[users@httpd] Multible SSL sites for a single httpd/IP
hello, Can I host multible SSL sites on the same IP and port? (x.x.x.x:443) I want to setup a grand proxy for in front of a vast number of apache and iis (and other webservers), in order to avoid complex ssl configs throughout the platform, i want to reverse proxy as plain http to the backend, where initial connection is https.. I recently read something about apache httpd being able to do this, however, it never before came across my attention... br congo - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Cant modify LD_LIBRARY_PATH
Friends, Please, if this is obvious and thats why no one responded, please hint me. I am thinking that LD_LIBRARY_PATH might be a reserved word. However i cant believe that i couldnt modify this var, per vhost. br congo On Wed, March 28, 2012 09:49, congo thomas wrote: Any ideas on why this bevaior? My httpd is apache 2.2.3 on centos. br congo On Sun, March 25, 2012 23:11, congo thomas wrote: hello world, So i have this vhost that looks like: VirtualHost *:80 ServerName bar.foo DocumentRoot /var/www/bar.foo/wwwroot SetEnv LD_LIBRARY_PATH /usr/local/mapserver/v52/lib SetEnv XLD_LIBRARY_PATH /usr/local/mapserver/v52/lib Directory/var/www/foo.bar/wwwroot/cgi-bin AllowOverride None allow from all Options +ExecCGI /Directory /VirtualHost However - the LD_LIBRARY_PATH is not set to my specific path, in this case for mapserver 5.2 libs. Yet if I run with any other name it goes through smoothly and sets the env correctly - only the code only supports LD_LIBRARY_PATH and not (say) XLD_LIBRARY_PATH... What is going on, and how do I get around it? br Congo - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Cant modify LD_LIBRARY_PATH
Any ideas on why this bevaior? My httpd is apache 2.2.3 on centos. br congo On Sun, March 25, 2012 23:11, congo thomas wrote: hello world, So i have this vhost that looks like: VirtualHost *:80 ServerName bar.foo DocumentRoot /var/www/bar.foo/wwwroot SetEnv LD_LIBRARY_PATH /usr/local/mapserver/v52/lib SetEnv XLD_LIBRARY_PATH /usr/local/mapserver/v52/lib Directory/var/www/foo.bar/wwwroot/cgi-bin AllowOverride None allow from all Options +ExecCGI /Directory /VirtualHost However - the LD_LIBRARY_PATH is not set to my specific path, in this case for mapserver 5.2 libs. Yet if I run with any other name it goes through smoothly and sets the env correctly - only the code only supports LD_LIBRARY_PATH and not (say) XLD_LIBRARY_PATH... What is going on, and how do I get around it? br Congo - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Cant modify LD_LIBRARY_PATH
hello world, So i have this vhost that looks like: VirtualHost *:80 ServerName bar.foo DocumentRoot /var/www/bar.foo/wwwroot SetEnv LD_LIBRARY_PATH /usr/local/mapserver/v52/lib SetEnv XLD_LIBRARY_PATH /usr/local/mapserver/v52/lib Directory/var/www/foo.bar/wwwroot/cgi-bin AllowOverride None allow from all Options +ExecCGI /Directory /VirtualHost However - the LD_LIBRARY_PATH is not set to my specific path, in this case for mapserver 5.2 libs. Yet if I run with any other name it goes through smoothly and sets the env correctly - only the code only supports LD_LIBRARY_PATH and not (say) XLD_LIBRARY_PATH... What is going on, and how do I get around it? br Congo - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Upgrading from httpd 2.2.3 to 2.2.22
hello dain, just to make sure: you did ofcourse stop the old httpd before doing this upgrade? i know that a running version cannot be patched on the fly, you need at least to restart it for it to discover new version and other metadata, and propably reload the libs. but i would suggest, since you did a standalone installation from the apache.org, and not the up2date/yum rhel packages precompiled repos, please uninstall that one first, and then traverse again with the new version that rhel doesnt actually know about just yet. This is because; they might patch you from the repos, and i dont think we can expect the package managers to take this in mind. what will happen to a 2.2.22 that is suddenly minor patched as being 2.2.3--2.2.17 for instance, maybe some modules survive but the grand picture looks spoiled. thats my ½ cent. br congo On Fri, February 10, 2012 23:19, HARRIS, DAIN wrote: Greetings comrades! I'm currently administering a rather impressive system and I've been tasked with upgrading patching many applications that have been needing upgrades for some time now. One of them happens to be httpd Apache that's currently running on RHEL 5 @ version 2.2.3 ( httpd-2.2.3-53.el5_7.3 ). I've worked with Red Hat in the past but I'm a bit rusty, and I haven't encountered a task like this yet. All I want to do is upgrade from version 2.2.3 to 2.2.22, ideally overwriting the existing version and retaining all data / conf files / directory structure. Here's a small list of where I'm at so far: Downloaded the current version httpd 2.2.22 from Apache.org Verified with md5 checksum Configured as ./configure - -prefix /etc/httpd/ Make Make install Apache installs the new version to the existing /etc/httpd/ directory, but the command ' service httpd start ' still runs the old version of Apache. Also this command, httpd -V, still outputs the old version of Apache as 2.2.3; Is there more tweaking needed in the OS to tell Apache where the new install is? I shouldn't need to remove the old version first, then install the new version should I? Best Regards, Dain Harris - Systems Engineer - Modelshop - ATT Mobility and Consumer Markets 1277 Lenox Park BLVD NE Office 3A49, Atlanta GA 30319 Office (404)499-7094 - Mobile (954)600-0090 - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] ssl need explicit https
hello world, i have this webserver (apache 2.2.15 redhat) on which i want a vhost with ssl. i only want one nic, so i configured a new public ip to nat its port 443 into my local ssl port (not 443) for the vhost. The nat tunnels are open and works as expected. However when i setup apache to listen on the nonstandard ssl port and enable ssl, the client/browser is met with a requirement to switch to https. http://web.site:443 gives: 400 bad request yada yada please visit https://web.site So i want apache to allow 443 on standard http protocol to automatically forward to https protocol. I tried rewriting the url to use https; though rewriting rules was not respected at all... How can i do this? br congo - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] AllowOverride
Hello world, am i the only one with this trouble? br congo thomas On Tue, January 17, 2012 13:52, congo thomas wrote: I am having the Directory / set to None for allowoverride. My problem persists in having this set: VirtualHost *:80 ... Directory /var/www/website/ AllowOverride FileInfo /Directory ... /VirtualHost - following restart apache, and then (executed as website-user in this case): $ touch /var/www/website/.htaccess $ chmod 644 /var/www/website/.htaccess $ cat IfModule mod_rewrite.c RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] /IfModule /var/www/website/.htaccess For instance this should work: http://website/hello-world/ - however, that gives my 404, hence the htaccess file is not respected. So when I go to Directory / and adjust setting for AllowOverride to FileInfo instead of None, then http://website/hello-world/ works fine and returns 200. In other cases its basic auth using htpasswd file that is not respected due to this global option being set to None. Is there another flag that i should raise, to allow overriding globals, inside a vhost container? Thomas On Tue, January 17, 2012 00:58, Igor Cicimov wrote: This should absolutely work. From the documentation: For security and performance reasons, do not set AllowOverride to anything other than None in your Directory / block. Instead, find (or create) the Directory block that refers to the directory where you're actually planning to place a .htaccess file. What is exactly not working and how are you testing? On Tue, Jan 17, 2012 at 9:42 AM, congo thomas apa...@thva.dk wrote: Hello world, I am being bullied by the security considerations of a standard apache installation on centos-5.6 and rhel-6 aswell - these apache are recent flavors from the respective repos of these platforms. The problem is this snippet from httpd.conf ## Directory / Options FollowSymLinks AllowOverride None /Directory ## are causing any htaccessfile not to be respected, then one might think, i will adjust that in my vhost for this particular directory where i have a .htaccess file. However that just will not work, nor with AllowOverride FileInfo or AllowOverride All, like so: Directory /var/www/website/ AllowOverride FileInfo /Directory So i thought to put it inside httpd.conf with the exact catalogue name that is used in the vhostsfile - not event that allows respecting of the presence of .htaccess file in the catalogue. The goal is to disallow the reading of htaccessfiles (AllowOverride None) in all directories served, besides the one at /var/www/website, its okay if they are not read from /var/www/websites/congo/. Not that i have a few vhost containers, so the generic solution would be appreciated to implement. Ive spend hours locating the problem, and hours trying various combinations and browsing suggestions through - no solution yet... br congo - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] AllowOverride
I am having the Directory / set to None for allowoverride. My problem persists in having this set: VirtualHost *:80 ... Directory /var/www/website/ AllowOverride FileInfo /Directory ... /VirtualHost - following restart apache, and then (executed as website-user in this case): $ touch /var/www/website/.htaccess $ chmod 644 /var/www/website/.htaccess $ cat IfModule mod_rewrite.c RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] /IfModule /var/www/website/.htaccess For instance this should work: http://website/hello-world/ - however, that gives my 404, hence the htaccess file is not respected. So when I go to Directory / and adjust setting for AllowOverride to FileInfo instead of None, then http://website/hello-world/ works fine and returns 200. In other cases its basic auth using htpasswd file that is not respected due to this global option being set to None. Is there another flag that i should raise, to allow overriding globals, inside a vhost container? Thomas On Tue, January 17, 2012 00:58, Igor Cicimov wrote: This should absolutely work. From the documentation: For security and performance reasons, do not set AllowOverride to anything other than None in your Directory / block. Instead, find (or create) the Directory block that refers to the directory where you're actually planning to place a .htaccess file. What is exactly not working and how are you testing? On Tue, Jan 17, 2012 at 9:42 AM, congo thomas apa...@thva.dk wrote: Hello world, I am being bullied by the security considerations of a standard apache installation on centos-5.6 and rhel-6 aswell - these apache are recent flavors from the respective repos of these platforms. The problem is this snippet from httpd.conf ## Directory / Options FollowSymLinks AllowOverride None /Directory ## are causing any htaccessfile not to be respected, then one might think, i will adjust that in my vhost for this particular directory where i have a .htaccess file. However that just will not work, nor with AllowOverride FileInfo or AllowOverride All, like so: Directory /var/www/website/ AllowOverride FileInfo /Directory So i thought to put it inside httpd.conf with the exact catalogue name that is used in the vhostsfile - not event that allows respecting of the presence of .htaccess file in the catalogue. The goal is to disallow the reading of htaccessfiles (AllowOverride None) in all directories served, besides the one at /var/www/website, its okay if they are not read from /var/www/websites/congo/. Not that i have a few vhost containers, so the generic solution would be appreciated to implement. Ive spend hours locating the problem, and hours trying various combinations and browsing suggestions through - no solution yet... br congo - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] AllowOverride
Hello world, I am being bullied by the security considerations of a standard apache installation on centos-5.6 and rhel-6 aswell - these apache are recent flavors from the respective repos of these platforms. The problem is this snippet from httpd.conf ## Directory / Options FollowSymLinks AllowOverride None /Directory ## are causing any htaccessfile not to be respected, then one might think, i will adjust that in my vhost for this particular directory where i have a .htaccess file. However that just will not work, nor with AllowOverride FileInfo or AllowOverride All, like so: Directory /var/www/website/ AllowOverride FileInfo /Directory So i thought to put it inside httpd.conf with the exact catalogue name that is used in the vhostsfile - not event that allows respecting of the presence of .htaccess file in the catalogue. The goal is to disallow the reading of htaccessfiles (AllowOverride None) in all directories served, besides the one at /var/www/website, its okay if they are not read from /var/www/websites/congo/. Not that i have a few vhost containers, so the generic solution would be appreciated to implement. Ive spend hours locating the problem, and hours trying various combinations and browsing suggestions through - no solution yet... br congo - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] attack on apache - solved -
On Fri, January 13, 2012 20:48, Luisa Ester Navarro wrote: Thanks a lot to everyone who help me to solve the problem. I had installed phpmyadmin and they used it to attack my server. I found this in /var/log/httpd/access_log So which measures did you take into account to fix the problem? -deinstalling pma? -did you encounter the vulnerability by the pma-version being aged and then maybe patched your way out of the problem? -or even possibly you restricted access to the pma app from the big bad (internet). by the way, which platform was this happening on again? Cheers Luisa This debate have been interesting to follow - like many of the others... br congo - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Q) apache + W2008R2 + NLB
On Tue, December 6, 2011 20:35, Yehuda Katz wrote: On Tue, Dec 6, 2011 at 2:23 PM, Alex Samad - Yieldbroker alex.sa...@yieldbroker.com wrote: 1) any idea if there is a tomcat (AJP) connector that would work or are all the standard modules compiled http://tomcat.apache.org/tomcat-4.0-doc/config/ajp.html just to make clear of the tomcat versions: http://tomcat.apache.org/tomcat-6.0-doc/config/ajp.html http://tomcat.apache.org/tomcat-7.0-doc/config/ajp.html - I use tomcat6 in various contents both on win32 and win64 and rhel64, thinking of upgrading to tomcat7 or finding another servlet container for the java... if you dont dare to encounter ajp, you can always proxypass or even balance several tomcats with apache (either http or ajp in front of tomcat). Binaries for mod_jk are available for several platforms in the same area as the Tomcat Binary Release. The binaries are located in subdirectories by platform. For some platforms, such as Windows, this is the typical way of obtaining mod_jk since most Windows systems do not have C compilers. For others, the binary distribution of mod_jk offers simpler installation. 2) what worker model is it mpm or single thread ? There is a special MPM for Windows. http://httpd.apache.org/docs/2.2/mod/mpm_winnt.html br congo - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Proxy Tomcat
Hello Ricardo, What i usually do for geo services, is to have a dedicated vhost for each service, i.e. one for your geowebcache and one for the mapservice, then its easy to proxy all wms requests onwards to the geowebcache, which subsequently could parse the requests to a basic wms service somewhere, in order to cache the content. If you rewrite these requests, i guess you could experience problems when upgrading the gwc, or if your query string changes, or in other matters where something suddenly behaves oddly. Not to mention confusing debugging... Then your request could be wms.someAddress/?val1=1val2=2, which you parse to the gwc site http://10.0.0.2:8080/ (like your current proxypass), and then you could setup that tomcat-site to host the gwc as the root i.e. http://10.0.0.2:8080/service/wms?val1=1val2=2, will yield geo-content. Is this at all any help to you? -since you might have to do some changes, it could be useless for your specific setup. //congo On Fri, November 18, 2011 22:54, Ricardo Bayley wrote: Hi folks, I am trying to proxy a request. I have this input http://someAddress/wms?val1=1val2=2 it should be turned into http://10.0.0.2:8080/gwc/service/wms?val1=1val2=2 ProxyPassReverse / http://10.0.0.2:8080/ ProxyPass / http://10.0.0.2:8080/ RewriteEngine On # RewriteCond *some condition* RewriteRule ^/wms(.*)$ http://10.0.0.2:8080/wms%{QUERY_STRING} [P] If I write = RewriteRule ^/wms(.*)$ http://10.0.0.2:8080/wms*?*%{QUERY_STRING} [P] then %{QUERY_STRING} wont be placed. But if I don't place the ? then I am not properly forming the request. Can anyone help ? best regards, Ricardo - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Healthcheck of proxy config
Hello good people, This is a request for sanity check of a running config under Apache 2.0.52. I have this single vhost that was configured long ago. I recently was handed over the ownership of the config, and it struct me that it was a bit peculiarly, in the sense that i am not all sure if the Location tag ACL will limit the use of the proxy? Furthermore I am uncertain whether to run proxyrequests on or off - since reading the docs dont make it clear to me. VirtualHost *:80 ServerName www DocumentRoot /oathto/www Directory /pathto/www/tomcat/content AllowOverride None Order deny,allow deny from all /Directory ProxyRequests On ProxyPass /content http://content.site:10610/content ProxyPassReverse /content http://content.site:10610/content Location / Order Deny,Allow Deny from all Allow From 127.0.0.1 Allow From ip Allow From another.ip Allow From yet.another.ip /Location /VirtualHost br congo - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Proxy all but one location
Hello experts, I have this application (geowebcache its called), running in tomcat. I use Apache2 to proxy all http requests into the geowebcache. However I have come across this boundry where my knowledge of apache configuration reaches my edges... I dont know how to exclude /cache from being proxied. Right now my config looks like: ### ServerName gwc-server DocumentRoot /var/www/gwc/wwwroot Directory /var/www/gwc/wwwroot/WEB-INF #disallow webinf from being browsed via apache AllowOverride None Order deny,allow deny from all /Directory ProxyRequests On ProxyPass / http://gwc-server:9830/ ProxyPassReverse/ http://gwc-server:9830/ ### Please understand that gwc-server:9830 is the tomcat hosting the gwc-application. Tomcat is running on the same host as apache. How do i make http://gwc-server/cache not being routed through tomcat? (tomcat serves it aswell, but since its static content, i want to skip this layer due to heavy load; hence performance issues with the java tomcat serving it). br congo thomas - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] limit access to certain query strings
Hello chiefs, How do i limit (allow/deny) access to certain query strings? Actual example: 1) I want to allow only 'user1' access to http://example.com/yadayada/?page=abc 2) I want to allow only 'user2' access to http://example.com/yadayada/?page=def 3) I want to allow everyone access to everything else on the site. Users live are created via htpasswd. Notice that i proxypass the stuff in /yadayada/ to tomcat (backend), but i want access control to live outside tomcat. I felt this was safe enough for the purpose, since the tomcat is not publicly available. I felt no serious safty gaps in such setup - if you dont feel the same, please make your approach explicit... br thomas - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org