Re: [users@httpd] LetsEncrypt.org with Virtual Hosting

2016-06-14 Thread Mathijs Schmittmann 
Hi Filipe,
>
> > Notice that SSLCertificateFile and SSLCertificateKeyFile are the
> > same for both of the domains, because they use the same key of
> > example.com .  The website, example.com
> >  works perfectly fine.  But example.info
> >  has serious problems (On the order of
> > NET::ERR_CERT_COMMON_NAME_INVALID).  Who has an idea on how to fix
> > this?  I can't experiment too much because I'm limited to 5 keys
> > per week so learning this myself is a very slow-track process.
You might find this interesting:
https://community.letsencrypt.org/t/testing-against-the-lets-encrypt-staging-environment/6763

Letsencrypt provides a staging environment with much more lenient
ratelimiting, but of course not signed with the official intermediate
certificate.

Br,
Mathijs




signature.asc
Description: OpenPGP digital signature

[users@httpd] RewriteMap overlap with ProxyPass

2015-11-03 Thread Mathijs Schmittmann 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi all,

I have the following configuration on a 2.2.x installation:


ProxyPass /foo ajp://10.20.30.40/bla
RewriteMap bar txt:/var/www/html/map.txt
RewriteCond ${bar:$1} >""
RewriteRule ^/(.*)$ ${bar:$1}


Now in the map.txt file there is content like this:
bla/ target/bla.html
foo/ target/foo.html

The second line in the rewritemap file will never be processed it
seems, because requests to /foo are 'intercepted' by the ProxyPass
before any rewrite actions are applied.

Is there any way to make the rewritemap precede the proxypass directive?

Best regards,
Mathijs Schmittmann
-BEGIN PGP SIGNATURE-
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJWOIAZAAoJEHU+9B0GxpC8/dsP/160AFslOqMB5Q4ZfYtl6iUl
gNtahOEHSl40BA3VAlQ2cH4mUNkgcga77JPjB7j6PIhL9rIETnaXikKC3QDz95ml
qRUB12TVu6EvKQHWVHYVv5P8wHq8RWW1RfpPwiV6P0d01dcKn1P0BtkNpwhhSa8h
j6NGO9sbsLwCpzdM9Gxj6ZxgHoAya/EFSforZ92haopGn2WtdOWw0sUyP3P8/l7d
BN58kP8cy+X87tsS1aPCcNpV/lA6yJTm/gnLA02Gx7IDkUXzSsLm/CUfzxGe1RyS
B6+iz80mFvzNBJhA/viUBBKENAW7dRJ92ZV4id61sST7AFeiTKyBgIFtSw6JmbPp
B00K9nZd3MTwzjbgP+hL8TeLHE2qRG113ZZ+zLrdT7YbGE1LxFYQ3a2oB1YdH8wt
lBu1lVKqr2UQbnH/6ttXl403teklZiQWvh3JjTyu78jswuG1NrmTKu2YkO6sU7Cj
gJHT/diXlDvMZhUF++INj9YmWaTyaLVbCJ32lff6D3VHyFMDVEb8YJiRWmDJAkls
Gdky+fP5UxQqPxfW9XQZ84fVQTKwCytvLH5bY20ZI5nUEFku4oQo/HshCtPNmIfK
KH5uhj/2ZEZrEvAe+Ed+8TaCARUKOWJ2A5SWPd01HVqM2ZRGtdwM+m39hFG0Ji4O
P40gWGkuF+tn2Au+OQ4k
=O7J2
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: AW: [users@httpd] Is it possible to install apache server with non-root user [wd-vc]

2015-10-29 Thread Mathijs Schmittmann 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

It is possible to make the httpd bind to ports <1024:

https://wiki.apache.org/httpd/NonRootPortBinding

On 29/10/15 10:49, Bremser, Kurt (AMOS Austria GmbH) wrote:
> Since httpd requires root privilege to bind to port 80, it needs to
> be run by the superuser, so from a security POV it should NOT be
> installed by another userid. You also need root privilege on many
> UNIXen to run the child processes under a different userid, if such
> is specified in the User directive of the configuration file.
> 
> Kurt Bremser AMOS Austria
> 
> Newton was wrong. There is no gravity. The Earth sucks. 
> --
- --
>
> 
*Von:* VELIDANDI, RAMAKRISHNA [ramakrishna.velida...@unilever.com]
> *Gesendet:* Donnerstag, 29. Oktober 2015 09:55 *An:*
> users@httpd.apache.org *Betreff:* [users@httpd] Is it possible to
> install apache server with non-root user [wd-vc]
> 
> Hi Team,
> 
> 
> 
> Is it possible to install apache server with non-root user ?
> 
> If yes, What are the groups required for non-root user ?
> 
> 
> 
> Please share the info in  detail.
> 
> 
> 
> 
> 
> *Thanks & Regards* *Ram* SAP BASIS - IBM GBS 5th Floor, Tower A,
> Prestige Shantiniketan, The Business Precinct,
> 
> Whitefield Main Road, Bangalore - 560048, India.
> 
> Off: 080 49281569
> 
> 
> 
> 
> AMOS Austria GmbH 1130 Wien, Hietzinger Kai 101-105 FN 365014k,
> Handelsgericht Wien UID: ATU 66614737
> 
> http://www.allianz.at
> 
>  Dieses
> E-Mail und allfaellig daran angeschlossene Anhaenge enthalten
> Informationen, die vertraulich und ausschliesslich fuer den (die)
> bezeichneten Adressaten bestimmt sind. Wenn Sie nicht der genannte
> Adressat sind, darf dieses E-Mail samt allfaelliger Anhaenge von
> Ihnen weder anderen Personen zugaenglich gemacht noch in anderer
> Weise verwertet werden. Wenn Sie nicht der beabsichtigte Empfaenger
> sind, bitten wir Sie, dieses E-Mail und saemtliche angeschlossene 
> Anhaenge zu loeschen.
> 
> Please note: This email and any files transmitted with it is 
> intended only for the named recipients and may contain confidential
> and/or privileged information. If you are not the intended
> recipient, please do not read, copy, use or disclose the contents
> of this communication to others and notify the sender immediately.
> Then please delete the email and any copies of it. Thank you. 
> 
-BEGIN PGP SIGNATURE-
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJWMev4AAoJEHU+9B0GxpC8QwIQALXZVcRLLC29IOXZ7oz3DZNm
it6dxF7Qe8BR62INHBSJxq775jh+lb7H7cfx+coQJhsCdmS10E8M8Z2l6/7WiVBV
hjwnnt3ahyX0rNU+e19oI408ZLpNFWtcMeJiNB+hb2WOl4HyUeeBLHsEuXElaEQK
BhjK/xRkPNBAVlQHUQv8aUtN6jydNFfYz6QEHCdwjbGeMVPByZbeIp7UvgfffnXZ
Z76q/28UkgEsNTi+O51JVCKlruLwNrbIg8dvCQNVLjOD/3dZ4E2XEz13fLXeumhA
oiicnsvLE25yulFCvAJ/WtUa7vM/qAJ9h0bLon3Rcnmtap+8+WNR9FtqQurZbx44
4nzwjqMYNvNMeX6owNGbYiyTN+vcltpwKwIVZiS7EKkHuO23ZU+rzbA641XhgeKQ
lE97XKsBC/VVj2BOiQCK7acvKx5evRTWzq+lcA+OzveSvcNWhRYmnhjn3I8UK8Vf
9QlamY0Mec1kDX1UKGw+8ssamU7LpqA6fYyGe8GiMQYPLVLBX5ovzl+Nb1CmPf2X
KW9/YffzCSBts5CIIsvKfPx9vNmMunYDNJUc6JvUSZpQkyC/a/iXkTVzOwDIbsX1
7Oj+pUqRM6wcDv0Rpb2IfD7N9R0vhQZQO6pF3i03wYOfcaBCo3Taem7JznC9pYlE
Yhj0q55w57k/MsAP4YLa
=Myu1
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] virtual host configuration

2015-07-23 Thread Mathijs Schmittmann 
K R schreef op 7/23/2015 om 9:44 PM:
 Hi,
 my customer want to configure virtual host for 5 website in one apache
 environment .  do i have to get 5 ip addresses from network team.
 
 Can someone please point me on how can i achieve the same 

No, you should create 5 virtualhosts in your configuration and let the
Apache HTTPD listen on 1 IP. Based on which website is requested
(technically based on the 'Host' header in the HTTP request) the httpd
will select the right DocumentRoot for serving a response.

For more information about virtualhosts:
http://wiki.apache.org/httpd/ExampleVhosts
http://httpd.apache.org/docs/current/vhosts/examples.html

 
 Thanks in advance

Best regards,
Mathijs Schmittmann

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Fwd: E tag numbers

2015-05-11 Thread Mathijs Schmittmann 
Hi Steve,

ETag numbers are - roughly - checksums of the files being requested
which can be used in caching mechanisms.

The only directive in the configuration of an Apache HTTP server
directly related to the ETag validator is 'FileETag':
http://httpd.apache.org/docs/current/mod/core.html#fileetag

Please take a look at these pages for a more thorough explanation:

http://en.wikipedia.org/wiki/HTTP_ETag
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html (Section 14.19)

Best Regards,
Mathijs Schmittmann

steve owen schreef op 5/11/2015 om 6:16 PM:
 
 
 Sirs,
 
 
 
 Don't know if I'm following the correct protocol! This is the enquiry I sent 
 Eric he 
 
 informed that I should join this format. 
 
 
 
 I would like an answer to the questions below if possible.
 
 
 
 regards  Steve
 
 
 
 - Original Message - 
 
 From: steve owen ste...@talktalkbusiness.net
 
 To: webmas...@apache.org
 
 Sent: Mon May 11  9:46
 
 Subject: Fwd: E tag numbers
 
 
 
 
 
 Dear Sirs,
 
 
 
 Wonder if you could assist:-
 
 
 
 I know that the majority of web sites/domains use Apache servers.
 
 
 
 I'm currently tracking a number of Domains that are consistently using the 
 Internet for 
 
 fraudulent purposes.
 
 
 
 If a Domain uses Apache for it's server and a given E tag number, who 
 provides the E tag ? 
 
 Is it allocated or purchased?
 
 
 
 It would appear from my investigations that at least 5 Domains appear to be 
 using the 
 
 identical E tag number, is this possible?  They also use the exact same 
 Apache server 
 
 reference.
 
 
 
 I can provide the details should you require for assistance. I do trust you 
 can assist, 
 
 this is an extremely important matter, many thanks.
 
 
 
 Kind regards 
 
 
 
 Steve Owen
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 -
 To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
 For additional commands, e-mail: users-h...@httpd.apache.org
 

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache won't start, strace output enclosed

2014-01-16 Thread Mathijs Schmittmann 
- Original Message -
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA512
 
 Hi all,
 
 Ack!
 
 This is apache 2.2.25 compiled from source but on a CentOS 6.5 system.
 Notably, I included all modules in the build.

You might want to start to build with a minimal set of modules, to exclude any 
of them from being the cause. Why did you compile with all modules to start 
with?

 
 I was trying to add a subdomain, ran into memory allocation problems
 and so tweaked the settings accordingly. Here are the current settings
 and I have no idea how sensible they are:
 
 IfModule prefork.c
 StartServers   4
 MinSpareServers4
 MaxSpareServers   64
 ServerLimit   512
 MaxClients512
 MaxRequestsPerChild  512
 /IfModule
 IfModule worker.c
 StartServers 4
 MaxClients 512
 MinSpareThreads 32
 MaxSpareThreads 64
 ThreadsPerChild 16
 MaxRequestsPerChild  0
 /IfModule

This depends on which MPM you are currently running, see your httpd -V output 
for this information. Obviously the specific settings will be different in each 
usecase, depending on load and resources available.

 
 Now it won't start at all and writes nothing to the error log. So I
 managed to get strace going on it. These are the last few lines of the
 output:
 
 open(/etc/localtime, O_RDONLY)= 82
 fstat(82, {st_mode=S_IFREG|0644, st_size=2819, ...}) = 0
 fstat(82, {st_mode=S_IFREG|0644, st_size=2819, ...}) = 0
 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
 0) = 0x7fce20292000
 read(82,
 TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0\0...,
 4096) = 2819
 lseek(82, -1802, SEEK_CUR)  = 1017
 read(82,
 TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\5\0\0\0\5\0\0\0\0...,
 4096) = 1802
 close(82)   = 0
 munmap(0x7fce20292000, 4096)= 0
 write(43, [Thu Jan 16 19:49:38 2014] [erro..., 98) = 98
 exit_group(1)

The last write call shows that its logging an error to the errorlog, are you 
sure you have looked at the right errorlog? You might want to try to 'strace -s 
4096 ...' so the entire message is captured in the trace.

 
 As you might imagine, I'm in a bit of a panic. What's going wrong?
 
 Thanks!
 - --
 David Benfell
 see https://parts-unknown.org/node/2 if you don't understand the
 attachment
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v2.1.0-ecc (GNU/Linux)
 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
 
 iQIcBAEBCgAGBQJS2K3RAAoJEKrN0Ha7pkCOWP8P/23HK4h3KQ0ERVn5LN8l85t+
 c+ZbjWsc3G+5LsU8sRhgx6724ZFi4Mo3v2pq1UAXpeGToa0QqUfteXFtepLz5X++
 0gJUy84gphrz3P5XZEHO51l1tH4RhBovVOUoWpQiZMRG06UapuLqHqmM33RB275+
 IMKfem8KukTOaUCr5ByKxWSNi3aA/2P5wP21ah9t7LMCvp668PKFyMUI8nbq1nyQ
 ZM2sFfulEjHel+6KpmrxEZ/QaMK4ElGCnmhNExz1sRicYaLNrk/kgOZBEAqI7esV
 EHe8L3KO7IqRrCgCUEC4ovFYh+THnrlGvNZU3seQNKzocQ64bR+zRViHNaR0jzXr
 GZKIAyKhaEutpPqjvcfTYtF/HRsIS3FkOlXPKPq0xonyJtQ0SWPsR6e74Lj3x2aq
 OqD2FdnCEqy8+GlQ1nh1kOaI14N6b5uzRWacNNDmwRYD0Dr8V1Du+F/LF33mpH9p
 3WkiKtXJ7bvSxAtdA1+DJc+DaQnMOjpoAdzMX0VQCdkJURdvNcCVmIkj6LO6z1Qy
 oNf9pg0b6oLN6BDJuBM7AKneT61K5EwBmcHVW5Jq+jSBJHGbzumWPy7OUyzedfNM
 DPl7ZoxrFY9CH+piRMTXSh9se0uBIunJFc3hHBIxFv3HeKBj7AEXwA387PPuMDOh
 97UgbIOS5IdZ4OppgXue
 =NgHk
 -END PGP SIGNATURE-
 
 
 -
 To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
 For additional commands, e-mail: users-h...@httpd.apache.org

With kind regards,

Mathijs Schmittmann

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] htaccess file and computer names

2013-02-19 Thread Mathijs Schmittmann 
Op 19 feb. 2013 om 21:01 heeft Walter H. walte...@mathemainzel.info het 
volgende geschreven:

 Hello,
 
 DNS names won't work here;
 because the connection is made by an IP host,
 for this a reverse DNS request would be neccessary;
 
 the apache log files also also don't contain DNS names, just IP addresses;

Note: This is only true if HostnameLookups is set to off

 
 I wouldn't do this, because this decreases performance;
 
 Walter
 
 On 19.02.2013 19:49, Marc Fromm wrote:
 
 I am using some htaccess files to control access to a few web pages.
 
 The htaccess file works if I use the ip address of the computer to grant 
 access, but not its name.
 
 Is there another setting to enable for  “Allow from 
 computername.domain.name” to work like using the ip address “Allow from 
 ###.###.###.###” ?
 
  
 
 Order deny,allow
 
 Deny from all
 
 Allow from computername.domain.name //this does not grant access
 
 Allow from ###.###.###.### //this grants access
 
  
 
 The computers and the server are all on the same network
 
  
 
 Thanks
 
  
 
 Marc

Re: [users@httpd] Module Directives

2012-06-10 Thread Mathijs Schmittmann 
Op 10 jun. 2012 om 16:14 heeft Bill Vance p...@xpresso.seaslug.org het 
volgende geschreven:

 Is there a more or less comprehensive list of apache2
 modules that lists all their directives, and maybe shows
 how they should be used?  

Sure, for 2.2 see http://httpd.apache.org/docs/2.2/mod/directives.html , each 
one links to their respective documentation and usage.

 
 TIA
 
 Bill
 
 
 -
 To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
 For additional commands, e-mail: users-h...@httpd.apache.org
 

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache 2.4.1 Installation problems

2012-04-17 Thread Mathijs Schmittmann 

1: 2.4 uses different auth methods and directives, see 
http://httpd.apache.org/docs/2.4/upgrading.html and check out the 
authentication section. You probably either need the compat module, or a new 
access control directive is overriding your current directory section.

2: Apache 2.4 needs modules that are compiled with the new apr, so make sure to 
recompile your mod_php as well.

Op 17 apr. 2012 om 17:48 heeft John Iliffe john.ili...@iliffe.ca het volgende 
geschreven:

 I am trying to update from 2.2.14 to 2.4.1 and have encountered two 
 problems.  2.2.14 has been working properly for over 2 years.  Pages are 
 located on a separate directory starting at /www with subdirectories s1, 
 s2, etc for different named virtual hosts.  Config file for EACH virtual host 
 shows document root as /www/s1, /www/s2, etc as relevant.
 
 1.  Apache will start properly but gives a Not Authorized message when 
 any page is to be served.
 
 Log:  
 
 [Mon Apr 16 13:02:31.267819 2012] [authz_core:error] [pid 23033:tid 
 1100290368] [client 192.168.1.1:41839] AH01630: client denied by server 
 configuration: /www/s2/, referer: http://www.x.ca/url0001.html
 [Mon Apr 16 13:02:38.965404 2012] [authz_core:error] [pid 23033:tid 
 1110780224] [client 192.168.1.1:41842] AH01630: client denied by server 
 configuration: /www/s1/, referer: http://www.xx.ca/url0001.html
 
 A search of the Apache archives suggests that this is a config problem 
 requiring a Directory entry so I set up:
 
 # Allow the directory where we store the pages -- 2012-04-15
 Directory /www 
  Options FollowSymLinks
  Order Allow,Deny
  Allow from all
 /Directory
 
 I tried a number of variations such as putting this in each of the virtual 
 host containers, putting a /* on the end, including it once before all the 
 virtual host declarations, etc.
 
 Still get same problem.
 --
 
 Second problem:
 
 Many of the pages are written in PHP and I have PHP installed on the server 
 and used by 2.2.14.  I copied the module libphp5.so into the modules 
 directory and added a LoadModule directive as follows:
 
 LoadModule php5_module modules/libphp5.so
 
 (This line has to be commented out to start Apache)
 
 When I try to start up Apache I get the following error:
 
 /usr/apache-2.4.1/bin/apachectl -k start
 httpd: Syntax error on line 153 of /usr/apache-2.4.1/conf/httpd.conf: 
 Cannot load /usr/apache-2.4.1/modules/libphp5.so into server: 
 /usr/apache-2.4.1/modules/libphp5.so: undefined symbol: unixd_config
 
 What causes this and what is the solution?
 
 Thanks.
 
 John
 
 -
 To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
 For additional commands, e-mail: users-h...@httpd.apache.org
 

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org