If your main quest is to harden Cipher Suite, something like
that is quite good :
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
you should remove SSLv2 as it as weakness.
Jerome
Qingshan Xie a écrit :
I am using Apache 2.0.54 with.
Of course you could
get away with it by having only sub-domains, like thishost.domain.com,
anotherhost.domain.com and so on, and the certificate having
*.domain.com.
Interesting.
and how do you generate a certifcate for a whole domain.com ?
As far as I know CA like verisign does not
No they don't, I was referring to a self-signed certificate, since
(AFAIU) we were talking about testing/development.
Davide
Oh.
Ok.
Is there any reasons about that as cacert.org is free, there's no restrictive
idea about how many certificate I can generate ?
Jerome.
If memory serves me right, the modules added last are the ones executed
first.
You want mod_proxy to be executed after mod_rewrite so mod_rewrite must be
loaded after mod_proxy.
Interesting point, I was facing that kind of problem when I wanted to do
rewrite rules plus
proxypass.
What
Ok.
How can you tell that mod_rewrite has to be executed BEFORE mod_proxy.
I would have used proxypass, but I can't because my rewrite are never reached
and
I need some things to be rewritten BEFORE they are proxyfied.
Thanks.
J.
Axel-Stéphane SMORGRAV a écrit :
In Apache 2.0 configurations
In Apache 2.0 mod_proxy is always run before mod_rewrite. That is why when
you have a mix of ProxyPass and RewriteRule ...
[P] that conflict, the RewriteRule is never executed. When that is the case,
I use RewriteRules to do the proxying, and
then add the ProxyPassReverse as needed. Then
TWO NTML = TWO NTLM...
sorry folks :)
I wonder if it's possible to have only ONE sign on.
I don't know if mod_auth can help.
-
The official User-To-User support forum of the Apache HTTP Server Project.
See
Hello,
I've some problem implementing ProxyErrorOverride.
It does not work correctly with 302 (moved) errors.
In fact each first access time, the 302 error is printed instead of
redirecting the browser on the right page.
Any clue ?
I really don't like sql server and IIS server errors being
That's a good starting point.
I've redone the vhost like that :
VirtualHost *:443
SSLEngine On
SSLProxyEngine on
SSLCACertificateFile /etc/apache2/ssl/cacert.pem
#SSLCertificateFile /etc/apache2/ssl/www.toto.net.crt
#SSLCertificateKeyFile
Axel-Stéphane SMORGRAV a écrit :
I wonder whether the problem could be that your HTML code contains
mis-spelled special characters like nbsp which should have read nbsp;.
Unfortunately such errors are hidden by the fact that MSIE is very tolerant
about the lacking semi-colon. Your problem
even after enabling mod_headers and mod_proxy_html I still get the problem
on Firefox.
This what I see before I do a refresh on the browser :
f4
!DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN
htmlhead
title302 Object Moved/title
/headbody
h1Object Moved/h1
pThe document has moved a
Nick Kew a écrit :
Jérôme Tytgat wrote:
the nbsp are transformed in amp;nbsp
no, the ampersand is entified. If you validated, you'd see that
nbsp means something very different from nbsp;, which is what
you meant.
Technically it's a browser bug if your browser doesn't
display
Axel-Stéphane SMORGRAV a écrit :
You know what? Some applications build URLs based on the value of the Host
header. If you use ProxyPreserveHost,
it may just turn out to solve your problem altogether so you will not need to
rewrite the HTML contents.
-ascs
Once I activate
This, however, will not work unless you apply a patch now available at
http://issues.apache.org/bugzilla/show_bug.cgi?id=10722 (but which I have not
tested myself)
I may be wrong but for me the cookies are sent... (at least livehttpheaders is
telling me that) :
GET
,NC]
RewriteRule ^/sevealoc/(.*)$ https://192.168.2.1/sevealoc/$1 [P,L,NC]
RewriteCond %{REQUEST_URI} !^/sst/.*$ [NC]
RewriteRule ^/(.*)$ http://192.168.2.1/$1 [P,L]
SecAuditLog /var/log/apache2/audit.https.sevea.net.log
/VirtualHost
Jérôme Tytgat
Hello community.
I'm trying to set up a reverse proxy under apache 2.0.54 (debian version).
The server i'm proxy reversing is a IIS 6.0 with class server on it (a
microsoft application for school networking).
I'm using mod_security, rewriterules and proxy for the reverse proxy and some of
16 matches
Mail list logo