspective > #PreserveHost on does not work with lsw, so I disabled it > RewriteRule ^/lsw(.*)$ http://backend2.ca:8082/lsw$1 [NC,P,L] > ProxyPassReverse /lsw http://backend2.ca:8082/lsw > Redirect permanent /lsw https://mydomain.com/lsw First of all: Remove the "Redirect Permanent". It's not needed (as this virtualhost only gets https requests anyway) and confuses. If you want to make sure that people who accidentaly land on the http site get redirected to https you need to put a redirect in the http virtual host. Secondly: Look at what your backend produces. It is very well possible that it passes html pages back to the client that contain http:// style URLs. RewriteRule only operates on request URLs, ProxyPassReverse only on redirects passed back. The content passed back by the backend is not modified. HTH, Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] RewriteRule with [P] Flag
On Wed, Apr 14, 2010 at 11:10 AM, wrote: > A request to https://inthewild.org gets forwarded all right to > http://localhost:9090/index.jsp. The server on localhost:9090 > itself does a http 302 (redirect) to > http://localhost:9090/setup/login.jsp and returns that to > the browser. > > The browser ends up with a not working URL: > http://localhost:9090/setup/login.jsp > > I would like getting back URL's like this one: > https://inthewild.org/setup/login.jsp > > Please point me to the right direction. What you need to do is look at the configuration of whatever it is you use on port 9090. You must configure that piece of software to issue redirects that use the right hostname. Often there is a "base url" or "base hostname" or something similar that you can set in your config. When running an application server behing a reverse proxy (a very common scenario) you should configure the application server as if it was running without a reverse proxy, as if it was the front end server. If you can't do that there are workarounds in volving proxypassrevers or even mod_proxy_html, but these are complicated. Try solving the problem at the source first. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Cannot upload files from Firefox 2.0 to Apache HTTP proxy server
On Thu, Mar 4, 2010 at 1:22 PM, Baljeet Nijjhar wrote: > Hi > I have tried to upload a Microsoft Excel file to my application server from > Firefox 2.0. The HTTP request goes over SSL to Oracle Apache 2 HTTP server > which is configured to act as a proxy server before passing the request to > my application server. > Packet sniffing indicates that the file contents are being sent from the > browser, but mysteriously getting 'lost' by the time they reach the > application server. i.e. the form fields relating to the file upload are no > longer present. You have sniffed the network both before and after the proxy right? Have you looked for anything in your error files? > Are there any diagnostics I can perform or configuration I can check for the > proxy server as to why this is happening? This should not be happening however... > File uploads work fine with Internet Explorer 6. There are some minor > differences in the way HTTP requests get encoded for the two browsers, such > as the filename or content-type. This could ofcourse be a case of your application server not being http/html complient. As Internet Explorer is less picky that could explain things. What happens if you do the test directly to the application server, bypassing the proxy? Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] FIPS 140_2 compliant for mod_proxy?
On Wed, Mar 3, 2010 at 3:12 PM, Mike Trent wrote: > The issue is FIPS 140-2 compliance. As a server, apache runs SSL in FIPS > 140-2 compliance, but does not run SSL in FIPS 140-2 compliance as a client. > As stated in the early post the FIPS 140-2 patch was applied but does not > seem to have an affect on apache when acting as a client as a proxy. > > This is a FIPS 140-2 compliance issue not an SSL issue. The SSL > communication is fine. Of course it could be that when operating as a client Apache assumes that it is the server it communicates with that will enforce FIPS compliance. However, you can probably make it compliant by restricting the cyphers it will use as a client. That is why I suggested you look in to the possibilitiess the SSLProxy* directives offer. If you consult the mod_ssl documentation you will see that there is a directive SSLProxyCipherSuite, that you can use to limit the ciphers offered in the HELLO packet. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Spider Monkey
On Wed, Mar 3, 2010 at 12:46 PM, antoine wrote: > Hello, I have a question in spider monkey api for parsing javascript. > > Is this the right list to apply ?? If not please tell me where to ask. http://lmgtfy.com/?q=spidermonkey+api+mailing+list Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Number of https virtual hosts support under v2.0.59
On Mon, Mar 1, 2010 at 4:30 PM, Ruiyuan Jiang wrote: > Thanks for the response, Krist. > The version of openssl that I am using is good 0.98l. The problem is the > Apache since I can't use 2.2.14 because the bug it has. See my another post > about the page does not refresh automatically after user logs in. I guess I > have to try to use work around. > By the way, you stated "only works with recent browsers though." What > browsers and versions work with that, Firefox or IE or both? (from wikipedia) Browsers Browsers with support for TLS server name indication: * Mozilla Firefox 2.0 or later * Opera 8.0 or later (the TLS 1.1 protocol must be enabled) * Internet Explorer 7 (Vista or higher, not XP) or later * Google Chrome (Vista or higher, not XP) * Safari Safari 3.2.1 and newer on Mac OS X 10.5.6 and Windows Vista or higher, not XP Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] FIPS 140_2 compliant for mod_proxy?
On Tue, Mar 2, 2010 at 2:39 PM, Mike Trent wrote: > There is a patch that turns on FIPS mode in mod_ssl (listed in my last post) > We can run apache as a server for HTTPS (SSL) in FIPS mode. However when > communicating over HTTPS (SSL) via mod_proxy - mod_ssl is not running FIPS > mode. This can be verified by running a line trace and seeing that the TLS > handshaking client HELLO packet presents a cipher suite that includes non > FIPS compliant algorithms (RC4 for example). > > While running in server mode (not using mod_proxy) FIPS is enabled properly. > This can be seen in the TLS server HELLO which presents only FIPS compliant > algorithms such as 3DES. > > i.e. > SSL - as a server -FIPS compliant I would love to help you, but I need more information from you in order to do so. I have trouble finding out what it is exactly that you are trying to achieve, and in what way, because the context fail. Precise language us usefull. I have trouble trying to imagine what you mean with "running in proxy mode" and "via mod_proxy". That is where the exact language of a config file helps. So please, just post us the SSL part of your config, and we may be able to point out to you what you need to modify. > SSL - as a client via mod_proxy - not FIPS compliant Are you saying that apache is here acting as an SSL client in an non - FIPS compliant way? ie. apache is here used by you as a proxy that forwards towards an https server? In that case have a look at the SSLProxy* directives. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] FIPS 140_2 compliant for mod_proxy?
On Mon, Mar 1, 2010 at 9:49 PM, Mike Trent wrote: > > I am asking if FIPS 140-2 support is available for mod_proxy when running > SSL. It is supported in apache SSL proper with this patch: mod_proxy itself never "runs" SSL. SSL is always handled by mod_ssl. What is it exactly that you are trying to do? Could you be more specific? An exceprt from your config would be usefull. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Order of log entries in the access log?
On Fri, Feb 26, 2010 at 11:29 PM, Geoff Millikan wrote: > What order does Apache write the log entries? > > I'm assuming that if Apache serves 100 responses all in the same time second > window (100 responses per second) I suppose it's going to write them in the > order the response happened and not scramble them up willy-nilly. In other > words, although there's 100 log entries all stamped "26/Feb/2010:20:24:25", > the order they are written in is hopefully the rough order in which they > were served. Writing to the log is one of the last things apache normally does. So yes, the entries will be in roughtly the order they were served, but not necessarily the order they were received in. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Number of https virtual hosts support under v2.0.59
On Fri, Feb 26, 2010 at 9:55 PM, Ruiyuan Jiang wrote: > So I wonder whether Apache 2.0.59 supports more than one https reverse proxy > setup? Thanks in advance. You probably are trying to use name based https vertual posts. This used to be impossible, not due to limitations in apache, but due to limitations in the SSL protocol. More background to this problem you can find here: http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts When I'm saying "it used to be impossible" I am indeed implaying that nowadays this can be made to function, due an extension to the SSL protocol, named SNI. This requires a bleeding edge apache and only works with recent browsers though. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] URL Rewrite goes into infinite loop
On Tue, Feb 16, 2010 at 4:41 PM, su2 wrote: > I have a feeling that my URL request is getting into infinite loop somehow. > But not sure how and where. > > I would appreciate the help. You have to look in your logfiles. What do you see in your access log, and what in your rewrite log? If you don't have a rewrite log, enable it. It could also be usefull to install a plugin like "Live HTTP Headers" in Firefox, to see what is being sent back by the server. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Inaccuracy in mod_ssl docs
On Tue, Feb 2, 2010 at 4:27 PM, Emmanuel Bailleul wrote: > Hi, > > I've been fighting quite long to find the "Makefile" which is mentioned > several times in mod_ssl documentation > (http://httpd.apache.org/docs/2.2/mod/mod_ssl.html) > This Makefile should be used to rebuild certs or crls hashes in their > respective directories, but it was nowhere to be found in Apache sources. > They are present though as "Makefile.crt" and "Makefile.crl" in original > mod_ssl distribution. > Wouldn't it be a good idea to include these ones in httpd sources (if > possible) ? The documentation should be changed to reflect the fact that you only need to run the c_rehash command... Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Apache server configuration help required centos 5/3
On Tue, Feb 2, 2010 at 2:27 PM, venugopal melukote wrote: > Hello, > > My error log says > > [Tue Feb 02 11:52:32 2010] [error] [client 172.16.10.10] client denied by > server configuration: /home/httpd/webdav/vulcan1.txt You have to enable DAV for this directory. From the config you showed us I cannot determine if you did so. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] troubleshooting apache server
On Fri, Jan 29, 2010 at 10:41 PM, Scott Jones wrote: > I run apache 2 on my server, at fyrenice.com, and have no problem accessing > it locally. I run Mailman and SugarCRM among others, but am dead in the > water for the moment. I have ports 80 and 443 forwarded to my server machine > through my Linksys WRTP54G router. I can ssh in to my server no problem, but > I can't access the admin pages for SugarCRM or for Mailman. > > Where do I start in troubleshooting my setup? I Start by giving us more imformation. - What OS are you using, what version of Apache? - If you open a browser on the machine itself, can you browse the website, does it work as expected? If you can't open a browser, but have SSH access, use a command line tool like curl or wget to test. - Can you browse your website from a local machine in the same network as your server? Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] mod_rewrite problem: $1 and $2 not substituted into target url
On Tue, Jan 26, 2010 at 6:32 PM, Chris Brooks wrote: > Any suggestions as to what might be going on? You are not using any sections by chance, are you? Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] redirects only working for some virtual hosts
On Tue, Jan 26, 2010 at 2:34 AM, RYAN vAN GINNEKEN wrote: > Please help as i have been struggling with this problem for a long time and > do not know what else to try for troubleshooting. Are you sure that the requests are going to the virtualhost you expect them to go to? What is the output of httpd -S ? Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] speaking url is not working inside subfolder
On Tue, Jan 19, 2010 at 5:28 PM, J. Bakshi wrote: > The .htccess successfully redirects the concerned domain into the > sub-folder (TYPO3) . But the problem is with speaking url. Clicking on any > links always and always goes to the very first page. Waht is a "speaking url"? Could it be that your problem simply is that Typo3 is unaware it exists in a subfolder, and thus creates URLs that do not start with TYPO3? Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] "Perfect" Transparent Proxy Setup?
On Mon, Jan 18, 2010 at 7:10 PM, Brian Kim <09su.resea...@gmail.com> wrote: > I hope that any network expert make my naive idea more concrete. Actually as a general Web Proxy Squid is a better choice. On a Linux system you can use IPTables to forward all requests to port 80 to your squifd proxy, which effectively creates a transparant proxy. More info can be found on the web. Just google "transparent proxy with squid". Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] SSL file location and permissions?
On Mon, Jan 18, 2010 at 8:52 PM, Dan Schaefer wrote: > Is there a standard location where the SSL crt, csr, and key files should be > located? I would prefer to keep them out of "dan's home directory" and put > them in a widely accepted location. If it helps, I am running CentOS and I > have a standard installation of Apache using yum. Also, what should the file > permissions be for these files and the containing directory? There is no standard location. Practices vary by distribution. On Fedora its /etc/pki/tls On my Ubuntu server its's /etc/apache2/ssl You're free to use what works, or stick with what your distro proposes. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] How to set multisites: same domain, different path, one ip address
2010/1/16 Jiongliang Zhang : > so when I using mydomain:80 and mydomain:8080, I can request both of them. > But now I have new reqirements, I hope using mydomain/mailman and > mydomain/redmine > to identify them, just like: > > http://mydomain/mailman > http://mydomain/redmine > > on ubuntu server 8.04, apache2.2, ip: 192.168.1.128, domain: mydomain > > mailman path: /var/lib/mailman/* > redmine path: /var/lib/redmine/* > > How can I do this. (I'm newbee on apache) What you need to know first is that: http://mydomain/mailman http://mydomain/redmine Are just two paths on one server instance. So forget about virtualhosts, you don't need them. Just get your http://mydomain server working first. Then once that works you can add aliase to your config. So it would look like this: Alias /mailman /var/lib/mailman Alias /redmine /var/lib/redmine Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Very Very strange problem in opensuse 11.1, file uploading reports "not an image file"
On Sat, Jan 16, 2010 at 5:18 PM, J. Bakshi wrote: > I can see the files are transferred but after > that it simply reports "Not an Image file". What is "it" here. Is this error message logged in a logfile somewhere, or is it displayed in your webbrowser? Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Getting "Error reading header" messages in error_log
On Wed, Dec 16, 2009 at 1:06 PM, Pravesh Rai wrote: > Hi, > > We are getting either of the following error messages in error_log: > > [error] [client ::1] client sent HTTP/1.1 request without hostname > (see RFC2616 section 14.23): /proxy/ssllogin, referer: > > Or > > [error] [client 127.0.0.1] request failed: error reading the headers, > referer: > > & ultimately gets "Http 400 Page Cannot be Displayed" error page. That looks like a client that is not respecting the HTTP/1.1 protocol. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] How to block nessus scan ?
On Mon, Jan 4, 2010 at 11:25 AM, J. Bakshi wrote: > Does any one know any technique to block nessus scan ? You do not block nessus scans. What you do is perform a nessus scan yourself, and deal with any vulnerabilities it exposes on your server. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] I need a technique for executing very fast code behind the httpd apache server.
On Sat, Dec 26, 2009 at 2:04 PM, Andrei Paul Nistor wrote: > Hello all. > > Question: Is it any way possible to access through the httpd server > resources like objects or remote procedures that run on the server in binary > form and dont get disposed after each call of the resources? Have you looked at Tomcat? Java(J2EE) seems to be fast enough for almost everybody... Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Code coverage while running web server
On Sat, Dec 19, 2009 at 1:30 AM, Guruprasad JG wrote: > I am referring to the Apache code written in C. I would like to see if all > the paths are exercised for - request processing, resource management, > connection pooling, and configuration directives of the apache core. This > would be more like functional testing of apache. I think you'll have to explain to us what you exactly mean with checking that "all the paths are exercised". I have no clue how to "exercise paths" in any context, and I do consider my knowledge of the English language quite substantial. Maybe you should rephrase your question. If you just want to know what goes on inside Apache when a request is processed than you can ofcourse run it in a debugger. Will be slow, though. Make sure the timeout in whatever client you use is high enough. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] How to remove an environment variable...
On Fri, Dec 18, 2009 at 3:16 PM, Eric Covener wrote: > mod_cgi (and anyone acting like mod_cgi) calls a utility function to > set REMOTE_USER from the internal representation of the user, right > before running the script (in the handler phase). There does not seem > to be any window where you could blank out the variable (the closest > you can get is mod_rewrite E= in or htaccess with no > substitution) > > You might be able to write an apache module that zaps r->user in the > fixups phase when some criteria is met, but I am not seeing any more > direct way. Maybe I could use some mod_perl to manipulate this internal representation. Or just use a custom "index.php" which unsets this variable. All explore that. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] How to remove an environment variable...
Hello all, I have a PHP content management system, Drupal on a apache 2.2 server. For the moment we use a Drupal add on that uses the webserver's own authentication. So I have set up apache basic auth, and Drupal asumes that whenever a request comes with the "REMOTE_USER" variable set, the user is authenticated, and uses the value of REMOTE_USER to determine who it's talking with. Now for test purposes I want to offer a way to look at the site as non authenticated users would see it, but without (for now) removing the authentication. As the website is still under development I don't want to allow unauthenticated access yet. I thought I could do that by just have Apache remove the REMOTE_USER header. like this: UnsetEnv REMOTE_USER However, this does not work. Also setting REMOTE_USER to something else doesn't work either. Setting other variables works though. What are my options here? How can I remove REMOTE_USER? Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] What is wrong with this RewriteCond?
On Fri, Dec 18, 2009 at 11:34 AM, Perl Whore wrote: > I read the docs for the flags and it says for [C] that if a rule is > not matched then it skips the rest of the rules. I told you my example was "advanced"... > What I'm trying to do are set individual rules for the same condition > and not a chain of rules. So only the rule that match should be > applied. Only rules that match will ever be applied. Basically apache just tries all the rules in sequence, and if they match the rule gets applied. That means that several rules can be applied, unless rewrite rule processing stops (because of a flag) -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] What is wrong with this RewriteCond?
Enable RewriteLog, with a high RewriteLogLevel. That way you see in
great detail exactly what is happening.
You'll see what matches are tried, against what strings, what matches
are successfull, what rules are considered. Etc...
BTW, but this is advanced stuff, there is a trick to make whole blocks
of RewriteRules depend on one Condition.
1) You can "Chain" rules together. That way a whole block is
evaluated, or skipped based on wether the first one matches. This is
quite handy with a dummy rule...
(Note how the last rule in your block doesn't have the "C" Flag, and
your first rule must be a "dummy" one that always matches, or your
RewriteCond never gets evaluated.)
# First block, executed when cookie not set.
RewriteCond %{HTTP_COOKIE} !^.*test=test.*$
RewriteRule -* - [C]
RewriteRule /inbox$ /index.php [C]
RewriteRule /compose-mail$ /index.php
# Second block, executed when cookie set.
RewriteCond %{HTTP_COOKIE} ^.*test=test.*$
RewriteRule -* - [C]
RewriteRule /inbox$ http://127.0.0.1:22131/ [P,C]
RewriteRule /inbox/(.+) http://127.0.0.1:22131/$1 [P,C]
RewriteRule /(js/qui.+) http://127.0.0.1:22131/$1 [P,C]
RewriteRule /(css/qui.+) http://127.0.0.1:22131/$1 [P,C]
RewriteRule /js/soundmanager2-nodebug-jsmin.js
http://127.0.0.1:22131/js/soundmanager2-nodebug-jsmin.js [P,C]
RewriteRule /sound/soundmanager2.swf
http://127.0.0.1:22131/sound/soundmanager2.swf [P,C]
RewriteRule /images/favicon.png http://127.0.0.1:22131/images/favicon.png [P,C]
RewriteRule /(e/.+) http://127.0.0.1:22131/$1 [P,C]
RewriteRule /compose-mail$ /proxy/ [C]
RewriteRule /compose-mail/(.+)$ /proxy/$1
2) You can use the "S=x" flag, which tells the RewriteEngine to skip
the next x rules, togethet with a dummy rule. Like this:
# Skip the next two rules when the cookie matches.
RewriteCond %{HTTP_COOKIE} ^.*test=test.*$
RewriteRule .* - [S=3]
# These rules are executed when the cookie doesn't match.
RewriteRule /inbox$ /index.php [C]
RewriteRule /compose-mail$ /index.php
RewriteRule .* - [S=10]
# These rules are executed when the cookie matches.
RewriteRule /inbox$ http://127.0.0.1:22131/ [P,C]
RewriteRule /inbox/(.+) http://127.0.0.1:22131/$1 [P,C]
RewriteRule /(js/qui.+) http://127.0.0.1:22131/$1 [P,C]
RewriteRule /(css/qui.+) http://127.0.0.1:22131/$1 [P,C]
RewriteRule /js/soundmanager2-nodebug-jsmin.js
http://127.0.0.1:22131/js/soundmanager2-nodebug-jsmin.js [P,C]
RewriteRule /sound/soundmanager2.swf
http://127.0.0.1:22131/sound/soundmanager2.swf [P,C]
RewriteRule /images/favicon.png http://127.0.0.1:22131/images/favicon.png [P,C]
RewriteRule /(e/.+) http://127.0.0.1:22131/$1 [P,C]
RewriteRule /compose-mail$ /proxy/ [C]
RewriteRule /compose-mail/(.+)$ /proxy/$1
# Processing continues here.
With these flags it's quite possible to make quite complex conditional
structures. I once inherited a server where every request was checked
against 200+ rules. By some clever "if-then-else" logic implemented
using dummy rules and the S flag I managed to reduce that all to just
a handfull of tests for each request :-)
Krist
(Disclaimer: I'm currently on the train to work with no way to test
this... This is all of the top of my head.)
--
krist.vanbes...@gmail.com
kr...@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Enabling SSL on a virtual host
On Tue, Dec 15, 2009 at 5:37 PM, Jonathan Mast wrote: > I'm thinking that the host name actually is required in the VirtualHost No it is not required. A hostname in a VirtualHost directive is internally converted to an IP address and only needed if this VirtualHost needs to be bound to a particular IP on a multi homed host. In most practical scenarios having *:443 and *:80 in your VirtuaHost direcives is perfectly adequate. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] rewriterules
On Wed, Dec 16, 2009 at 11:24 AM, Rabadan Palenque, Jose wrote: > Hi, > > Whit the help of other member of the list (Antonio) I understood rewriterules > is not what I need, the best option is mod_proxy mod:proxy is one way, and mod_rewrite another. Basically mod_proxy is for simple cases, but for more complex cases mod_rewrite is quite usefull. > This is what I have: > Server.apache > Server.plone > > And I want this: > When accessing https://server.apache redirect to http://server.plone but > "hiding" the url and showing https://server.apache In config of "server.apache": ProxyPass / http://server.plone/ ProxyPassReverse / http://server.plone/ Should do it... Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] rewriterules
On Mon, Dec 14, 2009 at 12:51 PM, Rabadan Palenque, Jose
wrote:
> RewriteRule ^/(.*)
> http://ploneserver:8080/VirtualHostBase/https/%{SERVER_NAME}:443/$1 [P]
It is perfectly possible to use RewriteRules to proxy a particular URL
to another server. And the general pattern is indeed:
RewriteRulehttp:///.
If you have trouble making this work we can help. However, you need to
provide us with more information. And your URL looks funny, I'm not
sure that URLs with a : followed by what looks like a port number are
a good idea...
- What do you mean with "it does not work". What were you expecting,
and what did you get in stead? Be specific.
- Switch on the RewriteLog, and look in the log what you see there. If
you see something there you don't understand feel free to ask here.
- Also check that your backend is not messing things up by sending
redirects to URLs that the client can't reach.
Krist
--
krist.vanbes...@gmail.com
kr...@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Re: Building Apache 2.2 without IPv6
On Sun, Dec 6, 2009 at 12:49 PM, Tom Evans wrote: > "Hello, I'd like to stop receiving messages about Christianity" > "Ooh, no, you just dont understand how great Christianity is going to > be for you..." How about someone asking "I'm looking for an alternative to Christianity because I want to be allowed to eat pork". What would you consider a usefull answer to such a question :-) Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] multiple rewrite rules
On Mon, Dec 7, 2009 at 7:32 AM, Jeff Shearer wrote:
> Thanks for your excellent explanation.
>
> I have used the book "The Definitive Guide to mod_rewrite" by Rich Bowen. Do
> you recommend a different reference?
I don't know about this book. All I know about mod_rewrite I have from
the official docs, and from experimentation.
The documentation is quite clear that you can have multiple
RewriteCond's per RewriteRule, but that a RewriteCond only applies to
one RewriteRule.
I had to cut may answer short, as my train was arriving and I had to
get out :-)
So here is the rest:
I asume that you have references to two CSS files in your HTML pages,
and that you want to give different versions of these files to
different browsers.
Now, since a RewriteCond applies only to one rule, you need to repeat it.
You don't really need the L flag, and if the files are on the same
host, you don't need to add that either. So I asume the following
would work:
RewriteEngine on
RewriteLog /var/log/httpd-rewrite.log
RewriteLogLevel 2
RewriteCond %{HTTP_USER_AGENT} .Windows.*Firefox\/3.*
RewriteRule ^/styles/progclean.css/styles/winff3/progclean.css
RewriteCond %{HTTP_USER_AGENT} .Windows.*Firefox\/3.*
RewriteRule ^/styles/terms.css/styles/winff3/terms.css
RewriteCond %{HTTP_USER_AGENT} .MSIE\ 7.*
RewriteRule ^/styles/progclean.css/styles/winie7/progclean.css
RewriteCond %{HTTP_USER_AGENT} .MSIE\ 7.*
RewriteRule ^/styles/terms.css /styles/winie7/terms.css
RewriteRule ^/styles/progclean.css /styles/unsupported/progclean.css
RewriteRule ^/styles/terms.css /styles/unsupported/terms.css
I hope this helps,
Krist
--
krist.vanbes...@gmail.com
kr...@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] multiple rewrite rules
On Sun, Dec 6, 2009 at 9:08 PM, Jeff Shearer wrote:
> I have been trying without success to rewrite multiple css files with on
> RewriteCond. Here is my latest attempt to give y'all an idea of what I am
> trying to do.
I have the impression that you are unware how rewriteconds and
rewriterules interact. You can't have one rewritecond apply to many
rewriterules.
Apache always first tests if the LHS of the RewriteRule matches. Then
it will look at any RewriteConds above. It they match than the RHS is
applied.
In order to explain better what happens with your rules I've numbered them:
1> RewriteCond %{HTTP_USER_AGENT} .Windows.*Firefox\/3.*
2> RewriteRule ^/styles/progclean.css
http://progressive.trustedtechpro.com/styles/winff3/progclean.css
3> RewriteRule ^/styles/terms.css
http://progressive.trustedtechpro.com/styles/winff3/terms.css [L]
4> RewriteCond %{HTTP_USER_AGENT} .MSIE\ 7.*
5> RewriteRule ^/styles/progclean.css
http://progressive.trustedtechpro.com/styles/winie7/progclean.css
6> RewriteRule ^/styles/terms.css
http://progressive.trustedtechpro.com/styles/winie7/terms.css [L]
7> RewriteRule ^/styles/progclean.css
http://progressive.trustedtechpro.com/styles/unsupported/progclean.css
8> RewriteRule ^/styles/terms.css
http://progressive.trustedtechpro.com/styles/unsupported/terms.css
[L]
RewriteCond at line 1 only applies to RewriteRule on line 2.
RewriteRule at line 3 does not have ReweriteCond so all browsers get
http://progressive.trustedtechpro.com/styles/winff3/terms.css. Rules 6
and 8 will even never get triggered...
Have a look at the docs.
Krist
--
krist.vanbes...@gmail.com
kr...@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] HTTPS connections via mod_proxy ProxyRemote don't work
On Fri, Dec 4, 2009 at 6:27 AM, Devraj Mukherjee wrote: > Any ideas if I need to do something special when using ProxyRemote and HTTPS? I asume that since your revers proxy does some content mangling that your clients talk plain http to your proxy? A few thinks to look at: - Does your Squid proxy allow the "CONNECT" http method? - Is apache configured to function as an SSL client? You need at least to enable SSLProxyEngine, and define an SSLProxyCACertificatePath. In the second case you need to add the following to your config: # turn on SSL proxying. SSLProxyEngine On # to tell Apache where to find CA certificates to check remote server # certificates with: # (You can choose yourself where you put these certificates) SSLProxyCACertificatePath /path/to/ca/certificates. Then in this path you need to put the CA certificate(s) used to sign the certificate(s) used by the server(s) you communicate with. If you want to talk to a server that uses a "self signed" certificate you will need to put it in this dir too. Once you've done that you need to run "c_rehash" in that directory. c_rehash is part of a standard openssl distribution. c_rehash creates hashed aliases in this dir. Apache needs these. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Building Apache 2.2 without IPv6
On Fri, Dec 4, 2009 at 9:30 AM, Daniel Reinhardt wrote: > Actually it has everything to do with it. IPv6 is useless to me on a small > HOME LAN of 5 computers. It should be disabled by default, and an allowable > option by those who wish to use IPv6. It shouldn't be forced down peoples > throats. Its like how Linux/Unix Distribution Creaters forcing IPv6 in a > kernel when someone may not have a need for it or find it useless. They > should instead build their distributions with IPv4 enabled by default, and > include a IPv6 enabled Kernel for those who want to use it. As such so > should software developers, they should create their software and distribute > it with default settings enabled, such as ipv6 being disabled unless wanted > by the end-user. Those who desire IPv6 functionality should be the only > ones wanting to compile their software and kernels with such goals in mind. It's not forced down your throat. You can safely ignore IPv6 if you're not using it. Even if your linux machine enables IPv6 by default, and starts and IPv6 interface you don't have to worry about things breaking because of it. If your router doesn't route IPv6 you still don't have to worry about some devices in your network bringing up IPv6 interfaces. Linux disrtro maintainers include IPv6 because the aim is to provide a kernel that everyone can use, without having to recompile. Another aim is to incourage people to actually start using IPv6. ISPs will soon start to provide their customers with routers that support IPv6, so this is in my opinion a wise decision. It's a bit like TV manucfaturers including a DVB-T tuner in their offerings, even though most people don't have a need for it, yet. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Building Apache 2.2 without IPv6
On Thu, Dec 3, 2009 at 5:41 PM, Daniel Reinhardt wrote: > Krist, > > First of all I came here for help with disabling IPv6 not a testimony from > other users on how useful it is for a small LAN. > > Give me one good reason why IPv6 is useful for a small home LAN where I can > use 192.168.0.0/16 and have more IP's then I can use. IPv6 offers a lot more than just more IP addresses. One of the goals is also to improve network autoconfiguration so network devices can truly be "plug and play". Wich is a good feature to have for people who don't want to be network admins, but still have a complex home network. There are allready media streaming devices on the market that rely on this. > I want to do this so all my daemons are listening on IPv4, so that my Home > Router can deal with it as it doesn't support IPv4 over IPv6 and vice versa. You don't need to recompile apache if that is all you want. You can safely ignore Apache's IPv6 capabilities. This is why your request sounded a bit unusual to me. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Building Apache 2.2 without IPv6
On Thu, Dec 3, 2009 at 6:43 AM, Daniel Reinhardt wrote: > All, > > I want to build Apache 2.2.14 without any referrence to IPv6. I have removed > IPv6 support from the Kernel, because I find it useless on a small home LAN. > > How would I tell apr to leave out IPv6 when compiling? The first question is why do you want to do this? And why, If this is just a small home LAN are you even compiling apache yourself. (And actually IPv6 can be very usefull on a home lan, but that's another story) Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] how to get multiple SSL with name based vhost ?
You seem to be a bit confused about how to configure name based virtual hosts.. On Tue, Dec 1, 2009 at 10:53 AM, J. Bakshi wrote: > ` ` ` ` > Listen 443 > NameVirtualHost example1.de:443 > > > SSLEngine on > SSLCipherSuite HIGH:MEDIUM > SSLProtocol all -SSLv2 > SSLCertificateFile /etc/apache2/myca/mars-server.crt > SSLCertificateKeyFile /etc/apache2/myca/mars-server.key > SSLCertificateChainFile /etc/apache2/myca/my-ca.crt > ServerName https://example1.de > ServerAlias https://example1.de > > DocumentRoot /srv/www/htdocs/blevti.opendingo.de > DirectoryIndex index.php > > > > NameVirtualHost example2.de:443 > > SSLEngine on > SSLCipherSuite HIGH:MEDIUM > SSLProtocol all -SSLv2 > SSLCertificateFile /etc/apache2/myca/mars-server.crt > SSLCertificateKeyFile /etc/apache2/myca/mars-server.key > SSLCertificateChainFile /etc/apache2/myca/my-ca.crt > ServerName https://example2.de > ServerAlias https://example2.de > > DocumentRoot /srv/www/htdocs/example2.de > DirectoryIndex index.php > You should have only one "NameVirtualHost" statement, per IP/Port combination, so unless you have a multi homed host this should be: NameVirtualHost *:433 And your VirtuaHost blocks should all be like this: ServerName example1.de ... your directives here ServerName example2.de ... your directives here etc... It is the "ServerName" directive that tells Apache which virtualhost is which. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] how to get multiple SSL with name based vhost ?
On Tue, Dec 1, 2009 at 5:11 AM, J. Bakshi wrote: > Dear list, > > I have multiple name based vhost at my remote server. If I followed the > same configuration for SSL and it does not work. Even not found any > code through google which acn do the job. I have found it is possible > to define only one name based vhost with SSL support. Is there any > tricks to configure multiple vhosts with SSL ? Kindly show me the way. This is probably one of the most asked question on this list... For a long time the answer to the problem was "you can't". The problem is that in order to know from which virtual host to serve content a webserver must inspect the "host" header. This is part of the http request. However the SSL handshake takes place before any http request is initiated. In order to complete the handshake the webserver needs to know which SSL certificate to use. Since the websever can't yet know which virtual host content is being requested from it uses the certificate of the first host. It's really a limit of the protocol, not the server. However the latest version of the HTTPS protocol includes SNI, which permits a client to transmit to the host the name of the virtualhost it wants to contact during the SSL handshake. So what you need to do is make sure you have the very latest apache, compiled with the latest openssl libraries, and use a recent webbrowser. Than you will be able to do this. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Re: When it rains it pours...
On Fri, Nov 27, 2009 at 4:51 PM, André Warnier wrote: > Please don't. It was an entertaining story, better than many on this list. Well, It was a strange feeling to basically press enter to complete a command, and as a result see all the lights go out... -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] When it rains it pours...
On Fri, Nov 27, 2009 at 4:59 PM, Evan Platt wrote: > I worked at a company once that had a coffee machine in the > 'breakroom' which was right outside the door of the 2 bathrooms - > where there was a sink and microwave and coffee pot. One day at a > company meeting, someone mentioned it was about time to get a new > coffee pot brush. One person turned pale white. "What... coffee.. > pot... brush?" > The other person said "The one right under the sink, right by the > coffee pot!" and the other person said "You've been using that on the > coffee pot?" > "Yes. Why?" > "Uhhh... I've been using that on the toilets." > > I think it was a while before anyone drank coffee anymore. Very funny (and completely off topic ofcourse...) We have a more sofisticated coffee machine. It even runs on Linux (as we could witness when the power came back), but don't know if it has Apache installed... Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Re: When it rains it pours...
I really should not have two mailing lists with adresses starting with "us...@...". Sorry list. (Or how do I disable email completion in Gmail.) - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] When it rains it pours...
So I get a call from one of our developpers. Turns out that the "UT" interface wasn't working properly anymore. The UT interface is basically a SOAP service running on a Tomcat instance. The purpose it to allow smartphones to do things like get Call History etc.. by sending Soap requests to this interface. Recently the functionality of this service has been extended to provide for a new type of nifty fix-line phone with touch screen that Swisscom wants to inflict on the market next year. But anyway. It had become sluggish, and the usual solution is to just bounce the Tomcat. So I log in and do: sudo /etc/init.d/tomcat5 stop. I press enter and then the power in the office fails... Lasted an hour before we had power and network back, and I could ssh back in to the server in order to start the tomcat again... I am going to look in to making the whole UT interface more robust. And we are also looking in to getting a UPS for our coffeemachine, because not being able to have a coffee when an outage condems you to unproductivity is next to unbearable... Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] installing apache on amazon ec2 instance
On Sat, Nov 21, 2009 at 1:04 AM, Daniel Shapiro wrote: > Running on Debian linux: > > I have been having trouble installing/running apache on an instance of an > amazon cloud ec2 machine. > Wondering if installation is badly done, or configs not set up, or if its a > function of the virtual nature of IP on amazon ec2 cloud? > > > It does seem I have 2 versions installed - but can't get either to work > properly I would suggest you remove the older one. > Looking up localhost > Making HTTP connection to localhost > Alert!: Unable to connect to remote host. > > lynx: Can't access startfile http://localhost/server-status Could be that the server is running fine, but that "server-status" hasn't been configured. What happens if you just do "lynx http://localhost"; from the commandline on your machine? > -- > Trying apache2: > amd6:/# apache2 -f /etc/apache2/httpd.conf > apache2: Syntax error on line 6 of /etc/apache2/httpd.conf: Cannot load > /usr/lib/apache/1.3/mod_status.so into server: > /usr/lib/apache/1.3/mod_status.so: undefined symbol: ap_restart_time You start apache 2.x on debian using apache2ctl. This will probably set alle the paths correctly so that apache doesn't try to load 1.3 modules. However, I would start by getting rid of apache 1.3. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Re: Apache error if using Basic AuthType under Location directive
On Mon, Nov 16, 2009 at 10:53 AM, André Warnier wrote: > LuKreme wrote: > ... > >> >> To do hat you want though, the simplest solution is to put a htaccess file >> in the folder you want to protect. >> > No, it is not, because in the OP's case there is not really a directory to > protect and to put a .htacess file inside of. > It is a URL that needs protecting, so it has to be done via a > section. > Unfortunately, if the Ophas no access to the Apache configuration files, > then he has a problem. WebSVN is a set of PHP scripts, that you install somewhere on your filesystem. So technically the OP could just dump the following .htaccess file in the top WebSVN directory: AuthType Basic AuthName "Repository svn" AuthUserFile /home/liberenote/svn/materiale.passwd Require valid-user Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] cannot install a SSL certificate : any idea folks ? Thanks
On Mon, Nov 16, 2009 at 8:05 AM, sieger...@gmail.com wrote: > I'm trying to figure out why I cannot install a SSL certificate that I'd > been given. What did you exactly do, and what error messages did you receive, what problems do you have? Just telling us that you have a problem is not really sufficient. > I'm not too familiar with how a certificate is generated from the > certificate request file, so any insight into the process would be > appreciated. You create a key, then create a certificate signing request. This you send to your CA. It will come back with the CA's signature. Your key doesn't have a "subject", but your certificate request does, and if it doesn't match the of the signed certificate something went wrong. Public key information must also match. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] RewriteBase is not working in apache configuration file
On Mon, Nov 16, 2009 at 8:17 AM, J. Bakshi wrote: > > Thanks a lot to clarify it. I was banging my head with it. Is there any > alternative to force document root in side then ? Actually I > need to run some experimental sites from a location which is totally > different from main apache document root. And my rewritrules try to > access /var/www as the document root where it should look into > /var/personal_work_area/ If you have trouble understanding what your RewriteRules do start by enabling the RewriteLog. You should understand that in your httpd.conf the RewriteRule will operate directly on the URL, so it is really immaterial what Docroot etc... has been set to. With RewriteRules you can translate URL to filename entirely bypassing all other directives... Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] RewriteBase is not working in apache configuration file
On Mon, Nov 16, 2009 at 5:27 AM, J. Bakshi wrote: > Hello, > > RewriteBase is working perfectly OK in .htaccess but not in apache > configuration file. Do we need any special syntax to make it working in > apache configuration file ? You don't need RewriteBase in your apache configuration file. The RewriteBase directive's purpose is to solve a problem caused by the fact that URL to Filename translation has allready taken place by the time Apache gets to reading your .htaccess file. You don't have this problem with RewriteRules in httpd.conf, so there you don't need this directive. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] apache with 2 SSL Certs Problem
On Fri, Nov 13, 2009 at 7:58 PM, Randy Paries wrote: > On Fri, Nov 13, 2009 at 12:26 PM, Krist van Besien > wrote: >> On Fri, Nov 13, 2009 at 6:14 PM, Randy Paries wrote: >>> also i have this in my httpd >>> NameVirtualHost 216.186.190.101:80 >>> NameVirtualHost 216.186.190.106:80 >>> NameVirtualHost 216.186.190.101:443 >> >> You probably don't need these. >> >> I asume you have your one SSL host on 216.186.190.101 and another on >> 216.186.190.106 ? >> >> Krist >> > > so i tried to re-issue my cert so the file names are a little different. > > so here is where i am now > > two domains: > 1) unitfaces.com is supposed to have the real cert > 2)yumasnowbirds.com is suppose to have the self signed cert > > > ServerAdmin webmas...@mydomain.com > DocumentRoot /home/unitfaces/ > > ServerName www.unitfaces.com > ServerAlias unitfaces.com > > ErrorLog logs/unitfacesSSL.com-error_log > CustomLog logs/unitfacesSSL.com-access_log combined > > SSLEngine on > SSLCertificateFile /etc/httpd/conf/ssl.crt/www.unitfaces.com.crt > SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.calgary.key > > > > > ServerAdmin webmas...@mydomain.com > DocumentRoot /home/yumasnowbirds/ > > ServerName www.yumasnowbirds.com > ServerAlias yumasnowbirds.com > > ErrorLog logs/yumasnowbirdsSSL.com-error_log > CustomLog logs/yumasnowbirdsSSL.com-access_log combined > > SSLEngine on > SSLCertificateFile /etc/httpd/conf/ssl.crt/www.yumasnowbirds.com.crt > SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.calgary.key > > That looks all OK to me. > > here is some more info > if i do > #openssl s_client -connect www.unitfaces.com:443 -showcerts > i see (btw , i have no idea where it is getting this info??) > CONNECTED(0003) > depth=0 > /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=localhost.localdomain/emailaddress=r...@localhost.localdomain > verify error:num=18:self signed certificate > verify return:1 > depth=0 > /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=localhost.localdomain/emailaddress=r...@localhost.localdomain > verify return:1 This is all info from the certificate. It appears that unitfaces.com has a self signed certificate. You can verify this with: openssl x509 -in /etc/httpd/conf/ssl.crt/www.unitfaces.com.crt -text (dot this on your sever...) I think that some of your assumption about what's in www.unitfces.com.crt might be wrong... Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] apache with 2 SSL Certs Problem
On Fri, Nov 13, 2009 at 6:14 PM, Randy Paries wrote: > also i have this in my httpd > NameVirtualHost 216.186.190.101:80 > NameVirtualHost 216.186.190.106:80 > NameVirtualHost 216.186.190.101:443 You probably don't need these. I asume you have your one SSL host on 216.186.190.101 and another on 216.186.190.106 ? Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] apache with 2 SSL Certs Problem
On Fri, Nov 13, 2009 at 4:40 PM, Randy Paries wrote: > On Fri, Nov 13, 2009 at 1:29 AM, Krist van Besien > this is how i have it set up. > when i generate the CSR do i need to do something special to bind the > CSR to a specific IP? No. > > > ServerAdmin webmas...@unitnet.com > DocumentRoot /home/unitfaces/ > > ServerName www.unitfaces.com > ServerAlias unitfaces.com > > ErrorLog logs/unitfaces.com-error_log > CustomLog logs/unitfaces.com-access_log combined > > ErrorLog logs/unitfacesSSL.com-error_log > CustomLog logs/unitfacesSSL.com-access_log combined > > SSLEngine on > SSLCertificateFile /etc/httpd/conf/ssl.crt/www.unitfaces.com.crt > SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.unitfaces.com.key > > That looks ok, but you should have two VirtualHost containers on port 443. What does the other look like? -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] apache with 2 SSL Certs Problem
On Fri, Nov 13, 2009 at 3:15 AM, Randy Paries wrote: > Hello, > i have a box with two domains > CentOS release 5.3 > Server version: Apache/2.2.3 > > initially the box only had one IP and domain. > > I went and got a SSL cert for that domain and everything was fine. > > i then went and added a second IP and a second Domain (eventually i > planned to split these) > > I then created a test self signed cert for the second domain/IP (same NIC > card) > > Since i have done that my first domain/IP SSL gives me the error > message that it is the incorrect cert > "cert belongs to a different site" and when i look at the cert via FF > it is all localhost / self signed stufff > > i even yesterday tried to re-issue the old cert > openssl req -new -key www.mydomain.com.key -out www.mydomain.com.csr > > I have removed the ssl on the second domain for now > > in my httpd,conf I am pointing to the key and crt i just created > SSLEngine on > SSLCertificateFile /etc/httpd/conf/ssl.crt/www.mydomain.com.crt > SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.mydomain.com.key > > in the SSL error log i see > [Thu Nov 12 09:26:41 2009] [warn] RSA server certificate is a CA > certificate (BasicConstraints: CA == TRUE !?) > [Thu Nov 12 09:26:41 2009] [warn] RSA server certificate CommonName > (CN) `localhost.localdomain' does NOT match server name!? You need to give us some more information. What have you done to make sure that the right IP is associated with the right SSL instance and certificate? This does not happen automatically. Normally you should have two virtualhosts in your httpd.conf, each with its own SSL directives. Could you show us more of your config? Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Apache Server as Forward Proxy - how to make https and others work?
On Thu, Nov 12, 2009 at 3:28 PM, Panidhar Kunchala wrote: > Hi, > I'm using Apache HTTP server as forward proxy by adding the following lines > in httpd.conf: > > > ProxyRequests On > > > Order deny,allow > Allow from all > > > > > This works perfectly fine for http traffi. But when I use HTTPS or others, > this doesn't seem to work. Let me know what needs to be done for this. HTTPS proxying is somewhat different. You need support for the "CONNECT" methof, so mod_proxy_connect must be enabled. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd]
On Wed, Nov 11, 2009 at 10:21 PM, Stephen Love wrote: > Then it becomes impossible to know if a page REALLY exists or if my emails > are going where intended, or coming from where stated... so am I to assume > that traffic addressing in general has FAILED? No, You are to asume that you need an education in how the internet works. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] A common problem with no help or solution ?
On Fri, Nov 6, 2009 at 5:26 PM, Phil Pinkerton wrote: > this was the prior output > > make: Fatal error: Command failed for target `install-recursive' > Current working directory /svn/src/httpd-2.2.14/modules/aaa Are you running make as root? Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] How to Redirect to https after login?
On Thu, Oct 29, 2009 at 2:19 PM, Octavian Râsnita wrote: >> That's a rather odd requirement. Normally the requirement is to be >> redirected to https _before_ logging in. It is, after all, the login >> data, that you need to protect. >> > > Isn't OK if the login form uses an action="https://..."; attribute? In that case you don't need the redirect the OP asked for. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Re: Mordac is working for our company...
Oops. Wrong list... -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Mordac is working for our company...
For those who don't know who Mordac the Preventer is: http://dilbert.com/strips/comic/2007-11-16/ I'm "SPOC" this week. Single Point Of Contact. That means that all issues first land on my desk. One of our Windows Sysadmins (the unfortunate guys looking after our IP TV infrastructure management decided to build on a windows platform...) came to me with a problem. He needs to install a couple of servers and our DHCP server appears to be down. We have a quite elegant way of bootstrapping machines here. All our machines come with network boot capabilities and are eiter connected to a console server, or to a management modules that allows remote console access. So we usually let servers be shipped directly to the datacenter. The datacentergnomes mount the servers in racks, connect up the ethernet interfaces and tell us where they've put the server, and what switch ports all the interfaces have been connected too. We then can just ask: Connect port # 123-45 (where the ILO module has been connected too) to the management net and 123-46 to the install net. Both have DHCP servers. We have a web interface where we can tell the DHCP server what IP address to provision. The MAC adresses we get from our docs. The install net is configure for PXE boot, and we can, again via the web interface tell the DHCP server which boot image to give a server that requests one. So install is easy. Step 1) Provision DHCP server with the mac adresses of the ILO module and the first ethernet interface respectively. Step 2) Tell the DHCP server which install server you want to use. Step 3) Log in to the ILO and powercycle the machine. When the PXE boot completes you get a nice menu (in the case of our linux install server, don't know how our windows install server looks), where you can select what Linux distro and profile you want installed. Step 4) get a cup of coffee. Step 5) log in to your new server and verify that all is right. We install 10s of servers in just an afternoon this way. But ofcourse, if the DHCP server is down this doesn't work... Si I try to ssh in to the DHCP server. This times out. I ssh in to the ILO instead, and find out that the server is running fine, but eth0 has a status of "link down". So I call the datacenter. After being patched through to different persons I finally learn the the reason our dhcp server has no network connection is the the install VLAN has been shut down. At the request of security. However nobody found it necessary to inform us about this. I tell this a collegue. Another overhears us. "But I have to install 18 machines next Tuesday?". Before I know it the whole floor is standing around us, engaged in lively discussion about how our compelx organisation is gradually making productive work impossible... Anyway. Time to look for a new job maybe... Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] How to Redirect to https after login?
On Thu, Oct 29, 2009 at 11:46 AM, ericdraven wrote:
>
> Hello,
>
> I need some expert help on the following configuration task:
>
> I have a startpage with a standard login form. After a user logs in, he
> should be
> redirected to use https for the rest of the session.
That's a rather odd requirement. Normally the requirement is to be
redirected to https _before_ logging in. It is, after all, the login
data, that you need to protect.
> When I use a rewrite rule as shown below,
> RewriteRule ^/login(.*) https://%{SERVER_NAME}/login$1 [R,L]
> the parameters get lost, because the request is translated to a GET request.
> What do I need to do, to fix this problem?
Use the QSA flag, so the query string doesn't get lost.
Krist
--
krist.vanbes...@gmail.com
kr...@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] mod_proxy+mod_rewrite: hiding redirection
On Tue, Oct 27, 2009 at 10:55 PM, Marcos Mendez wrote:
> I'm using mod_proxy/mod_rewrite to redirect requests to a specific
> script which handles them. For example:
>
>
> RewriteEngine on
> RewriteCond %{HTTP_HOST} !^123.123.123.123 [NC]
> RewriteRule $(.+) http://123.123.123.123/myscript?url=%{REQUEST_URI}
>
>
> This is working great. The question is, can I hide that redirection
> (http://123.123.123.123/myscript?url=thewebsite.com) and keep the
> requested url in the address bar somehow?
Just add the [P] flag to your RewriteRule (and only the P flag...)
Krist
--
krist.vanbes...@gmail.com
kr...@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] apache 2.2.13 ssl problem: wrong certificate being served
On Tue, Oct 27, 2009 at 7:55 PM, Eric Covener wrote: > On Tue, Oct 27, 2009 at 2:50 PM, Krist van Besien > wrote: >> On Tue, Oct 27, 2009 at 7:41 PM, Joseph S wrote: >> >> >>> Now here's the kicker: When I click through the warning in Firefox my logs >>> show that I am going to the second virtual host, the one with the >>> that *.a certificate, even though I'm using the *.* certificate. So how is >>> it apache is sending me to the correct virtual host but serving up the wrong >>> certificate? >> >> At the moment that the SSL handshake takes place apache does not yet >> know which Virtual Host you want to be served by, so it used the >> certificate of the first host. >> >> Read this: >> http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts2 > > This doc is out of date due to SNI! The OP's version clearly doesn't yet support SNI obviously. I don't think it is allready an official feature in the 2.2 tree. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] apache 2.2.13 ssl problem: wrong certificate being served
On Tue, Oct 27, 2009 at 7:41 PM, Joseph S wrote: > Now here's the kicker: When I click through the warning in Firefox my logs > show that I am going to the second virtual host, the one with the > that *.a certificate, even though I'm using the *.* certificate. So how is > it apache is sending me to the correct virtual host but serving up the wrong > certificate? At the moment that the SSL handshake takes place apache does not yet know which Virtual Host you want to be served by, so it used the certificate of the first host. Read this: http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts2 Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] redirect occurs after authorization !!!
On Tue, Oct 27, 2009 at 11:33 AM, J. Bakshi wrote: > ``` > access to /usr/lib/cgi-bin/viewvc.cgi failed, reason: SSL connection > required > ``` > > This is ok as redirection is not working here. Do you have any idea ? My > previous config with could did the redirection though. Hmm. I'm not sure if aliases preempt rewriterules. Maybe that is the problem. I asume everything works if you access directly over https? ie, after entering https://test you are prompted for authentication info, and then see viewvc? Normally if you have set up your config the usual way you should have two virtual hosts in your config, one for http, one for https. What you could do is add the RewriteRule to the http vhost, and the rest to the https vhost. That is how I would do it anyway. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] redirect occurs after authorization !!!
On Tue, Oct 27, 2009 at 11:33 AM, J. Bakshi wrote: > ``` > access to /usr/lib/cgi-bin/viewvc.cgi failed, reason: SSL connection > required > ``` > > This is ok as redirection is not working here. Do you have any idea ? My > previous config with could did the redirection though. Hmm. I'm not sure if aliases preempt rewriterules. Maybe that is the problem. I asume everything works if you access directly over https? ie, after entering https://test you are prompted for authentication info, and then see viewvc? Normally if you have set up your config the usual way you should have two virtual hosts in your config, one for http, one for https. What you could do is add the RewriteRule to the http vhost, and the rest to the https vhost. That is how I would do it anyway. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Enabling HTTP and HTTPs
On Tue, Oct 27, 2009 at 11:15 AM, André Warnier wrote: > Well, kind of, but one could argue about this. ;-) > It seems to me that we are just at the grey line in-between here. > Maybe I should have added one more HTTP VirtualHost in my example, just to > settle it. It doesn't harm to have this NameVirtualHost directive. But it isn't needed either. Hence my remark. Alls NameVirtualHost does is tell the server to look at the Server header when receiving requests on the IP/Port combination mentioned, in order to distinguish between different virtualhosts on the same IP/Port. When you only have one virtualhost on the IP/Port combination you thus don't need this directive. Since you will normally only have one Virtualhost on the IP/Port combination you use for HTTPS you don't need the NameVirtualHost statement. Unless you are bleeding edge re SSL... Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] redirect occurs after authorization !!!
On Tue, Oct 27, 2009 at 7:37 AM, J. Bakshi wrote:
> Hello list,
>
> I have finally able to redirect the viewvc ( svn viewer ) to https. here
> is the configuration
>
> ``
> ScriptAlias /test /usr/lib/cgi-bin/viewvc.cgi
>
>
> RewriteEngine on
> RewriteCond %{HTTPS} off
> RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
>
> AuthType Basic
> AuthName "requires a password"
> AuthUserFile /home/svn/PASSWD
> Require valid-user
>
> ```
>
> This is working fine for both internet and intranet. But I have found
> it first check the authorization through http connection and after
> getting the right password it redirects to https version. Can I
> redirect to http before authentication ?
A couple of notes:
- Using to protect a resource on the local filesystem is a
absolutely bad idea. Your script might be accessible via another URL.
- Your rewrite rule does indeed do the correct redirection, but will
only do this after authentication. This because that is how you've
configured it. You've told your server to require authentication from
anyone accessing /test and this your server does. Authentication
happens very early in request processing, before rewriting.
A better way:
ScriptAlias /test /usr/lib/cgi-bin/viewvc.cgi
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule /test.* https://%{HTTP_HOST}%{REQUEST_URI} [R]
SSLRequireSSL
AuthType Basic
AuthName "requires a password"
AuthUserFile /home/svn/PASSWD
Require valid-user
HTH,
Krist
--
krist.vanbes...@gmail.com
kr...@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Enabling HTTP and HTTPs
On Tue, Oct 27, 2009 at 7:28 AM, André Warnier wrote: > Krist van Besien wrote: >> >> On Mon, Oct 26, 2009 at 9:01 PM, André Warnier wrote: >>> >>> The other way I could think of would be to use virtual hosts, like >>> >>> Listen 80 HTTP >>> Listen 443 HTTPS >>> >>> NameVirtualHost *:80 >>> >>> ... >>> >>> >>> NameVirtualHost *:443 >>> >>> ... (SSL-based config) >>> >> >> You don't need the NameVirtualHost directives. > > Uh ? > "If name-based vhosts should be used a NameVirtualHost directive /must/ > appear with the IP address set to be used for the name-based vhosts. In > other words, you must specify the IP address that holds the hostname aliases > (CNAMEs) for your name-based vhosts via a NameVirtualHost directive in your > configuration file." But you are not using name based virtualhosts here. Not if you have only one virtualhost on port 80, and anothre one on port 443. Namevirtualhosts don't work (yet) for https anyway. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Enabling HTTP and HTTPs
On Mon, Oct 26, 2009 at 9:01 PM, André Warnier wrote: > > The other way I could think of would be to use virtual hosts, like > > Listen 80 HTTP > Listen 443 HTTPS > > NameVirtualHost *:80 > > ... > > > NameVirtualHost *:443 > > ... (SSL-based config) > You don't need the NameVirtualHost directives. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] mod_rewrite, mod_proxy and AAA
On Sun, Oct 25, 2009 at 12:12 PM, André Warnier wrote: > Similarly, the doc. for ProxyPass indicates : > Context: server config, virtual host, directory > > Does the above mean that they apply also to a section ? You can use Proxy and ProxyPass directives in a container, but the syntax changes. As the docs mention: "When used inside a section, the first argument is omitted and the local directory is obtained from the ." So this: ProxyPass /getit http://another-host.com/getit ProxyPassReverse /getit http://another-host.com/getit And this: ProxyPass http://another-host.com/getit ProxyPassReverse http://another-host.com/getit Are both equivalent... > I would like however, that *before* the above proxying to the back-end takes > place, such requests would be subject to AAA on the front-end server. For > this, I would define a as follows : If you want to use a block to protect proxied content you will need to use the url you're proxying too. So this would have to be: http://another-host.com/getit> # AAA directives So you can't really combine them with your Proxy directive... In your case though I would use a block. Makes it easier for the next person reading your config to understand what is going on. So then your config would become something like: RewriteRule ^/cgi-bin/script.pl$ /getit [P] ProxyPass /getit http://another-host.com/getit ProxyPassReverse /getit http://another-host.com/getit http://another-host.com/getit> # Your AAA directives go here... This aproach has the advantage that you are actually protecting the _target_ of your rewrite (which is what I asume you want), and not the original URL. So even if you proxy other URLs to your backend they will also require authentication. BTW, you could combine your rewrite and your proxypass statements: RewriteRule ^/cgi-bin/script.pl$ /getit http://another-host.com/getit [P] HTH, Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
