[users@httpd] ap_log_error dumps on apache start with apache 2.4

2016-09-15 Thread megha chauhan 
Hello,



I have built a shared module on apache 2.4. I could get the apache build
succesfull. On apache start there is a dump at the below line:



#ifdef APA24

//ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r, trcStr.getStr());

if (r != NULL) {

ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r, "test");



}



Below is the dump analysis:

ApaTracer::outP(int,Tracer::Verbosity,String&)(this = 0x0001100997b0,
sysmsg = 0, _lvl = Tracer::Info, trcStr = &(...)), line 92 in
"apatracer.cpp"

tracer.Tracer::out(Tracer::Verbosity,String&)(this = 0x0001100997b0,
_lvl = Info, msg = &(...)), line 97 in "tracer.cpp"

ContentServerState::~ContentServerState()(this = 0x000110098ed0,
__dtorFlags = 0, __vtt = (nil)), line 26 in "csrvstate.cpp"

ApaCSServerState::~ApaCSServerState()(this = 0x000110098ed0,
__dtorFlags = 3, __vtt = (nil)), line 32 in "apacsrvstate.cpp"

cs_main_init_cleanup(void*)(obj = (nil)), line 165 in "apacsrvstate.cpp"

run_cleanups(0x1100219d8) at 0x90002a661b8

apr_pool_clear(0x1100219b8) at 0x90002a6709c

main(0x20002, 0xa80) at 0x13bf8



I derefernce the structure variable r which is of type server_rec(apache
struct) and below is the value



(dbx) p *r

(process = 0x00011001fa88, next = (nil), error_fname =
"logs/error_log", error_log = 0x00011001fa10, log = (module_levels =
(nil), level = 4), module_config = 0x000110053420, lookup_defaults =
0x000110054ef8, defn_name = (nil), defn_line_number = 0, is_virtual =
'\0', port = 0, server_scheme = (nil), server_admin = "y...@example.com",
server_hostname = "isi081.wdf.sap.corp", addrs = 0x00011004e410,
timeout = 6000, keep_alive_timeout = 500, keep_alive_max = 100,
keep_alive = 1, names = (nil), wild_names = (nil), path = (nil), pathlen =
0, limit_req_line = 8190, limit_req_fieldsize = 8190, limit_req_fields =
100, context = (nil))



I do not see any corruption in memory. But still there is a dump on apache
start.

If i comment out this line, then everything works as expected. Apache
starts and i am able to complete the operation as well. But we would need
this statement in order to have logging enabled. Is there any other
alternative or fix for the same.



The same code is working for apache 2.2.



Any help would be highly appreciated.



Regards,

Megha

Re: [users@httpd] Change user for Apache web server to a non-privileged user?

2016-09-15 Thread Erik Dobák 
i was told that chrooting that user might also be a good idea. what do you
think?

E

On 14 September 2016 at 23:49, Richard 
wrote:

>
>
>
> > Date: Wednesday, September 14, 2016 17:37:36 -0400
> > From: Tom Hammond 
> >
> >> From: Richard
> >> Sent: Wednesday, September 14, 2016 5:06 PM
> >>
> >>> Date: Wednesday, September 14, 2016 08:16:32 -0400
> >>> From: Tom Hammond 
> >>>
> >>> I have an Apache 2.2x server and would like to harden security so
> >>> that  hackers can't get in easily to the Apache webserver.  One
> >>> suggestion  is to change the user/group for Apache to a
> >>> non-privileged account.
> >>>
> >>> Currently the user "fpp" is the default user for Apache which has
> >>> access to the operating system via sudo commands.
> >>>
> >>> I entered these commands to create a non-privileged account:
> >>> sudo groupadd http-web
> >>> sudo useradd -d /opt/fpp/www/ -g http-web http-web
> >>>
> >>> I then edited /etc/apache2/envvars to change these lines:
> >>> export APACHE_RUN_USER=http-web
> >>>
> >>> export APACHE_RUN_GROUP=http-web
> >>>
> >>> I also ran this command to change user/group permissions on this
> >>> folder: sudo chown -R http-web:http-web /var/lock/apache2/ sudo
> >>> chown  -R http-web:http-web /opt/fpp/www
> >>>
> >>> Finally, I restarted the Apache service with this command:
> >>> sudo service apache2 restart
> >>>
> >>> When I try to access the website on this server, I receive the
> >>> following message:
> >>>
> >>> Forbidden: You don't have permission to access / on this server.
> >>>
> >>> I've been scouring the Internet trying to figure out how to switch
> >>> the  default "fpp" Apache user to a non-privileged account and
> >>> can't figure  it out. Can someone shed some light on this?
> >>
> >>
> >>
> >> There's nothing about the "apache" user/group that inherently makes
> >> it privileged. It's just a standard user/group that the apache
> >> server (generally) runs as.
> >>
> >> What you do want to make certain of is that your DocumentRoot is
> >> not owned by the user/group that the webserver is running as, and
> >> that it is not writable by that user/group.
> >>
> >> The webserver does need read access to the files (and execute to
> >> directories) under the DocumentRoot.
> >>
> >
> >
> > Thanks for the advice!  If I understand you, the user/group that the
> > webserver is running as needs to have read access on files and
> > execute on directories, but at the same time not be an "owner" of
> > these files & directories.  Is that correct?
> >
>
>
> Correct. And, as well, that user/group should not have write access
> to the files/directories under the DocumentRoot.
>
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] Apache Rewrite - Redirect Wildcard Subdomain

2016-09-15 Thread Konrád Lőrinczi 
I think you found the problem.
Likely the wildcard DNS is not set.

I wrote to our system admin to set the DNS.

Thanks for the idea!
Webmaster33

2016.09.15. 16:23 ezt írta ("Rodrigo Cunha" ):

> about Situation 3
> as you set up your dns?
> the subdomains are directed to the correct server?
> in http://aaa.subdomain.oldsite.com/foo/bar.php dsn is different from
> http://subdomain.oldsite.com/foo/bar.php are different subdomains.
>
> 2016-09-15 10:33 GMT-03:00 Webmaster33 :
>
>> Using Apache 2.2.22.
>>
>> I have the following SSL certificates:
>>
>>
>> Common Name = subdomain.oldsite.com
>> Subject Alternative Names = subdomain.oldsite.com, *.
>> subdomain.oldsite.com
>>
>> Common Name = subdomain.newsite.com
>> Subject Alternative Names = subdomain.newsite.com, *.
>> subdomain.newsite.com
>>
>>
>> I would like the following rewrite actions:
>> 1) Redirect all unsecure requests to secure site, also requests from
>> old sites to new site
>>
>> http://subdomain.oldsite.com   =>  https://subdomain.newsite.com
>> https://subdomain.oldsite.com   =>  https://subdomain.newsite.com
>>
>> 2) Keep request %{REQUEST_URI} between redirects. Also use wildcard
>> subdomains, and redirect them to secure new site, keeping wildcard
>> subdomain.
>>
>> http://subdomain.oldsite.com/foo/bar.php   =>
>> https://subdomain.newsite.com/foo/bar.php
>> https://subdomain.oldsite.com/foo/bar.php   =>
>> https://subdomain.newsite.com/foo/bar.php
>>
>> 3) wilcard subdomains, which are NOT ALLOWED should redirected to
>> secure subdomain.newsite.com (aaa, bbb are not allowed)
>>
>> http://aaa.subdomain.oldsite.com/foo/bar.php   =>
>> https://subdomain.newsite.com/foo/bar.php
>> https://aaa.subdomain.oldsite.com/foo/bar.php   =>
>> https://subdomain.newsite.com/foo/bar.php
>> http://bbb.subdomain.oldsite.com/foo/bar.php   =>
>> https://subdomain.newsite.com/foo/bar.php
>> https://bbb.subdomain.oldsite.com/foo/bar.php   =>
>> https://subdomain.newsite.com/foo/bar.php
>>
>> No one is allowed, except those subdomains, which are listed in 4. point.
>>
>> 4) wilcard subdomains, which are ALLOWED should redirected to secure
>> mysite.subdomain.newsite.com Allowed site:
>>
>> http://mysite.subdomain.oldsite.com/foo/bar.php   =>
>> https://mysite.subdomain.newsite.com/foo/bar.php
>> https://mysite.subdomain.oldsite.com/foo/bar.php   =>
>> https://mysite.subdomain.newsite.com/foo/bar.php
>>
>> My problem is, that
>>
>> http://aaa.subdomain.oldsite.com/foo/bar.php
>>
>> shows Server not found error.
>>
>> All the 1), 2) kind of situations are redirecting fine. I have
>> problems getting result for 3), 4).
>>
>>
>> I have the following config files in /etc/apache2/sites-available/
>>
>> default
>> default-ssl
>> subdomain.oldsite.com
>> subdomain.oldsite.com_ssl
>> subdomain.newsite.com
>> subdomain.newsite.com_ssl
>> mysite.subdomain.newsite.com_ssl
>>
>>
>>
>> Using VirtualHost config files like this (this is from
>> subdomain.oldsite.com):
>>
>> 
>> ServerName oldsite.com
>> ServerAlias *.oldsite.com
>>
>> RewriteEngine On
>>
>> RewriteCond %{HTTP_HOST} ^(.+\.)?oldsite.com$ [NC]
>> RewriteRule ^/(.*) https://newsite.com/$1 [R=301,L]
>> 
>>
>>
>> How can I reach to get good redirection results for 3), 4) ?
>>
>>
>> Thanks in advance!
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>>
>>
>
>
> --
> Atenciosamente,
> Rodrigo da Silva Cunha
>
>

Re: [users@httpd] Apache Rewrite - Redirect Wildcard Subdomain

2016-09-15 Thread Rodrigo Cunha 
about Situation 3
as you set up your dns?
the subdomains are directed to the correct server?
in http://aaa.subdomain.oldsite.com/foo/bar.php dsn is different from
http://subdomain.oldsite.com/foo/bar.php are different subdomains.

2016-09-15 10:33 GMT-03:00 Webmaster33 :

> Using Apache 2.2.22.
>
> I have the following SSL certificates:
>
>
> Common Name = subdomain.oldsite.com
> Subject Alternative Names = subdomain.oldsite.com, *.
> subdomain.oldsite.com
>
> Common Name = subdomain.newsite.com
> Subject Alternative Names = subdomain.newsite.com, *.
> subdomain.newsite.com
>
>
> I would like the following rewrite actions:
> 1) Redirect all unsecure requests to secure site, also requests from
> old sites to new site
>
> http://subdomain.oldsite.com   =>  https://subdomain.newsite.com
> https://subdomain.oldsite.com   =>  https://subdomain.newsite.com
>
> 2) Keep request %{REQUEST_URI} between redirects. Also use wildcard
> subdomains, and redirect them to secure new site, keeping wildcard
> subdomain.
>
> http://subdomain.oldsite.com/foo/bar.php   =>
> https://subdomain.newsite.com/foo/bar.php
> https://subdomain.oldsite.com/foo/bar.php   =>
> https://subdomain.newsite.com/foo/bar.php
>
> 3) wilcard subdomains, which are NOT ALLOWED should redirected to
> secure subdomain.newsite.com (aaa, bbb are not allowed)
>
> http://aaa.subdomain.oldsite.com/foo/bar.php   =>
> https://subdomain.newsite.com/foo/bar.php
> https://aaa.subdomain.oldsite.com/foo/bar.php   =>
> https://subdomain.newsite.com/foo/bar.php
> http://bbb.subdomain.oldsite.com/foo/bar.php   =>
> https://subdomain.newsite.com/foo/bar.php
> https://bbb.subdomain.oldsite.com/foo/bar.php   =>
> https://subdomain.newsite.com/foo/bar.php
>
> No one is allowed, except those subdomains, which are listed in 4. point.
>
> 4) wilcard subdomains, which are ALLOWED should redirected to secure
> mysite.subdomain.newsite.com Allowed site:
>
> http://mysite.subdomain.oldsite.com/foo/bar.php   =>
> https://mysite.subdomain.newsite.com/foo/bar.php
> https://mysite.subdomain.oldsite.com/foo/bar.php   =>
> https://mysite.subdomain.newsite.com/foo/bar.php
>
> My problem is, that
>
> http://aaa.subdomain.oldsite.com/foo/bar.php
>
> shows Server not found error.
>
> All the 1), 2) kind of situations are redirecting fine. I have
> problems getting result for 3), 4).
>
>
> I have the following config files in /etc/apache2/sites-available/
>
> default
> default-ssl
> subdomain.oldsite.com
> subdomain.oldsite.com_ssl
> subdomain.newsite.com
> subdomain.newsite.com_ssl
> mysite.subdomain.newsite.com_ssl
>
>
>
> Using VirtualHost config files like this (this is from
> subdomain.oldsite.com):
>
> 
> ServerName oldsite.com
> ServerAlias *.oldsite.com
>
> RewriteEngine On
>
> RewriteCond %{HTTP_HOST} ^(.+\.)?oldsite.com$ [NC]
> RewriteRule ^/(.*) https://newsite.com/$1 [R=301,L]
> 
>
>
> How can I reach to get good redirection results for 3), 4) ?
>
>
> Thanks in advance!
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>


-- 
Atenciosamente,
Rodrigo da Silva Cunha

[users@httpd] Apache Rewrite - Redirect Wildcard Subdomain

2016-09-15 Thread Webmaster33 
Using Apache 2.2.22.

I have the following SSL certificates:


Common Name = subdomain.oldsite.com
Subject Alternative Names = subdomain.oldsite.com, *.subdomain.oldsite.com

Common Name = subdomain.newsite.com
Subject Alternative Names = subdomain.newsite.com, *.subdomain.newsite.com


I would like the following rewrite actions:
1) Redirect all unsecure requests to secure site, also requests from
old sites to new site

http://subdomain.oldsite.com   =>  https://subdomain.newsite.com
https://subdomain.oldsite.com   =>  https://subdomain.newsite.com

2) Keep request %{REQUEST_URI} between redirects. Also use wildcard
subdomains, and redirect them to secure new site, keeping wildcard
subdomain.

http://subdomain.oldsite.com/foo/bar.php   =>
https://subdomain.newsite.com/foo/bar.php
https://subdomain.oldsite.com/foo/bar.php   =>
https://subdomain.newsite.com/foo/bar.php

3) wilcard subdomains, which are NOT ALLOWED should redirected to
secure subdomain.newsite.com (aaa, bbb are not allowed)

http://aaa.subdomain.oldsite.com/foo/bar.php   =>
https://subdomain.newsite.com/foo/bar.php
https://aaa.subdomain.oldsite.com/foo/bar.php   =>
https://subdomain.newsite.com/foo/bar.php
http://bbb.subdomain.oldsite.com/foo/bar.php   =>
https://subdomain.newsite.com/foo/bar.php
https://bbb.subdomain.oldsite.com/foo/bar.php   =>
https://subdomain.newsite.com/foo/bar.php

No one is allowed, except those subdomains, which are listed in 4. point.

4) wilcard subdomains, which are ALLOWED should redirected to secure
mysite.subdomain.newsite.com Allowed site:

http://mysite.subdomain.oldsite.com/foo/bar.php   =>
https://mysite.subdomain.newsite.com/foo/bar.php
https://mysite.subdomain.oldsite.com/foo/bar.php   =>
https://mysite.subdomain.newsite.com/foo/bar.php

My problem is, that

http://aaa.subdomain.oldsite.com/foo/bar.php

shows Server not found error.

All the 1), 2) kind of situations are redirecting fine. I have
problems getting result for 3), 4).


I have the following config files in /etc/apache2/sites-available/

default
default-ssl
subdomain.oldsite.com
subdomain.oldsite.com_ssl
subdomain.newsite.com
subdomain.newsite.com_ssl
mysite.subdomain.newsite.com_ssl



Using VirtualHost config files like this (this is from subdomain.oldsite.com):


ServerName oldsite.com
ServerAlias *.oldsite.com

RewriteEngine On

RewriteCond %{HTTP_HOST} ^(.+\.)?oldsite.com$ [NC]
RewriteRule ^/(.*) https://newsite.com/$1 [R=301,L]



How can I reach to get good redirection results for 3), 4) ?


Thanks in advance!

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] chinese char URL encoding/decoding fails

2016-09-15 Thread Rodrigo Cunha 
I meant root directory this website, for example:
/var/www/ http <- this is the root directory of your website
check the permissions of it, they must have the permission of the group you
created.

2016-09-15 5:17 GMT-03:00 Oliver Klein :

> Hi Rodrigo,
>
> I don’t have access to root of the server, it is a shared hosting. thank
> you very much for you answer and help -
> but I am not sure if I understood what you are trying to say :(
> So I should change the root directory of my website?
> Sorry!
>
>
> Oliver Klein
> +4917660017860
> oliver.ok.kl...@googlemail.com
>
>
>
> Am 14.09.2016 um 23:58 schrieb Rodrigo Cunha :
>
> You have htaccess in the root this website?
> I dont undestood this problem, like problem wich code but check hpaccess
> in your website or better call you developer code.
> troubleshot for this is change the root for other website code and check
> the problem, or make new vhost which identic configfile "
> www.youtcomain.conf" in the /etc/apache2/sites-enable which other code.
> check this code or make other website 4 configfie.
>
>
>


-- 
Atenciosamente,
Rodrigo da Silva Cunha

Re: [users@httpd] chinese char URL encoding/decoding fails

2016-09-15 Thread Oliver Klein 
Hi Rodrigo,

I don’t have access to root of the server, it is a shared hosting. thank you 
very much for you answer and help -
but I am not sure if I understood what you are trying to say :(
So I should change the root directory of my website?
Sorry!


Oliver Klein
+4917660017860
oliver.ok.kl...@googlemail.com



> Am 14.09.2016 um 23:58 schrieb Rodrigo Cunha :
> 
> You have htaccess in the root this website?
> I dont undestood this problem, like problem wich code but check hpaccess in 
> your website or better call you developer code.
> troubleshot for this is change the root for other website code and check the 
> problem, or make new vhost which identic configfile "www.youtcomain.conf 
> " in the /etc/apache2/sites-enable which other 
> code.
> check this code or make other website 4 configfie.



signature.asc
Description: Message signed with OpenPGP using GPGMail