Re: [us...@httpd] Can you supply username & password for AuthType Basic within a POST/GET?

Jeff Sherk Forerunner Ministries wrote: > Per Erics earlier response, if I encode the username and password in the > URL with https instead of > http, is it secure? > > Like this https://username:passw...@mydomain.com/foo Provided you are using https: SSL or TLS Upgrade you are assured it is secu

Re: [us...@httpd] Can you supply username & password for AuthType Basic within a POST/GET?

Per Erics earlier response, if I encode the username and password in the URL with https instead of http, is it secure? Like this https://username:passw...@mydomain.com/foo - The official User-To-User support forum of the Apa

Re: [us...@httpd] permission problem (still)

On Fri, 2009-08-21 at 09:37 +0100, Tom Evans wrote: > If it was owned by user apache, then if the webserver were exploitable, > the attacker would be able to deface your website. If it is just > readable by apache, then they would need to exploit apache and then find > a local privilege escalation

Re: [us...@httpd] Can you supply username & password for AuthType Basic within a POST/GET?

Thanks Andre, Mike, Eric and Nick... I will read up on authentication so I can better grasp it!! André Warnier wrote: Jeff Sherk Forerunner Ministries wrote: When requiring a username & password with AuthType Basic, is it possible to include them in a POST or GET request to the server so tha

Re: [us...@httpd] creating a proxy

Etienne, I am not quite sure that anyone here really understand what you are trying to do, nor if your usage of the words "proxy" and "hosting" really matches the usual technical meanings of these words. I have a suspicion that your situation might be as follows : - you are working on a work

Re: [us...@httpd] Can you supply username & password for AuthType Basic within a POST/GET?

Jeff Sherk Forerunner Ministries wrote: When requiring a username & password with AuthType Basic, is it possible to include them in a POST or GET request to the server so that it won't ask for them (because they were provided)? If it's possible, what variable names are assigned to them. Jeff

[us...@httpd] Session Module for Apache 2.x server

Hello, I have installed core Apache HTTP server and now want to add session module (setting HTTP Cookie and not at server side) to it. I was wondering from where I can get the module (dso) or may be the source file (module_session.c). It could not locate it under modules folder that comes when you

Re: [us...@httpd] mod_disk_cache and caching same content for all users

Nick Kew wrote: Henry wrote: Correct me if I'm wrong, but there doesn't seem to be much point in mod_disk_cache if it's not caching for all across the board. It's cacheing what is cacheable! It can cache contents with a Vary, but it can't serve from the cache to a different agent. Get rid of

Re: [us...@httpd] list-unsubscribe

t/y On Wed, Aug 26, 2009 at 2:49 PM, Evan Platt wrote: > At 11:40 AM 8/26/2009, you wrote: > >> >> > > No. > > As the headers say: > > > list-unsubscribe: > > Click on that link, or create a new mesage, and address it to > users-unsubscr...@httpd.apac

Re: [us...@httpd] list-unsubscribe

At 11:40 AM 8/26/2009, you wrote: No. As the headers say: list-unsubscribe: Click on that link, or create a new mesage, and address it to users-unsubscr...@httpd.apache.org Not to the list. ---

[us...@httpd] list-unsubscribe

Re: [us...@httpd] unsubscribe

At 11:28 AM 8/26/2009, you wrote: unsubscribe As the headers to every message say: list-unsubscribe: - The official User-To-User support forum of the Apache HTTP Server Project. Se

Re: [us...@httpd] unsubscribe

At 11:25 AM 8/26/2009, you wrote: unsubscribe As the headers say: list-unsubscribe: - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.ap

Re: [us...@httpd] unsubscribe

unsubscribe On Wed, Aug 26, 2009 at 2:25 PM, Michael Johnson wrote: > unsubscribe >

[us...@httpd] unsubscribe

unsubscribe

Re: [us...@httpd] mod_disk_cache and caching same content for all users

Quoting "Nick Kew" : It's cacheing what is cacheable! It can cache contents with a Vary, but it can't serve from the cache to a different agent. Get rid of that Vary header, and it'll do what you appear to be asking. That's working perfectly, thanks. Regards Henry pgpF7etB1rJNP.pgp Descrip

Re: [us...@httpd] creating a proxy

yes, I want to do that. However my client is a windows XP machine. thus I have to use putty apparently this port forwarding is working well I have a silly question : how can I configure apache to work as a proxy without cancelling my current web hosting ? I am only using virtual hosts for hostin

Re: [us...@httpd] unsubscribe

At 07:59 AM 8/26/2009, Ya Netu wrote: unsubscribe As the headers say: list-unsubscribe: - The official User-To-User support forum of the Apache HTTP Server Project. See http:/

Re: [us...@httpd] creating a proxy

I would like to bypass firewall for web browsing by tunneling my http requests from my client to my proxy server through ssh port forwarding is part of ssh protocole and fully supported by putty see http://the.earth.li/~sgtatham/putty/0.60/htmldoc/Chapter4.html#config-ssh-portfwd etienne 2009/8/

RE: [us...@httpd] creating a proxy

Bah, silly me, I clicked send before I could provide these links which may help with setting Apache as a (forward or outbound) proxy server:- http://www.devshed.com/c/a/Administration/Using-Apache-As-A-Proxy-Server / and from the Apache docs:- Forward and Reverse Proxies Apache can be con

Re: [us...@httpd] creating a proxy

On Wed, 2009-08-26 at 16:48 +0200, Etienne wrote: > hi all, > > I would like to enable a proxy on my server with port forwarding. > The idea is to connect to my server through putty with ssh tunnel > forwarding localhost:80 to myproxyserver.com:80 > I have enabled proxy module with a2enmod proxy c

RE: [us...@httpd] creating a proxy

I don't quite understand what you're trying to do ... "to connect to my server through putty with ssh tunnel" and then later on you try to browse "a web site". Are you tying to set up apache as a proxy server (for outbound requests) and port-forwarding for inbound requests? __

[us...@httpd] unsubscribe

unsubscribe _ With Windows Live, you can organize, edit, and share your photos. http://www.windowslive.com/Desktop/PhotoGallery

[us...@httpd] creating a proxy

hi all, I would like to enable a proxy on my server with port forwarding. The idea is to connect to my server through putty with ssh tunnel forwarding localhost:80 to myproxyserver.com:80 I have enabled proxy module with a2enmod proxy command and setup a virtualhost my virtualhost (/etc/apache2/si

Re: [us...@httpd] Handling 404 errors

On Wed, 2009-08-26 at 15:23 +0100, Andrew Hole wrote: > Your solutions looks very useful, but i'm afraid about impact on > server performance. > > Do you have any idea about the impact on performance? > > Thanks a lot > > On Wed, Aug 26, 2009 at 2:59 PM, Tom Evans > wrote: > >

RE: [us...@httpd] Handling 404 errors

Firstly, sorry for the top post ... according to Apache.org :- "'-F' (is existing file, via subrequest) Checks whether or not TestString is a valid file, accessible via all the server's currently-configured access controls for that path. This uses an internal subrequest to do the check, so use i

Re: [us...@httpd] Handling 404 errors

On Wed, 2009-08-26 at 12:23 +0100, Andrew Hole wrote: > Hi guys! > > Actually our web application has a retry mechanism based on http > status code returned to client. Just an example: > - An http request is made to http://web/software_A_folder/file.swf > - if the file doesn't exist (http 404) on

Re: [us...@httpd] Handling 404 errors

Your solutions looks very useful, but i'm afraid about impact on server performance. Do you have any idea about the impact on performance? Thanks a lot On Wed, Aug 26, 2009 at 2:59 PM, Tom Evans wrote: > On Wed, 2009-08-26 at 12:23 +0100, Andrew Hole wrote: > > Hi guys! > > > > Actually our we

Re: [us...@httpd] Setting proxy parameters via mod_rewrite

On Wed, 2009-08-26 at 08:33 -0400, Tim Funk wrote: > Let's say I have the following rule: > > ProxyPass /foo balancer://cluster5/foo stickysession=JSESSIONID > > I want to use RewriteRule for my proxy directives. So I'd say this: > > RewriteRule ^/(foo.*) balancer://cluster5/$1 [P] > > But how

Re: [us...@httpd] How to distinguish the first web page?

Thanks. Krist van Besien. I have used referer part of HTTP header. The problem is as follows. Actually, I also need to keep track on where users go. In other words, if I only use the refer part of URL header, I cannot distinguish it from the case an user click one of the hyperlinks. For this, I ha

Re: [us...@httpd] Can you supply username & password for AuthType Basic within a POST/GET?

Jeff Sherk Forerunner Ministries wrote: When requiring a username & password with AuthType Basic, is it possible to include them in a POST or GET request to the server so that it won't ask for them (because they were provided)? You seem to be asking for form-based authentication. One option fo

Re: [us...@httpd] mod_disk_cache and caching same content for all users

Henry wrote: Correct me if I'm wrong, but there doesn't seem to be much point in mod_disk_cache if it's not caching for all across the board. It's cacheing what is cacheable! It can cache contents with a Vary, but it can't serve from the cache to a different agent. Get rid of that Vary header

Re: [us...@httpd] Can you supply username & password for AuthType Basic within a POST/GET?

On 26/08/2009 13:58, Jeff Sherk Forerunner Ministries wrote: When requiring a username & password with AuthType Basic, is it possible to include them in a POST or GET request to the server so that it won't ask for them (because they were provided)? No, it is not possible. You could theoretical

RE: [us...@httpd] Handling 404 errors

Nick Kew wrote:- Richard, when replying, can you quote normally, and not make your reply look like some malformed signature to the original post? I had no idea this was a reply until I hit "reply" in my mailer. RP: Oh, I'm really sorry - I blame outlook ;) I tried to put it at the bottom which o

Re: [us...@httpd] Can you supply username & password for AuthType Basic within a POST/GET?

On Wed, Aug 26, 2009 at 8:58 AM, Jeff Sherk Forerunner Ministries wrote: > When requiring a username & password with AuthType Basic, is it possible to > include them in a POST or GET request to the server so that it won't ask for > them (because they were provided)? > > If it's possible, what varia

[us...@httpd] Can you supply username & password for AuthType Basic within a POST/GET?

When requiring a username & password with AuthType Basic, is it possible to include them in a POST or GET request to the server so that it won't ask for them (because they were provided)? If it's possible, what variable names are assigned to them. Thanks --

Re: [us...@httpd] mod_disk_cache and caching same content for all users

Quoting "Nick Kew" : Read the HTTP spec! The server has declared that it will serve a *different* page to a different user agent. If that's for the web - as opposed to an application that's limited to your choice of user-agents, then it's certainly wrong. Either it's bogus (i.e. the server will

Re: [us...@httpd] mod_disk_cache and caching same content for all users

Henry wrote: Quoting "Eric Covener" : Yes, it contains: Vary: User-Agent That's why you get a new one cached for a different browser. Ouch. OK, I confirmed what you're saying by using different machines browsing to the same (cached) page all using the same browser (IE). None of them got

Re: [us...@httpd] Handling 404 errors

Richard Peacock wrote: *From:* Andrew Hole [mailto:andremailingl...@gmail.com] *Sent:* 26 August 2009 12:24 *To:* users@httpd.apache.org *Subject:* [us...@httpd] Handling 404 errors Richard, when replying, can you quote normally, and not make your reply look like some malformed signature to th

[us...@httpd] Setting proxy parameters via mod_rewrite

Let's say I have the following rule: ProxyPass /foo balancer://cluster5/foo stickysession=JSESSIONID I want to use RewriteRule for my proxy directives. So I'd say this: RewriteRule ^/(foo.*) balancer://cluster5/$1 [P] But how do I set stickysession=JSESSIONID [as well as any other parameters

Re: [us...@httpd] mod_disk_cache and caching same content for all users

Quoting "Eric Covener" : Yes, it contains: Vary: User-Agent That's why you get a new one cached for a different browser. Ouch. OK, I confirmed what you're saying by using different machines browsing to the same (cached) page all using the same browser (IE). None of them got served the c

RE: [us...@httpd] Handling 404 errors

From: Andrew Hole [mailto:andremailingl...@gmail.com] Sent: 26 August 2009 12:24 To: users@httpd.apache.org Subject: [us...@httpd] Handling 404 errors Hi guys! Actually our web application has a retry mechanism based on http status code returned to client. Just an example: - An http request is

Re: [us...@httpd] mod_disk_cache and caching same content for all users

On Wed, Aug 26, 2009 at 7:59 AM, Henry wrote: > Quoting "Eric Covener" : >> >> Does your response contain a Vary header? > > Hi Eric, thanks for the quick response. > > Yes, it contains: > Vary: User-Agent That's why you get a new one cached for a different browser. -- Eric Covener cove...@gmai

Re: [us...@httpd] mod_disk_cache and caching same content for all users

Quoting "Eric Covener" : Does your response contain a Vary header? Hi Eric, thanks for the quick response. Yes, it contains: Vary: User-Agent FYI: Date: Wed, 26 Aug 2009 11:57:35 GMT Server: Apache Expires: access plus 1 day Content-Encoding: gzip Cache-Control: max-age=86400, public Vary:

Re: [us...@httpd] mod_disk_cache and caching same content for all users

On Wed, Aug 26, 2009 at 7:33 AM, Henry wrote: > Hi, > > apache 2.2.8 > > Maybe I'm not understanding the purpose of mod_disk_cache:  I'd like to > cache content for ALL users of a website - not just for a single user and > browser.  I've noticed that this is not the case with different browsers. >

[us...@httpd] mod_disk_cache and caching same content for all users

Hi, apache 2.2.8 Maybe I'm not understanding the purpose of mod_disk_cache: I'd like to cache content for ALL users of a website - not just for a single user and browser. I've noticed that this is not the case with different browsers. For example: Using Firefox (FF) and browsing to ab

[us...@httpd] Handling 404 errors

Hi guys! Actually our web application has a retry mechanism based on http status code returned to client. Just an example: - An http request is made to http://web/software_A_folder/file.swf - if the file doesn't exist (http 404) on software_A_folder, the request is made in core folder: http://web/

Re: [us...@httpd] Log generating

On 26/08/2009 10:21, Geurts, G.P.T.M. wrote: I'm trying to findout the maximum log possible by vhosts on apache, for this I need or a lot of time clicking all the links possible and filling all the forms, or use some kind of automated tool that I'm sure must exist for this purpose, I only don’t

[us...@httpd] Log generating

Hello, I'm trying to findout the maximum log possible by vhosts on apache, for this I need or a lot of time clicking all the links possible and filling all the forms, or use some kind of automated tool that I'm sure must exist for this purpose, I only don't know the name... Could somebody enlighte

[us...@httpd] LogFormat Directives

Hello, I'm trying to customize the logging of apache for our web servers. To findout what can be logged I'm trying to define a LogFormat which logs all the information possible. I have some questions about the meaning of some of the LogFormat directives. The %{FOOBAR}i directive gives information

Re: [us...@httpd] Debugging SSL termination on Apache 2.2

On Tue, Aug 25, 2009 at 11:13 PM, /U wrote: > The problem is that I get no response when I type > https://myserver.xxx.com/app. > I have tured on debugs to level 9 and yet neither ssl_access.log nor > ssl_request.log has > any info. Are you positive that your requests acutally reach your target?

Re: [us...@httpd] mod_disk_cache works for vhost (a), but not (b)

Quoting "Krist van Besien" : Which is also as expected. Apache does not cache pages that are authenticated. As you can read here: http://httpd.apache.org/docs/2.2/mod/mod_cache.html "content with access protection is not cached". Ah, thanks Krist. My fault for not reading the *entire* page...

Re: [us...@httpd] How to distinguish the first web page?

On Tue, Aug 25, 2009 at 11:54 PM, Brian Kim<09su.resea...@gmail.com> wrote: > Hi. > > Currently I am using mod_proxy_http module for http apache. > I would like to know how to get the very first page(text/html type) > among a series of returned pages. > > For example, the following is a html of a s

Re: [us...@httpd] mod_disk_cache works for vhost (a), but not (b)

On Wed, Aug 26, 2009 at 7:56 AM, Henry wrote: > Quoting "Krist van Besien" : >> >> No access control on your test site? > > Yes, the test site has a .htaccess file limiting access.  This works as > expected. I suspected that. > I can browse to the test site just fine - it's just not being cached.