Re: Mod_ssl in apache 2.X
For mod_ssl on Apache 2.0 you may want to check also the secure server chapter I have online, which contains step by step instructions http://www.apacheworld.org/ty24/ Best regards Daniel Hi! Im not here to quarrel with you kid. Im here to get some help, and your insults are not helping very much. I thought this was the modssl-users list for people with not-so-much-expert-knowledge and not the linux-experts-with-nolife mailinglist. Im working under time pressure and cannot afford reading old documentation all day and then guess how the latter versions work (but of course I have read most of the old documentation anyway...). If I understand the example below I could rewrite it: CC=pgcc CFLAGS=-O2 \ ./configure --prefix=/sw/pkg/apache \ --enable-ssl=shared ? ... and load mod_ssl.so dynamically with Loadmodule latter on? Right? (Of course its right.. ;) ) Now you have to do some work on your own, you can't expect others to do it all for you and remain lazy. You call me lazy and think you know me after one email, that's cute. ;) I was asking a question and not hiring you or anybody else for a job. You even didnt have to answer. Im not demanding anything. (This is the first time I ask a usergroup a question at all, silly.) The new apache is not the best as far as documentation concerns, certainly not up to the documentation that the older apache with or without mod-ssl integration, but, there is info to be gleened, if one looks Right, I and other developers still havnt all day, thats why it exists user-groups to ask someone who already knows and perhaps have some time over for an clear answer. If I had some time over myself I would be happy to contribute with some quick-start-(dummy)-tutorials, because it's needed. Setting up Apache2 with SSL must be one of the most common configurations... Perhaps I will contribute in not-so-distance-future. ;) Regards /Johan -Original Message- From: R. DuFresne [mailto:[EMAIL PROTECTED]] Sent: den 4 december 2002 16:53 To: Johan Bryssling Cc: [EMAIL PROTECTED] Subject: Re: Mod_ssl in apache 2.X Didn't read any of the documentation in that tarball did ya? INSTALL [SNIP] For a short impression of what possibilities you have, here is a typical example which configures Apache for the installation tree /sw/pkg/apache with a particular compiler and flags plus the two additional modules mod_rewrite and mod_speling for later loading through the DSO mechanism: $ CC=pgcc CFLAGS=-O2 \ ./configure --prefix=/sw/pkg/apache \ --enable-rewrite=shared \ --enable-speling=shared The easiest way to find all of the configuration flags for Apache 2.0 is to run ./configure --help. [SNIP] The new apache is not the best as far as documentation concerns, certainly not up to the documentation that the older apache with or without mod-ssl integration, but, there is info to be gleened, if one looks. How about the apache web pages, read that at all? Now you have to do some work on your own, you can't expect others to do it all for you and remain lazy. Thanks, Ron DuFresne On Wed, 4 Dec 2002, Johan Bryssling wrote: Hi! I have a couple of questions: If mod_ssl is included in apache2.x why doesnt it show up in the modulelist when I use: % httpd -l ? If it's not included when I default compile (using the INSTALL-file instructions), how do I know how to compile in the mod_ssl into the apache (if this is my first time)? Where do I find information about these things, I certanly dont install apache at a regulary basis.. ;-) I noted a default config file for SSL (I also found an include into the httpd.config-file) and used the command: %httpd -DSSL -k start .. but it(apache) couldnt find the mod_ssl.. Why? If it's included I shouldnt bother or?... Something I missed? All help will be appricated. Thanks... /Johan ps. Thinking of using Apache 1.3.7 instead due to the extended source of good documentation... __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- ~~ admin senior security consultant: sysinfo.com http://sysinfo.com Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation. -- Johnny Hart testing, only testing, and damn good at it too! __ Apache Interface to OpenSSL (mod_ssl)
Re: mod_ssl mod_proxy
Hello... On Thu, 2002-12-05 at 10:12, HMajidy wrote: This is to report a problem with Apache with mod_ssl and mod_proxy, and to request the communitys help in resolving it. Objective: The objective is to set up Apache as a reverse proxy, to receive encrypted HTTPS traffic over the Internet and to convert it to HTTP and direct it to a web server through a firewall. From what I see, you don't have a proxypass directive, ala: ProxyPass/foohttp://cruella.pricegrabber.com/foo ProxyPassReverse /foohttp://cruella.pricegrabber.com/foo Problem: Apache seems to be redirecting traffic to the virtual hosts on the local filesystem correctly, but mod_proxy does not seem to send requests to remote URL (as specified by ProxyRemote directive below). SSL does display correct certificate from requesting browser. Troubleshooting Steps Taken: Experimenting with the target URL (IP and hosname) and various proxy directives (ie ProxyPassReverse, ProxyPass) I have not been able to establish that proxy is doing anything at all. Apache has been recompiled with mod_ssl and mod_proxy as DSOs as well as statically linked in modules. Heres the system configuration: Linux version 2.2.16-22smp gcc version egcs-2.91.66 Server version: Apache/1.3.27 (Unix) Compiled-in modules: http_core.c mod_env.c mod_log_config.c mod_mime.c mod_negotiation.c mod_status.c mod_include.c mod_autoindex.c mod_dir.c mod_cgi.c mod_asis.c mod_imap.c mod_actions.c mod_userdir.c mod_alias.c mod_access.c mod_auth.c mod_proxy.c mod_setenvif.c mod_ssl.c OpenSSL 0.9.6g 9 August 2002 httpd.conf AddModule mod_proxy.c IfModule mod_proxy.c ProxyRequests off NoCache * AllowCONNECT 443,80 Directory / Order Allow,Deny Allow from All /Directory ProxyRemote * http://1.2.3.4:85 /IfModule NameVirtualHost * Listen *:443 VirtualHost _default_:443 SSLEngine on ServerName www.mydomain.com DocumentRoot /usr/local/apache/htdocs ErrorLog logs/443-error_log /VirtualHost Listen *:80 VirtualHost *:80 ServerAdmin [EMAIL PROTECTED] DocumentRoot /usr/local/apache/www ServerName www1.mydomain.com ErrorLog logs/80-error_log /VirtualHost Can anyone see a conflict or omission in this configuration? Does anyone have these two modules working together in a reverse proxy scenario? Any help or suggestions would be appreciated. Regards, Hamid. PS. Please reply to [EMAIL PROTECTED] as well as to this list. -- Christopher McCrory [EMAIL PROTECTED] Pricegrabber __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: mod_ssl mod_proxy
oh my God i have the exactly the same problem ... the only diference is that my autentication is on Ldap directory in the internal net when a click on link http://host.myinternalnet.com nothing hapen only the loop and the apache dont get a request im sniffing the interfaces but the request dont send ok. any people can help us ??? thanks Alexandre HMajidy wrote: This is to report a problem with Apache with mod_ssl and mod_proxy, and to request the community?s help in resolving it. ?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /> Objective: The objective is to set up Apache as a reverse proxy, to receive encrypted HTTPS traffic over the Internet and to convert it to HTTP and direct it to a web server through a firewall. Problem: Apache seems to be redirecting traffic to the virtual hosts on the local filesystem correctly, but mod_proxy does not seem to send requests to remote URL (as specified by ProxyRemote directive below). SSL does display correct certificate from requesting browser. Troubleshooting Steps Taken: Experimenting with the target URL (IP and hosname) and various proxy directives (ie ProxyPassReverse, ProxyPass) I have not been able to establish that proxy is doing anything at all. Apache has been recompiled with mod_ssl and mod_proxy as DSOs as well as statically linked in modules. Here?s the system configuration: Linux version 2.2.16-22smp gcc version egcs-2.91.66 Server version: Apache/1.3.27 (Unix) Compiled-in modules: http_core.c mod_env.c mod_log_config.c mod_mime.c mod_negotiation.c mod_status.c mod_include.c mod_autoindex.c mod_dir.c mod_cgi.c mod_asis.c mod_imap.c mod_actions.c mod_userdir.c mod_alias.c mod_access.c mod_auth.c mod_proxy.c mod_setenvif.c mod_ssl.c OpenSSL 0.9.6g 9 August 2002 httpd.conf AddModule mod_proxy.c IfModule mod_proxy.c> ProxyRequests off NoCache * AllowCONNECT 443,80 Directory /> Order Allow,Deny Allow from All /Directory> ProxyRemote * http://1.2.3.4:85 /IfModule> NameVirtualHost * Listen *:443 VirtualHost _default_:443> SSLEngine on ServerName www.mydomain.com DocumentRoot /usr/local/apache/htdocs ErrorLog logs/443-error_log /VirtualHost> Listen *:80 VirtualHost *:80> ServerAdmin [EMAIL PROTECTED] DocumentRoot /usr/local/apache/www ServerName www1.mydomain.com ErrorLog logs/80-error_log /VirtualHost> Can anyone see a conflict or omission in this configuration? Does anyone have these two modules working together in a reverse proxy scenario? Any help or suggestions would be appreciated. Regards, Hamid. PS. Please reply to [EMAIL PROTECTED] as well as to this list. begin:vcard n:da Silva Augusto;Alexandre x-mozilla-html:FALSE org:Secretaria de Estado dos Negocios da Fazenda;DTI - Departamento de Tecnologia da Informacao adr:;; version:2.1 email;internet:[EMAIL PROTECTED] title:Administrador de Sistemas Unix x-mozilla-cpt:;3424 fn:Alexandre da Silva Augusto end:vcard
RE: mod_ssl mod_proxy
Apache does get the requests in my case, as verified in log files created by CustomLog /usr/local/apache/logs/referer_log refererCustomLog /usr/local/apache/logs/agent_log agent in httpd.conf. BTW, my LDAP authentication is handled by the internal (iPlanet) web server. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of AlexandreSent: Thursday, December 05, 2002 8:53 AMTo: [EMAIL PROTECTED]Subject: Re: mod_ssl mod_proxyoh my God i have the exactly the same problem ... the only diference is that my autentication is on Ldap directory in the internal net when a click on link http://host.myinternalnet.com nothing hapen only the loop and the apache dont get a request im sniffing the interfaces but the request dont send ok. any people can help us ??? thanks Alexandre HMajidy wrote: This is to report a problem with Apache with mod_ssl and mod_proxy, and to request the community?s help in resolving it. ?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" / Objective: The objective is to set up Apache as a reverse proxy, to receive encrypted HTTPS traffic over the Internet and to convert it to HTTP and direct it to a web server through a firewall. Problem: Apache seems to be redirecting traffic to the virtual hosts on the local filesystem correctly, but mod_proxy does not seem to send requests to remote URL (as specified by ProxyRemote directive below). SSL does display correct certificate from requesting browser. Troubleshooting Steps Taken: Experimenting with the target URL (IP and hosname) and various proxy directives (ie ProxyPassReverse, ProxyPass) I have not been able to establish that proxy is doing anything at all. Apache has been recompiled with mod_ssl and mod_proxy as DSOs as well as statically linked in modules. Here?s the system configuration: Linux version 2.2.16-22smp gcc version egcs-2.91.66 Server version: Apache/1.3.27 (Unix) Compiled-in modules: http_core.c mod_env.c mod_log_config.c mod_mime.c mod_negotiation.c mod_status.c mod_include.c mod_autoindex.c mod_dir.c mod_cgi.c mod_asis.c mod_imap.c mod_actions.c mod_userdir.c mod_alias.c mod_access.c mod_auth.c mod_proxy.c mod_setenvif.c mod_ssl.c OpenSSL 0.9.6g 9 August 2002 httpd.conf AddModule mod_proxy.c IfModule mod_proxy.c ProxyRequests off NoCache * AllowCONNECT 443,80 Directory / Order Allow,Deny Allow from All /Directory ProxyRemote * http://1.2.3.4:85 /IfModule NameVirtualHost * Listen *:443 VirtualHost _default_:443 SSLEngine on ServerName www.mydomain.com DocumentRoot /usr/local/apache/htdocs ErrorLog logs/443-error_log /VirtualHost Listen *:80 VirtualHost *:80 ServerAdmin [EMAIL PROTECTED] DocumentRoot /usr/local/apache/www ServerName www1.mydomain.com ErrorLog logs/80-error_log /VirtualHost Can anyone see a conflict or omission in this configuration? Does anyone have these two modules working together in a reverse proxy scenario? Any help or suggestions would be appreciated. Regards, Hamid. PS. Please reply to [EMAIL PROTECTED] as well as to this list.
RE: Mod_ssl in apache 2.X
Here is a config for Solaris 8, gcc 3.1, Apache 2.x - multithreaded with SSL - I had no issues with this and am not an expert on Linuz by any means. Perhaps this might help. If not delete it. #!/bin/ksh PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin LD_LIBRARY_PATH=/usr/local/lib:/usr/local/ssl/lib:/usr/lib export PATH LD_LIBRARY_PATH SSL_BASE=/usr/local/ssl \ LIBS=/usr/lib/libC.so.5 \ CFLAGS=-fPIC \ ./configure --prefix=/opt/apache \ --enable-ssl \ --with-ssl=/usr/local/ssl/ \ --enable-so \ --with-mpm=worker \ --enable-deflate David S. Loesche [EMAIL PROTECTED] Yipes Enterprise Services, Inc. Main: (415) 901-2000 114 Sansome Street, Suite 1045 Direct: (415) 901-2210 San Francisco, CA 94104 Fax:(415) 901-2201 http://www.yipes.com Yipes is the defining provider of fully scalable bandwidth for businesses. We offer fully managed high-speed Internet and Nationwide LAN-to-LAN services at speeds ranging from 1 Mbps to 1 Gbps, in 1 Mbps increments. Yipes delivers this uniquely flexible service over the first nationwide system of optical IP networks. -Original Message- From: Johan Bryssling [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 05, 2002 2:39 AM Cc: [EMAIL PROTECTED] Subject: RE: Mod_ssl in apache 2.X Hi! Im not here to quarrel with you kid. Im here to get some help, and your insults are not helping very much. I thought this was the modssl-users list for people with not-so-much-expert-knowledge and not the linux-experts-with-nolife mailinglist. Im working under time pressure and cannot afford reading old documentation all day and then guess how the latter versions work (but of course I have read most of the old documentation anyway...). If I understand the example below I could rewrite it: CC=pgcc CFLAGS=-O2 \ ./configure --prefix=/sw/pkg/apache \ --enable-ssl=shared ? ... and load mod_ssl.so dynamically with Loadmodule latter on? Right? (Of course its right.. ;) ) Now you have to do some work on your own, you can't expect others to do it all for you and remain lazy. You call me lazy and think you know me after one email, that's cute. ;) I was asking a question and not hiring you or anybody else for a job. You even didnt have to answer. Im not demanding anything. (This is the first time I ask a usergroup a question at all, silly.) The new apache is not the best as far as documentation concerns, certainly not up to the documentation that the older apache with or without mod-ssl integration, but, there is info to be gleened, if one looks Right, I and other developers still havnt all day, thats why it exists user-groups to ask someone who already knows and perhaps have some time over for an clear answer. If I had some time over myself I would be happy to contribute with some quick-start-(dummy)-tutorials, because it's needed. Setting up Apache2 with SSL must be one of the most common configurations... Perhaps I will contribute in not-so-distance-future. ;) Regards /Johan -Original Message- From: R. DuFresne [mailto:[EMAIL PROTECTED]] Sent: den 4 december 2002 16:53 To: Johan Bryssling Cc: [EMAIL PROTECTED] Subject: Re: Mod_ssl in apache 2.X Didn't read any of the documentation in that tarball did ya? INSTALL [SNIP] For a short impression of what possibilities you have, here is a typical example which configures Apache for the installation tree /sw/pkg/apache with a particular compiler and flags plus the two additional modules mod_rewrite and mod_speling for later loading through the DSO mechanism: $ CC=pgcc CFLAGS=-O2 \ ./configure --prefix=/sw/pkg/apache \ --enable-rewrite=shared \ --enable-speling=shared The easiest way to find all of the configuration flags for Apache 2.0 is to run ./configure --help. [SNIP] The new apache is not the best as far as documentation concerns, certainly not up to the documentation that the older apache with or without mod-ssl integration, but, there is info to be gleened, if one looks. How about the apache web pages, read that at all? Now you have to do some work on your own, you can't expect others to do it all for you and remain lazy. Thanks, Ron DuFresne On Wed, 4 Dec 2002, Johan Bryssling wrote: Hi! I have a couple of questions: If mod_ssl is included in apache2.x why doesnt it show up in the modulelist when I use: % httpd -l ? If it's not included when I default compile (using the INSTALL-file instructions), how do I know how to compile in the mod_ssl into the apache (if this is my first time)? Where do I find information about these things, I certanly dont install apache at a regulary basis.. ;-) I noted a default config file for SSL (I also found an include into the httpd.config-file) and used the command: %httpd -DSSL -k start .. but it(apache)
A bug in table_adjust function that causes a core dump
Hi, on November 11 Kirill Shirkov reported a bug in the table_adjust function that causes core dumps. He described how the core dumps can be reproduced. Some colleague of mine confirmed this behaviour. Shirkov also described a bug fix. Up to now (December 5) there are no changes in the file ssl_util_table.c in the mod_ssl CVS repository. So, I would like to aks: 1. Is Shirkovs code change going to be integrated in the offical code? Or is there some other fix for this bug that will be integrarted? 2. When can some fix be expected in CVS? 3. When can it be expected to be seen in some offical release? Thanks a lot for any answer! Bernd Steinert --- Dr. Bernd Steinert kippdata GmbH Tel.: 0228 - 9 85 49 0 Bornheimer Str. 33a Fax: 0228 - 9 85 49 50 D-53111 Bonn eMail: [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: A bug in table_adjust function that causes a core dump
On Thu, 5 Dec 2002, Bernd Steinert wrote: on November 11 Kirill Shirkov reported a bug in the table_adjust function that causes core dumps. He described how the core dumps can be reproduced. Some colleague of mine confirmed this behaviour. I must have missed the patch... can someone repost it for me (and CC: me and Ralf on it), and put [PATCH] at the beginning of the subject line of the message. 1. Is Shirkovs code change going to be integrated in the offical code? Sure... I just need a copy of it. 2. When can some fix be expected in CVS? 3. When can it be expected to be seen in some offical release? I can handle the commit to the 2.0.x series... but it's up to Ralf to have it incorporated into the next release for 1.3.x. Thanks, Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: ssl renegotiation in post not allowed?
You wrote: I'm having a problem using client authentication with POST method. I have an Apache 2.0.43, server side SSL works fine. The browser is an Hi Alejandro, I came across the same problem. I had to upgrade Apache from 1.3.27 (this version just kills the MSIE on Windows XP) to 2.0.43. I tried the Debian package first, than I built Apache from scratch, and finally I built the latest sources from CVS with SSL EXPERIMENTAL flag -- but all without luck. I found the following bug in Apache bugzilla: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12355 (bug #12355) which describes exactly the same behaviour we noticed, and voted for it, but it still has a Status: NEW and nobody seemed to take care of it. I need to get this working as soon as posible. So do I. Please, share your solution if you find some. -- Marcin __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
mod_ssl mod_proxy
This is to report a problem with Apache with mod_ssl and mod_proxy, and to request the communitys help in resolving it. Objective: The objective is to set up Apache as a reverse proxy, to receive encrypted HTTPS traffic over the Internet and to convert it to HTTP and direct it to a web server through a firewall. Problem: Apache seems to be redirecting traffic to the virtual hosts on the local filesystem correctly, but mod_proxy does not seem to send requests to remote URL (as specified by ProxyRemote directive below). SSL does display correct certificate from requesting browser. Troubleshooting Steps Taken: Experimenting with the target URL (IP and hosname) and various proxy directives (ie ProxyPassReverse, ProxyPass) I have not been able to establish that proxy is doing anything at all. Apache has been recompiled with mod_ssl and mod_proxy as DSOs as well as statically linked in modules. Heres the system configuration: Linux version 2.2.16-22smp gcc version egcs-2.91.66 Server version: Apache/1.3.27 (Unix) Compiled-in modules: http_core.c mod_env.c mod_log_config.c mod_mime.c mod_negotiation.c mod_status.c mod_include.c mod_autoindex.c mod_dir.c mod_cgi.c mod_asis.c mod_imap.c mod_actions.c mod_userdir.c mod_alias.c mod_access.c mod_auth.c mod_proxy.c mod_setenvif.c mod_ssl.c OpenSSL 0.9.6g 9 August 2002 httpd.conf AddModule mod_proxy.c IfModule mod_proxy.c ProxyRequests off NoCache * AllowCONNECT 443,80 Directory / Order Allow,Deny Allow from All /Directory ProxyRemote * http://1.2.3.4:85 /IfModule NameVirtualHost * Listen *:443 VirtualHost _default_:443 SSLEngine on ServerName www.mydomain.com DocumentRoot /usr/local/apache/htdocs ErrorLog logs/443-error_log /VirtualHost Listen *:80 VirtualHost *:80 ServerAdmin [EMAIL PROTECTED] DocumentRoot /usr/local/apache/www ServerName www1.mydomain.com ErrorLog logs/80-error_log /VirtualHost Can anyone see a conflict or omission in this configuration? Does anyone have these two modules working together in a reverse proxy scenario? Any help or suggestions would be appreciated. Regards, Hamid.
