Re: [EMAIL PROTECTED] Blank page with Apache and PHP running
Hi! I set up my Apache 2.2.4 and PHP-5.2.2 on MS Vista. Wrote a test file with just one php statement. i.e. ? phpinfo(); ? is written in Should be ?php phpinfo(); ?, not ?. ? is a short form that is no longer supported by default, unless you enable it in the php.ini file. It conflicts with xml syntax. Also when testing your php code, make sure to enable display error messages in the php.ini, so you can see your php code errors. test.php file. Later went to my web browser and wrote http://localhost/test.php and a blank page came up. It seems that my web server and php engine is working cause when I start the web server I got something like Apache/2.2.4(Win32)PHP/5.2.2. Why I get a blank page and not the system information that the php engine provides? Is anybody out there that can help me out? - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Turning Directory Browsing Off
Hi Group, How do you turn Directory Browsing off. For when a user hits a folder without an document index page it doesn't let them browse the websites's files. Thanks, Mark. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Turning Directory Browsing Off
Joshua Slive wrote: On 5/16/06, Mark McCulligh [EMAIL PROTECTED] wrote: Hi Group, How do you turn Directory Browsing off. For when a user hits a folder without an document index page it doesn't let them browse the websites's files. Find the Options directive that applies to that directory and remove its Indexes option or add Options -Indexes to a Directory section applying to that directory. Joshua. Just double checking, change my directory from: Directory /www Options Indexes FollowSyncLinks AllowOverride None Order Allow, deny Allow from all /Directory to: Directory /www Options -Indexes +FollowSyncLinks AllowOverride None Order Allow, deny Allow from all /Directory Mark. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Turning Directory Browsing Off
Joshua Slive wrote: On 5/16/06, Mark McCulligh [EMAIL PROTECTED] wrote: Joshua Slive wrote: On 5/16/06, Mark McCulligh [EMAIL PROTECTED] wrote: Hi Group, How do you turn Directory Browsing off. For when a user hits a folder without an document index page it doesn't let them browse the websites's files. Find the Options directive that applies to that directory and remove its Indexes option or add Options -Indexes to a Directory section applying to that directory. Joshua. Just double checking, change my directory from: Directory /www Options Indexes FollowSyncLinks AllowOverride None Order Allow, deny Allow from all /Directory to: Directory /www Options -Indexes +FollowSyncLinks AllowOverride None Order Allow, deny Allow from all /Directory That looks like a garbage config. Directory refers to file-system directories, like /usr/local/apache2/htdocs, not web directories. There is no FollowSyncLinks. And there is no need to add the +/-. Just remove the option you don't want (Indexes). The +/- is only necessary if you want to merge the options with the options setting for a parent directory. Joshua. What should it look like? I have a default Directory set to Deny all (Install default) Directory / Options FollowSynLinks AllowOverride None Order deny, allow Deny from all /Directory I then have my Virtual Host websites in the folder /www and made this directory available. Directory /www Options -Indexes FollowSyncLinks AllowOverride None Order Allow, deny Allow from all /Directory I then of course have all my VirtualHost Document Root something like /www/example_com I through this was the best way to do it, if not what is the best(or better) way. thanks for your help, Mark. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Turning Directory Browsing Off
Joshua Slive wrote: On 5/16/06, Mark McCulligh [EMAIL PROTECTED] wrote: What should it look like? I have a default Directory set to Deny all (Install default) Directory / Options FollowSynLinks AllowOverride None Order deny, allow Deny from all /Directory I then have my Virtual Host websites in the folder /www and made this directory available. Directory /www Options -Indexes FollowSyncLinks AllowOverride None Order Allow, deny Allow from all /Directory There is still no FollowSyncLinks option. You mean FollowSymLinks. You do not need the -Indexes part. If indexes is not present on the line, then they are turned off (as long as the other options on the line do not use +/-). The Directory /www is correct only if /www is a directory off the root of your filesystem. In other words, you can get there by going cd /www at the unix prompt. Joshua. Thanks Joshua for your help. I think I got it figure out now. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Apache will not start
Hi Group, I have a Ferdora Core 4 system with Apache 2.0.54 installed from rpm and it is work fine. I then installed PostgreSQL 8.1.3, MySQL 4.1.18 and PHP 4.4.2 from their tarballs. Everything compiled without any errors that I saw. When I add LoadModule PHP4 line to httpd.conf apache will not start. If I do a configtest the syntax is ok, but get the message FAILED when I run start. There is no messages in the error log file and it displays no error messages to me. Just says failed. How to I figure out that the problem is without any error messages or is there another log file I can look for an error message in. Thanks, Mark - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Apache will not start
Joshua Slive wrote: On 2/21/06, Mark McCulligh [EMAIL PROTECTED] wrote: Hi Group, I have a Ferdora Core 4 system with Apache 2.0.54 installed from rpm and it is work fine. I then installed PostgreSQL 8.1.3, MySQL 4.1.18 and PHP 4.4.2 from their tarballs. Everything compiled without any errors that I saw. When I add LoadModule PHP4 line to httpd.conf apache will not start. If I do a configtest the syntax is ok, but get the message FAILED when I run start. There is no messages in the error log file and it displays no error messages to me. Just says failed. How to I figure out that the problem is without any error messages or is there another log file I can look for an error message in. Try starting httpd or apachectl directly rather than through the redhat scripts. But I'd give at least 3:1 odds that your problem is improper SELinux configuration on your new modules, meaning that the SELinux-restricted httpd cannot load them or one of their dependencies. I don't have the recipe for the solution, but check the links under Permission Denied here: http://httpd.apache.org/docs/2.2/faq/error.html#error.permissiondenied Thanks Joshua, I will disable SELinux and see if it solves my problem. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] SSL / HTML question
If you have a login html (http://www.ex.com/login.html) where the form action is to a https website (https://www.ex2.com/login_script.php). Will the login information be submitted encrypted. Or does the user first have to be on to the secure website before loggin in? Just wondering when you go from http(80) to https(443) when does the data start to be secured? Thanks, Mark. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] SSL / HTML question
Joshua Slive wrote: On 2/6/06, Mark McCulligh [EMAIL PROTECTED] wrote: If you have a login html (http://www.ex.com/login.html) where the form action is to a https website (https://www.ex2.com/login_script.php). Will the login information be submitted encrypted. Or does the user first have to be on to the secure website before loggin in? Just wondering when you go from http(80) to https(443) when does the data start to be secured? Each request is independent. So when the user hits the POST button, a new request is started to the https server that will carry the data encrypted. But this scheme is subject to man-in-the-middle attacks. An attacker with access to the wire could replace login.html with his own page that looks the same but directs the POST to his own server. So unless you have users that always carefully examine the web page source code, you should make the form ecrypted as well. Thanks Joshua, just what I wanted to know. In short what I am doing is I have a couple static websites and one secure website they can login in to manage their website. The clients want the login form on their website and I don't what to purchase multiple SSL just for the login form. The client should alway be logging in on their website for I hope they reallize if they where not on their website. But as we all know users can be stupid or though emails ask you to click here to verify your credit card wouldn't still be out there. Mark. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- ___ Mark McCulligh, Web Consultant VisualTech Components www.VisualTech.ca [EMAIL PROTECTED] (519)318-7905 - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] SSL / HTML question
Joshua Slive wrote: On 2/6/06, Mark McCulligh [EMAIL PROTECTED] wrote: The client should alway be logging in on their website for I hope they reallize if they where not on their website. I'm not sure if you understood or not, but my point was that a man-in-the-middle could make it look exactly like they were on their own site. He could simply replace the target URL on the form to point to his own site. (If you checked the URL-bar, you might see after-the-fact that you had gone to the wrong site. But the data would already be stolen.) I think you misunderstood my reply. I was just trying to explain my setup. This type of attack can be pulled off even if the login form is secured. The attacker just has create a login page that looks like mine and get the user to use it. A lot of users won't realize they are on the wrong website and the lock(secure) is missing. We have all seen those Paypal emails that try and get you to click on the link and login. Mark. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- ___ Mark McCulligh, Web Consultant VisualTech Components www.VisualTech.ca [EMAIL PROTECTED] (519)318-7905 - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] SSL / HTML question
Joshua Slive wrote: On 2/6/06, Mark McCulligh [EMAIL PROTECTED] wrote: This type of attack can be pulled off even if the login form is secured. The attacker just has create a login page that looks like mine and get the user to use it. A lot of users won't realize they are on the wrong website and the lock(secure) is missing. We have all seen those Paypal emails that try and get you to click on the link and login. Yes, it is easy to fool the average user. The difference with the man-in-the-middle attack is that it would fool a relatively sophisticated user. There is essentially no way to tell your info is about to be stolen unless you view-source and analyze the code. For the other attacks you mention, a quick look at the URL bar will tell the story. (But I agree that most users don't even bother to do that.) I think I now understanding the attack. They are changing the response information when the login form is being sent to the user in plain text. I first thought you where telling me the attacker was getting the user to go to a different URL and log in. Mark. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- ___ Mark McCulligh, Web Consultant VisualTech Components www.VisualTech.ca [EMAIL PROTECTED] (519)318-7905 - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] how to get asp on apache ?(asap)
Have a look at Sun Java System Active Server Pages (formly Chilisoft) http://www.sun.com/software/chilisoft/index.xml It will let you run ASP (NOT ASP.NET) on Linux. I used it about 3-4 years ago when I made the switch from Windows(IIS) to Linux(Apache). Used it for a couple years until I got all my old ASP code converted to PHP. PS It is not free enough, you have to purchase this software. But it works great. Mark. mohan devanoor wrote: Thanks William, problem is solved with mod_perl but how to create any asp program to run on apache?? Your help would be appreciated... */William A. Rowe, Jr. [EMAIL PROTECTED]/* wrote: mod_aspdotnet and mod_mono only support aspx - not asp. modperl also doesn't support 'vb' or other non-perl .asp pages, only asp pages in perl. Devraj Mukherjee wrote: Hi Mohan, I have no experience with Apache::ASP but It's worth looking at mod_mono that supports ASP .NET on Apache. Devraj mohan devanoor wrote: hello all, i have apache 2.0.55 and perl. and i installed mod_perl in order to get asp run on my apache. g t; i copied eg/ folder to htdocs but couldnt get the asp page in IE. iam a newbie for apache::asp . can any one tell me the procedure to get asp page on my server. Your help would be appreciated... Thanks Brings words and photos together (easily) with PhotoMail - it's free and works with Yahoo! Mail. - The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] . - The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Relax. Yahoo! Mail virus scanning http://us.rd.yahoo.com/mail_us/taglines/viruscc/*http://communications.yahoo.com/features.php?page=221 helps detect nasty viruses! -- ___ Mark McCulligh, Web Consultant VisualTech Components www.VisualTech.ca [EMAIL PROTECTED] (519)318-7905 - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] apache hacked to send spam!
It most likely the php mail() function. With the default install/config when the mail() function sends an email it is sent by the Apache user. If it is going to someone you know over and over (aka a client) it could be a contact us page. Mark. maillists wrote: Hello List, I have been trying to isolate attacks on my server where someone is using apache to send spam from my host. I have been hit quite a bit in the past 2 days. Some of my websites have web forms, but I'm pretty sure that they are tight. This is a new line item in my daily Logwatch in the sendmail area that just started to appear with the spam attacks: snip Authentication warnings: apache set sender to [EMAIL PROTECTED] using -f: 7 Times(s) /snip ([EMAIL PROTECTED] is a real user on my host.) Does anybody know what this means? Where should I start to find the problem? I am using Redhat9 Apache/2.0.40 php-4.2.2-17.2 sendmail-8.12.8-9.90 sendmail-cf-8.12.8-9.90 mailscanner-4.23-11 mailscanner-mrtg-0.05-3 clamav-0.88 Interchange 5.4 Thanks! Rick - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- ___ Mark McCulligh, Web Consultant VisualTech Components www.VisualTech.ca [EMAIL PROTECTED] (519)318-7905 - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] SSL Logs and AWStats
I was wondering what is the different between TransferLog and
CustomLog. The only difference I can see is that with the TransferLog
you cannot give it a log format or give it any other parameters. If
this is true why use the TransferLog when the CustomLog does the same
thing and has move features.
Thanks,
Mark.
Axel-Stéphane SMORGRAV wrote:
Your non-SSL virtual host logs to access_log using the combined log format which AWStats parses correctly.
Your SSL virtual host logs to access_log using the common format (by default).
Since the combined format is parsed correctly, I suggest that you replace the
TransferLog directive in the SSL VH by the same CustomLog directive used in the non-SSL
virtual host. If you are logging to the same file, you may just as well use the same
format...
-ascs
-Original Message-
From: Mark McCulligh [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 17, 2006 5:59 PM
To: Apache User group
Subject: [EMAIL PROTECTED] SSL Logs and AWStats
Hi Group,
I have been looking at how to get AWStats to read SSL logs. And only
finding other people looking for the same thing, but no real answers.
Below is how I have my VirtualHost setup. Built using the examples in
the docs
VirtualHost 192.168.102.10:80
...
ErrorLog /usr/local/httpd/logs/site1/error_log
CustomLog /usr/local/httpd/logs/site1/access_log conbined
LogLevel emerg
/VirtualHost
VirtualHost 192.168.102.10:443
...
ErrorLog /usr/local/httpd/logs/site1/error_log
TransferLog /usr/local/httpd/logs/site1/access_log
CustomLog /usr/local/httpd/logs/site1/ssl_request_log \
%t %h %{SSL_PROTOCOL}x %{SLS_CIPHER}x \%r\ %b
/VirtualHost
AWStats is reading the access_log file and of course when it read the
records from SSL they come up as corrupted records. How do you get
AWStats to read the SSL logs?
Thanks,
Mark.
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
___
Mark McCulligh, Web Consultant
VisualTech Components www.VisualTech.ca
[EMAIL PROTECTED]
(519)318-7905
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] SSL Logs and AWStats
Joshua Slive wrote:
On 1/18/06, Mark McCulligh [EMAIL PROTECTED] wrote:
I was wondering what is the different between TransferLog and
CustomLog. The only difference I can see is that with the TransferLog
you cannot give it a log format or give it any other parameters. If
this is true why use the TransferLog when the CustomLog does the same
thing and has move features.
TransferLog only exists for historical reasons. There is no reason to use it.
Joshua.
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Thanks, I was wondering if that was the reason.
If TransferLog is for historical reasons would it be better to have your
SSL VirtualHost Log setup like this:
VirtualHost 192.168.102.10:443
...
ErrorLog /usr/local/httpd/logs/site1/error_log
CustomLog /usr/local/httpd/logs/site1/access_log combined
CustomLog /usr/local/httpd/logs/site1/ssl_request_log \
%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\ %b
/VirtualHost
Trying to figure out the best way to log SSL websites. Starting with the
examples in the Apache docs.
Thanks,
Mark
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] SSL Logs and AWStats
Axel-Stéphane SMORGRAV wrote:
That's exactly what I was suggesting.
-ascs
-Original Message-
From: Mark McCulligh [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 18, 2006 4:08 PM
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] SSL Logs and AWStats
Joshua Slive wrote:
On 1/18/06, Mark McCulligh [EMAIL PROTECTED] wrote:
I was wondering what is the different between TransferLog and
CustomLog. The only difference I can see is that with the TransferLog
you cannot give it a log format or give it any other parameters. If
this is true why use the TransferLog when the CustomLog does the same
thing and has move features.
TransferLog only exists for historical reasons. There is no reason to use it.
Joshua.
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Thanks, I was wondering if that was the reason.
If TransferLog is for historical reasons would it be better to have your SSL
VirtualHost Log setup like this:
VirtualHost 192.168.102.10:443
...
ErrorLog /usr/local/httpd/logs/site1/error_log
CustomLog /usr/local/httpd/logs/site1/access_log combined
CustomLog /usr/local/httpd/logs/site1/ssl_request_log \
%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\ %b
/VirtualHost
Trying to figure out the best way to log SSL websites. Starting with the
examples in the Apache docs.
Thanks,
Mark
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Thanks, I just wanted to understand the difference between TransferLog
and CustomLog before I made the change.
Mark.
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] SSL Logs and AWStats
Hi Group,
I have been looking at how to get AWStats to read SSL logs. And only
finding other people looking for the same thing, but no real answers.
Below is how I have my VirtualHost setup. Built using the examples in
the docs
VirtualHost 192.168.102.10:80
...
ErrorLog /usr/local/httpd/logs/site1/error_log
CustomLog /usr/local/httpd/logs/site1/access_log conbined
LogLevel emerg
/VirtualHost
VirtualHost 192.168.102.10:443
...
ErrorLog /usr/local/httpd/logs/site1/error_log
TransferLog /usr/local/httpd/logs/site1/access_log
CustomLog /usr/local/httpd/logs/site1/ssl_request_log \
%t %h %{SSL_PROTOCOL}x %{SLS_CIPHER}x \%r\ %b
/VirtualHost
AWStats is reading the access_log file and of course when it read the
records from SSL they come up as corrupted records. How do you get
AWStats to read the SSL logs?
Thanks,
Mark.
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Apache 2.2.0 and Basic AuthType
Hi Group, I cannot get Basic AuthType to work with Apache 2.2.0. Has something changed between versions, like I have to uncomment something. I am not going any special just a simple Basic Auth Directory folder_name AuthType Basic AuthName Login AuthUserFile /usr/local/httpd/pwd/users.pwd Require valid-user /Directory When you access the folder it does not prompt the user to login, just displays the forbidden(403) error message right away. If I turn off Basic AuthType and allow from all everything works. Thanks, Mark. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Apache 2.2.0 and Basic AuthType
Joshua Slive wrote: On 1/6/06, Mark McCulligh [EMAIL PROTECTED] wrote: Joshua Slive wrote: On 1/6/06, Mark McCulligh [EMAIL PROTECTED] wrote: Hi Group, I cannot get Basic AuthType to work with Apache 2.2.0. Has something changed between versions, like I have to uncomment something. I am not going any special just a simple Basic Auth Directory folder_name AuthType Basic AuthName Login AuthUserFile /usr/local/httpd/pwd/users.pwd Require valid-user /Directory When you access the folder it does not prompt the user to login, just displays the forbidden(403) error message right away. If I turn off Basic AuthType and allow from all everything works. What does the error log say? Joshua. The access log file just have one line: IP - - date GET filename HTTP/1.1 403 370 - browser The error log file has nothing. Everything is much harder if you randomly obscure parts of your configuration and log entries. Are you sure you have all the modules you need included in the server? You'll need at least mod_auth_basic, mod_authn_file, and mod_authz_user. Joshua. Sorry for leaving part out, just a lot of typing that I did not think was important. Here is everything: I configured Apache 2.2.0 with all modules on ./configure --prefix=/usr/local/httpd --enable-modules=all --enable-ssl --enable-so In the httpd.conf file I uncommented the httpd-vhosts.conf, httpd-ssl.conf and httpd-default.conf options. No other changes. I then added AWStats 6.5 to the server and added Basic Auth to the awstats folder to protect it. This is want I added to the end of httpd.conf file /# # Directives to add to your Apache conf file to allow use of AWStats as a CGI. # Alias /awstatsclasses /usr/local/awstats/wwwroot/classes/ Alias /awstatscss /usr/local/awstats/wwwroot/css/ Alias /awstatsicons /usr/local/awstats/wwwroot/icon/ ScriptAlias /awstats/ /usr/local/awstats/wwwroot/cgi-bin/ # # This is to permit URL access to scripts/files in AWStats directory. # Directory /usr/local/awstats/wwwroot / AuthType Basic AuthName Login AuthUserFile /usr/local/httpd/pwd/users.pwd Require valid-user //Directory / When I try to access the /awstats/awstats.pl file I get a 403 error, browser does not prompt me to login. It work fine if I don't add Basic Auth to the wwwroot folder. [AWStats default setup] My access_log file has one line 10.197.29.143 - - [06/Jan/2006:13:14:09 -0500] GET /awstats/awstats.pl HTTP/1.1 403 370 - Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322) I create the user.pwd file using the htpasswd command htpasswd -c users.pwd testuser Is there anything else you would like to know about my configuration? In short I just configured Apache 2.2.0, setup vhost and ssl. Then tried to add AWStats. Thanks for you help, Mark. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users@httpd] Windows, Apache and an ASP Module
The problem with ASP on Apache is that are you talking ASP or ASP.NET? The best ASP on Apache is Sun ASP (aka Chilisoft) It will cost $500US. But it works well, I used it for about 2 years when I made the changes from Windows(IIS) to Linux(Apache). I don't use it now as I slowly converted everything to PHP, But I had no problem when I was using it. The problem is that most people are finally upgrading from ASP to ASP.NET while Sun ASP cannot run. ASP.NET has been out I think 5 years now. If you are looking to run .NET on Linux then look at the Mono Project. The project has taken the .NET Framework and ported it over. I don't know if the Mono Project will let you host ASP.NET websites on Linux. (I would think so). But for your question, I don't know if you can install the Mono Project on Windows to be able to run ASP.NET on Apache. Or maybe install the Microsoft Framwork and link Apache to it through something. My Mono Prject experience is doing some C# internal applcations, not ASP.NET. In short, ASP can be done easily with Sun ASP (But cost $500) ASP.NET through Apache on Windows I don't know. Mark. Arthur Guy wrote: Surely someone on this mailing list is using asp pages with apache and running windows. I really need an idea of what module to use to process the asp pages Thanks Arthur -Original Message- From: Joshua Slive [mailto:[EMAIL PROTECTED] Sent: 19 June 2005 19:43 To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] Windows, Apache and an ASP Module On 6/19/05, Arthur Guy [EMAIL PROTECTED] wrote: This is my first post to this mailing list so I hope I am not making a mistake. I currently have a website written in ASP running on IIS; I am setting up another system with php, apache and windows and would like to run the asp site on there as well. I have been looking for different ASP modules but I haven't had much luck, the apache site lists 3, one costs $500, the other doesn't seem to be windows ready and the other uses perl in some way which is something I don't really want to touch. Does anyone have Windows, Apache and ASP working? What ASP package are you using? 'a star solutions' disclaimer The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient of this message you are hereby notified that any use, review, retransmission, dissemination, distribution, reproduction or any action taken in reliance upon this message is prohibited. If you received this in error, please contact the sender and delete the material from any computer. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of the company. We believe that this communication is free from viruses and other potentially dangerous programmes, but the recipient opens this communication at their own risk. We assume no responsibility for any loss or damage arising from the receipt or use of this communication - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- ___ Mark McCulligh, Web Consultant VisualTech Components www.VisualTech.ca [EMAIL PROTECTED] (519)318-7905 - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
