Re: [users@httpd] No more message

2024-04-21 Thread Gillis J. de Nijs 
To unsubscribe, please follow the steps outlined here:
https://httpd.apache.org/userslist.html

On Sun, Apr 21, 2024 at 9:44 PM Dalibor Medvedović <
dalibor.medvedo...@gmail.com> wrote:

> I'm out of discussion
>

Re: [users@httpd] Reducing redirects

2024-01-25 Thread Gillis J. de Nijs 
You could consider creating a static table using RewriteMap:
https://httpd.apache.org/docs/current/rewrite/rewritemap.html
Rather than first doing http to https and www to non-www, consider adding
the RewriteMap in the http- and www-vhosts that you have and redirecting to
the final URL straight from there. That will save you some redirects. Then
just do the fallback to https and/or non-www after the RewriteRules. Also,
if you're already redirecting from http to https, what's stopping you from
doing the redirect to non-www directly?  You could do "http to www or
non-www redirects to https non-www" in a single step.

Gillis

On Fri, Jan 26, 2024 at 5:40 AM Dave Wreski
 wrote:

> Hi,
>
> I think I have what is a pretty involved request for assistance. We have a
> website with content that is decades old and has tens of thousands of pages
> of content of the form /content/view/1234, where 1234 is the Joomla article
> ID.
>
> Joomla has since started using search-engine friendly URLs like
> /news/article.html. Some years ago we created a script that translates the
> older /content/view/1234 format to its /news/article.html equivalent, but
> that introduces a redirect. Add to that other potential redirects, like
> http to https, www to the non-www version, and it delays the visitor's time
> to get to the article and impacting our SEO.
> Is there a way to consolidate all of these redirects into a fewer number?
> This site is proxied behind cloudflare, if that makes a difference.
>
> Here is an example:
>
> http://www.linuxsecurity.com/content/view/117302/49
>
> Here's what https://httpstatus.io/ says about the redirects that are
> involved:
> [image: redirects]
>
> I also thought of creating a static table of every possible
> /content/view/1234 article to their /news/article.html as RewriteRules, but
> there are tens of thousands of these - enough that it would probably impact
> performance of every request.
>
> dave
>
>
>
>
>
>
>

Re: [users@httpd] Apache 2.5 Source Code ?

2023-11-06 Thread Gillis J. de Nijs 
The Apache Software Foundation hosts many projects, of which httpd is
probably the best known. If you refer to that: there is no (released)
Apache httpd 2.5. The latest release is 2.4.58. Source is here
.

On Mon, Nov 6, 2023 at 4:40 PM Joe Muller  wrote:

>
>
> Where can I get the source code to build Apache 2.5 for Red Hat 8 ?   The
> links on apache.org redirect to the source for Apache 2.4, and I don’t
> see any packages for Apache 2.5 in the Red Hat repos.
>
>
>
> Thanks,
>
>
>
> -Joe
>
>
>

Re: [users@httpd] mod_cluster in Apache 2.4.x

2023-09-21 Thread Gillis J. de Nijs 
mod_cluster is open source.  You can add it yourself to your Apache
instance.

https://www.modcluster.io/

Regards,
Gillis

On Thu, Sep 21, 2023 at 8:04 AM vicky chb  wrote:

> Hi all,
>
> Does Apache 2.4.x have mod_cluster module available? I checked
> https://httpd.apache.org/docs/2.4/mod/ but did not find. I also checked
> and found that enterprise based Apache like JBCS etc provides this package.
>
> If mod_cluster is currently not supported then what is the alternate
> option available?
>
> Cheers,
> Vikky
>

Re: [users@httpd] Restart over reload

2022-08-24 Thread Gillis J. de Nijs 
I'm not aware of a list either, but my gut says something like: adding or
removing modules, changing port numbers or ip addresses and the like,
require a restart.  "Regular" configuration changes, like you would do in a
.htaccess, or adding/removing a VirtualHost can do with a reload.

Re: [users@httpd] Calling htdbm from another server

2022-01-12 Thread Gillis J. de Nijs 
I'd probably consider using SQL/LDAP or a shared filesystem for this.
Would that work?  Alternatively, you could rsync between the servers,
depending on how fast you want the updates to happen.

Re: [users@httpd] Allow relative paths in Directory directives?

2020-09-11 Thread Gillis J. de Nijs 
Hi Erik,

Couldn't you do something like this?



That should work just fine, if you have your vhosts in a common structure.
Alternatively, you could look at DirectoryMatch and come up with something
awful that matches your structure.

https://httpd.apache.org/docs/2.4/mod/core.html#directory
https://httpd.apache.org/docs/2.4/mod/core.html#directorymatch

Cheers,
Gillis

On Fri, Sep 11, 2020 at 11:30 AM Erik Thuning  wrote:

> Hi!
>
> This is something that I keep thinking about when I configure my various
> vhosts, and would like feedback on, along with a pointer to where I
> could request the change if it is actually sane.
>
> Currently,  directives require an absolute path. I would like
> to be able to use paths relative to the DocumentRoot by omitting the
> initial / in the path supplied in standard UNIX fashion (basically
> treating the DocumentRoot as the working directory). If the 
> is specified in a context without a set DocumentRoot, it would be
> considered an error.
>
> To me this would solve a long-standing issue with feeling compelled by
> my own laziness to use  directives when I want to customize
> handling of directories inside the DocumentRoot. This is counter to the
> recommendations in the documentation but prepending the DocumentRoot
> path everywhere is both cumbersome and error-prone, so I usually go for
> the "bad" approach.
>
> Adding support for relative  directives could also make
> certain configurations more portable by only needing to change the
> DocumentRoot when cloning a vhost to a new directory, instead of having
> to update all instances of  as well.
>
> I haven't been able to find any explicit rationale for the way the
> directive works right now, so I don't know if I'm missing anything
> fundamental that would make this unworkable. I would be thankful for any
> feedback pointing me to such a rationale if it exists.
>
> Regards
> Erik Thuning
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] Please respond so I know I'm not Spam

2020-01-31 Thread Gillis J. de Nijs 
Was in my spam folder, but I regularly check that.  It could be due to your
"NOTICE...".

Re: [users@httpd] Re: Virtual host macros and reverse proxy

2020-01-29 Thread Gillis J. de Nijs 
 <https://httpd.apache.org/docs/2.4/mod/core.html#if> works at request
time, so that might be useful for picking the port to forward to, but in my
opinion it's not that useful for creating a configuration.  For example, it
wouldn't allow you to choose the ports to listen on.  I'm also not sure it
would work correctly with ProxyPass
<https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass> and
ProxyPassReverse
<https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypassreverse>.
I'd probably just use mod_macro, or generate the configuration offline.

On Wed, Jan 29, 2020 at 4:05 PM Tom Browder  wrote:

> On Wed, Jan 29, 2020 at 08:36 Gillis J. de Nijs 
> wrote:
> >
> > There's mod_macro that might be useful.  I don't think it does
> calculations, though, so you might need to do some things yourself.  Maybe
> you could indeed generate the conf files yourself and use Include or
> IncludeOptional.
>
> ...
>
> Thanks, Gillis. After I "pinged" this morning I checked the docs again
> and I think I can use if/else directives inside the macro, something
> like this pseudo code:
>
> 
> $port = 16000
> 
> 
> $port = 16100
> 
> 
> $port = 16800
>
>
> What do you think?
>
> -Tom
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] Re: Virtual host macros and reverse proxy

2020-01-29 Thread Gillis J. de Nijs 
There's mod_macro 
that might be useful.  I don't think it does calculations, though, so you
might need to do some things yourself.  Maybe you could indeed generate the
conf files yourself and use Include
 or IncludeOptional
.

I'd like to note that generating port numbers based on domains might work,
at first, but if you delete a domain from the list, the numbers will
shift.  So, a=>16010, b=>16020, c=>16030, etc, becomes a=>16010, c=>16020,
for example.

For doing the actual reverse proxying, you should probably read this
 and/or this
.

>

Re: [users@httpd] Apache 2.4 - 403 Forbidden: After Upgraded the Apache from 2.2.21 to 2.4.25 for all links

2019-12-04 Thread Gillis J. de Nijs 
Did you read the upgrade guide at
http://httpd.apache.org/docs/2.4/upgrading.html ?  It outlines the changes
in authorization and access control.  I didn't read your configurations,
but this might be a good starting point to get you going.

Kind regards,
Gillis

Re: [users@httpd] Regex in ServerAlias

2019-07-18 Thread Gillis J. de Nijs 
But you can do:  ServerAlias www.example.com www.example.info
www.example.foo.bar

Re: [users@httpd] Setting Directive ServerName in VirtualHost to the full qualified domain of the request

2019-02-28 Thread Gillis J. de Nijs 
The ServerName doesn't matter, since it's not used in the ProxyPass.  Just
make that server.de or whatever.  Then create a ServerAlias *.server.de.
Keep in mind that this setup allows something like a request to
localhost-80.server.de which then gets proxied to localhost:80 and might
serve things that were supposed to only be accessed locally.  I'm not sure
why you want to proxy.  Is this something that could be solved using
mod_vhost_alias ?

On Thu, Feb 28, 2019 at 1:04 AM Jakob M
 wrote:

> Hello together,
>
> I need a little bit help setting up my apache to support a dynamic
> ServerName.
>
> Use-Case:
> I have a DNS server which forwards all requests *.server.de to my apache.
> This leads to these 3 example domains (In fact we talk about 600-800
> Subdomains):
>
> - subomain1.server.de
> - subomain2.server.de
> - subomain3.server.de
>
> What I want to achiev is to only configure one VirtualHost but set the
> ServerName on each request based on the subdomain which was used to access
> the apache.
>
> Therefore I thought I could use variables to pass them to the directive.
> Unfortunately the variable is not resolved in my configuration.
>
> Is there any way to pass an env variable to the directive ServerName, so I
> can achiev the dynamic setup of ServerName based on the subdomain used?
>
> Example Config:
>
> 
> UseCanonicalName Off
> ProxyPreserveHost On
> RewriteEngine on
> ProxyRequests Off
>
> SetEnvIf Host "^([^.]*).server.de$" SUBDOMAIN=$1
> SetEnvIf Host "^([^.]*)-([^.]*).server.de$" HOSTNAME=$1
> SetEnvIf Host "^([^.]*)-([^.]*) .server.de$" PORTNUMBER=:$2
>
> ProxyPassInterpolateEnv On
> ProxyPass"/"  "http://${HOSTNAME}${PORTNUMBER}/; interpolate
> ProxyPassReverse "/"  "http://${HOSTNAME}${PORTNUMBER}/; interpolate
>
> ServerName %{SUBDOMAIN}e.server.de
> 
>
> Problem: The ServerName is now " %{SUBDOMAIN}e.server.de " -> The
> variable gets not resolved.
>
> Kind regards,
> Jakob
>

Re: [users@httpd] define variables by vhost only

2018-11-05 Thread Gillis J. de Nijs 
Alternatlvely, you can just put the AddHandler in the VirtualHost directly,
and not bother with the .htaccess files.

On Mon, Nov 5, 2018 at 9:43 AM Hajo Locke  wrote:

> Hello List,
>
> iam looking for a way to use define to create variables limited to
> vhosts (apache 2.4).
> Currently i have some vhosts and use this syntax:
>
> define myvar mycontent.
>
> Name of variables is in all vhosts the same, "mycontent" is different
> and vhost related. Later i use this variable in .htaccess files for users:
>
> Addhandler ${myvar} .php
>
> Unfortunately define-directive defines the variable for complete server
> and not to vhost only. so content of "myvar" gets overwritten with every
> following vhost-config.
> So if user A uses this variable, he sees content of variable created in
> vhost for user z.
>
> Is there a possibility to use variables limited to vhost but can be used
> the same way in .htaccess files? I think setenv seems not suitable for
> this.
>
> Thanks,
> Hajo
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] Trouble-shooting Apache 2.2 Alias

2018-10-29 Thread Gillis J. de Nijs 
No, just that you can "Include" other configurations, and if you don't do
that, it won't work (duh...).  I'm assuming you did that correct, or
specified them right there in the httpd.conf.  The other option is that you
did include the configs, but the " block is after your
included configurations.  In that case, you override the included configs.
The same goes for not including, but specifying in httpd.conf.  Order
matters.  (As in, the order of things, not the directive (although that
also matters, but that's not what I meant here)).

On Mon, Oct 29, 2018 at 11:03 AM Leam Hall  wrote:

> Hey Gillis, what do you mean by "not included"? Maybe I missed something.
>
> We have two of these repositories, "updates" and "optional". Their
> configs are at the end of the httpd.conf file and they just have the
> "Alias" and "Directory" settings. They are also on a separate filesystem
> from the server root and the DocumentRoot. Should we add something else?
>
> Thanks!
>
> Leam
>
> On 10/29/18 4:14 AM, Gillis J. de Nijs wrote:
> > The only other thing I can think of right now is that either the
> >  config is somehow not
> > included (but in that case the Alias probably wouldn't work either), or
> > it is before the  block, which then overrides the former.
> > All of this is assuming that you only have two  blocks in
> > your config.  Anyway, order matters.
> >
> > On Mon, Oct 29, 2018 at 1:39 AM Leam Hall  > <mailto:leamh...@gmail.com>> wrote:
> >
> > Hey Jonathon, SELinux is on permissive. Checked that early on.  :)
> >
> > The biggest clue for me seems to be that if we open up the
> " > />" to Allow by default things work. Otherwise they don't.
> >
> > Leam
> >
> > On 10/28/18 9:26 AM, Jonathon Koyle wrote:
> >  > It may be getting denied by SELinux, I suspect the label on your
> > aliased
> >  > directory die not allow httpd access.  You will likely need to
> > look into
> >  > semanage, something like this may do what you need, but I'm not an
> >  > expert at SELinux myself... redhat provides some explanation here:
> >  >
> >
> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/sect-security-enhanced_linux-troubleshooting-top_three_causes_of_problems#sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-Labeling_Problems
> >
> >  >
> >  >
> >  > # semanage fcontext -a -t httpd_sys_content_t
> > '/opt/repository/rhel_updates(.*)?'
> >  > # restorecon -R -v /opt/repository/rhel_updates
> >  >
> >  >
> >  > On Sat, Oct 27, 2018, 06:08 Leam Hall  > <mailto:leamh...@gmail.com>
> >  > <mailto:leamh...@gmail.com <mailto:leamh...@gmail.com>>> wrote:
> >  >
> >  > On 10/27/18 7:49 AM, Eric Covener wrote:
> >  >  > On Sat, Oct 27, 2018 at 7:29 AM Leam Hall
> > mailto:leamh...@gmail.com>
> >  > <mailto:leamh...@gmail.com <mailto:leamh...@gmail.com>>>
> wrote:
> >  >  >>
> >  >  >> The only fix seems to be making the "" more
> open
> >  > than we
> >  >  >> want. It seems like Apache can't handle a more open
> >  > sub-directory than
> >  >  >> whatever is allowed for the root directory.
> >  >  >
> >  >  > Apache can handle that just fine.  Show the smallest
> verbatim
> >  >  > configuration that demonstrates something unexpected along
> > w/ the
> >  >  > logs.
> >  >
> >  >
> >  > Hey Eric, I appreciate the help! Here's what I have, though
> it is
> >  > transcribed.
> >  >
> >  > Set locally required limited OS access.
> >  >
> >  >  
> >  >Options None
> >  >Order deny,allow
> >  >Deny from all
> >  >  
> >  >
> >  > We use Apache as a yum repo, and store the rpms outside of the
> >  > DocumentRoot.
> >  >
> >  >  Alias "/rhel/updates"
> > "/opt/repository/rhel_patch_updates"
> >  >  
> >  >Options All
> >  >Order allow,deny
> >  >Allow from all
> >  >  
> >  >
> >  >
> >  > When we hit 'http://myserver/rhel/updates' the error_log says
> > it is
> >  > denied by server configuration. I've set the LogLevel to
> > "debug" and
> >  > that's all I get. The log is at work, sorry. I'm the one who
> > did the
> >  > server configuration so my bet is "operator error", just not
> sure
> >  > how to
> >  > fix it.
> >  >
> >  > Appreciate any help you can provide. Thanks!
> >  >
> >  > Leam
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] Trouble-shooting Apache 2.2 Alias

2018-10-29 Thread Gillis J. de Nijs 
The only other thing I can think of right now is that either the  config is somehow not included (but in
that case the Alias probably wouldn't work either), or it is before the
 block, which then overrides the former.  All of this is
assuming that you only have two  blocks in your config.  Anyway,
order matters.

On Mon, Oct 29, 2018 at 1:39 AM Leam Hall  wrote:

> Hey Jonathon, SELinux is on permissive. Checked that early on.  :)
>
> The biggest clue for me seems to be that if we open up the " />" to Allow by default things work. Otherwise they don't.
>
> Leam
>
> On 10/28/18 9:26 AM, Jonathon Koyle wrote:
> > It may be getting denied by SELinux, I suspect the label on your aliased
> > directory die not allow httpd access.  You will likely need to look into
> > semanage, something like this may do what you need, but I'm not an
> > expert at SELinux myself... redhat provides some explanation here:
> >
> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/sect-security-enhanced_linux-troubleshooting-top_three_causes_of_problems#sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-Labeling_Problems
> >
> >
> > # semanage fcontext -a -t httpd_sys_content_t
> '/opt/repository/rhel_updates(.*)?'
> > # restorecon -R -v /opt/repository/rhel_updates
> >
> >
> > On Sat, Oct 27, 2018, 06:08 Leam Hall  > > wrote:
> >
> > On 10/27/18 7:49 AM, Eric Covener wrote:
> >  > On Sat, Oct 27, 2018 at 7:29 AM Leam Hall  > > wrote:
> >  >>
> >  >> The only fix seems to be making the "" more open
> > than we
> >  >> want. It seems like Apache can't handle a more open
> > sub-directory than
> >  >> whatever is allowed for the root directory.
> >  >
> >  > Apache can handle that just fine.  Show the smallest verbatim
> >  > configuration that demonstrates something unexpected along w/ the
> >  > logs.
> >
> >
> > Hey Eric, I appreciate the help! Here's what I have, though it is
> > transcribed.
> >
> > Set locally required limited OS access.
> >
> >  
> >Options None
> >Order deny,allow
> >Deny from all
> >  
> >
> > We use Apache as a yum repo, and store the rpms outside of the
> > DocumentRoot.
> >
> >  Alias "/rhel/updates" "/opt/repository/rhel_patch_updates"
> >  
> >Options All
> >Order allow,deny
> >Allow from all
> >  
> >
> >
> > When we hit 'http://myserver/rhel/updates' the error_log says it is
> > denied by server configuration. I've set the LogLevel to "debug" and
> > that's all I get. The log is at work, sorry. I'm the one who did the
> > server configuration so my bet is "operator error", just not sure
> > how to
> > fix it.
> >
> > Appreciate any help you can provide. Thanks!
> >
> > Leam
> >
> >
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> > 
> > For additional commands, e-mail: users-h...@httpd.apache.org
> > 
> >
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] Trouble-shooting Apache 2.2 Alias

2018-10-26 Thread Gillis J. de Nijs 
For any troubleshooting, your starting point should be the error log.  It
usually explains pretty well why something is forbidden.

On Thu, Oct 25, 2018 at 9:52 PM Leam Hall  wrote:

> Following the Alias docs (
> https://httpd.apache.org/docs/2.2/mod/mod_alias.html#alias) and it's not
> working. Debug is turned on and i know some security stuff has been done to
> the config. Since mod_alias is still there, what else could prevent an
> Alias from getting a "Forbidden".
>
> If I take an unmodified config file, tack on the alias, it works.
>
> Leam
>

Re: [users@httpd] IP address used by Apache reverse proxy?

2018-09-25 Thread Gillis J. de Nijs 
I'm starting to think you don't know what you need, and we don't understand
what you want.  So, drop everything you (think you) know, and start over.

What are you trying to do?  Not how you're trying to do it, or why, but
WHAT do you want to do?  WHAT components are involved?

I'm thinking it's along the lines of:
- I have a subdomain registered at so-and-so.
- I want to use that subdomain to host a site on my local computer.
- The computer is behind my home router.
- I have a static public IP at home (on my router - or - it is bridged to
my computer)
- etc, etc...

On Tue, Sep 25, 2018 at 10:45 AM Osman Zakir 
wrote:

> When you mention the DocumentRoot, do you mean just the setting for vhosts
> or the document root for the reverse proxy?  Are you telling me I don't
> need a  directive if I have a ProxyPass "/" "http://target/;
> line?
>
> And is it fine to have the ProxyPass defined like this:
> ProxyPass "/"
> "E:/programming/visual_studio_2017/Projects/currency_converter/Release/" ?
> That's the path to the directory on my machine.
>
> Is the stuff from line 541 to line 546 not needed?
> --
> *From:* Frank Gingras 
> *Sent:* Tuesday, September 25, 2018 7:08 AM
> *To:* users@httpd.apache.org
> *Subject:* Re: [users@httpd] IP address used by Apache reverse proxy?
>
> Osman,
>
> Take a step back, you're all over the place. You need to focus on one task
> at a time, else you will never finish configuring your server.
>
> For the vhost, again, if you use ProxyPass / http://target/, then you do
> *not* need set set a DocumentRoot, as every single request will be proxied.
>
> If you proxy a specific URI path, i.e. ProxyPass /foo http://target/bar,
> then do *do* need a DocumentRoot to handle the requests that do not begin
> with /foo.
>
> For SSL/TLS, determine first if you want httpd to do the termination, or
> if your backend speaks TLS.
>
> On Mon, Sep 24, 2018 at 4:45 PM Osman Zakir 
> wrote:
>
> I got a subdomain from freedns.afraid.org that took the IP address of my
> computer. I tried to use it for my app, but when I navigated to the
> subdomain, it took me to the login page for my router's admin settings.  I
> tried specifying the port number I set on the Apache httpd configuration
> file, but that got me to an error page indicating that the browser can't
> find the site.
>
> I'm attaching httpd.conf again.  I need to know about the PassEnv lines as
> well, actually.  And also the stuff from line 541 downward.
>
> What am I still doing wrong?  Please help.  Thanks.
> --
> *From:* Eric Covener 
> *Sent:* Monday, September 24, 2018 7:08 PM
> *To:* users@httpd.apache.org
> *Subject:* Re: [users@httpd] IP address used by Apache reverse proxy?
>
> On Mon, Sep 24, 2018 at 7:30 AM Osman Zakir 
> wrote:
> >
> > The Apache document root and the document root for the reverse proxy
> should be different, right?
>
> Isn't Apache and the reverse proxy one and the same?
>
>  > And do you mean I need to specify the document root for the reverse
> proxy via the  directive?  Or do I just have to have that
> somewhere above or below the ProxyPass line?  And if I specify the
> reverse proxy document root in ProxyPass, I don't also need to specify
> it for the virtual host, right?  As for the port number for the
> reverse proxy, I'll try 8000 for now.
>
> The DocumentRoot won't ever be used with your ProxyPass /.
> If you later had ProxyPass of some more specific context root, like
> /app, then your document root would be used when the request didn't
> match the ProxyPass.
>
> The relative position doesn't matter as long as they are in the same
> context.
>
> > If I have this:
> >
> > < "E:/programming/visual_studio_2017/Projects/currency_converter/Release">
> > 
>
> > What should I put in there?
>
> What do you expect Apache to do with files in there? You've been
> talking about a reverse proxy.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] How to avoid plain password in mod_ldap

2018-09-12 Thread Gillis J. de Nijs 
The documentation states that you can use an executable to return the
password.  Since the password is read on server startup, you could make
that script owned by root and give it rx permissions for root only.  That
should make sure no one (except root) can read your password.

https://httpd.apache.org/docs/2.4/mod/mod_authnz_ldap.html#authldapbindpassword

On Wed, Sep 12, 2018 at 2:00 PM, Rathore, Rajendra 
wrote:

> There are a plain password store in mod_ldap. Is there any way to encrypt
> the password?
>
> Like: *AuthLDAPBindPassword password*
>
>
>
> Thanks and Regards,
>
> Rajendra Rathore
>
> 9922701491
>
>
>

Re: [users@httpd] Reverse Proxy trouble with mod_substitute

2018-09-04 Thread Gillis J. de Nijs 
Yes, it is.  You can't rewrite something that's gzipped, so you'd have to
unzip it first, or - like you did - never have it gzipped in the first
place.

See also http://www.apachetutor.org/admin/reverseproxies where there's a
full reverse proxy scenario configured and explained.  It uses the same
technique you did, and alternatively suggests you can deflate, rewrite,
inflate, if you so desire.

Regards,
Gillis

On Tue, Sep 4, 2018 at 3:19 PM, Maarten Boekhold  wrote:

> Hi all,
>
> I decided to force HTTPD to remove the Accept-Encoding: gzip, deflate from
> the request, using:
>
> RequestHeader unset Accept-Encoding
>
> Now the response is properly processed by HTTPD. So it's likely an issue
> with one or both of:
>
> Content-Encoding: gzip
> Transfer-Encoding: chunked
>
> Is this a known limitation?
>
> Regards, Maarten
>
>
>
> On 09/04/2018 11:53 AM, Maarten Boekhold wrote:
>
>> Hi all,
>>
>> Apache HTTPD 2.4.34 on Windows 10 downloaded from Apache Haus.
>>
>> I'm trying to move a corporate application behind a reverse proxy. In
>> the process, I need to move the path this application is published on, eg:
>>
>> /webapp1 --> /suite/webapp1
>>
>> "webapp1" contains a specific JSP that returns an HTML page with a lot
>> of JavaScript inside, which hardcodes an absolute path "/service1". I
>> need to move that one as well to under the external "/suite/service1"
>> path.
>>
>> The GET /webapp1/the.jsp request has the following headers:
>>
>>  GET /webapp1/the.jsp HTTP/1.1
>>  Accept: image/gif, image/jpeg, image/pjpeg,
>> application/x-ms-application, application/xaml+xml,
>> application/x-ms-xbap, */*
>>  Referer: 
>>  Accept-Language: en-US
>>  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0;
>> WOW64; Trident/7.0; Touch; .NET4.0C; .NET4.0E; Tablet PC 2.0)
>>  Accept-Encoding: gzip, deflate
>>  Host: 
>>  Connection: Keep-Alive
>>  Cookie: JSESSIONID=24B3D3B40235B8E889A5F019081AAB41
>>
>> The response (non-proxied) has the following headers
>>
>>  HTTP/1.1 200
>>  Strict-Transport-Security: max-age=31536000;includeSubDomains
>>  X-Frame-Options: SAMEORIGIN
>>  X-Content-Type-Options: nosniff
>>  X-XSS-Protection: 1; mode=block
>>  Content-Type: text/html;charset=ISO-8859-1
>>  Transfer-Encoding: chunked
>>  Content-Encoding: gzip
>>  Vary: Accept-Encoding
>>  Date: Tue, 04 Sep 2018 06:52:12 GMT
>>  Server: 
>>
>> I've set up the following in httpd.conf:
>>
>>  FilterDeclare INFLATE_HTML CONTENT_SET
>>  FilterProvider INFLATE_HTML INFLATE "%{CONTENT_TYPE} =~
>> m|^text/html|"
>>  FilterProtocol INFLATE_HTML change=yes
>>  FilterTrace INFLATE_HTML 1
>>
>>  FilterDeclare DEFLATE_HTML
>>  FilterProvider DEFLATE_HTML DEFLATE "%{CONTENT_TYPE} =~
>> m|^text/html|"
>>  FilterProtocol DEFLATE_HTML change=yes
>>  FilterTrace DEFLATE_HTML 1
>>
>>  FilterDeclare SUBST_HTML
>>  FilterProvider SUBST_HTML SUBSTITUTE "%{CONTENT_TYPE} =~
>> m|^text/html|"
>>  FilterTrace SUBST_HTML 1
>>
>>  
>>  FilterChain +INFLATE_HTML +SUBST_HTML +DEFLATE_HTML
>>
>>  ProxyPass ${internal}/webapp1/the.jsp
>>  ProxyPassReverse ${internal}/webapp1/the.jsp
>>
>>  Substitute s|/service1|/suite/service1|n
>>  
>>
>> This doesn't work. I can see the request being forwarded to the internal
>> application server, which executes successfully and responds with 200,
>> but something inside HTTPD doesn't work, and it ends up at the browser
>> with a 504 and no data (looking at this with Fiddler).
>>
>> The HTTPD error.log file contains:
>>
>>
>> [Tue Sep 04 10:24:41.036087 2018] [proxy:trace1] [pid 452:tid 1352]
>> mod_proxy.c(766): [client 192.168.1.12:50120] AH03464: URI path
>> '/suite/webapp1/the.jsp' matches proxy handler
>> 'proxy:https://internal/webapp1/the.jsp', referer: 
>> [Tue Sep 04 10:24:41.036087 2018] [proxy:trace2] [pid 452:tid 1352]
>> proxy_util.c(2106): [client 192.168.1.12:50120] https: found worker
>>  for /webapp1/the.jsp, referer: 
>> [Tue Sep 04 10:24:41.036087 2018] [proxy:debug] [pid 452:tid 1352]
>> mod_proxy.c(1246): [client 192.168.1.12:50120] AH01143: Running scheme
>> https handler (attempt 0), referer: 
>> [Tue Sep 04 10:24:41.036087 2018] [proxy:debug] [pid 452:tid 1352]
>> proxy_util.c(2300): AH00942: HTTPS: has acquired connection for
>> ()
>> [Tue Sep 04 10:24:41.036087 2018] [proxy:debug] [pid 452:tid 1352]
>> proxy_util.c(2354): [client 192.168.1.12:50120] AH00944: connecting
>> /webapp1/the.jsp to , referer: 
>> [Tue Sep 04 10:24:41.043101 2018] [proxy:debug] [pid 452:tid 1352]
>> proxy_util.c(2563): [client 192.168.1.12:50120] AH00947: connected
>> /webapp1/the.jsp to , referer: 
>> [Tue Sep 04 10:24:41.043101 2018] [proxy:trace2] [pid 452:tid 1352]
>> proxy_util.c(2997): HTTPS: fam 2 socket created to connect to 
>> [Tue Sep 04 10:24:41.045142 2018] [proxy:debug] [pid 452:tid 1296]
>> proxy_util.c(3029): AH02824: HTTPS: connection

Re: [users@httpd] VirtualHost and HTTPS

2018-08-30 Thread Gillis J. de Nijs 
Also see https://wiki.apache.org/httpd/NameBasedSSLVHosts

As a rule, it is impossible to host more than one SSL virtual host on the
> same IP address and port.

This is because Apache needs to know the name of the host in order to
> choose the correct certificate to setup the encryption layer.


That page links to https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
for more information and requirements on SNI.

On Wed, Aug 29, 2018 at 8:54 PM, Jonathan Sélea  wrote:

> It is.
> If you try to disable myhost.domain1.org - you will see that
> myhost.domain2.org will work over SSL/TLS :)
>
>
>
>
> On 2018-08-29 19:19, David Rush wrote:
>
>> Ah, so SNI is dependent on the operating system, not the version of
>> Apache HTTPD installed?
>>
>> I had read about SNI and understood the basics of it, but assumed that
>> it was a function of HTTPD version rather than older OS version.
>>
>> Thanks for your help.
>>
>> David
>>
>> On Wed, Aug 29, 2018 at 11:00 AM, Jonathan Sélea 
>> wrote:
>>
>> I am very sure that this has to do with the fact that older machines
>>> simply does not have support for SNI.
>>>
>>> On 2018-08-29 16:28, David Rush wrote:
>>>
>>> I'm running httpd 2.4.12 on Windows Server 2003.

 We have things set up and working with http and https using the
 primary host name (fully qualified).

 We need for a different domain (same hostname) to work with https.

 These both need to work:

 https://myhost.domain1.org - this works fine

 https://myhost.domain2.org - I can't get this to work

 I have certificates (and key files) for both domains (the first
 being
 unique to the FQDN, the second being a wildcard for *.domain2.org
 [1]
 [1]).

 I have  blocks set up with ServerName
 myhost.domain1.org [2] [2] in one, and ServerName
 myhost.domain2.org [3] [3]
 in the other.  Each specifies its proper cert and key files, and
 unique DocumentRoot locations.

 httpd.exe -S clearly indicates both VirtualHosts found, no errors
 (no
 errors from httpd.exe -t, either).

 It appears that the first certificate is always being served
 regardless of which host name is used in the browser.  Also, the
 2nd
 (domain2.org [1] [1]) config has a different DocumentRoot, but
 when I tell
 the browser to ignore the security warnings I'm being delivered
 content from the domain1.org [4] [4] DocumentRoot.


 Help!

 David

 E-Mail to and from me, in connection with the transaction
 of public business, is subject to the Wyoming Public Records
 Act and may be disclosed to third parties.

 Links:
 --
 [1] http://domain2.org
 [2] http://myhost.domain1.org
 [3] http://myhost.domain2.org
 [4] http://domain1.org

>>>
>>> --
>>> Jonathan Sélea
>>>
>>> PGP Key: 0x8B35B3C894B964DD
>>> Fingerprint: 4AF2 10DE 996B 673C 0FD8  AFA0 8B35 B3C8 94B9 64DD
>>> https://jonathanselea.se
>>>
>>>
>>> -
>>
>>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>>> For additional commands, e-mail: users-h...@httpd.apache.org
>>>
>>
>> E-Mail to and from me, in connection with the transaction
>> of public business, is subject to the Wyoming Public Records
>> Act and may be disclosed to third parties.
>>
>>
>> Links:
>> --
>> [1] http://domain2.org
>> [2] http://myhost.domain1.org
>> [3] http://myhost.domain2.org
>> [4] http://domain1.org
>>
>
> --
> Jonathan Sélea
>
> PGP Key: 0x8B35B3C894B964DD
> Fingerprint: 4AF2 10DE 996B 673C 0FD8  AFA0 8B35 B3C8 94B9 64DD
> https://jonathanselea.se
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] Problem with CGI script

2017-12-29 Thread Gillis J. de Nijs 
DirectoryIndex contains a list of files to try, not a full path.  My guess
is that it's supposed to be DirectoryIndex index.cgi instead of the path.

On Fri, Dec 29, 2017 at 11:05 AM, mahmood n 
wrote:

> Hi,
>
>
>
> In one the www folders, I have an index.cgi which is a python script.
> Problem is that, by visiting that url, the cgi script is not run and I
> tried a lot to find the problem. Still I have stuck at that.
>
>
>
> The content of the index.cgi is https://github.com/
> rocksclusters/roll-server/blob/master/index.cgi
>
>
>
> and the path to that in my web server is
>
>
>
> mahmood@ce:~$ ls -l /var/www/html/rocks/7.0/install/rolls/
>
> total 52
>
> drwxr-xr-x 3 root root 4096 Dec  2 18:09 area51
>
> drwxr-xr-x 3 root root 4096 Dec  2 05:53 CentOS
>
> drwxr-xr-x 3 root root 4096 Dec  2 05:02 core
>
> drwxr-xr-x 3 root root 4096 Dec  2 09:35 fingerprint
>
> drwxr-xr-x 3 root root 4096 Dec  2 08:35 ganglia
>
> drwxr-xr-x 3 root root 4096 Dec  2 09:20 hpc
>
> -rwxr-xr-x 1 root root  654 Dec 26 23:17 index.cgi
>
> drwxr-xr-x 3 root root 4096 Dec  2 08:25 kernel
>
> drwxr-xr-x 3 root root 4096 Dec  2 09:37 kvm
>
> drwxr-xr-x 3 root root 4096 Dec  2 09:48 openvswitch
>
> drwxr-xr-x 3 root root 4096 Dec  2 10:29 perl
>
> drwxr-xr-x 3 root root 4096 Dec  2 09:35 python
>
> drwxr-xr-x 3 root root 4096 Dec  2 09:54 sge
>
>
>
>
>
> As you can see in the picture at https://pasteboard.co/H0h8wWe.jpg the
> folder structure is shown in the browser which is a sign of run error for
> the cgi script.
>
>
>
> The folder structure should be similar to http://central-7-0-x86-64.
> rocksclusters.org/install/rolls/
>
>
>
>
>
> The virtualhost added to /etc/apache2/sites-enabled/000-default.conf
> looks like this
>
>
>
> 
>
> ServerName rocks-7-0.my.org
>
> DocumentRoot /var/www/html/rocks/7.0
>
> 
>
>
>
> 
>
> Options FollowSymLinks Indexes ExecCGI
>
> AllowOverride None
>
> Order allow,deny
>
> Allow from all
>
> 
>
>
>
> 
>
> AllowOverride None
>
> #SSLRequireSSL
>
> #SSLVerifyClient None
>
> Allow from all
>
> 
>
> # allow all access to the rolls RPMS
>
> 
>
> DirectoryIndex /install/rolls/index.cgi
>
> Allow from all
>
> 
>
>
>
>
>
>
>
> Any idea about that?
>
>
>
>
>
> Regards,
>
> Mahmood
>

Re: [users@httpd] if statement and ssl directives (apache 2.4)

2017-12-06 Thread Gillis J. de Nijs 
Hi Adam,

Simplest, in my opnion, is simplest to read and parse for a human.

What's wrong with:

## One VirtualHost that does everything

ServerName www.comptoir-hardware.com

SSLEngine on
SSLCertificateFile /etc/ssl/certs/comptoir-hardware.com.crt
SSLCertificateKeyFile /etc/ssl/private/comptoir-hardware.com.key
SSLCACertificateFile  /etc/ssl/certs/comptoir-hardware.com.ca

DocumentRoot ...


## Redirect to main VirtualHost

ServerName new.comptoir-hardware.com
ServerAlias comptoir-hardware.com
ServerAlias comptoir.co
ServerAlias www.comptoir.co

SSLEngine on
SSLCertificateFile /etc/ssl/certs/comptoir-hardware.com.crt
SSLCertificateKeyFile /etc/ssl/private/comptoir-hardware.com.key
SSLCACertificateFile  /etc/ssl/certs/comptoir-hardware.com.ca

Redirect / https://www.comptoir-hardware.com/


## Redirect http to https main VirtualHost

ServerName www.comptoir-hardware.com
ServerAlias new.comptoir-hardware.com
ServerAlias comptoir-hardware.com
ServerAlias comptoir.co
ServerAlias www.comptoir.co

Redirect / https://www.comptoir-hardware.com/


Cheers,
Gillis

On Wed, Dec 6, 2017 at 10:10 AM, Adam Cecile  wrote:

> Hi,
>
> I'm trying to achieve a simplier vhost configuration using if statements
> but httpd refuses to start when I put SSL related directive inside the if
> block:
>
>
> 
>   ServerName www.comptoir-hardware.com
>   ServerAlias www.comptoir-hardware.com
>   ServerAlias new.comptoir-hardware.com
>   ServerAlias comptoir.co
>   ServerAlias www.comptoir.co
>
>   
> SSLEngine on
> SSLCertificateFile /etc/ssl/certs/comptoir-hardware.com.crt
> SSLCertificateKeyFile /etc/ssl/private/comptoir-hardware.com.key
> SSLCACertificateFile  /etc/ssl/certs/comptoir-hardware.com.ca
>   
>
>   
> RedirectMatch (.*) http://www.comptoir-hardware.com$1
>   
>
> 
>
>
> Can you confirm there's a way to do what I want ? Can you see what's wrong
> ?
>
> Thanks in advance,
>
>
> Adam.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] Hide URL link of target

2017-08-01 Thread Gillis J. de Nijs 
Hi Chris,

Displaying the URL when hovering over the link or loading the site is
something your browser does, and not something Apache httpd has any control
over.

Cheers,
Gillis

On Tue, Aug 1, 2017 at 11:28 AM, Chris Chia  wrote:

> Hi
>
>
>
> Very newbie question.
>
>
>
> Is there a way to hide the URL link when hover over the link and also when
> browser is in the process of connecting to target site.
>
>
>
> This is a legitimate reason to do so, though browsers may have disable
> such scenario.
>
>
>
> Running Ubuntu and apache.
>
>
>
>
>
> Thanks
>
>
>
>
>

Re: [users@httpd] configure apache2 on ubuntu 16.04 vps to use php-fpm is not leading to the desired outcome

2017-07-25 Thread Gillis J. de Nijs 
I see you have libapache2-mod-php7.0 installed.  Are you sure you disabled
it?  In Ubuntu you can use a2dismod to disable modules.  I suspect mod_php
is listed there.  It's not required when you want to do fpm.

On Tue, Jul 25, 2017 at 10:02 AM, Luca Toscano 
wrote:

> Hi Dino,
>
>
> 2017-07-23 1:32 GMT+02:00 Dino Vliet :
>>
>> Modified this file:
>>
>> /etc/apache2/sites-available/000-default.conf to now have this inside:
>>
>>
>>  
>>
>>   Require all granted
>>
>>   
>>
>>   
>>
>>   AddHandler php7-fcgi .php
>>
>>   Action php7-fcgi /php7-fcgi virtual
>>
>>   Alias /php7-fcgi /usr/lib/cgi-bin/php7-fcgi
>>
>>   FastCgiExternalServer /usr/lib/cgi-bin/php7-fcgi -socket
>> /var/run/php/php7.0-fpm.sock -pass-header Authorization
>>
>>   
>>
>
> In here it seems that you are using mod_fastcgi (configured to not manage
> FCGI processes afaict)
>
>>
>> Also modified this file /etc/apache2/conf-available and now it contains
>>
>>
>> # Redirect to local php-fpm if mod_php is not available
>>
>> 
>>
>>   # Enable http authorization headers
>>
>>   SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
>>
>>
>>   
>>
>>   SetHandler "proxy:unix:/run/php/php7.0-fpm.sock|fcgi://localhost"
>>
>>   
>>
>
> And in here mod_proxy_fcgi? Are you sure that this is what you wanted to
> achieve?
>
>
>> However, when I look at the output of the info.php page I have created in
>> the document root I see Server API --> Apache 2.0 Handler in stead of what
>> I expected after fiddling with the configuration. I expected Server API -->
>> FPM/FastCGI
>>
>>
>> What have I missed and what should I do to have apache2 run with FastCGI?
>>
>
> I'd suggest to follow https://httpd.apache.org/docs/
> 2.4/mod/mod_proxy_fcgi.html and https://wiki.apache.org/httpd/php to
> gather more info :)
>
> Hope that helps!
>
> Luca
>