[users@httpd] New 2.4 configuration, need sanity and security check

2017-06-16 Thread David Mehler
Hello, I'm doing a config rewrite. I'm using apache 2.4. If someone who does security could give my setup a check from a security perspective i'd appreciate it. I'm also wondering in particular about my cache setup and virtual hosts. There's a lot of repeated lines. Config at the end of this

[users@httpd] 'require' directive result

2017-06-16 Thread Andrei Ivanov
Hi, Now that I've managed to configure my 'require' directive, I have a requirement to log some details to syslog in case the request is not authorized. Require expr "" // if expression is false, log details about the request and maybe the SSL certificate to syslog I've searched

Re: [users@httpd] SSLSessioncache Timeout extension

2017-06-16 Thread Eric Covener
On Thu, Jun 15, 2017 at 10:25 PM, Rashmi Srinivasan wrote: > Hi Yann/Eric, Please don't address emails to the mailing list this way. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org

Re: [users@httpd] Re: Access control to allow local clients or remote with SSL client certificate

2017-06-16 Thread Marat Khalili
Technically it should work, but you may also want to: 1. Check that client belongs to some a organization/unit as specified in certificate, see https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslrequire for example. (BTW I don't know if %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ is still necessary,

[users@httpd] Re: Access control to allow local clients or remote with SSL client certificate

2017-06-16 Thread Darren S.
On Fri, Jun 16, 2017 at 1:59 AM, Darren S. wrote: > Greetings, > > Running Apache 2.4.7 and current configuration limiting access to a > directory to only clients that can provide a trusted client certificate. > Server is SSL host. Would like to modify configuration to

[users@httpd] Access control to allow local clients or remote with SSL client certificate

2017-06-16 Thread Darren S.
Greetings, Running Apache 2.4.7 and current configuration limiting access to a directory to only clients that can provide a trusted client certificate. Server is SSL host. Would like to modify configuration to allow "local" clients (127.0.0.1, etc. as defined by 'Require local' auth provider) to

[users@httpd] Maybe infinite loop using ProxyPassMatch

2017-06-16 Thread Leonardo Azize Martins
I have the instruction below on Apache configuration: ProxyPass "/info" unix:/var/run/docker.sock|http://localhost/info ProxyPass "/version" unix:/var/run/docker.sock|http://localhost/version ProxyPass "/containers/json" unix:/var/run/docker.sock|http://localhost/containers/json ProxyPassMatch

[users@httpd] Apache httpd server 2.4.25 binaries for Non Windows platforms

2017-06-16 Thread Prarthana Agwania
Greetings, We have a requirement to package Apache httpd server together with mod_jk 1.2.42 and distribute it to customers. Our application is hosted on Tomcat which needs to be load balanced. We tried the topology where in Apache httpd server act as the load balance in conjunction with mod_jk