Re: Portweiterung schläg t fehl
On Fri, Jul 11, 2008 at 09:10:42AM +0200, Michael Hnat - bluegras wrote: Hallo, steht vor folgendem Problem: Ich habe einen Mailserver, der über einen eigenen Webserver auf Port 9998 läuft (smartermail). Da der Port bei manchen Kunden geblockt ist möchte ich den Webmailvlient gerne über Port 80 durchschleifen. IMHO sollte man Webmail /ausschließlich/ über HTTPS anbieten. Was ich gemacht habe: VirtualHost ... ProxyPass /webmail2 http://127.0.0.1:9998 ProxyPassReverse /webmail2 http://127.0.0.1:9998 /VirtualHost Allerdings kriege ich folgende Meldung zurück, mit der ich leider nichts anfangen kann: Proxy Error The proxy server received an invalid response from an upstream server. The proxy server could not handle the request GET /webmail2. Reason: Corrupt status line returned by remote server: HTTP/2.0 302 Found Das wird wohl der Fehler sein - das gibt es schlichtweg nicht. Liefert da mein Mailserver was falsches zurpück? Sieht so aus, um sicherzugehen, würde ich einen Sniffer auf Port 9998 stöpseln und nachsehen. Rainer -- Apache HTTP Server Mailing List users-de unsubscribe-Anfragen an [EMAIL PROTECTED] sonstige Anfragen an [EMAIL PROTECTED] --
content negotiation
Hallo, ich versuche gerade content negotiation besser zu verstehen. Genaugenommen geht es mir im Moment um Language negotiation. Ich habe die Beispiele des apache manuals ausprobiert. Die MultiViews-Variante funktioniert ohne Probleme. Nachteil hierbei ist, dass das Sprachkürzel angehängt wird, also index.html.de anstatt index.de.html. Das verursacht bei einigen HTML-Editoren Probleme wegen der Extension. Während die Erweiterung .html einfach zu registrieren ist, muss sonst jedes Spachkürzlen registriert werden. Es ist m.E. auch nicht wirklich akzeptabel, wenn die Dateien beim upload erst umbenannt werden müssen. - Nicht wohlüberlegt würde ich sagen. Wenn ich nun die type-map-Variante wähle, dann kann ich die Erweiterung frei bestimmen. Was ich jedoch nicht verstanden habe, ist, ob dann das type-map-Dokument (z.B. start.var) vom Server aufgerufen werden muss, oder der übliche Dokumentname (z.B. start.html)!? Wenn ich die var-Datei in die URL schreibe, funktioniert es auf meiner Konfigutation, ansonsten nicht. Mir wäre allerdings lieber, der Benutzer würde weiterhin die Adresse der html-Datei benutzen, die er ohne content negotiation aufrufen würde. Wie löse ich das am besten? mod_rewrite? Danke für die Hilfe. Gruss, Oliver Block -- Apache HTTP Server Mailing List users-de unsubscribe-Anfragen an [EMAIL PROTECTED] sonstige Anfragen an [EMAIL PROTECTED] --
Re: content negotiation
On Tue, Jul 15, 2008 at 01:33:24AM +0200, Oliver Block wrote: Ich habe die Beispiele des apache manuals ausprobiert. Die MultiViews-Variante funktioniert ohne Probleme. Nachteil hierbei ist, dass das Sprachkürzel angehängt wird, also index.html.de anstatt index.de.html. Das verursacht bei einigen HTML-Editoren Probleme wegen der Extension. Der Vorteil der angehängten zusätzlichen Extensions ist eben genau, dass die alten Namen der Datei auch noch funktionieren. Viele HTML-Editore können Projekte verwalten, in denen es dann egal ist, welches Suffix ganz hinten steht. So kann blabla.html.de genau so bearbeitet werden wie index.html. Insofern finde ich schon, dass das Konzept der Negotiation-Suffixe gut durchdacht ist. Es funktioniert nahtlos und läßt sich bei Bedarf eben um var-maps und noch kompliziertere Dinge erweitern. Emil Obermayr -- Apache HTTP Server Mailing List users-de unsubscribe-Anfragen an [EMAIL PROTECTED] sonstige Anfragen an [EMAIL PROTECTED] --
[EMAIL PROTECTED] Problem with disk_cache on Windows 2003
Hello I'm trying to get mod_cache and mod_disk_cache to work correctly. Problem summary is that disk cache is not working properly - sending empty data to the client for some content like the css file. I use Apache as a reverse proxy. I get a lot of this messages in the log file: [Sun Jul 13 14:09:38 2008] [warn] (OS 5)Access is denied. : disk_cache: rename tempfile to datafile failed: c:/webcache/los/aptmpx1asW8 - c:/webcache/los/Ra/N6/fS/iBGQrEATWPwwO4iA.data [Sun Jul 13 14:10:04 2008] [warn] (OS 5)Access is denied. : disk_cache: rename tempfile to datafile failed: c:/webcache/los/aptmpaeiuxe - c:/webcache/los/O7/ub/HS/Hp2X7mMoCK1NgpAA.data I am running Apache/2.2.8 (Win32) on a Windows 2003 server. The security settings on c:\webcache directory is everyone=full access. Apache Cache configuration is: ExpiresActive on ExpiresDefault now plus 5 minutes CacheRoot c:/webcache/los CacheEnable disk / CacheDefaultExpire 300 CacheMaxExpire 300 CacheIgnoreHeaders Set-Cookie CacheIgnoreCacheControl On CacheIgnoreNoLastMod On CacheStoreNoStore On CacheStorePrivate On Have I done some error in the configuration or is it something I missed? Thanks in advance. Dag - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] virtual hosting not working
Mike Brown wrote: On Mon, Jul 14, 2008 at 11:35:41AM +1000, Res wrote: Do you run your own (caching) DNS server? Nope. If so set up two views, one external that the world gets (your routable IP number of 75.100.112.198), the second view will have the domain with its internal LAN IP. The keeper of vidiot.com hosting to the outside world is via the nameserver in Maryland (DC suburb). It is beginning to look like I need to bring up the DNS server and place it first in my resolv.conf file and have it point at my local IP. I have the same problem here with lsces.co.uk I simply added the local IP address for the machine that is hosting that INSIDE the modem to the host file of the local machines. Alternatively if I have a new machine up I just use the local IP address rather than lsces.co.uk in the address. My laptop finds the local address via the internal wireless and the internet address when I'm out on the road - but that seems to be a bit of black magic :) -- Lester Caine - G8HFL - Contact - http://lsces.co.uk/lsces/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk// Firebird - http://www.firebirdsql.org/index.php - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Logging query strings from a re-write rule
Hi there,
I think you may have misunderstood the issue. Functionally my re-write
rule is working okay but its logging the query string of the URL that I
am sending the browser to.
If that makes sense..
Steve
-Original Message-
From: Francois Gingras [mailto:[EMAIL PROTECTED]
Sent: 10 July 2008 14:16
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] Logging query strings from a re-write rule
Steve,
Without digging too much in your particular issue, note that
RewriteCond will only match the query string if you use
%{QUERY_STRING}; You can check the following guide for examples:
http://wiki.apache.org/httpd/RewriteQueryString
Frank
On 7/10/08, Foster, Stephen (ASPIRE) [EMAIL PROTECTED]
wrote:
Hi,
I have implemented a re-write rule that captures the incoming
requests,
checks for a cookie and then directs the user to another system to
authenticate and get a cookie before being allowed to access pages
under the
webserver. E.g:
RewriteCond %{HTTP_HOST} !=
RewriteCond %{REQUEST_URI} !=/server-status
RewriteCond %{REQUEST_URI} !=/server-status?auto
RewriteCond %{REQUEST_URI} !=/heartbeat/heartbeat.htm
RewriteCond %{HTTP_COOKIE} !.*iiswlssignonuser*
RewriteRule .*$
http://www.steve.co.uk/Identification/WLSLogon.asp\?URL=http://%{HTTP_HO
ST}%{REQUEST_URI}path=%{REQUEST_URI}domain=.steve.co.ukname=mwar
e [L]
Functionaly this works perfectly but in the access logs I am getting
the
Query string of the re-direct URL being shown against the initial
request.
E.g
I am accessing
http://internal.steve.co.uk/TestWebApp/index.html
2008-07-10 10:53:02 10.101.X.X internal.steve.co.uk GET
/TestWebApp/index.html HTTP/1.1 302 367 2025
?URL=http://internal.steve.co.uk/TestWebApp/index.htmlpath=/TestWebApp/
index.htmldomain=.steve.co.ukname=mware
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1) -
-
2008-07-10 10:53:05 10.101.X.X internal.steve.co.uk GET
/TestWebApp/index.html HTTP/1.1 200 396 60460 Mozilla/4.0
(compatible; MSIE
6.0; Windows NT 5.1; SV1; InfoPath.1) - -
Any thoughts?? Like I say its working fine, just logging wrongly.
Cheers
Steve
Capgemini is a trading name used by the Capgemini Group of companies
which
includes Capgemini UK plc, a company registered in England and Wales
(number
943935) whose registered office is at No. 1 Forge End, Woking, Surrey,
GU21
6DB.
This message contains information that may be privileged or
confidential and
is the property of the Capgemini Group. It is intended only for the
person
to whom it is addressed. If you are not the intended recipient, you
are not
authorized to read, print, retain, copy, disseminate, distribute, or
use
this message or any part thereof. If you receive this message in
error,
please notify the sender immediately and delete all copies of this
message.
--
Francois Gingras
(i): http://ccds.ca
(p): (514) 243-8233
(f): (514) 731-5834
-
The official User-To-User support forum of the Apache HTTP Server
Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Capgemini is a trading name used by the Capgemini Group of companies which
includes Capgemini UK plc, a company registered in England and Wales (number
943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB.
This message contains information that may be privileged or confidential and is
the property of the Capgemini Group. It is intended only for the person to whom
it is addressed. If you are not the intended recipient, you are not authorized
to read, print, retain, copy, disseminate, distribute, or use this message or
any part thereof. If you receive this message in error, please notify the
sender immediately and delete all copies of this message.
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Re: tomcat, apache with mod_jk and mod_auth_kerb
On Mon, Jul 14, 2008 at 2:39 PM, Rainer Jung [EMAIL PROTECTED] wrote: First of all 5.5.12 is very outdated and also very early in the 5.5 release cycle. You need to add 'tomcatAuthentication=false' in the Connector element for your AJP connector. The connector you showed us above is - an https connector - a comment and not active At least two good reasons, why this is not the right one. The AJP Connector is the one, which uses port 8009 in the default configuration and which you can identify by 'protocol=AJP/1.3'. Regards, Rainer Oops.. here is the http connector line in my configuration: !-- Define a non-SSL HTTP/1.1 Connector on port 8080 -- Connector port=64080 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 connectionTimeout=2 disableUploadTimeout=true / Thanks Rainer. I will try out the later releases.. may be tomcat6 itself. Nikhil
[EMAIL PROTECTED] Re: tomcat, apache with mod_jk and mod_auth_kerb
On Mon, Jul 14, 2008 at 4:22 PM, Nikhil [EMAIL PROTECTED] wrote: On Mon, Jul 14, 2008 at 2:39 PM, Rainer Jung [EMAIL PROTECTED] wrote: First of all 5.5.12 is very outdated and also very early in the 5.5 release cycle. You need to add 'tomcatAuthentication=false' in the Connector element for your AJP connector. The connector you showed us above is - an https connector - a comment and not active At least two good reasons, why this is not the right one. The AJP Connector is the one, which uses port 8009 in the default configuration and which you can identify by 'protocol=AJP/1.3'. Regards, Rainer Oops.. here is the http connector line in my configuration: !-- Define a non-SSL HTTP/1.1 Connector on port 8080 -- Connector port=64080 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 connectionTimeout=2 disableUploadTimeout=true / Thanks Rainer. I will try out the later releases.. may be tomcat6 itself. Nikhil but still.. I do not get what is wrong with 5.5.12 and what could I do atleast in the httpd configuration that would get the kerberized apache authentication working in the tomcat apps. -- Nikhil Google is Great !
[EMAIL PROTECTED] proxypass problems
Hi all, again... I am a total apache newbie. What I have is: - A webserver in my dmz with a dedicated vhost + ip - A ssh tunnel to an internal webserver - An internal webserver with a directory called mirror in / As you might imagine I want to access the dir mirror on the dmz webserver. This is what I've tried on the dmz webserver: VirtualHost mirror.example.org:80 ServerAdmin [EMAIL PROTECTED] ProxyRequests Off Location / Order deny,allow Allow from 10.1.0.0/16 Deny from all ProxyPass http://localhost:8080/mirror/ ProxyPassReversehttp://localhost:8080/mirror/ /Location /VirtualHost ... and it actually works. I can access all the files. BUT Apache is looking for /icons in the wrong directory and (what is much more annoying) the autoindex module generates wrong links. For example: I am in the dir /pub/software/ and want to go into the Parent Directory, but the link points to /mirror/pub/ instead of /pub/. What's wrong with my configuration? -- Thank you Chris - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Logging query strings from a re-write rule
Ah, let's see your CustomLog directive, please.
On Mon, Jul 14, 2008 at 4:22 AM, Foster, Stephen (ASPIRE)
[EMAIL PROTECTED] wrote:
Hi there,
I think you may have misunderstood the issue. Functionally my re-write
rule is working okay but its logging the query string of the URL that I
am sending the browser to.
If that makes sense..
Steve
-Original Message-
From: Francois Gingras [mailto:[EMAIL PROTECTED]
Sent: 10 July 2008 14:16
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] Logging query strings from a re-write rule
Steve,
Without digging too much in your particular issue, note that
RewriteCond will only match the query string if you use
%{QUERY_STRING}; You can check the following guide for examples:
http://wiki.apache.org/httpd/RewriteQueryString
Frank
On 7/10/08, Foster, Stephen (ASPIRE) [EMAIL PROTECTED]
wrote:
Hi,
I have implemented a re-write rule that captures the incoming
requests,
checks for a cookie and then directs the user to another system to
authenticate and get a cookie before being allowed to access pages
under the
webserver. E.g:
RewriteCond %{HTTP_HOST} !=
RewriteCond %{REQUEST_URI} !=/server-status
RewriteCond %{REQUEST_URI} !=/server-status?auto
RewriteCond %{REQUEST_URI} !=/heartbeat/heartbeat.htm
RewriteCond %{HTTP_COOKIE} !.*iiswlssignonuser*
RewriteRule .*$
http://www.steve.co.uk/Identification/WLSLogon.asp\?URL=http://%{HTTP_HO
ST}%{REQUEST_URI}path=%{REQUEST_URI}domain=.steve.co.ukname=mwar
e [L]
Functionaly this works perfectly but in the access logs I am getting
the
Query string of the re-direct URL being shown against the initial
request.
E.g
I am accessing
http://internal.steve.co.uk/TestWebApp/index.html
2008-07-10 10:53:02 10.101.X.X internal.steve.co.uk GET
/TestWebApp/index.html HTTP/1.1 302 367 2025
?URL=http://internal.steve.co.uk/TestWebApp/index.htmlpath=/TestWebApp/
index.htmldomain=.steve.co.ukname=mware
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1) -
-
2008-07-10 10:53:05 10.101.X.X internal.steve.co.uk GET
/TestWebApp/index.html HTTP/1.1 200 396 60460 Mozilla/4.0
(compatible; MSIE
6.0; Windows NT 5.1; SV1; InfoPath.1) - -
Any thoughts?? Like I say its working fine, just logging wrongly.
Cheers
Steve
Capgemini is a trading name used by the Capgemini Group of companies
which
includes Capgemini UK plc, a company registered in England and Wales
(number
943935) whose registered office is at No. 1 Forge End, Woking, Surrey,
GU21
6DB.
This message contains information that may be privileged or
confidential and
is the property of the Capgemini Group. It is intended only for the
person
to whom it is addressed. If you are not the intended recipient, you
are not
authorized to read, print, retain, copy, disseminate, distribute, or
use
this message or any part thereof. If you receive this message in
error,
please notify the sender immediately and delete all copies of this
message.
--
Francois Gingras
(i): http://ccds.ca
(p): (514) 243-8233
(f): (514) 731-5834
-
The official User-To-User support forum of the Apache HTTP Server
Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Capgemini is a trading name used by the Capgemini Group of companies which
includes Capgemini UK plc, a company registered in England and Wales (number
943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21
6DB.
This message contains information that may be privileged or confidential and
is the property of the Capgemini Group. It is intended only for the person to
whom it is addressed. If you are not the intended recipient, you are not
authorized to read, print, retain, copy, disseminate, distribute, or use this
message or any part thereof. If you receive this message in error, please
notify the sender immediately and delete all copies of this message.
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Re: tomcat, apache with mod_jk and mod_auth_kerb
On Mon, Jul 14, 2008 at 5:00 PM, Rainer Jung [EMAIL PROTECTED]
wrote:
Again, the http connector is *not* what you need to edit, if you want to
combine Tomcat with mod_jk or mod_proxy_ajp. It is the AJP connector. See my
previous mail.
You need to add tomcatAuthentication=false to that connector.
Regards,
Rainer
I seem to get it, Rainer. But the thing is that with my installed
tomcat-5.5.12 version and I do not have any already tomcatAuthentication
directive (if I call it that way). Okay I get you want me to add, so this
is what I edited the server.xml now
!-- Define a SSL HTTP/1.1 Connector on port 8443 --
!--
Connector port=64083 maxHttpHeaderSize=8192
maxThreads=150 minSpareThreads=25 maxSpareThreads=75
enableLookups=false disableUploadTimeout=true
acceptCount=100 scheme=https secure=true
clientAuth=false sslProtocol=TLS /
--
!-- Define an AJP 1.3 Connector on port 8009 --
Connector port=64089
enableLookups=false redirectPort=64083
tomcatAuthentication=false protocol=AJP/1.3 /
!-- Define a Proxied HTTP/1.1 Connector on port 8082 --
!-- See proxy documentation for more information about using this. --
!--
Connector port=64082
maxThreads=150 minSpareThreads=25 maxSpareThreads=75
enableLookups=false acceptCount=100
connectionTimeout=2
proxyPort=80 disableUploadTimeout=true /
--
After editing the change in the ajp connector, and restarting the tomcat, I
still am not able to get the remote_user variable passed.
I am using the following jsp installed under
webapps/jsp-examples/readheaders.jsp to have the environment variables
listed but with out any success..
%@ page language=java %
%@ page import=java.util.Enumeration %
h2HTTP Request Headers/h2
table border=0 cellspacing=1 cellpadding=2 trthName/th
thValue/th /tr
% // Get all HTTP request headers names/values
Enumeration e1 = request.getHeaderNames();
while (e1.hasMoreElements()) {
boolean doLoop = true;
String name = ((String)e1.nextElement()).toUpperCase();
Enumeration e2 = request.getHeaders(name);
while (e2.hasMoreElements()){
String value = (String)e2.nextElement();
%
tr
td class=gray%= name %/td
td class=gray%= value %/td
/tr
%
}
}
%
--
Any suggestions? (Although I am still to try out the Tomcat6, but would
prefer for fixing the existing installation unless there are any real
problems in the tomcat version that I am using.
Thanks,
Nikhil
[EMAIL PROTECTED] Re: tomcat, apache with mod_jk and mod_auth_kerb
Rainer, I seem to have found a related link on this but this is really old pertaining to the older versions of Tomcat.. any suggestions please. http://marc.info/?t=10431829842r=1w=2
[EMAIL PROTECTED] Re: need help
What devilishly _clever_ Subject: content!! - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] problem installing apache
nopes... it doesn't work with setenforce 0 either.. --- On Sat, 7/12/08, Graeme Fowler [EMAIL PROTECTED] wrote: From: Graeme Fowler [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED] problem installing apache (resending) To: users@httpd.apache.org Date: Saturday, July 12, 2008, 8:53 AM On Fri, 2008-07-11 at 18:27 -0700, Infocom Admin wrote: Yes it has write pemission too... SELinux. It's probably in enforcing mode (rather than permissive) and is preventing you doing things you believe you can. Try setenforce 0 as root, and run make install again. Then to turn SELinux back into enforcing mode, setenforce 1. Of course, this assumes you have created an SELinux policy to allow you to modify and execute things in /usr/local... Graeme - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Re: tomcat, apache with mod_jk and mod_auth_kerb
On Mon, 14 Jul 2008 19:14:02 +0530 Nikhil [EMAIL PROTECTED] wrote: On Mon, Jul 14, 2008 at 5:00 PM, Rainer Jung [EMAIL PROTECTED] wrote: No he didn't. Well, not in [EMAIL PROTECTED] Please don't add this list when following up to a post on a different list. It's just confusing. -- Nick Kew Application Development with Apache - the Apache Modules Book http://www.apachetutor.org/ - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Re: tomcat, apache with mod_jk and mod_auth_kerb
I tried out Tomcat6 too and added 'tomcatAuthentication=false' to the ajp connector but that still not work. :-( On Mon, Jul 14, 2008 at 7:15 PM, Nikhil [EMAIL PROTECTED] wrote: Rainer, I seem to have found a related link on this but this is really old pertaining to the older versions of Tomcat.. any suggestions please. http://marc.info/?t=10431829842r=1w=2 -- Nikhil Google is Great !
[EMAIL PROTECTED] Authentication via x509 or password/otp
Hello Apache-Pros,
I'm currently looking for a solution to fulfill the following
authentication requirements:
- Endusers do have a smartcard based ssl client certificate and a password
or later OTP generator (e.g. RSA SecurID)
The scenario should be as following:
- If it's possible for the user to use his smartcard and he tries to
connect to the apache driven website, standard ssl client authentication is
done. The tomcat application behind reads the environment variable
SSL_CLIENT_S_DN and knows about the user and that he authenticated using
his certificate. - FINE
But:
- If it's NOT possible for the user to use his smartcard, for example, he
sits in an internet cafe, he has to use a password or later otp. The user
accesses the same url. The apache should recognise, that no ssl client
certificate is presented and therefore asks to enter username and password.
After successful authentication, the web application asks for
SSL_CLIENT_S_DN which then is empty. Therefore, the application queries
REMOTE_USER and therefore knows, the username and that he authenticates
without certificates.
The webapp then offers functionality to the enduser depending on the used
authentication mechanism.
What I tried so far is the following (apache 2.2.8):
KeepAlive Off
Location /
SSLVerifyClient optional
SSLVerifyDepth 10
/Location
SSLOptions +FakeBasicAuth +StrictRequire
SSLUserName SSL_CLIENT_S_DN_CN
RewriteEngineon
RewriteLog /tmp/rewrite.log
RewriteCond %{SSL:SSL_CLIENT_VERIFY} !=SUCCESS
RewriteRule .* /authtest/digest/index.html [L]
RewriteCond %{SSL:SSL_CLIENT_VERIFY} =SUCCESS
RewriteRule .* /authtest/ssl/index.html [L]
Location /authtest/ssl
SSLVerifyClient require
SSLVerifyDepth 10
/Location
Location /authtest/digest
AuthType Digest
AuthName realm
AuthUserFile /etc/realm/digest
Require valid-user
/Location
If a certificate is presented, the auth is done for / and then apache
redirects to /authtest/ssl. If no cert is presented, first auth fails and
apache redirects to /authtest/otp which then tries to do digest
authentication.
The problem with this setup is, that it seems not very stable. Sometimes it
works, but sometimes not (mostly not). It has probably something to do with
caching but I'm simply not sure about that. I already tried KeepAlive off
Secondly, since the web application is the same for certificate and
password / otp based authentication, two differend entrypoints to the
application seems somehow sub-optimal :-)
Third, I really would like to place an apache reverse proxy in front of the
web application which then does the client authentication, but I'm
wondering, how to transfer the information of the authenticated user and
authentication type to the webapp / tomcat??
Best regards and thank you!
Markus
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] get users sessions informations from apache
Hello everyone:) Let me know how I can retrieve the status of the sessions of all users connected to my site, so whether the session of a user expired or not. is that it is possible that apache dialoge with another program and then submit the status of sessions. I use Apache 2.0.63. Thank you for your help. winmail.dat- The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] problem with php +apache
Hi I recently managed to install apache 2.2.9 with mpm worker enabled . But when I try to start the httpd service, it fails saying: [crit] Apache is running a threaded MPM, but your PHP Module is not compiled to be threadsafe. You need to recompile PHP How do i compile php module to be threadsafe ? I am using php5.2.6
Re: [EMAIL PROTECTED] problem with php +apache
Hi, just use --enable-maintainer-zts directive in configure script On Mon, Jul 14, 2008 at 3:37 PM, Infocom Admin [EMAIL PROTECTED] wrote: Hi I recently managed to install apache 2.2.9 with mpm worker enabled . But when I try to start the httpd service, it fails saying: [crit] Apache is running a threaded MPM, but your PHP Module is not compiled to be threadsafe. You need to recompile PHP How do i compile php module to be threadsafe ? I am using php5.2.6 - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] problem with php +apache
The thing is , so far as i remember, i never enabled this option while compiling php.. but cannot understand why it is saying so this time ... --- On Mon, 7/14/08, Darvin Denmian [EMAIL PROTECTED] wrote: From: Darvin Denmian [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED] problem with php +apache To: users@httpd.apache.org, [EMAIL PROTECTED] Date: Monday, July 14, 2008, 2:42 PM Hi, just use --enable-maintainer-zts directive in configure script On Mon, Jul 14, 2008 at 3:37 PM, Infocom Admin [EMAIL PROTECTED] wrote: Hi I recently managed to install apache 2.2.9 with mpm worker enabled . But when I try to start the httpd service, it fails saying: [crit] Apache is running a threaded MPM, but your PHP Module is not compiled to be threadsafe. You need to recompile PHP How do i compile php module to be threadsafe ? I am using php5.2.6 - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Redirecting Problem (Wear)
Here's the problem I had this config in the httpd.conf RewriteEngine On RewriteLogLevel 9 RewriteLog logs/website/www.website.com-rewrite_log RewriteRule ^/(.*\.html)$ /index.php?$1 [L] RewriteRule ^/(.*\.htm)$ /index.php?$1 [L] But if I move this configuration from httpd.conf to .htaccess doesn't work WHY? or WHAT I HAVE TO DO? - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] use mod_rewrite to answer a.php?xyz and serve /xyz ?
Hi, I know mod_rewrite can answer web request to /xyz and internally serving a.php?xyz . However, is it possible to answer a.php?xyz and internally serving /xyz , without writing a script a.php? For the curious minds, we are moving from dynamic scripts to pre-generated static pages, and want to maintain old links to outside. Thanks for your time, Randy
[EMAIL PROTECTED] Re: use mod_rewrite to answer a.php?xyz and serve /xyz ?
I tried, and apache complained a.php was not found on this server. Seems that apache took this as a script instead? On Mon, Jul 14, 2008 at 5:07 PM, Randy Grimes [EMAIL PROTECTED] wrote: Hi, I know mod_rewrite can answer web request to /xyz and internally serving a.php?xyz . However, is it possible to answer a.php?xyz and internally serving /xyz , without writing a script a.php? For the curious minds, we are moving from dynamic scripts to pre-generated static pages, and want to maintain old links to outside. Thanks for your time, Randy
Re: [EMAIL PROTECTED] Re: Using rewrite to forward the request OR mod_perl
Mohit Anchlia wrote: [...] We have a web server that redirects traffic to app server using mod_jk load balancer. Now I need to do the following: 1. If request comes from URL /AB and content of URL /AB has content in certain format then forward it to mod_jk otherwise forward it to some other URL (external system in our case). I may be late with this answer, but for the first part above, you may be interested to know that there is an alternative to the JkMount directives, like this : LocationMatch /AB SetHandler jakarta-servlet SetEnvIf REQUEST_URI \.(htm|web|css|gif|jpg|js|html?)$ no-jk ... /LocationMatch It's a bit harder to find in the documentation, but it means this : - the LocationMatch allows you to match the URI with a regular expression a la perl. It has the same effect as Location, but is a bit more flexible as to what you can match. - SetHandler jakarta-servlet does basically the same as JkMount, for the Location in which it is included. - SetEnvIf (requires the mod_setenvif standard Apache module) allows you (between other things) to set/unset variables based on requests characteristics (such as here whether the request URI is for one of the file extensions indicated). - and finally, using this to set the no-jk variable has the effect (if the URI matches), to *not* re-direct this request through mod_jk. All of this together means that : - if the URI matches /AB, it would normally be re-directed through mod_jk and it's load balancer, to the back-end systems - but, if the request matches the SetEnvIf, then the no-jk variable will be set - thus, when mod_jk receives the request, it will decline it (give it back to Apache saying it's not for me) - thus Apache will apply to this request any other directives present in the same Location section (represented here by ..., but which could be mod_perl handlers etc..) Does this give you new ideas ? (You might also want to look up the JkUnMount directive.) Now, let me comment on the way you phrase your request : If request comes from URL /AB and content of URL /AB has content in certain format then ... (you would like it to go there, else somewhere else) There is a bit of a problem here, if taken literally. The problem is that in order to know the format of the content, this content must be generated. To generate it, you have to decide which process will generate it, and let it do it. Then based on the content, you want to decide who generates it. A bit of a chicken-and-egg problem here, no ? Or by content do you just mean the file extension, as it appears in the URI ? André - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Forward proxies and aliases
Tavian Barnes wrote: When behind a proxy, the browser sends request to the proxy in the form of GET http://www.google.com/ig, rather than sending GET /ig to www.google.com. It has no idea if the proxy server did some tricky things behind its back. Thank you for reminding me of that. I remember reading that somewhere, but I had forgotten. I though that the browser just sent the request to the IP of the proxy as GET /ig, with a Host: www.google.com header. But now I realise the error of my ways. Thanks. André - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] How to configure Apache 2.x for HTTP 1.0 version?
Hi, I am working on Apache 2.x. The default protcol followed is HTTP 1.1. But HTTP 1.1 is a persistent protocol and hence I want Apache to follow HTTP 1.0 protocol. So, How to configure Apache 2.x for HTTP 1.0 version? -Anand
[EMAIL PROTECTED] Problem with Indexes
I have Options Indexes FollowSymLinks MultiViews and I try adding Options +Indexes in individual locations, but it never works. I do not get an auto-generated directory list, but an error if there is no index.html (or other index file I've configured). What am I missing? --John - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] How to override Apache default headers?
Hi, I am using mod_proxy to establish proxy communication between TCP client and TCP server. When I send request from client to server through Apache as proxy, Apache adds the following headers automatically: POST / HTTP/1.1 Host: 192.168.56.17:9801 X-Forwarded-For: 192.168.56.17 X-Forwarded-Server: http://www.abc.com www.abc.com Connection: Keep-Alive Content-Length: [Specified from client side] How can I ask Apache not to send such headers to the TCP server? -Anand
Re: [EMAIL PROTECTED] How to configure Apache 2.x for HTTP 1.0 version?
On Jul 14, 2008, at 9:05 PM, Anand Kulkarni wrote: I am working on Apache 2.x. The default protcol followed is HTTP 1.1. But HTTP 1.1 is a persistent protocol and hence I want Apache to follow HTTP 1.0 protocol. What do you mean by 'persistent'? So, How to configure Apache 2.x for HTTP 1.0 version? Keepalives off work for you? That gets you rid of the Keepalive feature without doing away with the rest of the protocol features. S. -- Sander Temme [EMAIL PROTECTED] PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
RE: [EMAIL PROTECTED] How to configure Apache 2.x for HTTP 1.0 version?
Hi, I want HTTP 1.0 protocol because I heard that passing content length in HTTP 1.0 request is not mandatory. In my application, the client does not know the length of data to be sent to server through Apache as proxy. When I switched to HTTP 1.0 still its forcing content length in the request. Do you know how to send dynamic data from client without specifying content length? Anand -Original Message- From: Sander Temme [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 15, 2008 11:01 AM To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] How to configure Apache 2.x for HTTP 1.0 version? On Jul 14, 2008, at 9:05 PM, Anand Kulkarni wrote: I am working on Apache 2.x. The default protcol followed is HTTP 1.1. But HTTP 1.1 is a persistent protocol and hence I want Apache to follow HTTP 1.0 protocol. What do you mean by 'persistent'? So, How to configure Apache 2.x for HTTP 1.0 version? Keepalives off work for you? That gets you rid of the Keepalive feature without doing away with the rest of the protocol features. S. -- Sander Temme [EMAIL PROTECTED] PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
