Re: [users@httpd] Multi site SSL problems
Hello. By the way, do you have the setting enabled to use the Host header used to switch NameVirtualHost during TLS negotiation? I don't know how to do that since the Japanese documentation is rarely updated :) Were those things implemented? Regards. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] basic question ---
Hello. Frank Gingras wrote on 2023/10/17 02:22: > That's just multiviews. For that matter, do everyone else do multiviews? What if we simply name the file b, and then do the following? SetHandler php-script # If it works via CGI as well. SetHandler cgi-script Regards. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Apache service reported path is invalid
Hello. Do I have to keep attaching png named jpg here? :) According to that png or jpeg or whatever it is, it still has . That means the following pattern will pass, right? D:\path\to\dir D:/path/to/dir \\hostname_or_ipaddress\path\to\dir //hostname_or_ipaddress/path/to/dir Regards. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] SetEnvIf and exceptions
Dave Wreski wrote on 2023/04/12 01:39: > In case I wasn't clear, simply removing the caret was not enough to make this > work. The "Require env SOMENAME2" was enough to begin blocking every page on > the site with a 403, not just the RSS feeds or the bots, but every legitimate > request. > > I'm going to do more research on RequireAll, but isn't that essentially > saying AND? Require all AND Require not env SOMENAME1 AND Require env > SOMENAME2? How can that ever match? > > I suppose that also means it wouldn't be RequireAny because it would always > match the Require all. The purpose of this is to include related keywords, and I wrote it without understanding the logic required for actual operation. There might be a funny reversal going on somewhere. Is this correct? :) Require all granted Require not env IS_BOT Require env IS_RSS Regards. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] SetEnvIf and exceptions
Hello. Frank Gingras wrote on 2023/04/11 13:36: > The legacy authz directives from 2.2 will indeed cause issues when mixed > with Require (2.4). Do not mix them. Yes. Basically, they MUST NOT BE MIXED, but we should know how they behave when the mod_access_compat is loaded. I think it was like this :) +--- mod_authz_core --+ +--- mod_access_compat --+ | | || (entry) | granted | | Allow | -+--+-> 200 | | | || | | denied | | | Deny | | +- | -+ +--- | --+ | | v v 403403 Is that correct? :) If Order directive is not written, it defaults to Order Deny,Allow. When Order is Deny,Allow, all are allowed by default, so mod_access_compat is passed by... ...I guess that's what it means. Regards. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] SetEnvIf and exceptions
Dave Wreski wrote on 2023/04/11 10:54:
> SetEnvIf user-agent "(?i:TurnitinBot)" stayout=1
> SetEnvIf Request_URI "^linuxsecurity_features\.*$" !stayout
I have done it in the past, too.
It was like allowing another level of conditions to be attached to Allow and
Deny, depending on the condition that defines the variable and the condition
that undefines the variable, right? :)
This is no longer needed, so change the name to something that makes sense.
SetEnvIf user-agent "(?i:TurnitinBot)" SOMENAME1
SetEnvIf Request_URI "^linuxsecurity_features\.*$" SOMENAME2
And let it meet all the requirements.
Require all granted
Require not env SOMENAME1
Require env SOMENAME2
...According to mod_authz_core.html, it looks like we don't even need SetEnvIf.
Require all granted
Require not expr "%{HTTP_USER_AGENT} =~ /SomeBot/"
Require expr "%{REQUEST_URI} =~ /^linuxfoo/"
The outermost is verbose.
I'm on the teaching side, but I've never used expr, so I don't know if the
syntax is correct. :)
I did my research on it a long time ago and I don't know if it is still
correct...
The result of this access control is broken by the Order, Allow, and Deny
directives :)
Sure, I thought that all of those directives should be allowed by
Order Deny,Allow
or
Allow from all
, but I forgot :)
For now, Order, Allow, and Deny should be removed if they exist somewhere :)
Regards.
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] SetEnvIf and exceptions
Hello. I don't know what is troubling you... For now, don't use the combination of Order,Allow,Deny and Require* in configuration file that will be created in 202x. :) AllowDeny of ENV should be replaced by the following. Allow from env=X_FOOBAR -> Require env X_FOOBAR It can write more complex conditions. Regards. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Re: Unable to connect to Apache test website on LocalHost
Hello. While it is important to look at the error logs, this may not have led to a situation where the proper error logs are output :) First, make sure they edit the appropriate config files and also make sure they are rebooting the appropriate server processes. For example, they could write some characters in the config file they are editing that would cause a parse error on purpose and restart apache.exe. If and when the server stops working, it is probably editing the appropriate configuration files :) Regards. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Unable to load javascript files with the apache configuration file
Hello. I understood why everyone was having a hard time :) With the default log level, no error log seems to be written in case of a 404 error. As far as that access log is concerned, Does teacherregister.php exist in /var/www/html ? If so, do /var/www/html/javascript/*.js exist? We would like to confirm that first. Or change the level of error logging to more verbose side. Regards. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Cannot write to the web directory
Frank Gingras wrote on 2021/03/20 09:46: > It has nothing to do with being "free to do anything". > > This is about basic security, and the principle of least privileges. However, a directory with permissions of 0755 (rwxr-xr-x) on FreeBSD behaves the same as a Linux directory with permissions of perhaps 2755 (rwxr-sr-x). I want to deal with the problem of unrelated groups propagating as owners, not basic security or least privilege. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Cannot write to the web directory
Frank Gingras wrote on 2021/03/19 21:36: > This is an extremely bad idea. You should never write to the docroot from > your application. Write outside the docroot instead, and use group write > permissions. Isn't root the owner of docroot? When the user of an application is the owner, he should be free to do anything. If you don't want users of the application to be free to do so, change the owner/groups separately and don't give them permission. If we don't understand that we can barricade ourselves in with just that, we will need an extra security system. like SEx. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Cannot write to the web directory
I'm not sure, but FreeBSD happens to be different from Linux, so please change the directory group to www as well. Permissions of 700, 750, 755, 770 or 775 should be sufficient. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Re: Customizing the HTTP Reason Phrase
In most cases, mod_asis in httpd.conf will probably remain commented out. Everyone's favorite :), mod_cgi and mod_cgid, will be set to use it. Both mod_asis and mod_cgi use ap_scan_script_header_*, so the response code will change depending on the Status header. The special consideration of the Status header is due to the RFC 3875. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Opening Web Interface
Brandon Helsley wrote on 2021/01/06 10:02: > I'm trying to open the web interface for poudriere on FreeBSD and have > copied the sample configuration file into the includes directory. I haven't > made any changes to this configuration file or the httpd.conf file yet. I'm > not sure which directives I need to add or MPM's or modules to open the web > interface for poudriere. Could someone assist me? > I think the shortest steps for what you want to do are as follows: make -C /usr/ports/ports-mgmt/poudriere/ install make -C /usr/ports/www/apache24/ install cp /usr/local/share/examples/poudriere/httpd.conf.sample /usr/local/etc/apache24/Includes/poudriere.conf service apache24 onerestart fetch -o - "http://localhost/poudriere/; | less The default MPM is prepork, but there will be other MPMs available: event and worker. You can use it by toggling comment out of LoadModule in /usr/local/etc/apache24/httpd.conf. Regards. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] proxy_html / xml2enc won't handle certain HTML entities
I have added xml2EncDefault UTF-8 directive with something wrong when combining xml2enc_module and proxy_html_module. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] mod_alias: Redirect directive and expression syntax
Hello. mod_alias has been added expression parser support since revision below. https://svn.apache.org/viewvc?view=revisionrevision=1653941 https://svn.apache.org/viewvc?view=revisionrevision=1663259 That change doesn't meet the conditions of below wrote in document. If the status is between 300 and 399, the URL argument must be present. If the status is not between 300 and 399, the URL argument must be omitted. Perhaps, it needs a fix. I have already used a patch attached to 2.4.x-dev. Regards. -- Tatsuki Makino tatsuki_mak...@hotmail.com patch-2.4.x-r1670805-mod_alias.c Description: Binary data - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
