RE: [EMAIL PROTECTED] Location question
Wouldn't the problem rather be that Location should be replaced by
LocationMatch ??
-ascs
-Original Message-
From: Boyle Owen [mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 04, 2006 2:31 PM
To: users@httpd.apache.org
Subject: RE: [EMAIL PROTECTED] Location question
> -Original Message-
> From: Roland Carlsson [mailto:[EMAIL PROTECTED]
> Sent: Dienstag, 4. April 2006 08:55
> To: users@httpd.apache.org
> Subject: [EMAIL PROTECTED] Location question
>
> Hi!
>
> I feel quite stupied to have to ask this question but since I don't
> find any example of how to do this and my own attempts have
> failed.
>
> I want to stop all requests to a url on the form:
> http://myserver/*/webservice/*
> if they are not from 192.168.*
>
> I have tried with the following code in my virtual host-configuration.
>
>
> Order Deny,Allow
> Allow from 192.168.10.100
> Deny from All
>
>
> This works but I need the wildcard since i don't know the exact
> location and I will not know this in the future.
>
> Order Deny,Allow
> Allow from 192.168.10.100
> Deny from All
>
Did you print these location containers the wrong way round?
Anyway, a possible (untried) solution might be to sue mod_rewrite:
- use a RewriteCond to detect if IP = 192.168
- if not, use RewriteRule to return 403
eg (untested):
RewriteEngine on
RewriteCond %{REMOTE_ADDR} !192.168.*
RewriteRule ^/.* - [F]
This can be at server config level (hence global). Read the docs for these
directives to see what each is doing but post back if you have further
questions.
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.
>
> Is there a solution to my problem or do I have to rethink my
> application?
>
> Thanks in advance
> Roland Carlsson
>
> -
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>" from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen
Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a
private and personal nature. It is not related to the exchange or business
activities of the SWX Group. Le présent e-mail est un message privé et
personnel, sans rapport avec l'activité boursière du Groupe SWX.
This message is for the named person's use only. It may contain confidential,
proprietary or legally privileged information. No confidentiality or privilege
is waived or lost by any mistransmission. If you receive this message in error,
please notify the sender urgently and then immediately delete the message and
any copies of it from your system. Please also immediately destroy any
hardcopies of the message. You must not, directly or indirectly, use, disclose,
distribute, print, or copy any part of this message if you are not the intended
recipient. The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this message are
those of the individual sender, except where the message states otherwise and
the sender is authorised to state them to be the views of the sender's company.
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Error 416 Request Range Not Satisfiable
Makes me a little curious because I have never seen any browser make a Range request. I wonder what prompted the browser to make a Range request rather than just request the whole document. Could be worthwhile to ask the client to flush the browser cache... -ascs -Original Message- From: Craig Wilson [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 04, 2006 5:06 PM To: users@httpd.apache.org Subject: [EMAIL PROTECTED] Error 416 Request Range Not Satisfiable Hi All, We currently host an archive on our web server with Apache2.0 installed. Many users connect to this computer, today one user all of a sudden started getting the error message below. They are the only user that gets this error. They are using a Mac with Internet Explorer browser. We have tested this on another Mac using the same browser and everything seems to be working. Is there maybe a setting in Internet Explorer that may have been changed that will have resulted in getting this error message? Requested Range Not Satisfiable None of the range-specifier values in the Range request-header field overlap the current extent of the selected resource. Apache/2.0.54 (Win32) Server at - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] uri and location directive
On 4/4/06, Boyle Owen <[EMAIL PROTECTED]> wrote: > > -Original Message- > > From: toni pérez [mailto:[EMAIL PROTECTED] > > Sent: Montag, 3. April 2006 17:11 > > To: users@httpd.apache.org > > Subject: [EMAIL PROTECTED] uri and location directive > > > > Hi list, > > > > I have got an apache auth_module write in c to apply own requires in > > an own authorization handler, such this: > > > > > > allow from all > > AuthType CA2 > > require ACL > > Grupo 'RME_usuaris' > > > > > > > > allow from all > > AuthType CA2 > > require USUARIO-VALIDO > > > > > > When the server receives the url http://myserver/apw5/rme, is the > > second directive "/apw5" instead "/apw5/rme" that do match. > > To add to Joshua's comments about the ordering of directives: > > Are you trying to "nest" authentication realms? That is, the user requests > /apw5 and gets one login prompt, then he requests /apw5/rme and gets a second > prompt? > this occurs in the authorization level on the apache request loop. the user requests /apw5/rme and gets the require for /apw5 > If so, that certainly won't work with basic authentication and I don't think > it is even possible in HTTP 1.1. I understand that you written your own auth > module to handle the logins but I'm guessing it's just handling the > authorization [test: what is sending the 401 response to an unauthenticated > request?] > > The HTTP 1.1 protocol assumes a single layer of authentication and there is > no syntax for expressing nested authentication realms. Even if you > implemented it somehow in your handler, the problem would then be in the > browser implementation - if you assign an authentication realm to /apw5, the > browser will send credentials for every subsequent request under this (ie, > including /apw5/rme). So even if your handler sends back a 401 for /apw5/rme, > the browser will not know what to do (it sent credentials - why doesn't it > work?). The results will be unpredicatable and browser-dependent. > > Rgds, > Owen Boyle > Disclaimer: Any disclaimer attached to this message may be ignored. > > > > > Why do this? > > > > I need a solution that isn't change the order of directives > > > > thanks, > > > Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen > Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a > private and personal nature. It is not related to the exchange or business > activities of the SWX Group. Le présent e-mail est un message privé et > personnel, sans rapport avec l'activité boursičre du Groupe SWX. > > > This message is for the named person's use only. It may contain confidential, > proprietary or legally privileged information. No confidentiality or > privilege is waived or lost by any mistransmission. If you receive this > message in error, please notify the sender urgently and then immediately > delete the message and any copies of it from your system. Please also > immediately destroy any hardcopies of the message. You must not, directly or > indirectly, use, disclose, distribute, print, or copy any part of this > message if you are not the intended recipient. The sender's company reserves > the right to monitor all e-mail communications through their networks. Any > views expressed in this message are those of the individual sender, except > where the message states otherwise and the sender is authorised to state them > to be the views of the sender's company. > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] >" from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
[EMAIL PROTECTED] Compile Error apache 2..2.0
Hi Apache users. I compile apache 2.2.0 ./configure past succsesful but make give me an error here is the outputThe section bellow whit bold is the main errormake[1]: Leaving directory `/usr/local/src/apache2/httpd-2.2.0' server/.libs/libmain.a(main.o)(.text+0xbe2): In function `main': /usr/local/src/apache2/httpd-2.2.0/server/main.c:664: undefined reference to `ap_prelinked_modules'Here is all output. Can anybody help me!?Making all in srclibmake[1]: Entering directory `/usr/local/src/apache2/httpd-2.2.0/srclib'Making all in aprmake[2]: Entering directory `/usr/local/src/apache2/httpd-2.2.0/srclib/apr'make[3]: Entering directory `/usr/local/src/apache2/httpd-2.2.0/srclib/apr'make[3]: Nothing to be done for `local-all'.make[3]: Leaving directory `/usr/local/src/apache2/httpd-2.2.0/srclib/apr'make[2]: Leaving directory `/usr/local/src/apache2/httpd-2.2.0/srclib/apr'Making all in apr-utilmake[2]: Entering directory `/usr/local/src/apache2/httpd-2.2.0/srclib/apr-util'Making all in xml/expatmake[3]: Entering directory `/usr/local/src/apache2/httpd-2.2.0/srclib/apr-util/xml/expat'make[4]: Entering directory `/usr/local/src/apache2/httpd-2.2.0/srclib/apr-util/xml/expat/lib'make[4]: Nothing to be done for `all'.make[4]: Leaving directory `/usr/local/src/apache2/httpd-2.2.0/srclib/apr-util/xml/expat/lib'make[3]: Leaving directory `/usr/local/src/apache2/httpd-2.2.0/srclib/apr-util/xml/expat'make[3]: Entering directory `/usr/local/src/apache2/httpd-2.2.0/srclib/apr-util'make[3]: Nothing to be done for `local-all'.make[3]: Leaving directory `/usr/local/src/apache2/httpd-2.2.0/srclib/apr-util'make[2]: Leaving directory `/usr/local/src/apache2/httpd-2.2.0/srclib/apr-util'Making all in pcremake[2]: Entering directory `/usr/local/src/apache2/httpd-2.2.0/srclib/pcre'make[3]: Entering directory `/usr/local/src/apache2/httpd-2.2.0/srclib/pcre'make[3]: Nothing to be done for `local-all'.make[3]: Leaving directory `/usr/local/src/apache2/httpd-2.2.0/srclib/pcre'make[2]: Leaving directory `/usr/local/src/apache2/httpd-2.2.0/srclib/pcre'make[1]: Leaving directory `/usr/local/src/apache2/httpd-2.2.0/srclib'Making all in osmake[1]: Entering directory `/usr/local/src/apache2/httpd-2.2.0/os'Making all in unixmake[2]: Entering directory `/usr/local/src/apache2/httpd-2.2.0/os/unix'make[3]: Entering directory `/usr/local/src/apache2/httpd-2.2.0/os/unix'make[3]: Nothing to be done for `local-all'.make[3]: Leaving directory `/usr/local/src/apache2/httpd-2.2.0/os/unix'make[2]: Leaving directory `/usr/local/src/apache2/httpd-2.2.0/os/unix'make[1]: Leaving directory `/usr/local/src/apache2/httpd-2.2.0/os'Making all in servermake[1]: Entering directory `/usr/local/src/apache2/httpd-2.2.0/server'Making all in mpmmake[2]: Entering directory `/usr/local/src/apache2/httpd-2.2.0/server/mpm'Making all in preforkmake[3]: Entering directory `/usr/local/src/apache2/httpd-2.2.0/server/mpm/prefork'make[4]: Entering directory `/usr/local/src/apache2/httpd-2.2.0/server/mpm/prefork'make[4]: Nothing to be done for `local-all'.make[4]: Leaving directory `/usr/local/src/apache2/httpd-2.2.0/server/mpm/prefork'make[3]: Leaving directory `/usr/local/src/apache2/httpd-2.2.0/server/mpm/prefork'make[2]: Leaving directory `/usr/local/src/apache2/httpd-2.2.0/server/mpm'make[2]: Entering directory `/usr/local/src/apache2/httpd-2.2.0/server'make[2]: Leaving directory `/usr/local/src/apache2/httpd-2.2.0/server'make[1]: Leaving directory `/usr/local/src/apache2/httpd-2.2.0/server'Making all in modulesmake[1]: Entering directory `/usr/local/src/apache2/httpd-2.2.0/modules'Making all in aaamake[2]: Entering directory `/usr/local/src/apache2/httpd-2.2.0/modules/aaa'make[3]: Entering directory `/usr/local/src/apache2/httpd-2.2.0/modules/aaa'make[3]: Nothing to be done for `local-all'.make[3]: Leaving directory `/usr/local/src/apache2/httpd-2.2.0/modules/aaa'make[2]: Leaving directory `/usr/local/src/apache2/httpd-2.2.0/modules/aaa'Making all in filtersmake[2]: Entering directory `/usr/local/src/apache2/httpd-2.2.0/modules/filters'make[3]: Entering directory `/usr/local/src/apache2/httpd-2.2.0/modules/filters'make[3]: Nothing to be done for `local-all'.make[3]: Leaving directory `/usr/local/src/apache2/httpd-2.2.0/modules/filters'make[2]: Leaving directory `/usr/local/src/apache2/httpd-2.2.0/modules/filters'Making all in loggersmake[2]: Entering directory `/usr/local/src/apache2/httpd-2.2.0/modules/loggers'make[3]: Entering directory `/usr/local/src/apache2/httpd-2.2.0/modules/loggers'make[3]: Nothing to be done for `local-all'.make[3]: Leaving directory `/usr/local/src/apache2/httpd-2.2.0/modules/loggers'make[2]: Leaving directory `/usr/local/src/apache2/httpd-2.2.0/modules/loggers'Making all in metadatamake[2]: Entering directory `/usr/local/src/apache2/httpd-2.2.0/modules/metadata'make[3]: Entering directory `/usr/local/src/apache2/httpd-2.2.0/modules/metadata'make[3]: Nothing to be done for `local-all'.make[3]: Leaving directory
Re: [EMAIL PROTECTED] Installation Issue
Graham, Thanks so much, that was it. I had the line, but had a slight syntax error. Bob Graham Frank <[EMAIL PROTECTED]> wrote: If that message happens for the same reason it happens in linux, then your httpd.conf is missing the following line:addtype application/x-httpd-php .phpRestart apache. Your apache install should start reading .php properly.-Graham-The official User-To-User support forum of the Apache HTTP Server Project.See for more info.To unsubscribe, e-mail: [EMAIL PROTECTED]" from the digest: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Installation Issue
Hey, Glad I could help. Have a great day! --Graham -Original Message- From: Robert Baird <[EMAIL PROTECTED]> Subj: Re: [EMAIL PROTECTED] Installation Issue Date: Wed Apr 5, 2006 7:20 am Size: 730 bytes To: users@httpd.apache.org Graham, Thanks so much, that was it. I had the line, but had a slight syntax error. Bob Graham Frank <[EMAIL PROTECTED]> wrote: If that message happens for the same reason it happens in linux, then your httpd.conf is missing the following line: addtype application/x-httpd-php .php Restart apache. Your apache install should start reading .php properly. -Graham - The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] PHP page only accessible via SSL
Hi,I would like to know how can i do if i want to force user to type https:// for a particular page.for example, i have a web page "admin.php" which should be ONLY accessible via SSL.if user types -->> http://admin.php, server should answer that this page does not exist.on the other hand, if user types -->> https://admin.php, so page is accessible and user can use this page.thanks a lot,Maileen New Yahoo! Messenger with Voice. Call regular phones from your PC and save big.
Re: [EMAIL PROTECTED] Error 416 Request Range Not Satisfiable
On 4/5/06, Axel-Stéphane SMORGRAV <[EMAIL PROTECTED]> wrote: > Makes me a little curious because I have never seen any browser make a Range > request. I wonder what prompted the browser to make a Range request rather > than just request the whole document. There are two applications I know of that commonly make range requests: acrobat reader and various download accelerators. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] PHP page only accessible via SSL
On 4/5/06, P.M <[EMAIL PROTECTED]> wrote: > Hi, > > I would like to know how can i do if i want to force user to type https:// > for a particular page. > > for example, i have a web page "admin.php" which should be ONLY accessible > via SSL. > > if user types -->> http://admin.php, server should answer that this page > does not exist. > on the other hand, if user types -->> https://admin.php, so page is > accessible and user can use this page. You can use SSLRequireSSL: http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslrequiressl and/or you can use the normal Deny statements scoped in the non-ssl . Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] PHP page only accessible via SSL
Another option would be to check the server port:
if ( $_SERVER['SERVER_PORT'] != 443 ) {
header("Location: https://$_SERVER['HTTP_HOST']{$PHP_SELF}");
}
That will force redirection to port 443 if the user accesses via 80. Another
solution is to check against http method, but I cannot remember the exact
variable. Check out phpinfo(); and it should give you the list at the bottom.
--Graham
-Original Message-
From: "P.M" <[EMAIL PROTECTED]>
Subj: [EMAIL PROTECTED] PHP page only accessible via SSL
Date: Wed Apr 5, 2006 8:18 am
Size: 526 bytes
To: Newsgroup Apache HTTP Server
Hi,
I would like to know how can i do if i want to force user to type https:// for
a particular page.
for example, i have a web page "admin.php" which should be ONLY accessible via
SSL.
if user types -->> http://admin.php, server should answer that this page does
not exist.
on the other hand, if user types -->> https://admin.php, so page is accessible
and user can use this page.
thanks a lot,
Maileen
-
New Yahoo! Messenger with Voice. Call regular phones from your PC and save big.
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] ftp proxying
Hi, just wanne kown if the "mod_proxy_ftp" is a plain cern-proxy or if there's a possibility to use the apache as a reverse proxy for FTP?! (may in combination with some mod_ftp or so) Thanks, kind regards CC -- GMX Produkte empfehlen und ganz einfach Geld verdienen! Satte Provisionen für GMX Partner: http://www.gmx.net/de/go/partner - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Secure Apache Directories
Excellent suggestion. Another recent thought I had was to put certain files outside the web root (e.g. /var/notwebroot/) and use PHP to fetch those files after authenticating through a "php fetch file" script. Thanks Boyle! On 4/5/06, Boyle Owen <[EMAIL PROTECTED]> wrote: > -Original Message-> From: David Bernal [mailto:[EMAIL PROTECTED] ]> Sent: Dienstag, 4. April 2006 18:21> To: users@httpd.apache.org> Subject: [EMAIL PROTECTED] Secure Apache Directories>> Hello All,> > I've setup my own authentication scheme with PHP/MySQL but it> didn't help with "non php files". For example, If i post a> document SECURE.PDF, how do I secure it from being seen by> the outside world? I presume you're using cookies for session-handling: the server gives a cookie after checking the credentials and thereafter, the client submits this cookie with every request in that realm? Then, you have to pass every request through the session-handling logic - what's happening with your case is that the PDF requests are being directly served by apache. I've never used PHP for session-handling (maybe someone who has could chip in here?) but I guess you could rewrite the request internally so that it's handled by PHP (then the user doesn't see the URL change), eg: RewriteRule ^/subdir/(*.pdf) /phpdir/get_file.php?$1so now a request for /subdir/wibble.pdf will be handled by /phpdir/get_file.php?wibble.pdf. You'll have to write get_file.php to read the file off the disk and return it to the client (NB: remember to set the correct mime-type). There are probably example progs on the PHP website... Rgds,Owen BoyleDisclaimer: Any disclaimer attached to this message may be ignored.>> I don't want to use .htaccess directory security AND my PHP> authentication. I really just want one web-based login > script that handles .htaccess type security for all file types.>> I hope this makes sense. Any direction on what I can research?>> Thanks,>> David>Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a private and personal nature. It is not related to the exchange or business activities of the SWX Group. Le présent e-mail est un message privé et personnel, sans rapport avec l'activité boursière du Groupe SWX. This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company. -The official User-To-User support forum of the Apache HTTP Server Project.See http://httpd.apache.org/userslist.html > for more info.To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] RE: failure notice
Not to interrupt an on-going discussion, but I am interested in the user/group requirements for Apache as well. I didn't see anywhere on the Apache website for installation steps that one needs to be root in order to start or run the Apache server, but I have heard it from others. So which way is it? I have been able to install and run Apache as a regular user with no root privileges, which is what confuses me when some say the user needs be root. Can anyone explain the requirements for me? Thanks much. Amalan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Saturday, April 01, 2006 8:43 AM To: users@httpd.apache.org Subject: [EMAIL PROTECTED] RE: failure notice Do you have the User and Group directives set in your httpd.conf file? Eg User wwwrun Group nogroup Apache will initially start as root user and bind to port 80, then switch to running as the specified user and group. The group and user need to be valid system accounts on your server. You will need to set the permissions of the files you want apache to serve as this user and group as well. I'm not sure about DAV, as I do not use this. The problem may also be with DAV user and group permissions as well. See if you can disable DAV and get Apache running first without it. Once you have apache running OK, enable the DAV module and see if that works ok then. HTH Keith On Fri, 31 Mar 2006, ws wrote: > To: users@httpd.apache.org > From: ws <[EMAIL PROTECTED]> > Subject: [EMAIL PROTECTED] Aache 2.0.55 won't start > > Please help.Apache 2.0.55 on Solaris 2.9 won't start with > the following error: [Sat Apr 01 15:26:39 2006] [notice] > Digest: done [Sat Apr 01 15:26:39 2006] [info] > mod_unique_id: using ip addr 158.77.55.107 [Sat Apr 01 > 15:26:40 2006] [warn] pid file > /usr/local/apache2/logs/httpd.pid overwritten -- Unclean > shutdown of previous Apache run? [Sat Apr 01 15:26:40 > 2006] [alert] (22)Invalid argument: setgid: unable to set > g roup id to Group 4294967295 [Sat Apr 01 15:26:40 2006] > [alert] (22)Invalid argument: setgid: unable to set group > id to Group 4294967295 [Sat Apr 01 15:26:40 2006] [alert] > (22)Invalid argument: setgid: unable to set g roup id to > Group 4294967295 [Sat Apr 01 15:26:40 2006] [alert] > (22)Invalid argument: setgid: unable to set g roup id to > Group 4294967295 [Sat Apr 01 15:26:40 2006] [notice] > Apache/2.0.55 (Unix) DAV/2 configured -- resuming normal > operations [Sat Apr 01 15:26:40 2006] [info] Server built: > Nov 22 2005 20:33:01 [Sat Apr 01 15:26:40 2006] [debug] > prefork.c(956): AcceptMutex: fcntl (default: fcntl) [Sat > Apr 01 15:26:40 2006] [alert] (22)Invalid argument: > setgid: unable to set group id to Group 4294967295 [Sat > Apr 01 15:26:41 2006] [alert] Child 5639 returned a Fatal > error... Apache i s exiting! > > Thank you - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] How to control the Apache service remotely?
Greetings! I haven't been able to find any documentation on this, so I thought I would ask the experts. What options do I have to control the Apache service remotely? I need to be able to start, stop, restart the service from a remote location. The server and the outside machine I would be connecting on are both windows. Is it possible to connect remotely using the Apache Service Monitor? Does it use a specific port? Any info on this is greatly appreciated! :) --Larry - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] RE: failure notice
Well.. on most unix systems I believe, you wont get a program to bind to a port number that's under 1024 unless the program is being run by root. The other ports are open to any user. -Dave - Original Message - From: "Amalan, S" <[EMAIL PROTECTED]> To: Sent: Wednesday, April 05, 2006 10:43 AM Subject: RE: [EMAIL PROTECTED] RE: failure notice Not to interrupt an on-going discussion, but I am interested in the user/group requirements for Apache as well. I didn't see anywhere on the Apache website for installation steps that one needs to be root in order to start or run the Apache server, but I have heard it from others. So which way is it? I have been able to install and run Apache as a regular user with no root privileges, which is what confuses me when some say the user needs be root. Can anyone explain the requirements for me? Thanks much. Amalan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Saturday, April 01, 2006 8:43 AM To: users@httpd.apache.org Subject: [EMAIL PROTECTED] RE: failure notice Do you have the User and Group directives set in your httpd.conf file? Eg User wwwrun Group nogroup Apache will initially start as root user and bind to port 80, then switch to running as the specified user and group. The group and user need to be valid system accounts on your server. You will need to set the permissions of the files you want apache to serve as this user and group as well. I'm not sure about DAV, as I do not use this. The problem may also be with DAV user and group permissions as well. See if you can disable DAV and get Apache running first without it. Once you have apache running OK, enable the DAV module and see if that works ok then. HTH Keith On Fri, 31 Mar 2006, ws wrote: To: users@httpd.apache.org From: ws <[EMAIL PROTECTED]> Subject: [EMAIL PROTECTED] Aache 2.0.55 won't start Please help.Apache 2.0.55 on Solaris 2.9 won't start with the following error: [Sat Apr 01 15:26:39 2006] [notice] Digest: done [Sat Apr 01 15:26:39 2006] [info] mod_unique_id: using ip addr 158.77.55.107 [Sat Apr 01 15:26:40 2006] [warn] pid file /usr/local/apache2/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run? [Sat Apr 01 15:26:40 2006] [alert] (22)Invalid argument: setgid: unable to set g roup id to Group 4294967295 [Sat Apr 01 15:26:40 2006] [alert] (22)Invalid argument: setgid: unable to set group id to Group 4294967295 [Sat Apr 01 15:26:40 2006] [alert] (22)Invalid argument: setgid: unable to set g roup id to Group 4294967295 [Sat Apr 01 15:26:40 2006] [alert] (22)Invalid argument: setgid: unable to set g roup id to Group 4294967295 [Sat Apr 01 15:26:40 2006] [notice] Apache/2.0.55 (Unix) DAV/2 configured -- resuming normal operations [Sat Apr 01 15:26:40 2006] [info] Server built: Nov 22 2005 20:33:01 [Sat Apr 01 15:26:40 2006] [debug] prefork.c(956): AcceptMutex: fcntl (default: fcntl) [Sat Apr 01 15:26:40 2006] [alert] (22)Invalid argument: setgid: unable to set group id to Group 4294967295 [Sat Apr 01 15:26:41 2006] [alert] Child 5639 returned a Fatal error... Apache i s exiting! Thank you - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] RE: failure notice
The catch is the port. If your server is not listening on standard ports (80 or 443) you can start your server up as any user. However, the privileged ports (1-1024) are generally (always?) restricted so that only UID 0 can create listeners that bind to them. As indicated by a previous post, the general idea is to start up the listener as UID 0, bind to the privileged port, and then drop the process owner to a non-UID 0 account after the bind is successful. On 4/5/06 9:43 AM, "Amalan, S" <[EMAIL PROTECTED]> wrote: > Not to interrupt an on-going discussion, but I am interested in the > user/group requirements for Apache as well. > > I didn't see anywhere on the Apache website for installation steps that > one needs to be root in order to start or run the Apache server, but I > have heard it from others. So which way is it? > > I have been able to install and run Apache as a regular user with no > root privileges, which is what confuses me when some say the user needs > be root. > > Can anyone explain the requirements for me? > > Thanks much. > Amalan -- Ross A. Del Duca, GCIH Security Officer Infrastructure Architect [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] RE: failure notice
>From the top of my head you also need to be root in order to do setuid/setgid >to change the process owner according to the User and Group configuration >directives. -ascs -Original Message- From: David Salisbury [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 05, 2006 7:08 PM To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] RE: failure notice Well.. on most unix systems I believe, you wont get a program to bind to a port number that's under 1024 unless the program is being run by root. The other ports are open to any user. -Dave - Original Message - From: "Amalan, S" <[EMAIL PROTECTED]> To: Sent: Wednesday, April 05, 2006 10:43 AM Subject: RE: [EMAIL PROTECTED] RE: failure notice Not to interrupt an on-going discussion, but I am interested in the user/group requirements for Apache as well. I didn't see anywhere on the Apache website for installation steps that one needs to be root in order to start or run the Apache server, but I have heard it from others. So which way is it? I have been able to install and run Apache as a regular user with no root privileges, which is what confuses me when some say the user needs be root. Can anyone explain the requirements for me? Thanks much. Amalan - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] PHP page only accessible via SSL
One other thing to consider is the Rewrite
rules you can put in httpd.conf
RewriteEngine On
# Force to https
RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^/admin.php
https://yourhostname/$1 [L,R]
#
Re: [EMAIL PROTECTED] ftp proxying
i think its just a plain cern proxy. it probably does ftp transactions but generates http responses. i dont know about mod_ftp (is it available?). but i dont think mod_proxy_ftp will do ftp reverse proxying. - Original Message - From: <[EMAIL PROTECTED]> To: Sent: Wednesday, April 05, 2006 9:24 PM Subject: [EMAIL PROTECTED] ftp proxying Hi, just wanne kown if the "mod_proxy_ftp" is a plain cern-proxy or if there's a possibility to use the apache as a reverse proxy for FTP?! (may in combination with some mod_ftp or so) Thanks, kind regards CC - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] unable to create worker thread
Apache seems to be running out of memory on one 512Meg box but not another. What affects the amount of memory available to Apache? It also fails on a 1Gig server. But it starts fine on one of the 512Meg servers. I am using this configuration on a Linux 2.4 OS: ServerLimit 1 ThreadLimit 512 StartServers 1 MaxClients 512 MinSpareThreads 1 MaxSpareThreads 512 ThreadsPerChild 512 MaxRequestsPerChild 0 [Tue Apr 04 19:57:50 2006] [alert] (12)Cannot allocate memory: apr_thread_create: unable to create worker thread 253 (I modified the log to give the thread count) Apache fails to start on a box with this mem config: [EMAIL PROTECTED] apache]# free total used free shared buffers cached Mem: 513208 226340 286868 0 41900 93548 -/+ buffers/cache: 90892 422316 Swap: 1044216 0 1044216 But it starts OK on another box with this config: [EMAIL PROTECTED] apache]# free total used free shared buffers cached Mem: 515756 342412 173344 0 65552 158268 -/+ buffers/cache: 118592 397164 Swap: 1048552 2340 1046212 And it fails to start on a box like this: [EMAIL PROTECTED] conf]# free total used free shared buffers cached Mem: 1025412 997136 28276 0 131756 685040 -/+ buffers/cache: 180340 845072 Swap: 1052248 1272 1050976
[EMAIL PROTECTED] Require differences between 2.0.53 and 2.2.0
Hi All, I am putting in a new server to replace an old server we are using. The old server is running FC3 and Apache 2.0.53. The new server is running FC5 and Apache 2.2.0. We have a small user base and use .htaccess file to manage access in people's public_html directories using "require user". We also have a small support staff that access user' public_html directories with "require group". Under 2.0.53 in the .htaccess file we would have both the "require group" and the "require user" lines. Both people in the group and the named user could access the directory just fine. Under 2.2.0 it appears that the last "require" line is the only one that is allowed to access the folder. Is there a setting or way to have both the "require group" and the "require user" work? I want the access to be this user and this group. TIA, Mike - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] httpd 2.2 basic authentication problems
Aloha folks,
Kind of an apache-noob here, but other experienced eyes are at a loss on
this as well as I.
Here's my situation: I've got to configure a suite of three jsp-based web
apps, all running on the same instance of apache, and the same instance of
tomcat. One of the apps ("SP") is authenticated at the application level.
One ("FormsCentral") is not authenticated. The third
("FormsCentral-Admin") has no app-level authentication, but needs to have
limited access, so I've configured httpd for basic authentication.
One small complication is that SP needs to communicate with
FormsCentral-Admin via SOAP web-service, without the user having to
authenticate (since they already have, to get into SP).
Here's what worked with httpd 2.0.55...
AuthType Basic
AuthName "Forms Central Administration Login:"
AuthUserFile /local_apps/apache/fcausers/users
Require valid-user
Allow from localhost
"Allow from localhost" lets SOAP in witout authentication. If I comment out
"Allow from localhost", the web service still works, but it does pop up the
password dialog -- so SOAP seems to be ok with basic auth.
HOWEVER, In httpd 2.2, none of this works properly. I cannot get basic
auth to work at all in a Directory section. In fact, nothing I put into a
Directory section (with the same directory as above) works (e.g. the if I
put nothing but the directives "Order Allow,Deny" and "Deny from All" in
there...I can still access that app).
Basic auth does work in 2.2, if I do the following...
AuthType Basic
AuthName "Forms Central Administration Login:"
AuthUserFile /local_apps/apache/fcausers/users
Require valid user
Allow from localhost
HOWEVER, the SOAP web app no longer works. In catalina.out (tomcat logs), I
get "SOAPExceptionImpl: Bad response: (401Authorization Required". The
Allow directive seems to have no effect. Same behavior if I comment that
line out. Same behavior if I include "Satisfy Any", or if I change the
Allow directive to the server name, or IP address.
If I comment out this whole Location section, the SOAP web service does in
fact work properly. But if I put basic auth on that directory/location, I
cannot get SOAP to do it's thing, no matter what I try (and I've tried a
ton of different things).
Anybody have any idea what's going on here?
thanks.
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] internal dummy connection
Denis wrote: Constantly there are such messages: XX.XX.XX.XXX - - [01/Apr/2006:15:55:42 +0300] "GET / HTTP/1.0" 200 8273 "-" "Apache/2.2.0 (FreeBSD) mod_ssl/2.2.0 OpenSSL/0.9.7e-p1 DAV/2 PHP/4.4.2 (internal dummy connection)" what it means? It's defined in /server/mpm_common.c: | This function connects to the server, then immediately closes the | connection. | This permits the MPM to skip the poll when there is only one listening | socket, because it provides a alternate way to unblock an accept() | when the pod is used. pod=pipe of death. | The pipe of death is used to tell all child processes that it is time | to die gracefully. So if you use the worker MPM which doesn't use a pod, there are no internal dummy connections anymore. -- Robert - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] RE: failure notice
Thanks much. This explains why my installation did not need root privileges - I was running it on port 1150 or so. This also brings up the question: is there a reason to set the port to be below 1024 so that only root can start it up? Is there a downside to running Apache on a port greater than 1024? There must have been some reason for designing it in such a way that the process owner gets dropped from root to a non-zero UID account. I guess I am confused because if you need to be root to start it up, why should the process owner be dropped after binding to the privileged port to a non-zero UID account? And if you weren't root to begin with you wouldn't be able to startup Apache anyway. Amalan -Original Message- From: Ross A. Del Duca [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 05, 2006 1:10 PM To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] RE: failure notice The catch is the port. If your server is not listening on standard ports (80 or 443) you can start your server up as any user. However, the privileged ports (1-1024) are generally (always?) restricted so that only UID 0 can create listeners that bind to them. As indicated by a previous post, the general idea is to start up the listener as UID 0, bind to the privileged port, and then drop the process owner to a non-UID 0 account after the bind is successful. On 4/5/06 9:43 AM, "Amalan, S" <[EMAIL PROTECTED]> wrote: > Not to interrupt an on-going discussion, but I am interested in the > user/group requirements for Apache as well. > > I didn't see anywhere on the Apache website for installation steps that > one needs to be root in order to start or run the Apache server, but I > have heard it from others. So which way is it? > > I have been able to install and run Apache as a regular user with no > root privileges, which is what confuses me when some say the user needs > be root. > > Can anyone explain the requirements for me? > > Thanks much. > Amalan -- Ross A. Del Duca, GCIH Security Officer Infrastructure Architect [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Newbie ReWrite Question
Hi All,
Let me start off by stating I are ignernt of rewriting rules. In our .htaccess
files on our server I have the following magic that forces connections for
user-based directories to an SSL connection:
RewriteEngine on
RewriteCond %{SERVER_PORT} ^80$
RewriteCond %{PATH_INFO} ^$
RewriteRule ^(.*) https://www.mydomain.com/~myuserid/ [L]
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^(.*) https://www.mydomain.com/~myuserid/$1
This magic was given to me awhile ago.
The new server I am putting in has multiple network cards in it. I would
like to if necessary force the incoming connection to use SSL but
stay on the same network path that the connection was initiated
with. One advantage is this keeps from going out of the internal
network, through a router and into the nic defined as the internet
facing IP.
Can someone show me what I need to change in the above?
Thanks!
Mike
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] RE: failure notice
It was thus said that the Great Amalan, S once stated: > > Thanks much. This explains why my installation did not need root > privileges - I was running it on port 1150 or so. > > This also brings up the question: is there a reason to set the port to > be below 1024 so that only root can start it up? Is there a downside to > running Apache on a port greater than 1024? The default port defined for HTTP (the protocol Apache supports) is 80. If the webserver is running on another port, you have to include the port as part of the url: http://www.example.net:81/ > There must have been some reason for designing it in such a way that the > process owner gets dropped from root to a non-zero UID account. I guess > I am confused because if you need to be root to start it up, why should > the process owner be dropped after binding to the privileged port to a > non-zero UID account? And if you weren't root to begin with you wouldn't > be able to startup Apache anyway. TCP/IP was primarily designed in the late 70s/early 80s on timesharing systems, with most (at the time) predefined ports being assigned at number 1024 or less. To insure some security (at least under Unix; possibly the same under other timesharing systems) the port range 0-1024 was marked as special and only priviledged accounts could bind to those ports (on Unix, this is the root account). We're still stuck with that today (at least, under Unix and Unix-like systems), and until such time as ownership of TCP or UDP ports can be assigned, programs will still have to start as root to bind to those ports. The reason to drop privileges after binding to the port is that under Unix (and Unix-like) systems, root can do *anything*---all security and ownership checks are bypassed when the UID is 0 [1]. -spc [1] This is slowly changing, now that SELinux is gaining popularity. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] RE: failure notice
On Wed, 5 Apr 2006, Amalan, S wrote: > To: users@httpd.apache.org > From: "Amalan, S" <[EMAIL PROTECTED]> > Subject: RE: [EMAIL PROTECTED] RE: failure notice > > Thanks much. This explains why my installation did not need root > privileges - I was running it on port 1150 or so. > > This also brings up the question: is there a reason to set the port to > be below 1024 so that only root can start it up? Is there a downside to > running Apache on a port greater than 1024? By convention port 80 is the accepted port for a web server like apache to connect to and listen on. Your browser will connect to port 80 by default, unless yout tell it to use another port. If you run apache on an obscure port, how will a user know which port to specify when connecting to your web server? Most users do not even know about ports - all they want to know is the URL of your website. AFAIK, You can run apache on any free port on your server, but if it is not port 80, you will then have to have your users to connect to it like this: http://www.your-server.net:1150/home-page.html Then every anchor in your site code would need to specify the port number. I guess it makes things alot simpler to use a standard port numbering scheme for all services that accept connections. For a list of standard ports and the services that you can expect to find listening on them, take a look at: http://www.iana.org/assignments/port-numbers You can also do a port scan at http://www.grc.com Click on Shields Up, then do a full port scan. If you click on a port box, you will get more information from the grc port database about the service that runs on that particular port. > There must have been some reason for designing it in such a way that the > process owner gets dropped from root to a non-zero UID account. I guess > I am confused because if you need to be root to start it up, why should > the process owner be dropped after binding to the privileged port to a > non-zero UID account? And if you weren't root to begin with you wouldn't > be able to startup Apache anyway. Normally only root user is allowed to start or stop services such as web servers like apache. It would not do to have joe bloggs being able to start or stop services at will - this is a privilege reserved for the sys admin that logs in as the root user. HTH Keith Roberts - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
