How to access control cgi-bin
Hi, I install apache httpd server with mod_ssl. I broswer a access controled html file and it calls a programm under cgi-bin directory. I want to know how I can set up access control with in the cgi-bin's programm? Thanks, David _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Distributed Session Cache
We are in the process of switching from round-robin DNS (clients tend to stay on one web server) to IBM Network Dispatcher (client connections are spread across all web servers). It looks like this is going to defeat the current lift we're getting with the per-server session cache. I found a blurb on ApacheWeek about a discussion at ApacheCon 2001: The future of mod_ssl was discussed including the work currently going on to port it to Apache 2.0, add LDAP - CRL handling, and a distributed session cache. mod_ssl will not need EAPI hooks for Apache 2.0, but other EAPI functions may be useful. It is not certain how this effort will fit into the work being done in Apache 2.0 on mod_tls and if we will end up with two SSL solutions like we have with Apache 1.3. How far along is the mod_ssl port to Apache 2? Has anyone hacked up a distributed session cache? Would a dbm session cache over NFS work? Did the old Apache-SSL ssl_gcache ever work as a DSC? How did ssl_gcache deal with security/integrity of the cache? Is this problem even worse: Does the client throw away it's current session key every time it gets a different session key from the web server? I see that there is a great deal of work on distributed shared memory (mostly for parallel computing). Has anyone put one of these solutions under mm? John -- John Bly Milton IV (512) w:493-2764, h:323-5622, m:750-1783 FundsXpress [EMAIL PROTECTED] Don't FLAME, inform! O- __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Problems when compiling as DSO module (and workaround)
Hi all, I'm trying to compile mod_ssl-2.8.10-1.3.26 as a DSO (APXS) module on my Debian box, but I got two problems: First, when doing make, I got: mod_ssl.h:349:18: ndbm.h: No such file or directory This is the same problem as described at http://www.mail-archive.com/modssl-users@modssl.org/msg13487.html On my system ndbm.h is located in /usr/include/db1/, so I added -I/usr/include/db1/ in pkg.sslmod/Makefile. It did compile and install well, but when I tried to start Apache, I got this: ali:/www# bin/apachectl start Syntax error on line 208 of /usr/local/apache/conf/httpd.conf: Cannot load /usr/local/apache/libexec/libssl.so into server: /usr/local/apache/libexec/libssl.so: undefined symbol: dbm_firstkey bin/apachectl start: httpd could not be started This is the same problem as described at http://www.mail-archive.com/modssl-users@modssl.org/msg13505.html Devon Bleak found a workaround to the problem in: http://www.mail-archive.com/modssl-users@modssl.org/msg10438.html So, in short, here's what I did to make it work: apt-get install libgdbmg1 libgdbmg1-dev ./configure --with-apxs=/www/bin/apxs Make these substitutions in pkg.sslmod/Makefile : 6c6 CFLAGS=-I$(INCDIR) -DLINUX=22 -DUSE_HSREGEX -DEAPI -DUSE_EXPAT -I../lib/expat-lite --- CFLAGS=-I$(INCDIR) -DLINUX=22 -DUSE_HSREGEX -DEAPI -DUSE_EXPAT -I../lib/expat-lite -I/usr/include/db1 11c11 LIBS_SHLIB= --- LIBS_SHLIB= -lgdbm make make install Modify my Apache configuration to add this line plus the other mod_ssl stuff: LoadModule ssl_module libexec/libssl.so When I build mod_ssl statically into Apache these problems do not not occur. These problems seem to have been present for a long time (Devon Bleak's workaround dates from February) and do not seem to be really hard to solve, just a bit a configure bork bork and it would find the right headers and libs. This really would make my life easier. 8) Also, when I make install, apxs doesn't seem to modify my configuration file like it does with other apxs modules, is this a wanted behavior? ali:/home/gfk/making-webserver/mod_ssl-2.8.10-1.3.26# make install make[1]: Entering directory `/home/gfk/making-webserver/mod_ssl-2.8.10-1.3.26/pkg.sslmod' make[1]: Nothing to be done for `all'. make[1]: Leaving directory `/home/gfk/making-webserver/mod_ssl-2.8.10-1.3.26/pkg.sslmod' cp libssl.so /usr/local/apache/libexec/libssl.so chmod 755 /usr/local/apache/libexec/libssl.so ali:/home/gfk/making-webserver/mod_ssl-2.8.10-1.3.26# Also, mod_ssl is a *great* tool, but I guess you allready know that! 8) Regards, GFK's -- Guillaume Filion Logidac Tech., Beaumont, Québec, Canada - http://logidac.com/ PGP Key and more: http://guillaume.filion.org/ (this will redirect) PGP Fingerprint: 14A6 720A F7BA 6C87 2331 33FD 467E 9198 3DED D5CA __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Distributed Session Cache
How far along is the mod_ssl port to Apache 2? It is basically done, already bundled with Apache itself as a regular module Has anyone hacked up a distributed session cache? The closest I know of is for Apache-SSL, which Ben Laurie mentioned at one of the Apachecons: http://anoncvs.aldigital.co.uk/splash/ based on http://spread.org Some discussion on this: http://marc.theaimsgroup.com/?l=apache-modsslm=99055320101822w=2 Daniel -- Teach Yourself Apache 2 -- http://apacheworld.org/ty24/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Distributed Session Cache
On Fri, 12 Jul 2002, John Milton wrote: How far along is the mod_ssl port to Apache 2? Done, for all intents and purposes. AFAIK, the only big still-missing functionality is the per-directory POST renegotiations. Has anyone hacked up a distributed session cache? Not that I'm aware of. But somebody out there might have one I suppose... anybody? Would a dbm session cache over NFS work? Hmmm... probably not. For one thing, it would be slow. For another, files are typically not lockable over NFS. With multiple writers I'd think it would be pretty easy to corrupt the dbm. But I'm not positive. Try it and see what happens I guess. Did the old Apache-SSL ssl_gcache ever work as a DSC? How did ssl_gcache deal with security/integrity of the cache? You'd probably have to ask the Apache-SSL guys on that one. Is this problem even worse: Does the client throw away it's current session key every time it gets a different session key from the web server? It's supposed to, yes. I see that there is a great deal of work on distributed shared memory (mostly for parallel computing). Has anyone put one of these solutions under mm? Don't think so. And anyway, Apache 2.0's mod_ssl doesn't use mm. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Distributed Session Cache
On Sat, 13 Jul 2002, Daniel Lopez wrote: How far along is the mod_ssl port to Apache 2? It is basically done, already bundled with Apache itself as a regular module Has anyone hacked up a distributed session cache? The closest I know of is for Apache-SSL, which Ben Laurie mentioned at one of the Apachecons: http://anoncvs.aldigital.co.uk/splash/ based on http://spread.org Some discussion on this: http://marc.theaimsgroup.com/?l=apache-modsslm=99055320101822w=2 before I get a wave of follow-ups as a result of this, let me save myself some typing ... The good news: the work was actually done, finished, and working nicely (very fast and scales about two orders of magnitude higher than you'd be able to scale the SSL crypto to match it :) The bad news: the work was done in/for a company and is not at this stage open source. I am in the process of seeing what could be done to change that now that someone has jogged my memory, but I need to stress that this will be someone else's decision, not mine. Cheers, Geoff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
URGENT: need mod_ssl rpm to work with RedHat's apache_1.3.22 rpm on RH6.2
I upgraded a 6.2 Red Hat system, from apache 1.2.12 to 1.3.22, using their rpms. In the process, the ssl module disappeared, and I cannot find a new one. Since the apache is installed from an rpm, there is no way for me to build the module from the mod_ssl-2.8.5-1.3.22.tar.gz source file I downloaded, as it wants to integrate itself into the apache source that doesn't exist. Our e-business site is broken until I can fix this. Can anyone tell me what I have to do to fix this? Most gracious thanks in advance! -ste __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Directory based virtual host
Is it posible to setup the functionality of ServerPath whithout NamedVirtualHost, what I want to do is to have a virtual secure host using a directory suffix eg: secure.example.com- main server secure.example.com/vhost1/ secure.example.com/vhost2/ secure.example.com/vhost3/ Any ideas? Thanks. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Directory based virtual host
Is it posible to setup the functionality of ServerPath whithout NamedVirtualHost, what I want to do is to have a virtual secure host using a directory suffix eg: secure.example.com- main server secure.example.com/vhost1/ secure.example.com/vhost2/ secure.example.com/vhost3/ Any ideas? Thanks. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: URGENT: need mod_ssl rpm to work with RedHat's apache_1.3.22 rpm on RH6.2
Shaun T. Erickson wrote: I upgraded a 6.2 Red Hat system, from apache 1.2.12 to 1.3.22, using their rpms. In the process, the ssl module disappeared I have investigated further and discovered it's actually a different problem. when I installed red hat's 1.3.22 apache rpm, it does in fact include a libssl.so module, which does get loaded in the httpd.conf.ssl file on the system. (I was looking for mod_ssl.so). The problem is that this causes all the httpd processes to seg fault, which they don't, if the module isn't loaded. -ste __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: URGENT: need mod_ssl rpm to work with RedHat's apache_1.3.22 rpm on RH6.2
Shaun T. Erickson wrote: I have investigated further and discovered it's actually a different problem. when I installed red hat's 1.3.22 apache rpm, it does in fact include a libssl.so module, which does get loaded in the httpd.conf.ssl file on the system. (I was looking for mod_ssl.so). The problem is that this causes all the httpd processes to seg fault, which they don't, if the module isn't loaded. I should not that if I fall back to the apache 1.3.12 rpms, it all 'just works'. I'm wondering if something in the httpd.conf.ssl file is causing it to barf. I have no idea where that file came from, to see if there is an updated version I should be migrating the ssl settings to ... -ste __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: URGENT: need mod_ssl rpm to work with RedHat's apache_1.3.22rpm on RH6.2
On Sat, 13 Jul 2002, Shaun T. Erickson wrote: The problem is that this causes all the httpd processes to seg fault, which they don't, if the module isn't loaded. It would be helpful if you could tell us *where* it was segfaulting. Please see http://httpd.apache.org/dev/debugging.html for information on how to generate a backtrace for us. Thanks, --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]