[users@httpd] Log problem with REMOTE_USER containing spaces

I am a new apache2 user and have started mining my access logs (with Perl progs) for certain info. I have had great success using the Parse::AccessLogEntry module from cpan.org, but I have had a few instances where it bombed on the default extended common format. In those cases I found that a

Re: [users@httpd] PKI Certificates not appearing through Linux Apache

On Wed, Jul 20, 2011 at 14:25, Christopher Johnson coolsno...@gmail.com wrote: ... website.  This functionality does work in windows but not linux.   Is there a issue porting the certs, keys and CA's from windows?  Is there a compatibility issue?  Is there somethings I should be checking?  Any

[users@httpd] MysSQL Connection Fails on Apache2 Start

I am trying to use a MySQL database for Digest password management on my remote server. I have my httpd.conf file settings here: # mod_dbd configuration DBDriver mysql # MySQL params: # host, port, user, pass, dbname, sock, flags, fldsz, group, reconnect DBDParams dbname=passwords user=

Re: [users@httpd] MysSQL Connection Fails on Apache2 Start

On Wed, Jul 27, 2011 at 10:13, Tom Evans tevans...@googlemail.com wrote: On Wed, Jul 27, 2011 at 4:05 PM, Tom Browder tom.brow...@gmail.com wrote: I am trying to use a MySQL database for Digest password management on my remote server. I have my httpd.conf file settings here: ... # MySQL

Re: [users@httpd] MysSQL Connection Fails on Apache2 Start

On Wed, Jul 27, 2011 at 11:24, Nick Kew n...@webthing.com wrote: On 27 Jul 2011, at 16:05, Tom Browder wrote: At the moment it doesn't work.  After start I get these errors: [Wed Jul 27 09:08:56 2011] [error] (20014)Internal error: DBD: Can't connect to mysql [Wed Jul 27 09:08:56 2011

Re: [users@httpd] MysSQL Connection Fails on Apache2 Start

On Wed, Jul 27, 2011 at 12:09, Tom Browder tom.brow...@gmail.com wrote: On Wed, Jul 27, 2011 at 11:24, Nick Kew n...@webthing.com wrote: On 27 Jul 2011, at 16:05, Tom Browder wrote: At the moment it doesn't work.  After start I get these errors: [Wed Jul 27 09:08:56 2011] [error] (20014

[users@httpd] Re: MysSQL Connection Fails on Apache2 Start

On Wed, Jul 27, 2011 at 10:05, Tom Browder tom.brow...@gmail.com wrote: I am trying to use a MySQL database for Digest password management on my remote server. I have my httpd.conf file settings here: Does anyone have a working solution for Apache Digest password management using MySQL (all

Re: [users@httpd] MysSQL Connection Fails on Apache2 Start

On Wed, Jul 27, 2011 at 12:09, Tom Browder tom.brow...@gmail.com wrote: On Wed, Jul 27, 2011 at 11:24, Nick Kew n...@webthing.com wrote: On 27 Jul 2011, at 16:05, Tom Browder wrote: At the moment it doesn't work. After start I get these errors: [Wed Jul 27 09:08:56 2011] [error] (20014

[users@httpd] Suggestion for Apache2 docs: add another (inexpensive) CA: StartSSL.com

The Apache2 docs has an SSL FAQ here: http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html It has a list of Certifying Authorities (CAs) but is missing one important one for personal or small-scale server operators StartSSL: http://www.startssl.com/ They can provide an inexpensive wild-card

[users@httpd] Apache Digest Password Management with PostgreSQL and mod_dbd

I've asked earlier about this (but using MySQL): Does anyone have a working solution for Apache Digest password management using PostgreSQL (and mod_dbd)? If so, would you be willing to share setup details? Best regards, -Tom USAFA, CS-24, Class of 1965 Niceville, Florida, USA

Re: [users@httpd] How to configure mod_dbd with MySQL on Apache 2.2

On Sun, Aug 7, 2011 at 05:08, nik...@iandapp.com wrote: Hello, I find it a bit strange that it is so difficult to find information about how to do this. Niklas, I agree, I have found the same situation and I will keep the list informed if I get a good solution. But note that I have given up

Re: [users@httpd] How to configure mod_dbd with MySQL on Apache 2.2

On Sun, Aug 7, 2011 at 07:21, Nick Kew n...@webthing.com wrote: ... On 7 Aug 2011, at 11:08, nik...@iandapp.com wrote: ... I find it a bit strange that it is so difficult to find information about how to do this. ... I want to configure my Apache2 to use mod_dbd when authenticating users. But

Re: [users@httpd] How to configure mod_dbd with MySQL on Apache 2.2

On Sun, Aug 7, 2011 at 17:44, Nick Kew n...@webthing.com wrote: On Sun, 7 Aug 2011 13:30:48 -0500 Tom Browder tom.brow...@gmail.com wrote: That is a very important link that I had not found, although from my look at htdigest I was assuming most of the information. (And that link should also

Re: [users@httpd] How to configure mod_dbd with MySQL on Apache 2.2

On Mon, Aug 8, 2011 at 02:10, Niklas Johansson nik...@iandapp.com wrote: I will have a look at it once it pops up. For the Apache 2.2 docs section on password formats, the Apache digest-authentication method, here is an example for Perl that I am using in my password generator script: use

Re: [users@httpd] using mod auth_mysql with apache for authentication

On Tue, Aug 9, 2011 at 05:07, Tom Evans tevans...@googlemail.com wrote: On Tue, Aug 9, 2011 at 4:42 AM, Rajeev Prasad rp.ne...@yahoo.com wrote: ... currently i have  mod auth_mysql configured and running as plaintext password: ... 2. how can i get a user log out once the browser tab is 

[users@httpd] Question on Configuring a Site for SSL Only

I have a working site on a single server with multiple virtual hosts and a commercial SSL certificate that serves them all okay. When setting up my site originally I was following examples from several places and now I wonder if I might simplify my configuration without compromising current

Re: [users@httpd] How to serve https only? Is this correct?

On Thu, Jul 12, 2012 at 6:37 AM, Nick Kew n...@webthing.com wrote: On 12 Jul 2012, at 12:02, Tom Browder wrote: I want to have NO http traffic on my site. Is this the correct way to No. Thanks for the reply, Nick. I have a stack of Apache security books (as well as your modules book

Re: [users@httpd] How to serve https only? Is this correct?

On Thu, Jul 12, 2012 at 9:08 AM, Mark Montague m...@catseye.org wrote: On July 12, 2012 8:02 , Tom Browder tom.brow...@gmail.com wrote: On Thu, Jul 12, 2012 at 6:37 AM, Nick Kewn...@webthing.com wrote: On 12 Jul 2012, at 12:02, Tom Browder wrote: I want to have NO http traffic on my site

Re: [users@httpd] How to serve https only? Is this correct?

On Thu, Jul 12, 2012 at 11:20 AM, Nick Kew n...@webthing.com wrote: On Thu, 12 Jul 2012 11:32:01 -0400 Mark Montague m...@catseye.org wrote: ... HTTPS makes it harder to do man-in-the-middle (MITM) attacks, but MITM attacks are still possible against HTTPS. ... Up to a point, Lord Copper. ...

[users@httpd] SSL Cllient Certificate Requirements Question

I have a single server with a multiple vhost SSL certificate from a recognized CA. All vhosts are using SSL/TLS successfully and exclusively with HSTS enforcement. I would now like to add SSL client certificates for individual vhost private directory access and plan to do so using a

Re: [users@httpd] SSL Cllient Certificate Requirements Question

On Thu, Jul 19, 2012 at 7:34 PM, Daniel Ruggeri drugg...@primary.net wrote: On 7/19/2012 10:11 AM, Tom Browder wrote: I have a single server with a multiple vhost SSL certificate from a recognized CA. All vhosts are using SSL/TLS successfully and exclusively with HSTS enforcement. I would

Re: [users@httpd] apxs

On Sun, Jul 29, 2012 at 10:16 AM, Eric Covener cove...@gmail.com wrote: Yet the link I cited says if I have mod_so it should be there?? ... If someone else packaged your apache build, consult the doc specific to that packaging. At the command line try locate apxs and that should be a start.

[users@httpd] How does one use cached, static non-private pages with https?

I have a completely https site and would like to make it more efficient for non-private static pages. This document by Ivan Ristic: https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices_1.0.pdf recommends (in para 3.4) enabling caching of public resources...by attaching the

[users@httpd] Dual apache2 installations: Ubuntu Package and Locally Built (All on a single server)

I have a good instance of apache2 running as an Ubuntu package on Ubuntu 10.04 LTS (64-bit), but it's version 2.2.14. I would like to use the latest Apache version and build it from source. Has anyone tried setting up a locally-built version of Apache so as to be able to switch easily between

[users@httpd] Re: Dual apache2 installations: Ubuntu Package and Locally Built (All on a single server)

On Thu, Aug 2, 2012 at 4:53 PM, Tom Browder tom.brow...@gmail.com wrote: I have a good instance of apache2 running as an Ubuntu package on Ubuntu 10.04 LTS (64-bit), but it's version 2.2.14. ... I should have noted that the locally-installed Apache2 will be built with the configure option

Re: [users@httpd] Dual apache2 installations: Ubuntu Package and Locally Built (All on a single server)

On Thu, Aug 2, 2012 at 5:35 PM, Mauricio Tavares raubvo...@gmail.com wrote: On Thu, Aug 2, 2012 at 5:53 PM, Tom Browder tom.brow...@gmail.com wrote: ... The Debian option should make the situation somewhat easier, BUT, will it overwrite existing configuration files? It's not supposed

Re: [users@httpd] Dual apache2 installations: Ubuntu Package and Locally Built (All on a single server)

On Fri, Aug 3, 2012 at 10:05 AM, John john.ili...@iliffe.ca wrote: One gotcha you may run into, some .conf parameters have changed. You can't just copy the old 2.2.x .conf file over to 2.4.x without checking. Since some of the changes occurred in various levels of 2.2 they aren't all

[users@httpd] Deny access to all directory files BUT a certain suffix?

I see lots of examples of denying access to files in a directory with a certain suffix, but I want to deny access to ALL files EXCEPT those with one suffix (.html). I have tried this (Apache 2.2.14): Directory ~ .*/private2 SSLOptions +StdEnvVars +StrictRequire +OptRenegotiate

Re: [users@httpd] Deny access to all directory files BUT a certain suffix?

On Sun, Aug 5, 2012 at 4:43 PM, Daniel Gruno rum...@cord.dk wrote: On 08/05/2012 11:31 PM, Tom Browder wrote: I see lots of examples of denying access to files in a directory with a certain suffix, but I want to deny access to ALL files EXCEPT those with one suffix (.html). ... Try FilesMatch

[users@httpd] Two SSL directives appear to be not working with SSL Labs server test

I have been checking my Apache 2.2.14 server with this link: https://www.ssllabs.com/ssltest/index.html I am trying to improve my SSL Labs security score but can't beat 85. I am running Apache 2.2.14 (from Ubuntu's package). I get the following scores: Certificate 100

Re: [users@httpd] Two SSL directives appear to be not working with SSL Labs server test

On Tue, Aug 7, 2012 at 7:46 AM, Eric Covener cove...@gmail.com wrote: On Tue, Aug 7, 2012 at 8:14 AM, Tom Browder tom.brow...@gmail.com wrote: I have been checking my Apache 2.2.14 server with this link: https://www.ssllabs.com/ssltest/index.html ... Cipher Suites (sorted by strength

[users@httpd] Re: How does one use cached, static non-private pages with https?

On Tue, Jul 31, 2012 at 9:15 AM, Tom Browder tom.brow...@gmail.com wrote: I have a completely https site and would like to make it more efficient for non-private static pages. Ping, anyone? -Tom - To unsubscribe, e-mail

Re: [users@httpd] Re: How does one use cached, static non-private pages with https?

On Fri, Aug 10, 2012 at 2:13 AM, Igor Cicimov icici...@gmail.com wrote: On Thu, Aug 9, 2012 at 12:05 AM, Tom Browder tom.brow...@gmail.com wrote: On Tue, Jul 31, 2012 at 9:15 AM, Tom Browder tom.brow...@gmail.com wrote: I have a completely https site and would like to make it more

[users@httpd] Virtual Hosts and SSL Config: Hoist Common Directives Above Server Blocks?

I'm trying to clean up my conf files after getting an all-SSL server with several virtual hosts working. At the moment, for each server block, I have this: IfModule mod_ssl.c VirtualHost *:443 SSLEngine on SSLCACertificateFile/path/to/ca.pem SSLCertificateFile

Re: [users@httpd] What verification does Apache do as part of SSLVerifyClient?

On Wed, Sep 5, 2012 at 4:32 PM, Mark Montague m...@catseye.org wrote: ... As you can see, the CN is not a hostname and does not get validated by httpd. You need to rely on the certificate authorities you trust in order to not sign certificates for improper CNs -- for example, the CN of a host

Re: [users@httpd] What verification does Apache do as part of SSLVerifyClient?

On Sun, Sep 9, 2012 at 8:59 AM, Pete Houston p...@openstrike.co.uk wrote: On Sun, Sep 09, 2012 at 08:36:30AM -0500, Tom Browder wrote: So the client cert. does contain the private key? Then its password is all that is protecting it? No, the key is normally (but not always) kept separately

Re: [users@httpd] Virtual Hosts and SSL Config: Hoist Common Directives Above Server Blocks? [SOLVED]

On Mon, Sep 10, 2012 at 10:00 PM, Igor Cicimov icici...@gmail.com wrote: On Sun, Sep 9, 2012 at 10:57 PM, Tom Browder tom.brow...@gmail.com wrote: I'm trying to clean up my conf files after getting an all-SSL server with several virtual hosts working. ... Can I hoist the common SSL cert

[users@httpd] SSL Client Certificates and CGI

Does anyone have a pointer to help on restricting a directory to access only with valid SSL Client Certificates and how to work CGI scripts to respect that restriction? I have been successful restricting direct access, but it seems that certain cgi programs can access the directory with impunity.

Re: [users@httpd] SSL Client Certificates and CGI

On Sun, Sep 30, 2012 at 7:44 PM, Mark Montague m...@catseye.org wrote: On September 30, 2012 19:45 , Tom Browder tom.brow...@gmail.com wrote: Does anyone have a pointer to help on restricting a directory to access only with valid SSL Client Certificates and how to work CGI scripts to respect

Re: [users@httpd] SSL Client Certificates and CGI

On Mon, Oct 1, 2012 at 7:54 AM, Mark Montague m...@catseye.org wrote: On Sun, Sep 30, 2012 at 7:44 PM, Mark Montague m...@catseye.org wrote: On September 30, 2012 19:45 , Tom Browder tom.brow...@gmail.com wrote: Does anyone have a pointer to help on restricting a directory to access only

Re: [users@httpd] SSL Client Certificates and CGI

On Mon, Oct 1, 2012 at 10:53 AM, Mark Montague m...@catseye.org wrote: On October 1, 2012 9:17 , Tom Browder tom.brow...@gmail.com wrote: Inside the restricted area I have: SSLVerifyClient require I have found that the configuration doesn't restrict CGI programs at all as I have them

Re: [users@httpd] SSL Client Certificates and CGI

On Mon, Oct 1, 2012 at 2:28 PM, Mark Montague m...@catseye.org wrote: On October 1, 2012 14:58 , Tom Browder tom.brow...@gmail.com wrote: On Mon, Oct 1, 2012 at 10:53 AM, Mark Montague m...@catseye.org wrote: On October 1, 2012 9:17 , Tom Browder tom.brow...@gmail.com wrote: ... I have found

[users@httpd] Mac OS X and SSL Client Certitficates

I have successfully generated SSL client certs (generated with openssl 1.0.1c) used by Safari, Firefox, and Chrome on Linux and Windows plus IE 9 on Windows, but I cannot get successful access with either Safari or Firefox on Mac OS X. When I try on Mac/Safari I get the error: The server did

Re: [users@httpd] Mac OS X and SSL Client Certitficates

On Mon, Oct 15, 2012 at 8:59 AM, Mark Montague m...@catseye.org wrote: On October 12, 2012 10:41 , Tom Browder tom.brow...@gmail.com wrote: I have successfully generated SSL client certs (generated with openssl 1.0.1c) used by Safari, Firefox, and Chrome on Linux and Windows plus IE 9

[users@httpd] OpenSSL vs. Mozilla's NSS

Is it possible to use Apache with the NSS libraries instead of OpenSSL? If not, has that ever been considered as an option? Based on my struggle with OpenSSL documentation to generate my own CA and client SSL certificates, the NSS documentation for that same task looks like a breeze in

[users@httpd] Re: OpenSSL vs. Mozilla's NSS

On Wed, Oct 24, 2012 at 5:24 PM, Tom Browder tom.brow...@gmail.com wrote: Is it possible to use Apache with the NSS libraries instead of OpenSSL? Oops, I just found mod_nss. But I would appreciate any comments about the use of mod_ssl versus mod_nss. Best, -Tom

Re: [users@httpd] OpenSSL vs. Mozilla's NSS

On Wed, Oct 24, 2012 at 5:43 PM, Mark Montague m...@catseye.org wrote: On October 24, 2012 18:24 , Tom Browder tom.brow...@gmail.com wrote: ... Is it possible to use Apache with the NSS libraries instead of OpenSSL? If your problems are just with generating / signing certificates, you don't

[users@httpd] V2.4.7 and Open SSL 1.o.1f (FIPS) build error

I built and installed OpenSSL 1.0.1f in the FIPS mode. I configured httpd-2.4.7 successfully to use mod_ssl: ... --with-ssl=/usr/local/ssl/fips-2.0 and, during the build, it stops here: /usr/local/src/httpd-2.4.7/support/ab.c:509: undefined reference to `FIPS_rand_seed'

[users@httpd] Problems with directive SSLPassPhraseDialog with a piped script

I am using httpd 2.4.7 built from source. OpenSSL is a Debian package with version 1.0.1e. The pertinent part of my httpd.conf is: SSLCertificateKeyFile /path/to/key.file SSLPassPhraseDialog |/path/to/passphrase.sh $ cat passphrase.sh #!/bin/bas echo averylongand randompassord

Re: [users@httpd] Problems with directive SSLPassPhraseDialog with a piped script

On Thu, Feb 27, 2014 at 2:41 PM, Dan Bryan danbrya...@gmail.com wrote: What if you change :#!/bin/bas to #!/bin/bash in passphrase.sh ? Duh, e-mail typo! Good catch, Dan, but the real script has its first line as: #!/bin/bash But, in the process of checking that file on the server, I

Re: [users@httpd] Problems with directive SSLPassPhraseDialog with a piped script

On Thu, Feb 27, 2014 at 2:58 PM, Tom Browder tom.brow...@gmail.com wrote: On Thu, Feb 27, 2014 at 2:41 PM, Dan Bryan danbrya...@gmail.com wrote: What if you change :#!/bin/bas to #!/bin/bash in passphrase.sh ? ... But, in the process of checking that file on the server, I discovered

Re: [users@httpd] Problems with directive SSLPassPhraseDialog with a piped script

On Thu, Feb 27, 2014 at 4:20 PM, Tom Browder tom.brow...@gmail.com wrote: Still looking for ideas from someone who has used the pipe method. I'm still looking for how the pipe method works. But I used the exec method and it works fine! FYI, I used a script a little pickier than a simple

[users@httpd] mod_gnutls versus mod_gnutls 9with httpd 2.4+)

Is anyone successfully using mog_gnutls with httpd 2.4.7? Any recommendations on using mod_gnutls versus mod_ssl? Thanks. Best regards, -Tom - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional

Re: [users@httpd] Let's build and awesome tutorial

On Tue, Mar 4, 2014 at 2:03 PM, Daniel Ruggeri drugg...@primary.net wrote: All; I would like to draw attention to a tutorial session[1] that I am offering during ApacheCon Friday morning. The tutorial is called Let's do something with httpd: The tutorial designed by YOU My suggestions: +

[users@httpd] TLS and non-TLS Virtual Hosts Sharing Files

If I have two virtual hosts using, say: DocumentRoot /web-sites/domain1.com/public DocumentRoot /web-sites/domain2.com/public and one vhost is non-TLS and the other is TLS-only, can I allow them to share common resources (such as css) by doing something like this in the server section:

[users@httpd] Use Multiple Server Certificates On One Server: Is This Possible?

I was surprised to see this message (see below) to the dev list. Note the last line of the cropped message below: The certificates etc. in the three blocks are three different ones. I thought a server can only have one certificate. Is this a new feature? Thanks. Best regards, -Tom On Tue,

Re: [users@httpd] Use Multiple Server Certificates On One Server: Is This Possible?

On Wed, Mar 12, 2014 at 9:11 AM, Eric Covener cove...@gmail.com wrote: On Wed, Mar 12, 2014 at 9:00 AM, Tom Browder tom.brow...@gmail.com wrote: I was surprised to see this message (see below) to the dev list. Note the last line of the cropped message below: The certificates etc

Re: [users@httpd] dynamic virtual hosts

On Wed, Mar 12, 2014 at 2:56 PM, Rose, John B jbr...@utk.edu wrote: Has anyone used mod_vhost, or mod_rewrite, some other way, or some combination, and implemented in production, dynamic virtual hosts of unique hundreds or more, sub domains. If so, which method did you use, and can you give

Re: [users@httpd] dynamic virtual hosts

On Wed, Mar 12, 2014 at 3:11 PM, Tom Browder tom.brow...@gmail.com wrote: ... If you have sub-domains just define another macro similarly except you will have one or more additional parameters in front of ${PROJECT} ${TLD} for the new macros. By using such layouts I am able to build new vhosts

[users] Re: [users@httpd] CAC Card Authentication

On Fri, May 30, 2014 at 1:06 AM, Jason Pyeron jpye...@pdinc.us wrote: -Original Message- From: McGregor, Donald (Don) (CIV) ... I'm attempting to get CAC card authentication working with Apache httpd-2.2.3-85 on Centos 5. CAC cards are the DoD ... And if you are working on an

[users] Recommended practice for mitigating BREACH/CRIME attacks with Apache 2.4+, SSL/TLS-only sites, and use of mod_deflate?

I have several SSL/TLS-only virtual sites running under Apache 2.4.7. I haven't turned on compression because of all the warnings about CRIME and BREACH. However, when I run my sites against web site analyzers they always suggest turning on compression. So what is the consensus? If compression

[users] Re: Recommended practice for mitigating BREACH/CRIME attacks with Apache 2.4+, SSL/TLS-only sites, and use of mod_deflate?

On Tue, Jun 3, 2014 at 3:52 PM, Tom Browder tom.brow...@gmail.com wrote: I have several SSL/TLS-only virtual sites running under Apache 2.4.7. I haven't turned on compression because of all the warnings about CRIME and BREACH. However, when I run my sites against web site analyzers

Re: [users] Re: Recommended practice for mitigating BREACH/CRIME attacks with Apache 2.4+, SSL/TLS-only sites, and use of mod_deflate?

On Fri, Jun 6, 2014 at 10:16 AM, Jeff Trawick traw...@gmail.com wrote: On Tue, Jun 3, 2014 at 3:52 PM, Tom Browder tom.brow...@gmail.com wrote: I have several SSL/TLS-only virtual sites running under Apache 2.4.7. I haven't turned on compression because of all the warnings about CRIME

Re: [users] Re: Recommended practice for mitigating BREACH/CRIME attacks with Apache 2.4+, SSL/TLS-only sites, and use of mod_deflate?

On Fri, Jun 6, 2014 at 10:35 AM, Tom Browder tom.brow...@gmail.com wrote: On Fri, Jun 6, 2014 at 10:16 AM, Jeff Trawick traw...@gmail.com wrote: On Tue, Jun 3, 2014 at 3:52 PM, Tom Browder tom.brow...@gmail.com wrote: I have several SSL/TLS-only virtual sites running under Apache 2.4.7. I

[users@httpd] TLS, SNI, and Multiple VHosts

If I get a server TLS certificate for an IP address, is it true that I can have essentially unlimited TLS VHosts using that certificate (assuming clients are SNI-capable)? Best regards, -Tom - To unsubscribe, e-mail:

[users@httpd] Re: Apache 2.4.10 and Basic Authentication: No Luck [SOLVED]

On Mon, Apr 13, 2015 at 10:51 AM, Tom Browder tom.brow...@gmail.com wrote: After reading the somewhat confusing docs on limiting access to a directory, I found that basic authentication with TLS is the recommended way. Duh, I made a typo on the dir name (he says as he smacks his forehead

[users@httpd] AuthBasic Questions: Modify the pop-up message? Change auth cache time?

I now have basic authorization (under TLS) working okay, but I would like to influence the user experience a bit via Apache behavior if possible. A few questions if you please: 1. Can I modify the pop-up message? 2. Can I change the cache behavior of the access? As it is, my Google Chrome

[users@httpd] Apache 2.4.10 and Basic Authentication: No Luck

After reading the somewhat confusing docs on limiting access to a directory, I found that basic authentication with TLS is the recommended way. I have several virtual hosts running on a TLS-only server and want to limit access to a private directory for just one of the hosts (not that I am using

Re: [users@httpd] AuthBasic Questions: Modify the pop-up message? Change auth cache time?

On Tue, Apr 14, 2015 at 2:11 PM, Pete Houston p...@openstrike.co.uk wrote: ... Good luck, Thanks, Pete, that's what I was afraid of. I hope mod_perl get released for Apache 2.4 soon! Best, -Tom - To unsubscribe, e-mail:

[users@httpd] Re: httpd and OpenSSL 1.0.2

On Wed, May 27, 2015 at 11:33 AM, Mario Brandt jbl...@gmail.com wrote: Hi Tom, I tried on Debian 7 and 8 both x64 To see your configure options would help a lot. Okay, here's what I had to do to my Linux Deb 7, 64-bit system: 1. Remove any deb packages of httpd, apr, apr-util, openssl. 2.

[users@httpd] Re: httpd and OpenSSL 1.0.2

On Mon, Jun 1, 2015 at 10:22 AM, Tom Browder tom.brow...@gmail.com wrote: Okay, here's what I had to do to my Linux Deb 7, 64-bit system: ... 2. Source packages used (in order of installation): ... pcre2-10.00.tar.bz2 Oops, my error: I had to use pcre-8.36 (httpd cannot yet use pcre2

[users@httpd] Re: httpd and OpenSSL 1.0.2

On May 27, 2015 5:26 AM, Mario Brandt jbl...@gmail.com wrote: Hi Tom, I saw you on the httpd dev mailing list about that topic. How did you manage to build apache against 1.0.2? Cause if I try that I get in my VM /opt/apache2/modules/mod_ssl.so: undefined symbol: SSL_CONF_CTX_finish or on

[users@httpd] Re: CGI environment variables different between 2.2 and 2.4?

On Aug 20, 2015 5:03 PM, Tom Browder tom.brow...@gmail.com wrote: I had some CGI scripts running on Apache 2.2 which tested for $ENV{DOCUMENT_ROOT} and worked fine. Now I am attempting to use the same scripts on Apache 2.4 and, so far, I can't seem to find that variable defined. Okay, all

Re: [users@httpd] Re: CGI environment variables different between 2.2 and 2.4?

On Sat, Aug 22, 2015 at 2:12 PM, Kurtis Rader kra...@skepticism.us wrote: ... I was confused as well since your original message made it sound like you saw DOCUMENT_ROOT in the 2.2 CGI environment and not in the 2.4 CGI environment. Which I simply assumed meant someone had updated the code to

Re: [users@httpd] Re: CGI environment variables different between 2.2 and 2.4?

On Aug 22, 2015 8:57 PM, Kurtis Rader kra...@skepticism.us wrote: On Sat, Aug 22, 2015 at 1:15 PM, Tom Browder tom.brow...@gmail.com wrote: Sorry for the confusion, Kurt, but I appreciate your look and analysis. Shall I file the bug, or would it be better coming from you. ... You should open

Re: [users@httpd] Re: CGI environment variables different between 2.2 and 2.4?

On Sat, Aug 22, 2015 at 10:37 AM, Eric Covener cove...@gmail.com wrote: On Sat, Aug 22, 2015 at 11:19 AM, Tom Browder tom.brow...@gmail.com wrote: ... So that's my confusion: it [DOCUMENT_ROOT] is not listed in the RFC and the Apache docs do not mention it that I can find, but Apache 2.4 does

Re: [users@httpd] Re: CGI environment variables different between 2.2 and 2.4?

On Sat, Aug 22, 2015 at 10:02 AM, Kurtis Rader kra...@skepticism.us wrote: On Sat, Aug 22, 2015 at 3:41 AM, Tom Browder tom.brow...@gmail.com wrote: On Aug 20, 2015 5:03 PM, Tom Browder tom.brow...@gmail.com wrote: I had some CGI scripts running on Apache 2.2 which tested for $ENV

Re: [users@httpd] Re: CGI environment variables different between 2.2 and 2.4?

On Sat, Aug 22, 2015 at 11:03 AM, Eric Covener cove...@gmail.com wrote: On Sat, Aug 22, 2015 at 12:01 PM, Tom Browder tom.brow...@gmail.com wrote: Mine, too. I'm confused, is this where the thread started or did you have to change something in your scripts for 2.4? The thread began with my

[users@httpd] CGI environment variables different between 2.2 and 2.4?

I had some CGI scripts running on Apache 2.2 which tested for $ENV{DOCUMENT_ROOT} and worked fine. Now I am attempting to use the same scripts on Apache 2.4 and, so far, I can't seem to find that variable defined. Has there been some change or need I look elsewhere for the problem? I'm pretty

[users@httpd] ScriptLog: Anyone used it successfully?

I am trying to use directive ScriptLog to debug CGI code but, so far haven't been able to see any output. My httpd server user name is 'apache' in group 'apache'. I have created a directory in my $HOME name 'cgi-log' and made its owner and group to be apache. $ ls -ld cgi-log drwxr-xr-x 2

[users@httpd] SSI best practice: XbitHack or .shtml

Anyone have an opinion of the best way to indicate an SSI file to be scanned? Best, -Tom - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] Re: SSI best practice: XbitHack or .shtml

On Aug 25, 2015 5:10 AM, "Tom Browder" <tom.brow...@gmail.com> wrote: > Anyone have an opinion of the best way to indicate an SSI file to be > scanned? Ping, anyone? -Tom

[users@httpd] SSI #virtual script and cache control: recommendations?

I am using an SSI virtual script (only in index.html) which records page access time in a database. My definition of page access time is one hour, that is, the client gets credit for only one access per hour. Unfortunately, my default setup is such that I'm currently not specifying any caching for

Re: [users@httpd] SSI #virtual script and cache control: recommendations?

On Fri, Sep 4, 2015 at 8:36 AM, Eric Covener <cove...@gmail.com> wrote: > On Fri, Sep 4, 2015 at 8:33 AM, Tom Browder <tom.brow...@gmail.com> wrote: >> Problem: The documentation for mod_expires is pretty clear, but it >> doesn't look like I can specify

Re: [users@httpd] ScriptLog: Anyone used it successfully?

On Sun, Aug 30, 2015 at 1:03 PM, Eric Covener <cove...@gmail.com> wrote: > On Sun, Aug 30, 2015 at 1:52 PM, Tom Browder <tom.brow...@gmail.com> wrote: >> But I have yet to see any output there. What, specifically, in my CGI >> programs, do I need to do to get output?

Re: [users@httpd] Re: CGI environment variables different between 2.2 and 2.4?

On Sat, Aug 22, 2015 at 8:57 PM, Kurtis Rader <kra...@skepticism.us> wrote: > On Sat, Aug 22, 2015 at 1:15 PM, Tom Browder <tom.brow...@gmail.com> wrote: >> >> Sorry for the confusion, Kurt, but I appreciate your look and >> analysis. Shall I file the bug, or woul

[users@httpd] Re: CGI Error with Readonly Database

On Tue, Aug 25, 2015 at 5:30 AM, Tom Browder tom.brow...@gmail.com wrote: I am using Apache 2.4.16 and trying to get my CGI programs to work ... Please, disregard for now. I realized my httpd.conf User name was wrong (I changed it during the transfer and didn't follow up completely), so

[users@httpd] Dual private access: allow use of either client cert. or one-time password?

First, Happy New Year, all! My site currently successfully uses client TLS certs. for access to its private area. I would like to add the capability of a one-time password sent to the user's e-mail to authenticate the user and then allow that user access to the private area for a limited time. I

[users@httpd] Re: Dual private access: allow use of either client cert. or one-time password?

Anyone? On Tuesday, January 5, 2016, Tom Browder <tom.brow...@gmail.com> wrote: > First, Happy New Year, all! > > My site currently successfully uses client TLS certs. for access to > its private area. I would like to add the capability of a one-time > password sent

Re: [users@httpd] Re: Dual private access: allow use of either client cert. or one-time password?

On Mon, Jan 11, 2016 at 6:37 AM, Daniel Gruno wrote: > In short, see > https://serverfault.com/questions/577835/apache-ssl-certificate-and-basic-auth-combination-password-if-no-certificate > (longer email is pending moderation, I believe) Thanks, Daniel. My bad, I forgot

Re: [users@httpd] Is it possible to use two different client cert sets?

On Thu, Feb 25, 2016 at 10:24 AM, Eric Covener <cove...@gmail.com> wrote: > On Thu, Feb 25, 2016 at 11:20 AM, Tom Browder <tom.brow...@gmail.com> wrote: >> But, for future reference, how would using two CA's for the same >> protected directory work? Would the two

[users@httpd] Is it possible to use two different client cert sets?

I have a working system of client certs (which were signed using SHA1) allowing access to a private area on a website. As we all know, soon such certs will be a thing of the past since SHA2 will be required. I have started generating the certs with SHA2, but want to know if can I use both systems

Re: [users@httpd] Is it possible to use two different client cert sets?

On Thu, Feb 25, 2016 at 9:24 AM, Eric Covener <cove...@gmail.com> wrote: > On Thu, Feb 25, 2016 at 6:58 AM, Tom Browder <tom.brow...@gmail.com> wrote: >> I have started generating the certs with SHA2, but want to know if can I use >> both systems on the same site while I

[users@httpd] Status of mod_psgi?

Does anyone here use mod_psgi? I hear it discussed a bit in the Perl community in the context of Catalyst, Dancer2, etc., but the repo on github doesn't look active. I have just sent a message to the repo owner (j...@cpan.org), but I wanted to check here also. Thanks. Best regards, -Tom

[users@httpd] Re: Want friendly error message for failed attempt to access a restricted directory

On Wed, May 11, 2016 at 7:19 AM, Tom Browder <tom.brow...@gmail.com> wrote: > I am running Apache 2.4.18 and have one site (https://usafa-1965.org) > that requires a client certificate to access a restricted directory > ("Classmates > Only"). How can I return a

[users@httpd] Want friendly error message for failed attempt to access a restricted directory

I am running Apache 2.4.18 and have one site (https://usafa-1965.org) that requires a client certificate to access a restricted directory ("Classmates Only"). How can I return a friendlier message than, e.g., Chrome emits when a user without a valid certificate attempts to access the restricted

Re: [users@httpd] Re: Want friendly error message for failed attempt to access a restricted directory

On Wed, May 11, 2016 at 8:50 AM, Marat Khalili <m...@rqc.ru> wrote: > On 11/05/16 16:35, Tom Browder wrote: >> >> Is there any way via CGI to check for a valid client cert? If so, I >> could interject another script to do that at the Enter button. > > Client ver

[users@httpd] Re: Want friendly error message for failed attempt to access a restricted directory

On Wednesday, May 11, 2016, Marat Khalili wrote: > There's no code at all. HTTP connection is not even established. I don't > think it can be easily solved. You have to ALLOW connections from clients > without valid certificate in order to send them your custom message, and >

Re: [users@httpd] apache run status: how to tell as non-root user (on *nix)?

On Tue, Feb 21, 2017 at 07:58 Mike Schlottman wrote: > If you have httpd running as a service in Centos, you can run service > httpd status. > Thanks, Mike. But I'm running Debian and, for httpd, the old init.d thing. I would love to get a systemd working for it, but I need a

[users@httpd] apache run status: how to tell as non-root user (on *nix)?

I need to programatically determine whether httpd is running or not, whether I'm root or not. The only reliable way I have found is to use the system command 'ps -C httpd' and grep the results. Is there a better way? Thanks. Best regards, -Tom

  1   2   3   >