subject:"\[us...@httpd\]"

Re: [us...@httpd] SQL Server authentication

2011-01-12 Thread Mark H. Wood

On Tue, Jan 11, 2011 at 10:11:25PM +0530, Nilesh Govindarajan wrote:
> On 01/11/2011 09:13 PM, Hendrik Schmieder wrote:
[snip]
> > It depends on which oS Apache is used.
> > For Windows there's an MS-SQL ODBC driver, but for Linux you must use 
> > FreeTDS.
> >
> >
> It doesn't support unixODBC?
> [sorry for hijacking]

UnixODBC is a driver manager.  The package includes *some* drivers.
For SQL Server they direct you to either FreeTDS or a "free trial"
from EasySoft.  The "drivers" page at http://www.unixodbc.org/ has a
lot of links to drivers that *don't come with UnixODBC*.

-- 
Mark H. Wood, Lead System Programmer   mw...@iupui.edu
Asking whether markets are efficient is like asking whether people are smart.

pgpCOAZBlZ6jd.pgp
Description: PGP signature

Re: [us...@httpd] HTTP authentication using HTTP

2011-01-11 Thread Anders Melchiorsen

On Tue, 11 Jan 2011 10:20:11 + (UTC), Igor Galić
 wrote:

> - "Devraj Mukherjee"  wrote:

>> Depending on what the directories contains (eg. your app) I would
>> nearly be tempted to using OAuth or one of the open authentication
>> protocols.
>
> +1 on that.

I want an easy way to password protect my internal gitweb, munin, photos,
wikis, etc. I do not want to implement new authentication for all of these
applications.

>> > So, my question is: how can I do this with just standard modules?
>
> ErrorDocument 401 URI
>
> See:
> http://httpd.apache.org/docs/current/mod/core.html#errordocument

That one says "Therefore, if you use an ErrorDocument 401 directive then
it must refer to a local document." so it does not seem to address my
situation.

Anders.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] SQL Server authentication

2011-01-11 Thread Nilesh Govindarajan


On 01/11/2011 09:13 PM, Hendrik Schmieder wrote:

Mark H. Wood schrieb:

On Tue, Jan 11, 2011 at 06:06:16PM +0530, Nilesh Govindarajan wrote:

On 01/11/2011 04:18 PM, Paolo DiCanio wrote:
The example on that page is for MySql. Unfortunately when using SQL 
Server,
the configuration is more complicated, because you can't simply 
configure


  DBDriver mssql

You have to use something called FreeTDS instead. If someone has 
actually
got SQL Server authentication up and running, I'd really appreciate 
it if

the could send me the steps, or just post their httpd.conf.

Also, any information about how to configure multiple 
authentication methods
(passwd file and database), would be very helpful. If someone can 
confirm

whether or not this is even possible, please let me know.

APR (mod_dbd, mod_authn_dbd) supports ODBC (provided, 
apr_dbd_odbc.so or
apr_dbd_odbc.dll exists in the system), which is independent of 
FreeTDS.

MSSQL doesn't support ODBC?


It does, but my understanding is that ODBC drivers for MSSQL implement
ODBC APIs using the TDS protocol.  ODBC is just a common API to talk
to various specific drivers, which use various protocols to talk to
their proper backends.  According to http://www.freetds.org/ FreeTDS
includes an ODBC library, so you'd probably just need to install it,
describe it to your driver manager, and tell HTTPD to use it.



It depends on which oS Apache is used.
For Windows there's an MS-SQL ODBC driver, but for Linux you must use 
FreeTDS.




It doesn't support unixODBC?
[sorry for hijacking]

--
Regards,
Nilesh Govindarajan
Facebook: http://www.facebook.com/nilesh.gr
Twitter: http://twitter.com/nileshgr
Website: http://www.itech7.com
VPS Hosting: http://www.itech7.com/a/vps


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] SQL Server authentication

2011-01-11 Thread Hendrik Schmieder


Mark H. Wood schrieb:

On Tue, Jan 11, 2011 at 06:06:16PM +0530, Nilesh Govindarajan wrote:

On 01/11/2011 04:18 PM, Paolo DiCanio wrote:

The example on that page is for MySql. Unfortunately when using SQL Server,
the configuration is more complicated, because you can't simply configure

  DBDriver mssql

You have to use something called FreeTDS instead. If someone has actually
got SQL Server authentication up and running, I'd really appreciate it if
the could send me the steps, or just post their httpd.conf.

Also, any information about how to configure multiple authentication methods
(passwd file and database), would be very helpful. If someone can confirm
whether or not this is even possible, please let me know.


APR (mod_dbd, mod_authn_dbd) supports ODBC (provided, apr_dbd_odbc.so or
apr_dbd_odbc.dll exists in the system), which is independent of FreeTDS.
MSSQL doesn't support ODBC?


It does, but my understanding is that ODBC drivers for MSSQL implement
ODBC APIs using the TDS protocol.  ODBC is just a common API to talk
to various specific drivers, which use various protocols to talk to
their proper backends.  According to http://www.freetds.org/ FreeTDS
includes an ODBC library, so you'd probably just need to install it,
describe it to your driver manager, and tell HTTPD to use it.



It depends on which oS Apache is used.
For Windows there's an MS-SQL ODBC driver, but for Linux you must use 
FreeTDS.



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] SQL Server authentication

2011-01-11 Thread Mark H. Wood

On Tue, Jan 11, 2011 at 06:06:16PM +0530, Nilesh Govindarajan wrote:
> On 01/11/2011 04:18 PM, Paolo DiCanio wrote:
> > The example on that page is for MySql. Unfortunately when using SQL Server,
> > the configuration is more complicated, because you can't simply configure
> >
> >  DBDriver mssql
> >
> > You have to use something called FreeTDS instead. If someone has actually
> > got SQL Server authentication up and running, I'd really appreciate it if
> > the could send me the steps, or just post their httpd.conf.
> >
> > Also, any information about how to configure multiple authentication methods
> > (passwd file and database), would be very helpful. If someone can confirm
> > whether or not this is even possible, please let me know.
> >
> APR (mod_dbd, mod_authn_dbd) supports ODBC (provided, apr_dbd_odbc.so or 
> apr_dbd_odbc.dll exists in the system), which is independent of FreeTDS. 
> MSSQL doesn't support ODBC?

It does, but my understanding is that ODBC drivers for MSSQL implement
ODBC APIs using the TDS protocol.  ODBC is just a common API to talk
to various specific drivers, which use various protocols to talk to
their proper backends.  According to http://www.freetds.org/ FreeTDS
includes an ODBC library, so you'd probably just need to install it,
describe it to your driver manager, and tell HTTPD to use it.

-- 
Mark H. Wood, Lead System Programmer   mw...@iupui.edu
Asking whether markets are efficient is like asking whether people are smart.


pgpjdGoyxg9uu.pgp
Description: PGP signature

Re: [us...@httpd] SQL Server authentication

2011-01-11 Thread Nilesh Govindarajan


On 01/11/2011 04:18 PM, Paolo DiCanio wrote:

The example on that page is for MySql. Unfortunately when using SQL Server,
the configuration is more complicated, because you can't simply configure

 DBDriver mssql

You have to use something called FreeTDS instead. If someone has actually
got SQL Server authentication up and running, I'd really appreciate it if
the could send me the steps, or just post their httpd.conf.

Also, any information about how to configure multiple authentication methods
(passwd file and database), would be very helpful. If someone can confirm
whether or not this is even possible, please let me know.

APR (mod_dbd, mod_authn_dbd) supports ODBC (provided, apr_dbd_odbc.so or 
apr_dbd_odbc.dll exists in the system), which is independent of FreeTDS. 
MSSQL doesn't support ODBC?

As far as I know, you can compile APR separately to support that.

--
Regards,
Nilesh Govindarajan
Facebook: http://www.facebook.com/nilesh.gr
Twitter: http://twitter.com/nileshgr
Website: http://www.itech7.com
VPS Hosting: http://www.itech7.com/a/vps


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] SQL Server authentication

2011-01-11 Thread Paolo DiCanio

The example on that page is for MySql. Unfortunately when using SQL Server,
the configuration is more complicated, because you can't simply configure

DBDriver mssql

You have to use something called FreeTDS instead. If someone has actually
got SQL Server authentication up and running, I'd really appreciate it if
the could send me the steps, or just post their httpd.conf.

Also, any information about how to configure multiple authentication methods
(passwd file and database), would be very helpful. If someone can confirm
whether or not this is even possible, please let me know.

Devraj Mukherjee-3 wrote:
> 
> I found this looking for a solution to my MySQL authentication post, might
> help.
> http://httpd.apache.org/docs/2.2/mod/mod_authn_dbd.html
> 
> Says that it supports ODBC.
> 

-- 
View this message in context: 
http://old.nabble.com/SQL-Server-authentication-tp30641656p30642376.html
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] RewriteCond %{HTTPS} =on

2011-01-11 Thread Devraj Mukherjee

Condition satisfies if HTTPS protocol is in use.
http://www.askapache.com/htaccess/http-https-rewriterule-redirect.html

On Tue, Jan 11, 2011 at 7:01 PM, Tushar Chavan
 wrote:
> Hi  Experts,
>
> I am bit confused with 'RewriteCond %{HTTPS} =on'.
>
> Can you please tell me, what is the function of RewriteCond %{HTTPS} =on?
> what 'RewriteCond %{HTTPS} =on' will do ?
>
> Best regards,
> Tushar
>

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] SQL Server authentication

2011-01-11 Thread Nilesh Govindarajan


On 01/11/2011 02:28 PM, Paolo DiCanio wrote:

Hi,

My Apache server currently uses a passwd file for authentication. I need to
change the authentication scheme so that it uses both this passwd file and a
list of usernames and passwords stored in an SQL Server database table.

In other words, if the username and password is found in the file, or in the
database, then authentication succeeds. Obviously the latter will require me
to configure the database connection parameters, and the SQL query to
execute (with placeholders for username and password).

If it's not possible for Apache to use both a file and a database for
authentication, then if someone could explain how to configure SQL Server
database authentication (only), I'd be very grateful.

Thanks,
Paolo


http://httpd.apache.org/docs/2.2/mod/mod_authn_dbd.html

--
Regards,
Nilesh Govindarajan
Facebook: http://www.facebook.com/nilesh.gr
Twitter: http://twitter.com/nileshgr
Website: http://www.itech7.com
VPS Hosting: http://www.itech7.com/a/vps


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] SQL Server authentication

2011-01-11 Thread Devraj Mukherjee

Hi Paolo,

I found this looking for a solution to my MySQL authentication post, might help.
http://httpd.apache.org/docs/2.2/mod/mod_authn_dbd.html

Says that it supports ODBC.

Good luck.

On Tue, Jan 11, 2011 at 7:58 PM, Paolo DiCanio  wrote:
>
> Hi,
>
> My Apache server currently uses a passwd file for authentication. I need to
> change the authentication scheme so that it uses both this passwd file and a
> list of usernames and passwords stored in an SQL Server database table.
>
> In other words, if the username and password is found in the file, or in the
> database, then authentication succeeds. Obviously the latter will require me
> to configure the database connection parameters, and the SQL query to
> execute (with placeholders for username and password).
>
> If it's not possible for Apache to use both a file and a database for
> authentication, then if someone could explain how to configure SQL Server
> database authentication (only), I'd be very grateful.
>
> Thanks,
> Paolo
> --
> View this message in context: 
> http://old.nabble.com/SQL-Server-authentication-tp30641656p30641656.html
> Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.
>
>
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>   "   from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[us...@httpd] SQL Server authentication

2011-01-11 Thread Paolo DiCanio


Hi,

My Apache server currently uses a passwd file for authentication. I need to
change the authentication scheme so that it uses both this passwd file and a
list of usernames and passwords stored in an SQL Server database table. 

In other words, if the username and password is found in the file, or in the
database, then authentication succeeds. Obviously the latter will require me
to configure the database connection parameters, and the SQL query to
execute (with placeholders for username and password).

If it's not possible for Apache to use both a file and a database for
authentication, then if someone could explain how to configure SQL Server
database authentication (only), I'd be very grateful.

Thanks,
Paolo
-- 
View this message in context: 
http://old.nabble.com/SQL-Server-authentication-tp30641656p30641656.html
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[us...@httpd] RewriteCond %{HTTPS} =on

2011-01-11 Thread Tushar Chavan


Hi  Experts, 
 
I am bit confused with 'RewriteCond %{HTTPS} =on'.
 
Can you please tell me, what is the function of RewriteCond %{HTTPS} =on? what 
'RewriteCond %{HTTPS} =on' will do ?
 
Best regards,
Tushar

Re: [us...@httpd] Re: .pid goes missing

2011-01-10 Thread Dave Stevens


Quoting DW :




Have you tried Write-Protecting the file so that it doesn't get  
destroyed by whatever malware is doing it?  In windows it pretty job  
to protect the file.  If you are using Linux or Unix then someone  
else can help you.


well I think the process id is certain to change each time apache  
restarts (currently at boot time) so if it is write protected it would  
be there all right but then wouldn't three be conflicts over rewriting  
itsvalue or erasing it?


Dave




Dave Stevens wrote:

Hi,

I'm using apache 2.2.3 under CentOS 5.5. I use virtualmin to  
monitor the server and recently a discrepancy has arisen between  
the reported and actual state of the httpd service. I think this is  
because the .pid file, which from the httpd.conf file is supposed  
to be in /etc/httpd/run folder, periodically goes missing. Just not  
there and I don't know why. I can not stop the service or restart  
apache except with a server reboot, not my favourite option  
although it does recreate the .pid file and synchronize the  
reporting. I don't know where to look. Ideas? References to  
appropriate docs?


TIA





-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org






--
"It is no measure of health to be well adjusted to a profoundly sick society."
  Krishnamurti


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[us...@httpd] Re: .pid goes missing

2011-01-10 Thread DW




Have you tried Write-Protecting the file so that it doesn't get 
destroyed by whatever malware is doing it?  In windows it pretty job to 
protect the file.  If you are using Linux or Unix then someone else can 
help you.




Dave Stevens wrote:

Hi,

I'm using apache 2.2.3 under CentOS 5.5. I use virtualmin to monitor the 
server and recently a discrepancy has arisen between the reported and actual 
state of the httpd service. I think this is because the .pid file, which from 
the httpd.conf file is supposed to be in /etc/httpd/run folder, periodically 
goes missing. Just not there and I don't know why. I can not stop the service 
or restart apache except with a server reboot, not my favourite option 
although it does recreate the .pid file and synchronize the reporting. 


I don't know where to look. Ideas? References to appropriate docs?

TIA

  



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[us...@httpd] .pid goes missing

2011-01-10 Thread Dave Stevens

Hi,

I'm using apache 2.2.3 under CentOS 5.5. I use virtualmin to monitor the 
server and recently a discrepancy has arisen between the reported and actual 
state of the httpd service. I think this is because the .pid file, which from 
the httpd.conf file is supposed to be in /etc/httpd/run folder, periodically 
goes missing. Just not there and I don't know why. I can not stop the service 
or restart apache except with a server reboot, not my favourite option 
although it does recreate the .pid file and synchronize the reporting. 

I don't know where to look. Ideas? References to appropriate docs?

TIA

Dave

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] invalid response from Proxy dns lookup failure

2011-01-10 Thread Tapas Mishra

On Mon, Jan 10, 2011 at 8:47 PM, Joost de Heer  wrote:
>> When my proxy pass entries look as follows
>>
>>  ProxyPass /app1 http://192.168.1.3:8080/app1
>>  ProxyPass / http://192.168.1.3
>>  ProxyPassReverse /app1 http://192.168.1.3:8080/app1
>>  ProxyPassReverse / http://192.168.1.3
>>
>>  then some one from internet is able to
>> access the sites.But from within LAN people are unable to access it.
>>
>> How ever if I use
>>
>>  ProxyPass /app1 http://site1.myserver.com:8080/app1
>>  ProxyPass / http://site1.myserver.com
>>  ProxyPassReverse /app1 http://site1.myserver.com:8080/app1
>>  ProxyPassReverse / http://site1.myserver.com
>>
>> then things work on LAN but from internet it is not accessible and
>> errors are the ones I mentioned while starting the  thread.
>>
>> What can be a solution in this case as I do not have a DNS at my
>> disposal I am simply not allowed to have one.
>
> Add the entry to the host table of the reverse proxy.
Give me some link I will go through it I am not able to understand
what you said.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] invalid response from Proxy dns lookup failure

2011-01-10 Thread Joost de Heer


When my proxy pass entries look as follows

  ProxyPass /app1 http://192.168.1.3:8080/app1
  ProxyPass / http://192.168.1.3
  ProxyPassReverse /app1 http://192.168.1.3:8080/app1
  ProxyPassReverse / http://192.168.1.3

  then some one from internet is able to
access the sites.But from within LAN people are unable to access it.

How ever if I use

  ProxyPass /app1 http://site1.myserver.com:8080/app1
  ProxyPass / http://site1.myserver.com
  ProxyPassReverse /app1 http://site1.myserver.com:8080/app1
  ProxyPassReverse / http://site1.myserver.com

then things work on LAN but from internet it is not accessible and
errors are the ones I mentioned while starting the  thread.

What can be a solution in this case as I do not have a DNS at my
disposal I am simply not allowed to have one.


Add the entry to the host table of the reverse proxy.

Joost

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] invalid response from Proxy dns lookup failure

2011-01-10 Thread Tapas Mishra

On Mon, Jan 10, 2011 at 5:23 PM, Joost de Heer  wrote:
> On 01/10/2011 08:17 AM, Tapas Mishra wrote:
>>
>> Ok here is a situation  today morning I had rebooted the server and I
>> observed and I see response for one of the application complaining
>> http://myserver.com/app1
>>
>> This is the error I see in browser
>>
>> Proxy Error
>>
>> The proxy server received an invalid response from an upstream server.
>> The proxy server could not handle the request GET /app1.
>>
>> Reason: DNS lookup failure for: myserver.com
>
> Your proxy host can't resolve myserver.com
>
>> http://pastebin.com/aXceB1wt
>
> Is there a special reason why you have a proxypass to http, but a
> proxypassreverse to https?
Thanks that was a mistake indeed.
Apart from this I  found some thing which I feel is the root cause of
the entire problem

When my proxy pass entries look as follows

 ProxyPass /app1 http://192.168.1.3:8080/app1
 ProxyPass / http://192.168.1.3
 ProxyPassReverse /app1 http://192.168.1.3:8080/app1
 ProxyPassReverse / http://192.168.1.3

 then some one from internet is able to
access the sites.But from within LAN people are unable to access it.

How ever if I use

 ProxyPass /app1 http://site1.myserver.com:8080/app1
 ProxyPass / http://site1.myserver.com
 ProxyPassReverse /app1 http://site1.myserver.com:8080/app1
 ProxyPassReverse / http://site1.myserver.com

then things work on LAN but from internet it is not accessible and
errors are the ones I mentioned while starting the  thread.

What can be a solution in this case as I do not have a DNS at my
disposal I am simply not allowed to have one.
Is there any other way because my websites are inside a corporate LAN
whose domain name is different from the ones I mentioned above as
myserver.com

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] invalid response from Proxy dns lookup failure

2011-01-10 Thread Joost de Heer


On 01/10/2011 08:17 AM, Tapas Mishra wrote:

Ok here is a situation  today morning I had rebooted the server and I
observed and I see response for one of the application complaining
http://myserver.com/app1

This is the error I see in browser

Proxy Error

The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /app1.

Reason: DNS lookup failure for: myserver.com


Your proxy host can't resolve myserver.com


http://pastebin.com/aXceB1wt


Is there a special reason why you have a proxypass to http, but a 
proxypassreverse to https?



and the server  where the application is actually hosted  I do not see
any log which can help me to understand that the request /app1
actually reached there.


This is understandable, because the reverse proxyserver doesn't know where to 
find myserver.com


Joost

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[us...@httpd] mod_auth_mysql under Ubuntu 10.04 different to CentOS 5.5?

2011-01-10 Thread Devraj Mukherjee

Hi all,

Is mod_auth_mysql an official Apache module?

I have successfully used it under a CentOS 5.5 box for a couple of
years now, installed like so
http://dev.e-taxonomy.eu/trac/wiki/ApacheMySQLAuthentication

We are migrating to an Ubuntu 10.04 VM, and the module distributed by
the package libapache2-mod-auth-mysql, seems to have different
directives and not as flexible. Infact all the directives are
absolutely different.

If there are any Ubuntu admins out there could you point me to
documentation for this module please?

Are these different modules all together?

Thanks for your time.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] New to list - Redirect, Alias or Rewrite?? Very confused...

2011-01-09 Thread Matus UHLAR - fantomas

On 04.01.11 11:59, d...@aiphone.com wrote:
> I am attempting to have the Apache Server 2.0 handle the following request
> for me:
> 
> When a visitor visits http://mydomain.com/OLD_Web App/, I would like them
> to be automatically redirected to http://mydomain.com/New_Web App/
> 
> Both OLD and NEW Web App folders live in the same doc root and are at the
> same level in the folder tree - ie right off of root.
> 
> I have tried both Alias commands and Redirect commands and nothing seems to
> work.

what exactly did you try? show us the directives.

Actually all those directives should work somehow, but I prefer Redirect for
such cases.

> I have restarted Apache on each change.

reload, even graceful, should be enough.

-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux IS user friendly, it's just selective who its friends are...

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[us...@httpd] invalid response from Proxy dns lookup failure

2011-01-09 Thread Tapas Mishra

Ok here is a situation  today morning I had rebooted the server and I
observed and I see response for one of the application complaining
http://myserver.com/app1

This is the error I see in browser

Proxy Error

The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /app1.

Reason: DNS lookup failure for: myserver.com

Where as if I were to check only http://myserver.com

then I can see every thing very properly without any error.

Here is my apache2 configuration

http://pastebin.com/aXceB1wt

here is access log on the server which is front end (acts as reverse proxy)

http://pastebin.com/tggRRY2E
and error log on reverse proxy server
http://pastebin.com/vGQZS4xb

and the server  where the application is actually hosted  I do not see
any log which can help me to understand that the request /app1
actually reached there.
How ever I tried to see the http headers in http_live
here they are
http://pastebin.com/QX2FeUtp

So what can this error be pointing to ?
Since until 2-3 days back every thing was working perfectly with same
settings and same configurations.
Today I had restarted server after many days just for maintenance and
after reboot
 I find all applications except the one which I pointed here working properly.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] SSL Termination at Apache

2011-01-09 Thread Joost de Heer


On 01/09/2011 08:58 PM, Tushar Chavan wrote:

Hi ,

We have below scenario.

Internet Users Server A<--https> Apache Server
B<-http--->Server C

We want https flow from internet users to Server A , from Server A to Apache
server B again https .Then from Apache to Server C

So SSL is terminated at Apache Server. Is there any configuration to terminate
SSL at Apache?


Apache as a reverse proxy.

Joost

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] SSL Termination at Apache

2011-01-09 Thread Eric Covener

2011/1/9 Tushar Chavan :
> Hi ,
> We have below scenario.
> Internet Users Server A<--https> Apache Server
> B<-http--->Server C
> We want https flow from internet users to Server A , from  Server A to
> Apache server B again https .Then from Apache to Server C
> So SSL is terminated at Apache Server. Is there any  configuration to
> terminate SSL at Apache?

There are lots of configurations that allow Apache to do SSL.  Have
you tried searching the web for a basic guide to setting up SSL, or do
you think "SSL termination" means something beyond that?

In the strictest interpretation, you wouldn't continue doing SSL
between servers A and B -- but in more general terms it's usually
applied to anything you throw in front of a device that performs the
SSL, alleviating said device of the need to worry about it.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

RE: [us...@httpd] SSL Termination at Apache

2011-01-09 Thread Tushar Chavan


Hi ,
We have below scenario.
Internet Users <https-->Server A<--https> Apache Server 
B<-http--->Server C
We want https flow from internet users to Server A , from  Server A to Apache 
server B again https .Then from Apache to Server C
So SSL is terminated at Apache Server. Is there any  configuration to terminate 
SSL at Apache?
Best REgards,Tushar


> Date: Fri, 7 Jan 2011 23:09:07 +
> From: i.ga...@brainsware.org
> To: users@httpd.apache.org
> Subject: Re: [us...@httpd] SSL Termination at Apache
> 
> 
> - "Tushar Chavan"  wrote:
> 
> > Hi Team,
> > 
> > 
> > Can we terminate SSL at Apache? If yes , can you please let me know
> > how to do it ? I mean is there any directive for it?
> 
> http://httpd.apache.org/docs/current/ssl/
> 
> > Best Regards,
> > Tushar.
> 
> -- 
> Igor Galić
> 
> Tel: +43 (0) 664 886 22 883
> Mail: i.ga...@brainsware.org
> URL: http://brainsware.org/
> 
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>"   from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>

Re: [us...@httpd] Unresponsive apache webserver, memory issue

2011-01-08 Thread Simone Caruso


On 07/01/2011 23:27, james wrote:

How does your MPM config look like?
Take a look at:
http://wiki.apache.org/httpd/PerformanceScalingUp


Thanks for these links Igor. After reading through the ScalingUp document it 
brought my attention to the fact that the
RAM had been increased on this system but the swap partition had not been. The 
available RAM is more than twice the swap
space. I am sure the system is crashing under heavy memory load because of 
this. It would be nice to know why the memory
is spiking, and again thanks for the link to the perl script for monitoring 
server-status -- but I am pretty sure the
problem is the amount of swap space available.


Assuming you already use a threaded mpm and a caching engine and considering your load (32gb of RAM used!?) u should 
scale out...


--
Simone Caruso
IT Consultant
p.iva: 03045250838

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Unresponsive apache webserver, memory issue

2011-01-07 Thread Igor Galić

- "james"  wrote:

> >How does your MPM config look like?
> >Take a look at:
> >http://wiki.apache.org/httpd/PerformanceScalingUp
> 
> Thanks for these links Igor. After reading through the ScalingUp
> document it brought my attention to the fact that the RAM had been
> increased on this system but the swap partition had not been. The
> available RAM is more than twice the swap space. I am sure the system
> is crashing under heavy memory load because of this. It would be nice
> to know why the memory is spiking, and again thanks for the link to

What does your monitoring say?
There must be a correlation between network load, Swapping, and
$program's memory increase.

> the perl script for monitoring server-status -- but I am pretty sure
> the problem is the amount of swap space available.
> 
> James

-- 
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.ga...@brainsware.org
URL: http://brainsware.org/

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] SSL Termination at Apache

2011-01-07 Thread Igor Galić

- "Tushar Chavan"  wrote:

> Hi Team,
> 
> 
> Can we terminate SSL at Apache? If yes , can you please let me know
> how to do it ? I mean is there any directive for it?

http://httpd.apache.org/docs/current/ssl/

> Best Regards,
> Tushar.

-- 
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.ga...@brainsware.org
URL: http://brainsware.org/

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] SSL Termination at Apache

2011-01-07 Thread Igor Galić

- "Tushar Chavan"  wrote:

> Hi Team,
> 
> 
> 
> 
> Just found proxy.config.ssl.* variables.
> 
> 
> http://trafficserver.apache.org/docs/v2/admin/secure.htm#UsingSSLTermination

That would be Apache Traffic Server.

This here is the Apache HTTP Server project's user mailinglist.

> It should be fine for now. If needed I will update this port.

You can find support for Apache Traffic Server here:
http://trafficserver.apache.org/

> Best Regards,
> Tushar.
> 
> 
> 
> 
> 
> 
> From: tushar.cha...@hotmail.com
> To: users@httpd.apache.org
> Date: Fri, 7 Jan 2011 20:56:17 +0530
> Subject: [us...@httpd] SSL Termination at Apache
> 
> Hi Team,
> 
> 
> Can we terminate SSL at Apache? If yes , can you please let me know
> how to do it ? I mean is there any directive for it?
> 
> 
> Best Regards,
> Tushar.

-- 
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.ga...@brainsware.org
URL: http://brainsware.org/

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Unresponsive apache webserver, memory issue

2011-01-07 Thread james

>How does your MPM config look like?
>Take a look at:
>http://wiki.apache.org/httpd/PerformanceScalingUp

Thanks for these links Igor. After reading through the ScalingUp document 
it brought my attention to the fact that the RAM had been increased on this 
system but the swap partition had not been. The available RAM is more than 
twice the swap space. I am sure the system is crashing under heavy memory 
load because of this. It would be nice to know why the memory is spiking, 
and again thanks for the link to the perl script for monitoring 
server-status -- but I am pretty sure the problem is the amount of swap 
space available. 

James

RE: [us...@httpd] SSL Termination at Apache

2011-01-07 Thread Tushar Chavan


Hi Team,

Just found   proxy.config.ssl.* variables. 
http://trafficserver.apache.org/docs/v2/admin/secure.htm#UsingSSLTermination
It should be fine for now. If needed I will update this port.
Best Regards,Tushar.


From: tushar.cha...@hotmail.com
To: users@httpd.apache.org
Date: Fri, 7 Jan 2011 20:56:17 +0530
Subject: [us...@httpd] SSL Termination at Apache








Hi Team,
Can we terminate SSL at Apache? If yes , can you please let me know how to do 
it ?  I mean is there any directive for it?
Best Regards,Tushar.

RE: [us...@httpd] Regarding the redirect rules

2011-01-07 Thread motty.cruz

http://borkweb.com/story/apache-rewrite-cheatsheet

L

Last  Rule

Stop the rewriting process here and don't apply any more rewriting rules.
This corresponds to the Perl last command or the break command from the C
language. Use this flag to prevent the currently rewritten URL from being
rewritten further by following rules. For example, use it to rewrite the
root-path URL ('/') to a real one, e.g., '/e/www/'.

R[=code]

Redirect to new URL, with optional code (see below).

Prefix Substitution with http://thishost[:thisport]/ (which makes the new
URL a URI) to force a external redirection. If no code is given a HTTP
response of 302 (MOVED TEMPORARILY) is used. If you want to use other
response codes in the range 300-400 just specify them as a number or use one
of the following symbolic names: temp (default), permanent, seeother. Use it
for rules which should canonicalize the URL and give it back to the client,
e.g., translate ``/~'' into ``/u/'' or always append a slash to /u/user,
etc.

From: aparna aryan [mailto:aparnapu...@gmail.com] 
Sent: Friday, January 07, 2011 4:43 AM
To: users@httpd.apache.org; jo...@sanguis.xs4all.nl
Subject: Re: [us...@httpd] Regarding the redirect rules

Thanks a lot Joost, Can u please explain what does "[R,L]" mean too?

On Fri, Jan 7, 2011 at 6:11 PM, Joost de Heer 
wrote:

On Fri, January 7, 2011 13:24, aparna aryan wrote:
> Hello,
>
> Can any one please explain the meaning of this rule?
>
> RewriteEngine On
> RewriteCond %{HTTP:FRONTEND-HTTPS} !on
> RewriteRule ^/(wps/myportal/protected/.*)
> https://internal.ericsson.com/$1[R,L]
<https://internal.ericsson.com/$1%5bR,L%5d> 
>

If the HTTP-header 'FRONTEND-HTTPS' isn't set to 'on', then redirect
/wps/myportal/protected/[suburl] to
https://internal.ericsson.com/[suburl]
<https://internal.ericsson.com/%5bsuburl%5d> .

Joost

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Regarding the redirect rules

2011-01-07 Thread aparna aryan

Thanks a lot Joost, Can u please explain what does "[R,L]" mean too?

On Fri, Jan 7, 2011 at 6:11 PM, Joost de Heer wrote:

> On Fri, January 7, 2011 13:24, aparna aryan wrote:
> > Hello,
> >
> > Can any one please explain the meaning of this rule?
> >
> > RewriteEngine On
> > RewriteCond %{HTTP:FRONTEND-HTTPS} !on
> > RewriteRule ^/(wps/myportal/protected/.*)
> > https://internal.ericsson.com/$1[R,L]
> >
>
> If the HTTP-header 'FRONTEND-HTTPS' isn't set to 'on', then redirect
> /wps/myportal/protected/[suburl] to
> https://internal.ericsson.com/[suburl].
>
> Joost
>
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>   "   from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [us...@httpd] Regarding the redirect rules

2011-01-07 Thread Joost de Heer

On Fri, January 7, 2011 13:24, aparna aryan wrote:
> Hello,
>
> Can any one please explain the meaning of this rule?
>
> RewriteEngine On
> RewriteCond %{HTTP:FRONTEND-HTTPS} !on
> RewriteRule ^/(wps/myportal/protected/.*)
> https://internal.ericsson.com/$1[R,L]
>

If the HTTP-header 'FRONTEND-HTTPS' isn't set to 'on', then redirect
/wps/myportal/protected/[suburl] to
https://internal.ericsson.com/[suburl].

Joost

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[us...@httpd] Regarding the redirect rules

2011-01-07 Thread aparna aryan

Hello,

Can any one please explain the meaning of this rule?

RewriteEngine On
RewriteCond %{HTTP:FRONTEND-HTTPS} !on
RewriteRule ^/(wps/myportal/protected/.*) https://internal.ericsson.com/$1[R,L]

Re: [us...@httpd] [SOLVED] SSL Client Authentication Problem

2011-01-06 Thread Alan Brown

- Original Message - 
From: "Igor Galić" 

To: 
Sent: Tuesday, January 04, 2011 1:30 PM
Subject: Re: [us...@httpd] SSL Client Authentication Problem

- "Alan Brown"  wrote:

Hi all,

I am working in a test environment with Apache v2.2.14 on XP Pro SP3
and I
have experienced difficulties setting up SSL Client Authentication.

I have used the openssl command line tool to set up my private key,
server
certificate, and a certificate authority, and I have configured the
httpd-ssl.conf file. All works as expected, except when I try to
configure
SSL Client Authentication. All browsers report an error and are unable
to
establish an SSL session, eg with Firefox :-

Secure Connection Failed

An error occurred during a connection to myhost_1.

SSL peer was unable to negotiate an acceptable set of security
parameters.

(Error code: ssl_error_handshake_failure_alert)

(myhost_1 is configured as 127.0.0.1 in hosts file)

In the config which works I have :-

SSLEngine on

SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile "/xampp/xampp/apache/conf/test/server.crt"

SSLCertificateKeyFile "/xampp/xampp/apache/conf/test/server.key"

#SSLCACertificateFile "/xampp/xampp/apache/conf/test/ca/ca.crt"

#SSLVerifyClient require

#SSLVerifyDepth  10

When I uncomment the lines to configure SSL Client Authentication then
I get
the above errors. The browser is supposed to request which client
certificate the user wants to use, then I can select the one I created
and
signed with ca.crt, which I have set as a trusted CA in the browser.

My Apache server has the following identifier (from HTTP Response
header) :-

Server: Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l
mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4

Perl/v5.10.1

The openssl version I am using is also 0.9.8l (l for 'link').

No. OpenSSL 0.9.8l is a version regularily released:
http://www.openssl.org/source/

Here are the openssl commands I used :-

openssl genrsa -out ca.key 1024

openssl req -new -key ca.key -x509 -days 60 -out ca.crt

openssl genrsa -out server.key 1024

openssl req -new -key server.key  -days 90 -out server.csr

openssl x509 -req -in server.csr -set_serial 451470 -CA ca\ca.crt
-CAkey
ca\ca.key -out server.crt

openssl genrsa -out client_a.key 1024

openssl req -new -key client_a.key  -days 90 -out client_a.csr

openssl x509 -req -in client_a.csr -set_serial 451470 -CA
..\ca\ca.crt -CAkey ..\ca\ca.key -out client_a.crt

I have carefully studied all documentation and I just wonder why this
is not
working - have I misunderstood something or is there possibly a bug?

Thanks in advance for any advice.

Instead of involving a browser, which is a big, complex and opaque thing,
can you please test with openssl s_client?

Alan.

So long,
i

--
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.ga...@brainsware.org
URL: http://brainsware.org/

Thanks Igor for pointing out this s_client tool within openssl. On 
investigating use of this tool, I realised I needed a bit more understanding 
of how SSL/TLS works, and realised I omitted to understand one essential 
feature of the SSL handshake, namely that the client must possess a private 
key.

This means the client cert must actually contain a private key, which makes 
it quite unlike a website cert, which just has the public key<->identity 
mapping (and digital signature). I found this concept very odd at first - 
even if it is password protected a digital cert seems not a place to store a 
private key. The format for the composite file is PKCS#12, (.p12 extension). 
(When you view such a client cert in IE8, for example, it says 'You have a 
private key which corresponds to this certificate').

To create the .p12 file you enter the command :-

openssl pkcs12 -export -out client_a.p12 -in client_a.crt -inkey 
client_a.key

where client_a.crt is the client cert and client_a.key is the private key 
file.

Then the browser can accept import of the file client_a.p12 as a 'Personal 
Certificate', and it now all works on Firefox/Chrome/Opera/IE8, with the 
browser displaying a dialog for client cert choice on accessing the secure 
page.

Thanks also Joost - you are correct, importing client cert is needed, it 
will not work without this, ie it won't just prompt for a client cert on 
accessing secure page. But I had not set up client cert correctly, so the 
import did not work.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Reserve http slot for server-status?

2011-01-05 Thread Torsten Förtsch

On Wednesday, January 05, 2011 23:52:01 Eric Covener wrote:
> There's also a tool somewhere that parses the ScoreBoardFile if you
> use a physical file and gives you server-status like information.

e.g. my perl module http://search.cpan.org/perldoc?Apache2::ScoreBoardFile

Torsten Förtsch

-- 
Need professional modperl support? Hire me! (http://foertsch.name)

Like fantasy? http://kabatinte.net

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Reserve http slot for server-status?

2011-01-05 Thread Eric Covener

On Wed, Jan 5, 2011 at 5:35 PM, Michael Gale  wrote:
> Hello,
>
>
>
>     We pull http://server-name/server-status for information however on
> occasion we have hit max clients and no open slots are available.
>
>
>
> Now usually this is caused by the failure of a backend service or DOS
> attempts and when this happens we lose access to the stats information. Is
> there a way to reserve a http slot for access to server-stats?

There's also a tool somewhere that parses the ScoreBoardFile if you
use a physical file and gives you server-status like information.

-- 
Eric Covener
cove...@gmail.com

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Reserve http slot for server-status?

2011-01-05 Thread Jeff Trawick

On Wed, Jan 5, 2011 at 5:35 PM, Michael Gale  wrote:
> Hello,
>
>
>
>     We pull http://server-name/server-status for information however on
> occasion we have hit max clients and no open slots are available.
>
>
>
> Now usually this is caused by the failure of a backend service or DOS
> attempts and when this happens we lose access to the stats information. Is
> there a way to reserve a http slot for access to server-stats?

http://people.apache.org/~trawick/mod_backdoor.txt
http://people.apache.org/~trawick/mod_backdoor.c

(I haven't used it in "a while" ;) )

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Reserve http slot for server-status?

2011-01-05 Thread Justin Pasher

- Original Message -

From: Michael Gale 
Date: Wed, 5 Jan 2011 22:35:02 +
Subject: [us...@httpd] Reserve http slot for server-status?
To: users@httpd.apache.org 

Hello,

We pull http://server-name/server-status for information however 
on occasion we have hit max clients and no open slots are available.

Now usually this is caused by the failure of a backend service or DOS 
attempts and when this happens we lose access to the stats 
information. Is there a way to reserve a http slot for access to 
server-stats?

Michael

I don't think there is a way to "reserve" spot in Apache, but you can 
check out this app if you're on Linux. It reads the scoreboard file 
instead of opening an HTTP connection, so it should always be available. 
And if you run the program using the "watch" command, you can have a 
pseudo-"top" program for viewing apache connections.

http://fabletech.com/ftss

--
Justin Pasher

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Setting and environment variable for one specific subdomain matching the ServerAlias

2011-01-05 Thread mattalexx


Thanks!


Eric Covener wrote:
> 
> On Wed, Jan 5, 2011 at 2:57 PM, mattalexx  wrote:
>>
>> I have a virtual host that includes the following settings
>>
>>    ServerName www.host.com
>>    ServerAlias *.host.com
>>
>> Can I set
>>
>>    SetEnv FOO "bar"
>>
>> for just a specific subdomain (like foo.host.com)?
> 
> Try SetEnvIf or RewriteCond/RewriteRule to add an additional condition.
> 
> -- 
> Eric Covener
> cove...@gmail.com
> 
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>"   from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
> 
> 
> 

-- 
View this message in context: 
http://old.nabble.com/Setting-and-environment-variable-for-one-specific-subdomain-matching-the-ServerAlias-tp30599584p30600100.html
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Setting and environment variable for one specific subdomain matching the ServerAlias

2011-01-05 Thread mattalexx


Thanks!


Joost de Heer-2 wrote:
> 
> On 01/05/2011 08:57 PM, mattalexx wrote:
>>
>> I have a virtual host that includes the following settings
>>
>>  ServerName www.host.com
>>  ServerAlias *.host.com
>>
>> Can I set
>>
>>  SetEnv FOO "bar"
>>
>> for just a specific subdomain (like foo.host.com)?
> 
> SetEnvIf Host foo.host.com foo=true
> 
> Joost
> 
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>"   from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
> 
> 
> 

-- 
View this message in context: 
http://old.nabble.com/Setting-and-environment-variable-for-one-specific-subdomain-matching-the-ServerAlias-tp30599584p30600096.html
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] How to set up a NAT Bounce Back in Apache?

2011-01-05 Thread [triplepack] info (i...@pack3.ch)

Hi Eric,

yes i would say so because i dont know a IP balancer for apache. and i 
think your description points to a potential asymetrical routing issue 
which only happens with a IP balancer.

Am 04.01.2011 22:03, schrieb Mike Alba:

Hi Aaron,

  Thanks for your feedback so then you are saying I don't need to 
worry about it?

Thanks!

--- On *Tue, 1/4/11, [triplepack] info (i...@pack3.ch) 
//* wrote:

From: [triplepack] info (i...@pack3.ch) 
Subject: Re: [us...@httpd] How to set up a NAT Bounce Back in Apache?
To: users@httpd.apache.org
Date: Tuesday, January 4, 2011, 11:39 AM

i think the problem mentioned here is a "asymmetrical routing
issue" you have with IP load balancer, where a Apache behaves
differently it acts like a proxy with the additional feature of
balancing the load and not doing a IP balancing like a BigIP

so this shouldn't be an issue with an Apache

regards Aaron

Am 04.01.2011 20:18, schrieb Mike Alba:

Hi Eric,

  I am trying to setup load balancing for Oracle Portal using
Generic Apache and the documentation tells me

"Configure the LBR to perform Network Address Translation (NAT)
bounce back for loopback requests coming from the PPE running on
|m1.abc.com|. This ensures that when the PPE makes a loopback
request to OracleAS Web Cache, there are no errors.
NAT bounce back is set up differently on individual LBRs. Consult
your LBR's configuration guide on how to set this up. "

In the past I have done this with F5 BigIP. So I guess I just
need to create a VIP and a pool or range of addresses in the
virtual host config?

Thanks for your input!

--- On *Tue, 1/4/11, Eric Covener /
/* wrote:

From: Eric Covener 

Subject: Re: [us...@httpd] How to set up a NAT Bounce Back in
Apache?
To: users@httpd.apache.org

Date: Tuesday, January 4, 2011, 11:10 AM

>   I am trying to find an example of how to setup a NAT
Bounce Back in Apache.
> Can anyone point in the direction of an example or some
documentation?

In Apache, you can just list any number of addresses in each
 and any number of ServerAlias'es for name-based
vhosts,
so no magic is required to access them from the internal network.

Can you describe the problem more directly?

--
Eric Covener
cove...@gmail.com

-
The official User-To-User support forum of the Apache HTTP
Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Setting and environment variable for one specific subdomain matching the ServerAlias

2011-01-05 Thread Joost de Heer


On 01/05/2011 08:57 PM, mattalexx wrote:


I have a virtual host that includes the following settings

 ServerName www.host.com
 ServerAlias *.host.com

Can I set

 SetEnv FOO "bar"

for just a specific subdomain (like foo.host.com)?


SetEnvIf Host foo.host.com foo=true

Joost

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Setting and environment variable for one specific subdomain matching the ServerAlias

2011-01-05 Thread Eric Covener

On Wed, Jan 5, 2011 at 2:57 PM, mattalexx  wrote:
>
> I have a virtual host that includes the following settings
>
>    ServerName www.host.com
>    ServerAlias *.host.com
>
> Can I set
>
>    SetEnv FOO "bar"
>
> for just a specific subdomain (like foo.host.com)?

Try SetEnvIf or RewriteCond/RewriteRule to add an additional condition.

-- 
Eric Covener
cove...@gmail.com

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[us...@httpd] Setting and environment variable for one specific subdomain matching the ServerAlias

2011-01-05 Thread mattalexx


I have a virtual host that includes the following settings

ServerName www.host.com
ServerAlias *.host.com

Can I set

SetEnv FOO "bar"

for just a specific subdomain (like foo.host.com)?

-- 
View this message in context: 
http://old.nabble.com/Setting-and-environment-variable-for-one-specific-subdomain-matching-the-ServerAlias-tp30599584p30599584.html
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] CGI / Delete / Empty Directories

2011-01-05 Thread Igor Galić

- "Kevin T Cella"  wrote:

> The delete happens now as a DELETE HTTP request via DAV. Since no
> cleanup is done of empty directories, the underlying file system has a
> trail of them.

find /path/to/dav/root -type d -empty -print0 | xargs -0 rm -rf {} +

n.b.: -empty and -print0 will only work with GNU and FreeBSD
find/xargs.

You could either run that from cron, or maybe put it mod_ext_filter
to only run on a part of the path which is actually affected.

http://httpd.apache.org/docs/current/mod/mod_ext_filter.html

So long,

i

-- 
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.ga...@brainsware.org
URL: http://brainsware.org/

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Rewrite rules

2011-01-05 Thread Igor Galić

- "Joost de Heer"  wrote:

> >> As a side note, are there resources you would recommend to help me
> >> with this type of task?
> >
> [List of resources]
> 
> There's also Rich Bowen's mod_rewrite book
> (http://www.amazon.com/exec/obidos/asin/1590595610/drbacchus/).

To my shame, the only Apache httpd related book I've read so far
is Ivan Ristić's Apache Security

 http://www.oreilly.com/catalog/apachesc/

Even though quite old, it's very good. And, I find, an excellent
resource for running servers in general.
Maybe one of these days Ivan will update it..

> Joost

i

-- 
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.ga...@brainsware.org
URL: http://brainsware.org/

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

RE: [us...@httpd] CGI / Delete / Empty Directories

2011-01-05 Thread Cella, Kevin T

The delete happens now as a DELETE HTTP request via DAV. Since no cleanup is 
done of empty directories, the underlying file system has a trail of them.

-Original Message-
From: Igor Galić [mailto:i.ga...@brainsware.org] 
Sent: Wednesday, January 05, 2011 12:44 PM
To: users@httpd.apache.org
Subject: Re: [us...@httpd] CGI / Delete / Empty Directories

- "Kevin T Cella"  wrote:

> Does anyone know how to configure the Apache HTTP Server to remove any 
> empty directories after a delete command? From what I have seen it

A delete command? Where? On the File system? Via DAV?

> appears a CGI script is required. How can I tell the CGI script to 
> perform the normal delete, then run my code for cleaning empty 
> directories? Or is there an easier way to accomplish the same task?
> 
> 
> 
> Thanks,
> Kevin

i

--
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.ga...@brainsware.org
URL: http://brainsware.org/

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

--
This message w/attachments (message) is intended solely for the use of the 
intended recipient(s) and may contain information that is privileged, 
confidential or proprietary. If you are not an intended recipient, please 
notify the sender, and then please delete and destroy all copies and 
attachments, and be advised that any review or dissemination of, or the taking 
of any action in reliance on, the information contained in or attached to this 
message is prohibited. 
Unless specifically indicated, this message is not an offer to sell or a 
solicitation of any investment products or other financial product or service, 
an official confirmation of any transaction, or an official statement of 
Sender. Subject to applicable law, Sender may intercept, monitor, review and 
retain e-communications (EC) traveling through its networks/systems and may 
produce any such EC to regulators, law enforcement, in litigation and as 
required by law. 
The laws of the country of each sender/recipient may impact the handling of EC, 
and EC may be archived, supervised and produced in countries other than the 
country in which you are located. This message cannot be guaranteed to be 
secure or free of errors or viruses. 

References to "Sender" are references to any subsidiary of Bank of America 
Corporation. Securities and Insurance Products: * Are Not FDIC Insured * Are 
Not Bank Guaranteed * May Lose Value * Are Not a Bank Deposit * Are Not a 
Condition to Any Banking Service or Activity * Are Not Insured by Any Federal 
Government Agency. Attachments that are part of this EC may have additional 
important disclosures and disclaimers, which you should read. This message is 
subject to terms available at the following link: 
http://www.bankofamerica.com/emaildisclaimer. By messaging with Sender you 
consent to the foregoing.

Re: [us...@httpd] CGI / Delete / Empty Directories

2011-01-05 Thread Igor Galić

- "Kevin T Cella"  wrote:

> Does anyone know how to configure the Apache HTTP Server to remove any
> empty directories after a delete command? From what I have seen it

A delete command? Where? On the File system? Via DAV?

> appears a CGI script is required. How can I tell the CGI script to
> perform the normal delete, then run my code for cleaning empty
> directories? Or is there an easier way to accomplish the same task?
> 
> 
> 
> Thanks,
> Kevin

i

-- 
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.ga...@brainsware.org
URL: http://brainsware.org/

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[us...@httpd] CGI / Delete / Empty Directories

2011-01-05 Thread Cella, Kevin T

Does anyone know how to configure the Apache HTTP Server to remove any
empty directories after a delete command? From what I have seen it
appears a CGI script is required. How can I tell the CGI script to
perform the normal delete, then run my code for cleaning empty
directories? Or is there an easier way to accomplish the same task?

 

Thanks,
Kevin

--
This message w/attachments (message) is intended solely for the use of the 
intended recipient(s) and may contain information that is privileged, 
confidential or proprietary. If you are not an intended recipient, please 
notify the sender, and then please delete and destroy all copies and 
attachments, and be advised that any review or dissemination of, or the taking 
of any action in reliance on, the information contained in or attached to this 
message is prohibited. 
Unless specifically indicated, this message is not an offer to sell or a 
solicitation of any investment products or other financial product or service, 
an official confirmation of any transaction, or an official statement of 
Sender. Subject to applicable law, Sender may intercept, monitor, review and 
retain e-communications (EC) traveling through its networks/systems and may 
produce any such EC to regulators, law enforcement, in litigation and as 
required by law. 
The laws of the country of each sender/recipient may impact the handling of EC, 
and EC may be archived, supervised and produced in countries other than the 
country in which you are located. This message cannot be guaranteed to be 
secure or free of errors or viruses. 

References to "Sender" are references to any subsidiary of Bank of America 
Corporation. Securities and Insurance Products: * Are Not FDIC Insured * Are 
Not Bank Guaranteed * May Lose Value * Are Not a Bank Deposit * Are Not a 
Condition to Any Banking Service or Activity * Are Not Insured by Any Federal 
Government Agency. Attachments that are part of this EC may have additional 
important disclosures and disclaimers, which you should read. This message is 
subject to terms available at the following link: 
http://www.bankofamerica.com/emaildisclaimer. By messaging with Sender you 
consent to the foregoing.

Re: [us...@httpd] Rewrite rules

2011-01-05 Thread Joost de Heer

>> As a side note, are there resources you would recommend to help me
>> with this type of task?
>
[List of resources]

There's also Rich Bowen's mod_rewrite book
(http://www.amazon.com/exec/obidos/asin/1590595610/drbacchus/).

Joost

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] disable wget-like user-agents

2011-01-05 Thread Igor Galić


- "Mark Montague"  wrote:

> On January 4, 2011 22:32 , Carlos S  wrote:
> > Recently I was trying to download a package using wget, but the
> > website prevented access to it. I tried --user-agent  option but it
> > didn't work either. So I was curious to know what strategy this web
> > admin must have implemented.
> 
> Without an example URL, I can only speculate, but the ideas that come
> to 
> mind first are denying the download unless a cookie is set (you could

i.ga...@panic ~ % wget --help | grep cook
   --no-cookiesdon’t use cookies.
   --load-cookies=FILE load cookies from FILE before session.
   --save-cookies=FILE save cookies to FILE after session.
   --keep-session-cookies  load and save session (non-permanent) cookies.
i.ga...@panic ~ % 
 
> get quite complex with this, such as setting the cookie via
> JavaScript, 

Yup.. that (JS) would kill off wget.. but also many other (sensible) clients

> which wget won't execute), checking the referrer header, or other 

i.ga...@panic ~ % wget --help | grep -i referer
   --referer=URL   include ‘Referer: URL’ header in HTTP request.
i.ga...@panic ~ %

> JavaScript based checks.

i

> --
>Mark Montague
>m...@catseye.org

i

-- 
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.ga...@brainsware.org
URL: http://brainsware.org/

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] [SOLVED] Re: Permission Problem

2011-01-05 Thread Igor Galić


- "tinkee"  wrote:

> for the record this problem is fixed..
> thanks to the replies for a similar problem on this forum
> 
> http://old.nabble.com/Fwd%3A-Re%3A--users%40httpd--Apache-2.2.17-on-RHEL-5.2-%2813%29-Permission-denied-td30069032.html
> 
> i was about to get crazy really! :D
> 
> have had two problems that was solved by this helpful forum! 
> thanks heaps!
> 
> godbless you guys! :) 

Thanks for this post (:

Here's for reference what to do with a forbidden:

Look into the error log.

http://onlamp.com/pub/a/apache/2004/04/22/apacheckbk.html

So either it's:
http://wiki.apache.org/httpd/13PermissionDenied

Or:
http://wiki.apache.org/httpd/ClientDeniedByServerConfiguration

> tinkee wrote:
> > 
> > 
> > just additional info, it may help:
> > 
> > User: apache
> > Group apache
> > 
> > i think i changed it to root:root and also
> > the /etc/httpd/ i changed the owner and group to root:root,
> > and then i tried to revert back to apache:apache but its just does
> not
> > work anymore.. 
> > 
> > 
> > 
> > tinkee wrote:
> >> 
> >> hi!
> >> 
> >> i am using apache as my webserver and i have a problem accessing my
> php
> >> files in my browser,
> >> it used to work properly until i think I messed up things.
> >> now i don;t know what to do. T_T
> >> 
> >> everytime i open my php files which are on
> >> /var/www/htm/
> >> 
> >> it gives me the permission denied error.
> >> 
> >> i think i messed up with the chown and chgrp
> >> i typed all these before this happened:
> >> i think giving root the right to all apache resources. i probably
> was not
> >> able to do it properly.
> >> 
> >> 
> >>   # chown -R root:root /usr/local/apache
> >>   # find /usr/local/apache -type d | xargs chmod 755
> >>   # find /usr/local/apache -type f | xargs chmod 644 
> >> 
> >>   # chmod -R go-r   /usr/local/apache/conf   ->>im not too sure
> what this
> >> does.
> >>   # chmod -R go-r  /usr/local/apache/logs 
> >> --
> >> 
> >>  i wanted to change permissions so that my apache could create a
> file. 
> >>  now it forbids me to do anything.
> >>   
> >>   even if i check on the status of my httpd:
> >>  /usr/sbin/apachectl status
> >> 
> >>  It gives me this error:
> >> Forbidden
> >> You dont have permission to access /server-status on this
> server.
> >> 
> >>   Same error is given when i try to access my http://localhost/ in
> the
> >> browser:
> >> Forbidden
> >> You dont have permission to access / on this server.
> >> --
> >>Apache/2.2.3 (Red Hat) Server at localhost Port 80
> >>
> >> 
> >>  In the httpd/logs/error.log it gives me these errors:
> >>  
> >>  - (13)Permission denied: access to /denied
> >>  -  (13) Permission denied: access to /favicon.ico denied 
> >> 
> >>  It seems to restrict me to access anything..
> >> 
> >>  please help, how do i revert back to normal?
> >>  i need this to work properly again.
> >> 
> >>  I know it has something to do with the permission, when i run the
> httpd
> >> it cannot get through / on the server even.. 
> >> 
> >>  thank you so much,
> >> tinks
> >> 
> >> 
> >>  
> >> 
> > 
> > 
> 
> -- 
> View this message in context:
> http://old.nabble.com/Permission-Problem-tp30593599p30593602.html
> Sent from the Apache HTTP Server - Users mailing list archive at
> Nabble.com.
> 
> 
> -
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>"   from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org

-- 
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.ga...@brainsware.org
URL: http://brainsware.org/

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] New to list - Redirect, Alias or Rewrite?? Very confused...

2011-01-05 Thread Igor Galić


- "Robert Van Horn"  wrote:

> Change the name of New_Web to Old__Web.
> Don't forget to cp Old_Web to Old_Web.old first.

Bob, I'm not sure how that makes sense in the context of Doug's
question..

> bob
> 
> On 1/4/11 11:59 AM, d...@aiphone.com wrote:
> > Hi all,
> > I am attempting to have the Apache Server 2.0 handle the following
> request
> > for me:
> >
> > When a visitor visits http://mydomain.com/OLD_Web App/, I would like
> them
> > to be automatically redirected to http://mydomain.com/New_Web App/
> >
> > Both OLD and NEW Web App folders live in the same doc root and are
> at the
> > same level in the folder tree - ie right off of root.
> >
> > I have tried both Alias commands and Redirect commands and nothing
> seems to
> > work. I have restarted Apache on each change.

What have you tried? Why not just tell us:

I've tried using:

RedirectMatch "^/OLD_Web App(/?.*)" "http://mydomain.com/New_Web App$1"

But that resulted in: 
(Note, the above redirect *should* actually work :)

> > What is the best way to accomplish this and is there something I am
> > missing. I am using both the O'Reilly Apache Cookbook and the
> Apache.org
> > for examples and they all sound similar. From what I have read,
> Alias seems
> > to be for the purpose of referencing files outside of the doc root,
> this is
> > not the case for me. Redirect seems to be for redirecting to 
> different
> > server - also not the case.
> >
> > Any tips would be awesome.

Read the documentation of the Directives you're trying to use ;)

http://httpd.apache.org/docs/current/mod/mod_alias.html#redirect
http://httpd.apache.org/docs/current/mod/mod_alias.html#redirectmatch
http://httpd.apache.org/docs/current/mod/mod_alias.html#alias
http://httpd.apache.org/docs/current/mod/mod_alias.html#aliasmatch

For rewrite stuff I recommend the /trunk/ docs:

http://httpd.apache.org/docs/trunk/rewrite/

> >
> > Thanks,
> > Doug Niman
> > Information Services Manager
> > Senior Network Administrator
> > Aiphone Corporation


i

-- 
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.ga...@brainsware.org
URL: http://brainsware.org/

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Rewrite rules

2011-01-05 Thread Igor Galić

- "Jeff Poling"  wrote:

> Jim,
> 
> Thank you.  That worked really well.
> 
> As a side note, are there resources you would recommend to help me
> with this type of task?

For this particular task:
http://wiki.apache.org/httpd/WhenNotToUseRewrite

For rewrite, when useful:
http://httpd.apache.org/docs/trunk/rewrite/

For httpd in general:
http://wiki.apache.org/httpd/DistrosDefaultLayout
http://httpd.apache.org/docs/current/invoking.html
http://httpd.apache.org/docs/current/glossary.html
http://httpd.apache.org/docs/current/configuring.html
http://httpd.apache.org/docs/current/sections.html

These should get you started. Read them.

When you get stuck:
Step one: Look into the Error Log.

Trouble shooting:
http://wiki.apache.org/httpd/Logs
http://publib.boulder.ibm.com/httpserv/ihsdiag/errorlog.html

And then, there's this list here :)

i

-- 
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.ga...@brainsware.org
URL: http://brainsware.org/

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Unresponsive apache webserver, memory issue

2011-01-05 Thread Igor Galić


- "james"  wrote:

> I'm having an issue with an apache web server running on CentOS5.
> After a few days/weeks of running the server will become unresponsive
> and will require a physical reboot in order to come back online. The
> system is so unresponsive when the issue occurs that login at console
> is not even possible.

What does syslog say? OOM kills happening?
What does the error log say?

> I have atop installed and have looked back before the crash to see
> what happened process wise and I can see the http starts using a lot
> of memory and CPU usage. The vmcommit jumps from 1.8 GB to 4.8GB in a
> matter of a few minutes. The VSIZE of the httpd process jumps from
> 8.1GB to 36.9GB. So apache is doing something -- but how can I get
> historical data for this? I also see that paging is very active,
> probably why the server is unresponsive. I have looked through the
> apache logs and system logs and there is nothing obvious that is
> consuming all that memory. I know of the server-status module for
> apache but that is only useful if you can get to the server during the
> crash (I can't) and doesn't have any historical data.

http://httpd.apache.org/docs/current/programs/other.html#log_server_status

How does your MPM config look like?
Take a look at:
http://wiki.apache.org/httpd/PerformanceScalingUp

> Once thing I have seen from server-status while the server is
> responding is the presence of many of these type of requests to the
> server from the server itself (always to "example.com" which is the
> first virtualhost listed in the apache config). I have researched this
> and on the apache wiki they say this is NOT a problem, however I don't
> see this at all on my other webservers. There are around 50-60 entries
> like the below at any one time -- meanwhile the server is handling
> between 2-5 requests.
> 
> 
>   8-5 -   0/0/403 .   0.0022370   0.0 
> 0.007.07::1 example.com 
> OPTIONS * HTTP/1.0
> The unresponsive server issue occurs seemingly randomly, last time in
> the middle of the night with little or no user traffic.

What does your monitoring say?
What does your access log say?

> James

i

-- 
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.ga...@brainsware.org
URL: http://brainsware.org/

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Custom authentication?

2011-01-05 Thread Christian Hettler

On Tue, Jan 04, 2011 at 11:19:01AM +, Oliver Beattie wrote:
> Hi there,
> 
> I am sure this question has likely been asked many times before, I'm just
> having a bit of a hard time finding answers.
> 
> Basically, I need to be able to authenticate downloads based on a URL
> signature if present (passed as a query parameter), instead of via Basic
> authentication (I need to support both of these, but bypass the basic auth
> if no signature is present). It isn't a requirement that they live at the
> same path, so they can be at different virtual hosts/directories if
> necessary.
> 
> At first, I thought the best way to do this would be just through a simple
> CGI/WSGI/whatever, but the files I am authenticating access to are very
> large (many GB) and I fear there may be a performance implication of doing
> this (and things like Range requests won't be possible without extra work).
> 
> Has anyone had any experience with this? What is the best way to proceed?
> Any help anyone could give would be very much appreciated :)
> 
> —Oliver

Hello Oliver,

do you know mod_auth_token?

Christian
-- 
asknet AG * Vincenz-Priessnitz-Str. 3 * D-76131 Karlsruhe
fon: +49 721 96458 6445 * fax: +49 721 96458 9445 * web: http://www.asknet.com
board of managing directors: Michael Scheib, Dr. Dietmar Waudig, Michael Konrad
chairman of the supervisory board: Dr. Joachim Bernecker * HRB 108713 Mannheim

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[us...@httpd] Re: Permission Problem

2011-01-04 Thread tinkee



for the record this problem is fixed..
thanks to the replies for a similar problem on this forum

http://old.nabble.com/Fwd%3A-Re%3A--users%40httpd--Apache-2.2.17-on-RHEL-5.2-%2813%29-Permission-denied-td30069032.html

i was about to get crazy really! :D

have had two problems that was solved by this helpful forum! 
thanks heaps!

godbless you guys! :) 




tinkee wrote:
> 
> 
> just additional info, it may help:
> 
> User: apache
> Group apache
> 
> i think i changed it to root:root and also
> the /etc/httpd/ i changed the owner and group to root:root,
> and then i tried to revert back to apache:apache but its just does not
> work anymore.. 
> 
> 
> 
> tinkee wrote:
>> 
>> hi!
>> 
>> i am using apache as my webserver and i have a problem accessing my php
>> files in my browser,
>> it used to work properly until i think I messed up things.
>> now i don;t know what to do. T_T
>> 
>> everytime i open my php files which are on
>> /var/www/htm/
>> 
>> it gives me the permission denied error.
>> 
>> i think i messed up with the chown and chgrp
>> i typed all these before this happened:
>> i think giving root the right to all apache resources. i probably was not
>> able to do it properly.
>> 
>> 
>>   # chown -R root:root /usr/local/apache
>>   # find /usr/local/apache -type d | xargs chmod 755
>>   # find /usr/local/apache -type f | xargs chmod 644 
>> 
>>   # chmod -R go-r   /usr/local/apache/conf   ->>im not too sure what this
>> does.
>>   # chmod -R go-r  /usr/local/apache/logs 
>> --
>> 
>>  i wanted to change permissions so that my apache could create a file. 
>>  now it forbids me to do anything.
>>   
>>   even if i check on the status of my httpd:
>>  /usr/sbin/apachectl status
>> 
>>  It gives me this error:
>> Forbidden
>> You dont have permission to access /server-status on this server.
>> 
>>   Same error is given when i try to access my http://localhost/ in the
>> browser:
>> Forbidden
>> You dont have permission to access / on this server.
>> --
>>Apache/2.2.3 (Red Hat) Server at localhost Port 80
>>
>> 
>>  In the httpd/logs/error.log it gives me these errors:
>>  
>>  - (13)Permission denied: access to /denied
>>  -  (13) Permission denied: access to /favicon.ico denied 
>> 
>>  It seems to restrict me to access anything..
>> 
>>  please help, how do i revert back to normal?
>>  i need this to work properly again.
>> 
>>  I know it has something to do with the permission, when i run the httpd
>> it cannot get through / on the server even.. 
>> 
>>  thank you so much,
>> tinks
>> 
>> 
>>  
>> 
> 
> 

-- 
View this message in context: 
http://old.nabble.com/Permission-Problem-tp30593599p30593602.html
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[us...@httpd] Re: Permission Problem

2011-01-04 Thread tinkee



just additional info, it may help:

User: apache
Group apache

i think i changed it to root:root and also
the /etc/httpd/ i changed the owner and group to root:root,
and then i tried to revert back to apache:apache but its just does not work
anymore.. 



tinkee wrote:
> 
> hi!
> 
> i am using apache as my webserver and i have a problem accessing my php
> files in my browser,
> it used to work properly until i think I messed up things.
> now i don;t know what to do. T_T
> 
> everytime i open my php files which are on
> /var/www/htm/
> 
> it gives me the permission denied error.
> 
> i think i messed up with the chown and chgrp
> i typed all these before this happened:
> i think giving root the right to all apache resources. i probably was not
> able to do it properly.
> 
> 
>   # chown -R root:root /usr/local/apache
>   # find /usr/local/apache -type d | xargs chmod 755
>   # find /usr/local/apache -type f | xargs chmod 644 
> 
>   # chmod -R go-r   /usr/local/apache/conf   ->>im not too sure what this
> does.
>   # chmod -R go-r  /usr/local/apache/logs 
> --
> 
>  i wanted to change permissions so that my apache could create a file. 
>  now it forbids me to do anything.
>   
>   even if i check on the status of my httpd:
>  /usr/sbin/apachectl status
> 
>  It gives me this error:
> Forbidden
> You dont have permission to access /server-status on this server.
> 
>   Same error is given when i try to access my http://localhost/ in the
> browser:
> Forbidden
> You dont have permission to access / on this server.
> --
>Apache/2.2.3 (Red Hat) Server at localhost Port 80
>
> 
>  In the httpd/logs/error.log it gives me these errors:
>  
>  - (13)Permission denied: access to /denied
>  -  (13) Permission denied: access to /favicon.ico denied 
> 
>  It seems to restrict me to access anything..
> 
>  please help, how do i revert back to normal?
>  i need this to work properly again.
> 
>  I know it has something to do with the permission, when i run the httpd
> it cannot get through / on the server even.. 
> 
>  thank you so much,
> tinks
> 
> 
>  
> 

-- 
View this message in context: 
http://old.nabble.com/Permission-Problem-tp30593599p30593600.html
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[us...@httpd] Permission Problem

2011-01-04 Thread tinkee


hi!

i am using apache as my webserver and i have a problem accessing my php
files in my browser,
it used to work properly until i think I messed up things.
now i don;t know what to do. T_T

everytime i open my php files which are on
/var/www/htm/

it gives me the permission denied error.

i think i messed up with the chown and chgrp
i typed all these before this happened:
i think giving root the right to all apache resources. i probably was not
able to do it properly.


  # chown -R root:root /usr/local/apache
  # find /usr/local/apache -type d | xargs chmod 755
  # find /usr/local/apache -type f | xargs chmod 644 

  # chmod -R go-r   /usr/local/apache/conf   ->>im not too sure what this
does.
  # chmod -R go-r  /usr/local/apache/logs 
--

 i wanted to change permissions so that my apache could create a file. 
 now it forbids me to do anything.
  
  even if i check on the status of my httpd:
 /usr/sbin/apachectl status

 It gives me this error:
Forbidden
You dont have permission to access /server-status on this server.

  Same error is given when i try to access my http://localhost/ in the
browser:
Forbidden
You dont have permission to access / on this server.
--
   Apache/2.2.3 (Red Hat) Server at localhost Port 80
   

 In the httpd/logs/error.log it gives me these errors:
 
 - (13)Permission denied: access to /denied
 -  (13) Permission denied: access to /favicon.ico denied 

 It seems to restrict me to access anything..

 please help, how do i revert back to normal?
 i need this to work properly again.

 I know it has something to do with the permission, when i run the httpd it
cannot get through / on the server even.. 

 thank you so much,
tinks


 
-- 
View this message in context: 
http://old.nabble.com/Permission-Problem-tp30593599p30593599.html
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] disable wget-like user-agents

2011-01-04 Thread Mark Montague


 On January 4, 2011 22:32 , Carlos S  wrote:

Recently I was trying to download a package using wget, but the
website prevented access to it. I tried --user-agent  option but it
didn't work either. So I was curious to know what strategy this web
admin must have implemented.


Without an example URL, I can only speculate, but the ideas that come to 
mind first are denying the download unless a cookie is set (you could 
get quite complex with this, such as setting the cookie via JavaScript, 
which wget won't execute), checking the referrer header, or other 
JavaScript based checks.


--
  Mark Montague
  m...@catseye.org


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] disable wget-like user-agents

2011-01-04 Thread Carlos S

Thanks for the links Mark and Doug. The webscrapers thing looks interesting..

I had looked at mod_rewrite and User-Agent header solution.

Recently I was trying to download a package using wget, but the
website prevented access to it. I tried --user-agent  option but it
didn't work either. So I was curious to know what strategy this web
admin must have implemented. May be I used incorrect user-agent
string?? I remember using AppleWebKit and Mozilla strings, will try
again.

(Not giving out that particular URL out of courtesy).

-cs.

On Tue, Jan 4, 2011 at 5:33 PM, Doug McNutt  wrote:
> At 18:19 -0500 1/4/11, Mark Montague wrote:
>>Follow the example below, but use only the user agent condition, omit the IP 
>>condition, and suitably adjust the RewriteRule regular expression to match 
>>the URL(s) you wish to block:
>>
>>http://httpd.apache.org/docs/2.2/rewrite/rewrite_guide.html#blocking-of-robots
>>
>>Note that wget has a -U option that can be used to get around this block by 
>>using a user agent string that you are not blocking -- so the block will not 
>>prevent a determined downloader.
>
> ***
>
> You might want to have a look at this rather new mailing list.  It's 
> interested in doing exactly the opposite of what you want.
>
> List-Id: webscrapers talk 
> List-Archive: 
> List-Post: 
> List-Help: 
> List-Subscribe: , 
> 
>
>
>
> --
>
> --> From the U S of A, the only socialist country that refuses to admit it. 
> <--
>
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>   "   from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] disable wget-like user-agents

2011-01-04 Thread Doug McNutt

At 18:19 -0500 1/4/11, Mark Montague wrote:
>Follow the example below, but use only the user agent condition, omit the IP 
>condition, and suitably adjust the RewriteRule regular expression to match the 
>URL(s) you wish to block:
>
>http://httpd.apache.org/docs/2.2/rewrite/rewrite_guide.html#blocking-of-robots
>
>Note that wget has a -U option that can be used to get around this block by 
>using a user agent string that you are not blocking -- so the block will not 
>prevent a determined downloader.

***

You might want to have a look at this rather new mailing list.  It's interested 
in doing exactly the opposite of what you want. 

List-Id: webscrapers talk 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: , 

-- 

--> From the U S of A, the only socialist country that refuses to admit it. <--

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] disable wget-like user-agents

2011-01-04 Thread Mark Montague


 On January 4, 2011 18:03 , Carlos S  wrote:

Is there any way to disable download/traffic from wget-like user
agents? Can this be done using user-agent string? Any documentation
link or example will be really helpful.


Follow the example below, but use only the user agent condition, omit 
the IP condition, and suitably adjust the RewriteRule regular expression 
to match the URL(s) you wish to block:


http://httpd.apache.org/docs/2.2/rewrite/rewrite_guide.html#blocking-of-robots

Note that wget has a -U option that can be used to get around this block 
by using a user agent string that you are not blocking -- so the block 
will not prevent a determined downloader.


--
  Mark Montague
  m...@catseye.org


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[us...@httpd] disable wget-like user-agents

2011-01-04 Thread Carlos S

Is there any way to disable download/traffic from wget-like user
agents? Can this be done using user-agent string? Any documentation
link or example will be really helpful.

--
cs.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] How to set up a NAT Bounce Back in Apache?

2011-01-04 Thread Mike Alba

Hi Aaron,

  Thanks for your feedback so then you are saying I don't need to worry about 
it?

Thanks!

--- On Tue, 1/4/11, [triplepack] info (i...@pack3.ch)  wrote:

From: [triplepack] info (i...@pack3.ch) 
Subject: Re: [us...@httpd] How to set up a NAT Bounce Back in Apache?
To: users@httpd.apache.org
Date: Tuesday, January 4, 2011, 11:39 AM

  i think the problem mentioned here is a "asymmetrical routing issue"
you have with IP load balancer, where a Apache behaves differently
it acts like a proxy with the additional feature of balancing the
load and not doing a IP balancing like a BigIP

so this shouldn't be an issue with an Apache

regards Aaron

Am 04.01.2011 20:18, schrieb Mike Alba:

Hi Eric,

    I am trying to setup load balancing for Oracle Portal
  using Generic Apache and the documentation tells me 

  "Configure the LBR to perform Network
  Address Translation (NAT) bounce back for loopback
  requests coming from the PPE running on m1.abc.com.
  This ensures that when the PPE makes a loopback request to
  OracleAS Web Cache, there are no errors.

  NAT bounce back is set up differently on individual LBRs.
  Consult your LBR's configuration guide on how to set this
  up.
  "

  In the past I have done this with F5 BigIP. So I guess I
  just need to create a VIP and a pool or range of addresses
  in the virtual host config?

  Thanks for your input!

  --- On Tue, 1/4/11, Eric Covener 
  wrote:

From: Eric Covener 

    Subject: Re: [us...@httpd] How to set up a NAT Bounce
Back in Apache?

To: users@httpd.apache.org

Date: Tuesday, January 4, 2011, 11:10 AM

>   I am trying to find an
  example of how to setup a NAT Bounce Back in Apache.

  > Can anyone point in the direction of an example
  or some documentation?

  In Apache, you can just list any number of addresses
  in each

   and any number of ServerAlias'es
  for name-based vhosts,

  so no magic is required to access them from the
  internal network.

  Can you describe the problem more directly?

  --

  Eric Covener

  cove...@gmail.com

-

  The official User-To-User support forum of the Apache
  HTTP Server Project.

  See http://httpd.apache.org/userslist.html>
  for more info.

  To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org

     "   from the digest: 
users-digest-unsubscr...@httpd.apache.org

  For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] New to list - Redirect, Alias or Rewrite?? Very confused...

2011-01-04 Thread Robert Van Horn


Change the name of New_Web to Old__Web.
Don't forget to cp Old_Web to Old_Web.old first.

bob

On 1/4/11 11:59 AM, d...@aiphone.com wrote:

Hi all,
I am attempting to have the Apache Server 2.0 handle the following request
for me:

When a visitor visits http://mydomain.com/OLD_Web App/, I would like them
to be automatically redirected to http://mydomain.com/New_Web App/

Both OLD and NEW Web App folders live in the same doc root and are at the
same level in the folder tree - ie right off of root.

I have tried both Alias commands and Redirect commands and nothing seems to
work. I have restarted Apache on each change.

What is the best way to accomplish this and is there something I am
missing. I am using both the O'Reilly Apache Cookbook and the Apache.org
for examples and they all sound similar. From what I have read, Alias seems
to be for the purpose of referencing files outside of the doc root, this is
not the case for me. Redirect seems to be for redirecting to  different
server - also not the case.

Any tips would be awesome.


Thanks,
Doug Niman
Information Services Manager
Senior Network Administrator
Aiphone Corporation

Aiphone Corporation's Statement of Confidentiality:  This e-mail message, 
including attachments, is for the exclusive use of the addressee(s) and may 
contain proprietary, trade secret and/or confidential information. If you are 
not the intended recipient of this message, any use, copying, disclosure, 
dissemination or distribution of it or any of its attachments is prohibited. If 
you received this e-mail in error, please contact the sender and delete it, any 
attachments, and any copies from your computer, and any other computer, 
immediately.
-
The official User-To-User support forum of the Apache HTTP Server Project.
Seehttp://httpd.apache.org/userslist.html>  for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
"   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org




-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[us...@httpd] New to list - Redirect, Alias or Rewrite?? Very confused...

2011-01-04 Thread doug


Hi all,
I am attempting to have the Apache Server 2.0 handle the following request
for me:

When a visitor visits http://mydomain.com/OLD_Web App/, I would like them
to be automatically redirected to http://mydomain.com/New_Web App/

Both OLD and NEW Web App folders live in the same doc root and are at the
same level in the folder tree - ie right off of root.

I have tried both Alias commands and Redirect commands and nothing seems to
work. I have restarted Apache on each change.

What is the best way to accomplish this and is there something I am
missing. I am using both the O'Reilly Apache Cookbook and the Apache.org
for examples and they all sound similar. From what I have read, Alias seems
to be for the purpose of referencing files outside of the doc root, this is
not the case for me. Redirect seems to be for redirecting to  different
server - also not the case.

Any tips would be awesome.


Thanks,
Doug Niman
Information Services Manager
Senior Network Administrator
Aiphone Corporation

Aiphone Corporation's Statement of Confidentiality:  This e-mail message, 
including attachments, is for the exclusive use of the addressee(s) and may 
contain proprietary, trade secret and/or confidential information. If you are 
not the intended recipient of this message, any use, copying, disclosure, 
dissemination or distribution of it or any of its attachments is prohibited. If 
you received this e-mail in error, please contact the sender and delete it, any 
attachments, and any copies from your computer, and any other computer, 
immediately.  
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] How to set up a NAT Bounce Back in Apache?

2011-01-04 Thread [triplepack] info (i...@pack3.ch)

i think the problem mentioned here is a "asymmetrical routing issue" you 
have with IP load balancer, where a Apache behaves differently it acts 
like a proxy with the additional feature of balancing the load and not 
doing a IP balancing like a BigIP

so this shouldn't be an issue with an Apache

regards Aaron

Am 04.01.2011 20:18, schrieb Mike Alba:

Hi Eric,

  I am trying to setup load balancing for Oracle Portal using Generic 
Apache and the documentation tells me

"Configure the LBR to perform Network Address Translation (NAT) bounce 
back for loopback requests coming from the PPE running on 
|m1.abc.com|. This ensures that when the PPE makes a loopback request 
to OracleAS Web Cache, there are no errors.
NAT bounce back is set up differently on individual LBRs. Consult your 
LBR's configuration guide on how to set this up. "

In the past I have done this with F5 BigIP. So I guess I just need to 
create a VIP and a pool or range of addresses in the virtual host config?

Thanks for your input!

--- On *Tue, 1/4/11, Eric Covener //* wrote:

From: Eric Covener 
Subject: Re: [us...@httpd] How to set up a NAT Bounce Back in Apache?
To: users@httpd.apache.org
Date: Tuesday, January 4, 2011, 11:10 AM

>   I am trying to find an example of how to setup a NAT Bounce
Back in Apache.
> Can anyone point in the direction of an example or some
documentation?

In Apache, you can just list any number of addresses in each
 and any number of ServerAlias'es for name-based vhosts,
so no magic is required to access them from the internal network.

Can you describe the problem more directly?

--
Eric Covener
cove...@gmail.com 

-
The official User-To-User support forum of the Apache HTTP Server
Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org

   "   from the digest: users-digest-unsubscr...@httpd.apache.org

For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] How to set up a NAT Bounce Back in Apache?

2011-01-04 Thread Mike Alba

Hi Eric,

  I am trying to setup load balancing for Oracle Portal using Generic Apache 
and the documentation tells me 

"Configure the LBR to perform Network Address Translation (NAT) 
bounce back for loopback requests coming from the PPE running on m1.abc.com.
 This ensures that when the PPE makes a loopback request to OracleAS Web
 Cache, there are no errors.

NAT bounce back is set up differently on individual LBRs. Consult your 
LBR's configuration guide on how to set this up.
"

In the past I have done this with F5 BigIP. So I guess I just need to create a 
VIP and a pool or range of addresses in the virtual host config?

Thanks for your input!

--- On Tue, 1/4/11, Eric Covener  wrote:

From: Eric Covener 
Subject: Re: [us...@httpd] How to set up a NAT Bounce Back in Apache?
To: users@httpd.apache.org
Date: Tuesday, January 4, 2011, 11:10 AM

>   I am trying to find an example of how to setup a NAT Bounce Back in Apache.
> Can anyone point in the direction of an example or some documentation?

In Apache, you can just list any number of addresses in each
 and any number of ServerAlias'es for name-based vhosts,
so no magic is required to access them from the internal network.

Can you describe the problem more directly?

--
Eric Covener
cove...@gmail.com

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] How to set up a NAT Bounce Back in Apache?

2011-01-04 Thread Eric Covener

>   I am trying to find an example of how to setup a NAT Bounce Back in Apache.
> Can anyone point in the direction of an example or some documentation?

In Apache, you can just list any number of addresses in each
 and any number of ServerAlias'es for name-based vhosts,
so no magic is required to access them from the internal network.

Can you describe the problem more directly?

--
Eric Covener
cove...@gmail.com

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[us...@httpd] How to set up a NAT Bounce Back in Apache?

2011-01-04 Thread Mike Alba

Hi,

  I am trying to find an example of how to setup a NAT Bounce Back in Apache.
Can anyone point in the direction of an example or some documentation?

Thanks in advance!

RE: [us...@httpd] Rewrite rules

2011-01-04 Thread Jeff Poling

Jim,

Thank you.  That worked really well.

As a side note, are there resources you would recommend to help me with this 
type of task?

Jeff

Jeffrey Poling
System Administrator | Information Systems
Moody Bible Institute
820 N. LaSalle Blvd., Chicago, IL 60610
312-329-8968
www.moodyministries.net
>From the Word. To Life.

-Original Message-
From: Jim Riggs [mailto:apache-li...@riggs.me] 
Sent: Tuesday, January 04, 2011 10:53 AM
To: users@httpd.apache.org; Jeff Poling
Subject: Re: [us...@httpd] Rewrite rules

On Jan 4, 2011, at 10:22 AM, Jeff Poling wrote:

> I am very new to apache configuration, having inherited responsibility for it 
> this fall.  I need some assistance with (hopefully) a simple rewrite rule.
> 
> We are using apache in a reverse proxy configuration.  For a URL like:
> 
> http://www.mydomain.com/site/test
> 
> I want to rewrite it as https://www.mydomain.com/site/test
> 
> The trick is that "site" could be any number of different strings.  What 
> regular expression do I need to use to make this work?

If it's a fixed list, something like this should work:

RewriteCond %{HTTPS} !=on
RewriteRule "^(/(site|foo|bar|baz)/test.*)$" "https://%{HTTP_HOST}$1"; [NC,R,L]

Or, for //test:

RewriteCond %{HTTPS} !=on
RewriteRule "^(/[^/]+/test.*)$" "https://%{HTTP_HOST}$1"; [NC,R,L]

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

RE: [us...@httpd] Problem with setting up authentication on an Apache2 server

2011-01-04 Thread Kaplan, Andrew H.

Hi there --

Thanks for your reply. I checked the error.log file, and I came across the
following entry:

[Tue Jan 04 11:08:34 2011] [alert] [client 132.183.12.230]
/var/www/logs/.htaccess: AuthUserFile takes 1-2 arguments, text file containing
user IDs and passwords.

I checked the .htaccess file, and it turns out there was a 'white space' in the
file that was causing the problem.
Once I removed that, the authentication worked. 

Thanks for the help.

 

-Original Message-
From: Eric Covener [mailto:cove...@gmail.com] 
Sent: Tuesday, January 04, 2011 12:04 PM
To: users@httpd.apache.org
Subject: Re: [us...@httpd] Problem with setting up authentication on an Apache2
server

> When I restarted the computer, and tried to access the page in question, I
> was confronted with a 500 Internal Server Error message.

What does your error log say?

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the e-mail
contains patient information, please contact the Partners Compliance HelpLine at
http://www.partners.org/complianceline . If the e-mail was sent to you in error
but does not contain patient information, please contact the sender and properly
dispose of the e-mail.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Problem with setting up authentication on an Apache2 server

2011-01-04 Thread Eric Covener

> When I restarted the computer, and tried to access the page in question, I
> was confronted with a 500 Internal Server Error message.

What does your error log say?

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[us...@httpd] Problem with setting up authentication on an Apache2 server

2011-01-04 Thread Kaplan, Andrew H.

Hi there --

I am running the LogAnalyzer application on an Ubuntu 10.04 distribution with
the Apache 2.2.14 server. My plan is to have both the application's internal
authentication and the .htaccess file set up for acess control. I placed the
.htaccess file in the directory that contains the webpage in question. The name
of the page is index.php, and it is located in the /var/www/logs directory. I
confirmed the /etc/apache2/apache2.conf file has the following entry within it:

AccessFileName .htaccess

The text of the .htaccess file is shown below:

AuthName "Log Server Access"
AuthType Basic
AuthUserFile
/etc/apache2/htpasswd.users
require valid-user

I then ran the htpasswd command to create a user account with its password.

After I completed the above steps, I restarted the computer, and brought up a
connection to the server. I was not prompted for a password, so the next step
that I took was to add the following to the apache2.conf file:


AllowOverride AuthConfig
order allow,deny
allow from all

When I restarted the computer, and tried to access the page in question, I was
confronted with a 500 Internal Server Error message. 

The setup that I used is normally meant for authentication to html pages, while
the target page is php-based although I did not think that made a difference. I
did install the pacakge php-auth-pam that is available with Ubuntu, but I am not
sure how to configure it. 

Is the first method that I mentioned the correct way to set up authenication,
and if so what am I missing there? If the php-auth-pam package is the way to go,
how do I configure it?

Thanks.



The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the e-mail
contains patient information, please contact the Partners Compliance HelpLine at
http://www.partners.org/complianceline . If the e-mail was sent to you in error
but does not contain patient information, please contact the sender and properly
dispose of the e-mail.

Re: [us...@httpd] Rewrite rules

2011-01-04 Thread Jim Riggs

On Jan 4, 2011, at 10:22 AM, Jeff Poling wrote:

> I am very new to apache configuration, having inherited responsibility for it 
> this fall.  I need some assistance with (hopefully) a simple rewrite rule.
> 
> We are using apache in a reverse proxy configuration.  For a URL like:
> 
> http://www.mydomain.com/site/test
> 
> I want to rewrite it as https://www.mydomain.com/site/test
> 
> The trick is that "site" could be any number of different strings.  What 
> regular expression do I need to use to make this work?

If it's a fixed list, something like this should work:

RewriteCond %{HTTPS} !=on
RewriteRule "^(/(site|foo|bar|baz)/test.*)$" "https://%{HTTP_HOST}$1"; [NC,R,L]

Or, for //test:

RewriteCond %{HTTPS} !=on
RewriteRule "^(/[^/]+/test.*)$" "https://%{HTTP_HOST}$1"; [NC,R,L]

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[us...@httpd] Unresponsive apache webserver, memory issue

2011-01-04 Thread james

I'm having an issue with an apache web server running on CentOS5. After a 
few days/weeks of
running the server will become unresponsive and will require a physical
reboot in order to come back online. The system is so unresponsive when
the issue occurs that login at console is not even possible. 

I have atop installed and have looked back before the crash to see what
happened process wise and I can see the http starts using a lot of
memory and CPU usage. The vmcommit jumps from 1.8 GB to 4.8GB in a
matter of a few minutes. The VSIZE of the httpd process jumps from 8.1GB
to 36.9GB. So apache is doing something -- but how can I get historical
data for this? I also see that paging is very active, probably why the
server is unresponsive. I have looked through the apache logs and system
logs and there is nothing
obvious that is consuming all that memory. I know of the server-status
module for apache but that is only useful if you can get to the server
during the crash (I can't) and doesn't have any historical data. 

Once thing I have seen from server-status while the server is responding is 
the presence of many of these type of requests to the server from the 
server itself (always to "example.com" which is the first virtualhost 
listed in the apache config). I have researched this and on the apache wiki 
they say this is NOT a problem, however I don't see this at all on my other 
webservers. There are around 50-60 entries like the below at any one time 
-- meanwhile the server is handling between 2-5 requests. 




8-5  -   0/0/403 .
 0.0022370   0.0 0.007.07
 ::1 example.com OPTIONS * HTTP/1.0  


The unresponsive server issue occurs seemingly randomly, last time in the 
middle of the night with little or no user traffic. 

James

[us...@httpd] Rewrite rules

2011-01-04 Thread Jeff Poling

I am very new to apache configuration, having inherited responsibility for it 
this fall.  I need some assistance with (hopefully) a simple rewrite rule.

We are using apache in a reverse proxy configuration.  For a URL like:

http://www.mydomain.com/site/test

I want to rewrite it as https://www.mydomain.com/site/test

The trick is that "site" could be any number of different strings.  What 
regular expression do I need to use to make this work?

Any insight is greatly appreciated!

Jeff

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Is Apache ports unstable or my CA Unicentre giving false alerts

2011-01-04 Thread Igor Galić


- "sunhux G"  wrote:

> Just this morning I got the following alert followed by a
> recovery message at 07:56:57
> 
> 03/12/10 07:53 E5NKK1S -ABCDWEB8 ABCDWEB8 port iProject_Apache (83) is
> not responding
> 
> 03/12/10 07:56 E5NKK1S -ABCDWEB8 ABCDWEB8 port iProject_Apache (83)
> port OK
> 
> 
> I thought if extra pairs of eyes can have a look at the Apache
> Access logs below just to be sure I'm not missing anything:
> 
> So did my Apache stops responding or it's just the CA monitoring
> tool?

Take a look at mod_log_forensic:
http://httpd.apache.org/docs/current/mod/mod_log_forensic.html
Please... Check the error log.
Is that CA tool perhaps bombing your server?

Do you have any modules or firewalls enforcing policies which would
ban your monitoring tool?

Which of the below IPs is your monitoring?

See if you can repro.. Either with a (stress) test tool, or with
http://tcpreplay.synfin.net/


So long,
i


> 172.18.30.3 - - [26/Dec/2010:07:52:50 +0800] "GET /" 302 226 "-" "-"
> "0" "177"
> 172.18.30.2 - - [26/Dec/2010:07:52:53 +0800] "GET /" 302 226 "-" "-"
> "0" "184"
> 172.18.30.3 - - [26/Dec/2010:07:52:55 +0800] "GET /" 302 226 "-" "-"
> "0" "175"
> 172.18.30.2 - - [26/Dec/2010:07:52:58 +0800] "GET /" 302 226 "-" "-"
> "0" "171"
> 228.74.172.12 - - [26/Dec/2010:07:52:58 +0800] "GET
> /arc/accntings/transport/warrant.html HTTP/1.1" 200 1643 "
> http://www.bankng.com.au/arc/accntings.html " "Mozilla/5.0 (Windows;
> U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
> (.NET CLR 3.5.30729)" "0" "65620"
> 228.74.172.12 - - [26/Dec/2010:07:52:58 +0800] "GET
> /arc/images/icons/wo_careerScheme.png HTTP/1.1" 200 13439 "
> http://www.bankng.com.au/arc/accntings.html " "Mozilla/5.0 (Windows;
> U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
> (.NET CLR 3.5.30729)" "0" "55621"
> 160.96.2.106 - - [26/Dec/2010:07:52:49 +0800] "GET
> /content/ibankng/bankng_websites/atozlistings/fsd/infohub/_jcr_content/ibankngPars/0025/file.res/ikc2_all.pdf
> HTTP/1.0" 200 5708469 "-" "sgms-prod-crawler (Enterprise;
> T2-RZFWVYN9FQSJA; shine_s...@ncs.com.sg )" "10" "10072258"
> 172.18.30.3 - - [26/Dec/2010:07:53:00 +0800] "GET /" 302 226 "-" "-"
> "0" "206"
> 206.53.155.227 - - [26/Dec/2010:07:53:02 +0800] "GET
> /ibankng/rss/newsvideos.html HTTP/1.1" 302 113 "-" "Carpathia Server
> 1.0" "0" "179015"
> 172.18.30.2 - - [26/Dec/2010:07:53:03 +0800] "GET /" 302 226 "-" "-"
> "0" "194"
> 206.53.155.227 - - [26/Dec/2010:07:53:03 +0800] "GET
> /content/ibankng/rss/newsvideos.xml HTTP/1.1" 200 1709 "-" "Carpathia
> Server 1.0" "0" "138542"
> 172.18.30.3 - - [26/Dec/2010:07:53:05 +0800] "GET /" 302 226 "-" "-"
> "0" "179"
> 172.18.30.2 - - [26/Dec/2010:07:53:08 +0800] "GET /" 302 226 "-" "-"
> "0" "179"
> 160.96.2.106 - - [26/Dec/2010:07:52:46 +0800] "GET
> /content/ibankng/bankng_websites/topics/aarms09/news/news_letter/_jcr_content/ibankngPars/000191/file.res/AT5%20(PG2&3).pdf
> HTTP/1.0" 200 14594474 "-" "sgms-prod-crawler (Enterprise;
> T2-RZFWVYN9FQSJA; shine_s...@ncs.com.sg )" "24" "24297319"
> 172.18.30.3 - - [26/Dec/2010:07:53:10 +0800] "GET /" 302 226 "-" "-"
> "0" "168"
> 172.18.30.2 - - [26/Dec/2010:07:53:13 +0800] "GET /" 302 226 "-" "-"
> "0" "181"
> 172.18.30.3 - - [26/Dec/2010:07:53:15 +0800] "GET /" 302 226 "-" "-"
> "0" "178"
> 172.18.30.2 - - [26/Dec/2010:07:53:18 +0800] "GET /" 302 226 "-" "-"
> "0" "172"
> 228.74.172.12 - - [26/Dec/2010:07:53:18 +0800] "GET
> /arc/accntings/bank-dayprocessing/banner.html HTTP/1.1" 200 440 "
> http://www.bankng.com.au/arc/accntings.html " "Mozilla/5.0 (Windows;
> U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
> (.NET CLR 3.5.30729)" "0" "69903"
> 228.74.172.12 - - [26/Dec/2010:07:53:18 +0800] "GET
> /css/accnting_layout_1.css HTTP/1.1" 404 5812 "
> http://www.bankng.com.au/arc/accntings.html " "Mozilla/5.0 (Windows;
> U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
> (.NET CLR 3.5.30729)" "0" "4295"
> 228.74.172.12 - - [26/Dec/2010:07:53:18 +0800] "GET
> /arc/accntings/bank-dayprocessing/overview.html HTTP/1.1" 200 1513 "
> http://www.bankng.com.au/arc/accntings.html " "Mozilla/5.0 (Windows;
> U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
> (.NET CLR 3.5.30729)" "0" "81333"
> 228.74.172.12 - - [26/Dec/2010:07:53:19 +0800] "GET
> /arc/images/accntings/badges/small_bankdayprocessing.png HTTP/1.1" 200
> 8286 " http://www.bankng.com.au/arc/accntings.html " "Mozilla/5.0
> (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203
> Firefox/3.6.13 (.NET CLR 3.5.30729)" "0" "33876"
> 228.74.172.12 - - [26/Dec/2010:07:53:19 +0800] "GET
> /arc/images/accntings/backgrounds/bank-dayprocessing/bg.png HTTP/1.1"
> 200 12655 " http://www.bankng.com.au/arc/accntings.html " "Mozilla/5.0
> (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203
> Firefox/3.6.13 (.NET CLR 3.5.30729)" "0" "39134"
> 228.74.172.12 - - [26/Dec/2010:07:53:19 +0800] "GET
> /arc/images/accntings/contents/ban

RE: [us...@httpd] how to use ldap authentication

2011-01-04 Thread David Long

Hi Igor,
I am using Sun Sparc server. Solaris 10 (5/09).
I do not have LDAP SDK, I guess I need LDAP SDK to make it work.
Where do I put in LDAP SDK options?

Thanks
David Long

-Original Message-
From: Igor Galić [mailto:i.ga...@brainsware.org] 
Sent: Monday, January 03, 2011 4:30 PM
To: users@httpd.apache.org
Subject: Re: [us...@httpd] how to use ldap authentication


- "David Long"  wrote:

> I am trying to use httpd 2.2.17 with ldap authentication but get "ldap
> initialization failed" message
> Here is my configuration
> I downloaded apr 1.4.2 and apr-util 1.3.10

What Platform/OS/Distro/Version
Which LDAP SDK?

> For apr 1.4.2, I did "configure --prefix=/www/apache2/apr-httpd/"
> 
> For apr util 1.3.10, I did "configure
> --prefix=/www/apache2/apr-util-httpd/
> --with-apr=/www/apache2/apr-httpd/ --with-ldap"
> 
> For httpd-2.2.17
> configure --enable-ldap --enable-authnz-ldap
> 
> 
> All compiled and installed fine. In httpd.conf file I have following
> for my ldap authentication restricted folder.
> 
> AuthName "Staff Only"
> AuthType Basic
> AuthBasicProvider ldap
> AuthLDAPURL
> ldap://ldap.lynden.com:389/ou=people,dc=lynden,dc=com?uid?sub?(objectClass=organizationalPerson)
> AuthzLDAPAuthoritative off
> require valid-user
> 
> 
> I can started httpd. But when I hit restricted folder. I still got
> error.
> 
> Here is my error_log, parser fine but ldap initialization failed. How
> do I test my apache ldap function? Or do I need to recompile my
> apr-util?
> 
> [Wed Dec 29 15:37:12 2010] [debug] mod_authnz_ldap.c(1010): [293] 
> auth_ldap url parse: 
> `ldap://128.1.10.243:389/ou=people,dc=lynden,dc=com?uid?sub?(objectCla
> ss=organizationalPerson)', Host: 128.1.10.243:389, Port: 389, DN: 
> ou=people,dc=lynden,dc=com, attrib: uid, scope: subtree, filter: 
>  (objectClass=organizationalPerson), connection mode: not using SSL 

Should you be using SSL on this server?
What does ldapwhoami say? Or ldapsearch or simalar.

> [Wed Dec 29 15:37:12 2010] [debug] mod_authnz_ldap.c(403): [client 
> 12.171.37.10] [293] auth_ldap authenticate: using URL 
> ldap://128.1.10.243:389/ou=people,dc=lynden,dc=com?uid?sub?(objectClas
> s=organizationalPerson)
> [Wed Dec 29 15:37:12 2010] [info] [client 12.171.37.10] [293]
> auth_ldap authenticate: user dlong authentication failed; URI /EMU
> [LDAP: ldap initialization failed][Unknown error]

This error is really unhelpful :-/

> Can someone help?
> 
> Thanks in advance.
> 
> David Long

i

-- 
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.ga...@brainsware.org
URL: http://brainsware.org/

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] webdav antivir

2011-01-04 Thread Igor Galić

- "Hajo Locke"  wrote:

> Hello,
> 
> would like to activate virus scanning and block uploads for my webdav
> 
> clients.
> Is there a practicable way to do this?
> is someone using mod_clamav for apache? 
> http://software.othello.ch/mod_clamav/
> seems to be not very up to date. last version from 2009.

If it compiles, works, and doesn't have any (known/reported) bugs,
then it doesn't really much matter how old it is?
(Think about how old some of the modules 

> are there other solutions existent which stop uploading infected files
> to the webdav-share?

This thing only works in proxy mode. And from what I gather, it'll
not stop uploading - but just block it from serving.

> Thanks,
> Hajo 

i

-- 
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.ga...@brainsware.org
URL: http://brainsware.org/

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[us...@httpd] webdav antivir

2011-01-04 Thread Hajo Locke


Hello,

would like to activate virus scanning and block uploads for my webdav 
clients.

Is there a practicable way to do this?
is someone using mod_clamav for apache? 
http://software.othello.ch/mod_clamav/

seems to be not very up to date. last version from 2009.
are there other solutions existent which stop uploading infected files to 
the webdav-share?


Thanks,
Hajo 



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] SSL Client Authentication Problem

2011-01-04 Thread Igor Galić


- "Alan Brown"  wrote:

> Hi all,
> 
> I am working in a test environment with Apache v2.2.14 on XP Pro SP3
> and I 
> have experienced difficulties setting up SSL Client Authentication.
> 
> 
> 
> I have used the openssl command line tool to set up my private key,
> server 
> certificate, and a certificate authority, and I have configured the 
> httpd-ssl.conf file. All works as expected, except when I try to
> configure 
> SSL Client Authentication. All browsers report an error and are unable
> to 
> establish an SSL session, eg with Firefox :-
> 
> 
> 
> Secure Connection Failed
> 
> An error occurred during a connection to myhost_1.
> 
> SSL peer was unable to negotiate an acceptable set of security
> parameters.
> 
> (Error code: ssl_error_handshake_failure_alert)
> 
> 
> 
> (myhost_1 is configured as 127.0.0.1 in hosts file)
> 
> 
> 
> In the config which works I have :-
> 
> 
> 
> 
> 
> SSLEngine on
> 
> SSLCipherSuite 
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> 
> SSLCertificateFile "/xampp/xampp/apache/conf/test/server.crt"
> 
> SSLCertificateKeyFile "/xampp/xampp/apache/conf/test/server.key"
> 
> #SSLCACertificateFile "/xampp/xampp/apache/conf/test/ca/ca.crt"
> 
> #SSLVerifyClient require
> 
> #SSLVerifyDepth  10
> 
> 
> 
> 
> 
> When I uncomment the lines to configure SSL Client Authentication then
> I get 
> the above errors. The browser is supposed to request which client 
> certificate the user wants to use, then I can select the one I created
> and 
> signed with ca.crt, which I have set as a trusted CA in the browser.
> 
> 
> 
> My Apache server has the following identifier (from HTTP Response
> header) :-
> 
> Server: Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l 
> mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4
> 
> Perl/v5.10.1
> 
> 
> 
> The openssl version I am using is also 0.9.8l (l for 'link').

No. OpenSSL 0.9.8l is a version regularily released: 
http://www.openssl.org/source/

 
> Here are the openssl commands I used :-
> 
> 
> 
> openssl genrsa -out ca.key 1024
> 
> openssl req -new -key ca.key -x509 -days 60 -out ca.crt
> 
> openssl genrsa -out server.key 1024
> 
> openssl req -new -key server.key  -days 90 -out server.csr
> 
> openssl x509 -req -in server.csr -set_serial 451470 -CA ca\ca.crt
> -CAkey 
> ca\ca.key -out server.crt
> 
> openssl genrsa -out client_a.key 1024
> 
> openssl req -new -key client_a.key  -days 90 -out client_a.csr
> 
> openssl x509 -req -in client_a.csr -set_serial 451470 -CA 
> ..\ca\ca.crt -CAkey ..\ca\ca.key -out client_a.crt
> 
> 
> 
> I have carefully studied all documentation and I just wonder why this
> is not 
> working - have I misunderstood something or is there possibly a bug?
> 
> 
> 
> Thanks in advance for any advice.

Instead of involving a browser, which is a big, complex and opaque thing,
can you please test with openssl s_client?

> Alan.

So long,
i

-- 
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.ga...@brainsware.org
URL: http://brainsware.org/

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Custom authentication?

2011-01-04 Thread Nick Kew

On 4 Jan 2011, at 12:05, MegaBrutal wrote:

> Sorry if I'm wrong. If the user is redirected from a different
> location, is it possible that checking the HTTP Referrer might do the
> work?

No.  Try it with privacy settings in your browser, or on your network.

To the OP, what you're asking looks like a session token, which could
be implemented with your choice of session management software.
Anything from an ugly mod_rewrite hack through apache's session
modules to an enterprise appserver.

-- 
Nick Kew

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Custom authentication?

2011-01-04 Thread Oliver Beattie

Thanks for the suggestion, it's very clever, but we can't run the risk of
allowing unauthenticated access to files I'm afraid. So it looks like pretty
much the only solution is to serve the file with a script — does anyone know
if this is going to impact performance? We have a lot of downloads a day on
files as large as 6GB (the reason I need to move to this model of mirrors
is because it was saturating a 1gbs link).

—Oliver


On 4 January 2011 12:05, MegaBrutal  wrote:

> Sorry if I'm wrong. If the user is redirected from a different
> location, is it possible that checking the HTTP Referrer might do the
> work? Assume, the other server has already authenticated the user, so
> you don't need to authenticate him again; you just grant access to the
> file if its referrer matches with the page that is expected to
> redirect the user to your site. The obvious problem with this,
> however, that it causes loose security. Anyone who knows the address
> of the page that's expected to redirect the user after the
> authentication, may generate a custom HTTP request that fakes a
> referrer header, bypassing the authentication. I think you may still
> verify the authenticity of the user by query parameters, and only by
> such parameters, forgetting the HTTP authentication completely. Yes,
> in that case, Range requests might get trickier; though I guess,
> fetching and interpreting the "Range" header, and performing a seek on
> the file shouldn't make your script much more complicated.
>
>
> 2011/1/4 Oliver Beattie :
> > Actually, that won't work… we need to be able to support clients that do
> not
> > support cookies (APT)
> >
> > —Oliver
> >
> >
> > On 4 January 2011 11:30, Oliver Beattie  wrote:
> >>
> >> Thanks for your quick reply… unfortunately I can't set a cookie. Another
> >> machine (different domain) is redirecting the user to this server (auth
> >> happens on that server) and this server is in effect acting as (one of
> >> several identically-configured) mirrors. However, it may be possible to
> >> redirect them to a location on the mirror that sets the cookie?
> >>
> >> —Oliver
> >>
> >>
> >> On 4 January 2011 11:28, Mark Watts  wrote:
> >>>
> >>> -BEGIN PGP SIGNED MESSAGE-
> >>> Hash: SHA1
> >>>
> >>> On 01/04/2011 11:19 AM, Oliver Beattie wrote:
> >>> > Hi there,
> >>> >
> >>> > I am sure this question has likely been asked many times before, I'm
> >>> > just having a bit of a hard time finding answers.
> >>> >
> >>> > Basically, I need to be able to authenticate downloads based on a URL
> >>> > signature if present (passed as a query parameter), instead of via
> >>> > Basic
> >>> > authentication (I need to support both of these, but bypass the basic
> >>> > auth if no signature is present). It isn't a requirement that they
> live
> >>> > at the same path, so they can be at different virtual
> hosts/directories
> >>> > if necessary.
> >>> >
> >>> > At first, I thought the best way to do this would be just through a
> >>> > simple CGI/WSGI/whatever, but the files I am authenticating access to
> >>> > are very large (many GB) and I fear there may be a performance
> >>> > implication of doing this (and things like Range requests won't be
> >>> > possible without extra work).
> >>> >
> >>> > Has anyone had any experience with this? What is the best way to
> >>> > proceed? Any help anyone could give would be very much appreciated :)
> >>> >
> >>> > —Oliver
> >>>
> >>> After authentication, set a cookie with a sensible lifetime (~1 day).
> >>> If the cookie is set and valid allow the download, otherwise redirect
> to
> >>> the login page.
> >>>
> >>> Mark.
> >>>
> >>> - --
> >>> Mark Watts BSc RHCE
> >>> Senior Systems Engineer, MSS Secure Managed Hosting
> >>> www.QinetiQ.com
> >>> QinetiQ - Delivering customer-focused solutions
> >>> GPG Key: http://www.linux-corner.info/mwatts.gpg
> >>> -BEGIN PGP SIGNATURE-
> >>> Version: GnuPG v1.4.11 (GNU/Linux)
> >>> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
> >>>
> >>> iEYEARECAAYFAk0jBFUACgkQBn4EFUVUIO2+lACg25ZDyyLlcM5B6KYU+zB5k/6d
> >>> 23kAn0eWbv+M4Z9vpWWo9yD8TeJl5aiI
> >>> =sGQx
> >>> -END PGP SIGNATURE-
> >>
> >
> >
>
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>   "   from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [us...@httpd] Custom authentication?

2011-01-04 Thread MegaBrutal

Sorry if I'm wrong. If the user is redirected from a different
location, is it possible that checking the HTTP Referrer might do the
work? Assume, the other server has already authenticated the user, so
you don't need to authenticate him again; you just grant access to the
file if its referrer matches with the page that is expected to
redirect the user to your site. The obvious problem with this,
however, that it causes loose security. Anyone who knows the address
of the page that's expected to redirect the user after the
authentication, may generate a custom HTTP request that fakes a
referrer header, bypassing the authentication. I think you may still
verify the authenticity of the user by query parameters, and only by
such parameters, forgetting the HTTP authentication completely. Yes,
in that case, Range requests might get trickier; though I guess,
fetching and interpreting the "Range" header, and performing a seek on
the file shouldn't make your script much more complicated.

2011/1/4 Oliver Beattie :
> Actually, that won't work… we need to be able to support clients that do not
> support cookies (APT)
>
> —Oliver
>
>
> On 4 January 2011 11:30, Oliver Beattie  wrote:
>>
>> Thanks for your quick reply… unfortunately I can't set a cookie. Another
>> machine (different domain) is redirecting the user to this server (auth
>> happens on that server) and this server is in effect acting as (one of
>> several identically-configured) mirrors. However, it may be possible to
>> redirect them to a location on the mirror that sets the cookie?
>>
>> —Oliver
>>
>>
>> On 4 January 2011 11:28, Mark Watts  wrote:
>>>
>>> -BEGIN PGP SIGNED MESSAGE-
>>> Hash: SHA1
>>>
>>> On 01/04/2011 11:19 AM, Oliver Beattie wrote:
>>> > Hi there,
>>> >
>>> > I am sure this question has likely been asked many times before, I'm
>>> > just having a bit of a hard time finding answers.
>>> >
>>> > Basically, I need to be able to authenticate downloads based on a URL
>>> > signature if present (passed as a query parameter), instead of via
>>> > Basic
>>> > authentication (I need to support both of these, but bypass the basic
>>> > auth if no signature is present). It isn't a requirement that they live
>>> > at the same path, so they can be at different virtual hosts/directories
>>> > if necessary.
>>> >
>>> > At first, I thought the best way to do this would be just through a
>>> > simple CGI/WSGI/whatever, but the files I am authenticating access to
>>> > are very large (many GB) and I fear there may be a performance
>>> > implication of doing this (and things like Range requests won't be
>>> > possible without extra work).
>>> >
>>> > Has anyone had any experience with this? What is the best way to
>>> > proceed? Any help anyone could give would be very much appreciated :)
>>> >
>>> > —Oliver
>>>
>>> After authentication, set a cookie with a sensible lifetime (~1 day).
>>> If the cookie is set and valid allow the download, otherwise redirect to
>>> the login page.
>>>
>>> Mark.
>>>
>>> - --
>>> Mark Watts BSc RHCE
>>> Senior Systems Engineer, MSS Secure Managed Hosting
>>> www.QinetiQ.com
>>> QinetiQ - Delivering customer-focused solutions
>>> GPG Key: http://www.linux-corner.info/mwatts.gpg
>>> -BEGIN PGP SIGNATURE-
>>> Version: GnuPG v1.4.11 (GNU/Linux)
>>> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
>>>
>>> iEYEARECAAYFAk0jBFUACgkQBn4EFUVUIO2+lACg25ZDyyLlcM5B6KYU+zB5k/6d
>>> 23kAn0eWbv+M4Z9vpWWo9yD8TeJl5aiI
>>> =sGQx
>>> -END PGP SIGNATURE-
>>
>
>

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Custom authentication?

2011-01-04 Thread Oliver Beattie

Actually, that won't work… we need to be able to support clients that do not
support cookies (APT)

—Oliver


On 4 January 2011 11:30, Oliver Beattie  wrote:

> Thanks for your quick reply… unfortunately I can't set a cookie. Another
> machine (different domain) is redirecting the user to this server (auth
> happens on that server) and this server is in effect acting as (one of
> several identically-configured) mirrors. However, it may be possible to
> redirect them to a location on the mirror that sets the cookie?
>
> —Oliver
>
>
> On 4 January 2011 11:28, Mark Watts  wrote:
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> On 01/04/2011 11:19 AM, Oliver Beattie wrote:
>> > Hi there,
>> >
>> > I am sure this question has likely been asked many times before, I'm
>> > just having a bit of a hard time finding answers.
>> >
>> > Basically, I need to be able to authenticate downloads based on a URL
>> > signature if present (passed as a query parameter), instead of via Basic
>> > authentication (I need to support both of these, but bypass the basic
>> > auth if no signature is present). It isn't a requirement that they live
>> > at the same path, so they can be at different virtual hosts/directories
>> > if necessary.
>> >
>> > At first, I thought the best way to do this would be just through a
>> > simple CGI/WSGI/whatever, but the files I am authenticating access to
>> > are very large (many GB) and I fear there may be a performance
>> > implication of doing this (and things like Range requests won't be
>> > possible without extra work).
>> >
>> > Has anyone had any experience with this? What is the best way to
>> > proceed? Any help anyone could give would be very much appreciated :)
>> >
>> > —Oliver
>>
>> After authentication, set a cookie with a sensible lifetime (~1 day).
>> If the cookie is set and valid allow the download, otherwise redirect to
>> the login page.
>>
>> Mark.
>>
>> - --
>> Mark Watts BSc RHCE
>> Senior Systems Engineer, MSS Secure Managed Hosting
>> www.QinetiQ.com
>> QinetiQ - Delivering customer-focused solutions
>> GPG Key: http://www.linux-corner.info/mwatts.gpg
>> -BEGIN PGP SIGNATURE-
>> Version: GnuPG v1.4.11 (GNU/Linux)
>> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
>>
>> iEYEARECAAYFAk0jBFUACgkQBn4EFUVUIO2+lACg25ZDyyLlcM5B6KYU+zB5k/6d
>> 23kAn0eWbv+M4Z9vpWWo9yD8TeJl5aiI
>> =sGQx
>> -END PGP SIGNATURE-
>>
>
>

Re: [us...@httpd] Custom authentication?

2011-01-04 Thread Oliver Beattie

Thanks for your quick reply… unfortunately I can't set a cookie. Another
machine (different domain) is redirecting the user to this server (auth
happens on that server) and this server is in effect acting as (one of
several identically-configured) mirrors. However, it may be possible to
redirect them to a location on the mirror that sets the cookie?

—Oliver


On 4 January 2011 11:28, Mark Watts  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 01/04/2011 11:19 AM, Oliver Beattie wrote:
> > Hi there,
> >
> > I am sure this question has likely been asked many times before, I'm
> > just having a bit of a hard time finding answers.
> >
> > Basically, I need to be able to authenticate downloads based on a URL
> > signature if present (passed as a query parameter), instead of via Basic
> > authentication (I need to support both of these, but bypass the basic
> > auth if no signature is present). It isn't a requirement that they live
> > at the same path, so they can be at different virtual hosts/directories
> > if necessary.
> >
> > At first, I thought the best way to do this would be just through a
> > simple CGI/WSGI/whatever, but the files I am authenticating access to
> > are very large (many GB) and I fear there may be a performance
> > implication of doing this (and things like Range requests won't be
> > possible without extra work).
> >
> > Has anyone had any experience with this? What is the best way to
> > proceed? Any help anyone could give would be very much appreciated :)
> >
> > —Oliver
>
> After authentication, set a cookie with a sensible lifetime (~1 day).
> If the cookie is set and valid allow the download, otherwise redirect to
> the login page.
>
> Mark.
>
> - --
> Mark Watts BSc RHCE
> Senior Systems Engineer, MSS Secure Managed Hosting
> www.QinetiQ.com
> QinetiQ - Delivering customer-focused solutions
> GPG Key: http://www.linux-corner.info/mwatts.gpg
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk0jBFUACgkQBn4EFUVUIO2+lACg25ZDyyLlcM5B6KYU+zB5k/6d
> 23kAn0eWbv+M4Z9vpWWo9yD8TeJl5aiI
> =sGQx
> -END PGP SIGNATURE-
>

Re: [us...@httpd] Custom authentication?

2011-01-04 Thread Mark Watts

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 01/04/2011 11:19 AM, Oliver Beattie wrote:
> Hi there,
> 
> I am sure this question has likely been asked many times before, I'm
> just having a bit of a hard time finding answers.
> 
> Basically, I need to be able to authenticate downloads based on a URL
> signature if present (passed as a query parameter), instead of via Basic
> authentication (I need to support both of these, but bypass the basic
> auth if no signature is present). It isn't a requirement that they live
> at the same path, so they can be at different virtual hosts/directories
> if necessary. 
> 
> At first, I thought the best way to do this would be just through a
> simple CGI/WSGI/whatever, but the files I am authenticating access to
> are very large (many GB) and I fear there may be a performance
> implication of doing this (and things like Range requests won't be
> possible without extra work).
> 
> Has anyone had any experience with this? What is the best way to
> proceed? Any help anyone could give would be very much appreciated :)
> 
> —Oliver

After authentication, set a cookie with a sensible lifetime (~1 day).
If the cookie is set and valid allow the download, otherwise redirect to
the login page.

Mark.

- -- 
Mark Watts BSc RHCE
Senior Systems Engineer, MSS Secure Managed Hosting
www.QinetiQ.com
QinetiQ - Delivering customer-focused solutions
GPG Key: http://www.linux-corner.info/mwatts.gpg
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk0jBFUACgkQBn4EFUVUIO2+lACg25ZDyyLlcM5B6KYU+zB5k/6d
23kAn0eWbv+M4Z9vpWWo9yD8TeJl5aiI
=sGQx
-END PGP SIGNATURE-

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[us...@httpd] Custom authentication?

2011-01-04 Thread Oliver Beattie

Hi there,

I am sure this question has likely been asked many times before, I'm just
having a bit of a hard time finding answers.

Basically, I need to be able to authenticate downloads based on a URL
signature if present (passed as a query parameter), instead of via Basic
authentication (I need to support both of these, but bypass the basic auth
if no signature is present). It isn't a requirement that they live at the
same path, so they can be at different virtual hosts/directories if
necessary.

At first, I thought the best way to do this would be just through a simple
CGI/WSGI/whatever, but the files I am authenticating access to are very
large (many GB) and I fear there may be a performance implication of doing
this (and things like Range requests won't be possible without extra work).

Has anyone had any experience with this? What is the best way to proceed?
Any help anyone could give would be very much appreciated :)

—Oliver

Re: [us...@httpd] how to use ldap authentication

2011-01-03 Thread Igor Galić


- "David Long"  wrote:

> I am trying to use httpd 2.2.17 with ldap authentication but get "ldap
> initialization failed" message
> Here is my configuration
> I downloaded apr 1.4.2 and apr-util 1.3.10

What Platform/OS/Distro/Version
Which LDAP SDK?

> For apr 1.4.2, I did "configure --prefix=/www/apache2/apr-httpd/"
> 
> For apr util 1.3.10, I did "configure
> --prefix=/www/apache2/apr-util-httpd/
> --with-apr=/www/apache2/apr-httpd/ --with-ldap"
> 
> For httpd-2.2.17
> configure --enable-ldap --enable-authnz-ldap
> 
> 
> All compiled and installed fine. In httpd.conf file I have following
> for my ldap authentication restricted folder.
> 
> AuthName "Staff Only"
> AuthType Basic
> AuthBasicProvider ldap
> AuthLDAPURL
> ldap://ldap.lynden.com:389/ou=people,dc=lynden,dc=com?uid?sub?(objectClass=organizationalPerson)
> AuthzLDAPAuthoritative off
> require valid-user
> 
> 
> I can started httpd. But when I hit restricted folder. I still got
> error.
> 
> Here is my error_log, parser fine but ldap initialization failed. How
> do I test my apache ldap function? Or do I need to recompile my
> apr-util?
> 
> [Wed Dec 29 15:37:12 2010] [debug] mod_authnz_ldap.c(1010): [293] 
> auth_ldap url parse: 
> `ldap://128.1.10.243:389/ou=people,dc=lynden,dc=com?uid?sub?(objectCla
> ss=organizationalPerson)', Host: 128.1.10.243:389, Port: 389, DN: 
> ou=people,dc=lynden,dc=com, attrib: uid, scope: subtree, filter: 
>  (objectClass=organizationalPerson), connection mode: not using SSL 

Should you be using SSL on this server?
What does ldapwhoami say? Or ldapsearch or simalar.

> [Wed Dec 29 15:37:12 2010] [debug] mod_authnz_ldap.c(403): [client 
> 12.171.37.10] [293] auth_ldap authenticate: using URL 
> ldap://128.1.10.243:389/ou=people,dc=lynden,dc=com?uid?sub?(objectClas
> s=organizationalPerson)
> [Wed Dec 29 15:37:12 2010] [info] [client 12.171.37.10] [293]
> auth_ldap authenticate: user dlong authentication failed; URI /EMU
> [LDAP: ldap initialization failed][Unknown error]

This error is really unhelpful :-/

> Can someone help?
> 
> Thanks in advance.
> 
> David Long

i

-- 
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.ga...@brainsware.org
URL: http://brainsware.org/

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[us...@httpd] how to use ldap authentication

2011-01-03 Thread David Long

I am trying to use httpd 2.2.17 with ldap authentication but get "ldap 
initialization failed" message
Here is my configuration
I downloaded apr 1.4.2 and apr-util 1.3.10

For apr 1.4.2, I did "configure --prefix=/www/apache2/apr-httpd/"

For apr util 1.3.10, I did "configure --prefix=/www/apache2/apr-util-httpd/ 
--with-apr=/www/apache2/apr-httpd/ --with-ldap"

For httpd-2.2.17
configure --enable-ldap --enable-authnz-ldap


All compiled and installed fine. In httpd.conf file I have following for my 
ldap authentication restricted folder.

AuthName "Staff Only"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPURL 
ldap://ldap.lynden.com:389/ou=people,dc=lynden,dc=com?uid?sub?(objectClass=organizationalPerson)
AuthzLDAPAuthoritative off
require valid-user


I can started httpd. But when I hit restricted folder. I still got error.

Here is my error_log, parser fine but ldap initialization failed. How do I test 
my apache ldap function? Or do I need to recompile my apr-util?

[Wed Dec 29 15:37:12 2010] [debug] mod_authnz_ldap.c(1010): [293] 
auth_ldap url parse: 
`ldap://128.1.10.243:389/ou=people,dc=lynden,dc=com?uid?sub?(objectCla
ss=organizationalPerson)', Host: 128.1.10.243:389, Port: 389, DN: 
ou=people,dc=lynden,dc=com, attrib: uid, scope: subtree, filter: 
 (objectClass=organizationalPerson), connection mode: not using SSL 
 [Wed Dec 29 15:37:12 2010] [debug] mod_authnz_ldap.c(403): [client 
12.171.37.10] [293] auth_ldap authenticate: using URL 
ldap://128.1.10.243:389/ou=people,dc=lynden,dc=com?uid?sub?(objectClas
s=organizationalPerson) [Wed Dec 29 15:37:12 2010] [info] [client 
12.171.37.10] [293] auth_ldap authenticate: user dlong authentication 
failed; URI /EMU [LDAP: ldap initialization failed][Unknown error]

Can someone help?

Thanks in advance.

David Long

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Adding multiple keys and cert to a virtual host

2011-01-03 Thread Krist van Besien

On Sun, Jan 2, 2011 at 8:21 PM, Mohit Anchlia  wrote:
> Apache 2:
>
> I have a need to add multiple certs and keys to a given virtual host.
> I don't see a way to add multiple keys or certs to one virtual host.
> For eg: key and cert for abc.com and def.com in  10.10.10.101:80>
>
> Is there a way to do this? For java security for eg we use keytool.
> Can someone please suggest how to do it if it possible?

For different certificates presented to different hostnames you will
need to define seperate virtualhosts for them. There is just no other
way.

-- 
krist.vanbes...@gmail.com
kr...@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

RE: FW: [us...@httpd] help on compile 2.2.17 with ldap support

2011-01-03 Thread David Long

Thanks Rainer,
I will start a new discussion about ldap authentication.

David Long

-Original Message-
From: Rainer Jung [mailto:rainer.j...@kippdata.de] 
Sent: Thursday, December 30, 2010 12:09 PM
To: users@httpd.apache.org
Subject: Re: FW: [us...@httpd] help on compile 2.2.17 with ldap support

Hi David,

I'm not an LDAP expert. I suggest now that it seems the compilation 
worked fine and ldao is in place, you start a new discussion thread 
about how to use ldap authentication.

Please provide your configuration and th below error messages when 
starting that discussion.

Regards,

Rainer

On 30.12.2010 18:10, David Long wrote:
> Hi Rainer,
> I followed those two document and corrected my configuration.
> Now http started fine. But when I hit the restricted folder. I still got 
> error.
> Here is my error_log, parser fine but ldap initialization failed. How do I 
> test my apache ldap function? Or do I need to recompile my apr-util?
>
> [Wed Dec 29 15:37:12 2010] [debug] mod_authnz_ldap.c(1010): [293] auth_ldap 
> url parse: 
> `ldap://128.1.10.243:389/ou=people,dc=lynden,dc=com?uid?sub?(objectClass=organizationalPerson)',
>  Host: 128.1.10.243:389, Port: 389, DN: ou=people,dc=lynden,dc=com, attrib: 
> uid, scope: subtree, filter: (objectClass=organizationalPerson), connection 
> mode: not using SSL
> [Wed Dec 29 15:37:12 2010] [debug] mod_authnz_ldap.c(403): [client 
> 12.171.37.10] [293] auth_ldap authenticate: using URL 
> ldap://128.1.10.243:389/ou=people,dc=lynden,dc=com?uid?sub?(objectClass=organizationalPerson)
> [Wed Dec 29 15:37:12 2010] [info] [client 12.171.37.10] [293] auth_ldap 
> authenticate: user dlong authentication failed; URI /EMU [LDAP: ldap 
> initialization failed][Unknown error]
>
> Thanks
> David Long
>
> -Original Message-
> From: Rainer Jung [mailto:rainer.j...@kippdata.de]
> Sent: Tuesday, December 28, 2010 1:19 PM
> To: users@httpd.apache.org
> Subject: Re: FW: [us...@httpd] help on compile 2.2.17 with ldap support
>
> On 28.12.2010 20:15, David Long wrote:
>> Hi Rainer,
>> I downloaded apr 1.4.2 and apr-util 1.3.10
>> For apr 1.4.2, I did "configure --prefix=/www/apache2/apr-httpd/"
>> For apr util 1.3.10, I did "configure --prefix=/www/apache2/apr-util-httpd/ 
>> --with-apr=/www/apache2/apr-httpd/ --with-ldap"
>>
>> For httpd-2.2.17
>> configure \
>> "--prefix=/www/apache2" \
>> "--with-apr=/www/apache2/apr-httpd/" \
>> "--with-apr-util=/www/apache2/apr-util-httpd/" \
>> "--enable-so" \
>> "--enable-proxy" \
>> "--enable-ssl" \
>> "--enable-deflate" \
>> "--enable-rewrite" \
>> "--enable-headers" \
>> "--enable-cgid" \
>> "--enable-ldap" \
>> "--enable-authnz-ldap" \
>> "$@"
>>
>> All compiled and installed fine.
>>
>> But I got error when I started http,
>> # bin/apachectl start
>> Syntax error on line 115 of 
>> /www/apache2/conf/sites-enabled/www.lynden.com.conf:
>> Invalid command 'LDAP_Server', perhaps misspelled or defined by a module not 
>> included in the server configuration
>
> That's true, there is no configuration directive named "LDAP_Server".
>
>> I had line like "LDAP_Server 128.1.10.243" in config file.
>
> So that is a configuration error.
>
> See
>
> http://httpd.apache.org/docs/2.2/en/mod/mod_ldap.html
>
> and
>
> http://httpd.apache.org/docs/2.2/en/mod/mod_authnz_ldap.html
>
>> I checked "util_ldap.c" is in the httpd -l listing
>> # /www/apache2/bin/httpd -l
>> Compiled in modules:
>> core.c
>> mod_authn_file.c
>> mod_authn_default.c
>> mod_authz_host.c
>> mod_authz_groupfile.c
>> mod_authz_user.c
>> mod_authnz_ldap.c
>> mod_authz_default.c
>> mod_auth_basic.c
>> mod_include.c
>> mod_filter.c
>> mod_deflate.c
>> util_ldap.c
>
> Correct. This is (unfortunately) the name of mod_ldap when compiled in
> statically.
>
>> mod_log_config.c
>> mod_env.c
>> mod_headers.c
>> mod_setenvif.c
>> mod_version.c
>> mod_proxy.c
>> mod_proxy_connect.c
>> mod_proxy_ftp.c
>> mod_proxy_http.c
>> mod_proxy_scgi.c
>> mod_proxy_ajp.c
>> mod_proxy_balancer.c
>> mod_ssl.c
>> prefork.c
>> http_core.c
>> mod_mime.c
>> mod_status.c
>> mod_autoindex.c
>> mod_asis.c
>> mod_cgi.c
>> mo

[us...@httpd] Re: mod_rewrite and UserDir

2011-01-02 Thread Michelle Konzack

Hahaha I must reply to my self!

I have forgotten,  exist,
which hast EXACTLY what I need.

Thanks, Greetings and nice Day/Evening
Michelle Konzack

-- 
# Debian GNU/Linux Consultant ##
   Development of Intranet and Embedded Systems with Debian GNU/Linux

itsyst...@tdnet France EURL   itsyst...@tdnet UG (limited liability)
Owner Michelle KonzackOwner Michelle Konzack

Apt. 917 (homeoffice)
50, rue de Soultz Kinzigstraße 17
67100 Strasbourg/France   77694 Kehl/Germany
Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil
Tel: +33-9-52705884 fix

  
 

Jabber linux4miche...@jabber.ccc.de
ICQ#328449886

Linux-User #280138 with the Linux Counter, http://counter.li.org/


signature.pgp
Description: Digital signature

Re: [us...@httpd] Adding multiple keys and cert to a virtual host

2011-01-02 Thread Mohit Anchlia

On Sun, Jan 2, 2011 at 12:59 PM, Eric Covener  wrote:
> On Sun, Jan 2, 2011 at 2:21 PM, Mohit Anchlia  wrote:
>> Apache 2:
>>
>> I have a need to add multiple certs and keys to a given virtual host.
>> I don't see a way to add multiple keys or certs to one virtual host.
>> For eg: key and cert for abc.com and def.com in > 10.10.10.101:80>
>>
>> Is there a way to do this? For java security for eg we use keytool.
>> Can someone please suggest how to do it if it possible?
>
> The closest you can get is the SNI support in Apache, which will
> require separate virtual hosts.
>
> http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI

Is there no way to import all the certs and keys into one file and
then just use that one file in VirtualHost? For eg: export all certs
in certs.crt and keys.crt for abc.com and def.com and then use it in
httpd conf file:

SSLCertificateFile /usr/local/apache2/conf/ssl.crt/certs.crt
SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/keys.key

Trying to see the easiest way of doing it.
>
>
>>
>> -
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>>   "   from the digest: users-digest-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>>
>>
>
>
>
> --
> Eric Covener
> cove...@gmail.com
>
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>   "   from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Adding multiple keys and cert to a virtual host

2011-01-02 Thread Eric Covener

On Sun, Jan 2, 2011 at 2:21 PM, Mohit Anchlia  wrote:
> Apache 2:
>
> I have a need to add multiple certs and keys to a given virtual host.
> I don't see a way to add multiple keys or certs to one virtual host.
> For eg: key and cert for abc.com and def.com in  10.10.10.101:80>
>
> Is there a way to do this? For java security for eg we use keytool.
> Can someone please suggest how to do it if it possible?

The closest you can get is the SNI support in Apache, which will
require separate virtual hosts.

http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI

>
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>   "   from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

-- 
Eric Covener
cove...@gmail.com

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[us...@httpd] Adding multiple keys and cert to a virtual host

2011-01-02 Thread Mohit Anchlia

Apache 2:

I have a need to add multiple certs and keys to a given virtual host.
I don't see a way to add multiple keys or certs to one virtual host.
For eg: key and cert for abc.com and def.com in 

Is there a way to do this? For java security for eg we use keytool.
Can someone please suggest how to do it if it possible?

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

1 2 3 4 5 6 7 8 9 10 >

1 - 100 of 13349 matches

Mail list logo