Re: [users@httpd] LetsEncrypt.org with Virtual Hosting

2016-06-14 Thread Mathijs Schmittmann 
Hi Filipe,
>
> > Notice that SSLCertificateFile and SSLCertificateKeyFile are the
> > same for both of the domains, because they use the same key of
> > example.com .  The website, example.com
> >  works perfectly fine.  But example.info
> >  has serious problems (On the order of
> > NET::ERR_CERT_COMMON_NAME_INVALID).  Who has an idea on how to fix
> > this?  I can't experiment too much because I'm limited to 5 keys
> > per week so learning this myself is a very slow-track process.
You might find this interesting:
https://community.letsencrypt.org/t/testing-against-the-lets-encrypt-staging-environment/6763

Letsencrypt provides a staging environment with much more lenient
ratelimiting, but of course not signed with the official intermediate
certificate.

Br,
Mathijs




signature.asc
Description: OpenPGP digital signature

[users@httpd] RewriteMap overlap with ProxyPass

2015-11-03 Thread Mathijs Schmittmann 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi all,

I have the following configuration on a 2.2.x installation:


ProxyPass /foo ajp://10.20.30.40/bla
RewriteMap bar txt:/var/www/html/map.txt
RewriteCond ${bar:$1} >""
RewriteRule ^/(.*)$ ${bar:$1}


Now in the map.txt file there is content like this:
bla/ target/bla.html
foo/ target/foo.html

The second line in the rewritemap file will never be processed it
seems, because requests to /foo are 'intercepted' by the ProxyPass
before any rewrite actions are applied.

Is there any way to make the rewritemap precede the proxypass directive?

Best regards,
Mathijs Schmittmann
-BEGIN PGP SIGNATURE-
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJWOIAZAAoJEHU+9B0GxpC8/dsP/160AFslOqMB5Q4ZfYtl6iUl
gNtahOEHSl40BA3VAlQ2cH4mUNkgcga77JPjB7j6PIhL9rIETnaXikKC3QDz95ml
qRUB12TVu6EvKQHWVHYVv5P8wHq8RWW1RfpPwiV6P0d01dcKn1P0BtkNpwhhSa8h
j6NGO9sbsLwCpzdM9Gxj6ZxgHoAya/EFSforZ92haopGn2WtdOWw0sUyP3P8/l7d
BN58kP8cy+X87tsS1aPCcNpV/lA6yJTm/gnLA02Gx7IDkUXzSsLm/CUfzxGe1RyS
B6+iz80mFvzNBJhA/viUBBKENAW7dRJ92ZV4id61sST7AFeiTKyBgIFtSw6JmbPp
B00K9nZd3MTwzjbgP+hL8TeLHE2qRG113ZZ+zLrdT7YbGE1LxFYQ3a2oB1YdH8wt
lBu1lVKqr2UQbnH/6ttXl403teklZiQWvh3JjTyu78jswuG1NrmTKu2YkO6sU7Cj
gJHT/diXlDvMZhUF++INj9YmWaTyaLVbCJ32lff6D3VHyFMDVEb8YJiRWmDJAkls
Gdky+fP5UxQqPxfW9XQZ84fVQTKwCytvLH5bY20ZI5nUEFku4oQo/HshCtPNmIfK
KH5uhj/2ZEZrEvAe+Ed+8TaCARUKOWJ2A5SWPd01HVqM2ZRGtdwM+m39hFG0Ji4O
P40gWGkuF+tn2Au+OQ4k
=O7J2
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: AW: [users@httpd] Is it possible to install apache server with non-root user [wd-vc]

2015-10-29 Thread Mathijs Schmittmann 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

It is possible to make the httpd bind to ports <1024:

https://wiki.apache.org/httpd/NonRootPortBinding

On 29/10/15 10:49, Bremser, Kurt (AMOS Austria GmbH) wrote:
> Since httpd requires root privilege to bind to port 80, it needs to
> be run by the superuser, so from a security POV it should NOT be
> installed by another userid. You also need root privilege on many
> UNIXen to run the child processes under a different userid, if such
> is specified in the User directive of the configuration file.
> 
> Kurt Bremser AMOS Austria
> 
> Newton was wrong. There is no gravity. The Earth sucks. 
> --
- --
>
> 
*Von:* VELIDANDI, RAMAKRISHNA [ramakrishna.velida...@unilever.com]
> *Gesendet:* Donnerstag, 29. Oktober 2015 09:55 *An:*
> users@httpd.apache.org *Betreff:* [users@httpd] Is it possible to
> install apache server with non-root user [wd-vc]
> 
> Hi Team,
> 
> 
> 
> Is it possible to install apache server with non-root user ?
> 
> If yes, What are the groups required for non-root user ?
> 
> 
> 
> Please share the info in  detail.
> 
> 
> 
> 
> 
> *Thanks & Regards* *Ram* SAP BASIS - IBM GBS 5th Floor, Tower A,
> Prestige Shantiniketan, The Business Precinct,
> 
> Whitefield Main Road, Bangalore - 560048, India.
> 
> Off: 080 49281569
> 
> 
> 
> 
> AMOS Austria GmbH 1130 Wien, Hietzinger Kai 101-105 FN 365014k,
> Handelsgericht Wien UID: ATU 66614737
> 
> http://www.allianz.at
> 
>  Dieses
> E-Mail und allfaellig daran angeschlossene Anhaenge enthalten
> Informationen, die vertraulich und ausschliesslich fuer den (die)
> bezeichneten Adressaten bestimmt sind. Wenn Sie nicht der genannte
> Adressat sind, darf dieses E-Mail samt allfaelliger Anhaenge von
> Ihnen weder anderen Personen zugaenglich gemacht noch in anderer
> Weise verwertet werden. Wenn Sie nicht der beabsichtigte Empfaenger
> sind, bitten wir Sie, dieses E-Mail und saemtliche angeschlossene 
> Anhaenge zu loeschen.
> 
> Please note: This email and any files transmitted with it is 
> intended only for the named recipients and may contain confidential
> and/or privileged information. If you are not the intended
> recipient, please do not read, copy, use or disclose the contents
> of this communication to others and notify the sender immediately.
> Then please delete the email and any copies of it. Thank you. 
> 
-BEGIN PGP SIGNATURE-
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJWMev4AAoJEHU+9B0GxpC8QwIQALXZVcRLLC29IOXZ7oz3DZNm
it6dxF7Qe8BR62INHBSJxq775jh+lb7H7cfx+coQJhsCdmS10E8M8Z2l6/7WiVBV
hjwnnt3ahyX0rNU+e19oI408ZLpNFWtcMeJiNB+hb2WOl4HyUeeBLHsEuXElaEQK
BhjK/xRkPNBAVlQHUQv8aUtN6jydNFfYz6QEHCdwjbGeMVPByZbeIp7UvgfffnXZ
Z76q/28UkgEsNTi+O51JVCKlruLwNrbIg8dvCQNVLjOD/3dZ4E2XEz13fLXeumhA
oiicnsvLE25yulFCvAJ/WtUa7vM/qAJ9h0bLon3Rcnmtap+8+WNR9FtqQurZbx44
4nzwjqMYNvNMeX6owNGbYiyTN+vcltpwKwIVZiS7EKkHuO23ZU+rzbA641XhgeKQ
lE97XKsBC/VVj2BOiQCK7acvKx5evRTWzq+lcA+OzveSvcNWhRYmnhjn3I8UK8Vf
9QlamY0Mec1kDX1UKGw+8ssamU7LpqA6fYyGe8GiMQYPLVLBX5ovzl+Nb1CmPf2X
KW9/YffzCSBts5CIIsvKfPx9vNmMunYDNJUc6JvUSZpQkyC/a/iXkTVzOwDIbsX1
7Oj+pUqRM6wcDv0Rpb2IfD7N9R0vhQZQO6pF3i03wYOfcaBCo3Taem7JznC9pYlE
Yhj0q55w57k/MsAP4YLa
=Myu1
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] virtual host configuration

2015-07-23 Thread Mathijs Schmittmann 
K R schreef op 7/23/2015 om 9:44 PM:
> Hi,
> my customer want to configure virtual host for 5 website in one apache
> environment .  do i have to get 5 ip addresses from network team.
> 
> Can someone please point me on how can i achieve the same 

No, you should create 5 virtualhosts in your configuration and let the
Apache HTTPD listen on 1 IP. Based on which website is requested
(technically based on the 'Host' header in the HTTP request) the httpd
will select the right DocumentRoot for serving a response.

For more information about virtualhosts:
http://wiki.apache.org/httpd/ExampleVhosts
http://httpd.apache.org/docs/current/vhosts/examples.html

> 
> Thanks in advance

Best regards,
Mathijs Schmittmann

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Fwd: E tag numbers

2015-05-11 Thread Mathijs Schmittmann 
Hi Steve,

ETag numbers are - roughly - checksums of the files being requested
which can be used in caching mechanisms.

The only directive in the configuration of an Apache HTTP server
directly related to the ETag validator is 'FileETag':
http://httpd.apache.org/docs/current/mod/core.html#fileetag

Please take a look at these pages for a more thorough explanation:

http://en.wikipedia.org/wiki/HTTP_ETag
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html (Section 14.19)

Best Regards,
Mathijs Schmittmann

steve owen schreef op 5/11/2015 om 6:16 PM:
> 
> 
> Sirs,
> 
> 
> 
> Don't know if I'm following the correct protocol! This is the enquiry I sent 
> Eric he 
> 
> informed that I should join this format. 
> 
> 
> 
> I would like an answer to the questions below if possible.
> 
> 
> 
> regards  Steve
> 
> 
> 
> - Original Message - 
> 
> From: steve owen 
> 
> To: webmas...@apache.org
> 
> Sent: Mon May 11  9:46
> 
> Subject: Fwd: E tag numbers
> 
> 
> 
> 
> 
> Dear Sirs,
> 
> 
> 
> Wonder if you could assist:-
> 
> 
> 
> I know that the majority of web sites/domains use Apache servers.
> 
> 
> 
> I'm currently tracking a number of Domains that are consistently using the 
> Internet for 
> 
> fraudulent purposes.
> 
> 
> 
> If a Domain uses Apache for it's server and a given E tag number, who 
> provides the E tag ? 
> 
> Is it allocated or purchased?
> 
> 
> 
> It would appear from my investigations that at least 5 Domains appear to be 
> using the 
> 
> identical E tag number, is this possible?  They also use the exact same 
> Apache server 
> 
> reference.
> 
> 
> 
> I can provide the details should you require for assistance. I do trust you 
> can assist, 
> 
> this is an extremely important matter, many thanks.
> 
> 
> 
> Kind regards 
> 
> 
> 
> Steve Owen
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
> 

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache won't start, strace output enclosed

2014-01-16 Thread Mathijs Schmittmann 
- Original Message -
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> Hi all,
> 
> Ack!
> 
> This is apache 2.2.25 compiled from source but on a CentOS 6.5 system.
> Notably, I included all modules in the build.

You might want to start to build with a minimal set of modules, to exclude any 
of them from being the cause. Why did you compile with all modules to start 
with?

> 
> I was trying to add a subdomain, ran into memory allocation problems
> and so tweaked the settings accordingly. Here are the current settings
> and I have no idea how sensible they are:
> 
> 
> StartServers   4
> MinSpareServers4
> MaxSpareServers   64
> ServerLimit   512
> MaxClients512
> MaxRequestsPerChild  512
> 
> 
> StartServers 4
> MaxClients 512
> MinSpareThreads 32
> MaxSpareThreads 64
> ThreadsPerChild 16
> MaxRequestsPerChild  0
> 

This depends on which MPM you are currently running, see your httpd -V output 
for this information. Obviously the specific settings will be different in each 
usecase, depending on load and resources available.

> 
> Now it won't start at all and writes nothing to the error log. So I
> managed to get strace going on it. These are the last few lines of the
> output:
> 
> open("/etc/localtime", O_RDONLY)= 82
> fstat(82, {st_mode=S_IFREG|0644, st_size=2819, ...}) = 0
> fstat(82, {st_mode=S_IFREG|0644, st_size=2819, ...}) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0) = 0x7fce20292000
> read(82,
> "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0\0"...,
> 4096) = 2819
> lseek(82, -1802, SEEK_CUR)  = 1017
> read(82,
> "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\5\0\0\0\5\0\0\0\0"...,
> 4096) = 1802
> close(82)   = 0
> munmap(0x7fce20292000, 4096)= 0
> write(43, "[Thu Jan 16 19:49:38 2014] [erro"..., 98) = 98
> exit_group(1)

The last write call shows that its logging an error to the errorlog, are you 
sure you have looked at the right errorlog? You might want to try to 'strace -s 
4096 ...' so the entire message is captured in the trace.

> 
> As you might imagine, I'm in a bit of a panic. What's going wrong?
> 
> Thanks!
> - --
> David Benfell
> see https://parts-unknown.org/node/2 if you don't understand the
> attachment
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2.1.0-ecc (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> 
> iQIcBAEBCgAGBQJS2K3RAAoJEKrN0Ha7pkCOWP8P/23HK4h3KQ0ERVn5LN8l85t+
> c+ZbjWsc3G+5LsU8sRhgx6724ZFi4Mo3v2pq1UAXpeGToa0QqUfteXFtepLz5X++
> 0gJUy84gphrz3P5XZEHO51l1tH4RhBovVOUoWpQiZMRG06UapuLqHqmM33RB275+
> IMKfem8KukTOaUCr5ByKxWSNi3aA/2P5wP21ah9t7LMCvp668PKFyMUI8nbq1nyQ
> ZM2sFfulEjHel+6KpmrxEZ/QaMK4ElGCnmhNExz1sRicYaLNrk/kgOZBEAqI7esV
> EHe8L3KO7IqRrCgCUEC4ovFYh+THnrlGvNZU3seQNKzocQ64bR+zRViHNaR0jzXr
> GZKIAyKhaEutpPqjvcfTYtF/HRsIS3FkOlXPKPq0xonyJtQ0SWPsR6e74Lj3x2aq
> OqD2FdnCEqy8+GlQ1nh1kOaI14N6b5uzRWacNNDmwRYD0Dr8V1Du+F/LF33mpH9p
> 3WkiKtXJ7bvSxAtdA1+DJc+DaQnMOjpoAdzMX0VQCdkJURdvNcCVmIkj6LO6z1Qy
> oNf9pg0b6oLN6BDJuBM7AKneT61K5EwBmcHVW5Jq+jSBJHGbzumWPy7OUyzedfNM
> DPl7ZoxrFY9CH+piRMTXSh9se0uBIunJFc3hHBIxFv3HeKBj7AEXwA387PPuMDOh
> 97UgbIOS5IdZ4OppgXue
> =NgHk
> -END PGP SIGNATURE-
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org

With kind regards,

Mathijs Schmittmann

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] htaccess file and computer names

2013-02-19 Thread Mathijs Schmittmann 
Op 19 feb. 2013 om 21:01 heeft "Walter H."  het 
volgende geschreven:

> Hello,
> 
> DNS names won't work here;
> because the connection is made by an IP host,
> for this a reverse DNS request would be neccessary;
> 
> the apache log files also also don't contain DNS names, just IP addresses;

Note: This is only true if HostnameLookups is set to off

> 
> I wouldn't do this, because this decreases performance;
> 
> Walter
> 
> On 19.02.2013 19:49, Marc Fromm wrote:
>> 
>> I am using some htaccess files to control access to a few web pages.
>> 
>> The htaccess file works if I use the ip address of the computer to grant 
>> access, but not its name.
>> 
>> Is there another setting to enable for  “Allow from 
>> computername.domain.name” to work like using the ip address “Allow from 
>> ###.###.###.###” ?
>> 
>>  
>> 
>> Order deny,allow
>> 
>> Deny from all
>> 
>> Allow from computername.domain.name //this does not grant access
>> 
>> Allow from ###.###.###.### //this grants access
>> 
>>  
>> 
>> The computers and the server are all on the same network
>> 
>>  
>> 
>> Thanks
>> 
>>  
>> 
>> Marc
>> 
>

Re: [users@httpd] Module Directives

2012-06-10 Thread Mathijs Schmittmann 
Op 10 jun. 2012 om 16:14 heeft Bill Vance  het 
volgende geschreven:

> Is there a more or less comprehensive list of apache2
> modules that lists all their directives, and maybe shows
> how they should be used?  

Sure, for 2.2 see http://httpd.apache.org/docs/2.2/mod/directives.html , each 
one links to their respective documentation and usage.

> 
> TIA
> 
> Bill
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
> 

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache 2.4.1 Installation problems

2012-04-17 Thread Mathijs Schmittmann 

1: 2.4 uses different auth methods and directives, see 
http://httpd.apache.org/docs/2.4/upgrading.html and check out the 
authentication section. You probably either need the compat module, or a new 
access control directive is overriding your current directory section.

2: Apache 2.4 needs modules that are compiled with the new apr, so make sure to 
recompile your mod_php as well.

Op 17 apr. 2012 om 17:48 heeft John Iliffe  het volgende 
geschreven:

> I am trying to update from 2.2.14 to 2.4.1 and have encountered two 
> problems.  2.2.14 has been working properly for over 2 years.  Pages are 
> located on a separate directory starting at /www with subdirectories s1, 
> s2, etc for different named virtual hosts.  Config file for EACH virtual host 
> shows document root as /www/s1, /www/s2, etc as relevant.
> 
> 1.  Apache will start properly but gives a "Not Authorized" message when 
> any page is to be served.
> 
> Log:  
> 
> [Mon Apr 16 13:02:31.267819 2012] [authz_core:error] [pid 23033:tid 
> 1100290368] [client 192.168.1.1:41839] AH01630: client denied by server 
> configuration: /www/s2/, referer: http://www.x.ca/url0001.html
> [Mon Apr 16 13:02:38.965404 2012] [authz_core:error] [pid 23033:tid 
> 1110780224] [client 192.168.1.1:41842] AH01630: client denied by server 
> configuration: /www/s1/, referer: http://www.xx.ca/url0001.html
> 
> A search of the Apache archives suggests that this is a config problem 
> requiring a  entry so I set up:
> 
> # Allow the directory where we store the pages -- 2012-04-15
> 
>  Options FollowSymLinks
>  Order Allow,Deny
>  Allow from all
> 
> 
> I tried a number of variations such as putting this in each of the virtual 
> host containers, putting a /* on the end, including it once before all the 
> virtual host declarations, etc.
> 
> Still get same problem.
> --
> 
> Second problem:
> 
> Many of the pages are written in PHP and I have PHP installed on the server 
> and used by 2.2.14.  I copied the module libphp5.so into the modules 
> directory and added a LoadModule directive as follows:
> 
> LoadModule php5_module modules/libphp5.so
> 
> (This line has to be commented out to start Apache)
> 
> When I try to start up Apache I get the following error:
> 
> /usr/apache-2.4.1/bin/apachectl -k start
> httpd: Syntax error on line 153 of /usr/apache-2.4.1/conf/httpd.conf: 
> Cannot load /usr/apache-2.4.1/modules/libphp5.so into server: 
> /usr/apache-2.4.1/modules/libphp5.so: undefined symbol: unixd_config
> 
> What causes this and what is the solution?
> 
> Thanks.
> 
> John
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
> 

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org