Re: [users@httpd] URL question

2019-05-26 Thread Robert Moskowitz 

Thanks.  I should have seen that.  Been too long...

On 5/26/19 9:37 AM, Stephen wrote:

Try changing the filename from bar.html to index.html

Stephen
www.roissy.ca

On 2019-05-26 8:59 a.m., Robert Moskowitz wrote:

I have a web site accessible by: www.foo.com/bar.html

But users that use: www.foo.com/bar

get a directory content of the files in directory bar.

What do I need to add so that those that use the shortcut of leaving 
off .html still get the full web site.


thanks



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] URL question

2019-05-26 Thread Robert Moskowitz 

I have a web site accessible by:  www.foo.com/bar.html

But users that use: www.foo.com/bar

get a directory content of the files in directory bar.

What do I need to add so that those that use the shortcut of leaving off 
.html still get the full web site.


thanks



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] AH01630: client denied by server configuration

2019-02-03 Thread Robert Moskowitz 




On 2/3/19 9:42 AM, Eric Covener wrote:

alias /mailadmin /usr/share/postfixadmin


Ah, I see my culprit is the alias statement is missing adding the /public

I add that and got to the next problem which is postfixadmin's problem 
in moving directories and not changing all references. Almost like the 
directory change was an afterthought and not fully tested.


Well back to their forum to bring this up.

thanks for the review and helping me see what I missed.



I added the /public on the Directory statement based on the content of
/usr/share/postfixadmin/index.php
http://klovia.htt-consult.com/mailadmin/setup.php

This sounds like your culprit, none of the error details talks about a
public/  component of the URL or filesystem path.
Can you elaborate on why you tacked it on?  You can log %f to see
where in the filesystem a URL was mapped to.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] AH01630: client denied by server configuration

2019-02-03 Thread Robert Moskowitz 

Look at the error message from the log.  The IP is

[client 192.168.160.20:52060 <http://192.168.160.20:52060>]

This is surely in the range of

Require ip 192.168.0.0/16 <http://192.168.0.0/16>

The URL being asked for is:

http://klovia.htt-consult.com/mailadmin/setup.php

I have the following:

cat /etc/httpd/conf.d/00-init.conf ServerAdmin 
postmas...@htt-consult.com ServerName klovia.htt-consult.com 
  Options Indexes 
FollowSymLinks AllowOverride None Require all granted  
  SSLEngine On SSLCertificateFile 
/etc/pki/tls/certs/htt-consult.com.crt SSLCertificateKeyFile 
/etc/pki/tls/private/htt-consult.com.key  
Options Indexes FollowSymLinks AllowOverride None Require all granted 
 



cat /etc/httpd/conf.d/postfixadmin.conf

alias /mailadmin /usr/share/postfixadmin

AllowOverride AuthConfig
Require ip 192.168.0.0/16 <http://192.168.0.0/16>



?

On 2/3/19 5:51 AM, Daniel wrote:
Client does not match the required ip,make sure you have a directory 
directive matching the resource you are asking for ,and allowing 
permissions to the up range of the client or with a "require all granted"


El dom., 3 feb. 2019 1:35, Robert Moskowitz <mailto:r...@htt-consult.com>> escribió:


I have google around and the obvious reasons for this..

I am working on a new setup with posrfixadmin ver 3.2 on
Centos7-armv7 with SElinux enforcing. Last I worked with
postfixadmin it was ver 3.0.2 and my notes are based on that and
Apache 2.4.

My postfixadmin.conf file for Apache is:

alias /mailadmin /usr/share/postfixadmin

AllowOverride AuthConfig
Require ip 192.168.0.0/16 <http://192.168.0.0/16>


I added the /public on the Directory statement based on the content of

/usr/share/postfixadmin/index.php

when I try connecting to host/mailadmin/setup.php I get:

Forbidden
You don't have permission to access /mailadmin/setup.php on this
server.

Checking error_log I see:

[Fri Feb 01 15:40:43.714302 2019] [authz_core:error] [pid 7692]
[client 192.168.160.20:52060 <http://192.168.160.20:52060>]
AH01630: client denied by server configuration:
/usr/share/postfixadmin/setup.php

My IP addr is in the required range, but it fails. I tried opening
it up to "require all granted" and still no access.

In 3.0.2 I had to do:

chcon -R -t httpd_sys_content_rw_t /usr/share/postfixadmin/templates_c
setsebool -P httpd_can_network_connect on

I noted that the directory is now /templates but the INSTALL.TXT
still points to templates_c. I have made the change to the above
chcon command with no results.

What am I missing? What has changed?

thanks

[users@httpd] AH01630: client denied by server configuration

2019-02-02 Thread Robert Moskowitz 

I have google around and the obvious reasons for this..

I am working on a new setup with posrfixadmin ver 3.2 on Centos7-armv7 
with SElinux enforcing. Last I worked with postfixadmin it was ver 3.0.2 
and my notes are based on that and Apache 2.4.


My postfixadmin.conf file for Apache is:

alias /mailadmin /usr/share/postfixadmin

AllowOverride AuthConfig
Require ip 192.168.0.0/16


I added the /public on the Directory statement based on the content of

/usr/share/postfixadmin/index.php

when I try connecting to host/mailadmin/setup.php I get:

Forbidden
You don't have permission to access /mailadmin/setup.php on this server.

Checking error_log I see:

[Fri Feb 01 15:40:43.714302 2019] [authz_core:error] [pid 7692] [client 
192.168.160.20:52060] AH01630: client denied by server configuration: 
/usr/share/postfixadmin/setup.php


My IP addr is in the required range, but it fails. I tried opening it up 
to "require all granted" and still no access.


In 3.0.2 I had to do:

chcon -R -t httpd_sys_content_rw_t /usr/share/postfixadmin/templates_c
setsebool -P httpd_can_network_connect on

I noted that the directory is now /templates but the INSTALL.TXT still 
points to templates_c. I have made the change to the above chcon command 
with no results.


What am I missing? What has changed?

thanks

Re: [users@httpd] Re: Testing for apache open relaying

2018-09-09 Thread Robert Moskowitz 
Actually, I think I found my spam source, and it is neither Roundcube or 
Apache or Postfix.  Well it is kind of Postfix, as I have quotas on 
mailbox size.


I had two dormant mailboxes that had exceeded quota and I had set to 
bounce messages if quota exceeded.  The spammers had discovered this and 
were using these accounts for their spam distribution.


Simple fix was to delete the dormant accounts.  It was not some esoteric 
Apache proxy behavior.


I was really shifting the straws around to figure out why my IP was 
blocked for spamming...


On 9/8/18 11:22 PM, Frank Gingras wrote:
You should be asking the roundcube mailing list instead - httpd has 
nothing to do with email, as stated previously.


On Thu, Sep 6, 2018 at 8:15 AM Robert Moskowitz <mailto:r...@htt-consult.com>> wrote:




On 09/06/2018 06:40 AM, @lbutlr wrote:
> On 05 Sep 2018, at 09:58, Robert Moskowitz mailto:r...@htt-consult.com>> wrote:
>> So I suspect my apache server as a proxy relay.
>>
>> Is there a similar site to mxtoolbox that will test apache for
improper relaying?
> Are you allowing php? You should be able to root out any badly
behaved mail scripts.
>
> You should check exactly what your server is being blocked for.
For example, if you are on a dynamic IP there’s nothing
necessarily wrong with your configuration, you *will* be
blacklisted regardless.
>
> https://mxtoolbox.com/blacklists.as
>
Got a 404 on the above URL.


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
<mailto:users-unsubscr...@httpd.apache.org>
For additional commands, e-mail: users-h...@httpd.apache.org
<mailto:users-h...@httpd.apache.org>

Re: [users@httpd] Re: Testing for apache open relaying

2018-09-06 Thread Robert Moskowitz 




On 09/06/2018 06:40 AM, @lbutlr wrote:

On 05 Sep 2018, at 09:58, Robert Moskowitz  wrote:

So I suspect my apache server as a proxy relay.

Is there a similar site to mxtoolbox that will test apache for improper 
relaying?

Are you allowing php? You should be able to root out any badly behaved mail 
scripts.

You should check exactly what your server is being blocked for. For example, if 
you are on a dynamic IP there’s nothing necessarily wrong with your 
configuration, you *will* be blacklisted regardless.

https://mxtoolbox.com/blacklists.as


Got a 404 on the above URL.


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Re: Testing for apache open relaying

2018-09-06 Thread Robert Moskowitz 




On 09/06/2018 06:40 AM, @lbutlr wrote:

On 05 Sep 2018, at 09:58, Robert Moskowitz  wrote:

So I suspect my apache server as a proxy relay.

Is there a similar site to mxtoolbox that will test apache for improper 
relaying?

Are you allowing php? You should be able to root out any badly behaved mail 
scripts.


I run roundcube, which is openly available.  It of course has mail 
scripts.   Supposedly I have some control on the roundcube stuff. My 
roundcube.conf was in the original post.



You should check exactly what your server is being blocked for. For example, if 
you are on a dynamic IP there’s nothing necessarily wrong with your 
configuration, you *will* be blacklisted regardless.


It is a static assignment from Comcast.  But it would not surprise me 
that even so, I have problems because of that...



https://mxtoolbox.com/blacklists.as



I will check this out.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Testing for apache open relaying

2018-09-05 Thread Robert Moskowitz 




On 09/05/2018 05:18 PM, Ruben Safir wrote:

On 9/5/18 4:47 PM, Robert Moskowitz wrote:

There is a way with open proxies to PUT content that goes out on port 25.


but that doesn't turn Apache into a mail server


Not a mailserver, put a way for spammers to get their spam out.


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Testing for apache open relaying

2018-09-05 Thread Robert Moskowitz 
There is a way with open proxies to PUT content that goes out on port 
25.  Or so I seem to recall.  The memory cells are at least a year old, 
and may be corrupted.


On 09/05/2018 04:32 PM, Ruben Safir wrote:

How do you think Apache will relay mail?  Apache has nothing to do with
email.



On 9/5/18 11:58 AM, Robert Moskowitz wrote:

My mail server is being blocked by barracuda and spamexperts.

I have tested my mail port via mxtoolbox.com and I came out clean and no
relaying.

So I suspect my apache server as a proxy relay.

Is there a similar site to mxtoolbox that will test apache for improper
relaying?

thanks

I thought I had it blocked for this:

# cat 01-allow.conf

     Options Indexes FollowSymLinks
     AllowOverride None
     Order deny,allow
     allow from 192.168.96.0/255.255.255.0
     allow from 50.253.254.0/255.255.255.240
     deny from all


# more roundcubemail.conf


     ServerName webmail.htt-consult.com
     ServerAlias webmail

     RewriteEngine On
     RewriteCond  %{SERVER_PORT} !^443$
     RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
     ExpiresDefault "access plus 10 years"
     AddOutputFilterByType DEFLATE text/html text/plain text/xml
     php_admin_flag session.cookie_secure "1"







# Round Cube Webmail is a browser-based multilingual IMAP client
#

     ServerName webmail.htt-consult.com
     ServerAlias webmail

     SSLEngine On
     SSLCertificateFile /etc/pki/tls/certs/webmail.htt-consult.com.crt
     SSLCertificateKeyFile /etc/pki/tls/private/webmail.htt-consult.com.key

     DocumentRoot /usr/share/roundcubemail

#    Alias /roundcubemail /usr/share/roundcubemail
#    Alias /webmail /usr/share/roundcubemail

     
         Order Deny,Allow
         Allow from all
         php_admin_flag session.cookie_secure "1"
     





# Round Cube Webmail is a browser-based multilingual IMAP client
#

     ServerName web2mail.htt-consult.com
     ServerAlias web2mail

     SSLEngine On
     SSLCertificateFile /etc/pki/tls/certs/webmail.htt-consult.com.crt
     SSLCertificateKeyFile
/etc/pki/tls/private/webmail.htt-consult.com.key

     DocumentRoot /usr/share/roundcubemail

     
     Order Deny,Allow
     Allow from all
     php_admin_flag session.cookie_secure "1"
     




=

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org







-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] Testing for apache open relaying

2018-09-05 Thread Robert Moskowitz 

My mail server is being blocked by barracuda and spamexperts.

I have tested my mail port via mxtoolbox.com and I came out clean and no 
relaying.


So I suspect my apache server as a proxy relay.

Is there a similar site to mxtoolbox that will test apache for improper 
relaying?


thanks

I thought I had it blocked for this:

# cat 01-allow.conf

    Options Indexes FollowSymLinks
    AllowOverride None
    Order deny,allow
    allow from 192.168.96.0/255.255.255.0
    allow from 50.253.254.0/255.255.255.240
    deny from all


# more roundcubemail.conf


    ServerName webmail.htt-consult.com
    ServerAlias webmail

    RewriteEngine On
    RewriteCond  %{SERVER_PORT} !^443$
    RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
    ExpiresDefault "access plus 10 years"
    AddOutputFilterByType DEFLATE text/html text/plain text/xml
    php_admin_flag session.cookie_secure "1"







# Round Cube Webmail is a browser-based multilingual IMAP client
#

    ServerName webmail.htt-consult.com
    ServerAlias webmail

    SSLEngine On
    SSLCertificateFile /etc/pki/tls/certs/webmail.htt-consult.com.crt
    SSLCertificateKeyFile /etc/pki/tls/private/webmail.htt-consult.com.key

    DocumentRoot /usr/share/roundcubemail

#    Alias /roundcubemail /usr/share/roundcubemail
#    Alias /webmail /usr/share/roundcubemail

    
        Order Deny,Allow
        Allow from all
        php_admin_flag session.cookie_secure "1"
    





# Round Cube Webmail is a browser-based multilingual IMAP client
#

    ServerName web2mail.htt-consult.com
    ServerAlias web2mail

    SSLEngine On
    SSLCertificateFile /etc/pki/tls/certs/webmail.htt-consult.com.crt
    SSLCertificateKeyFile 
/etc/pki/tls/private/webmail.htt-consult.com.key


    DocumentRoot /usr/share/roundcubemail

    
    Order Deny,Allow
    Allow from all
    php_admin_flag session.cookie_secure "1"
    




=

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] SSL Certs Not Loading

2017-04-25 Thread Robert Moskowitz 
On my Centos system, I would be looking at: 
/etc/httpd/logs/ssl_error_log for cert errors.


On 04/25/2017 03:18 PM, Sweeny, Theo (Chief Customer Office) wrote:

Hi Robert - the error found in  /content/logs/httpd/error.log

[Fri Apr 21 13:30:00.575781 2017] [ssl:emerg] [pid 97:tid 140688597538624] 
AH01895: Unable to configure verify locations for client authentication

I think it is a SSL cert issue, since adding the ssl certs the server has 
stopped working.


On 25 Apr 2017, at 14:11, Robert Moskowitz <r...@htt-consult.com> wrote:

So what does /content/logs/httpd/error.log say?

Often a permission problem.

On 04/25/2017 02:55 PM, Sweeny, Theo (Chief Customer Office) wrote:

Hello - I’ve installed new SSL certs on Apache v2.4.3 and for a single vhost - 
but the server won’t start.

The error logs are -

[Fri Apr 21 13:30:00.575805 2017] [ssl:emerg] [pid 97:tid 140688597538624] 
AH02311: Fatal error initialising mod_ssl, exiting. See 
/content/logs/httpd/error.log for more information

[Fri Apr 21 13:30:00.575781 2017] [ssl:emerg] [pid 97:tid 140688597538624] 
AH01895: Unable to configure verify locations for client authentication

Can you offer some pointers?

Regards,

Theo




Direct Line Insurance Group plc. Registered in England & Wales No 02280426. 
Registered Office: Churchill Court, Westmoreland Road, Bromley, Kent, BR1 1DP

This e-mail message is confidential and for use by the addressee only. If the 
message is received by anyone other than the addressee, please return the 
message to the sender by replying to it and then delete the message from your 
computer. You should not copy, print, distribute, disclose or use any part of 
it. Internet e-mails are not necessarily secure. By replying to this message 
you give your consent to our monitoring of your email communications with us. 
We do not accept responsibility for changes made to this message after it was 
sent.

We cannot accept any liability for viruses transmitted via this email once it 
has left our network. We will never send e-mails requesting personal or 
confidential information. If you ever receive such an e-mail appearing to come 
from us, do not reply to it, instead please contact us immediately.

__
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
__

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org


__
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
__


__
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
__

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] SSL Certs Not Loading

2017-04-25 Thread Robert Moskowitz 

So what does /content/logs/httpd/error.log say?

Often a permission problem.

On 04/25/2017 02:55 PM, Sweeny, Theo (Chief Customer Office) wrote:

Hello - I’ve installed new SSL certs on Apache v2.4.3 and for a single vhost - 
but the server won’t start.

The error logs are -

[Fri Apr 21 13:30:00.575805 2017] [ssl:emerg] [pid 97:tid 140688597538624] 
AH02311: Fatal error initialising mod_ssl, exiting. See 
/content/logs/httpd/error.log for more information

[Fri Apr 21 13:30:00.575781 2017] [ssl:emerg] [pid 97:tid 140688597538624] 
AH01895: Unable to configure verify locations for client authentication

Can you offer some pointers?

Regards,

Theo




Direct Line Insurance Group plc. Registered in England & Wales No 02280426. 
Registered Office: Churchill Court, Westmoreland Road, Bromley, Kent, BR1 1DP

This e-mail message is confidential and for use by the addressee only. If the 
message is received by anyone other than the addressee, please return the 
message to the sender by replying to it and then delete the message from your 
computer. You should not copy, print, distribute, disclose or use any part of 
it. Internet e-mails are not necessarily secure. By replying to this message 
you give your consent to our monitoring of your email communications with us. 
We do not accept responsibility for changes made to this message after it was 
sent.

We cannot accept any liability for viruses transmitted via this email once it 
has left our network. We will never send e-mails requesting personal or 
confidential information. If you ever receive such an e-mail appearing to come 
from us, do not reply to it, instead please contact us immediately.

__
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
__

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Does Apache need to delay startup until system time set?

2017-04-20 Thread Robert Moskowitz 

Yehuda,

thanks.  I already learned about chrony-wait for postfix.  I will apply 
it to httpd as well; Roundcubemail will need it...


On 04/20/2017 05:07 PM, Yehuda Katz wrote:
There are some parts of the HTTP conversation which could be affected 
by having the wrong time, but HTTPD itself doesn't care.
For example, if you are using cookies, caching, those could be 
affected by the time change (even more specifically, for PHP sessions, 
when the clock changes, the PHP session cleanup handler might think a 
session is very old and remove it).
If you want to wait for the time to be synchronized, I think you can 
change the systemd unit to require chrony-wait.service 
(https://git.tuxfamily.org/chrony/chrony.git/tree/examples/chrony-wait.service)


- Y

On Thu, Apr 20, 2017 at 4:57 PM, Robert Moskowitz <r...@htt-consult.com 
<mailto:r...@htt-consult.com>> wrote:


This is for Centos7 on an armv7 SOC with no clock battery.

On startup, Centos runs Chronyd which eventually sets the system
clock.  This can happen really fast, or not depending.  I have
learned that it is NOT a good thing for postfix to start when the
system time is earlier than the build date of postfix.  There is a
way for me to delay postfix start until the time is set.

Does Apache also have this concern not to start until the time is
'fixed'?

thanks


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
<mailto:users-unsubscr...@httpd.apache.org>
For additional commands, e-mail: users-h...@httpd.apache.org
<mailto:users-h...@httpd.apache.org>

[users@httpd] Does Apache need to delay startup until system time set?

2017-04-20 Thread Robert Moskowitz 

This is for Centos7 on an armv7 SOC with no clock battery.

On startup, Centos runs Chronyd which eventually sets the system clock.  
This can happen really fast, or not depending.  I have learned that it 
is NOT a good thing for postfix to start when the system time is earlier 
than the build date of postfix.  There is a way for me to delay postfix 
start until the time is set.


Does Apache also have this concern not to start until the time is 'fixed'?

thanks


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] configured HTTP(80) on the standard HTTPS(443) port!

2017-04-05 Thread Robert Moskowitz 



On 04/04/2017 11:37 PM, Yehuda Katz wrote:
The first warning is telling you that you are serving regular HTTP 
traffic on what is usually an HTTPS port. This is because you do not 
have any SSL configuration on the virtual host on port 443. You need 
"SSLEngine on" and certificate information at least.


thanks.  fixed.

You can ignore the second warning about "server name indication" 
unless you specifically want to support really old and insecure browsers.


- Y

On Tue, Apr 4, 2017 at 10:47 PM, Robert Moskowitz <r...@htt-consult.com 
<mailto:r...@htt-consult.com>> wrote:


I just noticed the following in error_log on httpd startup:

[Tue Apr 04 21:20:43.030519 2017] [ssl:warn] [pid 15521] AH01916:
Init: (z9m9z.test.htt-consult.com:443
<http://z9m9z.test.htt-consult.com:443>) You configured HTTP(80)
on the standard HTTPS(443) port!
[Tue Apr 04 21:20:43.030759 2017] [ssl:warn] [pid 15521] AH02292:
Init: Name-based SSL virtual hosts only work for clients with TLS
server name indication support (RFC 4366)

What does this mean?

One of my .conf files is:

# cat 00-init.conf
ServerAdmin r...@htt-consult.com <mailto:r...@htt-consult.com>
ServerName z9m9z.test.htt-consult.com
<http://z9m9z.test.htt-consult.com>


Options Indexes FollowSymLinks
AllowOverride None
Require ip 192.168.0.0/16 <http://192.168.0.0/16>




Options Indexes FollowSymLinks
AllowOverride None
Require ip 192.168.0.0/16 <http://192.168.0.0/16>



httpd -S reports:

VirtualHost configuration:
*:80   is a NameVirtualHost
 default server z9m9z.test.htt-consult.com
<http://z9m9z.test.htt-consult.com> (/etc/httpd/conf.d/00-init.conf:3)
 port 80 namevhost z9m9z.test.htt-consult.com
<http://z9m9z.test.htt-consult.com> (/etc/httpd/conf.d/00-init.conf:3)
 port 80 namevhost webmail.test.htt-consult.com
<http://webmail.test.htt-consult.com>
(/etc/httpd/conf.d/roundcubemail.conf:1)
 alias webmail
*:443  is a NameVirtualHost
 default server z9m9z.test.htt-consult.com
<http://z9m9z.test.htt-consult.com>
(/etc/httpd/conf.d/00-init.conf:10)
 port 443 namevhost z9m9z.test.htt-consult.com
<http://z9m9z.test.htt-consult.com>
(/etc/httpd/conf.d/00-init.conf:10)
 port 443 namevhost webmail.test.htt-consult.com
<http://webmail.test.htt-consult.com>
(/etc/httpd/conf.d/roundcubemail.conf:16)
 alias webmail
 port 443 namevhost z9m9z.test.htt-consult.com
<http://z9m9z.test.htt-consult.com> (/etc/httpd/conf.d/ssl.conf:56)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
PidFile: "/run/httpd/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
<mailto:users-unsubscr...@httpd.apache.org>
For additional commands, e-mail: users-h...@httpd.apache.org
<mailto:users-h...@httpd.apache.org>

[users@httpd] configured HTTP(80) on the standard HTTPS(443) port!

2017-04-04 Thread Robert Moskowitz 

I just noticed the following in error_log on httpd startup:

[Tue Apr 04 21:20:43.030519 2017] [ssl:warn] [pid 15521] AH01916: Init: 
(z9m9z.test.htt-consult.com:443) You configured HTTP(80) on the standard 
HTTPS(443) port!
[Tue Apr 04 21:20:43.030759 2017] [ssl:warn] [pid 15521] AH02292: Init: 
Name-based SSL virtual hosts only work for clients with TLS server name 
indication support (RFC 4366)


What does this mean?

One of my .conf files is:

# cat 00-init.conf
ServerAdmin r...@htt-consult.com
ServerName z9m9z.test.htt-consult.com


Options Indexes FollowSymLinks
AllowOverride None
Require ip 192.168.0.0/16




Options Indexes FollowSymLinks
AllowOverride None
Require ip 192.168.0.0/16



httpd -S reports:

VirtualHost configuration:
*:80   is a NameVirtualHost
 default server z9m9z.test.htt-consult.com 
(/etc/httpd/conf.d/00-init.conf:3)
 port 80 namevhost z9m9z.test.htt-consult.com 
(/etc/httpd/conf.d/00-init.conf:3)
 port 80 namevhost webmail.test.htt-consult.com 
(/etc/httpd/conf.d/roundcubemail.conf:1)

 alias webmail
*:443  is a NameVirtualHost
 default server z9m9z.test.htt-consult.com 
(/etc/httpd/conf.d/00-init.conf:10)
 port 443 namevhost z9m9z.test.htt-consult.com 
(/etc/httpd/conf.d/00-init.conf:10)
 port 443 namevhost webmail.test.htt-consult.com 
(/etc/httpd/conf.d/roundcubemail.conf:16)

 alias webmail
 port 443 namevhost z9m9z.test.htt-consult.com 
(/etc/httpd/conf.d/ssl.conf:56)

ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
PidFile: "/run/httpd/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] SSL_ERROR_RX_RECORD_TOO_LONG

2017-04-04 Thread Robert Moskowitz 



On 04/04/2017 05:37 PM, Eric Covener wrote:

On Tue, Apr 4, 2017 at 5:34 PM, Robert Moskowitz <r...@htt-consult.com> wrote:

Now what do I do

Every vhost with *:443 should have SSLEngine ON.


I am seeing that.  I have to relook at how roundcubemail NORMALLY 
configures its helper urls and adjust that to my new setup.  I am 
beginning to see where I have to go with this.  Once you start down a 
divergent path for the default setup, you have to carry it through...


Fun.  Not.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] SSL_ERROR_RX_RECORD_TOO_LONG

2017-04-04 Thread Robert Moskowitz 



On 04/04/2017 05:17 PM, Eric Covener wrote:

On Tue, Apr 4, 2017 at 5:09 PM, Robert Moskowitz <r...@htt-consult.com> wrote:

An error occurred during a connection to webmail.test.htt-consult.com. SSL
received a record that exceeded the maximum permissible length. Error code:
SSL_ERROR_RX_RECORD_TOO_LONG

It usually means you're talking SSL to a non-SSL port.  Check out your
vhosts  (apachectl -S), and listen directives, and the context of
SSLEngine.


httpd -S reports:

VirtualHost configuration:
*:80   is a NameVirtualHost
 default server z9m9z.test.htt-consult.com 
(/etc/httpd/conf.d/00-init.conf:3)
 port 80 namevhost z9m9z.test.htt-consult.com 
(/etc/httpd/conf.d/00-init.conf:3)
 port 80 namevhost webmail.test.htt-consult.com 
(/etc/httpd/conf.d/roundcubemail.conf:1)

 alias webmail
*:443  is a NameVirtualHost
 default server z9m9z.test.htt-consult.com 
(/etc/httpd/conf.d/00-init.conf:10)
 port 443 namevhost z9m9z.test.htt-consult.com 
(/etc/httpd/conf.d/00-init.conf:10)
 port 443 namevhost webmail.test.htt-consult.com 
(/etc/httpd/conf.d/roundcubemail.conf:16)

 alias webmail
 port 443 namevhost z9m9z.test.htt-consult.com 
(/etc/httpd/conf.d/ssl.conf:56)

ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex authdigest-opaque: using_defaults
PidFile: "/run/httpd/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48

roundcubemail.conf has:



#  Alias /roundcubemail /usr/share/roundcubemail
#  Alias /webmail /usr/share/roundcubemail

 ServerName webmail.test.htt-consult.com
 ServerAlias webmail

 Redirect permanent / https://webmail.test.htt-consult.com/
 ExpiresDefault "access plus 1 years"
 php_admin_flag session.cookie_secure "1"






# Round Cube Webmail is a browser-based multilingual IMAP client
#

#  Alias /roundcubemail /usr/share/roundcubemail
#  Alias /webmail /usr/share/roundcubemail

 ServerName webmail.test.htt-consult.com
 ServerAlias webmail

 SSLEngine On
 SSLCertificateFile 
/etc/pki/tls/certs/webmail.test.htt-consult.com.crt
 SSLCertificateKeyFile 
/etc/pki/tls/private/webmail.test.htt-consult.com.key


 DocumentRoot /usr/share/roundcubemail


 Require ip 192.168.0.0/16
# You can enlarge permissions once configured
#  Require all granted
 php_admin_flag session.cookie_secure "1"




# Define who can access the installer
# keep this secured once configured


# You may want to restrict the installer to a single IP address
 Require ip 192.168.0.0/16



The URL I put into firefox was:

http://webmail.test.htt-consult.com/installer/

Which got rewritten to:

https://webmail.test.htt-consult.com/installer/

Which is not in a virtual host

Now what do I do

Sigh.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] SSL_ERROR_RX_RECORD_TOO_LONG

2017-04-04 Thread Robert Moskowitz 

New 2.4 server on Centos; first attempt to connect via TLS and get:

An error occurred during a connection to webmail.test.htt-consult.com. 
SSL received a record that exceeded the maximum permissible length. 
Error code: SSL_ERROR_RX_RECORD_TOO_LONG


my conf file has:

 SSLEngine On
 SSLCertificateFile 
/etc/pki/tls/certs/webmail.test.htt-consult.com.crt
 SSLCertificateKeyFile 
/etc/pki/tls/private/webmail.test.htt-consult.com.key


4 -rw---. 1 root root 1395 Mar 22 11:14 webmail.test.htt-consult.com.crt

and

4 -rw-r-. 1 root root 1704 Mar 22 11:14 webmail.test.htt-consult.com.key

thanks


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Virtual host config and non-virtual host directories

2017-03-15 Thread Robert Moskowitz 
It seems that once you use virtual hosting, you really need to define a 
default virtual host by making something the first in the config file.


On a server without virtual hosts, I have:

VirtualHost configuration:
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex authdigest-client: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
PidFile: "/run/httpd/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48

But the one with:

VirtualHost configuration:
*:443  is a NameVirtualHost
 default server webmail.test.htt-consult.com 
(/etc/httpd/conf.d/roundcubemail.conf:2)
 port 443 namevhost webmail.test.htt-consult.com 
(/etc/httpd/conf.d/roundcubemail.conf:2)

 alias webmail
 port 443 namevhost z9m9z.test.htt-consult.com 
(/etc/httpd/conf.d/ssl.conf:56)

ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex ssl-stapling: using_defaults
PidFile: "/run/httpd/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48

So I have to work up a default virtual host to get access as I need it.

OK learned a little.

On 03/14/2017 11:16 PM, Robert Moskowitz wrote:

I am reading:

https://httpd.apache.org/docs/2.4/vhosts/examples.html

And the statement:

"The asterisks match all addresses, so the main server serves no 
requests. Due to the fact that the virtual host with |ServerName 
www.example.com| is first in the configuration file, it has the 
highest priority and can be seen as the default or primary server. 
That means that if a request is received that does not match one of 
the specified |ServerName 
<https://httpd.apache.org/docs/2.4/mod/core.html#servername>| 
directives, it will be served by this first | 
<https://httpd.apache.org/docs/2.4/mod/core.html#virtualhost>|."


I read this that if I have a conf file that does not have virtual host 
directive, it basically fails?


If my first virtual host is:



#  Alias /roundcubemail /usr/share/roundcubemail
#  Alias /webmail /usr/share/roundcubemail

 ServerName webmail.$your_domain_tld
 ServerAlias webmail

 RewriteEngine On
 ReWriteCond %{HTTP_HOST} =webmail.$your_domain_tld [NC]
 RewriteCond %{SERVER_PORT} !=443
 RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
 ExpiresDefault "access plus 10 years"
 AddOutputFilterByType DEFLATE text/html text/plain text/xml
 php_admin_flag session.cookie_secure "1"



any config that does not use virtualhost (that is just an Alias and 
directory directive) first passes through this first virtual host.  
And the way to 'fix' this is to have a dummy first virtual directive:


/etc/httpd/conf.d/00-init.conf

<VirtualHost*:80>ServerNamefoo.bar.com

?

[users@httpd] Virtual host config and non-virtual host directories

2017-03-15 Thread Robert Moskowitz 

I am reading:

https://httpd.apache.org/docs/2.4/vhosts/examples.html

And the statement:

"The asterisks match all addresses, so the main server serves no 
requests. Due to the fact that the virtual host with |ServerName 
www.example.com| is first in the configuration file, it has the highest 
priority and can be seen as the default or primary server. That means 
that if a request is received that does not match one of the specified 
|ServerName 
| 
directives, it will be served by this first | 
|."


I read this that if I have a conf file that does not have virtual host 
directive, it basically fails?


If my first virtual host is:



#  Alias /roundcubemail /usr/share/roundcubemail
#  Alias /webmail /usr/share/roundcubemail

 ServerName webmail.$your_domain_tld
 ServerAlias webmail

 RewriteEngine On
 ReWriteCond %{HTTP_HOST} =webmail.$your_domain_tld [NC]
 RewriteCond %{SERVER_PORT} !=443
 RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
 ExpiresDefault "access plus 10 years"
 AddOutputFilterByType DEFLATE text/html text/plain text/xml
 php_admin_flag session.cookie_secure "1"



any config that does not use virtualhost (that is just an Alias and 
directory directive) first passes through this first virtual host. And 
the way to 'fix' this is to have a dummy first virtual directive:


/etc/httpd/conf.d/00-init.conf

ServerNamefoo.bar.com


?

Re: [users@httpd] Apache 2.4 : Rewrite to keep the original URL

2017-03-13 Thread Robert Moskowitz 

Fabio,

Right now I am not in the position to test this.  Your .conf attempt 
looks a LOT like what I tried.


I was told:

Rewriterules and https.  Actually, looking at what you have doesn't
really tell me why it gets applied to everything and not just the
webmail.  However, I'd say that your roundcubemail.conf is much
overworked.  We use something like that on openssl.org, but it
generally looks like this:


ServerAdmin webmaster@localhost
ServerName ${HOSTNAME}
ServerAlias ${HOSTALIASES}

Redirect permanent /https://${HOSTNAME}/



Since you already know that the host is correct and that's the port 80
virtualhost, there's no point testing that with those RewriteCond you
have.  Also, Redirect is faster and preferable to RewriteRule for this
kind of stuff, seehttps://httpd.apache.org/docs/2.4/rewrite/avoid.html

Also, specifically for virtualhost config files, they should be
located in sites-available/ rather than conf.d/, see 'man a2ensite'.
conf.d/ is older style configuration of general stuff...  or well,
that's at least true for Debian, I'm not sure this is specific for
Debian distributions and their derivates or if it's a native Apache
thing.  You'll have to check the manuals to confirm.


I need to check out sites-available directory for Centos7...

But see what this does, and let me know!  I am at the IEEE 802 
conference this week, and testing is challenging right now.



On 03/11/2017 05:07 AM, Fabio S. Schmidt wrote:

Hi,

I'm trying to setup an environment with a frontend interface which 
login and redirects to my application.


The scenario is: The user access with webmail.domain.com 
 and the login page redirects to the 
application, running on the same host, but on port 81.


How could I keep the original URL? I mean, the browser should keep the 
"webmail.domain.com " as the address.


My Apache configuration:


DocumentRoot "/var/www/html/login_domain"
DirectoryIndex index.html *.php
ServerName webmail.domain.com 
SSLEngine on
SSLCertificateFile /etc/ssl/crt/apache.crt
SSLCertificateKeyFile /etc/ssl/crt/apache.key
SSLCertificateChainFile /etc/ssl/crt/ca.crt



DocumentRoot "/var/www/html/login_domain"
DirectoryIndex index.html *.php
ServerName webmail.domain.com 


Kind regards.
Fabio S. Schmidt

Re: [users@httpd] httpd 2.4.25-1.fc25 avoiding search permission errors across file systems Fedora 25 linux

2017-03-07 Thread Robert Moskowitz 
Yes,  We really want the protection afforded our servers with SELInux, 
but then there are all these policies to apply when we need to open 
things up some.


Very challenging for sure.

On 03/06/2017 09:16 AM, David B Snyder wrote:

Thanks, this seems to have worked!

I guess I need to learn about SELinux now. :)


On 03/05/2017 06:04 PM, Robert Moskowitz wrote:

Are you running SELinux?

Have you done the needed:

chcon -R -t httpd_sys_content_rw_t /diretory

commands?

On 03/05/2017 05:48 PM, David B Snyder wrote:
I am trying to set up httpd across several file systems on a Fedora 
25 Linux

 system, and I'm doing something wrong.

I haven't succeeded in getting httpd to serve pages across the 
mounted file systems.


example errors:
[Sun Mar 05 13:31:50.628070 2017] [core:error] [pid 1001] 
(13)Permission denied: [client ::1:50082] AH00035: access to 
/snyder/index.html denied (filesystem path 
'/mnt/Workspace/snyder/www/index.html') because search permissions 
are missing on a component of the path


[Sun Mar 05 13:32:01.840581 2017] [core:error] [pid 999] 
(13)Permission denied: [client ::1:50084] AH00035: access to 
/local/index.html denied (filesystem path '/home/snyder/index.html') 
because search permissions are missing on a component of the path



As far as I can tell, the permissions are correct, allowing read and 
execute

drwxr-xr-x.  14 root   root4096 Feb  3 09:51 /mnt #this works

drwxr-xr-x. 6 root root  4096 Mar  4 15:55 /mnt/Workspace #does not 
work

drwxr-xr-x.   9 snyder snyder  4096 Dec  9 10:31 /home #does not work

From httpd.conf:
...


Options Indexes FollowSymLinks
AllowOverride None
# Allow open access:
Require all granted



Options Indexes FollowSymLinks
AllowOverride None
# Allow open access:
Require all granted



Options Indexes FollowSymLinks
AllowOverride None
# Allow open access:
   Require all granted



alias /local/ /home/snyder/
alias /mnt/ /mnt/
alias /snyder/ /mnt/Workspace/snyder/www/

...

From my browser [Firefox]
'localhost'  displays the index.html

'localhost/mnt/' produces a directory listing, however clicking on the
Workspace entry [localhost/mnt/Workspace] produces 403 "Forbidden /n
You don't have permission to access /mnt/Workspace/ on this server."

'localhost/local/' produces a similar 403 "Forbidden" message.

The error_log messages are

[Sun Mar 05 13:31:50.628070 2017] [core:error] [pid 1001] 
(13)Permission denied: [client ::1:50082] AH00035: access to 
/snyder/index.html denied (filesystem path 
'/mnt/Workspace/snyder/www/index.html') because search permissions 
are missing on a component of the path


[Sun Mar 05 14:07:25.405553 2017] [autoindex:error] [pid 1000] 
(13)Permission denied: [client ::1:50688] AH01275: Can't open 
directory for index: /mnt/Workspace/, referer: http://localhost/mnt/



from /etc/mtab:
/dev/sda6 /mnt/Workspace ext4 rw,seclabel,relatime,data=ordered 0 0
/dev/mapper/fedora_snydercpu-home /home ext4 
rw,seclabel,relatime,data=ordered 0 0


I'm running Fedora 25 with
httpd.x86_64 2.4.25-1.fc25   @updates
httpd-filesystem.noarch 2.4.25-1.fc25 @updates
httpd-manual.noarch 2.4.25-1.fc25   @updates
httpd-tools.x86_64 2.4.25-1.fc25   @updates

I suppose I could work exclusively within the root file system, But 
I think I

should not have to :).

Thanks for any advice

-David Snyder






-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org







-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Help with rewriterule

2017-03-06 Thread Robert Moskowitz 

Luca,

Thank you for replying.

On 03/06/2017 04:07 AM, Luca Toscano wrote:

Hi Robert,

2017-03-05 21:57 GMT+01:00 Robert Moskowitz <r...@htt-consult.com 
<mailto:r...@htt-consult.com>>:


Hello,

This is for Apache 2.4 on Centos7.  I am migrating from Apache 2.2
on Centos6.

I want to support redirecting all webmail queries to https.  for
either queries to:

webmail.foo.com <http://webmail.foo.com> or foo.com/webmail
<http://foo.com/webmail>

My old rules were:


ServerName webmail.htt-consult.com
<http://webmail.htt-consult.com>
ServerAlias webmail
RewriteEngine On
RewriteCond  %{SERVER_PORT} !^443$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
ExpiresDefault "access plus 10 years"
AddOutputFilterByType DEFLATE text/html text/plain text/xml
php_admin_flag session.cookie_secure "1"


This SEEMED to only work for the webmail virtual host, and not
others on this server.  When I used this rule set on the new
server, it clearly was redirecting all web accesses to https. 



Have you checked if the VirtualHost is the default one (you can use 
apachectl -S to confirm)?


Comes back  response.


So I tried to write a more restrictive rule, trying to follow
instructions from

http://httpd.apache.org/docs/current/rewrite/intro.html
<http://httpd.apache.org/docs/current/rewrite/intro.html>

It would seem the rule:

RewriteRule ^.*webmail
https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

Should work, but the test site I tried:

http://martinmelin.se/rewrite-rule-tester/
<http://martinmelin.se/rewrite-rule-tester/>

Did not show this did the rewrite to https. 



So from 
http://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewriterule:


"RewriteRule Pattern Substitution [flags]"
"In VirtualHost context, The Pattern will initially be matched against 
the part of the URL after the hostname and port, and before the query 
string (e.g. "/app1/index.html"). This is the (%-decoded) URL-path."
If I got it correctly you are trying to match the hostname in the 
Pattern, that shouldn't work in Vhost context.


Also how to direct Webmail.foo.com <http://Webmail.foo.com> to
https://webmail.foo.com?


https://httpd.apache.org/docs/2.4/mod/mod_alias.html#redirect or 
https://httpd.apache.org/docs/2.4/mod/mod_alias.html#redirectmatch 
might help you (and in my opinion they are way more maintainable than 
rewrite rules).



RedirectMatch ^.*webmail https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

But how do I get this NOT to redirect when it is already https:// ?
And how do I handle Webmail as well as webmail?  Would that be

RedirectMatch ^.*[wW]ebmail https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

thanks

Re: [users@httpd] httpd 2.4.25-1.fc25 avoiding search permission errors across file systems Fedora 25 linux

2017-03-05 Thread Robert Moskowitz 

Are you running SELinux?

Have you done the needed:

chcon -R -t httpd_sys_content_rw_t /diretory

commands?

On 03/05/2017 05:48 PM, David B Snyder wrote:
I am trying to set up httpd across several file systems on a Fedora 25 
Linux

 system, and I'm doing something wrong.

I haven't succeeded in getting httpd to serve pages across the mounted 
file systems.


example errors:
[Sun Mar 05 13:31:50.628070 2017] [core:error] [pid 1001] 
(13)Permission denied: [client ::1:50082] AH00035: access to 
/snyder/index.html denied (filesystem path 
'/mnt/Workspace/snyder/www/index.html') because search permissions are 
missing on a component of the path


[Sun Mar 05 13:32:01.840581 2017] [core:error] [pid 999] 
(13)Permission denied: [client ::1:50084] AH00035: access to 
/local/index.html denied (filesystem path '/home/snyder/index.html') 
because search permissions are missing on a component of the path



As far as I can tell, the permissions are correct, allowing read and 
execute

drwxr-xr-x.  14 root   root4096 Feb  3 09:51 /mnt #this works

drwxr-xr-x. 6 root root  4096 Mar  4 15:55 /mnt/Workspace  #does not work
drwxr-xr-x.   9 snyder snyder  4096 Dec  9 10:31 /home  #does not 
work


From httpd.conf:
...


Options Indexes FollowSymLinks
AllowOverride None
# Allow open access:
Require all granted



Options Indexes FollowSymLinks
AllowOverride None
# Allow open access:
Require all granted



Options Indexes FollowSymLinks
AllowOverride None
# Allow open access:
   Require all granted



alias /local/ /home/snyder/
alias /mnt/ /mnt/
alias /snyder/ /mnt/Workspace/snyder/www/

...

From my browser [Firefox]
'localhost'  displays the index.html

'localhost/mnt/' produces a directory listing, however clicking on the
Workspace entry [localhost/mnt/Workspace] produces 403 "Forbidden /n
You don't have permission to access /mnt/Workspace/ on this server."

'localhost/local/' produces a similar 403 "Forbidden" message.

The error_log messages are

[Sun Mar 05 13:31:50.628070 2017] [core:error] [pid 1001] 
(13)Permission denied: [client ::1:50082] AH00035: access to 
/snyder/index.html denied (filesystem path 
'/mnt/Workspace/snyder/www/index.html') because search permissions are 
missing on a component of the path


[Sun Mar 05 14:07:25.405553 2017] [autoindex:error] [pid 1000] 
(13)Permission denied: [client ::1:50688] AH01275: Can't open 
directory for index: /mnt/Workspace/, referer: http://localhost/mnt/



from /etc/mtab:
/dev/sda6 /mnt/Workspace ext4 rw,seclabel,relatime,data=ordered 0 0
/dev/mapper/fedora_snydercpu-home /home ext4 
rw,seclabel,relatime,data=ordered 0 0


I'm running Fedora 25 with
httpd.x86_64 2.4.25-1.fc25   @updates
httpd-filesystem.noarch 2.4.25-1.fc25   @updates
httpd-manual.noarch 2.4.25-1.fc25   @updates
httpd-tools.x86_64 2.4.25-1.fc25   @updates

I suppose I could work exclusively within the root file system, But I 
think I

should not have to :).

Thanks for any advice

-David Snyder






-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] Help with rewriterule

2017-03-05 Thread Robert Moskowitz 

Hello,

This is for Apache 2.4 on Centos7.  I am migrating from Apache 2.2 on 
Centos6.


I want to support redirecting all webmail queries to https.  for either 
queries to:


webmail.foo.com or foo.com/webmail

My old rules were:


ServerName webmail.htt-consult.com
ServerAlias webmail
RewriteEngine On
RewriteCond  %{SERVER_PORT} !^443$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
ExpiresDefault "access plus 10 years"
AddOutputFilterByType DEFLATE text/html text/plain text/xml
php_admin_flag session.cookie_secure "1"


This SEEMED to only work for the webmail virtual host, and not others on 
this server.  When I used this rule set on the new server, it clearly 
was redirecting all web accesses to https.  So I tried to write a more 
restrictive rule, trying to follow instructions from


http://httpd.apache.org/docs/current/rewrite/intro.html

It would seem the rule:

RewriteRule ^.*webmail https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

Should work, but the test site I tried:

http://martinmelin.se/rewrite-rule-tester/

Did not show this did the rewrite to https.  Also how to direct 
Webmail.foo.com to https://webmail.foo.com?


Thank you



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[EMAIL PROTECTED] Beginning Apache 2 setup

2006-01-01 Thread Robert Moskowitz 

Linux Centos 4.2 build

Double NATed and behind firewall (lab net), so security too much of 
an issue at this time.


Goal:  set up a directory of files to access by another system.

So I enable user directory, do a chmod 711 /home/user and chmode 755 
/home/user/public_html


And get forbidden access.

What did I do wrong, or better yet where is a GOOD source?  (or even 
a setup script!)


So I try to put files in /var/www/html, while logged in as root.

Create index.html with the sole content of:

hello

and that displays.

So I create directory xx

and localhost/xx does not exist.

So I create file /var/www/html/more.html

and localhost/more.html does not exist.

OK.  Where have I gone wrong?

I have an OLD version of Apache running on NT, but that of course is 
a diffferent setup.



Barrs Law of Recursive futility
If you're smart enough to use one of these
.you can probably manage without one!



-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
 from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Beginning Apache 2 setup

2006-01-01 Thread Robert Moskowitz 

At 10:57 AM 1/1/2006, [EMAIL PROTECTED] wrote:


Have you sent up a directory container in your httpd.conf
file to give apache access to the said directory?

like:


thanks for the tips.  I suspect that I have to do ALL of this



Directory path/to/your/dir
  Options None
  Options Indexes
  Order deny,allow
  Deny from all
  Allow from localhost
  Allow from
/Directory

Also, if you want to allow access to the directories in
/home/user/public_html, you will need to enable load and
enable mod_userdir, as these directories are usually outside
of the normal document root path. see Apache Module
mod_userdir for details.

Keith


On Sun, 1 Jan 2006, Robert Moskowitz wrote:

 To: users@httpd.apache.org
 From: Robert Moskowitz [EMAIL PROTECTED]
 Subject: [EMAIL PROTECTED] Beginning Apache 2 setup

 Linux Centos 4.2 build

 Double NATed and behind firewall (lab net), so security too much of an
 issue at this time.

 Goal:  set up a directory of files to access by another system.

 So I enable user directory, do a chmod 711 /home/user and chmode 755
 /home/user/public_html

 And get forbidden access.

 What did I do wrong, or better yet where is a GOOD source?  (or even a
 setup script!)

 So I try to put files in /var/www/html, while logged in as root.

 Create index.html with the sole content of:

 hello

 and that displays.

 So I create directory xx

 and localhost/xx does not exist.

 So I create file /var/www/html/more.html

 and localhost/more.html does not exist.

 OK.  Where have I gone wrong?

 I have an OLD version of Apache running on NT, but that of course is a
 diffferent setup.


 Barrs Law of Recursive futility
 If you're smart enough to use one of these
 .you can probably manage without one!



 -
 The official User-To-User support forum of the Apache HTTP Server Project.
 See URL:http://httpd.apache.org/userslist.html for more info.
 To unsubscribe, e-mail: [EMAIL PROTECTED]
  from the digest: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]




-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
 from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]