[EMAIL PROTECTED] Editing the conf breaks my server
Greetings allNewbie alert! I am new to this list and new to apache, so please forgive me if my understandings of the protocols aren't 100% yetI also did not find a dedicated list for win32 so I have assumed its the same list. please correct me if I am wrongI have a problem that I seriously cannot pinpoint.I do a bit of development on my local box and use apache (of course) as my web serverI have installed apache quite a few times before and know how to change the document root to another localtion ( ie D:\wed ) etc Now I recently reinstalled windows from scratch and am now in the process of reinstalling apache. Trying to.I install it, open a web broswer, type localhost and i get the default pagei edit the httpd.conf file and change the document root fromDocumentRoot C:/Program Files/Apache Group/Apache2/htdocsto DocumentRoot D:/webWhich is where my web root sitsI also edit # This should be changed to whatever you set DocumentRoot to.#Directory C:/Program Files/Apache Group/Apache2/htdocstoDirectory D:/weband save the config and restart the server The minute I restart the server and hit localhost in my browser , it hangs and searches for localhost and never finds itI have tried changing the config back to its original state to test it again, restarting the server service all the time and still no joy. I use the apache monitor to restart the serviceNO joyits no proxy settings or anything of the sort as I do not have any proxyhowever when I go into windows services and restart the service from there and not the apache services monitor it seems to work, however I am still testing this I have reinstalled apache over and over again removed it, deleted all remaining files, downloaded a new copy of the win32 installer installed again and still the same problemI am not sure if its some funky setting on this box or if the apache monitor is wonky or if I am just forced to suffer for my sins now and cruise on through the pearly gates at a later stage in my life. Any idea?please?
Re: [EMAIL PROTECTED] Editing the conf breaks my server
HI larryI used the default httpd.conf file that comes with the install with the exception of 2 changes ( ie changing the document path )Even when I changed them back to the default settings theproblem was still occuring Its listening on port 80 as a service and no other conflicting services or software is presentOn 4/4/06, Larry Flathmann [EMAIL PROTECTED] wrote:Hi Paul,Your log file doesn't indicate anything out of hte normal. Have you tried just viewing the default page that comes with the Apacheinstall, the one that says If you can see this, it means that theinstallation of the Apache web server http://www.apache.org/foundation/preFAQ.html software on this systemwas successful. You may now add content to this directory and replacethis page. Did that work? If so, then send your httpd.conf file, because there's got to be some detail that's messed up.One other possibility that comes to mind is whether you've configuredApache to listen on the right address (localhost, or your local IP, orwhatever) --LarryPaul wrote: Thanks Larry I am not sure how to read the log files so here it is [Mon Apr 03 22:55:38 2006] [notice] Apache/2.0.55 (Win32) configured -- resuming normal operations [Mon Apr 03 22:55:38 2006] [notice] Server built: Oct9 2005 19:16:56 [Mon Apr 03 22:55:38 2006] [notice] Parent: Created child process 3908 [Mon Apr 03 22:55:38 2006] [notice] Child 3908: Child process is running [Mon Apr 03 22:55:38 2006] [notice] Child 3908: Acquired the start mutex. [Mon Apr 03 22:55:38 2006] [notice] Child 3908: Starting 250 worker threads. [Mon Apr 03 23:01:41 2006] [notice] Parent: Received restart signal -- Restarting the server. [Mon Apr 03 23:01:41 2006] [notice] Child 3908: Exit event signaled. Child process is ending. [Mon Apr 03 23:01:41 2006] [notice] Apache/2.0.55 (Win32) configured -- resuming normal operations [Mon Apr 03 23:01:41 2006] [notice] Server built: Oct9 2005 19:16:56 [Mon Apr 03 23:01:41 2006] [notice] Parent: Created child process 4020 [Mon Apr 03 23:01:41 2006] [notice] Child 4020: Child process is running [Mon Apr 03 23:01:42 2006] [notice] Child 3908: Released the start mutex [Mon Apr 03 23:01:42 2006] [notice] Child 4020: Acquired the start mutex. [Mon Apr 03 23:01:42 2006] [notice] Child 4020: Starting 250 worker threads. [Mon Apr 03 23:01:43 2006] [notice] Child 3908: Waiting for 250 worker threads to exit. [Mon Apr 03 23:01:43 2006] [notice] Child 3908: All worker threads have exited. [Mon Apr 03 23:01:43 2006] [notice] Child 3908: Child process is exiting [Mon Apr 03 23:01:43 2006] [notice] Parent: Received restart signal -- Restarting the server. [Mon Apr 03 23:01:43 2006] [notice] Child 4020: Exit event signaled. Child process is ending. [Mon Apr 03 23:01:43 2006] [notice] Apache/2.0.55 (Win32) configured -- resuming normal operations [Mon Apr 03 23:01:44 2006] [notice] Server built: Oct9 2005 19:16:56 [Mon Apr 03 23:01:44 2006] [notice] Parent: Created child process 4228 [Mon Apr 03 23:01:44 2006] [notice] Child 4228: Child process is running [Mon Apr 03 23:01:44 2006] [notice] Child 4228: Acquired the start mutex. [Mon Apr 03 23:01:44 2006] [notice] Child 4020: Released the start mutex [Mon Apr 03 23:01:45 2006] [notice] Child 4228: Starting 250 worker threads. [Mon Apr 03 23:01:46 2006] [notice] Child 4020: Waiting for 250 worker threads to exit. [Mon Apr 03 23:01:46 2006] [notice] Child 4020: All worker threads have exited. [Mon Apr 03 23:01:46 2006] [notice] Child 4020: Child process is exiting [Mon Apr 03 23:05:19 2006] [notice] Parent: Received restart signal -- Restarting the server. [Mon Apr 03 23:05:19 2006] [notice] Child 4228: Exit event signaled. Child process is ending. [Mon Apr 03 23:05:19 2006] [notice] Apache/2.0.55 (Win32) configured -- resuming normal operations [Mon Apr 03 23:05:19 2006] [notice] Server built: Oct9 2005 19:16:56 [Mon Apr 03 23:05:19 2006] [notice] Parent: Created child process 4220 [Mon Apr 03 23:05:19 2006] [notice] Child 4220: Child process is running [Mon Apr 03 23:05:20 2006] [notice] Child 4228: Released the start mutex [Mon Apr 03 23:05:20 2006] [notice] Child 4220: Acquired the start mutex. [Mon Apr 03 23:05:20 2006] [notice] Child 4220: Starting 250 worker threads. [Mon Apr 03 23:05:21 2006] [notice] Child 4228: Waiting for 250 worker threads to exit. [Mon Apr 03 23:05:21 2006] [notice] Child 4228: All worker threads have exited. [Mon Apr 03 23:05:21 2006] [notice] Child 4228: Child process is exiting [Mon Apr 03 23:07:00 2006] [notice] Parent: Received restart signal -- Restarting the server. [Mon Apr 03 23:07:00 2006] [notice] Child 4220: Exit event signaled. Child process is ending. [Mon Apr 03 23:07:00 2006] [notice] Apache/2.0.55 (Win32) configured -- resuming normal operations [Mon Apr 03 23:07:00 2006] [notice] Server built: Oct9 2005 19:16:56 [Mon Apr 03 23:07:00 2006] [notice] Parent: Created child process 3008 [Mon Apr 03 23:07:00 2006] [notice] Child 3008: Child process is running [Mon Apr 03 23:07:01
Re: [EMAIL PROTECTED] Editing the conf breaks my server
yes and yes On 4/4/06, Larry Flathmann [EMAIL PROTECTED] wrote: When you did hte install before changing the config file, did it work?Were you able to see the Apache everything installed ok... page?--LarryPaul wrote: HI larry I used the default httpd.conf file that comes with the install with the exception of 2 changes ( ie changing the document path ) Even when I changed them back to the default settings theproblem was still occuring Its listening on port 80 as a service and no other conflicting services or software is present On 4/4/06, *Larry Flathmann* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi Paul, Your log file doesn't indicate anything out of hte normal. Have you tried just viewing the default page that comes with the Apache install, the one that says If you can see this, it means that the installation of the Apache web server http://www.apache.org/foundation/preFAQ.html software on this system was successful. You may now add content to this directory and replace this page. Did that work? If so, then send your httpd.conf file, because there's got to be some detail that's messed up. One other possibility that comes to mind is whether you've configured Apache to listen on the right address (localhost, or your local IP, or whatever) --Larry Paul wrote: Thanks Larry I am not sure how to read the log files so here it is [Mon Apr 03 22:55:38 2006] [notice] Apache/2.0.55 (Win32) configured -- resuming normal operations [Mon Apr 03 22:55:38 2006] [notice] Server built: Oct9 2005 19:16:56 [Mon Apr 03 22:55:38 2006] [notice] Parent: Created child process 3908 [Mon Apr 03 22:55:38 2006] [notice] Child 3908: Child process is running [Mon Apr 03 22:55:38 2006] [notice] Child 3908: Acquired the start mutex. [Mon Apr 03 22:55:38 2006] [notice] Child 3908: Starting 250 worker threads. [Mon Apr 03 23:01:41 2006] [notice] Parent: Received restart signal -- Restarting the server. [Mon Apr 03 23:01:41 2006] [notice] Child 3908: Exit event signaled. Child process is ending. [Mon Apr 03 23:01:41 2006] [notice] Apache/2.0.55 (Win32) configured -- resuming normal operations [Mon Apr 03 23:01:41 2006] [notice] Server built: Oct9 2005 19:16:56 [Mon Apr 03 23:01:41 2006] [notice] Parent: Created child process 4020 [Mon Apr 03 23:01:41 2006] [notice] Child 4020: Child process is running [Mon Apr 03 23:01:42 2006] [notice] Child 3908: Released the start mutex [Mon Apr 03 23:01:42 2006] [notice] Child 4020: Acquired the start mutex. [Mon Apr 03 23:01:42 2006] [notice] Child 4020: Starting 250 worker threads. [Mon Apr 03 23:01:43 2006] [notice] Child 3908: Waiting for 250 worker threads to exit. [Mon Apr 03 23:01:43 2006] [notice] Child 3908: All worker threads have exited. [Mon Apr 03 23:01:43 2006] [notice] Child 3908: Child process is exiting [Mon Apr 03 23:01:43 2006] [notice] Parent: Received restart signal -- Restarting the server. [Mon Apr 03 23:01:43 2006] [notice] Child 4020: Exit event signaled. Child process is ending. [Mon Apr 03 23:01:43 2006] [notice] Apache/2.0.55 (Win32) configured -- resuming normal operations [Mon Apr 03 23:01:44 2006] [notice] Server built: Oct9 2005 19:16:56 [Mon Apr 03 23:01:44 2006] [notice] Parent: Created child process 4228 [Mon Apr 03 23:01:44 2006] [notice] Child 4228: Child process is running [Mon Apr 03 23:01:44 2006] [notice] Child 4228: Acquired the start mutex. [Mon Apr 03 23:01:44 2006] [notice] Child 4020: Released the start mutex [Mon Apr 03 23:01:45 2006] [notice] Child 4228: Starting 250 worker threads. [Mon Apr 03 23:01:46 2006] [notice] Child 4020: Waiting for 250 worker threads to exit. [Mon Apr 03 23:01:46 2006] [notice] Child 4020: All worker threads have exited. [Mon Apr 03 23:01:46 2006] [notice] Child 4020: Child process is exiting [Mon Apr 03 23:05:19 2006] [notice] Parent: Received restart signal -- Restarting the server. [Mon Apr 03 23:05:19 2006] [notice] Child 4228: Exit event signaled. Child process is ending. [Mon Apr 03 23:05:19 2006] [notice] Apache/2.0.55 (Win32) configured -- resuming normal operations [Mon Apr 03 23:05:19 2006] [notice] Server built: Oct9 2005 19:16:56 [Mon Apr 03 23:05:19 2006] [notice] Parent: Created child process 4220 [Mon Apr 03 23:05:19 2006] [notice] Child 4220: Child process is running [Mon Apr 03 23:05:20 2006] [notice] Child 4228: Released the start mutex [Mon Apr 03 23:05:20 2006] [notice] Child 4220: Acquired the start mutex. [Mon Apr 03 23:05:20 2006] [notice] Child 4220: Starting 250 worker threads. [Mon Apr 03 23:05:21 2006] [notice] Child 4228: Waiting for 250 worker threads to exit. [Mon Apr 03 23:05:21 2006] [notice] Child 4228: All worker threads have exited. [Mon Apr 03 23:05:21 2006] [notice] Child 4228: Child process is exiting [Mon Apr 03 23:07:00 2006] [notice] Parent: Received restart signal -- Restarting the server. [Mon Apr 03 23:07:00 2006] [notice] Child 4220: Exit event signaled. Child process
Re: [EMAIL PROTECTED] checkinstall error
Is your caps lock key broken?On 4/26/06, M.Makar Azer [EMAIL PROTECTED] wrote:
I WASN'T REALLY RUDE I AM SORRY IF THATS HOW I CAME OUT LIKE - WAS JUST A QUESTION OF AM I IN THE RIGHT MAILING LIST OR NOT? AM I IN THE RIGHT MAILING LIST? HELP WITH APACHED INSTALLATION OR IS THIS AN ADVANCED MAILING LIST FOR ADVANCED USERS
THATS ALL LARRYLarry Flathmann [EMAIL PROTECTED]
wrote: Calm down - nobody on this list is getting paid to help you. And being rude and demanding hurts your cause a lot more than it helps.
You would probably get a lot more help if you told us that you had investigated the error message and needed some help understanding what you had found.M.Makar Azer wrote: Isn't this mail list for HELP WITH APACHE INSTALL OR WHAT??
*/M.Makar Azer /* wrote: I am using
checkinstall to instll httpd2 from the source code but I ma getting this error message everytime i execute checkinstall libtool: install: error: cannot install `libaprutil-
1.la' to a directory not ending in /user/local/apache2/lib make[2]: *** [install] Error 1 make[2]: Leaving directory `/home/username/Desktop/software/httpd-2.2.0/srclib/apr-util' make[1]: *** [install-recursive] Error 1
make[1]: Leaving directory `/home/username/Desktop/software/httpd-2.2.0/srclib' make: *** [install-recursive] Error 1 Installation failed. Aborting package creation.
I am using FC5 Thanks Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates starting at 1¢/min.
Blab-away for as little as 1¢/min. Make PC-to-Phone Calls using Yahoo! Messenger with Voice.
-The official User-To-User support forum of the Apache HTTP Server Project.See for more info.To unsubscribe, e-mail:
[EMAIL PROTECTED] from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Yahoo! Mail goes everywhere you do. Get it on your phone
.
Re: [EMAIL PROTECTED] checkinstall error
Oh, it has all to do with solving problems. The answer to one's problems is directly proportional to one's caps lock key.If the caps Lock key is depressed and one types in capital letters, once's problems take a lot longer to be solved.
How does this work? I hear you ask.Very simply.Typing in capital letters denotes shouting. No one likes to be shouted at.Here's a quick guide.
http://en.wikipedia.org/wiki/NetiquetteI suggest you learn it quickly and all your problems will seem so far away.On 4/26/06,
M.Makar Azer [EMAIL PROTECTED] wrote:
NO, ITS NOT ..Y? WHAT DOES THAT HAS TO DO WITH ANYTHING?Paul
[EMAIL PROTECTED] wrote: Is your caps lock key broken? On 4/26/06,
M.Makar Azer [EMAIL PROTECTED] wrote:
I WASN'T REALLY RUDE I AM SORRY IF THATS HOW I CAME OUT LIKE - WAS JUST A QUESTION OF AM I IN THE RIGHT MAILING LIST OR NOT? AM I IN THE RIGHT MAILING LIST? HELP WITH APACHED INSTALLATION OR IS THIS AN ADVANCED MAILING LIST FOR ADVANCED USERS
THATS ALL LARRYLarry Flathmann [EMAIL PROTECTED]
wrote: Calm down - nobody on this list is getting paid to help you. And being rude and demanding hurts your cause a lot more than it helps.
You would probably get a lot more help if you told us that you had investigated the error message and needed some help understanding what you had found.M.Makar Azer wrote: Isn't this mail list for HELP WITH APACHE INSTALL OR WHAT??
*/M.Makar Azer /* wrote: I am using checkinstall to instll httpd2 from the source code but I ma getting this error message everytime i execute checkinstall libtool: install: error: cannot install `libaprutil-
1.la' to
a directory not ending in /user/local/apache2/lib make[2]: *** [install] Error 1 make[2]: Leaving directory `/home/username/Desktop/software/httpd-2.2.0/srclib/apr-util' make[1]: *** [install-recursive] Error 1
make[1]: Leaving directory `/home/username/Desktop/software/httpd-2.2.0/srclib' make: *** [install-recursive] Error 1 Installation failed. Aborting package creation.
I am using FC5 Thanks Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates starting at 1¢/min.
Blab-away for as little as 1¢/min. Make PC-to-Phone Calls using Yahoo! Messenger with Voice.
-The official User-To-User support forum of the Apache HTTP Server Project.See for more info.To unsubscribe, e-mail:
[EMAIL PROTECTED] from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Yahoo! Mail goes everywhere you do.
Get it on your phone .
How low will we go? Check out Yahoo! Messenger's low
PC-to-Phone call rates.
[EMAIL PROTECTED] Something missing - the upgrade info?
Hello, I'm new to the list, and have a suggestion/question. I've been through = the documentation on the apache site, and many other pages for it. The = change log, The FAQ. The archive list even, and no where do I see a = simple explanation of just how a person should proceed to apply an = upgrade install. This being if you are already running (for example) = version 2.2.3 and want to update to 2.2.9=20 Could someone let me know what the correct process is so that I don't = lose all my existing configurations?=20 Would it be possible for this process to be added/included on the apache = website FAQ area or as a link next to the download link to help people = get the most out of maintaining their updates?=20 Thanks in advance, and for making Apache such an excellent resource to = the masses.
[EMAIL PROTECTED] CGI based WebDAV client and Transfer-Encoding: Chunked issue
Hello, I am working on patching a program that was written by a different developer who is no longer with company. The program is a CGI program that acts as a WebDAV server. Recently we found a problem when a mac user running Mac OS 10.5 (Leopard) tries to paste a file into the WebDAV folder on their computer. Instead of putting the file on the server, it was creating a 0 kb file. After searching I managed to find out this was caused by Apple's switch to using Transfer-Encoding: Chunked rather than defining a Content-Length. The problem I am having is that I do not know how to find out the length of the input file that is coming from the client. According to the Transfer-Encoding specification, the data is supposed to be in the form of: 23 This is the data in the first chunk 1A and this is the second one 0 but when I do something like: cin.read((char *) myBuffer, 30); (note, 30 is just an example here), the result in the buffer starts with the text being sent, and does not include any chunk sizes. Am I reading in the data wrong? Is the Mac sending the wrong information? Is Apache filtering out the chunk data? Thanks for any help you can give me, Paul - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: CGI based WebDAV client and Transfer-Encoding: Chunked issue
Thanks for your responses, I am now having troubles with getting the entire file that is being sent to the server and knowing when the entire file has arrived. What I have noticed is that for larger files (ex greater than 90,000 characters) when I use cin.seek(0, ios::end); to find the end of the file, I only get a size of around 66,000 characters. If I put the cin.seek in a loop, I will get the entire file, but I don't know when to stop waiting for more parts to the file since there can be a delay between the different chunks arriving at the server. @Andre I have not looked into mod_dav because I would imagine that would require pretty much a complete re-write of the program. As for sending a header asking the client not to use chunked transfer-encoding, that is an interesting idea that I will look into, but if I can modify the program to work with chunked data that would be preferable. Again, thanks for the help, - Paul On Mon, Dec 8, 2008 at 4:11 PM, Paul [EMAIL PROTECTED] wrote: Hello, I am working on patching a program that was written by a different developer who is no longer with company. The program is a CGI program that acts as a WebDAV server. Recently we found a problem when a mac user running Mac OS 10.5 (Leopard) tries to paste a file into the WebDAV folder on their computer. Instead of putting the file on the server, it was creating a 0 kb file. After searching I managed to find out this was caused by Apple's switch to using Transfer-Encoding: Chunked rather than defining a Content-Length. The problem I am having is that I do not know how to find out the length of the input file that is coming from the client. According to the Transfer-Encoding specification, the data is supposed to be in the form of: 23 This is the data in the first chunk 1A and this is the second one 0 but when I do something like: cin.read((char *) myBuffer, 30); (note, 30 is just an example here), the result in the buffer starts with the text being sent, and does not include any chunk sizes. Am I reading in the data wrong? Is the Mac sending the wrong information? Is Apache filtering out the chunk data? Thanks for any help you can give me, Paul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] mod_mem_cache mod_disk_cache Issues
All, I am having a heck of a time with getting mod_cache to work properly. I am trying to have it cache a mixture of static files and proxy generated content. I'd greatly appreciate any suggestions. First with mod_mem_cache I am seeing entries in my logs like the following for a URL content generated by a proxy-balancer backend : 211 [Wed Aug 22 10:45:58 2007] [debug] mod_proxy_http.c(1662): proxy: HTTP: serving URL http://127.0.0.1:9000/api/schedule 212 [Wed Aug 22 10:45:58 2007] [debug] proxy_util.c(1798): proxy: HTTP: has acquired connection for (127.0.0.1) 213 [Wed Aug 22 10:45:58 2007] [debug] proxy_util.c(1858): proxy: connecting http://127.0.0.1:9000/api/schedule to 127.0.0.1:9000 214 [Wed Aug 22 10:45:58 2007] [debug] proxy_util.c(1951): proxy: connected /api/schedule to 127.0.0.1:9000 215 [Wed Aug 22 10:45:58 2007] [debug] proxy_util.c(2045): proxy: HTTP: fam 2 socket created to connect to 127.0.0.1 216 [Wed Aug 22 10:45:58 2007] [debug] proxy_util.c(2141): proxy: HTTP: connection complete to 127.0.0.1:9000 (127.0.0.1) 217 [Wed Aug 22 10:45:58 2007] [debug] mod_proxy_http.c(1448): proxy: start body send 218 [Wed Aug 22 10:45:58 2007] [debug] mod_headers.c(612): headers: ap_headers_output_filter() 219 [Wed Aug 22 10:45:58 2007] [debug] mod_cache.c(602): cache: Caching url: /api/schedule 220 [Wed Aug 22 10:45:58 2007] [debug] mod_cache.c(608): cache: Removing CACHE_REMOVE_URL filter. 221 [Wed Aug 22 10:45:58 2007] [info] mem_cache: Cached url: http://sitev2:80/api/schedule? But my backend is seeing a request to generate the info on every subsequent request. No Age: is passed to the browser either, and the Server: is not Apache but rather the backend. Secondly my mod_disk_cache is not storing pages for the amount of time specified. I can see that perhaps some requests get sent to the backend and before it can reply a second one comes in. [Mon Aug 20 15:38:58 2007] [debug] cache_storage.c(272): Cached response for / isn't fresh. Adding/replacing conditional request headers. [Mon Aug 20 15:39:00 2007] [debug] cache_storage.c(272): Cached response for / isn't fresh. Adding/replacing conditional request headers. [Mon Aug 20 15:39:06 2007] [debug] cache_storage.c(272): Cached response for / isn't fresh. Adding/replacing conditional request headers. [Mon Aug 20 15:39:23 2007] [debug] cache_storage.c(272): Cached response for / isn't fresh. Adding/replacing conditional request headers. [Mon Aug 20 15:39:23 2007] [debug] cache_storage.c(272): Cached response for / isn't fresh. Adding/replacing conditional request headers. [Mon Aug 20 15:39:24 2007] [debug] cache_storage.c(272): Cached response for / isn't fresh. Adding/replacing conditional request headers. [Mon Aug 20 15:40:59 2007] [debug] cache_storage.c(272): Cached response for / isn't fresh. Adding/replacing conditional request headers. [Mon Aug 20 15:41:48 2007] [debug] cache_storage.c(272): Cached response for / isn't fresh. Adding/replacing conditional request headers. [Mon Aug 20 15:41:51 2007] [debug] cache_storage.c(272): Cached response for / isn't fresh. Adding/replacing conditional request headers. [Mon Aug 20 15:41:52 2007] [debug] cache_storage.c(272): Cached response for / isn't fresh. Adding/replacing conditional request headers. [Mon Aug 20 15:41:55 2007] [debug] cache_storage.c(272): Cached response for / isn't fresh. Adding/replacing conditional request headers. #My configuration for my virtual host. IfModule mod_cache.c UseCanonicalName On CacheIgnoreNoLastMod On CacheIgnoreCacheControl On CacheIgnoreHeaders Set-Cookie CacheDefaultExpire 600 IfModule mod_mem_cache.c CacheEnable mem /xml/ CacheEnable mem /api/ CacheEnable mem /rss/ MCacheMaxObjectSize 30 MCacheSize 5 /IfModule IfModule mod_disk_cache.c CacheRoot /var/cache/httpd CacheEnable disk / CacheDirLevels 2 CacheDirLength 1 /IfModule /IfModule ExpiresDefault A86400 ExpiresByType image/x-icon A2592000 ExpiresByType application/xml A33 ExpiresByType text/xml A34 ExpiresByType text/html A39 ExpiresByType text/javascript A644800 ExpiresByType text/css A644800 ExpiresByType image/gif A604800 ExpiresByType image/png A604800 ExpiresByType image/jpeg A604800 ExpiresByType application/x-shockwave-flash A604800 ExpiresByType video/x-flv A604800 ExpiresByType application/pdf A604800 #Remove the Cache-Control coming from the backend Header unset Cache-Control Proxy balancer://sitev2_cluster BalancerMember http://127.0.0.1:9000 /Proxy - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] mod_mem_cache mod_disk_cache Issues
Joshua, Thank you for the reply. I'll dig deeper into the list for the disk_cache not storing files for the specified time. I was under the impression that mem_cache would be faster. I had planned on storing files that are accessed many times from a couple of directories, ie, /xml/ or /images/ in memory so they'd just sit there happily. Then for the dynamic parts of the site disk_cache could store those requests. I'll stick with just disk_cache for now. -Paul On 8/21/07, Joshua Slive [EMAIL PROTECTED] wrote: On 8/20/07, Paul [EMAIL PROTECTED] wrote: All, I am having a heck of a time with getting mod_cache to work properly. I am trying to have it cache a mixture of static files and proxy generated content. I'd greatly appreciate any suggestions. First with mod_mem_cache I am seeing entries in my logs like the following for a URL content generated by a proxy-balancer backend : Are you using mem_cache and disk_cache simultaneously? Why? I'd recommend focusing on disk_cache, which is better tested and ofter more performant than mem_cache anyway. Secondly my mod_disk_cache is not storing pages for the amount of time specified. I can see that perhaps some requests get sent to the backend and before it can reply a second one comes in. This issue has been discussed on the dev list at some length. There is really no easy way to handle it. You don't really want to hold all the other requests waiting for the first to finish. And if you try to stream the cached content to the other requests, you wind up in big trouble if something goes wrong with the first request. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Using ProxyPass exclude with directory containing .htaccess
I've successfully been using ProxyPass to serve my application. I've excluded the 'common' directory using ProxyPass /common/ ! However, if I put an .htaccess file in that common directory, it no longer excludes it from the proxy pass - the request is sent to my application where it gets a 404. How can I exclude this directory from being proxied, and protect it with basic authentication? Thanks. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Using ProxyPass exclude with directory containing .htaccess
Vincent Bray wrote: On 10/12/2007, Paul [EMAIL PROTECTED] wrote: I've successfully been using ProxyPass to serve my application. I've excluded the 'common' directory using ProxyPass /common/ ! However, if I put an .htaccess file in that common directory, it no longer excludes it from the proxy pass - the request is sent to my application where it gets a 404. How can I exclude this directory from being proxied, and protect it with basic authentication? You appear to have made the common mistake of assuming that htaccess files are needed for basic authentication. They're not. Just put whatever's in the htaccess file in a Directory block in your main config file. http://www.regdeveloper.co.uk/2006/08/01/apache_undead/ Thanks, I have tried using Directory but I haven't got it to prompt for a username and password yet. I just copied the contents of .htaccess: Directory /var/www/mysite/stats AuthType Basic AuthName 'Members Only' AuthUserFile /var/www/mysite/.htpasswd limit GET PUT POST require valid-user /limit /Directory Thanks for the suggestion! I'll keep trying... - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Using ProxyPass exclude with directory containing .htaccess
Vincent Bray wrote: On 10/12/2007, Paul [EMAIL PROTECTED] wrote: Thanks, I have tried using Directory but I haven't got it to prompt for a username and password yet. I just copied the contents of .htaccess: Directory /var/www/mysite/stats AuthType Basic AuthName 'Members Only' AuthUserFile /var/www/mysite/.htpasswd limit GET PUT POST require valid-user /limit /Directory Please read the regdeveloper link I posted. It'll show why Limit is wrong too :-) And don't put your passwords file in the document root. Even with a block on .ht* files that's just asking for trouble. Thanks again, I've removed the limit directive, but still can't get the protection working. (don't worry, the .htpasswd file isn't in the document root - I just made a typo when removing the real directories for posting - well spotted though!) I am reading and re-reading the regdeveloper link trying to see what I've missed. Thanks. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Using ProxyPass exclude with directory containing .htaccess
Vincent Bray wrote: On 10/12/2007, Paul [EMAIL PROTECTED] wrote: Thanks again, I've removed the limit directive, but still can't get the protection working. (don't worry, the .htpasswd file isn't in the document root - I just made a typo when removing the real directories for posting - well spotted though!) I am reading and re-reading the regdeveloper link trying to see what I've missed. Probably your use of Directory (my bad for suggesting it) conflict with ProxyPass (because you're proxying, the directory becomes irrelevant). Try Location instead, and with the local url path instead of filesystem path. No luck with Location - in fact it is worse - it insists on sending to the app instead of just serving it through httpd. Using Directory and excluding it from the proxy with ProxyPass /common/ ! at least lets me see the file instead of a 404. I just need to figure out what I'm doing wrong with the basic auth. I'll try it on a much simpler configuration, without any proxying and see what happens. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Re: mod_headers
Dan Nelson schrieb: I'm running Apache 2.0 on Debian Sarge. I have a non-standard application for Apache, and don't want to send any headers in the response. I thought I'd be able to do so using mod_headers. I can use the 'Header' directive to add my own header, and then append to and unset it. But using the same syntax, I can't have any effect on the standard headers such as 'Server:' and 'Date:'. Header unset Server Header append Server hello world Header unset Connection: None of the above has any effect. These statements are in a virtual host section. We use: VirtualHost *:80 ... Header set Server This is the new header ... on apache-2.2.3. cheers Paul - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Re: Help with mod_proxy
Todd Nine schrieb: [snip] Now, I am having a problem, and have a question. First if all of the servers I am connecting to via the proxy server are not running, all of the virtual hosts that I'm proxying fail with the following error message for every back end server that's not running. This seems to cause all proxying to fail. Wait, you're saying if the backend is down proxying fails? What a surprise... [Fri Nov 24 14:07:26 2006] [error] (113)No route to host: proxy: HTTP: attempt to connect to 192.168.221.102:80 (192.168.221.102) failed How can I set up the virtual host proxy to not cause an error if it cannot connect to the back end server? Second, how can I set up a default the server is under maintenance page with the host name in it? I get a proxy error with a HTTP error code (cannot remember offhand). It should be possible to set up a custom error page to catch that. cheers Paul - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Re: Help with mod_proxy
Todd Nine schrieb: No you misunderstood my post. I'm not an idiot, I understand the point of proxying, if the target server is down I won't be able to connect. Sorry I didn't meant to be rude... Here's a more clear example. I'm proxying 2 http servers, server A and server B. If server B is not running when the proxy starts, I can't connect to server A. I receive this message in the browser Eather my english is quite broken or this is quite different from your first explanation. Nitpicking aside, I tried to reproduce your error, but it's working fine here: VirtualHost *:80 ServerName proxytest.test.home ServerAdmin [EMAIL PROTECTED] DocumentRoot /var/www/localhost/htdocs Header set Server apache on gentoo. IfDefine PROXY ProxyPass / http://oh_look.no.such.host/ ProxyPassReverse / http://oh_look.no.such.host/ /IfDefine /VirtualHost VirtualHost *:80 ServerName projects.test.home ServerAdmin [EMAIL PROTECTED] DocumentRoot /var/www/localhost/htdocs Header set Server apache on gentoo. IfDefine PROXY ProxyPass / http://localhost:8000/ ProxyPassReverse / http://localhost:8000/ /IfDefine /VirtualHost Now http://projects.test.home shows my trac projects and proxytest.test.home gives 502 proxy error: Proxy Error The proxy server received an invalid response from an upstream server. The proxy server could not handle the request GET /. Reason: DNS lookup failure for: oh_look.no.such.host Apache Server at proxytest.test.home Port 80 - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Re: Help with mod_proxy
forgot to mention: this is apache-2.2.3 on linux. cheers Paul - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Re: Help with mod_proxy
Todd Nine schrieb: I have another question on the efficiency side. I'd like to use domain name for ease of configuration, however I know it is less efficient than using IP. Is it less efficient for the first proxy request (IE does apache cache the IP after the first lookup?), or does it look up the server every time? I can't answer this for sure but it seems lookups are not cached by apache. However the client (XP, linux) does cache lookups. The cachetime for positive lookups on XP is rather high (24 hours or so). If you don't need the added flexibility of dns names, IPs are fine. If that really makes a difference wrt performance I don't know. cheers Paul - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Re: Kerberos Authentication Question
Paul Snyder schrieb: Good morning all, I have kerberos authentication working properly with one exception: when the service principal's ticket expires in the kerberos cache on the server, the http server does not automatically contact the KDC renew it's credentials. Maybe I'm totally off here but I think that's what keytabs are for. IOW instead of running kinit, use a keytab and export KRB5_KTNAME=/path/to/keytab in your initscript. cheers Paul - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] mod_cache in front of a proxy-balancer backend questions
I'm trying to get a mod_disk_cache setup to proxy the content generated by a proxy-balanced backend but am running into some problems. Here is a snip of the .conf CONF IfModule mod_cache.c IfModule mod_disk_cache.c UseCanonicalName On CacheRoot /pagecache CacheEnable disk / CacheDisable /image_assets CacheDisable /images CacheDisable /pictures CacheDisable /flash CacheIgnoreNoLastMod On CacheIgnoreCacheControl Off CacheIgnoreHeaders Set-Cookie CacheDefaultExpire 360 CacheDirLevels 2 CacheDirLength 1 /IfModule /IfModule Proxy balancer://sitev2_cluster ExpiresActive On ExpiresDefault A86400 ExpiresByType application/xml A600 ExpiresByType text/xml A300 ExpiresByType text/html A300 ExpiresByType image/x-icon A2592000 ExpiresByType text/javascript A644800 ExpiresByType text/css A644800 ExpiresByType image/gif A604800 ExpiresByType image/png A604800 ExpiresByType image/jpeg A604800 ExpiresByType application/x-shockwave-flash A604800 ExpiresByType video/x-flv A604800 ExpiresByType application/pdf A604800 # Header set Cache-Control must-revalidate Header unset Vary BalancerMember http://127.0.0.1:7000 BalancerMember http://127.0.0.1:7001 BalancerMember http://127.0.0.1:7002 /Proxy ProxyPass / balancer://sitev2_cluster/ ProxyPassReverse / balancer://sitev2_cluster/ ProxyRequests Off END CONF Now files are being written to /pagecache so it appears to work until you look at the headers and log that the backend generates. It seems that it still gets hit for content that should be cached. For example the homepage will show up as being requested in the backend logs at 01:05:00 that should then be picked up and used by Apache for 5minutes right? Instead I'll see more requests for it at 01:05:10 01:05:30 01:06:00 etc. Does Apache check with the backend for some reason before serving up the cached version? The backend doesn't write files itself but does return a Content-Type: for text/html, application/xml or whatever is appropriate. Also it seems that sometimes headers come back that show the backend was not hit. Meaning the first set of headers sent to the browsers send a Server: Backend but on reloading the page the Server: Apache 2.2.3 shows up. However opening up the page in a different browser results in again Server: Backend Anyone having any experience with this type of setup I'd really appreciate hearing from you. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Re: SSL on IP Address
Sander Temme schrieb: On Jan 26, 2007, at 9:42 PM, [EMAIL PROTECTED] wrote: Please how do I install SSL certificate on a server that would be accessed by IP only? I mean something like https://10.l.10.241/. Put the IP address instead of the hostname in the CN field of the certificate. Or use the subjectAltName extension with entries like IP:123.123.123.123 or DNS:my.host.name, then you get both ;) cheers Paul - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Segmentation fault after upgrade
Hello, I have upgraded my Mandriva 2006 to Mandriva 2007 this weekend, and since then Apache2 does not load anymore. service httpd debug tells me there is a segmentation fault: [EMAIL PROTECTED] init.d]# service httpd debug Starting httpd (debug mode and in the foreground): /etc/init.d/httpd: line 207: 22086 Segmentation fault $httpd $httpdconf $debug -c Pidfile /tmp/httpd-debug.pid -c LogLevel debug -c ErrorLog /dev/stdout -c CustomLog /dev/stdout common $extramodules $modules $options (wd: /etc/init.d) Can someone tell me how to get Apache up and running again? Regards, Paul -- Suburbia is where the developer bulldozes out the trees and then names the streets after them. - Bill Vaughan. http://www.nlpagan.net Running on Mandriva Linux 2006 and Saucony Grid Omni 5 - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Re: Running JS in Apache
Alejandro Decchi schrieb: Hello Joshua. I do not think that does not exist the javascript in the correct place, because I copy the web aplication from the web server where the aplication is runing ok 1. Don't top post 2. Are you sure your index.php is executed correctly? 3. How is the login-form supposed to be generated (static html, php, javascript) 4. What do you see if you right-click the login page and choose view page source? 5. If that's all greek to you, you have a lot to read about. Need i install javascript in apache ? Most likely not. How can i do it ? google for rhino and javascript I am newbie Oh, really ;=) cheers Paul - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Re: apache2 with modules ldap
Karunakar Reddy G schrieb: Hi , I am new to the list , I successfully compiled and installed *apr* and *aprutil *source code with following configure options Which versions? Have you checked your apr/aprutil versions meet the requirements for apache-2.2.4? cheers Paul - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Re: ldap-attribute wildcard not working?
Bruce DeYoung schrieb: [snip] We have an attribute in our LDAP directory called groupmembership. Due to some issues in our back-end Notes/Domino database, values for groupmembership are like Employee 1, Employee 2, Employee 3, etc.but each of these is essentially the same, i.e a member of the Employee group. So, if I have content that I want to secure to members of the Employee group, I was hoping to use a wildcard like: require ldap-attribute groupmembership=Employee* But this is not working. In fact, there's not even an error in the log file. I don't know if regexp's are allowed in apache ldap-attribute settings. I guess you can stick the groupmembership in the AuthLDAPURL though IF groupmembership has a substring matching rule defined: AuthLDAPURL ldap://domino-core.qad.com:389/?cn??(groupmembership=Employee*) check rfc2255 for ldapURLs cheers Paul - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Re: server cert CN not match server name
Jana Nguyen schrieb: Hi, I've tried to connect to connect to application via apache using https on my local machine- https://localhost/ra But I get the following error below, and not sure where this RSA server cert comes from since I've never generated a rsa server cert: [Wed Apr 04 19:51:09 2007] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Wed Apr 04 19:51:19 2007] [error] [client 127.0.0.1] script not found or unable to stat: /var/www/cgi-bin/ra If my crystal ball serves me right you have configured a http virtual host below, not https. The https configuration seems unchanged and uses the default certificate installed by mod_ssl and the default DocumentRoot /var/www/. You're probably missing something like: VirtualHost *:443 ServerName localhost ...more stuff... /VirtualHost To make the warning about the CN mismatch go away either change your hostname to resolve to localhost.localdomain OR generate a new certificate for the server wich matches your hostname. cheers Paul - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Re: apache Permission denied: exec
Jana Nguyen schrieb: Hi, I got an ssl error of permission denied to exec a file when I tried to launch https://localhost/ra or https://my host ip address/ra The dir that apache is trying to access is owned my group=apache and user=apache. In the ssl_error_log: [Wed Apr 04 20:47:58 2007] [error] [client 192.168.200.111] (13)Permission denied: exec of '/usr/local/openra/httpd/cgi-bin/ra/RAServer' failed [Wed Apr 04 20:47:58 2007] [error] [client 192.168.200.111] Premature end of script headers: RAServer Looks like the user apache is running under lacks filesystem permissions to read RAServer. Or RAServer has syntax errors(less likely). cheers Paul - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Re: apache Permission denied: exec
Jana Nguyen schrieb: Hi Paul, [Wed Apr 04 20:47:58 2007] [error] [client 192.168.200.111] (13)Permission denied: exec of '/usr/local/openra/httpd/cgi-bin/ra/RAServer' failed Fedora enabled selinux with force mode as default, after making it permissive I no longer get the Permission denied exec of. But my error of Premature end of script headers: RAServer still exist: [Fri Apr 06 13:06:37 2007] [error] [client 127.0.0.1] Premature end of script headers: RAServer. Although, RAServer is owned and run by apache, not sure why I'm having this problem, could it be with suEXEC? So would it be wise to disable suExec for the time being? Honestly, I don't know. Premature end of script headers usually means the script has syntax errors or does otherwise generate invalid output. If the error is related to suEXEC apache would tell you with apropriate error level set. Maybe running RAServer from the command line (with sudo as user apache) would help to trac down the error but you would need to recreate the CGI environment somehow... cheers Paul - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Re: Debugging mod_proxy for performance
Nilesh Bansal schrieb: Hi Alexey, Thanks for your response. Yes I know there is someting wrong, and I need to find out what. I have tried both v2.2.3 and 2.2.4 of httpd. All options in config file were left to their default values, and I have only added two virtual hosts and few mod_proxy rules. We are running httpd on a machine with 4 AMD Opetran processors and 8GB RAM running RHEL 4. Any pointers to help me debug will be very helpful. run apache in the foreground with strace: strace -eopen /usr/sbin/apache2 -D FOREGROUND for example will show all open() calls from apache, read the strace manpage for details. cheers Paul - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[users@httpd] access_log file just has the word full in it
Hi, I am running Server version: Apache/2.2.15 (Unix) Server built: Feb 14 2012 09:47:14 Scientific Linux release 6.3 (Carbon) Disks not full Filesystem 1K-blocks Used Available Use% Mounted on /dev/xvda110320184 4348564 5447384 45% / tmpfs 1987280 0 1987280 0% /dev/shm /dev/xvdb110320184 4806236 4989712 50% /diska /dev/xvdc110317828 8434208 1359504 87% /diskb The installation of apache was via yum. I have noticed though that the access file just has the word full in it. Everytime a page is requested only this word appears. Would appreciate it if anyone had any insight. regards paul - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Apache log just has the word full in it
Sorry if this is a repeat, it is just I am not sure if my last post arrived. We are running Server version: Apache/2.2.15 (Unix) Server built: Feb 14 2012 09:47:14 on Scientific Linux release 6.3 (Carbon) The issue is that the apache server just logs full to the access_log file. Nothing else is logged. If anyone else has also had this problem and can point in the right direction it would be appreciated. regards paul - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] access_log file just has the word full in it
thanks Jeff, someone had put a log directive in a conf file when they were migrating . Was doing my head in . thanks again On 09/02/2013 02:04 PM, Jeff Trawick wrote: On Mon, Sep 2, 2013 at 4:18 AM, Paul descaling...@gmail.com mailto:descaling...@gmail.com wrote: Hi, I am running Server version: Apache/2.2.15 (Unix) Server built: Feb 14 2012 09:47:14 Scientific Linux release 6.3 (Carbon) Disks not full Filesystem 1K-blocks Used Available Use% Mounted on /dev/xvda110320184 4348564 5447384 45% / tmpfs 1987280 0 1987280 0% /dev/shm /dev/xvdb110320184 4806236 4989712 50% /diska /dev/xvdc110317828 8434208 1359504 87% /diskb The installation of apache was via yum. I have noticed though that the access file just has the word full in it. Everytime a page is requested only this word appears. Would appreciate it if anyone had any insight. your config references a log format called full which isn't defined, so the literal full is taken as the log format string regards paul - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org mailto:users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org mailto:users-h...@httpd.apache.org -- Born in Roswell... married an alien... http://emptyhammock.com/
[users@httpd] Incoming request rate-limit
A couple of recent threads on "non-apache" mods, so ... recognizing that mode_evasive is also third party, is there any "pure-apache" way to rate-limit incoming requests by a specific IP. mod_evasive has the capability of using e.g.: # Allow up to 10 requests from the same IP per second: DOSPageInterval 1 DOSPageCount 10 I have not yet found anything similar in the Apache2 docs, but hope that someone can point me in the right direction ;=) Or, conversely, has anyone got *production* experience with mod-evasive (seems to work on a test-box, but I cannot scale it...) tnx -- paul - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Apache on windows
On 2020-02-27 3:56 p.m., @lbutlr wrote: On 26 Feb 2020, at 18:58, wtf wrote: -- With over 1.2 billion devices now running Windows 10, customer satisfaction is higher than any previous version of windows. Seriously? Please don’t post garbage formatting like this to public lists. Totally agree, but "seriously?" do not use MicroS**t "From:" with coloured smileys into your responses (for ref they're something along the lines of "ð Ÿ ˜ ‰ " white space hopefully added) ;=} Best -- Paul Tired old sys-admin, 20/20 vision until yellow blobs provoke retinal failure. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] ErrorDocument directory hierarchy
VirtualHost on 2.4.29-1ubuntu4.13. .conf includes : DocumentRoot "/www/mysite" /.../ ErrorDocument 404 /error/404.html The 404.html has : Works perfectly for 404s at DocumentRoot level, but fails for subdirectories eg DocumentRoot/foo/bar/mypages. Error logs show: "GET /bar/css/general.css HTTP/1.1" 404 5245 "-" etc... Apache finds the text of the custom 404 at the DocRoot reference, but apparently interprets the page, so does not format the text. The client "page source" shows the correct relative path. Note, I can "work around" this by putting the full URL in the VirtualHost, but I would truly appreciate a solution to my difficulties with the plain "ErrorDocument 404 /error/404.html" Thanks -- Paul - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] ErrorDocument directory hierarchy
On 2020-05-20 1:23 p.m., Eric Covener wrote: On Wed, May 20, 2020 at 1:10 PM Paul wrote: VirtualHost on 2.4.29-1ubuntu4.13. .conf includes : DocumentRoot "/www/mysite" /.../ ErrorDocument 404 /error/404.html The 404.html has : Works perfectly for 404s at DocumentRoot level, but fails for subdirectories eg DocumentRoot/foo/bar/mypages. Error logs show: "GET /bar/css/general.css HTTP/1.1" 404 5245 "-" etc... Apache finds the text of the custom 404 at the DocRoot reference, but apparently interprets the Thanks Eric, problem solved. Wrote the styles into the html. I just wanted to keep the client's browser showing the file [s]he had tried to find, rather than /error/404.html. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] ErrorDocument directory hierarchy
On 2020-05-20 4:18 p.m., @lbutlr wrote: On 20 May 2020, at 13:57, Paul wrote: On 2020-05-20 1:23 p.m., Eric Covener wrote: On Wed, May 20, 2020 at 1:10 PM Paul wrote: VirtualHost on 2.4.29-1ubuntu4.13. .conf includes : DocumentRoot "/www/mysite" /.../ ErrorDocument 404 /error/404.html The 404.html has : Works perfectly for 404s at DocumentRoot level, but fails for subdirectories eg DocumentRoot/foo/bar/mypages. Error logs show: "GET /bar/css/general.css HTTP/1.1" 404 5245 "-" etc... Apache finds the text of the custom 404 at the DocRoot reference, but apparently interprets the Thanks Eric, problem solved. Wrote the styles into the html. I just wanted to keep the client's browser showing the file [s]he had tried to find, rather than /error/404.html. You could also put the absolute path to the css file in the href. Thanks. How? It does works by using an absolute URL such as <https://mysite.com/css/general.css> Maybe that's what you're suggesting? I've had no luck trying to define an "internal" "absolute path" -- as Eric wrote, the client sets a relative path, despite the html headers. (I looked at Alias with no joy, and tried (a nightmare to manage on a site with several thousand files) splattering a load of directories with symlinks.) Again tnx for your interest, br -- Paul - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Disabeling PHP in a subdirectory via the apache2.conf?
On 2020-06-07 3:12 p.m., Klaus Neudecker wrote: Hello, I have my Apache main directory: /www ( / DocumentRoot /www) In this directory and its subdirectories *.php files get executed by php. In the subdirectory /www/publications (and recoursly in its subdirectories) I allow people (relatively trustworthy!) on the filesystem to drop publications, documentations e.g. which are referenced by a database as path+filename to the files. php then produces with this database information www-pages with html-links to these files. If people drop *.php files as documentation for the source code(!) in /www/publications these *.php scripts get executed, too. Dangerously(!) and no documentation for the source code. Therefore I want that no *.php files get executed within /www/publications . It should be stupidely delivered like a *.html file. Maybe I've misunderstood your intentions, but In general, all files in your /www should have permissions set to 644 and owned by www-data (or another name for apache2.) Your true "executable" files, libraries whatever should be excluded from DocumentRoot, maybe in /usr/share/myapp or any other bin/sbin location located through your envars either system wide or specifically for your setup in a .conf file, typically in /etc/myapp. Anything less is probably going to leave you wide open to mistakes and/or abuse, even by "relatively trustworthy" users. Even if you relax permissions, e.g. 666 for files in user accessible directories, you should never make them executable (unless you enjoy rebuilding your server every time a script-kiddie wants to have fun.) Good luck -- P. I already managed this by a .htaccess file with the entry "php_flag engine off". But the .htaccess file could be deleted or .htaccess files with "php_flag engine on" could get put in another subdirectory. :-( Therefore: a) I want to put the "php_flag engine off" in the apache2.conf. b) Add an "AllowOverride" in this apache2.conf that allowes ONLY no switching OF THE "PHP_FLAG ENGINE OFF" in this directory or any subdirectory. (But I have to be able to use a .htaccess in these directories with e.g. "Options +Indexes"!) Does anyone of you have an idea how to implement this in the apache2.conf? Sincerely Klaus - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] path to conf(s) in httpd.conf
Dear BackButton.INVALID I have just invited you to make the acquaintance of my old friend Dave Null. With my apologies for top-posting, best regards all round, and please stay safe, Paul --- Tired old sys-admin On 2021-04-29 5:50 p.m., back Button wrote: My configuration hasn't worked to plugin mod_jk I don't have an error message.I know the path is not one of issues. So that was a trivial a test and it didn't tell me anything. back.but...@aol.com -Original Message- From: Eric Covener To: users@httpd.apache.org; back Button Sent: Thu, 29 Apr 2021 22:19 Subject: Re: [users@httpd] path to conf(s) in httpd.conf On Thu, Apr 29, 2021 at 5:12 PM back Button wrote: Apach2 version 2.4.46 Please see below the contents of the http.conf file with commented out Include files. The path to the file httpd.conf is in /usr/local/apache2/conf/httpd.conf not /usr/local/apache2/httpd.conf I believe the paths of the Include files should be #Include extra/httpd-mpm.conf not #Include conf/extra/httpd-mpm.conf unless the apache code works in that way. Am I correct in my assumption that the commented out paths are incorrect , it has an unnecessary "/conf" directory ? No. You could have trivially tested it or read the manual instead of abusing the mailing list https://httpd.apache.org/docs/2.4/mod/core.html#include "The file path specified may be an absolute path, or may be relative to the ServerRoot directory." Please stop sending mail as a first troubleshooting step. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Apache 2.4.37 graceful restart causes error “scoreboard is full, not at MaxRequestWorkers.Increase ServerLimit.”
On 2021-03-29 7:39 p.m., A.J. Gatlin wrote: On Mon, Mar 29, 2021 at 9:52 PM angel Hall-Coulston wrote: Try this: https://httpd.apache.org/docs/2.4/programs/rotatelogs.html I appreciate the tip, and I believe the use of Apache's own log rotation would allow me to sidestep the problem. However, Apache's rotatelogs isn't quite as feature rich as logrotate, and logrotate has been a de-facto standard on Linux for a very long time, I'm not sure where "rich" becomes "poor"? Been using both for a couple of decades or more. If it ain't broken, don't fix it. Try "Apache's rotatelogs" and if you're really unhappy that it needs tweaking, probably someone here can help you. Best -- P. Tired old sys-admin so I'm really curious about why I can't safely use it to reload Apache as I've done for the past ~20 years. Incidentally, I've been able to reproduce the "scoreboard is full" error on a different CentOS 8 server by using simulated connections and running "systemctl reload httpd". So it appears that the default settings are not sufficient to avoid this. Oddly, I'm not finding this problem widely reported. Do the default settings for the Event MPM tend to work for most installations? Thanks. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Cannot write to the web directory
Would like to upload a file to have wordpress functionality working or be able to upload a file. User permissions are set at 777 owner is www, os is freebsd, the freebsd mailing list claims it’s not their issue but tried to assert assistance nevertheless. What can I do so I can upload a file via httpd is there something in the configuration directory? Thanks Envoyé de mon iPad Envoyé de mon iPad - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Cannot write to the web directory
Would like to upload a file to have wordpress functionality working or be able to upload a file. User permissions are set at 777 owner is www, os is freebsd, the freebsd mailing list claims it’s not their issue but tried to assert assistance nevertheless. What can I do so I can upload a file via httpd is there something in the configuration directory? Thanks Envoyé de mon iPad Envoyé de mon iPhone - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Cannot write to the web directory
Thank you but this was not the question the reason for 777 is not because I want to run the system on 777 it’s because I get annoying responses dodging the question that it must be a permissions issue. If I do 777 it doesn’t matter what the question is the answer is that it’s unsafe. If I ask the question with anything but 777 the answer is it’s a permissions issue then the next answer is that it has nothing to do with Apache or Freebsd or anything at all... then a couple people will private message me asking for 1000S of € solve nothing use the money for pornography but is there any way to make actually get this to work? I cannot upload whether it’s php alone ok my code was written wrong. Whether it’s Wordpress I am not familiar with Wordpress or whether it’s anything else ie . Open cart or ampache answer contact ampache or opencart then they tell me to try freebsd or ampache... then they go back make the root of the webserver have the right permissions and assign the owner as www. No www-users cause that’s the name in their system so it must be that name in mine... thanks for the help no I would rather 755 but I was trying to avoid these types of answers to be able to isolate the solution... but thanks in case I didn’t know plus the reiteration may add a new dimension angle of thought but I still have not solved the problem... unfortunately ... stupid goyim society we live in with these stupid misused computers... and face masks ... etc.. Envoyé de mon iPhone > Le 18 mars 2021 à 17:42, angel Hall-Coulston a > écrit : > > Don’t know anything about WordPress but having any public (OR private even) > accessible files with 777 permissions IS EXTREMELY UNWISE as it allows anyone > who can see the file to Read, WRITE and execute it. It’s safer to have 755 > permission for public accessible files. Please read apache2 documentation on > security. > >> On 18 Mar 2021, at 20:18, Paul wrote: >> >> Would like to upload a file to have wordpress functionality working or be >> able to upload a file. User permissions are set at 777 owner is www, os is >> freebsd, the freebsd mailing list claims it’s not their issue but tried to >> assert assistance nevertheless. What can I do so I can upload a file via >> httpd is there something in the configuration directory? >> >> Thanks >> >> Envoyé de mon iPad >> >> >> Envoyé de mon iPad >> >> - >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> > > www.art2.art > > > >
Re: [users@httpd] Cannot write to the web directory
Ok , thanks , it doesn’t appear to be a permissions issue. I will check the php and the apache configuration. Envoyé de mon iPad > Le 19 mars 2021 à 08:37, Frank Gingras a écrit : > > > This is an extremely bad idea. You should never write to the docroot from > your application. Write outside the docroot instead, and use group write > permissions. > >> On Thu, 18 Mar 2021 at 20:15, Tatsuki Makino >> wrote: >> I'm not sure, but FreeBSD happens to be different from Linux, so please >> change the directory group to www as well. >> Permissions of 700, 750, 755, 770 or 775 should be sufficient. >> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >>
Re: [users@httpd] Cannot write to the web directory
No I was able to set the limit higher. https://heskia.club/phptest.php If you check this page you can see that the upload is limited to 40 mb . I edited the php.ini file. Now I don’t know if that helps but I think it worked at one time. Not sure when or what changed. I tried disabling the firewall to see. I still cannot get it to work. I checked the settings in /usr/local/etc/php/php-fpm.d , restarted Apache. I installed fcgi and added something to httpd. I tried permissions I made www also group user. Envoyé de mon iPhone > Le 19 mars 2021 à 14:26, Scott A. Wozny a écrit : > > > One thing I didn't see mentioned in the replies is if the DAC on the folder > is set to world writable (and I agree with all the responses that say this is > a terrible idea) but it still LOOKS like a permissions issue (access denied > or other unexplained failures) did you check if MAC (SELuinux, AppArmor) was > getting in the way? > > HTH, > > Scott > > From: Paul > Sent: March 19, 2021 9:45 AM > To: users@httpd.apache.org > Subject: Re: [users@httpd] Cannot write to the web directory > > Ok , thanks , it doesn’t appear to be a permissions issue. I will check the > php and the apache configuration. > > Envoyé de mon iPad > >>> Le 19 mars 2021 à 08:37, Frank Gingras a écrit : >>> >> >> This is an extremely bad idea. You should never write to the docroot from >> your application. Write outside the docroot instead, and use group write >> permissions. >> >> On Thu, 18 Mar 2021 at 20:15, Tatsuki Makino >> wrote: >> I'm not sure, but FreeBSD happens to be different from Linux, so please >> change the directory group to www as well. >> Permissions of 700, 750, 755, 770 or 775 should be sufficient. >> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >>
Re: [users@httpd] Reverse proxy to a website with HTTPS
On 2021-08-22 4:41 p.m., Scott Trakker wrote:
Hello Apache administrators!
In summary I have the following question:
/How do I correctly configure a reverse proxy that redirects to a
website with HTTPS?/
*My set-up*
A RHEL server (host) with one virtual machine.
The website is running on the virtual machine (also RHEL).
*Virtual host file on the host*
ServerName localhost
DocumentRoot /var/www/html/
ServerName [my.domain.com]
ProxyPreserveHost On
ProxyPass / http://192.168.122.246/ <http://192.168.122.246/>
ProxyPassReverse / http://192.168.122.246/ <http://192.168.122.246/>
ServerName [my.domain.com]
SSLProxyEngine on
ProxyPreserveHost On
ProxyPass / https://192.168.122.246/ <https://192.168.122.246/>
ProxyPassReverse / https://192.168.122.246/ <https://192.168.122.246/>
*Virtual host file on the virtual machine*
ServerName localhost
ServerName [my.domain.com]
DocumentRoot /var/www/html/
RewriteEngine on
RewriteCond %{SERVER_NAME} =[my.domain.com]
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI
<https://%{SERVER_NAME}%{REQUEST_URI>} [END,NE,R=permanent]
ServerName [my.domain.com]
DocumentRoot /var/www/html/
SSLCertificateFile
/etc/letsencrypt/live/[my.domain.com]/fullchain.pem
<http://nextcloud.jeroenverhoeckx.com/fullchain.pem>
SSLCertificateKeyFile
/etc/letsencrypt/live/[my.domain.com]/privkey.pem
<http://nextcloud.jeroenverhoeckx.com/privkey.pem>
Include /etc/letsencrypt/options-ssl-apache.conf
I installed the SSL certificate with certbot of Let's Encrypt and I got
the message that it was installed correctly.
*Problem*
When I go to my domain <https://nextcloud.jeroenverhoeckx.com/>, Firefox
tells me that the website isn't secure.
And when I go to <https://nextcloud.jeroenverhoeckx.com/> I get:
... does not trust this site because it uses a certificate that is not
valid for nextcloud.jeroenverhoeckx.com. The certificate is only valid
for IntelNUC.
Maybe you could start with a "valid for your domain" certificate?
Best -- Paul
*Question*
/What do I need to add to the virtual host file on the host to correctly
pass all HTTPS traffic to the virtual host on the virtual machine?/
Ideally (if possible) I don't request for another SSL certificate or
copy the certificate on the virtual machine to the host.
I'm documenting all the steps on a blog post so others can repeat the
steps that I make. You can find this blog post here
<https://jeroenverhoeckx.com/build-your-own-personal-cloud.html> (still
work in progress / draft).
Any help is appreciated! I searched on the internet but couldn't find
any good documentation for this specific problem.
Your sincerely,
Scott Trakker
/Support the independent web, use //Firefox/
<https://www.mozilla.org/en-US/firefox/new/>
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Re: Overwriting redirect status code
On 2021-08-13 9:59 a.m., alchemist vk wrote:
Hi Eric, thanks for response.
I dont think its getting generated from any other external redirect, as
I have only this alone config in my apache configuration file.
And regarding HTML response, I think this is standard HTML format from
apache.
Eric is far more experienced than I am, but I did notice in your
original email:
Below is the response.
< HTTP/1.1 302 Found
< Date: Wed, 11 Aug 2021 21:38:00 GMT
< Server: Apache
< X-Frame-Options: DENY
< Location: https://{ip}/test_error_404.json
< Content-Length: 252
< Content-Type: text/html; charset=iso-8859-1
<
302 Found
Found
The document has moved https://{ip}/test_error_404.json;>here.
* Closing connection #0
which to me suggests potential confusion between "HTTP/1.1 302 Found"
for your test_error_404.json, but then gets a "HTML 2.0" 'moved'
addition to it. I might start by grepping for (properly escaped)
"Found The document has moved" to find which piece of code
(module, template, whatever) is writing the response (and closing
connection #0 ??)
This of course assumes that your test_error_404.json is properly
executable to output html
Best -- Paul
On Fri, Aug 13, 2021 at 5:00 PM Eric Covener <mailto:cove...@gmail.com>> wrote:
On Fri, Aug 13, 2021 at 12:54 AM alchemist vk
mailto:alchemist...@gmail.com>> wrote:
>
> Any suggestions on above query?
I think the redirect comes from another part of the configuration.
Neither R=404 nor ErrorDOcument /... generates an external redirect.
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
<mailto:users-unsubscr...@httpd.apache.org>
For additional commands, e-mail: users-h...@httpd.apache.org
<mailto:users-h...@httpd.apache.org>
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] maven project repo's for apache httpd code
On 2021-07-28 3:14 p.m., Kavali, Manoj wrote: [snip] This message is confidential and subject to terms at: https://www.jpmorgan.com/emaildisclaimer including [snip] Apart from suggesting that <https://maven.apache.org/> might be a good starting point and does have the data that you you are looking for, are your employers (J.P. Morgan used to be a big bank years ago when I looked at those sort of things) aware that you are sending "message is confidential" information to a somewhat public destination? Best -- Paul Tired old sys-admin - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Four subdomain, fourth redirects to first
On 2021-09-21 6:25 p.m., Daniel Armando Rodriguez wrote:
Here it is the curl result from the same host
[snip]
From apachectl -S I see the problem is related to what vhost is set as
default
VirtualHost configuration:
*:80 is a NameVirtualHost
default server 4.DOMAIN.edu.ar
(/etc/apache2/sites-enabled/1.DOMAIN.conf:1)
What does ls -al /etc/apache2/sites-enabled show? You should most
probably not have a "default", particularly '4.DOMAIN' referencing
'1.DOMAIN'
hth -- P.
port 80 namevhost 4.DOMAIN.edu.ar
(/etc/apache2/sites-enabled/1.DOMAIN.conf:1)
alias 1.DOMAIN.edu.ar
port 80 namevhost 4.DOMAIN.edu.ar
(/etc/apache2/sites-enabled/2.DOMAIN.conf:1)
alias 2.DOMAIN.edu.ar
port 80 namevhost 4.DOMAIN.edu.ar
(/etc/apache2/sites-enabled/4.DOMAIN.conf:1)
alias 4.DOMAIN.edu.ar
port 80 namevhost 4.DOMAIN.edu.ar
(/etc/apache2/sites-enabled/3.DOMAIN.conf:1)
alias 3.DOMAIN.unau.edu.ar
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33
El 2021-09-21 18:48, Frank Gingras escribió:
Show the httpd -S output and results from your tests with curl, then.
It might help to log the host: header in your access log too.
On Tue, 21 Sept 2021 at 17:41, Daniel Armando Rodriguez
wrote:
Changed all vhosts definition the way you suggested, but the issue
still
happens.
El 2021-09-21 16:32, Frank Gingras escribió:
The first mistake is to use the hostnames when defining vhosts.
Define
them all as *:PORT, then test with curl, and run apachectl -S or
httpd
-S to spot any overlap.
On Tue, 21 Sept 2021 at 14:48, Daniel Armando Rodriguez
wrote:
Hi,
I have four subdomains on the same host which work as expected
whis
this
base config
ServerName 4.DOMAIN.edu.ar [2] [2]
ServerAlias 4.DOMAIN.edu.ar [2] [2]
ServerAdmin webmas...@domain.edu.ar
DocumentRoot /var/www/4
Options FollowSymLinks
AllowOverride All
Require all granted
ErrorLog ${APACHE_LOG_DIR}/error_4.log
CustomLog ${APACHE_LOG_DIR}/access_4.log combined
In the particular case of fourth subdomain, gets redirected to
the
first. See
# curl -v -H Host:4.DOMAIN.edu.ar [2] [2] http://INTERNAL-IP/
* Expire in 0 ms for 6 (transfer 0x55669ac96c10)
* Trying INTERNAL-IP...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x55669ac96c10)
* Connected to INTERNAL-IP (INTERNAL-IP) port 80 (#0)
GET / HTTP/1.1
Host:4.DOMAIN.edu.ar [2] [2]
User-Agent: curl/7.64.0
Accept: */*
< HTTP/1.1 301 Moved Permanently
< Date: Tue, 21 Sep 2021 18:32:32 GMT
< Server: Apache/2.4.48
< X-Pingback: http://1.DOMAIN.edu.ar/xmlrpc.php
< X-Redirect-By: WordPress
< Location: https://1.DOMAIN.edu.ar/
< Content-Length: 0
< Content-Type: text/html; charset=UTF-8
<
* Connection #0 to host INTERNAL-IP left intact
As said, domains 1, 3 and 3 works. In fact, when configuring the
4th
just copied the one of the working configs and changed the
subdomain,
directory and also the log. Nothing more, but the result is not
the
one
I expected.
Any hint will be much appreciated.
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Is a home directory for the httpd user safe?
On 2022-02-27 8:39 a.m., Tom Browder wrote: Your query is probably too vague for a helpful response. What system are you using? What FAQs and documents have you read? What specific details are unclear? In order to run a service behind my reverse proxy I need to have a defined user with some kind of writeable home directory. What "service"? What "reverse proxy"? What is "some kind of writeable"? Any directory chmod'ed to 222 would be "writaeable" by anybody (but you might need 666 to have anybody read it) The easy choice to get started is to create a /home/apache directory for my apache user. www-data (the "industry standard user") is most often not installed in /home. What documentation are you relying upon for your "easy choice"? Is that safe or should I do something else? Depends on user/group permissions -- again 222 is probably (but not guaranteed) safe but not very functional I do have my systemd service file working, so I can create a new user for that purpose if need be. If your computer actually boots to a usable interface, systemd is probably running... Paul --- Sunday's tired old sys-admin Thanks. -Tom - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Unable to load javascript files with the apache configuration file
On 2022-03-30 2:17 p.m., SAJESH PC wrote: Iam sharing a screenshot of the browser console errors. Hope this helps. Probably not an apache error. In the section of your HTML, you should have something like: and it might be that you've just got the path wrong. Otherwise pleas send, as text, the relevant lines from /var/log/apache -- either error.log or auth.log P. On Wed, Mar 30, 2022 at 8:14 PM Richard wrote: Date: Wednesday, March 30, 2022 15:57:52 +0530 From: SAJESH PC Hi, I have set up a http server with the configuration given as attachment. But it is not serving javascript files from the folder javascript. It is giving a 404 return code. The real intention here is that the javascript files should not be accessible directly but through html files only or when accessed through software only. How to correct the configuration file. Have you looked at the output in your errors file? It will likely be rather more informative than a simple "404". - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] really basic -- maybe off-topic question
On 2023-11-01 10:30, bruce wrote: I'm looking into Saas apps, and I'm seeing "frameworks". Some of these Saas/App frameworks don't appear to use apache/nginx as a "webserver", but the app will have a "Url" in an "env" file. So, somehow/somewhere the app is implementing some sort of server logic/function. Is this normal? The frameworks I'm seeing are nodejs/Laravel/etc. Is there a way to have the framework be "served" from a normal "webserver" -- eg Apache? One of the framework apps I'm looking at is https://github.com/thedevdojo/wave This is really not an apache / httpd question. It *appears* after a very quick look, to be a cloud based commercial subscription where you have no choice concerning the "cloud server set-up." Their demo at <https://wave.devdojo.com> does produce a purportedly html5 page, which contains 98 errors and 59 warnings according to W3.org at <https://validator.w3.org/nu/?doc=https%3A%2F%2Fwave.devdojo.com%2F=yes> YMMV Paul Thanks for any help/comments/etc!! or, if there are pointers/sites you can point me to on these issues -- that'll work as well! -bruce - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Weird issue with "H2Push" combined with FilesMatch
On 2023-10-24 14:09, Frank Gingras wrote: [snip] Keep in mind that nghttp2 is a build requirement for HTTP/2, which was outlined in the threads pertaining to CVE 2033-44487. Testing with that tool should be fine. Good point, thanks. I had missed it. In the Ubuntu world (nearly all of my servers) <https://ubuntu.com/security/CVE-2023-44487> starts with the statement that "The nginx developers do not consider nginx to be affected by this issue" and seeing that I systematically use nginx as a front end, I didn't read further -- my bad. Thanks Frank. Paul - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Weird issue with "H2Push" combined with FilesMatch
On 2023-10-24 13:17, Jose Stefan wrote: Please don't top-post No, not that I am aware off. The push is only triggered by the "H2PushResource" directive shown. Which I tried to showcase with the 3^rd test. Within fileA.php and fileB.php the stylesheet is loaded with this line: A tag within the html content, and not a header. To perform my tests I'm mostly using the command line: nghttp -vn URL ^^ What version of Apache / httpd? What server system / version? I personally had never heard of Nghttp, and their website appears to have last been updated in 2015. (<https://nghttp2.org/>) But to remove PHP from the equation. I've now peformed the following test. 1. saved the generated content as a static fileA.html 2. changed to this line: And after the test I still get the push. --Jose Stefan ---- *From:* Paul *Sent:* Tuesday, October 24, 2023 12:55 PM *To:* users@httpd.apache.org *Subject:* Re: [users@httpd] Weird issue with "H2Push" combined with FilesMatch On 2023-10-24 11:31, Jose Stefan wrote: Hello, I have a weird issue while using "H2Push". I'm turning it off, but depending where it's nested it doesn't work as expected. Subset of config shown at the end. I'm using version: 2.4.52-1ubuntu4.6 on Ubuntu 22.04 LTS. With the code as presented, it still triggers a push for "fileC.css". I expect NO push to happen as it is turned off before the"H2PushResource..." line. Quick question, not a solution. Does you php (or other static environment) have any 'rel=preload'? Here's where I'm confused. I've performed the following individual tests: * If I use the "H2Push off" outside of the FilesMatch (and comment the one inside), The push doesn't happen. * If I use both "H2Push off" and "H2PushResource..." outside of the FilesMatch (and comment the ones inside), The push doesn't happen. * If I comment out the "H2PushResource..." inside the FilesMatch, the push doesn't happen. Therefore, I know the config is hitting that part. It's only when both lines are inside the FilesMatch that I don't get the expected results. Yet the context for h2push reads: Context: server config, virtual host, directory, .htaccess The plan, eventually, is to enable just the early hints and not the push. But I haven't even gotten to testing that part yet. My version of httpd doesn't support "H2EarlyHint". Subset of the config: -- H2Push on ... ... #H2EarlyHints on #H2Push off #H2PushResource /fileC.css H2Push off H2PushResource /fileC.css #H2EarlyHint ... Available in version 2.4.58 and later. ... ... - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Weird issue with "H2Push" combined with FilesMatch
On 2023-10-24 11:31, Jose Stefan wrote: Hello, I have a weird issue while using "H2Push". I'm turning it off, but depending where it's nested it doesn't work as expected. Subset of config shown at the end. I'm using version: 2.4.52-1ubuntu4.6 on Ubuntu 22.04 LTS. With the code as presented, it still triggers a push for "fileC.css". I expect NO push to happen as it is turned off before the"H2PushResource..." line. Quick question, not a solution. Does you php (or other static environment) have any 'rel=preload'? Here's where I'm confused. I've performed the following individual tests: * If I use the "H2Push off" outside of the FilesMatch (and comment the one inside), The push doesn't happen. * If I use both "H2Push off" and "H2PushResource..." outside of the FilesMatch (and comment the ones inside), The push doesn't happen. * If I comment out the "H2PushResource..." inside the FilesMatch, the push doesn't happen. Therefore, I know the config is hitting that part. It's only when both lines are inside the FilesMatch that I don't get the expected results. Yet the context for h2push reads: Context: server config, virtual host, directory, .htaccess The plan, eventually, is to enable just the early hints and not the push. But I haven't even gotten to testing that part yet. My version of httpd doesn't support "H2EarlyHint". Subset of the config: -- H2Push on ... ... #H2EarlyHints on #H2Push off #H2PushResource /fileC.css H2Push off H2PushResource /fileC.css #H2EarlyHint ... Available in version 2.4.58 and later. ... ... - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Apache 2.4 and php
I'm going nowhere for what must be a small glitch. Ubuntu server 20.04LTS, Apache/2.4.41 (Ubuntu) using mpm_prefork behind Nginx proxy server. We use php 7.4 for many thousands of static pages that use e.g. include 'inc/tophead.html';?> giving us " lang="en"> , css, js, etc" sent to clients. Always reliable, production and backup machines delivering perfectly for many years. Just built a sandbox (to start looking at Apache Solr) as an exact replica of our production servers (but without letsencrypt), exact down to every file, version, release, permission, owner, dot and comma as far as I can see after hours of searching around. The sandbox is delivering "raw text" , not the content of the included file. Log files give no clue -- apache just "200" responses for the text and images, but obviously not the css, js, layout -- syslog, auth, nginx and php exactly the same as on the production servers. Suggestions, pointers, ideas would be warmly welcomed -- and save what's left of my sanity ;=} Many thanks, Paul - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Apache 2.4 and php
On 2022-07-06 08:27, Frank Gingras wrote: First off, I would suggest not using prefork and mod_php, unless traffic is minimal and performance is not a concern. Nowadays, the scalable solution is to use php-fpm, and use a threaded mpm like event. Many thanks. Point well taken, on my "to do" list for a long time. My only excuse: the production server is very stable, rarely even approaches 10^6 hits a day, and whispers along quite nicely on 32 (64t) cores - uptime currently at 326 days. What I need to do is to use the sandbox (subject of this thread) to delve into Apache Solr. I am just astounded that a mirror copy is failing abjectly. Secondly, for your issue, you will need to look into the php logs as php is generating the response. There is absolutely nothing in the php logs -- I get the impression that the Apache back end is just not calling the php includes. The site itself was rsynced from production, everything else looks "forensically" identical. Maybe I'll just rebuild it again from scratch, as I may have made some sort of mistake somewhere, the order of installing the various elements, whatever... Again thanks -- Paul On Tue, 5 Jul 2022 at 16:24, Paul wrote: I'm going nowhere for what must be a small glitch. Ubuntu server 20.04LTS, Apache/2.4.41 (Ubuntu) using mpm_prefork behind Nginx proxy server. We use php 7.4 for many thousands of static pages that use e.g. giving us " , css, js, etc" sent to clients. Always reliable, production and backup machines delivering perfectly for many years. Just built a sandbox (to start looking at Apache Solr) as an exact replica of our production servers (but without letsencrypt), exact down to every file, version, release, permission, owner, dot and comma as far as I can see after hours of searching around. The sandbox is delivering "raw text" , not the content of the included file. Log files give no clue -- apache just "200" responses for the text and images, but obviously not the css, js, layout -- syslog, auth, nginx and php exactly the same as on the production servers. Suggestions, pointers, ideas would be warmly welcomed -- and save what's left of my sanity ;=} Many thanks, Paul - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] setting up a new site?
On 2022-06-19 03:32, gene heskett wrote: [snip] I have now setup a www/geneslinuxbox directory with one file in it for test. I want to use a OT Passwd, before granting access which should stop the bots. Is there a module that will do that? Assuming "OT" was your typo for "HT", pls see the Apache documentation at <https://httpd.apache.org/docs/2.4/howto/auth.html> [snip] 2 more questions: What do I put in robots.txt?, User-agent: * Disallow: / and where in the above hierarchy do I put it to discourage most of the bots? At the root of the website, e.g. <https://www.example.com/robots.txt> (and it must not be repeated elsewhere.) Paul --- Tired old sys-admin - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Linking website pages with Apache on LocalHost
On 2022-04-27 12:25 p.m., DiversityLink/Milt Spain wrote: I have gotten Apache2.4 installed and running on my local computer. It’s on the C drive and the website is at C:/Apache24/htdocs/Milt.com. The Milt.com folder contains Index (htm file) and Page1 (html file). 127.0.0.1/Milt.com displays the Index. Now I want a hyperlink on the Index page that will bring up Page1. Probably not ana Apache problem; have you tried: If that fails look in your logs and send the relevant lines to this list. Good luck -- Paul I have been unable to make anything work. Is Page1 in the wrong place or could I be using the wrong path in the hyperlink (I’ve tried several without success)? All assistance will be appreciated. Milt Spain - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] SSLCertificateFile localhost.crt does not exist
On 2022-12-28 14:35, Jeffrey Denison wrote: Can someone tell me how to remove Apache 2.4 HTTP server I installed from source? I can't get it to run & I see it's in the Fedora repos & can be installed from dns. I thought I might have better success if I remove the one I installed & reinstall from the command line. I don't see any uninstall command & see pieces scattered in various directories. thanks Have you tried to reverse your install with: # make uninstall If you've deleted the original source you might have to go through the whole install again so that you can use makefile to see what and where the various bits are, and then remove them one by one. Alternately 'locate' or 'find' any files with names like 'apache' or 'httpd' that are dated suitably (could be the source date or the date you installed or modified) and delete them by hand. Installing from a proper package should (could, might) clean up anything accidentally left behind. Note that I'm more of a Debian person, so Fedora / Red Hat might have some quirks, and YMMV, Also, there used to be a good user /developer group "fedorapeople.org" Happy 2023 to all on this list. Paul On 12/27/22, Frank Gingras wrote: The first is a warning, and it tells you how to suppress it. The second implies that you need to remove the pidfile before you can restart httpd, so do that. On Sun, Dec 25, 2022 at 3:10 PM Jeffrey Denison wrote: @vicky chb I changed ssl.conf but don't know how to replace the SSLcertificatekeyFile directive. Can you tell me how to do that. Now I get this error msg: $ httpd AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::36d6:b0f7:e2cc:c2ba%eno1. Set the 'ServerName' directive globally to suppress this message (13)Permission denied: AH00058: Error retrieving pid file run/httpd.pid AH00059: Remove it before continuing if it is corrupted. On 12/25/22, vicky chb wrote: Its not a command. Go to /etc/httpd/conf.d/ and open ssl.conf in vi or whichever editor you like. Search for the below mentioned Directive line SSLCertificateFile: '/etc/pki/tls/certs/localhost.crt' edit this line and replace localhost.crt with your certificate name here ca-bundle.crt or ca-bundle.trust.crt Also, replace SSLCertificateKeyFile directive with your private key. On Sun, 25 Dec 2022, 14:14 Jeffrey Denison, wrote: Thanks Vicky. Can you give me the whole command? On 12/24/22, vicky chb wrote: Hi, Change "localhost.crt" to your current certificate name present in the mentioned directory. The syntax is by default, you may need to change as per your certificate names. Instead of this: SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' do this: SSLCertificateFile: file '/etc/pki/tls/certs/ca-bundle.crt' or SSLCertificateFile: file '/etc/pki/tls/certs/ca-bundle.trust.crt' On Sun, 25 Dec 2022, 11:18 Jeffrey Denison, < jeffrey.deni...@gmail.com> wrote: Hi, I installed Apache 2.4.54 on Fedora 37. I get the following error when I attempt to run it: $ httpd AH00526: Syntax error on line 101 of /etc/httpd/conf.d/ssl.conf: SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty $ ls /etc/pki/tls/certs ca-bundle.crt ca-bundle.trust.crt - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] SSLCertificateFile localhost.crt does not exist
On 2022-12-28 15:45, Jeffrey Denison wrote:
Thanks @Paul. I do still have the original source. I tried that. Got
an error msg.
$ sudo make uninstall
[sudo] password ...
make: *** No rule to make target 'uninstall'. Stop.
I was a bit afraid that might happen ('uninstall' used to be a bit more
common, but seems to have gone out of style over the years.)
Normally, after un-tar-ing your source, you would run ./configure
(options, modules, paths, variable, whatever) before running '# make'
(which actually compiles everything without installing it) but you
should be able to run 'make -n' or 'make --dry-run' which (quoting from
-h) means "Don't actually run any recipe; just print them" -- this
should be a quite detailed overview of what 'make install' intends to
compile and write to your server.
Hope this helps, and good luck.
Paul
Is there a file in the source directory giving explicit installation
locations & files?
I'll dig into that group.
thanks
On 12/28/22, Paul wrote:
On 2022-12-28 14:35, Jeffrey Denison wrote:
Can someone tell me how to remove Apache 2.4 HTTP server I installed
from source? I can't get it to run & I see it's in the Fedora repos &
can be installed from dns. I thought I might have better success if I
remove the one I installed & reinstall from the command line. I don't
see any uninstall command & see pieces scattered in various
directories.
thanks
Have you tried to reverse your install with:
# make uninstall
If you've deleted the original source you might have to go through the
whole install again so that you can use makefile to see what and where
the various bits are, and then remove them one by one.
Alternately 'locate' or 'find' any files with names like 'apache' or
'httpd' that are dated suitably (could be the source date or the date
you installed or modified) and delete them by hand. Installing from a
proper package should (could, might) clean up anything accidentally left
behind.
Note that I'm more of a Debian person, so Fedora / Red Hat might have
some quirks, and YMMV, Also, there used to be a good user /developer
group "fedorapeople.org"
Happy 2023 to all on this list.
Paul
On 12/27/22, Frank Gingras wrote:
The first is a warning, and it tells you how to suppress it.
The second implies that you need to remove the pidfile before you can
restart httpd, so do that.
On Sun, Dec 25, 2022 at 3:10 PM Jeffrey Denison
wrote:
@vicky chb
I changed ssl.conf but don't know how to replace the
SSLcertificatekeyFile directive. Can you tell me how to do that.
Now I get this error msg:
$ httpd
AH00558: httpd: Could not reliably determine the server's fully
qualified domain name, using fe80::36d6:b0f7:e2cc:c2ba%eno1. Set the
'ServerName' directive globally to suppress this message
(13)Permission denied: AH00058: Error retrieving pid file run/httpd.pid
AH00059: Remove it before continuing if it is corrupted.
On 12/25/22, vicky chb wrote:
Its not a command. Go to /etc/httpd/conf.d/ and open ssl.conf in vi or
whichever editor you like. Search for the below mentioned Directive
line
SSLCertificateFile: '/etc/pki/tls/certs/localhost.crt'
edit this line and replace localhost.crt with your certificate name
here
ca-bundle.crt or ca-bundle.trust.crt
Also, replace SSLCertificateKeyFile directive with your private key.
On Sun, 25 Dec 2022, 14:14 Jeffrey Denison,
wrote:
Thanks Vicky. Can you give me the whole command?
On 12/24/22, vicky chb wrote:
Hi,
Change "localhost.crt" to your current certificate name present in
the
mentioned directory. The syntax is by default, you may need to
change
as
per your certificate names.
Instead of this:
SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt'
do this:
SSLCertificateFile: file '/etc/pki/tls/certs/ca-bundle.crt'
or
SSLCertificateFile: file '/etc/pki/tls/certs/ca-bundle.trust.crt'
On Sun, 25 Dec 2022, 11:18 Jeffrey Denison, <
jeffrey.deni...@gmail.com>
wrote:
Hi,
I installed Apache 2.4.54 on Fedora 37. I get the following error
when
I attempt to run it:
$ httpd
AH00526: Syntax error on line 101 of /etc/httpd/conf.d/ssl.conf:
SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does
not
exist or is empty
$ ls /etc/pki/tls/certs
ca-bundle.crt ca-bundle.trust.crt
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
-
To
Re: [users@httpd] Product Bug h5bp/tls/certificate_files.conf
On 2023-02-10 12:50, Zahid Rahman wrote:
It is hardcoded in the original file see repository.
https://github.com/h5bp/server-configs-apache/blob/main/h5bp/tls/certificate_files.conf
<https://github.com/h5bp/server-configs-apache/blob/main/h5bp/tls/certificate_files.conf>
Unless I'm mistaken this is the htppd.apache.org mailing list. You refer
to github, where there is a lot of very good material and some
potentially less reliable by-products. In no way am I suggesting that
"/blob/main/h5bp/" is short of common sense, but *if* you have followed
that thread, perhaps your questions and solutions lie there?
As I am using letsencrypt I do not need to include the file
h5bp/tls/certificate_files.conf as suggested by Florian.
So what does 'Florian' say about your failure? (apologies, I have no
clue about who he/she might be; from my records, not a participant in
this mailing list.)
I included this file because it was suggested I should in the template
https://github.com/h5bp/server-configs-apache/blob/main/vhosts/templates/example.com.conf
<https://github.com/h5bp/server-configs-apache/blob/main/vhosts/templates/example.com.conf>
With respect "h5bp" advertises that it is "A bunch of people creating
open source software. Fork a project and get involved!" with 39 members
(<https://h5bp.org/> retrieved 2023-02-10). Apache is somewhat
exponentially more widespread.
Please move your questions to where they belong.
Good luck.
Paul
---
Tired old sys-admin
On Fri, 10 Feb 2023, 17:26 Paul, <mailto:storm...@stormy.ca>> wrote:
On 2023-02-10 09:38, Zahid Rahman wrote:
> *my apache2 installation directory is /etc/apache2 not /usr/local
> *
> *looks like some kind of hard coding error
OK -- so what/why did you "hard code" to /usr/local ?
> *$ syst$emctl status apache2.service*
Assuming this is a typo for "systemctl status apache2.service"
[snip]
> Active: failed (Result: exit-code) since Fri 2023-02-10
14:29:33
> UTC; 12s ago
[snip]
> Feb 10 14:29:33 ubuntu apachectl[16627]: AH00526: Syntax error on
line
> 29 of
/etc/apache2/backbutton_configs/h5bp/tls/certificate_files.conf:
> Feb 10 14:29:33 ubuntu apachectl[16627]: SSLCertificateFile: file
> *'/usr/local/*apache2/certs/default.crt' does not exist or is empty
OK -- again, what/how/why did you hard code to /usr/local? Obviously
Apache can't find it. If it truly exists, permissions? (and that's a
long shot.)
[snip]
> *$ journalctl -xeu apache2.service*
[snip]
> Feb 10 13:52:48 ubuntu apachectl[15717]: AH00526: Syntax error on
line
> 29 of
/etc/apache2/backbutton_configs/h5bp/tls/certificate_files.conf:
> Feb 10 13:52:48 ubuntu apachectl[15717]: SSLCertificateFile: file
> '*/usr/local/*apache2/certs/default.crt' does not exist or is empty
Same error.
Critical thinking, a rather old-fashioned concept, suggests that you
might, eventually, last-ditch, examine the meaning of the words "does
not exist".
Good luck.
Best,
Paul
---
Tired old sys-admin, who gave up crystal ball gazing in 1954 using
FORTRAN on an IBM 704
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
<mailto:users-unsubscr...@httpd.apache.org>
For additional commands, e-mail: users-h...@httpd.apache.org
<mailto:users-h...@httpd.apache.org>
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Product Bug h5bp/tls/certificate_files.conf
On 2023-02-10 09:38, Zahid Rahman wrote: *my apache2 installation directory is /etc/apache2 not /usr/local * *looks like some kind of hard coding error OK -- so what/why did you "hard code" to /usr/local ? *$ syst$emctl status apache2.service* Assuming this is a typo for "systemctl status apache2.service" [snip] Active: failed (Result: exit-code) since Fri 2023-02-10 14:29:33 UTC; 12s ago [snip] Feb 10 14:29:33 ubuntu apachectl[16627]: AH00526: Syntax error on line 29 of /etc/apache2/backbutton_configs/h5bp/tls/certificate_files.conf: Feb 10 14:29:33 ubuntu apachectl[16627]: SSLCertificateFile: file *'/usr/local/*apache2/certs/default.crt' does not exist or is empty OK -- again, what/how/why did you hard code to /usr/local? Obviously Apache can't find it. If it truly exists, permissions? (and that's a long shot.) [snip] *$ journalctl -xeu apache2.service* [snip] Feb 10 13:52:48 ubuntu apachectl[15717]: AH00526: Syntax error on line 29 of /etc/apache2/backbutton_configs/h5bp/tls/certificate_files.conf: Feb 10 13:52:48 ubuntu apachectl[15717]: SSLCertificateFile: file '*/usr/local/*apache2/certs/default.crt' does not exist or is empty Same error. Critical thinking, a rather old-fashioned concept, suggests that you might, eventually, last-ditch, examine the meaning of the words "does not exist". Good luck. Best, Paul --- Tired old sys-admin, who gave up crystal ball gazing in 1954 using FORTRAN on an IBM 704 - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Still have messed up TLS
On 2023-11-26 16:12, John wrote: After a week of chasing this around I have managed to change the problem several times but I'm still unable to get Apache started. I **think** there is something unrelated to the error that I'm seeing that may have been included in the default config but before I go down that rabbit hole I realize that I am making a number of assumptions because I don't know how to check, so if everyone would please bear with me, and my apologies in advance: Here are the relevant parts of the full configuration: /usr/sbin/httpd -M I think you said you were using "Rocky Linux" associated with RHEL which may use /usr/sbin/httpd rather than /usr/share/apache2 (debian). If "Rocky" is a spin-off (I have no knowledge of it) perhaps they have a "users list" that could help you? In any case what is the output of 'apachectl -S' (or perhaps 'httpd -S')? Is it only your TLS that is problematic, or are there other underlying glitches? You write "httpd.service: Main process exited, code=exited, status=1/FAILURE" and this looks to me that it could preceed any TLS certs. Also, your "SSLCACertificateFile" probably has to be used carefully. It "can be used alternatively and/or additionally to "SSLCACertificatePath" and should only be used if "SSLCADNRequestPath or SSLCADNRequestFile" are missing. See <https://httpd.apache.org/docs/2.4/mod/mod_ssl.html>. Yours appear to be missing from what you write (please delete all rem'ed out lines, it's rather boring) - are you sure this is what you want? Good luck -- Paul ***89 deleted module lines here** ssl_module (shared) systemd_module (shared) the full config file for the ONLY https virtual server -- # SSL Support for Coax Publications ONLY! ServerName www.coaxpublications.ca # ServerAlias t.coaxpublications.ca DocumentRoot /usr/httpd/coax Options -MultiViews H2Direct on ProxyPassMatch "^/.*\.php(/.*)?$" fcgi://127.0.0.1:9002/usr/httpd/coax SSLEngine on # SSLCipherSuite HIGH: !ADH: !SSLv2: !SSLv3: !TLSv1: !RC4: !PSK: !MD5 SSLCipherSuite TLSv1.3 SSLCertificateFile /etc/httpd/conf/sslcert/www.coaxpublications.ca.pem SSLCertificateKeyFile /etc/httpd/conf/sslcert/www.coaxpublications.ca.key SSLCACertificateFile /etc/httpd/conf/sslcert/intermediate.crt SSLHonorCipherOrder on Header always set Strict-Transport-Security "max-age-63072000;includeSubDomains" # Redirect if logon is to coaxpublications without the 'www' ServerName coaxpublications.ca Redirect permanent / https://www.coaxpublications.ca -- the systemctl status on attempting to start: -- # systemctl status httpd × httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; preset: disabled) Drop-In: /usr/lib/systemd/system/httpd.service.d └─php-fpm.conf Active: failed (Result: exit-code) since Sun 2023-11-26 15:14:50 EST; 25min ago Duration: 1d 22h 32min 36.626s Docs: man:httpd.service(8) Process: 56733 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE) Main PID: 56733 (code=exited, status=1/FAILURE) Status: "Reading configuration..." CPU: 25ms Nov 26 15:14:50 prod02 systemd[1]: Starting The Apache HTTP Server... Nov 26 15:14:50 prod02 systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE Nov 26 15:14:50 prod02 systemd[1]: httpd.service: Failed with result 'exit-code'. Nov 26 15:14:50 prod02 systemd[1]: Failed to start The Apache HTTP Server. -- our production TLS certificate. The one on the problem server is a .pem version of the same thing because it will eventually replace this server. What I don't know is how to confirm that the .pem cert is identical to this one. -- Certificate for www.coaxpublications.ca -- the error log for mod_ssl -- Sun Nov 26 15:14:50.745976 2023] [ssl:warn] [pid 56733:tid 56733] AH01909: www.iliffe.ca:443:0 server certificate does NOT include an ID which matches the server name -- Now here is where I get really confused: there is NO config file for virtual server iliffe.ca that makes it an HTTPS server. It is simply our test server and runs as http on port 80. The only possible reason that I can think of why this should have been included in the https chain as needing a certificate is the default Rocky ssl.conf file that gets automatically inserted (include *.conf) at startup and comes w
Re: [users@httpd] Unicode Chars not working
On 2023-11-13 22:17, Chris me wrote: I rechecked the response headers, interesting thing is the server that works is just sending content-type: text/thml but the one that does not work is sending content-type: text/html and charset=UTF-8 even though it is sending the charset after I un-commented it in charset.conf. So why does the old server work properly even though it does not explicitly set the charset, but the new server does not, even when it is set? Is it the linux system itself that might be serving the file to apache weird? [off-apache-topic] To eliminate all charset | meta | newer browser compliance | whatever questions and solve them later, why not manually just get rid of all non-utf-8 content? It's trivial to find them using e.g.: grep -axv '.*' *.html Mix and match to your directory content. Note this assumes your 'locale' is utf-8 Paul One thing I did notice in the headers, is the old server has transfer-encoding: chunked but the new server does not have that, it has Vary: accept-encoding *From:* phunction *Sent:* Saturday, November 11, 2023 4:14 PM *To:* users@httpd.apache.org *Subject:* Re: [users@httpd] Unicode Chars not working Seeing how it's an exact copy from the other server and the other server is fine I would think that's more of a Apache configuration isn't it? The content itself does not specify a character set. Sent from my Galaxy Original message From: Frank Gingras mailto:thu...@apache.org>> Date: 2023-11-11 4:02 p.m. (GMT-08:00) To: users@httpd.apache.org <mailto:users@httpd.apache.org> Subject: Re: [users@httpd] Unicode Chars not working On Sat, Nov 11, 2023 at 6:49 PM Chris me <mailto:phunct...@hotmail.com>> wrote: Hi, I am moving my site from one server to another, both are apache 2. The files where tarred and zipped on one linux server and copied to another linux server. On the new server, any pages with a Unicode character is getting served with the black diamond and question mark. I enabled AddDefaultCharset UTF-8 on the new server it does not make a difference. What else do I need to change? Are you sure your content is not producing html header with the wrong charset? I would inspect it. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Unicode Chars not working
Please see below, I do not top post. On 2023-11-12 17:09, Chris me wrote: Yes, the headers are the same on both, there is no header directive to set character set, as I have stated. IE, there is nothing like content="text/html; charset=iso-8859-1" /> in the header. There has to be something different in the 2 apache servers, the one that works is an older 2.4.4 and the new one is 2.4.57 that is not working right. Still can’t figure out what is causing the difference. *From:* Frank Gingras *Sent:* Saturday, November 11, 2023 5:44 PM *To:* users@httpd.apache.org *Subject:* Re: [users@httpd] Unicode Chars not working On Sat, Nov 11, 2023 at 8:31 PM phunction <mailto:phunct...@hotmail.com>> wrote: Seeing how it's an exact copy from the other server and the other server is fine I would think that's more of a Apache configuration isn't it? The content itself does not specify a character set. Sent from my Galaxy Original message From: Frank Gingras mailto:thu...@apache.org>> Date: 2023-11-11 4:02 p.m. (GMT-08:00) To: users@httpd.apache.org <mailto:users@httpd.apache.org> Subject: Re: [users@httpd] Unicode Chars not working On Sat, Nov 11, 2023 at 6:49 PM Chris me mailto:phunct...@hotmail.com>> wrote: Hi, I am moving my site from one server to another, both are apache 2. The files where tarred and zipped on one linux server and copied to another linux server. On the new server, any pages with a Unicode character is getting served with the black diamond and question mark. I enabled AddDefaultCharset UTF-8 on the new server it does not make a difference. What else do I need to change? Are you sure your content is not producing html header with the wrong charset? I would inspect it. Try to inspect the response headers with your browser (F12) next. Latest W3 strongly suggests (even will give an error if missing) having a . Have you tried this on your original website? This should confirm that you have no charset errors. You could also try # rsync -avz from the original to a clean directory on the new server, rather than tar zip. If the original was utf-8 and not some variant, it should copy faithfully. I can confirm that utf-8 from 2.4.4 to 2.4.52 (note, not 57) works perfectly. Paul - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] ubuntu apache2
edit your vhost directly, and read about the context for directives. On 2023-11-12 00:35, bruce wrote: ok.. weird... A couple of questions. If you have access to and root privileges on your server, what system are you running? (# cat /etc/os-release) - I think you said Ubuntu. Maybe # apache2 -v would be useful as you mention digitalocean -- have you asked them if they installed a differing compilation or .conf? appears might have been a timing thing.. "timing thing" -- how do you define this? (no answer required if you don't have a relevant IT answer) i get errs.. but they're all apache errs.. except -- now shows nginx... this is weird! What does # nginx -T show? (please don't post it here, this is not an nginx list). If it shows anything, you may well not yet have an Apache problem. You will have to be certain that nginx is passing the required and properly formatted request to apache/httpd. [assuming nginx is properly configured for your specific case, and assuming that the nginx error.log shows nothing relevant, although it might give you something in access.log] have you reviewed and analysed "but they're *all* apache errs" one by one and tried to trace and correct them? Good luck, Paul - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [EMAIL PROTECTED] 2.0.55 or 2.2.0?
Andrey Kuznetsov wrote: I would say think of v2.2.0 as a 64 bit version of your system if you instal one, and v2.0.55 is the 32 bit version. Some thing will run some will have to be recomplied and done over again. I would stick to v2.0.55 for now, until most of the modules have been compiled to run with Apache v2.2.0 Please tell us which specific modules have issues -- most common ones like mod_php and such are known to work fine with 2.2.0. A generic statement like 'until most of the modules have been compiled to run with Apache v2.2.0' isn't helpful to anyone. -Paul - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] LDAP crashes
Running Apache server 2.0.55 on Windows NT. If I load LDAP as
followsin the httpd.conf file:LoadModule ldap_module
modules/util_ldap.soLoadModule auth_ldap_module
modules/mod_auth_ldap.sothe server crashes during shutdown of server and
during any attempteduse of ldap for authentication.No error messages
are written into the log. The only visible effect isthe usual Windows
popup box ("Referenced memory at "0x0". Memorycould not be "read"
etc.).Does anyone know why this might happen?(I installed Apache
using the *.msi file, so I don't know what buildoptions were used. I assume
that --with-ldap was used during the build.Otherwise, why would the
ldap modules were bundled? But...
Whoknows.)ThanksPaul
[EMAIL PROTECTED] HTTP 2 connection limit and web services
Hi, I was wondering if anyone can shed any light on performance limits with web services. Apache is used as the HTTP server for a web service. The web service is called by another server, so there is only one client for this web service. The HTTP 1.1 specification says that only 2 simultaneous connections are allowed per client, but in this case, since its SOAP, with only 1 client, I'd like to increase this. Can anyone tell me if there is any configuration to be done for Apache, or on the client, which is an ASP.NET application running on Server2003/IIS6 Thanks in advance, Paul - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Re: PidFile tag in httpd.conf for Apache 2.2
Vengal, Thomas (OpenViewRD) wrote: The line PidFile logs/httpd.pid used to exist in all versions Apache HTTP Server prior to 2.2.0 version. Any specific reason as to why this was removed from httpd.conf for Apache 2.2.0 version? I could not get the details in the release documentation. It was removed from the default configuration because as indicated in the documentation[1], logs/httpd.pid is the default value for this directive. As a general rule, any directive that has a sensible default value, and does not normally need to be changed by the end user, was removed from the default configuration in 2.2. You are still free to add it back to your configuration, if you wish. [1] - http://httpd.apache.org/docs/2.2/mod/mpm_common.html#pidfile - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] mod_rewrite question
That is correct. My understanding is that Cisco Pix 505 can't do the port forwarding so that is the reason why I was looking on doing this. Thanks -- Paul Aviles -- Original Message --- From: Gaël Lams [EMAIL PROTECTED] To: users@httpd.apache.org Sent: Tue, 14 Mar 2006 14:14:45 +0100 Subject: Re: [EMAIL PROTECTED] mod_rewrite question Hi I am pulling my hair out with this. I have a single public IP and already have a web server redirected on the firewall from the external IP to the private IP of 10.5.36.5. Now I need to enable another box (10.5.36.6) running on port 80 to be accessible from the outside. 10.5.36.6 is a physically separated server, isn't it (you said another box)? If it's the case, it has nothing to do with mod_rewrite, only with your firewall (I suppose that you only have one unique public ip address). You need to configure your firewall to forward requests made oon port 81 to 10.5.36.6:80. Regards, Gaël --- End of Original Message --- - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Password protect apache home directories
hi there, what i'm trying to do is set apache so that when i user trys to access there home directory http://www.example.com/~username they have to enter there password/username? without adding in each home directory into my httpd.conf file and then adding require valid username is there a way i can do this automatically? - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Password protect apache home directories
hi there, what i'm trying to do is set apache so that when i user trys to access there home directory http://www.example.com/~username they have to enter there password/username? without adding in each home directory into my httpd.conf file and then adding require valid username is there a way i can do this automatically? - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] I've found this website http://httpd.apache.org/docs/2.2/mod/mod_authz_owner.html but i'm not sure if i have the mod_authz_owner can someone tell me how to find out if i do? if someone here has ever used this mod or knows how to use it with ldap can they tell me about it. this is my current setup and it's not working, it's just denying me access Directory /home/*/public_html AuthType Basic AuthName Case Network ID AuthLDAPURL ldap://127.0.0.1/ou=people,dc=fedora,dc=directory,dc=server; AuthLDAPBindDN uid=root,ou=people,dc=fedora,dc=directory,dc=server AuthLDAPBindPassword password Satisfy All require file-owner /Directory when i change it to require valid-user it works - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Password protect apache home directories
hi there, what i'm trying to do is set apache so that when i user trys to access there home directory http://www.example.com/~username they have to enter there password/username? without adding in each home directory into my httpd.conf file and then adding require valid username is there a way i can do this automatically? - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] I've found this website http://httpd.apache.org/docs/2.2/mod/mod_authz_owner.html but i'm not sure if i have the mod_authz_owner can someone tell me how to find out if i do? if someone here has ever used this mod or knows how to use it with ldap can they tell me about it. this is my current setup and it's not working, it's just denying me access Directory /home/*/public_html AuthType Basic AuthName Case Network ID AuthLDAPURL ldap://127.0.0.1/ou=people,dc=fedora,dc=directory,dc=server; AuthLDAPBindDN uid=root,ou=people,dc=fedora,dc=directory,dc=server AuthLDAPBindPassword password Satisfy All require file-owner /Directory when i change it to require valid-user it works - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] okay i'm not having a lot of luck with this, can just ask a simple quesion then, how can find out if i have authz_owner_module installed and is being used by apache? - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Password protect apache home directories
On Wednesday 22 March 2006 10:12, Paul Matthews wrote: okay i'm not having a lot of luck with this, can just ask a simple quesion then, how can find out if i have authz_owner_module installed and is being used by apache? Look in your error log. -- Nick Kew - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] this is what i found in the /etc/log/httpd/error_log [Wed Mar 22 20:53:56 2006] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads. [Wed Mar 22 20:53:57 2006] [notice] Apache/2.0.54 (Fedora) configured -- resuming normal operations [Wed Mar 22 20:58:19 2006] [error] [client 192.168.1.34] access to /~root/ failed, reason: unknown require directive:file-owner [Wed Mar 22 20:58:19 2006] [error] [client 192.168.1.34] access to /~root/ failed, reason: user root not allowed access [Wed Mar 22 20:58:21 2006] [error] [client 192.168.1.34] access to /~root/ failed, reason: unknown require directive:file-owner [Wed Mar 22 20:58:21 2006] [error] [client 192.168.1.34] access to /~root/ failed, reason: user root not allowed access [Wed Mar 22 20:58:23 2006] [error] [client 192.168.1.34] access to /~root/ failed, reason: unknown require directive:file-owner [Wed Mar 22 20:58:23 2006] [error] [client 192.168.1.34] access to /~root/ failed, reason: user root not allowed access [Wed Mar 22 20:58:37 2006] [error] [client 192.168.1.34] access to /~pma/ failed, reason: unknown require directive:file-owner [Wed Mar 22 20:58:37 2006] [error] [client 192.168.1.34] access to /~pma/ failed, reason: user pma not allowed access [Wed Mar 22 20:58:39 2006] [error] [client 192.168.1.34] access to /~pma/ failed, reason: unknown require directive:file-owner [Wed Mar 22 20:58:39 2006] [error] [client 192.168.1.34] access to /~pma/ failed, reason: user pma not allowed access [Wed Mar 22 20:59:04 2006] [error] [client 192.168.1.34] access to /~pma/ failed, reason: unknown require directive:file-owner [Wed Mar 22 20:59:04 2006] [error] [client 192.168.1.34] access to /~pma/ failed, reason: user pma not allowed access [Wed Mar 22 20:59:10 2006] [error] [client 192.168.1.34] access to /~pma/ failed, reason: unknown require directive:file-owner [Wed Mar 22 20:59:10 2006] [error] [client 192.168.1.34] access to /~pma/ failed, reason: user pma not allowed access [Wed Mar 22 20:59:12 2006] [error] [client 192.168.1.34] access to /~pma/ failed, reason: unknown require directive:file-owner [Wed Mar 22 20:59:12 2006] [error] [client 192.168.1.34] access to /~pma/ failed, reason: user pma not allowed access [Wed Mar 22 20:59:14 2006] [error] [client 192.168.1.34] access to /~pma/ failed, reason: unknown require directive:file-owner [Wed Mar 22 20:59:14 2006] [error] [client 192.168.1.34] access to /~pma/ failed, reason: user pma not allowed access but as you can see on this website http://httpd.apache.org/docs/2.2/mod/mod_authz_owner.html the command file-owner is real ... - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Password protect apache home directories
-Original Message- From: Paul Matthews [mailto:[EMAIL PROTECTED] http://httpd.apache.org/docs/2.2/mod/mod_authz_owner.html okay i'm not having a lot of luck with this, can just ask a simple quesion then, how can find out if i have authz_owner_module installed and is being used by apache? 1) Go to the doc page listed above. 2) In the info box, top-left, there is a line Status. That reads extension. 3) Click on the word Status. This takes you to a page that tells you what extension means. Namely: A module with Extension status is not normally compiled and loaded into the server. To enable the module and its functionality, you may need to change the server build configuration files and re-compile Apache. In other words, this is a module that you might find useful but that's not popular enough to be included by default into apache. If you want it, you have to compile it specially when you compile apache and then either statically link it into apache or load it dynamically at run-time. To check you don't already have it: 1) Static: go to the apache bin directory, do ./httpd -l. This will tell you all the modules that are statically compiled into apache. 2) Dynamic: Look in the apache modules directory, look for mod_authz_owner.so. If you have it, you can load it with LoadModule (see docs for details). If you don't have it, you have to compile it. Start at http://httpd.apache.org/docs/2.2/install.html and post back if you get stuck. Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a private and personal nature. It is not related to the exchange or business activities of the SWX Group. Le présent e-mail est un message privé et personnel, sans rapport avec l'activité boursière du Groupe SWX. This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] hey thanks for that Owen, but i'm looking on the website i had up but i don't see any place to download the file? can you tell me where you download mod files for apache? - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Mod_Authz_Unixgroup
Hi everyone, i've come accross an apache mod that i'm trying to get working, but i'm getting some error messages when i try and follow the install.txt doc the install file is at the bottom of the e-mail, i can the command it told me to run and i got this output [EMAIL PROTECTED] mod_authz_unixgroup-1.0.0]# /usr/sbin/httpd -l Compiled in modules: core.c prefork.c http_core.c mod_so.c so i have the mod_so.c ... but when i follow the next step i get this error message [EMAIL PROTECTED] mod_authz_unixgroup-1.0.0]# apxs -c mod_authz_unixgroup.c /bin/sh /usr/lib/apr/build/libtool --silent --mode=compile gcc -prefer-pic -O2 -g -pipe -m32 -march=i386 -mtune=pentium4 -DAP_HAVE_DESI GNATED_INITIALIZER -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -pthread -I/usr/incl ude/apr-0 -I/usr/include/httpd -c -o mod_authz_unixgroup.lo mod_authz_unixgroup.c touch mod_authz_unixgroup.slo mod_authz_unixgroup.c:5:22: mod_auth.h: No such file or directory mod_authz_unixgroup.c: In function `authz_unixgroup_check_user_access': mod_authz_unixgroup.c:184: error: `AUTHZ_GROUP_NOTE' undeclared (first use in this function) mod_authz_unixgroup.c:184: error: (Each undeclared identifier is reported only once mod_authz_unixgroup.c:184: error: for each function it appears in.) apxs:Error: Command failed with rc=65536 INSTALL.TXT file Step 1: Ensure that your Apache server is configured to handle dynamically loaded modules. To check this, run Apache server with the -l command flag, like httpd -l If mod_so.c is one of the compiled-in modules, then you are ready to go. Step 2: Compile the module using the following command in the mod_authz_unixgroup distribution directory: apxs -c mod_authz_unixgroup.c 'Apxs' is the Apache extension tool. It is part of the standard Apache installation. If you don't have it, then your Apache server is probably not set up for handling dynamically loaded modules. This should create a file named 'mod_authz_unixgroup.so'. Step 3: Install the module. Apxs can do this for you too. Do the following command (as root so you can write to Apache's directories and config files): apxs -i -a mod_authz_unixgroup.la This will create mod_authz_unixgroup.so and copy it into the proper place, and add appropriate AddModule and LoadModule commands to the configuration files. (Actually, it may get the LoadModule command wrong. See below.) Step 4: Go to the CONFIGURATION instructions below. Paul Matthews I.T Trainee | The Cathedral School Ph (07) 47222 194 | Fax (07) 47222 111 PO Box 944 Aitkenvale Q 4814 E: [EMAIL PROTECTED] W: www.cathedral.qld.edu.au Anglican coeducation | Day and Boarding | Early Childhood to Year 12 Educating for life-long success *** IMPORTANT NOTICE REGARDING CONFIDENTIALITY This electronic email message is intended only for the addressee and may contain confidential information. If you are not the addressee, you are notified that any transmission, distribution or photocopying of this email is strictly prohibited. The confidentiality attached to this email is not waived, lost or destroyed by reasons of a mistaken delivery to you. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] openldap on Apache 2.2
hi there, I've just upgraded to Fedora core 5 with apache 2.2 and I'm trying to get apache working with ldap, but with the upgrade the old httpd.conf file doesn't seam to work. I've added the following lines to my httpd.conf file Directory /var/www/html/openldap AuthType Basic AuthName Case Network ID AuthLDAPURL ldap://127.0.0.1/ou=people,dc=fedora,dc=directory,dc=server; AuthLDAPBindDN uid=root,ou=people,dc=fedora,dc=directory,dc=server AuthLDAPBindPassword your-openldap-password # All users in openldap require valid-user /Directory the same lines i added to my apache 2.0 server, but that doesn't seam to work. can someone help me out I've search the net but I'm guessing apache's 2.2 server is fairly new and there doesn't seam to be a lot of information out there about it. i want all valid-users to be able to authenticate - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] openldap on Apache 2.2
On 3/24/06, Paul Matthews [EMAIL PROTECTED] wrote: hi there, I've just upgraded to Fedora core 5 with apache 2.2 and I'm trying to get apache working with ldap, but with the upgrade the old httpd.conf file doesn't seam to work. I've added the following lines to my httpd.conf file Directory /var/www/html/openldap AuthType Basic AuthName Case Network ID AuthLDAPURL ldap://127.0.0.1/ou=people,dc=fedora,dc=directory,dc=server; AuthLDAPBindDN uid=root,ou=people,dc=fedora,dc=directory,dc=server AuthLDAPBindPassword your-openldap-password # All users in openldap require valid-user /Directory the same lines i added to my apache 2.0 server, but that doesn't seam to work. can someone help me out I've search the net but I'm guessing apache's 2.2 server is fairly new and there doesn't seam to be a lot of information out there about it. You'll need at least AuthBasicProvider ldap Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] i still can't authenicate i've just added that into my httpd.conf Directory /var/www/html/openldap AuthBasicProvider ldap AuthType Basic AuthName Case Network ID AuthLDAPURL ldap://127.0.0.1/ou=people,dc=fedora,dc=directory,dc=server; AuthLDAPBindDN uid=root,ou=people,dc=fedora,dc=directory,dc=server AuthLDAPBindPassword password # All users in openldap require valid-user /Directory and this is my /var/log/httpd/error_log file [Sat Mar 25 11:01:13 2006] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads. [Sat Mar 25 11:01:14 2006] [notice] Apache/2.2.0 (Fedora) configured -- resuming normal operations [Sat Mar 25 11:03:58 2006] [notice] caught SIGTERM, shutting down [Sat Mar 25 11:29:59 2006] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Sat Mar 25 11:30:00 2006] [notice] Digest: generating secret for digest authentication ... [Sat Mar 25 11:30:00 2006] [notice] Digest: done [Sat Mar 25 11:30:00 2006] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads. [Sat Mar 25 11:30:03 2006] [notice] Apache/2.2.0 (Fedora) configured -- resuming normal operations [Sat Mar 25 11:30:10 2006] [error] [client 192.168.1.34] Directory index forbidden by Options directive: /var/www/html/, referer: http://192.168.1.35/openldap/ [Sat Mar 25 12:14:46 2006] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Sat Mar 25 12:14:47 2006] [notice] Digest: generating secret for digest authentication ... [Sat Mar 25 12:14:47 2006] [notice] Digest: done [Sat Mar 25 12:14:48 2006] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads. [Sat Mar 25 12:14:49 2006] [notice] Apache/2.2.0 (Fedora) configured -- resuming normal operations [Sat Mar 25 12:17:43 2006] [notice] caught SIGTERM, shutting down [Sat Mar 25 12:17:44 2006] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Sat Mar 25 12:17:46 2006] [notice] Digest: generating secret for digest authentication ... [Sat Mar 25 12:17:46 2006] [notice] Digest: done [Sat Mar 25 12:17:46 2006] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads. [Sat Mar 25 12:17:48 2006] [notice] Apache/2.2.0 (Fedora) configured -- resuming normal operations - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Apache with user access to their own home directories via webdav and openldap authentication
i've figure out what i wanted and posted my finding on my website if anyone's interested at looking http://www.yourhowto.org/content/view/50/9/ Paul Matthews I.T Trainee | The Cathedral School Ph (07) 47222 194 | Fax (07) 47222 111 PO Box 944 Aitkenvale Q 4814 E: [EMAIL PROTECTED] W: www.cathedral.qld.edu.au Anglican coeducation | Day and Boarding | Early Childhood to Year 12 Educating for life-long success *** IMPORTANT NOTICE REGARDING CONFIDENTIALITY This electronic email message is intended only for the addressee and may contain confidential information. If you are not the addressee, you are notified that any transmission, distribution or photocopying of this email is strictly prohibited. The confidentiality attached to this email is not waived, lost or destroyed by reasons of a mistaken delivery to you. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Apache and Active Directory
i'm not sure if this will work with Active Directory but you could try the LDAP auth with apache http://www.yourhowto.org/content/view/47/9/ Paul Matthews I.T Trainee | The Cathedral School Ph (07) 47222 194 | Fax (07) 47222 111 PO Box 944 Aitkenvale Q 4814 E: [EMAIL PROTECTED] W: www.cathedral.qld.edu.au Anglican coeducation | Day and Boarding | Early Childhood to Year 12 Educating for life-long success *** IMPORTANT NOTICE REGARDING CONFIDENTIALITY This electronic email message is intended only for the addressee and may contain confidential information. If you are not the addressee, you are notified that any transmission, distribution or photocopying of this email is strictly prohibited. The confidentiality attached to this email is not waived, lost or destroyed by reasons of a mistaken delivery to you. -Original Message- From: Wagner, Aaron [mailto:[EMAIL PROTECTED] Sent: Friday, 7 April 2006 2:59 AM To: users@httpd.apache.org Subject: RE: [EMAIL PROTECTED] Apache and Active Directory I'm working on an LDAP auth perl module for my apache2 Server thru mod_perl2. Appears that it may do the job. Apache2-AuthNetLDAP-0.01 on CPAN Aaron -Original Message- From: Daniel Silva [mailto:[EMAIL PROTECTED] Sent: Thursday, April 06, 2006 12:22 To: users@httpd.apache.org Subject: [EMAIL PROTECTED] Apache and Active Directory How to configure apache to authenticate in AD? Daniel. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] i'm lost with this ...
hi there, someone has made a post on my website and i'd really like to be able to help them out but i'm just lost with the questions. http://www.yourhowto.org/component/option,com_simpleboard/Itemid,36/func,view/id,30/catid,5/ could someone help them out by either replying to me with the answer and i'll post it or post it themselves on my website ... -- Paul Matthews I.T Trainee | The Cathedral School Ph (07) 47222 194 | Fax (07) 47222 111 PO Box 944 Aitkenvale Q 4814 E: [EMAIL PROTECTED] W: www.cathedral.qld.edu.au Anglican coeducation | Day and Boarding | Early Childhood to Year 12 Educating for life-long success *** IMPORTANT NOTICE REGARDING CONFIDENTIALITY This electronic email message is intended only for the addressee and may contain confidential information. If you are not the addressee, you are notified that any transmission, distribution or photocopying of this email is strictly prohibited. The confidentiality attached to this email is not waived, lost or destroyed by reasons of a mistaken delivery to you. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] redirect debacle
I have an apache server running here: http://wilkinson.stanford.edu/ And there is a redirect somewhere (not on my system) that takes the following url: http://csquared.stanford.edu/ to the same apache server. I would like to take requests that look are for 'http://csquared.stanford.edu/' and send them to http://wilkinson.stanford.edu/csquared/ which is located at /var/www/html/csquared/ on my system. I tried the directive Redirect permanent http://csquared.stanford.edu/ http://wilkinson.stanford.edu/csquared/ but that didn't work. Thanks in advance, Paul Constantine - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] redirect debacle
Perhaps you could give me some hints for doing this with mod_rewrite, if you have previous experience? It looks quite involved. Thanks again, Paul From: Kishore Jalleda [EMAIL PROTECTED] Reply-To: users@httpd.apache.org To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] redirect debacle Date: Wed, 12 Apr 2006 19:05:08 -0400 I guess you need the Rewrite directive for what you are trying to acheive, as far as the syntax for Redirect goes Redirect [status] URL-path URL notice that the second argument is a URL-path which is supposed to be PATH (absolute or relative), and not a URL like you defined. There are two walk arounds for this 1) Go into the config section of http://csquared.stanford.edu/, and do this Redirect permanent/ http://wilkinson.stanford.edu/csquared/ 2) Or use Mod_Rewrite to rewrite the URL Kishore Jalleda http://kjalleda.googlepages.com O n 4/12/06, Paul Constantine [EMAIL PROTECTED] wrote: I have an apache server running here: http://wilkinson.stanford.edu/ And there is a redirect somewhere (not on my system) that takes the following url: http://csquared.stanford.edu/ to the same apache server. I would like to take requests that look are for 'http://csquared.stanford.edu/' and send them to http://wilkinson.stanford.edu/csquared/ which is located at /var/www/html/csquared/ on my system. I tried the directive Redirect permanent http://csquared.stanford.edu/ http://wilkinson.stanford.edu/csquared/ but that didn't work. Thanks in advance, Paul Constantine - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] ntlm mod
hi there, I'm looking into the ntlm mod for apache and I'm just wondering how it works, does it just require auth to view the website or can you set it to pass on credentials to a content management system like mambo? -- Paul Matthews I.T Trainee | The Cathedral School Ph (07) 47222 194 | Fax (07) 47222 111 PO Box 944 Aitkenvale Q 4814 E: [EMAIL PROTECTED] W: www.cathedral.qld.edu.au Anglican coeducation | Day and Boarding | Early Childhood to Year 12 Educating for life-long success *** IMPORTANT NOTICE REGARDING CONFIDENTIALITY This electronic email message is intended only for the addressee and may contain confidential information. If you are not the addressee, you are notified that any transmission, distribution or photocopying of this email is strictly prohibited. The confidentiality attached to this email is not waived, lost or destroyed by reasons of a mistaken delivery to you. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] mod_auth problem
Hi All, I'm trying to secure a page on my site using mod_auth_basic I have the following in httpd.conf: Directory /website/phpmyadmin AuthType Basic AuthBasicProvider file AuthBasicAuthoritative Off AuthName Admin AuthUserFile c:/mptn/etc/htpasswd Require user psmedley AllowOverride None Order allow,deny Allow from all /Directory but when I try and access the directory, I get a user/password dialog but it doesn't accept it, and in error_log I get: [Sun Apr 23 20:32:15 2006] [error] [client 192.168.0.2] access to /phpmyadmin failed, reason: require directives present and no Authoritative handler. Any ideas? -- Cheers, Paul. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] a procedural question
I am analyzing the compliance of Web servers with the HTTP standard. I would like to request some feedback on my results. Which of the many Apache mailing lists would be most appropriate to submit that request? Thank you Paul A. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Re: RPC over HTTP through mod_proxy
Hans Maurer hans at red.roses.de writes: Hi, I'm trying to grant road warrior users access to our company Exchange server through RPC over HTTP. In my setup, an Apache 2.2.2 on a FreeBSD server in the DMZ should act as a proxy between the Internet and the IIS on on the Exchange server. The communication is SSL-encrypted in both directions (SSLEngine and SSLProxyEngine On). Unfortunately, the Outlook client just hangs when trying to access Exchange through the proxy. The Apache error log shows these messages: Hans Thanks for your email. I was beginning to think I had configured something incorrectly (still may have!) in trying to get rpc over http working to an exchange 2003 SP2 server:-) I have been able to get OWA access to work without problems and can connect via rpc over http over the local LAN to the exchange server also. However, I am experiencing exactly the same problem you describe when trying to use apache as the front end proxy. I have tried apache 2.0.54, 2.0.58 and 2.2.2 and they all behave the same way in relation to this problem. I had also noticed the very long content length in some ethereal packet dumps I did on the non-ssl connection between apache and the exchange server (my config is outlook client - (ssl) - apache - (non-ssl) - exchange) but I was not sure what it meant. I will be keen to see if anyone has worked out how to overcome this. For the moment, I will try apache 2.0.53, as you mentioned it does work in this configuration. Regards Paul - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Re: RPC over HTTP through mod_proxy
Pieter Vanmeerbeek pieter.vanmeerbeek at able.be writes: Hi Paul and Hans, I tried to create a setup similar to the one Paul did (with https on the internet and http on the secure lan). I couldn't get this working even on the 2.0.53, ie. owa and active sync works fine RPC does some strange things. If you wait a very long time ( more then5 minutes) it eventually gets a sync.However using a port forwording this works immediatly. Do you guys have the same timing problem or did I do something wrong? Inspecting a tcpdump shows rpc errors, however it is not clear to me what they mean. Pieter Since my email I have now tried apache 2.0.53 and found a similar result to you. It works but takes a long time (5-10 minutes, although this seems to vary a lot) before outlook establishes a connection. On one occasion it connected in about 20 seconds but that only happened once:-( I think the problem stems from how mod_proxy is handling the rpc_in_data and rpc_out_data methods. I decided to try squid 2.6stable1 as an alternative to apache. I already had it compiled for use as a normal proxy so all I needed to do was set it up with a configuration as a https reverse proxy. I had come across some newsgroup postings where they talked about this a little so it only took me about 5 minutes to get it configured and what do you know - it works! It also works for OWA access. I have not tried outlook mobile access or active sync as I don't have the devices to try it out. My testing so far is across our local LAN but I see no reason why this will not work when coming in from the internet. It will just require some additional configuration to handle this case. If you would like more info, I can provide you with a very basic (insecure) squid.conf file that works. Regards Paul - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Re: RPC over HTTP through mod_proxy
Hans Maurer hans at red.roses.de writes: Hi, Actually, my theory is more along the line that the basic design of RPC over HTTP is broken. It's extremely sensitive to any kind of delay or buffering on intermediary servers, and apache does exactly that (RFC compliant, nevertheless). However, I still think it should be able to be done as Squid can do it. Squid and apache are obviously doing the reverse proxying slightly differently. It would be interesting to know why one works and the other doesn't (at least not reliably) and whether there is anything that can be done to get it to work on apache and still maintain compliance with the relevant RFC's. There are already workarounds in apache and squid for certain non-compliant behaviour of various browsers. Perhaps this is another case (although it is a bit more fundamental given we are dealing with a protocol). There may even be a solution using current settings available in apache. I guess it depends on what the actual problem is (I certainly do not have the skill set to diagnose it) and then whether the solution is difficult or worthwhile to implement. Do you use basic or ntlm authentication in the outlook settings? I suppose basic ? I'm using basic authentication. I am also using basic authentication. As far as I know NTLM is not friendly with proxy servers. Best regards, Hans Regards Paul - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Re: RPC over HTTP through mod_proxy
Hans Maurer hans at red.roses.de writes: Actually, I was hoping for something like that when I wrote to the list. :-} I'll probably open a bug ticket for this. Hans Hans Looking at the responses to your bug/enhancement request to the apache list it is clear the developers feel the necessary changes are inappropriate and they are unwilling to do them:-( Oh well, I am having exellent success using squid 2.6 stable 1 for both rpc over http and owa to an exchange server. Regards Paul - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Reverse proxy domain A to domain B
Is it possible to setup a reverse proxy which accepts connections for external facing domain A and then passes them to internal only domain B? Would that work? Paul Cocker TNT Post is the trading name for TNT Post UK Ltd (company number: 04417047), TNT Post (Doordrop Media) Ltd (00613278), TNT Post Scotland Ltd (05695897),TNT Post North Ltd (05701709) and TNT Post South West Ltd (05983401). Emma's Diary and Lifecycle are trading names for Lifecycle Marketing (Mother and Baby) Ltd (02556692). All companies are registered in England and Wales; registered address: 1 Globeside Business Park, Fieldhouse Lane, Marlow, Buckinghamshire, SL7 1HY. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Digest authentication and single sign-on, correct format and browsers supporting
I want to achieve a single sign-on interface for all of the sub domains of a given top level domain. For this I have identified Digest authentication as an appropriate solution thanks to its support for enabling multiple domains to share the same user credentials. I have the AuthDigestDomain directive set to / http://base.url.com:8000/ http://one.base.url.com:8000/ http://two.base.url.com:8000/; in my Apache configuration file. I can see this value being forwarded verbatim to the browser by Apache in the response headers correctly. I point a browser to http://base.url.com:8000/ to sign on, which works. However, when I then connect to any of the other listed URLs, http://one.base.url.com:8000/ and http://two.base.url.com:8000/, I still get a sign-on prompt. I realise that support for this feature of Digest must be implemented by the browser. So far I have tried Firefox 1.5, IE7, Opera 9.26 and Safari 3.0.4 -- all of which refuse to provide the same login credentials on these domains without re-prompting for the user information. The realm is set to the same value for all domains. Here is an extract from my configuration file for the digest authentication: Directory /home/web AuthType Digest AuthName Example AuthDigestDomain / http://base.url.com:8000/ http://one.base.url.com:8000/ http://two.base.url.com:8000/ AuthUserFile my.db Require valid-user /Directory Is this feature not supported by any modern Web browser or have I gotten the format for AuthDigestDomain wrong? Thanks! Paul. -- Paul Morris | Project Development UK Interactive Data Managed Solutions Ltd Registered in England No 3691868 Registered Office: Suite 1101, Eagle Tower | Montpellier Drive | Cheltenham GL50 1TA | United Kingdom Tel: +44 (0)1242 6941 28 | Fax: +44 (0)1242 6941 01 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] http://www.interactivedata-ms.com/ smime.p7s Description: S/MIME Cryptographic Signature
[EMAIL PROTECTED] mod_ldap rejecting apparently valid server certificate for secure ldap against active directory
I have a couple of apache web server installations that have been unable to connect to an Active Directory server after its certificate was renewed. The two installations I attempted to use were versions 2.0.59 and 2.2.8 both installed on Windows (Win2003 Server and WinXPSP2, respectively). Prior to the certificate renewal, the 2.0.59 installation worked without issue. Since I don't control the AD server, I am not certain of the exact procedure used to renew the certificate. I was told that the procedure used was Microsoft's recommended procedure. I also know that both the server certificate and the root certificate had to be renewed. Finally, WebSphere Application Server running on an iSeries machine and a WinXP machine was able to use the new certificate to establish a secure connection. (Hence, the comment that the certificate was apparently valid.) I tried turning on debug logs in Apache but found nothing that indicated the reason the certificate was being rejected. The regular error logs merely said that the LDAP server was down or unavailable depending on which Apache installation. Wireshark logs indicated that the client was killing the connection immediately after the server sent its certificate. I went through that certificate and it appeared to match perfectly with the certificate I saved from the AD server. Later, I attempted to connect using a version 2.2.4 installation on an Ubuntu 7.10 box. The Wireshark logs there indicated that it was the server that was killing the connection. The owners of the AD server finally reissued the root certificate and the original Apache configurations worked without a problem. At this point, we have something working but we would very much like to know what happened and why. Can anyone shed some light on this? Thank you for your time, Paul Scheible - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] mod_ldap rejecting apparently valid server certificate for secure ldap against active directory
I guess I should probably have mentioned that I did use ldp.exe to check the connection without any issues. The Windows Crypto Shell Extensions also reported that the certificate was valid. Thanks, Paul Scheible -Original Message- From: Eric Covener [mailto:[EMAIL PROTECTED] Sent: Friday, March 14, 2008 8:46 AM To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] mod_ldap rejecting apparently valid server certificate for secure ldap against active directory On Thu, Mar 13, 2008 at 12:02 PM, Scheible, Paul [EMAIL PROTECTED] wrote: Finally, WebSphere Application Server running on an iSeries machine and a WinXP machine was able to use the new certificate to establish a secure connection. (Hence, the comment that the certificate was apparently valid.) Ideally, you'd want to test with something that hooks into the same ldap/ssl libs picked up by apache. Perhaps ldp.exe on the affected system. Very peculiar that the different failing version of apache seem to have the tcp connection closed from opposite directions -- for me that's the only real thing that doesn't mesh. Vista+ has a mechanism for doing LDAP tracing, but I don't know if there's a less flexible trace available in earlier versions: http://msdn2.microsoft.com/en-us/library/aa366152.aspx -- Eric Covener [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] mod_include and mod_deflate interaction with virtual ssi includes
I've noticed an issue with using mod_include virtual includes and mod_deflate on 2.2.8. I've paired down a reproducer: Setup - fresh install of Apache 2.2.8 built using --enable-layout=Apache --enable-deflate Using attached httpd.conf (changes Listen, enables compression and includes) mkdir /usr/local/apache2/ssi cat ssi/index.html h1Included/h1 cat htdocs/test.shtml START !--#include virtual=/ssi/-- END curl -o ~/test -vv -H 'Accept-Encoding: gzip' http://localhost:8081/test.shtml * About to connect() to localhost port 8081 (#0) * Trying ::1... connected * Connected to localhost (::1) port 8081 (#0) GET /test.shtml HTTP/1.1 User-Agent: curl/7.16.3 (powerpc-apple-darwin9.0) libcurl/7.16.3 OpenSSL/0.9.7l zlib/1.2.3 Host: localhost:8081 Accept: */* Accept-Encoding: gzip HTTP/1.1 200 OK Date: Tue, 25 Mar 2008 13:49:27 GMT Server: Apache/2.2.8 (Unix) Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Transfer-Encoding: chunked Content-Type: text/html file ~/test /Users/pnasrat/test: data hexdump -C ~/test 3c 68 31 3e 49 6e 63 6c 75 64 65 64 3c 2f 68 31 |h1Included/h1| 0010 3e 0a 1f 8b 08 00 00 00 00 00 00 03 0b 0e 71 0c |.q.| 0020 0a e1 e2 72 f5 73 e1 02 00 bd 52 71 7a 0b 00 00 |.??r?s?..?Rqz...| 0030 00|.| 0031 $ dd if=~/test of=~/foo.gz bs=1 skip=18 31+0 records in 31+0 records out 31 bytes transferred in 0.000457 secs (67862 bytes/sec) $ file ~/foo.gz /Users/pnasrat/foo.gz: gzip compressed data, from Unix $ gzcat ~/foo.gz START END Also replicated on 2.2.x branch, I was hoping the fix for PR 7, changeset on branch 637902 might be related but no joy. Server version: Apache/2.2.9-dev (Unix) Server built: Mar 25 2008 14:26:34 Server's Module Magic Number: 20051115:12 Server loaded: APR 1.2.7, APR-Util 1.2.7 Compiled using: APR 1.2.7, APR-Util 1.2.7 Architecture: 32-bit Server MPM: Prefork threaded: no forked: yes (variable process count) Server compiled with -D APACHE_MPM_DIR=server/mpm/prefork -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_FLOCK_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=128 -D HTTPD_ROOT=/usr/local/apache2 -D SUEXEC_BIN=/usr/local/apache2/bin/suexec -D DEFAULT_PIDLOG=logs/httpd.pid -D DEFAULT_SCOREBOARD=logs/apache_runtime_status -D DEFAULT_LOCKFILE=logs/accept.lock -D DEFAULT_ERRORLOG=logs/error_log -D AP_TYPES_CONFIG_FILE=conf/mime.types -D SERVER_CONFIG_FILE=conf/httpd.conf cat logs/error_log [Tue Mar 25 13:44:00 2008] [notice] Apache/2.2.8 (Unix) configured -- resuming normal operations [Tue Mar 25 14:26:53 2008] [notice] caught SIGTERM, shutting down [Tue Mar 25 14:28:10 2008] [notice] Apache/2.2.9-dev (Unix) configured -- resuming normal operations Paul httpd.conf Description: Binary data - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] mod_include and mod_deflate interaction with virtual ssi includes
On 25/03/2008, Nick Kew [EMAIL PROTECTED] wrote: On Tue, 25 Mar 2008 14:36:35 + Paul Nasrat [EMAIL PROTECTED] wrote: I've noticed an issue with using mod_include virtual includes and mod_deflate on 2.2.8. Ouch! That rings a bell, and indeed there's a very old bug report still open: https://issues.apache.org/bugzilla/show_bug.cgi?id=17629 Yeah, I had seen that bug I wasn't sure that it was the same with the smart filter implementation. Is there anything I can do to help with debugging and fixing this issue? Paul - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Apache2.2.8 wont run after installation
Have spent may hours installing and re-installing Apache2.2.8 and PHP5.2.5, i cannot get apache to start. When i select the start [or restart]on the control apache service it returns The requested operation has failed. When i run the test configuration it returns: Cannot load C:/PHP/php5apache.dll into server. The specified module could not be found I have had the server running briefly several days, but when i logged on the next day i have had this issue ever since I have the php.ini in my C:\Windows folder In my httpd.conf i have the following: AddType application/x-httpd-php .php LoadModule php5_module c:\PHP\php5apache2.dll SetEnv PHPRC C:\Windows Messages in my error log contain: httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.0.4 for ServerName [Sat Apr 05 12:06:10 2008] [warn] pid file C:/Program Files/Apache Software Foundation/Apache2.2/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run? [Sat Apr 05 12:06:10 2008] [notice] Apache/2.2.8 (Win32) configured -- resuming normal operations [Sat Apr 05 12:06:10 2008] [notice] Server built: Jan 18 2008 00:37:19 [Sat Apr 05 12:06:10 2008] [notice] Parent: Created child process 5164 [Sat Apr 05 12:06:10 2008] [notice] Disabled use of AcceptEx() WinSock2 API httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.0.4 for ServerName httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.0.4 for ServerName Ive trawled the internet but havent found a specific link to explain this and how to go about fixing it...would really appreciate some help Im new to Apache/PHP/MySQL -- Rgds Paul Heath
