Plain API vs EAPI

2007-10-19 Thread Bernard Barton 
When I run an apachectl configtest, I get the errors below regarding compiling 
apache with -DEAPI.  Now mod_ssl has a configure option --with-eapi-only, and 
apache has an option "--disable-rule=EAPI=no".  But no matter what combination 
of these options I use, I still get the errors.  Does mod_ssl have an option to 
turn off eapi?   Any suggestions would be greatly appreciated.


[Fri Oct 19 11:15:33 2007] [warn] Loaded DSO libexec/mod_vhost_alias.so uses 
plain Apache 1.3 API, this module might crash under EAPI! (please recompile it 
with -DEAPI)
[Fri Oct 19 11:15:33 2007] [warn] Loaded DSO libexec/mod_log_config.so uses 
plain Apache 1.3 API, this module might crash under EAPI! (please recompile it 
with -DEAPI)
[Fri Oct 19 11:15:33 2007] [warn] Loaded DSO libexec/mod_actions.so uses plain 
Apache 1.3 API, this module might crash under EAPI! (please recompile it with 
-DEAPI)


-Thanks


__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]

Re: Please help with http -> https redirection

2007-10-15 Thread Bernard Barton 
Thanks, but I'm trying to get through this without any code changes. 
It's ALMOST working!  But no cigar.


Brian Hayward wrote:
> If all you want to do is redirect "/" on your non-SSL Port to "/" on
> your SSL port, you could use a zero second redirect.
>
> e.g. put this in your index.html for the port 80 virtual host:
>
> https://devl02.mydomain.com/"; />
>
> And have your real content in a different document root for your port
> 443 virtual host.
>
> The only drawback is that it's not feasible to redirect deep links (or
> bookmarks) to the non-secure web server using this approach.
>
> --
> Brian
>
> On 10/15/07, Bernard Barton <[EMAIL PROTECTED]> wrote:
>   
>> In my main httpd.conf file, I have numerous include files which include
>> virtual hosts like so:
>>
>> Include /usr/local/apache/conf/conf.d/devl00.conf
>> Include /usr/local/apache/conf/conf.d/devl01.conf
>> Include /usr/local/apache/conf/conf.d/devl02.conf
>>
>>
>> So if I access http://devl02.mydomain.com/ then I see the virtual host
>> defined
>> in devl02.conf, etc.  In the devl02.conf file, I have enabled SSL.  I CAN
>> access the secure site https://devl02.mydomain.com/.  However, when I now
>> access the non-secure site of http://devl02.mydomain.com, the main server
>> web site is displayed, and not the virtual host.  What I'm trying to do
>> is a
>>
>>RedirectPermanent / https://cj-devl02.mydomain.net/
>>
>> But when I do this I get errors that I posted previously about cookies not
>> being enabled.  So I guess the questions is, having the "Include" statements
>> above, and knowing that each include file like devl08.conf is a virtual host
>> container with SSL enabled, how do I redirect from the port 80 version to
>> the SSL enabled port 443 version like:
>>
>> http://cj-devl02.mydomain.net/  -->  https://cj-devl02.mydomain.net/
>>
>> FYI, I've tried including .conf files, and also pasting the contents of my
>> .conf files into an email, but they evidently are rejected by the
>> mailing list.
>>
>> __
>> Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
>> User Support Mailing List  modssl-users@modssl.org
>> Automated List Manager[EMAIL PROTECTED]
>>
>> 
> __
> Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
> User Support Mailing List  modssl-users@modssl.org
> Automated List Manager[EMAIL PROTECTED]
>
>   

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]

Re: Please help with http -> https redirection

2007-10-15 Thread Bernard Barton 
These are name based virtual hosts.  Numerous hosts, only one IP
address.  So each of the included .conf files below such as devl00.conf
and devl01.conf begin with something like this:



ServerName  devl02.mydomain.net
ServerAdmin [EMAIL PROTECTED]
LogLevel debug


So I can access https://devl02.mydomain.com/ directly, but if I try and
redirect from http://devl02.mydomain.com to the https URL of the same
name, I get the default insecure web site, which is defined in the
httpd.conf file.

-Thanks



Cliff Woolley wrote:
>
> Are these IP-based virtual hosts or name-based virtual hosts?  See
> http://httpd.apache.org/docs/2.0/vhosts/name-based.html
>
> --Cliff
>
>
> On 10/15/07, *Bernard Barton* <[EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]>> wrote:
>
> In my main httpd.conf file, I have numerous include files which
> include
> virtual hosts like so:
>
> Include /usr/local/apache/conf/conf.d/devl00.conf
> Include /usr/local/apache/conf/conf.d/devl01.conf
> Include /usr/local/apache/conf/conf.d/devl02.conf
>
>
> So if I access http://devl02.mydomain.com/ then I see the virtual host
> defined
> in devl02.conf, etc.  In the devl02.conf file, I have enabled
> SSL.  I CAN
> access the secure site https://devl02.mydomain.com/.  However,
> when I now
> access the non-secure site of http://devl02.mydomain.com, the main
> server
> web site is displayed, and not the virtual host.  What I'm trying
> to do
> is a
>
>RedirectPermanent / https://cj-devl02.mydomain.net/
>
> But when I do this I get errors that I posted previously about
> cookies not
> being enabled.  So I guess the questions is, having the "Include"
> statements
> above, and knowing that each include file like devl08.conf is a
> virtual host
> container with SSL enabled, how do I redirect from the port 80
> version to
> the SSL enabled port 443 version like:
>
> http://cj-devl02.mydomain.net/  -->  https://cj-devl02.mydomain.net/
>
> FYI, I've tried including .conf files, and also pasting the
> contents of my
> .conf files into an email, but they evidently are rejected by the
> mailing list.
>
> __
> Apache Interface to OpenSSL (mod_ssl)  
> www.modssl.org <http://www.modssl.org>
> User Support Mailing List  
> modssl-users@modssl.org <mailto:modssl-users@modssl.org>
> Automated List
> Manager[EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]>
>
>

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]

Please help with http -> https redirection

2007-10-15 Thread Bernard Barton 
In my main httpd.conf file, I have numerous include files which include
virtual hosts like so:

Include /usr/local/apache/conf/conf.d/devl00.conf
Include /usr/local/apache/conf/conf.d/devl01.conf
Include /usr/local/apache/conf/conf.d/devl02.conf


So if I access http://devl02.mydomain.com/ then I see the virtual host
defined
in devl02.conf, etc.  In the devl02.conf file, I have enabled SSL.  I CAN
access the secure site https://devl02.mydomain.com/.  However, when I now
access the non-secure site of http://devl02.mydomain.com, the main server
web site is displayed, and not the virtual host.  What I'm trying to do
is a

   RedirectPermanent / https://cj-devl02.mydomain.net/  

But when I do this I get errors that I posted previously about cookies not
being enabled.  So I guess the questions is, having the "Include" statements
above, and knowing that each include file like devl08.conf is a virtual host
container with SSL enabled, how do I redirect from the port 80 version to
the SSL enabled port 443 version like:

http://cj-devl02.mydomain.net/  -->  https://cj-devl02.mydomain.net/

FYI, I've tried including .conf files, and also pasting the contents of my
.conf files into an email, but they evidently are rejected by the
mailing list.

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]

Why are some messages not being distributed to mailing list?

2007-10-14 Thread Bernard Barton 
I sent an email with two text attachments, and never received a copy
from the mailing list from [EMAIL PROTECTED]  So I sent a
message asking if attachments were permitted, and did receive that
message.  So, I sent another message WITHOUT attachments, but placed
copies of the httpd.conf and another .conf file withing the message.  I
have not received that message either, from the mailing list.  

Any ideas?


-Thanks

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]

Are text attachments permitted in mailing list?

2007-10-13 Thread Bernard Barton 
I sent a message with an attachment several hours ago, and still have
not received a copy of it via the modssl-users mailing list.  The
message included two text attachments.  Are text attachments allowed?


-Thanks

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]

Re: How to redirect http to https on same server?

2007-10-11 Thread Bernard Barton 
Thanks for all the responses.  But no matter what I do or where I place
a Rewrite or Redirect, I get the following error in Firefox:

((("The page isn't redirecting properly

Firefox has detected that the server is redirecting the request for this
address in a way that will never complete.

This problem can sometimes be caused by disabling or refusing to accept
cookies.")))


The page is redirected from http://myserver to https://myserver, but I
get the above message.  I do have Firefox configured to accept cookies. 
When I try to access the site using IE, it just hangs.  Any suggestions
would be greatly appreciated.




Roy Keene (Contractor) wrote:
> Bernard Barton wrote:
>> I'm trying to redirect users from http://vhost.mydomain.com to
>> https://vhost.mydomain.com using this RewriteRule:
>>
>>RewriteCond   %{SERVER_PORT}  !^443$
>>RewriteRule ^/(.*)$ https://cj-mydomain.choicepoint.net/$1 [L,R]
>>
>>
>> This does not seem to work.  I have the following defined as a virtual
>> host, and the ssl.include is listed below that.  What do I need to do to
>> redirect http to https on the same server?
>>
>> -Thanks
>>
>>
>> 
>> 
>>
>> #See file below
>> Include conf/conf.d/ssl.include
>>
>> ErrorLog  /usr/local/apache/logs/ssl_mydomain_error_log
>> CustomLog /usr/local/apache/logs/ssl_mydomain_access_log
>> combined
>>
>> 
>> ProxyRequests On
>>
>> ProxyPass/ http://vhost.mydomain.net:80/
>> ProxyPassReverse / http://vhost.mydomain.net:80/
>>  
>> 
>>
>> 
>> 
>>
>> ###  ssl.include
>>
>> SSLEngine on
>>
>> SSLCipherSuite
>> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>>
>> SSLCertificateFile
>> /usr/local/apache-1.3.37/conf/ssl.crt/star_mydomain_net.crt
>>
>> SSLCertificateKeyFile
>> /usr/local/apache-1.3.37/conf/ssl.key/star_mydomain_net.key
>>
>> SSLCertificateChainFile
>> /usr/local/apache-1.3.37/conf/ssl.crt/DigiCertCA.crt
>>
>> 
>> SSLOptions +StdEnvVars
>> 
>>
>> SetEnvIf User-Agent ".*MSIE.*" \
>>  nokeepalive ssl-unclean-shutdown \
>>  downgrade-1.0 force-response-1.0
>>
>> __
>> Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
>> User Support Mailing List  modssl-users@modssl.org
>> Automated List Manager[EMAIL PROTECTED]
>>
>
>
> This is what I use (from internal documentation):
>1. Redirect all HTTP requests to HTTPS
> a. Load mod_rewrite  (see:
>http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html )
> b. Add the following rule to your non-HTTPS server configuration
>(httpd.conf):
> # Require HTTPS
> RewriteEngine on
> RewriteRule ^/(.*) https://${SERVER_NAME}/$1
> [redirect=permanent]
>
>
> Yours should work, too, though since it is only substantially
> different in two (2) ways:
> 1. You don't have "RewriteEngine on" in the snippet, I assume you
> have it somewhere though
> 2. You check SERVER_PORT against !^443$ (it would probably be
> better to check the environment variable HTTPS, though) -- that should
> work.

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]

How to redirect http to https on same server?

2007-10-10 Thread Bernard Barton 
I'm trying to redirect users from http://vhost.mydomain.com to
https://vhost.mydomain.com using this RewriteRule:

   RewriteCond   %{SERVER_PORT}  !^443$
   RewriteRule ^/(.*)$ https://cj-mydomain.choicepoint.net/$1 [L,R]


This does not seem to work.  I have the following defined as a virtual
host, and the ssl.include is listed below that.  What do I need to do to
redirect http to https on the same server?

-Thanks





#See file below
Include conf/conf.d/ssl.include

ErrorLog  /usr/local/apache/logs/ssl_mydomain_error_log
CustomLog /usr/local/apache/logs/ssl_mydomain_access_log combined


ProxyRequests On

ProxyPass/ http://vhost.mydomain.net:80/
ProxyPassReverse / http://vhost.mydomain.net:80/
  




 


###  ssl.include

SSLEngine on

SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile
/usr/local/apache-1.3.37/conf/ssl.crt/star_mydomain_net.crt

SSLCertificateKeyFile
/usr/local/apache-1.3.37/conf/ssl.key/star_mydomain_net.key

SSLCertificateChainFile /usr/local/apache-1.3.37/conf/ssl.crt/DigiCertCA.crt


SSLOptions +StdEnvVars


SetEnvIf User-Agent ".*MSIE.*" \
 nokeepalive ssl-unclean-shutdown \
 downgrade-1.0 force-response-1.0

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]