Re: [EMAIL PROTECTED] Running 2 VirtualHosts under different Users.

2007-12-13 Thread Christian Folini
Hi there, I'd work with multiple apaches and possibly a proxy setup, where the code writing one sits behind in the 2nd layer. regs, Christian On Fri, Dec 14, 2007 at 12:22:05PM +0530, Gaurav Pruthi wrote: > Hi, > > I have 2 virtualhosts configured under apache. Apache runs as user apache, > gr

[EMAIL PROTECTED] Dimitar Georgievski is out of the office.

2007-12-13 Thread DGeorgie
I will be out of the office starting 12/14/2007 and will not return until 12/21/2007. I will respond to your message when I return. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd

[EMAIL PROTECTED] Running 2 VirtualHosts under different Users.

2007-12-13 Thread Gaurav Pruthi
Hi, I have 2 virtualhosts configured under apache. Apache runs as user apache, group: apache. I ham using apache 1.3.39. My first virtualHost requires write permissions to the code so i have given write permissions to the code so that apache can write, modify to it. DocumentRoot for 1st VirtualHos

[EMAIL PROTECTED] Question about installing apache 2.0.59 on solaris 10

2007-12-13 Thread pdt_p
Hi... I download binary distribution for Apache HTTP server version 2.0.55. i download it from : http://apache.wildit.net.au/httpd/binaries/solaris/ in the readme.bindist and install.bindist file, it say that i have to run install-bindist.sh in this case my path for apahce is /home/myuser/apach

[EMAIL PROTECTED] Authentication via Kerberos

2007-12-13 Thread Bryan Richardson
Hello, I'm not new to Apache, but I am new to trying to set up authentication other than the basic type. I've been tasked to set up a Trac site for software projects within my organization at work, and I'm required to restrict access on a need-to-know basis. Our company uses Active Directory (of

Re: [EMAIL PROTECTED] RewriteRule exposing system directories

2007-12-13 Thread Samuel Vogel
It seems like Apache just forgets about the "../". A relative path to "../wcf/" called from "wbb.samy.domain.de" results in the following: [Thu Dec 13 21:26:24 2007] [error] [client 160.94.18.117] File does not exist: /data/apache/users/domain.de/samy/www/wbb/wcf, referer: http://wbb.samy.domain

RE: [EMAIL PROTECTED] VirtualHost Ignored For New URL

2007-12-13 Thread James Ellis
I figured out how to do it: NameVirtualHost server1.development:443Keyfile /opt/IBMIHS/ssl/mykeyfile.kdbSSLEnableSSLClientAuth 0ServerName server1Alias /wcsstore "/opt/WebSphere/AppServer/installedApps/stdwcs1/WC_wcsdev.ear/Stores.war"Alias /wcs "/opt/We

Re: [EMAIL PROTECTED] RewriteRule exposing system directories

2007-12-13 Thread Vincent Bray
On 13/12/2007, Samuel Vogel <[EMAIL PROTECTED]> wrote: > I don't understand why it worked beforehand with my insecure RewriteRule. > Also in my opinion mod_rewrite should/does not change the path, it just > makes it appear different!? > > For example, when I call "samy.domain.de/wbb" it works, but

Re: [EMAIL PROTECTED] RewriteRule exposing system directories

2007-12-13 Thread Samuel Vogel
Vincent Bray schrieb: On 13/12/2007, Samuel Vogel <[EMAIL PROTECTED]> wrote: I did that, but unfortunately it breaks something else, which worked before. When a page in a subdirectory tried to get an image from an directory relative to the docroot, that does not work anymore. This can be seen

Re: [EMAIL PROTECTED] RewriteRule exposing system directories

2007-12-13 Thread Vincent Bray
On 13/12/2007, Samuel Vogel <[EMAIL PROTECTED]> wrote: > I did that, but unfortunately it breaks something else, which worked > before. When a page in a subdirectory tried to get an image from an > directory relative to the docroot, that does not work anymore. > This can be seen here: http://tinyur

Re: [EMAIL PROTECTED] RewriteRule exposing system directories

2007-12-13 Thread Samuel Vogel
Ok, thanks for the hint! I did that, but unfortunately it breaks something else, which worked before. When a page in a subdirectory tried to get an image from an directory relative to the docroot, that does not work anymore. This can be seen here: http://tinyurl.com/37owgr How can I fix this?

Re: [EMAIL PROTECTED] virtual server addition disabled main server

2007-12-13 Thread Tonu Mikk
Eric, Thanks for the tip! I got it working! I did the following: NameVirtualHost * ServerName domain.maindomain ...other directives ServerName anotherdomain.maindomain ...other directives Eric Covener wrote: On Dec 13, 2007 1:22 PM, Tonu Mikk <[EMAIL PROTECTED]> wrote: NameVirtualHo

Re: [EMAIL PROTECTED] RewriteRule exposing system directories

2007-12-13 Thread Krist van Besien
On Dec 13, 2007 7:31 PM, Samuel Vogel <[EMAIL PROTECTED]> wrote: > Hey guys, > > I just noticed a really bad security problem on my servers! > The following RewriteRule exposes my system directories like /etc and > /var etc. : > > RewriteCond %{HTTP_HOST} !^www\.user\.domain\.de > RewriteCond %{HTT

Re: [EMAIL PROTECTED] RewriteRule exposing system directories

2007-12-13 Thread Vincent Bray
On 13/12/2007, Samuel Vogel <[EMAIL PROTECTED]> wrote: > I just noticed a really bad security problem on my servers! > The following RewriteRule exposes my system directories like /etc and > /var etc. : Hi, This is a common misconception, sadly. Documented here: http://wiki.apache.org/httpd/Rewr

Re: [EMAIL PROTECTED] RewriteRule exposing system directories

2007-12-13 Thread Samuel Vogel
I guess I would have to mention, that this is inside of the virtual host definition! Samuel Vogel schrieb: Hey guys, I just noticed a really bad security problem on my servers! The following RewriteRule exposes my system directories like /etc and /var etc. : RewriteCond %{HTTP_HOST} !^www\.

[EMAIL PROTECTED] RewriteRule exposing system directories

2007-12-13 Thread Samuel Vogel
Hey guys, I just noticed a really bad security problem on my servers! The following RewriteRule exposes my system directories like /etc and /var etc. : RewriteCond %{HTTP_HOST} !^www\.user\.domain\.de RewriteCond %{HTTP_HOST} ^(www.)?([a-z0-9-]+)\.user\.domain\.de RewriteRule (.*) /%2/$1 [L]

Re: [EMAIL PROTECTED] virtual server addition disabled main server

2007-12-13 Thread Eric Covener
On Dec 13, 2007 1:22 PM, Tonu Mikk <[EMAIL PROTECTED]> wrote: > NameVirtualHost * > The arguments to NameVirtualHost and virtualhost should be identical, and each vhost should have a 'ServerName' directive. Do you still have a problem when you organize things this way? What do these arguments

[EMAIL PROTECTED] virtual server addition disabled main server

2007-12-13 Thread Tonu Mikk
I had a main server at domain.maindomain which was working fine. I then added a new virtual server at anotherdomain.maindomain and now requests to domain.maindomain get directed to the new virtual server directory. I would like to be able to access the maindomain. Included is the virtual di

Re: [EMAIL PROTECTED] VirtualHost Ignored For New URL

2007-12-13 Thread Eric Covener
On Dec 13, 2007 10:59 AM, James Ellis <[EMAIL PROTECTED]> wrote: > 1) How can I "debug" this VirtualHost...I mean how can I log whenever this > VirtualHost is entered. I am looking for an equivalent to the Java > System.out.println("Inside VirtualHost"); that you can do to debug Java > code. Add

[EMAIL PROTECTED] VirtualHost Ignored For New URL

2007-12-13 Thread James Ellis
I have the following VirtualHost: Keyfile /opt/IBMIHS/ssl/mycustomizedkeyfile.kdbSSLEnableSSLClientAuth 0ServerName server1Alias /wcsstore "/opt/WebSphere/AppServer/installedApps/stdwcs1/WC_wcsdev.ear/Stores.war"Alias /wcs "/opt/WebSphere/AppServer/insta

[EMAIL PROTECTED] RE: [SPAM] - [EMAIL PROTECTED] How to resist user click abuse in apache? - Email found in subject

2007-12-13 Thread jmacaranas
Cache the page? -Original Message- From: Artem Kuchin [mailto:[EMAIL PROTECTED] Sent: Thursday, December 13, 2007 5:32 AM To: users@httpd.apache.org Subject: [SPAM] - [EMAIL PROTECTED] How to resist user click abuse in apache? - Email found in subject Here is the situation. Heavy db driv

[EMAIL PROTECTED] Unable to detach child process

2007-12-13 Thread Jonathan
I am having problems with a web application which is used to stop and start 2 system services. If these are started from httpd then when httpd is killed the system services also die - not what I expect or want. I am using apache 2.0.52 running on RedHat linux. The web application runs some rub

RE: [EMAIL PROTECTED] Help with AB and authentication

2007-12-13 Thread Graeme Fowler
On Wed, 2007-12-12 at 14:39 +, Joel Carlos Martinho Alexandre (DSI) wrote: > Unfortunately i'm unable to change the virtual directory configuration. In that case, ApacheBench won't work for you on that folder - it can do Basic authentication only. Your system seems to be using NTLM or Kerberos

Re: [EMAIL PROTECTED] 'domain.com/foo' = 404 but 'domain.com/foo/' works fine

2007-12-13 Thread Jennifer Lynn
hi I thought if you wanted the "foo" and everything underneath it or by itself RewriteRule ^/foo/?.*$ /landing_page Jenny On Dec 12, 2007 9:41 AM, thomas Armstrong <[EMAIL PROTECTED]> wrote: > --- > RewriteRule ^([^/]+)/?$ /page.php?id=$1 [L] > >

[EMAIL PROTECTED] ldap_search_ext_s for user failed

2007-12-13 Thread punith punith
Hi everybody.. after so much of googling I am putting it here. The problem is .. I have used .htaccess for ldap authentication. It was working properly. but after I recompile with Openldap and apache and php, it started giving this error. [ldap_search_ext_s for user failed][cant contact ldap se

Re: [EMAIL PROTECTED] How to resist user click abuse in apache?

2007-12-13 Thread Christian Folini
try mod_qos. It does exactly that. On Thu, Dec 13, 2007 at 01:31:58PM +0300, Artem Kuchin wrote: > Here is the situation. Heavy db driven site takes about 1-1.5 second > to load some pages. While loading such page it takes a lot of memory > and cpu. It is not a problem it is used normally, but so

[EMAIL PROTECTED] How to resist user click abuse in apache?

2007-12-13 Thread Artem Kuchin
Here is the situation. Heavy db driven site takes about 1-1.5 second to load some pages. While loading such page it takes a lot of memory and cpu. It is not a problem it is used normally, but some users are very hasty and stupid. When they do not get page within 0.1 seconds they click the link to

Re: [EMAIL PROTECTED] log file upload

2007-12-13 Thread Nick Kew
On Wed, 12 Dec 2007 21:20:06 -0500 "Ryan Barnett" <[EMAIL PROTECTED]> wrote: > Yep, modsecurity's audit_log can capture full request bodies if you > desire and this would include the filename data from the > multipart-form-data upload sections. Last time I looked, mod_security didn't support stre