date:20051004

RE: [EMAIL PROTECTED] adding SSL - is a distinct virtual host mandatory?

2005-10-04 Thread Boyle Owen

> -Original Message-
> From: William A. Rowe, Jr. [mailto:[EMAIL PROTECTED]
> Sent: Dienstag, 4. Oktober 2005 08:50
> To: users@httpd.apache.org
> Subject: Re: [EMAIL PROTECTED] adding SSL - is a distinct virtual host
> mandatory?
> 
> 
> Boyle Owen wrote:
> > 
> > Just to clear up some apparent confusion on this thread: I 
> think the point everyone is missing is that an SSL-encrypted 
> website uses a *different protocol* than plain old HTTP. 
> Instead of thinking of SSL as some sort of add-on (like 
> mod_perl) to a "normal" website, look carefully at the 
> protocol part of the address - it is "https". So, at a 
> network level, HTTPS is as distinct from HTTP as FTP or SMTP.
> 
> To correct you, the PROTOCOL remains HTTP, e.g., the 
> https://localhost/
> request sends...
> 
> GET / HTTP/1.1
> Host: localhost

Well, I was trying to clear some confusion without everyone's eyes glazing 
over. That inevitably means taking shortcuts with the precise details of HTTPS 
session negotiation.

What you are actually looking at above is the the HTTP session that occurs 
*after* the HTTPS channel has been established. As you probably know, the first 
thing that happens when an HTTPS client contacts a server is that it obtains 
the server's public key which it then uses while the client and server 
negotiate which cipher to use and decide on a symmetric key. Once the encrypted 
session has been established, the internal protocol is indeed HTTP.

The precise description is to say that HTTPS encapsulates HTTP. That is, it is 
*additional* layer on the protocol stack, rather than a replacement.

This is the root of the famous can't-do-name-based-VH-with-SSL problem. As you 
mention, the upgrade facility solves this by further encapsulating HTTPS in an 
outer layer of HTTP (kind of...) and I'm sure we all can't wait for that to 
happen :-)

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

PS - the point remains; you can't serve HTTPS and HTTP on the same socket - 
which is what the guy was originally wondering about.

> 
> (notice, no 'https').
> 
> Yes, mod_ssl will change the scheme to https, but that's incidental.
> 
> > Once you see that, you should see that obviously it needs a 
> distinct TCP/IP socket (ie, IP address and/or port number).
> 
> Sort of - kind of.
> 
> Pure SSL, yes, must be on a different socket.
> 
> The http/ssl upgrade facility (RFC 2817) provides a mechanism for
> clients to connect with plain text, and then switch to ssl.
> 
> Granted, I'm being pedantic, since no modern client supports this.
> Apache 2.1-dev does, some hacks at 2.0 do, and many network print
> devices handle it.  This has the advantage that the client sends
> the upgrade request with a Host: header, so that name-based, SSL
> vhosting becomes a possibililty.
> 
> Bill
> 
> -
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
>

This message is for the named person's use only. It may contain confidential, 
proprietary or legally privileged information. No confidentiality or privilege 
is waived or lost by any mistransmission. If you receive this message in error, 
please notify the sender urgently and then immediately delete the message and 
any copies of it from your system. Please also immediately destroy any 
hardcopies of the message. You must not, directly or indirectly, use, disclose, 
distribute, print, or copy any part of this message if you are not the intended 
recipient. The sender’s company reserves the right to monitor all e-mail 
communications through their networks. Any views expressed in this message are 
those of the individual sender, except where the message states otherwise and 
the sender is authorised to state them to be the views of the sender’s company.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] adding SSL - is a distinct virtual host mandatory?

2005-10-04 Thread Boyle Owen

> -Original Message-
> From: Andrew Clarke [mailto:[EMAIL PROTECTED]
> 
> As I mentioned on my last reply, I'm hoping that http://myserver and 
> https://myserver both work; the first on :80 and the 2nd on 
> :443. Am I 
> expecting too much? Is this unpossible?

This is fine. The use of "https" in the address signals the browser to use port 
443 so the two sites are distinct at the TCP/IP layer. What you then need in 
your config is:

Listen 80
Listen 443


  DocumentRoot 



  DocumentRoot  (can be the same path as http)
  SSLCert etc..


Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 
> 
> I've just started on the Virtual Hosts section of the 
> supplied /manual for 
> Apache, but alas it's not immediately clear in my head what 
> the options 
> are.
> 
> > PS - did you install mod_ssl?
> 
> Yes; it's in, and the worse message I've received so far in 
> error_log is
> 
> [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
> 
> -- 
> Corporate Signatures Suck
> 
> -- 
> This email is from Civica Pty Limited and it, together with any 
> attachments, is confidential to the intended recipient(s) and 
> the 
> contents may be legally privileged or contain proprietary and 
> private information. It is intended solely for the person to 
> whom 
> it is addressed. If you are not an intended recipient, you may 
> not 
> review, copy or distribute this email. If received in error, 
> please 
> notify the sender and delete the message from your system 
> immediately. Any views or opinions expressed in this email and 
> any 
> files transmitted with it are those of the author only and may 
> not 
> necessarily reflect the views of Civica and do not create any 
> legally binding rights or obligations whatsoever. Unless 
> otherwise 
> pre-agreed by exchange of hard copy documents signed by duly 
> authorised representatives, contracts may not be concluded on 
> behalf of Civica by email. Please note that neither Civica nor 
> the 
> sender accepts any responsibility for any viruses and it is your 
> responsibility to scan the email and the attachments (if any). 
> All 
> email received and sent by Civica may be monitored to protect 
> the 
> business interests of Civica. 
> 
> 
> -
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
>
 
 
This message is for the named person's use only. It may contain confidential, 
proprietary or legally privileged information. No confidentiality or privilege 
is waived or lost by any mistransmission. If you receive this message in error, 
please notify the sender urgently and then immediately delete the message and 
any copies of it from your system. Please also immediately destroy any 
hardcopies of the message. You must not, directly or indirectly, use, disclose, 
distribute, print, or copy any part of this message if you are not the intended 
recipient. The sender's company reserves the right to monitor all e-mail 
communications through their networks. Any views expressed in this message are 
those of the individual sender, except where the message states otherwise and 
the sender is authorised to state them to be the views of the sender's company.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] adding SSL - is a distinct virtual host mandatory?

2005-10-04 Thread Andrew Clarke

On Tue, 04 Oct 2005 17:06, Boyle Owen wrote:
>
> Well, I was trying to clear some confusion without everyone's eyes
> glazing over. That inevitably means taking shortcuts with the precise
> details of HTTPS session negotiation.

Heh. Computers are tricky things. Sometimes our eyes NEED to glaze over. 
I'll politely ignore the finer points for now, and return later when I've 
got the basics working.

> PS - the point remains; you can't serve HTTPS and HTTP on the same socket
> - which is what the guy was originally wondering about.

Actually, I know it'll be a different port, but the first adventure was 
creating a self-certified certificate for testing purposes (the final 
secret was, the sign.sh script is in the mod_ssl SOURCE package)

The next adventure is actually using the shiny new certificate, and I kept 
seeing VH's mentioned in all the ssl and https doco.

You've all been great helps so far. I hope I haven't inspired a flame-war 
amongst yourselves. The help here is quite speedy and of high quality. 
Congratulate yourselves, and please, buy yourselves a beer on my behalf.

-- 
Corporate Signatures Suck

-- 
This email is from Civica Pty Limited and it, together with any 
attachments, is confidential to the intended recipient(s) and 
the 
contents may be legally privileged or contain proprietary and 
private information. It is intended solely for the person to 
whom 
it is addressed. If you are not an intended recipient, you may 
not 
review, copy or distribute this email. If received in error, 
please 
notify the sender and delete the message from your system 
immediately. Any views or opinions expressed in this email and 
any 
files transmitted with it are those of the author only and may 
not 
necessarily reflect the views of Civica and do not create any 
legally binding rights or obligations whatsoever. Unless 
otherwise 
pre-agreed by exchange of hard copy documents signed by duly 
authorised representatives, contracts may not be concluded on 
behalf of Civica by email. Please note that neither Civica nor 
the 
sender accepts any responsibility for any viruses and it is your 
responsibility to scan the email and the attachments (if any). 
All 
email received and sent by Civica may be monitored to protect 
the 
business interests of Civica. 

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] adding SSL - is a distinct virtual host mandatory?

2005-10-04 Thread Andrew Clarke

On Tue, 04 Oct 2005 17:09, Boyle Owen wrote:
>
> This is fine. The use of "https" in the address signals the browser to
> use port 443 so the two sites are distinct at the TCP/IP layer. What you
> then need in your config is:
>
> Listen 80
> Listen 443
>
> 
>   DocumentRoot 
> 
>
> 
>   DocumentRoot  (can be the same path as http)
>   SSLCert etc..
> 

Excellent. hopefully I'll be able to synthesize all the hints into a grand 
working laptop server as I sit in front of the TV watching House tonight. 
Otherwise, stand by for further stupid questions in about 10 hours time.

Cheers
-- 
Corporate Signatures Suck

-- 
This email is from Civica Pty Limited and it, together with any 
attachments, is confidential to the intended recipient(s) and 
the 
contents may be legally privileged or contain proprietary and 
private information. It is intended solely for the person to 
whom 
it is addressed. If you are not an intended recipient, you may 
not 
review, copy or distribute this email. If received in error, 
please 
notify the sender and delete the message from your system 
immediately. Any views or opinions expressed in this email and 
any 
files transmitted with it are those of the author only and may 
not 
necessarily reflect the views of Civica and do not create any 
legally binding rights or obligations whatsoever. Unless 
otherwise 
pre-agreed by exchange of hard copy documents signed by duly 
authorised representatives, contracts may not be concluded on 
behalf of Civica by email. Please note that neither Civica nor 
the 
sender accepts any responsibility for any viruses and it is your 
responsibility to scan the email and the attachments (if any). 
All 
email received and sent by Civica may be monitored to protect 
the 
business interests of Civica. 


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] adding SSL - is a distinct virtual host mandatory?

2005-10-04 Thread William A. Rowe, Jr.


Andrew Clarke wrote:

You've all been great helps so far. I hope I haven't inspired a flame-war 
amongst yourselves. The help here is quite speedy and of high quality. 
Congratulate yourselves, and please, buy yourselves a beer on my behalf.


Feel free to buy a draft for Boyle (should he get there) and myself at
ApacheCon/US '05 (www.apachecon.com).

Good luck fighting with cert creation, google is your friend here (you
can find everything you need to know about the openssl commands, even
creating your own CA.)

Bill

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] https configuration issue on solaris box

2005-10-04 Thread Aravind J

Hi ,

I am facing a problem with https configuaration for
apache , 
when i gives https://myhostname.com/abc.cgi

i am getting 

[Wed Sep 28 02:55:13 2005] [error] [client *.*.*.*]
Invalid method in request \\x80g\\x01\\x03\\x01
[Wed Sep 28 02:55:36 2005] [error] [client *.*.*.*]
Invalid method in request \\x80g\\x01\\x03

error in error log. 

I am trying to configure https on a solaris operating
system.

Apache was already installed on that machine. when i
start apachectl start , only http is running, 
ps -ef|grep https shows nothing. 

I am not sure how to debug the issue, i want to avoid
a fresh installation. I am trying to open-ssl( 
openssl-0.9.7g-sol9) for using https. 

Apache version is 2.0

Could you please help me to debug the issue.

Thanks & Regards
Aravind




__ 
Yahoo! for Good 
Donate to the Hurricane Katrina relief effort. 
http://store.yahoo.com/redcross-donate3/ 


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] https configuration issue on solaris box

2005-10-04 Thread Boyle Owen

> -Original Message-
> From: Aravind J [mailto:[EMAIL PROTECTED]
> Sent: Dienstag, 4. Oktober 2005 10:46
> To: users@httpd.apache.org
> Subject: [EMAIL PROTECTED] https configuration issue on solaris box
> 
> 
> Hi ,
> 
> I am facing a problem with https configuaration for
> apache , 
> when i gives https://myhostname.com/abc.cgi
> 
> i am getting 
> 
> [Wed Sep 28 02:55:13 2005] [error] [client *.*.*.*]
> Invalid method in request \\x80g\\x01\\x03\\x01
> [Wed Sep 28 02:55:36 2005] [error] [client *.*.*.*]
> Invalid method in request \\x80g\\x01\\x03

Seems to be SSL week...

You are trying to connect to a plain HTTP server with HTTPS. In other words, 
you haven't enabled SSL on your server. Questions:

- did you enable SSL when you compiled apache?
- have you "Listen 443"
- have you defined an SSL VH?
- with SSLEngine on, SSLCert etc...

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

> 
> error in error log. 
> 
> I am trying to configure https on a solaris operating
> system.
> 
> Apache was already installed on that machine. when i
> start apachectl start , only http is running, 
> ps -ef|grep https shows nothing. 
> 
> I am not sure how to debug the issue, i want to avoid
> a fresh installation. I am trying to open-ssl( 
> openssl-0.9.7g-sol9) for using https. 
> 
> Apache version is 2.0
> 
> Could you please help me to debug the issue.
> 
> Thanks & Regards
> Aravind
> 
> 
>   
>   
> __ 
> Yahoo! for Good 
> Donate to the Hurricane Katrina relief effort. 
> http://store.yahoo.com/redcross-donate3/ 
> 
> 
> -
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
> 
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen 
Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a 
private and personal nature. It is not related to the exchange or business 
activities of the SWX Group. Le présent e-mail est un message privé et 
personnel, sans rapport avec l'activité boursière du Groupe SWX.
 
 
This message is for the named person's use only. It may contain confidential, 
proprietary or legally privileged information. No confidentiality or privilege 
is waived or lost by any mistransmission. If you receive this message in error, 
please notify the sender urgently and then immediately delete the message and 
any copies of it from your system. Please also immediately destroy any 
hardcopies of the message. You must not, directly or indirectly, use, disclose, 
distribute, print, or copy any part of this message if you are not the intended 
recipient. The sender's company reserves the right to monitor all e-mail 
communications through their networks. Any views expressed in this message are 
those of the individual sender, except where the message states otherwise and 
the sender is authorised to state them to be the views of the sender's company.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] adding SSL - is a distinct virtual host mandatory?

2005-10-04 Thread Paul Annesley

>
> Yes, I can see the need for a separate port, but it's not clear why VH's
> are/must be used to separate off the HTTPS activity on port 443.
>
> As I mentioned on my last reply, I'm hoping that http://myserver and
> https://myserver both work; the first on :80 and the 2nd on :443. Am I
> expecting too much? Is this unpossible?
>

Specifying http:// will cause the browser to use port 80 by default.
Specifying https:// will cause the browser to use port 443 by default.

However, apache does not automatically assume that 80 == http and 443
== https, you need to use the SSLEngine directive to turn it on for a
particular port.

This is done by creating an IP/port based virtualhost (as opposed to
name based virtualhost) so that you can turn on SSLEngine for port 443
but not for port 80 - hence the need for the virtualhost.

Regards,
Paul

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] changing default document root directory

2005-10-04 Thread Rit Jhaveri

Hi, Sri

try inserting the below line in ur conf file

DocumentRoot "/home/www"

Regards

Ritesh JhaveriOn 10/3/05, Nick Couchman <[EMAIL PROTECTED]> wrote:

RE: [EMAIL PROTECTED] https configuration issue on solaris box

2005-10-04 Thread Aravind J

Hi ,

did you enable SSL when you compiled apache? -
Ans:  Don't know, I was not the person who did the
installation.

About configuration of /etc/httpd.conf
--
1> I have manually added following lines in httpd.conf


LoadModule ssl_module libexec/mod_ssl.so



Include /etc/apache/ssl.conf



2> I manually edited ssl.conf under
/etc/apache/ssl.conf and added following lines

Listen 443
SSLSessionCache dbm:/var/tmp/ssl_scache


  
  
   

DocumentRoot "/opt/abcd/htdocs"
ServerName 127.0.0.1:443


SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+

SSLCertificateFile /etc/apache/server.crt
SSLCertificateKeyFile /etc/apache/server.key


any clue  ?

Thanks & Regards
Aravind


--- Boyle Owen <[EMAIL PROTECTED]> wrote:

> > -Original Message-
> > From: Aravind J [mailto:[EMAIL PROTECTED]
> > Sent: Dienstag, 4. Oktober 2005 10:46
> > To: users@httpd.apache.org
> > Subject: [EMAIL PROTECTED] https configuration issue
> on solaris box
> > 
> > 
> > Hi ,
> > 
> > I am facing a problem with https configuaration
> for
> > apache , 
> > when i gives https://myhostname.com/abc.cgi
> > 
> > i am getting 
> > 
> > [Wed Sep 28 02:55:13 2005] [error] [client
> *.*.*.*]
> > Invalid method in request \\x80g\\x01\\x03\\x01
> > [Wed Sep 28 02:55:36 2005] [error] [client
> *.*.*.*]
> > Invalid method in request \\x80g\\x01\\x03
> 
> Seems to be SSL week...
> 
> You are trying to connect to a plain HTTP server
> with HTTPS. In other words, you haven't enabled SSL
> on your server. Questions:
> 
> - did you enable SSL when you compiled apache?
> - have you "Listen 443"
> - have you defined an SSL VH?
>   - with SSLEngine on, SSLCert etc...
> 
> Rgds,
> Owen Boyle
> Disclaimer: Any disclaimer attached to this message
> may be ignored. 
> 
> > 
> > error in error log. 
> > 
> > I am trying to configure https on a solaris
> operating
> > system.
> > 
> > Apache was already installed on that machine. when
> i
> > start apachectl start , only http is running, 
> > ps -ef|grep https shows nothing. 
> > 
> > I am not sure how to debug the issue, i want to
> avoid
> > a fresh installation. I am trying to open-ssl( 
> > openssl-0.9.7g-sol9) for using https. 
> > 
> > Apache version is 2.0
> > 
> > Could you please help me to debug the issue.
> > 
> > Thanks & Regards
> > Aravind
> > 
> > 
> > 
> > 
> >
>
__
> 
> > Yahoo! for Good 
> > Donate to the Hurricane Katrina relief effort. 
> > http://store.yahoo.com/redcross-donate3/ 
> > 
> > 
> >
>
-
> > The official User-To-User support forum of the
> Apache HTTP 
> > Server Project.
> > See http://httpd.apache.org/userslist.html>
> for more info.
> > To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> >"   from the digest:
> [EMAIL PROTECTED]
> > For additional commands, e-mail:
> [EMAIL PROTECTED]
> > 
> > 
> Diese E-mail ist eine private und persönliche
> Kommunikation. Sie hat keinen Bezug zur Börsen- bzw.
> Geschäftstätigkeit der SWX Gruppe. This e-mail is of
> a private and personal nature. It is not related to
> the exchange or business activities of the SWX
> Group. Le présent e-mail est un message privé et
> personnel, sans rapport avec l'activité boursière du
> Groupe SWX.
>  
>  
> This message is for the named person's use only. It
> may contain confidential, proprietary or legally
> privileged information. No confidentiality or
> privilege is waived or lost by any mistransmission.
> If you receive this message in error, please notify
> the sender urgently and then immediately delete the
> message and any copies of it from your system.
> Please also immediately destroy any hardcopies of
> the message. You must not, directly or indirectly,
> use, disclose, distribute, print, or copy any part
> of this message if you are not the intended
> recipient. The sender's company reserves the right
> to monitor all e-mail communications through their
> networks. Any views expressed in this message are
> those of the individual sender, except where the
> message states otherwise and the sender is
> authorised to state them to be the views of the
> sender's company.
> 
>
-
> The official User-To-User support forum of the
> Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for
> more info.
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
>"   from the digest:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> 
> 




__ 
Yahoo! Mail - PC Magazine Editors' Choice 2005 
http://mail.yahoo.com

-
The official User-To-User support forum

Re: [EMAIL PROTECTED] https configuration issue on solaris box

2005-10-04 Thread Paul Annesley

On 10/4/05, Aravind J <[EMAIL PROTECTED]> wrote:
>
> Apache was already installed on that machine. when i
> start apachectl start , only http is running,
> ps -ef|grep https shows nothing.
>

Generally you need to run 'apachectl startssl' to start http and https.

Sounds like you may have config issues beyond that, though.
A good config will prevent apache from listening on port 443 at all
unless it has been started with apachectl startssl or equivelant.

Regards,
Paul

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] https configuration issue on solaris box

2005-10-04 Thread Aravind J

Hi ,

when i tried with apachectl startssl ,
 i got a message like this 
 usage: ./apachectl
(start|stop|restart|fullstatus|status|graceful|configtest|help)
looks like i need a fresh apache installation, do i
need to ? 

--- Paul Annesley <[EMAIL PROTECTED]> wrote:

> On 10/4/05, Aravind J <[EMAIL PROTECTED]> wrote:
> >
> > Apache was already installed on that machine. when
> i
> > start apachectl start , only http is running,
> > ps -ef|grep https shows nothing.
> >
> 
> Generally you need to run 'apachectl startssl' to
> start http and https.
> 
> Sounds like you may have config issues beyond that,
> though.
> A good config will prevent apache from listening on
> port 443 at all
> unless it has been started with apachectl startssl
> or equivelant.
> 
> Regards,
> Paul
> 
>
-
> The official User-To-User support forum of the
> Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for
> more info.
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
>"   from the digest:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> 
> 

__ 
Yahoo! Mail - PC Magazine Editors' Choice 2005 
http://mail.yahoo.com

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] rotatelogs - fatal: libldap50.so: open failed

2005-10-04 Thread Greg Thomas

Hi,

I've recently compiled Apache 2.0.54 with the experimental
mod_auth_ldap module.

Since then, rotatelogs has failed with the following;

ld.so.1: /export/home/svnuser/apache/bin/rotatelogs: fatal:
libldap50.so: open failed: No such file or directory

I've added /usr/local/iplanet/lib to the LD_LIBRARY_PATH in the
bin/envvars file; I'm confident that is correct as if I run
"rotatelogs -h" after doing a . bin/envvars at the command line it
works fine.

Is there something else I need to do?

TIA,

Greg
-- 
This post represents the views of the author and does
not necessarily accurately represent the views of BT.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Looking for a good Apache2 book

2005-10-04 Thread Nick Kew

On Sunday 02 October 2005 18:06, Boysenberry Payne wrote:
> Anyone know of a good book written for Apache2 similar to the
> O'Reilly Writing Apache Modules with Perl and C?

Watch this space.

> But would love any suggestions for good online references too, other
> than
> the obvious Apache 2 docs...

There's not that much.  My efforts are at www.apachetutor.org.

-- 
Nick Kew

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Cannot install Apache2. (From a beginner at programming and really confused...)

2005-10-04 Thread Joost de Heer

>>  I was successfully able to install Apache 2.0.54, but
>> even if I enter 'localhost' into my browser window, the welcome page
>> won't appear. On my toolbar, it says that Apache is running so I don't
>> have a clue what is wrong. Will somebody please help me??
>> (My computer is running on Windows XP)

What port is Apache using? See the 'Port' directive in the httpd.conf.

Joost


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Re: Looking for a good Apache2 book

2005-10-04 Thread Joost de Heer

Boysenberry Payne said:
> Anyone know of a good book written for Apache2 similar to the
> O'Reilly Writing Apache Modules with Perl and C?

The module development mailing list is probably a better place to ask.

Joost


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Best place for .htaccess to work ... multiple sites

2005-10-04 Thread Joshua Slive

On 10/3/05, Erik Sorenson <[EMAIL PROTECTED]> wrote:
> Using Suse 9.3, Apache 2 and hosting two sites currently, let's say X and Y.
> Absolute paths and document roots are specified in vhost files as /srv/www/X
> and /srv/www/Y.
>
> I have a ~400-line entry .htaccess file that has a lot of setenvifcase's in
> it, to block a lot of crawlers, indexers, etc., even before they get to the
> sites (if possible).   Is is possible to put this in, say, /srv or /srv/ww
> to cover both sites, rather than a copy of the .htaccess file in each
> document root?  Do I need to make sure of anything else?  The sites are
> already working fine, and .htaccess in document roots are already using
> mod_rewrite fine.  TIA.

Yes, you can put them in a parent directory, provided that
AllowOverride is set correctly for that parent directory in
httpd.conf.  It would be more efficient, however, to put them directly
in a a  section in httpd.conf.

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Modifying mod_access

2005-10-04 Thread Joshua Slive

On 10/2/05, Mike Cardwell <[EMAIL PROTECTED]> wrote:
> Joshua Slive wrote:
>
> >>Hmmm. This doesn't seem to have fixed it. The rewrite rules always seem
> >>to get processed before the .htaccess files.
> > Let's see the actual config.
>
> Here's a slightly cut down version of the VirtualHost in question. The
> RewriteMap vhostdir returns a path using the domain name, in /home/web/

It would be more useful to see the config when you put the
rewriterules in a  section.  But to be frank, I don't
really know how to fix this.

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] rotatelogs - fatal: libldap50.so: open failed

2005-10-04 Thread Axel-Stéphane SMORGRAV

I think that you have pretty much identified the problem yourself: the 
LD_LIBRARY_PATH environment variable is not passed by Apache to the shell 
executing the rotatelog command.

I guess one possibility would be to replace your piped log with command with
 CustomLog "|( . /export/home/svnuser/apache/bin/envvars ; 
/export/home/svnuser/apache/bin/rotatelogs /var/log/access_log 86400 ) " 
combined

That would allow you to set the environment variables defined in the envvars 
file before invoking rotatelogs and will most certainly resolve your problem.

If you are running Solaris, there is a way of changing the system-wide default 
library path, but I doubt you would like to do that... 

A more elegant solution might be to recompile (or just re-link) rotatelogs with 
the link flag "-R/usr/local/iplanet/lib". That should add the path to the 
binary's link path.

Hope this helps.

-ascs

-Original Message-
From: Greg Thomas [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, October 04, 2005 12:38 PM
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] rotatelogs - fatal: libldap50.so: open failed

Hi,

I've recently compiled Apache 2.0.54 with the experimental mod_auth_ldap module.

Since then, rotatelogs has failed with the following;

ld.so.1: /export/home/svnuser/apache/bin/rotatelogs: fatal:
libldap50.so: open failed: No such file or directory

I've added /usr/local/iplanet/lib to the LD_LIBRARY_PATH in the bin/envvars 
file; I'm confident that is correct as if I run "rotatelogs -h" after doing a . 
bin/envvars at the command line it works fine.

Is there something else I need to do?

TIA,

Greg

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Simple way to make directories display a list of its files

2005-10-04 Thread Harry Putnam

What is the simpliest way to make apache display a list of files when
a directory is hit with browser?

I'm reading the online manual about Options Indexes but I don't think
I'm getting the full picture since my attempts fail.

On gentoo linux with apache2
I'm inserting this into a stock gentoo conf file:

 
   Options +Indexes
 

But I see only this error:
  You don't have permission to access 
  /hpweb/TrainingVids/DigitalPhotography/ on this server.

ls -ld /var/www/localhost/htdocs/hpweb/\
  TrainingVids/DigitalPhotography/ 
  
  drwxrwxrwx  9 reader users 392 Oct  4 11:15 \
  /var/www/localhost/htdocs/hpweb/TrainingVids/DigitalPhotography/

Shows my user and group and execute by all.

What should I be doing to debug this?


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Apache running with PID of 0

2005-10-04 Thread Duncan Drury

I am having some trouble with my installation of Apache and PHP, which had 
previously been running fine on FreeBSD.

I think there may be an error with my installation of PHP, but I am still 
trying to track that down.  However, one of the symptoms is Apache ends up 
running with a PID of 0 (or shows up as doing so when I ps -aux | grep httpd)  
I don't know how to shut down this process with a PID of 0, so I am having to 
reboot the server every time this happens.  Tried googling the problem, but not 
found anything useful so far.

I wonder if anyone else on the list has experienced problems like this, and 
knows a quick way to kill Apache when it is running as pid 0.

Cheers,

Duncan


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Apache running with PID of 0

2005-10-04 Thread Boysenberry Payne


What happens when you do an apachectl restart or stop?

Boysenberry

boysenberrys.com | habitatlife.com | selfgnosis.com

On Oct 4, 2005, at 1:15 PM, Duncan Drury wrote:

I am having some trouble with my installation of Apache and PHP, which 
had previously been running fine on FreeBSD.


I think there may be an error with my installation of PHP, but I am 
still trying to track that down.  However, one of the symptoms is 
Apache ends up running with a PID of 0 (or shows up as doing so when I 
ps -aux | grep httpd)  I don't know how to shut down this process with 
a PID of 0, so I am having to reboot the server every time this 
happens.  Tried googling the problem, but not found anything useful so 
far.


I wonder if anyone else on the list has experienced problems like 
this, and knows a quick way to kill Apache when it is running as pid 
0.


Cheers,

Duncan


-
The official User-To-User support forum of the Apache HTTP Server 
Project.

See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]






-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] Apache running with PID of 0

2005-10-04 Thread Duncan Drury

It tells me that apache isn't running and fails to start apache.

I failed to mention that this is Apache 1.3.

The problem I am having is almost certainly to do with PHP.

If I do apachectl graceful, Apache won't start up until I comment out the
Load and AddModule directives for php5 in httpd.conf.

Then if I uncomment out these directives the server starts fine.

Then running apachectl graceful again throws apache into the PID 0
situation, which I only know how to get out of by rebooting the whole
server.

Duncan 

> -Original Message-
> From: Boysenberry Payne [mailto:[EMAIL PROTECTED] 
> Sent: Tuesday, 4 October 2005 7:31 pm
> To: users@httpd.apache.org
> Subject: Re: [EMAIL PROTECTED] Apache running with PID of 0
> 
> What happens when you do an apachectl restart or stop?
> 
> Boysenberry
> 
> boysenberrys.com | habitatlife.com | selfgnosis.com
> 
> On Oct 4, 2005, at 1:15 PM, Duncan Drury wrote:
> 
> > I am having some trouble with my installation of Apache and 
> PHP, which 
> > had previously been running fine on FreeBSD.
> >
> > I think there may be an error with my installation of PHP, but I am 
> > still trying to track that down.  However, one of the symptoms is 
> > Apache ends up running with a PID of 0 (or shows up as 
> doing so when I 
> > ps -aux | grep httpd)  I don't know how to shut down this 
> process with 
> > a PID of 0, so I am having to reboot the server every time this 
> > happens.  Tried googling the problem, but not found 
> anything useful so 
> > far.
> >
> > I wonder if anyone else on the list has experienced problems like 
> > this, and knows a quick way to kill Apache when it is 
> running as pid 
> > 0.
> >
> > Cheers,
> >
> > Duncan
> >
> >
> > 
> -
> > The official User-To-User support forum of the Apache HTTP Server 
> > Project.
> > See http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> >"   from the digest: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
> 
> 
> -
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Simple way to make directories display a list of its files

2005-10-04 Thread Joshua Slive

On 10/4/05, Harry Putnam <[EMAIL PROTECTED]> wrote:
>  
>Options +Indexes
>  

 refers to filesystem directories, not web directories. 
You need to tag /var/www/localhost/htdocs on the front.

In general, always check the error log when you run into stuff like this.

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] spurious "user not found" with basic auth

2005-10-04 Thread Daniel McBrearty

Hi

I'm using Apache 1.3.33 on Debian system. Server runs behind an ADSL
modem/router with dynamic IP. I use perl cgi and mod_perl (I use extension .cgm
the tell apache when something is mod_perl rather than plain cgi).

To autheticate a small group of users I use a very simple .htaccess file :

AuthType Basic
AuthName "PROTECTED PAGE"
AuthUserFile /home/someone/path/to/users
Require valid-user

and the file users is a perfectly normal password file 

Mostly this works absolutely fine. But occasionally one of my users has trouble
logging in. In the logs I can see :

[Mon Oct  3 08:08:09 2005] [error] [client 220.237.229.210] user whoever not
found: /path

This is 15 or 20 times over the space of a few minutes. Usually she has no
trouble. I can't see any other events happening at the same time that might give
a clue. I am able to login myself with no problems.

has anyone any idea of issues that might cause some kind of intermittent problem
like this?

Thanks 

daniel


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Apache running with PID of 0

2005-10-04 Thread Boysenberry Payne


It sounds like php to me too, with what you've said so far.
What OS and PHP versions are you using?


Boysenberry

boysenberrys.com | habitatlife.com | selfgnosis.com

On Oct 4, 2005, at 1:43 PM, Duncan Drury wrote:


It tells me that apache isn't running and fails to start apache.

I failed to mention that this is Apache 1.3.

The problem I am having is almost certainly to do with PHP.

If I do apachectl graceful, Apache won't start up until I comment out 
the

Load and AddModule directives for php5 in httpd.conf.

Then if I uncomment out these directives the server starts fine.

Then running apachectl graceful again throws apache into the PID 0
situation, which I only know how to get out of by rebooting the whole
server.

Duncan


-Original Message-
From: Boysenberry Payne [mailto:[EMAIL PROTECTED]
Sent: Tuesday, 4 October 2005 7:31 pm
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] Apache running with PID of 0

What happens when you do an apachectl restart or stop?

Boysenberry

boysenberrys.com | habitatlife.com | selfgnosis.com

On Oct 4, 2005, at 1:15 PM, Duncan Drury wrote:


I am having some trouble with my installation of Apache and

PHP, which

had previously been running fine on FreeBSD.

I think there may be an error with my installation of PHP, but I am
still trying to track that down.  However, one of the symptoms is
Apache ends up running with a PID of 0 (or shows up as

doing so when I

ps -aux | grep httpd)  I don't know how to shut down this

process with

a PID of 0, so I am having to reboot the server every time this
happens.  Tried googling the problem, but not found

anything useful so

far.

I wonder if anyone else on the list has experienced problems like
this, and knows a quick way to kill Apache when it is

running as pid

0.

Cheers,

Duncan




-

The official User-To-User support forum of the Apache HTTP Server
Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]






-
The official User-To-User support forum of the Apache HTTP
Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




-
The official User-To-User support forum of the Apache HTTP Server 
Project.

See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]






-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Problem loading apache Module

2005-10-04 Thread Uzo Madujibeya


Hi,
I have just upgraded to Apache 2.1.8 on OS X 10.4.2 and am having a  
problem trying to load php. At the bottom of my httpd.conf file I  
specify the following:


# PHP4 configuration
LoadModule php4_module modules/libphp4.so
AddType application/x-httpd-php .php .phtml
AddType application/x-httpd-php-source .phps

and the libphp4.so module is located as specified, in the modules  
folder, but when i try to start or shutdown Apache I get the  
following error message:



httpd: Syntax error on line 444 of /usr/local/apache2/conf/ 
httpd.conf: Cannot load /usr/local/apache2/modules/libphp4.so into  
server: Library not loaded: /Library/Apache2/lib/libaprutil-0.0.dylib 
\n  Referenced from: /usr/local/apache2/modules/libphp4.so\n  Reason:  
image not found



What is the issue here?

beya

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Apache running with PID of 0

2005-10-04 Thread Scott Gifford

"Duncan Drury" <[EMAIL PROTECTED]> writes:

[...]

> one of the symptoms is Apache ends up running with a PID of 0 (or
> shows up as doing so when I ps -aux | grep httpd)

Can you paste the output of "ps -aux |head -1" and "ps -aux |grep
httpd" which shows this into an email back to the list?

Unless FreeBSD uses PID 0 for something unusual, having that PID would
have to be a kernel bug.  Unfortunately I don't know FreeBSD that
well; maybe somebody on one of the FreeBSD mailint lists could explain
it.

Scott.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] moving .htaccess rewrite cond to httpd.conf

2005-10-04 Thread Boysenberry Payne


I have a server that has .htaccess files with mod_rewrite instructions.
Now I want to move the instructions into httpd.conf so I don't have to 
put into

each of our clients sites anymore.

It's nothing special (the rewrite conditions) and I want it for all of 
our virtual hosts.
How do I need to insert it into our httpd.conf file, as is, or is there 
some special

way to structure it to work with each virtual host?

Here is an example of the rewrite conditions:

RewriteEngine on
RewriteRule   ^(.*)/section$/new_location/new_file.htm

Thanks,
Boysenberry

boysenberrys.com | habitatlife.com | selfgnosis.com


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Basic Authentication and mod_auth_mysql form login

2005-10-04 Thread YEL

hello everyone,

i'm using apache2 tomcat5 mod_jk

i set Basic authentication with mod_auth_mysql to have my users
authenticated on a mysql DB.

users who try to access restricted areas are than prompted with the
standard browser identification pop up window to log in everything
works fine and my boss was happy with

a couple of days ago  he change his mind and wanted now a log in page
instead of pop up...

now i know the first thing to think about is to use a script wich
authenticate my users on the same database and "inject"  a peace of
code in each page to check the session and ...

but since we are serving at lease  8000 static content which are
generated based on word documents ... this issue becomes a bit
horrible for me and i dont have enough time to deal with this and i'm
out of ideas i'd really would apreciate any good ideas which may gets
me out this trouble im in now

i wich you all a good night and

Greetings from Cologne

--
(e==mc²)?

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Nood needs help with SSL certs on apache 1.2

2005-10-04 Thread Scott Haneda

Hello, I am running Apache 1.2 on OS X, today, I need to install a self
signed SSL cert for a client.

I managed to get one going in the past, but seemingly, unless I am very
careful, I tend to break other sites from working, so I thought I would
learn to do this right.  I suspect the breakage is as a result of me not
using a separate IP for the first time.

I have a A record, pointing to my apache server, and this A record has a IP
to it that has never been used before, so it is new and clean.

The hostname will be remote.example.com

Can someone post me some examples of how I set this up and make it work, I
would also like to fully block out ant non SSL requests for that host name.
Or ideally, just redirect them to the ssl version, to force them to use it.

I found enough instrucitons on how to create the cert, though I am not sure
where you put the files, or how to tell apache to listen on a certain IP.

Pretty green at all this, so be gentle :-)  Thanks.
-- 
-
Scott HanedaTel: 415.898.2602
 Novato, CA U.S.A.



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] rewriterule causing [redirect/302] error

2005-10-04 Thread Josh Greenwood

Hello,
I am using Apache 2.0.54. I am having difficulty with the following rewritecond/rewriterule:

    # See if the requested page is http://www.test.com
    RewriteCond  %{SERVER_NAME}  www.test.com
    # It is. Now see if "www.test.com" is a folder in the webcontent/ directory
    RewriteCond  %{DOCUMENT_ROOT}/webcontent/%{SERVER_NAME} -d
    # it is. 
    RewriteRule  ^/(.*)$ http://%{SERVER_NAME}%{REQUEST_URI} [S=5]

This produces the following output in rewritelog:

(2) init rewrite engine with requested uri /
(3) applying pattern '^/(.*)$' to uri '/'
(4) RewriteCond: input='www.test.com' pattern='www.test.com' => matched
(4) RewriteCond: input='C:/egranary/webcontent/www.test.com' pattern='-d' => matched
(2) rewrite / -> http://www.test.com/
(2) implicitly forcing redirect (rc=302) with http://www.test.com/
(1) escaping http://www.test.com/ for redirect
(1) redirect to http://www.test.com/ [REDIRECT/302]

The above 8-line log sequence repeats itself a few thousand times per request.
My intention is to filter the request 'www.test.com', check to see if there exists a directory called 'www.test.com' 
in a local directory called 'webcontent', and if there is, ignore the
page in that local directory and retrieve the actual page from
test.com. I realize this seems like a strange thing to do - it is for a
configuration which normally serves pages out of the local webcontent
folder,
due to little and/or unreliable Internet connectivity. In this example, 'www.test.com' would be an important enough
page to get the most current version. Note that the '[S=5]' in the rewriteRule is just skipping the rest of the 
rules and conditions. The two rewriteconds seem to be doing their
intended jobs, the rewriterule is not retrieving the page
'www.test.com' from the Internet. I appreciate any ideas.
-Josh Greenwood

[EMAIL PROTECTED] Re: Simple way to make directories display a list of its files

2005-10-04 Thread Harry Putnam

Joshua Slive <[EMAIL PROTECTED]> writes:

> On 10/4/05, Harry Putnam <[EMAIL PROTECTED]> wrote:
>>  
>>Options +Indexes
>>  
>
>  refers to filesystem directories, not web directories. 
> You need to tag /var/www/localhost/htdocs on the front.
>
> In general, always check the error log when you run into stuff like this.
>
> Joshua.

Haa... thanks, yes that did it.  Now about that log message:

(error_log)
  [Tue Oct 04 19:32:57 2005] [error] [client 192.168.0.4] Directory
  index forbidden by rule:
  /var/www/localhost/htdocs/hpweb/TrainingVids/DigitalPhotography/,
  referer: http://reader.local.net0/hpweb/TrainingVids/

Is there some way I could have made apache tell me what `rule' as in 
`forbidden by rule:' above, has been violated?

I tried setting log level to debug but saw nothing more.

Speaking of log messages... I keep seeing this in error_log:

[Tue Oct 04 19:38:03 2005] [error] [client 192.168.0.4] File does not
exist: /var/www/localhost/htdocs/favicon.ico

How can I tell what is looking for this file.  And where to get it?

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Install failure on WinXP

2005-10-04 Thread Bob Hartung


Hi all,
  No flame please.  I tried to install the latest apache for Windows 
and when I start the installer it just hangs.  All firewall and 
antivirus software is turned off.  Any ideas.


Bob

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] adding SSL - is a distinct virtual host mandatory?

2005-10-04 Thread Andrew Clarke

On Tue, 04 Oct 2005 17:20, William A. Rowe, Jr. wrote:
>
> Feel free to buy a draft for Boyle (should he get there) and myself at
> ApacheCon/US '05 (www.apachecon.com).

If but someone would pay for me to take a junket overseas for a conference. 
I'm in Sydney. Shouldn't you guys schedule these conferences in exotic 
locations such as Australia? We have beer here too you know.

> Good luck fighting with cert creation, google is your friend here (you
> can find everything you need to know about the openssl commands, even
> creating your own CA.)

I did achieve a certificate, but not without some gnashing of teeth. There 
was mention of a "make certificate" (in the apache source bundle?), but 
the /manual/ssl/ssl_faq gave a ritual which ended in a requirement to use a 
sign.sh script; finally I found that in the mod_ssl SOURC bundle. A SuSE 
sharedoc README has just told me about the existence of a gensslcert script 
too, which probably would have been easier.

It's all about learning. I'm not bitter.
-- 
Corporate Signatures Suck

-- 
This email is from Civica Pty Limited and it, together with any 
attachments, is confidential to the intended recipient(s) and 
the 
contents may be legally privileged or contain proprietary and 
private information. It is intended solely for the person to 
whom 
it is addressed. If you are not an intended recipient, you may 
not 
review, copy or distribute this email. If received in error, 
please 
notify the sender and delete the message from your system 
immediately. Any views or opinions expressed in this email and 
any 
files transmitted with it are those of the author only and may 
not 
necessarily reflect the views of Civica and do not create any 
legally binding rights or obligations whatsoever. Unless 
otherwise 
pre-agreed by exchange of hard copy documents signed by duly 
authorised representatives, contracts may not be concluded on 
behalf of Civica by email. Please note that neither Civica nor 
the 
sender accepts any responsibility for any viruses and it is your 
responsibility to scan the email and the attachments (if any). 
All 
email received and sent by Civica may be monitored to protect 
the 
business interests of Civica. 

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] adding SSL - is a distinct virtual host mandatory?

2005-10-04 Thread Andrew Clarke

On Tue, 04 Oct 2005 20:00, Paul Annesley wrote:
>
> Specifying http:// will cause the browser to use port 80 by default.
> Specifying https:// will cause the browser to use port 443 by default.
>
> However, apache does not automatically assume that 80 == http and 443
> == https, you need to use the SSLEngine directive to turn it on for a
> particular port.
>
> This is done by creating an IP/port based virtualhost (as opposed to
> name based virtualhost) so that you can turn on SSLEngine for port 443
> but not for port 80 - hence the need for the virtualhost.

Ahh yes. It's all making some sense now. And as I think about how I'm going 
to structure my stuff, it's clear that you often won't want HTTP access to 
something you are trying to protect with HTTPS and therefore it becomes 
essential to have different roots or Directory directives associated with 
the protected stuff.
-- 
Corporate Signatures Suck

-- 
This email is from Civica Pty Limited and it, together with any 
attachments, is confidential to the intended recipient(s) and 
the 
contents may be legally privileged or contain proprietary and 
private information. It is intended solely for the person to 
whom 
it is addressed. If you are not an intended recipient, you may 
not 
review, copy or distribute this email. If received in error, 
please 
notify the sender and delete the message from your system 
immediately. Any views or opinions expressed in this email and 
any 
files transmitted with it are those of the author only and may 
not 
necessarily reflect the views of Civica and do not create any 
legally binding rights or obligations whatsoever. Unless 
otherwise 
pre-agreed by exchange of hard copy documents signed by duly 
authorised representatives, contracts may not be concluded on 
behalf of Civica by email. Please note that neither Civica nor 
the 
sender accepts any responsibility for any viruses and it is your 
responsibility to scan the email and the attachments (if any). 
All 
email received and sent by Civica may be monitored to protect 
the 
business interests of Civica. 


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Install failure on WinXP

2005-10-04 Thread William A. Rowe, Jr.


First, be sure you have TCP/IP correctly installed, then review

http://www.apache.org/dist/httpd/binaries/win32/TROUBLESHOOTING.html

Bob Hartung wrote:

Hi all,
  No flame please.  I tried to install the latest apache for Windows and 
when I start the installer it just hangs.  All firewall and antivirus 
software is turned off.  Any ideas.


Bob

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


.



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] adding SSL - is a distinct virtual host mandatory?

2005-10-04 Thread William A. Rowe, Jr.


Andrew Clarke wrote:

On Tue, 04 Oct 2005 17:20, William A. Rowe, Jr. wrote:


Feel free to buy a draft for Boyle (should he get there) and myself at
ApacheCon/US '05 (www.apachecon.com).


If but someone would pay for me to take a junket overseas for a conference. 
I'm in Sydney. Shouldn't you guys schedule these conferences in exotic 
locations such as Australia? We have beer here too you know.


And good beer at that, I understand :)

The western pacific rim (draw an arc from JP to OZ) has been floated as
possible Int'l AC sites; it may be another few years before AC is able
to break from simply the US / EU locations.


Good luck fighting with cert creation, google is your friend here (you
can find everything you need to know about the openssl commands, even
creating your own CA.)


I did achieve a certificate, but not without some gnashing of teeth. There 
was mention of a "make certificate" (in the apache source bundle?), but 
the /manual/ssl/ssl_faq gave a ritual which ended in a requirement to use a 
sign.sh script; finally I found that in the mod_ssl SOURC bundle. A SuSE 
sharedoc README has just told me about the existence of a gensslcert script 
too, which probably would have been easier.


It's all about learning. I'm not bitter.


The 'script tools' that were part of mod_ssl were never folded into
httpd 2.0, we can kick the idea of reinventing them over on the dev
list.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Chaining Outputs from mod_python to php

2005-10-04 Thread Crosby Sidney

Hi,

I have Apache built with both mod_python and php.  I want to setup the
following output chain: [input request] -> mod_python -> php -> [output
html].  Is this possible?  

If so,
1. What are the HTTPD.conf directives for this?
2. How would the PHP script access the output result of the mod_python
script?
3. Can the mod_python script add new REQUEST parameters that the php script
can access?  Will the PHP script still have access to the original REQUEST
parameters?

Any help will be much appreciated, thanks.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] adding SSL - is a distinct virtual host mandatory?

2005-10-04 Thread Andrew Clarke

On Wed, 05 Oct 2005 13:45, William A. Rowe, Jr. wrote:
>
> And good beer at that, I understand :)

It's wet, it's cold, it contains roughly 5% alcohol by volume. What more can 
you ask for?

> The 'script tools' that were part of mod_ssl were never folded into
> httpd 2.0, we can kick the idea of reinventing them over on the dev
> list.

I've just achieved lift-off with a key generated by /usr/bin/gensslcert. I 
do not know if this is a SuSE special or what, but it has proven that the 
ritual I used to create the certificates manually with 'openssl' and the 
sign.sh script is flawed, or I did not follow/understand it correctly.

Now I see that gensslcert is a script, and offers some parameters that 
allows me to fill in the blanks. However it has a defect where the -Y: 
parameter is not listed in the getopts line. Who needs to be notified about 
this?   [EMAIL PROTECTED] is listed at the top of the script...

I'm not new to UNIX and administration, but this has been a bit of a 
tail-chase nutting out the SSL. I've experienced similar excitement with a 
lot of Open Source software. It's easy to be hypocritical when criticizing 
other people's documentation, but there is definitely room for this subject 
to be more clearly and precisely documented and tutorialled. Work in 
progress is always more fun than writing it down, I know.

Anyway, gentle criticism aside, I've now achieved that goal and will be able 
to show something in a meeting tomorrow. That definitely deserves a beer. 
Thanks again to everyone who's contributed.
-- 
Corporate Signatures Suck

-- 
This email is from Civica Pty Limited and it, together with any 
attachments, is confidential to the intended recipient(s) and 
the 
contents may be legally privileged or contain proprietary and 
private information. It is intended solely for the person to 
whom 
it is addressed. If you are not an intended recipient, you may 
not 
review, copy or distribute this email. If received in error, 
please 
notify the sender and delete the message from your system 
immediately. Any views or opinions expressed in this email and 
any 
files transmitted with it are those of the author only and may 
not 
necessarily reflect the views of Civica and do not create any 
legally binding rights or obligations whatsoever. Unless 
otherwise 
pre-agreed by exchange of hard copy documents signed by duly 
authorised representatives, contracts may not be concluded on 
behalf of Civica by email. Please note that neither Civica nor 
the 
sender accepts any responsibility for any viruses and it is your 
responsibility to scan the email and the attachments (if any). 
All 
email received and sent by Civica may be monitored to protect 
the 
business interests of Civica. 

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Noob needs help with SSL certs on apache 1.3

2005-10-04 Thread Scott Haneda

Resending, as my first post had the wrong version, and I spelled some stuff
wrong :-(

Hello, I am running Apache 1.3 on OS X, today, I need to install a self
signed SSL cert for a client.

I managed to get one going in the past, but seemingly, unless I am very
careful, I tend to break other sites from working, so I thought I would
learn to do this right.  I suspect the breakage is as a result of me not
using a separate IP for the first time.

I have a A record, pointing to my apache server, and this A record has a IP
to it that has never been used before, so it is new and clean.

The hostname will be remote.example.com

Can someone post me some examples of how I set this up and make it work, I
would also like to fully block out ant non SSL requests for that host name.
Or ideally, just redirect them to the ssl version, to force them to use it.

I found enough instrucitons on how to create the cert, though I am not sure
where you put the files, or how to tell apache to listen on a certain IP.

Pretty green at all this, so be gentle :-)  Thanks.
-- 
-
Scott HanedaTel: 415.898.2602
 Novato, CA U.S.A.



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] spurious "user not found" with basic auth

2005-10-04 Thread Boyle Owen

> -Original Message-
> From: news [mailto:[EMAIL PROTECTED] Behalf Of Daniel McBrearty
> 
> Mostly this works absolutely fine. But occasionally one of my 
> users has trouble
> logging in. In the logs I can see :
> 
> [Mon Oct  3 08:08:09 2005] [error] [client 220.237.229.210] 
> user whoever not
> found: /path

A few questions...

- is the username in a logfile a real user in the passwords file? (NB: check 
case)
- what does the user experience (repeated login prompt?, 401?)
- password OK?
- what type of client?

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 


> 
> This is 15 or 20 times over the space of a few minutes. 
> Usually she has no
> trouble. I can't see any other events happening at the same 
> time that might give
> a clue. I am able to login myself with no problems.
> 
> has anyone any idea of issues that might cause some kind of 
> intermittent problem
> like this?
> 
> Thanks 
> 
> daniel
> 
> 
> -
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
> 
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen 
Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a 
private and personal nature. It is not related to the exchange or business 
activities of the SWX Group. Le présent e-mail est un message privé et 
personnel, sans rapport avec l'activité boursière du Groupe SWX.
 
 
This message is for the named person's use only. It may contain confidential, 
proprietary or legally privileged information. No confidentiality or privilege 
is waived or lost by any mistransmission. If you receive this message in error, 
please notify the sender urgently and then immediately delete the message and 
any copies of it from your system. Please also immediately destroy any 
hardcopies of the message. You must not, directly or indirectly, use, disclose, 
distribute, print, or copy any part of this message if you are not the intended 
recipient. The sender's company reserves the right to monitor all e-mail 
communications through their networks. Any views expressed in this message are 
those of the individual sender, except where the message states otherwise and 
the sender is authorised to state them to be the views of the sender's company.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] Basic Authentication and mod_auth_mysql form login

2005-10-04 Thread Boyle Owen

> -Original Message-
> From: YEL [mailto:[EMAIL PROTECTED]
> Sent: Mittwoch, 5. Oktober 2005 00:37
> To: users@httpd.apache.org
> Subject: [EMAIL PROTECTED] Basic Authentication and mod_auth_mysql form
> login
> 
> 
> hello everyone,
> 
> i'm using apache2 tomcat5 mod_jk
> 
> i set Basic authentication with mod_auth_mysql to have my users
> authenticated on a mysql DB.
> 
> users who try to access restricted areas are than prompted with the
> standard browser identification pop up window to log in everything
> works fine and my boss was happy with
> 
> a couple of days ago  he change his mind and wanted now a log in page
> instead of pop up...
> 
> now i know the first thing to think about is to use a script wich
> authenticate my users on the same database and "inject"  a peace of
> code in each page to check the session and ...

I think you're talking about cookies...

A cookie is not really added to the page, rather it is sent to the browser as 
part of the response (it is in a header). The browser then sends the same 
cookie back with any subsequent requests in the same "realm" (ie, same 
URL-space). When the server sees the cookie coming back (again, in a header), 
it knows that the client is already authenticated and so serves the new content.

You can generate and handle cookies in apache:
http://httpd.apache.org/docs/2.0/mod/mod_usertrack.html

or in Tomcat (depends on your servlet environment - do you have cocoon?)

Using cookies gives you far more control over the user-login and is safer. But 
it's more work to set up. If you're not too familiar with it, I'd say a couple 
of weeks to get it all singing and dancing. Maybe if you tell that to your 
boss, he'd change his mind back again...

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 



> 
> but since we are serving at lease  8000 static content which are
> generated based on word documents ... this issue becomes a bit
> horrible for me and i dont have enough time to deal with this and i'm
> out of ideas i'd really would apreciate any good ideas which may gets
> me out this trouble im in now
> 
> i wich you all a good night and
> 
> Greetings from Cologne
> 
> --
> (e==mc²)?
> 
> -
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
> 
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen 
Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a 
private and personal nature. It is not related to the exchange or business 
activities of the SWX Group. Le présent e-mail est un message privé et 
personnel, sans rapport avec l'activité boursière du Groupe SWX.
 
 
This message is for the named person's use only. It may contain confidential, 
proprietary or legally privileged information. No confidentiality or privilege 
is waived or lost by any mistransmission. If you receive this message in error, 
please notify the sender urgently and then immediately delete the message and 
any copies of it from your system. Please also immediately destroy any 
hardcopies of the message. You must not, directly or indirectly, use, disclose, 
distribute, print, or copy any part of this message if you are not the intended 
recipient. The sender's company reserves the right to monitor all e-mail 
communications through their networks. Any views expressed in this message are 
those of the individual sender, except where the message states otherwise and 
the sender is authorised to state them to be the views of the sender's company.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

43 matches

Mail list logo