[users@httpd] digest auth over ssl
Hi all :-)
I've configured apache2 to redirect a virtual host (munin) from http to
https, I've something like this:
cat /etc/apache2/site-enabled/default
[...]
# 20140619 - munin redirect http to https
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} ^/munin/.*
RewriteRule ^(.*)$ https://server1.example.com/$1 [R,L]
[...]
munin has its default config
cat /etc/apache2/site-enabled/munin
Alias /munin /var/cache/munin/www
Directory /var/cache/munin/www
Order allow,deny
Allow from all ::1
Options None
AuthUserFile /etc/munin/munin-pass
AuthName server1.example.com
AuthType Digest
require valid-user
IfModule mod_expires.c
ExpiresActive On
ExpiresDefault M310
/IfModule
/Directory
So, when I try to connect (using chrome) to
http://server1.example.com/munin, browser immediately ask me username and
password (I'm connected using http). After inserted mine credentials
(browser warn me about not trusted certificate, it's ok: I don't have a
trusted certficate). When I force it to connect using https I need
re-insert username and password and only now I can see the munin page.
Now, when I insert user and password (the first time), does that
credentials can intercepts? or I'm inside SSL tunnel?
If not, how can I configure either http://server1.example.com/munin
(secure) redirect to https://server1.example.com/munin or starting only
using https://server1.example.com/munin?
thanks for help!
Pol
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] virtualhost: both http and https too
Hi folks! I use debian 7 with apache2 and several virtualhost. Now I need for each site connect to it using http and https too. So, do I need add new https virtualhost config to default-ssl? or merge ssl config to http virtual host? Thanks for help! Pol - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] virtualhost: both http and https too
So, do I need add new https virtualhost config to default-ssl? or merge ssl config to http virtual host? So, I've done exactly the same config file for http virtualhost and the rendering of browser is ok. I've added (debian) new https virtualhost to /etc/apache/site-available but the rendering of browsers has incorrect. You can show both sites going: http://www.mokaccino.it/index.php (works) https://www.mokaccino.it/index.php (bad) VirtualHost *:443 ServerSignature Off ServerAdmin i...@example.com ServerName example.com ServerAlias www.example.com SSLEngine on SSLCertificateFile/etc/apache2/ssl/apache.pem DirectoryIndex index.html index.php DocumentRoot /home/example.com/ suPHP_Engine on AddHandler x-httpd-php .php .php3 .php4 .php5 suPHP_AddHandler x-httpd-php suPHP_ConfigPath /home/example.com/ Directory /home/example.com/ Options -Includes -Indexes -FollowSymLinks -ExecCGI +MultiViews AllowOverride none Order allow,deny Allow from all /Directory ErrorLog /home/example.com/logs/error.log CustomLog /home/example.com/logs/access.log combined /VirtualHost Any idea? Thanks! Pol - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] AllowOverride
Hello to all :-) I've done a long search on internet but I've some troubles about the setting of AllowOverride (obviously I also read http://httpd.apache.org/docs/2.2/mod/core.html#allowoverride) i.e. Directory /var/www/ Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all /Directory With AllowOverride setted to none, .htaccess has ignored. For instance, if I'll want permit the use of .htaccess only about mod_rewrite or only about ErrorDocument What should I do? Allowoverride options=ErrorDocument Rewritebase Please, can someone help me to understand how set that? thanks Pol - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] ProxyHTMLURLMap
Hi all :-) I lost myself with this problem... and I don't know what is useful to resolve it :-/ apache2.2 and virtual host the name of this webserver is: domain.org, I've phpmyadmin as alias: http://domain.org/phpmyadmin A virtual host: newdomain.org I need connect to phpmyadmin using http://newdomain.org/phpmyadmin and KEEP (in the address bar) newdomain.org/phpmyadmin (and not domain.org/phpmyadmin). I check a something like this but I don't think is useful for me. Can anyone help me please? thanks! ProxyPass /phpmyadmin/ http://domain.org/phpmyadmin ProxyPassReverse /info/ http://domain.org/phpmyadmin/ ProxyHTMLURLMap http://domain.org/phpmyadmin /phpmyadmin/ Location /info/ ProxyPassReverse / SetOutputFilter proxy-html ProxyHTMLURLMap newdomain.org/phpmyadmin /phpmyadmin/ ProxyHTMLURLMap / /phpmyadmin/ ProxyHTMLURLMap /phpmyadmin/ /phpmyadmin/ RequestHeaderunset Accept-Encoding /Location - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] rewrite (remapping?) url
Howdy :-) I'm not sure what's the best module for my issue... my problem is: I've http://domain1.org and I'd like show another domain on the address bar (only show, so not redirect to new one) So, when an user try to connect to http://domain1.org, in the browser show (i.e.) newdomain.org is there a howto or other info? thanks! Pol - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] rewrite (remapping?) url
You can't do that without redirecting the user. Why not redirect them? Let's explain :-) I need to access to phpmyadmin using http://newdomain.org/phpmyadmin and not using http://domain1.org/phpmyadmin http://domain1.org is old real name... domain1.org is the real webserver name newdomain.org is a virtual host inside domain1.org thanks for help! :-) - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] rewrite (remapping?) url
I don't see how that relates to whether you redirect or not. Are you indirectly saying that newdomain.org doesn't actually resolve to an IP that reaches your server? first of all: sorry for my english :-( My server has only one IP, so domain1.org and newdomain.org has same IP. I need access to phpmyadmin using newdomain.org and not using domain1.org Pol - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] suphp
Howdy :-) Does suphp supports cgi scripts? If yes, how? I've done a long searching but I didn't found any howto or tips to do this. Any idea? Thanks! Pol - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] logging
Hi folks :-) I've several virtual host (for each I've the relative access.log e error.log) [...] ErrorLog /home/site1/logs/error.log CustomLog /home/site1/logs/access.log combined [...] I need have the merge of each log files of virtual host also to /var/log/apache2/access.log (and error.log) Otherwise is (almost) impossible monitoring my webserver. PS: I known that this procedure create a big impact to performance of server. Any idea? thanks! - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] How limit directives at htaccess file
Hi all, I'm study apache and I don't understand some things about htaccess. Reading, the advice is: never permit htaccess to users. So, can I enable htaccess but only for personalize something like this? ErrorDocument 400 /errors/badrequest.html ErrorDocument 401 /errors/authreqd.html ErrorDocument 403 /errors/forbid.html ErrorDocument 404 /errors/notfound.html ErrorDocument 500 /errors/serverr.html and obviously deny all other directives? so an user with own htaccess file, can only personalize that directives. Any idea? Thanks for replies :-) Pol - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] phpmyadmin auth
thanks all for replies :-) I think aboout vpn, ssl and auth. What about auth cookies? Pol - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] https before auth
Hi all :-)
working on my last post I configured a https rewrite and auth basic:
default
[...]
IfModule mod_rewrite.c
IfModule mod_ssl.c
Location /test
RewriteEngine on
RewriteCond %{HTTPS} !^on$ [NC]
RewriteRule . https://example.org/test [L]
/Location
/IfModule
/IfModule
[...]
default-ssl
[...]
Directory /var/www/test
Options +SymLinksIfOwnerMatch +Multiviews +Indexes
AuthType Basic
AuthName Authentication Required
AuthUserFile /etc/htpasswd/test
Require valid-user
Order allow,deny
Allow from all
/Directory
[...]
Now: when I do http://example.org/test, I see access form to
authentication before the rewrite to https (or no?) - because after login
I'm in https page.
Is my authentication encrypted, I think no... any idea?
Thanks for help!
Pol
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] https before auth
I'm not sure but add:
SSLOptions +StrictRequire
SSLRequireSSL
seems resolve the problem
Is it correct?
thanks!
Hi all :-)
working on my last post I configured a https rewrite and auth basic:
default
[...]
IfModule mod_rewrite.c
IfModule mod_ssl.c
Location /test
RewriteEngine on
RewriteCond %{HTTPS} !^on$ [NC]
RewriteRule . https://example.org/test [L]
/Location
/IfModule
/IfModule
[...]
default-ssl
[...]
Directory /var/www/test
Options +SymLinksIfOwnerMatch +Multiviews +Indexes
AuthType Basic
AuthName Authentication Required
AuthUserFile /etc/htpasswd/test
Require valid-user
Order allow,deny
Allow from all
/Directory
[...]
Now: when I do http://example.org/test, I see access form to
authentication before the rewrite to https (or no?) - because after login
I'm in https page.
Is my authentication encrypted, I think no... any idea?
Thanks for help!
Pol
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] phpmyadmin auth
Hey all! This is my first post :-) I need allow access of phpmyadmin to some users but I'm not sure which type of authentication use... Is it a good idea use ssl with client certificates? I see also auth cookie (debian 7 libapache2-mod-auth-memcookie) which should be best secure way to do this? Is there some howto? Thanks and sorry for plain question... Pol - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] phpmyadmin auth
Lock down to IP only and use SSL. You can't get any better than that. hi and thanks for reply :-) I can't :-( Users has dynamic IP Pol - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] externel rewrite
Hi all! This is my first post! I've read apache the definitive guide (unfortunately based on 1.3 apache). I've 2 server and my problem is about webmail, webmail is on server2, main site in on server1 server1 ip: 12.34.56.78 server2 ip: 34.56.78.90 on server1 I've a link to server2: 34.56.78.90/webmail when an user (from server1) click on 34.56.78.90/webmail, the browser show real link (34.56.78.90/webmail) I need masquerade that address to another link (i.e. http://mydomain.com/webmail) Sorry if is a easy question but I done a long search by google but nothing... thanks for help Pol
