Need help !
Hi all, I have problems with ssl on my apache server (rh 6.1) The certicicate has been created with make certificate On launch with apachectl startssl i enter the passphrase and everything seems to be correct, the server starts-up giving as output : Server my.server.name:443 (RSA)Enter pass phrase: Ok: Pass Phrase Dialog successful../apachectl startssl: httpd started But when i try to connect to it using https:// i receive no answer. I also tried to scan the ports and it seems that port 443 is not open. This is the ssl related section of my httpd.conf file: Listen 80Listen 443 AddType application/x-x509-ca-cert .crtAddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtinSSLSessionCache dbm:/usr/local/apache/logs/ssl_scacheSSLSessionCacheTimeout 300SSLMutex file:/usr/local/apache/logs/ssl_mutexSSLRandomSeed startup builtinSSLRandomSeed connect builtin SSLLog /usr/local/apache/logs/ssl_engine_logSSLLogLevel info DocumentRoot /www/htdocs/ ErrorLog /usr/local/apache/logs/error_logTransferLog /usr/local/apache/logs/access_log SSLEngine onSSLVerifyClient requireSSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crtSSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.keySSLLogFile /usr/local/apache/logs/ssl_misc_log SSLOptions +StdEnvVars SSLOptions +StdEnvVars SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown This is the log in ssl_engine_log : [11/Apr/2000 08:11:30 01141] [info] Server: Apache/1.3.12, Interface: mod_ssl/2.6.2, Library: OpenSSL/0.9.5a[11/Apr/2000 08:11:30 01141] [info] Init: 1st startup round (still not detached)[11/Apr/2000 08:11:30 01141] [info] Init: Initializing OpenSSL library[11/Apr/2000 08:11:33 01141] [info] Init: Wiped out the queried pass phrases from memory[11/Apr/2000 08:11:33 01141] [info] Init: Seeding PRNG with 136 bytes of entropy[11/Apr/2000 08:11:33 01141] [info] Init: Generating temporary RSA private keys (512/1024 bits)[11/Apr/2000 08:11:34 01141] [info] Init: Configuring temporary DH parameters (512/1024 bits) When i manually test ssl with the command : # ./openssl s_client -connect localhost:443 -state -debug i receive the answer :connect: Connection refusedconnect:errno=111 Anyone could give me some help? Thanks in advance Vagel Argyrakis [EMAIL PROTECTED]
Need help !
Hi, Thanks for the ideas. I tried both using the ip address instead of localhost and i commented out the setting : SSLVerifyClient require, but it still doesn't work. Anything else that i could do? Thank you Vagel Try (instead of localhost:443) using 192.168.0.225:443, in your openssl s_client commandline. --- Mat Butler, Winged Wolf <[EMAIL PROTECTED]> SPASTIC Web Engineer SPASTIC Server Administrator Begin FurryCode v1.3 FCWw5amrsw A- C+ D H+++ M+[servercoder] P+ R++ T+++ W Z++ Sm++ RLCT/M*/LW* a cl/u/v>+ !d e- f> h++ iwf+++ j p->+ sm++ End FurryCode v1.3 On Fri, 14 Apr 2000, Vagel Argyrakis wrote: > Hi all, > > I have problems with ssl on my apache server (rh 6.1) > The certicicate has been created with make certificate > On launch with apachectl startssl i enter the passphrase and everything seems to be correct, the server starts-up giving as output : > > Server my.server.name:443 (RSA) > Enter pass phrase: > > Ok: Pass Phrase Dialog successful. > ./apachectl startssl: httpd started > > But when i try to connect to it using https:// i receive no answer. I also tried to scan the ports and it seems that port 443 is not open. > This is the ssl related section of my httpd.conf file: > > > Listen 80 > Listen 443 > AddType application/x-x509-ca-cert .crt > AddType application/x-pkcs7-crl .crl > > > SSLPassPhraseDialog builtin > SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache > SSLSessionCacheTimeout 300 > SSLMutex file:/usr/local/apache/logs/ssl_mutex > SSLRandomSeed startup builtin > SSLRandomSeed connect builtin > > SSLLog /usr/local/apache/logs/ssl_engine_log > SSLLogLevel info > > > > DocumentRoot /www/htdocs/ > ErrorLog /usr/local/apache/logs/error_log > TransferLog /usr/local/apache/logs/access_log > SSLEngine on > SSLVerifyClient require > SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt > SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key > SSLLogFile /usr/local/apache/logs/ssl_misc_log > > > SSLOptions +StdEnvVars > > > SSLOptions +StdEnvVars > > > SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown > > > > > > This is the log in ssl_engine_log : > > [11/Apr/2000 08:11:30 01141] [info] Server: Apache/1.3.12, Interface: mod_ssl/2.6.2, Library: OpenSSL/0.9.5a > [11/Apr/2000 08:11:30 01141] [info] Init: 1st startup round (still not detached) > [11/Apr/2000 08:11:30 01141] [info] Init: Initializing OpenSSL library > [11/Apr/2000 08:11:33 01141] [info] Init: Wiped out the queried pass phrases from memory > [11/Apr/2000 08:11:33 01141] [info] Init: Seeding PRNG with 136 bytes of entropy > [11/Apr/2000 08:11:33 01141] [info] Init: Generating temporary RSA private keys (512/1024 bits) > [11/Apr/2000 08:11:34 01141] [info] Init: Configuring temporary DH parameters (512/1024 bits) > > > When i manually test ssl with the command : # ./openssl s_client -connect localhost:443 -state -debug > i receive the answer : > connect: Connection refused > connect:errno=111 > > Anyone could give me some help? > > Thanks in advance > > Vagel Argyrakis > > [EMAIL PROTECTED] > __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
need help !!
hi all, apche fails to compile with mod -ssl on win nt ..says cant find ap_aquire_pool ap_make_shared_pool in apachecore.def thnks in advcne anish -- Choose the Internet payment standard! http://www.jalda.com http://www.ehpt.com ANISH.M Systems Engineerphone +91 116510101 internet payment systems mobile +91 9810304174 EHPT India Pvt Ltde:mail [EMAIL PROTECTED] [EMAIL PROTECTED]
Need help
I am trying to install a 3rd party user authentication product on one of our RH Linux/Apache intranet servers. Originally I was told that their product was only tested, approved and supported on Red Hat Linux 6.2 running an SSL enabled Apache 1.3.12. On Wednesday, with help from their tech support, I was able to finally get their product up and running on our test box, but I was informed that the "tested, approved and supported" version of mod_ssl was 2.8.1, not the 2.6.6 I had used. I see that there is a mod_ssl --force configuration option for installing to a version of Apache other than the one it was designed for. Today when ran the mod_ssl 2.8.1 configuration script with the --force option I was prompted for "File to patch:". Not knowing what to enter I hit ctrl-c to abort. I received 3 or 4 of these "File to patch:" prompts, hitting ctrl-c each time, before the configuration script aborted. I am unable to find additional information, in the documentation or on the mod_ssl web site, about the --force option or the file names I need to enter when prompted "File to patch". Here's the command line I used: ./configure --with-apache=../apache_1.3.12 --with-ssl=../openssl-0.9.6b --with-rsa=../rsaref-2.0/local --prefix=/usr/local/apache --enable-shared=ssl --force Any help would be greatly appreciated. Bill Irwin [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
NEED HELP!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Hi, Am Sorry for this message because it may get to you as supprise but it's because of the situation of things right now. I want use this opportunity to explain my problem. I was here in London on Vacation but yesterday thing change because i was mugged at hotel am staying. The worse of it is that bags, cash and cards and my cell phone was stolen at during the incident and it's such a crazy experience for me. Now, am stranded here without any money with me and i need flying back home. Although am so happy that am physically ok and my passport still save with me. I have been to police to make report about the inccident but the best help they could render to me is that they lead me to the embassy. Now, embassy have arrange a flight for me which was schedule on 25th of February 2010 but i dont want to wait long anymore before i can get back home. I have been able to raise some money through my friends and family but am short of $950 USD to complete the money for my flight ticket. Please, i need you to loan me with sum amount $950 USD and i promise you i will pay you back any amount you can afford to loan as soon as i get back home. You can check Western Union Website to locate the nearest outlet around you or wire the money online on their website (www.westernunion.com) I need you to wire the money to me via Western Union Money Transfer with my name: Receiver Name : Chris DiLorenzo My location : Dunstable Beds, LU5 5SD, United Kingdom. As soon as you wire the money you will need provide me the below information MTCN: ??? Amount Send: ??? Sender's Name: ??? So that i can visit any nearest Western Union Outlet to pick up the money with my passport here in United Kingdom. Please do not see this message as virus or spam and i will be very happy if you can help me out. Thank you Chris DiLorenzo
Re: Need help !
Try (instead of localhost:443) using 192.168.0.225:443, in your openssl s_client commandline. --- Mat Butler, Winged Wolf <[EMAIL PROTECTED]> SPASTIC Web Engineer SPASTIC Server Administrator Begin FurryCode v1.3 FCWw5amrsw A- C+ D H+++ M+[servercoder] P+ R++ T+++ W Z++ Sm++ RLCT/M*/LW* a cl/u/v>+ !d e- f> h++ iwf+++ j p->+ sm++ End FurryCode v1.3 On Fri, 14 Apr 2000, Vagel Argyrakis wrote: > Hi all, > > I have problems with ssl on my apache server (rh 6.1) > The certicicate has been created with make certificate > On launch with apachectl startssl i enter the passphrase and everything seems to be >correct, the server starts-up giving as output : > > Server my.server.name:443 (RSA) > Enter pass phrase: > > Ok: Pass Phrase Dialog successful. > ./apachectl startssl: httpd started > > But when i try to connect to it using https:// i receive no answer. I also tried to >scan the ports and it seems that port 443 is not open. > This is the ssl related section of my httpd.conf file: > > > Listen 80 > Listen 443 > AddType application/x-x509-ca-cert .crt > AddType application/x-pkcs7-crl.crl > > > SSLPassPhraseDialog builtin > SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache > SSLSessionCacheTimeout 300 > SSLMutex file:/usr/local/apache/logs/ssl_mutex > SSLRandomSeed startup builtin > SSLRandomSeed connect builtin > > SSLLog /usr/local/apache/logs/ssl_engine_log > SSLLogLevel info > > > > DocumentRoot /www/htdocs/ > ErrorLog /usr/local/apache/logs/error_log > TransferLog /usr/local/apache/logs/access_log > SSLEngine on > SSLVerifyClient require > SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt > SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key > SSLLogFile /usr/local/apache/logs/ssl_misc_log > > > SSLOptions +StdEnvVars > > > SSLOptions +StdEnvVars > > > SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown > > > > > > This is the log in ssl_engine_log : > > [11/Apr/2000 08:11:30 01141] [info] Server: Apache/1.3.12, Interface: >mod_ssl/2.6.2, Library: OpenSSL/0.9.5a > [11/Apr/2000 08:11:30 01141] [info] Init: 1st startup round (still not detached) > [11/Apr/2000 08:11:30 01141] [info] Init: Initializing OpenSSL library > [11/Apr/2000 08:11:33 01141] [info] Init: Wiped out the queried pass phrases from >memory > [11/Apr/2000 08:11:33 01141] [info] Init: Seeding PRNG with 136 bytes of entropy > [11/Apr/2000 08:11:33 01141] [info] Init: Generating temporary RSA private keys >(512/1024 bits) > [11/Apr/2000 08:11:34 01141] [info] Init: Configuring temporary DH parameters >(512/1024 bits) > > > When i manually test ssl with the command : # ./openssl s_client -connect >localhost:443 -state -debug > i receive the answer : > connect: Connection refused > connect:errno=111 > > Anyone could give me some help? > > Thanks in advance > > Vagel Argyrakis > > [EMAIL PROTECTED] > __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Need help !
On Fri, Apr 14, 2000 at 08:16:18AM +0200, Vagel Argyrakis wrote: [SNIP] > SSLVerifyClient require By having this setting, you require that the client should present a valid certificate signed by a CA given in either SSLCACertificateFile or SSLCACertificatePath - but you don't seem to have either of those two set. You should probably start out by commenting out SSLVerifyClient. vh Mads Toftum __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Need help !
--Original Message Text--- From: Vagel Argyrakis Date: Fri, 14 Apr 2000 08:16:18 +0200 >Hi all, >I have problems with ssl on my apache server (rh 6.1) >The certicicate has been created with make certificate >On launch with apachectl startssl i enter the passphrase and everything seems to be >correct, the server starts-up >giving as output : > >Server my.server.name:443 (RSA) >Enter pass phrase: > >Ok: Pass Phrase Dialog successful. >./apachectl startssl: httpd started > >But when i try to connect to it using https:// i receive no answer. I also tried to >scan the ports and it seems that >port 443 is not open. >This is the ssl related section of my httpd.conf file: I had same problem in Win NT, but, when I removed the password from the key certificate because I didn' t want to digit the password when Apache starts everything went the right way. Hope it helps. Regards. --- "On a day not different than the one now dawning, Leonardo drew the first strokes of the Mona Lisa, Shakespeare wrote the first words of Hamlet, and Beethoven began work on his Ninth Symphony." And Windows98 Crashed! --- Francesco D'Inzeo WinTech S.r.l. Via Lisbona 7 35127 PADOVA (Italy) Tel. (+39)-(0)49-8703033 Fax. (+39)-(0)49-8703045 e-mail [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Need help !
On Wed, Apr 19, 2000 at 10:24:48AM +0200, Vagel Argyrakis wrote: > Hi, > > Thanks for the ideas. I tried both using the ip address instead of localhost and i >commented out the setting : SSLVerifyClient require, but it still doesn't work. > > Anything else that i could do? > I'm sure that you have to do it without SSLVerifyClient - other things that could be wrong is a bit harder to guess ;-) There is one thing you could try - checking to see wether the server is listening on the SSL port at all, because the error you get from s_client looks exactly like what I get when my server isn't started yet. So my guess is that you don't get any connect because there is no server to answer s_client. You could try some of the steps that I've mentioned in http://marc.theaimsgroup.com/?l=apache-modssl&m=95631272704634&w=2. You could also set SSLLogLevel to debug to get extra info. vh Mads Toftum -- `Darn it, who spiked my coffee with water?!' - lwall __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
ODP: Need help !
Thanks for the ideas. I tried both using the ip address instead of localhost and i commented out the setting : SSLVerifyClient require, but it still doesn't work. Anything else that i could do? You can check also: netstat -vat - to see if httpd is listening on https port (443) and /or ipchains -L -v - to see if your port is open __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Need help
On Fri, 14 Sep 2001 [EMAIL PROTECTED] wrote: > Today when ran the mod_ssl 2.8.1 configuration script with the --force > option I was prompted for "File to patch:". Not knowing what to enter > I hit ctrl-c to abort. I received 3 or 4 of these "File to patch:" > prompts, hitting ctrl-c each time, before the configuration script > aborted. I am unable to find additional information, in the > documentation or on the mod_ssl web site, about the --force option or > the file names I need to enter when prompted "File to patch". Here's > the command line I used: This won't work well in general, particularly for widely varying versions of Apache. If you're going to get it to work at all, you'll probably have to apply the EAPI patches by hand (where "by hand" I mean actually open up the patch, see what change it's trying to make, find the equivalent code if it exists in the other version of Apache, and make the equivalent change). While this will sort of work, it's obviously a less-than-optimal solution. The company you're dealing with must support a mod_ssl version and an Apache version that match up. If they tell you to use a certain mod_ssl version, as I see it you have to assume that they want you to use the Apache version that that mod_ssl is designed to work with. Forcing people to patch Apache by hand is not conducive to a stable, supportable server, and I just can't believe that that's really what they want you to do. --Cliff -- Cliff Woolley [EMAIL PROTECTED] Charlottesville, VA __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
need help! please..
Hi all, I try to create and use my own CA. I followed the steps in the F.A.Q. in modssl.org webpage and at the end I ran sign.sh script from mod_ssl-2.2.8 distribution. It gave me this message: error 7 at 0 depth lookup:certificate signature failure is that normal? but it also told me that the database has been updated,CA verifying: server.crt <-> CA cert. Please help! TIA pe' -- UNIX System Admin. Distributed Computing Services Lake Superior State University 650 W. Easterday Ave. Sault Ste. Marie. MI 49783 USA. -- __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
I need help please!
Hi, im using an apache server with mod_ssl. (the last one, newest one version...) I get the error 724:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:D:\MyProjects\Applications\opensa\openssl\ssl\s23_clnt.c:460: When i'm trying to connect. I can only read this with the openssl s_client mode, because the broser just search forever when i type the secured domain name. Notice that the number of the error is sometimes 724, sometimes 982, sometimes 972,... I red about my config was pointing to a wrong port and i may had "Listen 80" instead of "Port 80". That is all i found about this error, and it was already done in my config. Thanks a lot, Regards, MARTIN Pierre PS: Sorry for my bad english... http://hickscorp.dyndns.orghttp://3dMeeting.dyndns.orghttp://Iloa.dyndns.orghttp://StatsAGogo.dyndns.orghttp://www.Lv4-26.com MSN: [EMAIL PROTECTED]ICQ: 73133239
Need help with configure.bat
I am running apache under win2k... when i run the configure.bat file it gives me an error saying "No Perl script found in input". That is with the command line syntax of: configure --with-ssl=c:/openssl --with-apache=--with-apache=C:/Program Files/Apache Group/Apache any help someone could provide would be much apreciated, thanks - Nate
Need Help with Virtual Hosts
Hi! I need some help with using Virtual Hosts on Apache. I realize that this isn't really something about SSL, but I use SSL and have been a regular reader of this newsgroup, so I thought I would post this message. I'm currently using Apache 1.3.9 with mod_ssl 2.4.6. Not having any problems there, but I'm trying to setup Apache for Name Virual Hosts. I've read and reread the Apache Documentation on Virtual Hosts, and have been unable to get a configuration that will work for me. I have one IP address, but want to link different domain names to the same IP, but use a different set of logs, and host different websites. I can get IP based virtual hosting to work, but I can't for the life of me get Non-IP based Name Virtual Hosting to work. Please Help! Pete Navarra Infinium Web Services __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: I need help please!
> MARTIN Pierre wrote: > > Hi, im using an apache server with mod_ssl. (the last one, newest one > version...) > I get the error > > 724:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown > protocol:D:\MyPro > jects\Applications\opensa\openssl\ssl\s23_clnt.c:460: > > When i'm trying to connect. I can only read this with the openssl > s_client mode, because the broser just search forever when i type the > secured domain name. > > Notice that the number of the error is sometimes 724, sometimes 982, > sometimes 972,... > > I red about my config was pointing to a wrong port and i may had > "Listen 80" instead of "Port 80". That is all i found about this > error, and it was already done in my config. You're trying to connect to an SSL-aware server with plain HTTP. Do you want an SSL server? If so, you must set up a VH on port 443 then access it using "https://servername/"; <-- NB "https", *not* "http". rgds, Owen Boyle. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
I need help with this....
I have recently installed Apache 1.3.9, and mod_ssl 2.4.5 along with FrontPage extensions, PHP, and mod Perl. Everything installed perfectly, and I am having no problems except for one thing. When you try to connect to my site using HTTPS, you get my certificate presented like it should, however, once you accept the certificate, I get one of two errors saying there is either no data to send (in Netscape), or that the DNS Server could not be reached. ( in Explorer). It doesn't display my website, and pops up with nothing. Any suggestions? Any help would be greatly appreciated! Thanks, Pete https://www.infiniumweb.com
Re: Need Help with Virtual Hosts
Pete, How about some clues on what your setup is ? Have you set up your DNS entries correctly ? # # If you want to use name-based virtual hosts you need to define at # least one IP address (and port number) for them. # NAMEVIRTUALHOST 216.117.143.120:80 The VirtualHost directive should look something like this: ServerName www.pollies.market-research.com ServerAlias pollies.market-research.com www.pollies.market-research.com ServerAdmin [EMAIL PROTECTED] ScriptAlias /cgi-pol/ /www/cgi-pol/ DocumentRoot /usr/local/etc/httpd/htdocs/kevin ErrorLog logs/pollies-error_log TransferLog logs/pollies-access_log Should be as easy as that Cheers Mike At 02:50 PM 22/05/2000 -0500, you wrote: >Hi! I need some help with using Virtual Hosts on Apache. I realize that >this isn't really something about SSL, but I use SSL and have been a regular >reader of this newsgroup, so I thought I would post this message. > >I'm currently using Apache 1.3.9 with mod_ssl 2.4.6. Not having any >problems there, but I'm trying to setup Apache for Name Virual Hosts. I've >read and reread the Apache Documentation on Virtual Hosts, and have been >unable to get a configuration that will work for me. I have one IP >address, but want to link different domain names to the same IP, but use a >different set of logs, and host different websites. I can get IP based >virtual hosting to work, but I can't for the life of me get Non-IP based >Name Virtual Hosting to work. > >Please Help! > > >Pete Navarra >Infinium Web Services > >__ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Need Help with Virtual Hosts
> Hi! I need some help with using Virtual Hosts on Apache. I realize that > this isn't really something about SSL, but I use SSL and have been a regular > reader of this newsgroup, so I thought I would post this message. > > I'm currently using Apache 1.3.9 with mod_ssl 2.4.6. Not having any > problems there, but I'm trying to setup Apache for Name Virual Hosts. I've > read and reread the Apache Documentation on Virtual Hosts, and have been > unable to get a configuration that will work for me. I have one IP > address, but want to link different domain names to the same IP, but use a > different set of logs, and host different websites. I can get IP based > virtual hosting to work, but I can't for the life of me get Non-IP based > Name Virtual Hosting to work. I probably don't know any more than you, judging by your description and what I've done in the past, but I recall some mention about SSL and name-based virtual hosting. I *think* there might be a problem in as far as the SSL protocol actually prevents the support of name-based virtual hosting. I haven't thought this through, so with some consideration my comments may turn out to be obviously true, or obviously wrong! I know that's not a lot of an answer, but it might just help a little! Best regards, James. begin:vcard n:Lyon;James tel;pager:24-hour contact via Work number tel;cell:+44 (7973) 824857 tel;fax:+44 (24) 7670 2501 tel;home:Please use Cellular number. tel;work:+44 (24) 7670 2500 x-mozilla-html:TRUE url:http://www.aztec.co.uk/ org:Business IT Research Ltd t/a Aztec Business Solutions version:2.1 email;internet:[EMAIL PROTECTED] title:Managing Director adr;quoted-printable:;;Enterprise House=0D=0ACourtaulds Way;Coventry;;CV6 5NX;UK fn:James Lyon end:vcard
Re: Need Help with Virtual Hosts
Addressed to: [EMAIL PROTECTED] "Pete Navarra" <[EMAIL PROTECTED]> ** Reply to note from "Pete Navarra" <[EMAIL PROTECTED]> Mon, 22 May 2000 14:50:53 -0500 > > Hi! I need some help with using Virtual Hosts on Apache. I realize > that this isn't really something about SSL, but I use SSL and have > been a regular reader of this newsgroup, so I thought I would post > this message. > > I'm currently using Apache 1.3.9 with mod_ssl 2.4.6. Not having any > problems there, but I'm trying to setup Apache for Name Virual Hosts. > I've read and reread the Apache Documentation on Virtual Hosts, and > have been unable to get a configuration that will work for me. I have > one IP address, but want to link different domain names to the same > IP, but use a different set of logs, and host different websites. I > can get IP based virtual hosting to work, but I can't for the life of > me get Non-IP based Name Virtual Hosting to work. > Sorry about the second post, I just reread your message and noticed your desire to use separate log files. Be aware that will severely reduce the number of VirtualHosts you can have. There is a per-process limit on the number of open files, and if I remember right I ran out of file handles around 30 VirtualHosts when I allowed each to have its own access and error logs. I am now over 60 VirtualHosts with no problems after eliminating private log files. Rick Widmer http://www.developersdesk.com P.S. If these replies are not helpful, maybe you should be more specific about what you want to do, and how it fails. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Need Help with Virtual Hosts
Addressed to: [EMAIL PROTECTED] "Pete Navarra" <[EMAIL PROTECTED]> ** Reply to note from "Pete Navarra" <[EMAIL PROTECTED]> Mon, 22 May 2000 14:50:53 -0500 > > Hi! I need some help with using Virtual Hosts on Apache. I realize > that this isn't really something about SSL, but I use SSL and have > been a regular reader of this newsgroup, so I thought I would post > this message. > > I'm currently using Apache 1.3.9 with mod_ssl 2.4.6. Not having any > problems there, but I'm trying to setup Apache for Name Virual Hosts. > I've read and reread the Apache Documentation on Virtual Hosts, and > have been unable to get a configuration that will work for me. I have > one IP address, but want to link different domain names to the same > IP, but use a different set of logs, and host different websites. I > can get IP based virtual hosting to work, but I can't for the life of > me get Non-IP based Name Virtual Hosting to work. There are examples here. http://www.apache.org/docs/vhosts/examples.html Be aware, you only get _ONE_ SSL enabled VirualHost per NameVirtualHost block. (or per IP address) Sorry, that is just the way SSL works. There is an explination in the FAQ on why, and we just finished a long thread on that and the use of NameVirtualHost. I won't repeat it here, but you can look in the archive for a recent (the last 3 days or so) thread on: VeriSign keys. Bottom line, one IP address - one SSL Virtual Host. You can have all the non-SSL virtual hosts you want, but there is no way around needing an IP address for each SSL host. (Using different ports may be a possiblity, but I have not yet done it, and don't know anyone who has.) If you get it to work, let us know. Also let us know how customers respond to it. It will require a somewhat unusual URL. Rick Widmer http://www.developersdesk.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Need Help with Virtual Hosts
Rick Widmer ([EMAIL PROTECTED]) writes: >Sorry about the second post, I just reread your message and noticed >your desire to use separate log files. Be aware that will severely >reduce the number of VirtualHosts you can have. There is a per-process >limit on the number of open files, and if I remember right I ran out of >file handles around 30 VirtualHosts when I allowed each to have its own >access and error logs. I am now over 60 VirtualHosts with no problems >after eliminating private log files. The per process file opening limit was a configurable parameter of your OS. It was either a user resource limit (ulimit) or a tunable kernel config found in param.c or param.h (NFILES??) or UNIX has invented yet another way to put reins on processes. So, you just might be able to make one log per process, if you change the ulimit's for the user the web server is running as OR you tune your kernel and rebuild. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Need Help with Virtual Hosts
Wouldn't it be simpler to set up a little cron job to break up your log file by virtual host every day? At 09:03 AM 5/23/00 -0400, [EMAIL PROTECTED] wrote: >The per process file opening limit was a configurable parameter of your OS. >It was either a user resource limit (ulimit) or a tunable kernel config found >in >param.c or param.h (NFILES??) or UNIX has invented yet another way to put >reins on processes. > >So, you just might be able to make one log per process, if you change the >ulimit's for the user the web server is running as OR you tune your kernel >and rebuild. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Need Help with Virtual Hosts
I'll send him a copy of my config file. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Need Help with Virtual Hosts
That doesn't sound simple to me! You'd either have to do it as either a multi-pass for each virtual host, or parse the log file once to give several output files. You'd also have to write the name of the virtual host into every log file entry, which I don't believe is done by default. Seems like using a sledgehammer to crack a nut. No doubt though some sed or awk guru can figure the code to do this in their head! I'd rather find a way to continue to write multiple log files, via ulimit etc... John -Original Message- From: James Treworgy [mailto:[EMAIL PROTECTED]] Sent: 23 May 2000 18:05 To: [EMAIL PROTECTED] Subject: Re: Need Help with Virtual Hosts Wouldn't it be simpler to set up a little cron job to break up your log file by virtual host every day? At 09:03 AM 5/23/00 -0400, [EMAIL PROTECTED] wrote: >The per process file opening limit was a configurable parameter of your OS. >It was either a user resource limit (ulimit) or a tunable kernel config found >in >param.c or param.h (NFILES??) or UNIX has invented yet another way to put >reins on processes. > >So, you just might be able to make one log per process, if you change the >ulimit's for the user the web server is running as OR you tune your kernel >and rebuild. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Need Help with Virtual Hosts
James Treworgy [[EMAIL PROTECTED]] said: >> Wouldn't it be simpler to set up a little cron job to break up your log file by virtual host every day? << My tuppence worth: I have separate access/error log files for each of the 40 or so (and rising) virtual hosts on my system, running OpenBSD 2.6. They are also rotated by syslogd with no problem. I don't recall what/where the file-open limit is off-hand, but it's not been an issue here - yet :). Steve -- Steve Fairhead - SFD - Solutions by Design www: http://www.sfdesign.co.uk -- __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Need Help with Virtual Hosts
Ought to be a piece of cake with perl, and to set to a log format that includes the virtual host is easy enough with a single configuration directive. You could even do it with a single grep for each virtual server if you wanted. Also, from my reading of the file limit problem on apache's docs, it's not always a simple problem to increase the limit depending on what OS you're running. If the server hosts other services as well, the resource would be taxed further. Hmm, I might need to write such a script... I host a bunch of virtual sites that are currently all being dumped into one log file. Now the time is coming that I need to analyze the sites... Jamie At 09:36 AM 5/24/00 +0100, Airey, John wrote: >That doesn't sound simple to me! You'd either have to do it as either a >multi-pass for each virtual host, or parse the log file once to give several >output files. You'd also have to write the name of the virtual host into >every log file entry, which I don't believe is done by default. Seems like >using a sledgehammer to crack a nut. > >No doubt though some sed or awk guru can figure the code to do this in their >head! > >I'd rather find a way to continue to write multiple log files, via ulimit >etc... > >John __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: I need help with this....
I had the same problem with a similar configuration... What's in your error logs? Brett [EMAIL PROTECTED] - Original Message - From: Pete Navarra To: [EMAIL PROTECTED] Sent: Sunday, October 24, 1999 6:12 AM Subject: I need help with this I have recently installed Apache 1.3.9, and mod_ssl 2.4.5 along with FrontPage extensions, PHP, and mod Perl. Everything installed perfectly, and I am having no problems except for one thing. When you try to connect to my site using HTTPS, you get my certificate presented like it should, however, once you accept the certificate, I get one of two errors saying there is either no data to send (in Netscape), or that the DNS Server could not be reached. ( in Explorer). It doesn't display my website, and pops up with nothing. Any suggestions? Any help would be greatly appreciated! Thanks, Pete https://www.infiniumweb.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: I need help with this....
> I have recently installed Apache 1.3.9, and mod_ssl 2.4.5 along with > FrontPage extensions, PHP, and mod Perl. Everything installed > perfectly, and I am having no problems except for one thing. When you > try to connect to my site using HTTPS, you get my certificate > presented like it should, however, once you accept the certificate, I > get one of two errors saying there is either no data to send (in > Netscape), or that the DNS Server could not be reached. ( in > Explorer). It doesn't display my website, and pops up with nothing. > Any suggestions? Howdy, You might try compiling your server without PHP, mod_perl, or FrontPage. If you still get the error then it is with apache/mod_ssl. If not, add each one of the modules in until you are able to repeat the error. Either way it should help narrow it down to which module is causing you the problems. As it is now its a little hard to track down. Hope that helps, Joshua __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: I need help with this....
I had the same problem with a similar configuration... What's in your error logs? Brett [EMAIL PROTECTED] - Original Message - From: Pete Navarra To: [EMAIL PROTECTED] Sent: Sunday, October 24, 1999 6:12 AM Subject: I need help with this I have recently installed Apache 1.3.9, and mod_ssl 2.4.5 along with FrontPage extensions, PHP, and mod Perl. Everything installed perfectly, and I am having no problems except for one thing. When you try to connect to my site using HTTPS, you get my certificate presented like it should, however, once you accept the certificate, I get one of two errors saying there is either no data to send (in Netscape), or that the DNS Server could not be reached. ( in Explorer). It doesn't display my website, and pops up with nothing. Any suggestions? Any help would be greatly appreciated! Thanks, Pete https://www.infiniumweb.com
Re: I need help with this....
I don't know if the following reason is also the reason for the problems in your case, but such a problem happens usually because of a non-writable log directory or a log location which was mis- configured. Sometimes the normal HTTP server can write to its logs while the SSL stuff has problems (it sounds funny, I know! It must be an idiotic thing, but I never had the time to examine it...). Look at your log files (both access_log and error_log); You'll probably find a warning about this problem. I can witness that I had the same problem (although there was no PHP or Perl or FP in that installation), and after fixing the permission problem, everything worked perfectly. BTW: You mentioned PHP; Does anybody know when PHP4-beta3 will be released? There were already 3 deadlines, but no sign for a final date... Brett Peters wrote: > > I had the same problem with a similar configuration... What's in your error > logs? > > Brett > [EMAIL PROTECTED] > > - Original Message - > From: Pete Navarra > To: [EMAIL PROTECTED] > Sent: Sunday, October 24, 1999 6:12 AM > Subject: I need help with this > > I have recently installed Apache 1.3.9, and mod_ssl 2.4.5 along with > FrontPage extensions, PHP, and mod Perl. Everything installed perfectly, > and I am having no problems except for one thing. When you try to connect > to my site using HTTPS, you get my certificate presented like it should, > however, once you accept the certificate, I get one of two errors saying > there is either no data to send (in Netscape), or that the DNS Server could > not be reached. ( in Explorer). It doesn't display my website, and pops up > with nothing. Any suggestions? -- Eli Marmor [EMAIL PROTECTED] El-Mar Software Ltd. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: I need help with this....
I forgot to write it in my original message, but you must get the following message in your error_log in this case: [Mon Oct 25 14:49:48 1999] [error] mod_ssl: Child could not open SSLMutex lockfile /your/path/logs/ssl_mutex.26336 (System error follows) It happens with the default permissions in a default installation (using Apache's "src/helpers/binbuild.sh" and "./install-bindist.sh"), so it is common. Otherwise, if it was a local problem because of local permissions, I would not write it. I wrote: > I don't know if the following reason is also the reason for the > problems in your case, but such a problem happens usually because of > a non-writable log directory or a log location which was mis- > configured. Sometimes the normal HTTP server can write to its logs > while the SSL stuff has problems (it sounds funny, I know! It must > be an idiotic thing, but I never had the time to examine it...). > Look at your log files (both access_log and error_log); You'll > probably find a warning about this problem. > > I can witness that I had the same problem (although there was no PHP > or Perl or FP in that installation), and after fixing the permission > problem, everything worked perfectly. -- Eli Marmor *** * ___ _ __ ___ ___ |__ _ _[EMAIL PROTECTED] * * | | | \ | | \| / |\/ El-Mar Software Ltd.* *| | | _) | | _) / | \ Tel.: 972-50-237338 * *___ Fax: 972-9-766-1314 * * \_ \ http://www.elmar.co.il * *_ __ \ \ ___ * * \___ \ \_\| _ \ __ \ \ \ \ | | * * \ \ | | \ \ \_\ \ \ \ \ | |* * \ \ | | _\ \ ) ) \ \ \_\_ * * \ \ |_| \___) (_/ \_\ \_\ * * \ \___ * * \\ * * * * __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: I need help with this....
I had basically the same problem. It had nothing to do with the version of SSL, it was a dns and name server issue. You need to make sure that your A records, reverse record, and DNS names all match accordingly to the certificate name. Also, the name that shows up in the httpd.conf file needs to match exactly as well. What I did on my server, was made 1 SSL apache daemon that only responds to port 443 (on all the different IP addresses I need). Then, I have a totally seperate daemon for the port 80 web server. This way, I can seperate both daemons. Try that first. If no help, send me an email. I solved even more problems by upgrading to the new Apache 1.3.9 (like you are using). sean. On Sun, 24 Oct 1999, Brett Peters wrote: > I had the same problem with a similar configuration... What's in your error > logs? > > Brett > [EMAIL PROTECTED] > > - Original Message - > From: Pete Navarra > To: [EMAIL PROTECTED] > Sent: Sunday, October 24, 1999 6:12 AM > Subject: I need help with this > > > I have recently installed Apache 1.3.9, and mod_ssl 2.4.5 along with > FrontPage extensions, PHP, and mod Perl. Everything installed perfectly, > and I am having no problems except for one thing. When you try to connect > to my site using HTTPS, you get my certificate presented like it should, > however, once you accept the certificate, I get one of two errors saying > there is either no data to send (in Netscape), or that the DNS Server could > not be reached. ( in Explorer). It doesn't display my website, and pops up > with nothing. Any suggestions? > > > Any help would be greatly appreciated! > > Thanks, > Pete > https://www.infiniumweb.com > > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] > __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Need help with Verisign's Global ID
Hi I'm trying to use Apache with mod_ssl and with 128-bit exportable certificate. The problem is Verisign requires selecting actual webserver type during GID registration. When I chose Apache - they're telling me it's not supported. So, which type of server should I set for Apache with mod_ssl? Stronghold? Is there any server-specific in SGC? Michal Hobot [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Need help with Apache 1.3.12+modssl WIN32
Hi all, I've been through an installation before using Apache 1.3.6 and Modssl, so I thought 1.3.12 should go relatively smoothly. Hah! I installed the Win32 build of Apache 1.3.12 (from the Apache site), and grabbed the modssl/openssl materials from the modssl site. The particular file was: Apache_1.3.12-mod_ssl_2.6.1-openssl_0.9.5-WIN32-i386.zip Apache worked before installing modssl. It works after installing modssl, until I try to load the module. I did the obvious thing: LoadModule ssl_module modules/ApacheModuleSSL.dll but when I try to start Apache from the Services control panel I just get: Could not start the Apache service on \\SERVER Error 1067: The process terminated unexpectedly. Commenting out the LoadModule directive makes the problem go away, but then of course I don't have any SSL support. No logs were written. I went hunting around, and found that this WIN32 distribution doesn't actually have a file named ApacheModuleSSL.dll; it has something named Apachemo.dll. I tried using that name, but no joy. Am I missing something here? = Reid M. Pinchback= = I/T Delivery, MIT= = = = Email: [EMAIL PROTECTED] = = URL: http://mit.edu/reidmp/www/home.html = __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Need help with Verisign's Global ID
On Mon, Oct 25, 1999, Michal Hobot wrote: > Hi > I'm trying to use Apache with mod_ssl and with 128-bit exportable > certificate. The problem is Verisign requires selecting actual webserver > type during GID registration. > When I chose Apache - they're telling me it's not supported. > So, which type of server should I set for Apache with mod_ssl? > Stronghold? Is there any server-specific in SGC? Seems today is a Versign ordering day. I've answered this already in another thread as following: | The server type doesn't really matter as long as you at least select not a too | esoteric server (then you might not get the cert/key in PEM or DER format). | Just select Stronghold, Raven or some of those Apache servers. The same is true independent whether you buy a standard cert or a SGC. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Need help with Verisign's Global ID
Michal, Please select either Stronghold or Raven Rob Bastille IT Department Manager WildcatBlue.Com - http://www.wildcatblue.com/ First Computer Solutions, Inc. - http://fcomsolutions.com/ (606) 625-9453 (Voice) (606) 624-1233 (Fax) "The soul would have no rainbow had the eyes no tears" -Original Message- From: Michal Hobot [SMTP:[EMAIL PROTECTED]] Sent: Monday, October 25, 1999 3:30 PM To: [EMAIL PROTECTED] Subject: Need help with Verisign's Global ID << File: ATT8.txt; charset = iso-8859-2 >> __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Need help with Apache 1.3.12+modssl WIN32
"Reid M. Pinchback" wrote: > [...] > but when I try to start Apache from the Services control panel > I just get: > >Could not start the Apache service on \\SERVER >Error 1067: The process terminated unexpectedly. > [...] > > Am I missing something here? > If running it as a service gives problems, try running it as a console app. Then you can at least see the prints to stdout as well. Have all the mod_ssl parameters been set up correctly? I.e. do you have a valid certificate, with a private key file, etc. and are they all correctly configured in httpd.conf? Further, if you run it as a service, make sure it doesn't ask for your private key password interactively, since that won't work. Instead, use a private key without password or use a password program (but notice I've been experiencing problems with the latter; it works only if you run apache using the -X option. In regular mode, there's a redirection problem. The password program is run, but mod_ssl never gets to see it's output. That though is not a mod_ssl problem, but rather an apache problem, documented (but yet unsolved) in the Apache bug list.) Jan Dries __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Need help with Apache 1.3.12+modssl WIN32
At 11:56 PM 4/21/00 -0400, Jan Dries wrote: >If running it as a service gives problems, try running it as a console >app. Then you can at least see the prints to stdout as well. Good idea! I'll try that. >Have all the mod_ssl parameters been set up correctly? I.e. do you have >a valid certificate, with a private key file, etc. and are they all >correctly configured in httpd.conf? As far as I can tell, yes. I stuck with what worked for the previous version I'd installed, and I can't find anything that should have changed. >Further, if you run it as a service, make sure it doesn't ask for your >private key password interactively, since that won't work. This never came up before, but I'll double-check when I run as a console ap. Thanks! __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
I need help with a very tricky problem
I need to figure out how to log a user off our web site and ensure that they re-authenticate the next time they hit our site. On the surface this seems like a very simple problem but it is not. Here is what happens. A user logs on to our site using modauth, from an IE5 browser. They do a bunch of things and then they go off to some other URL, or for a coffee. If they don't close every single browser window then they remain authenticated to our site FOREVER! They (or anyone else sharing the same PC) can return to our site and they get access right away without any authentication. We have hospitals using our site who have many staff sharing a PC, who each need to be able to sit down, look up some info, then log off without a lot of hassles. Sending a 401 Unauthorized doesn't work because I can't tell the difference between someone legitimately logging in properly and one returning from a previous session. There doesn't seem to be anything in the browser you can shut off, modify or otherwise fool. CGI scripts come into play far too late since all of the authenticating (or non-authenticating) has already passed. I tried looking at the SSL_SESSION_ID but it appears to be different for every single hit to our web site from the same PC and browser window. My httpd.conf file is pretty much default. SSLSessionCache is set to shm:/var/cache/ssl_scache(512000) SSLSessionCacheTimeout is set to 300 I can get back onto my site hours later (certainly more than 5 minutes) without re-authenticating. Does anyone have any ideas where to go from here? I'm really stumped...
RE: I need help with a very tricky problem
SSL and HTTP don't offer any solutions here. What you need is to implement your own logon screen, set a session cookie, and maintain the timing in your application. This implies that you are serving something other than static pages; i.e., you have something like cgi/jsp/servlet. The HTTP auth process is not designed for what you're trying to do. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Doug PoulinSent: Wednesday, September 06, 2000 3:08 PMTo: [EMAIL PROTECTED]Subject: I need help with a very tricky problem I need to figure out how to log a user off our web site and ensure that they re-authenticate the next time they hit our site. On the surface this seems like a very simple problem but it is not. Here is what happens. A user logs on to our site using modauth, from an IE5 browser. They do a bunch of things and then they go off to some other URL, or for a coffee. If they don't close every single browser window then they remain authenticated to our site FOREVER! They (or anyone else sharing the same PC) can return to our site and they get access right away without any authentication. We have hospitals using our site who have many staff sharing a PC, who each need to be able to sit down, look up some info, then log off without a lot of hassles. Sending a 401 Unauthorized doesn't work because I can't tell the difference between someone legitimately logging in properly and one returning from a previous session. There doesn't seem to be anything in the browser you can shut off, modify or otherwise fool. CGI scripts come into play far too late since all of the authenticating (or non-authenticating) has already passed. I tried looking at the SSL_SESSION_ID but it appears to be different for every single hit to our web site from the same PC and browser window. My httpd.conf file is pretty much default. SSLSessionCache is set to shm:/var/cache/ssl_scache(512000) SSLSessionCacheTimeout is set to 300 I can get back onto my site hours later (certainly more than 5 minutes) without re-authenticating. Does anyone have any ideas where to go from here? I'm really stumped...
Re: I need help with a very tricky problem
Probably your best bet is to use mod_perl, Apache::Session or write your own module to handle sessions. These basically create a session file (cookie based or local file) with a timestamp. This session file for is checked for every subsequent request and force re-authentication if session expired (i.e. (now-timestamp) > expiration). This way logging off is automatic. Hope this helps -Carlos Doug Poulin wrote: I need to figure out how to log a user off our web site and ensure that they re-authenticate the next time they hit our site. On the surface this seems like a very simple problem but it is not. Here is what happens. A user logs on to our site using modauth, from an IE5 browser. They do a bunch of things and then they go off to some other URL, or for a coffee. If they don't close every single browser window then they remain authenticated to our site FOREVER! They (or anyone else sharing the same PC) can return to our site and they get access right away without any authentication. We have hospitals using our site who have many staff sharing a PC, who each need to be able to sit down, look up some info, then log off without a lot of hassles. Sending a 401 Unauthorized doesn't work because I can't tell the difference between someone legitimately logging in properly and one returning from a previous session. There doesn't seem to be anything in the browser you can shut off, modify or otherwise fool. CGI scripts come into play far too late since all of the authenticating (or non-authenticating) has already passed. I tried looking at the SSL_SESSION_ID but it appears to be different for every single hit to our web site from the same PC and browser window. My httpd.conf file is pretty much default. SSLSessionCache is set to shm:/var/cache/ssl_scache(512000) SSLSessionCacheTimeout is set to 300 I can get back onto my site hours later (certainly more than 5 minutes) without re-authenticating. Does anyone have any ideas where to go from here? I'm really stumped... -- --- Carlos Ramirez + Boeing + Reusable Space Systems + 714.372.4181 ---