RE: [EMAIL PROTECTED] Forward port 443 requests, but use mod_rewrite on port 80 requests
> -Original Message-
> From: Browne, Anthony A [mailto:[EMAIL PROTECTED]
> Sent: Mittwoch, 19. April 2006 23:14
> To: users@httpd.apache.org
> Subject: RE: [EMAIL PROTECTED] Forward port 443 requests, but use
> mod_rewrite on port 80 requests
>
> OK, I've been working on this all day and I have some more
> observations. The workstation browsers (hereinafter
> 'browsers') have their LAN proxy settings configured to the
> Apache server's IP and port 80.
This is becoming clearer...
> Now, the Apache server is only listening on 80. So,
> when the browsers want to CONNECT to an https site, what does
> the request look like to Apache?
The request arrives at the apache proxy on port 80 and looks like this:
CONNECT www.securesite.com:443
The apache proxy then acts as a pipe and just passes packets back and forth
between the client and server. It's the client and server who check the cert,
negotiate the cipher etc. Once the SSL session is established, the client makes
an encrypted GET request (which apache cann't see) for the resource required.
All this happens via the proxy's port 80.
> It appears even if I have a *:443 virtual host, it doesn't
> get touched.
It wouldn't, if the clients are all configured to use port 80 for all traffic.
> I even tried to Listen on 443 as well, but it
> won't bind.
Er... I kinda assumed you had this already - you can't run a VH on a port if
you're not listening to it. If it won't bind that's a different problem. Is the
port already in use? Is something else using it?
> A _default_:* doesn't get touched either.
I don't think you can wildcard ports! That would mean every bit of traffic
would end up at apache (mail, ping, ftp, rpc - whatever)!
> How do
> I a) listen on one port and b) use different virtual hosts to
> proxy requests from the browsers?
I see that http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#rewritecond
has a server-variable called REQUEST_METHOD. So this might work:
RewriteCond %{REQUEST_METHOD} CONNECT
RewriteRule ^\.$ - [L]
... rest of HTTP rewrite rules
So what happens is that the RewriteCond detects the CONNECT method and then
activates the following rule. The rule does nothing (target = "-" means no
substitution) and then breaks out of all further rewriting (the [L] flag). Then
the request gets proxied normally - possibly...
If not (if proxying supersedes mod_rewrite - I think you said it did), then
maybe replace the rule with:
RewriteRule ^\.$ http://apache-proxy:81/ [R]
ie, redirect the request to the same proxy but on a different port. Then try:
Listen 81
ProxyRequests On
as before...
I think you might *have* to have two ports on the proxy - I don't think you can
separate the streams otherwise...
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.
>
>
> -Original Message-
> From: Boyle Owen [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, April 19, 2006 1:26 AM
> To: users@httpd.apache.org
> Subject: RE: [EMAIL PROTECTED] Forward port 443 requests, but use
> mod_rewrite on port 80 requests
>
>
>
> > -Original Message-
> > From: Browne, Anthony A [mailto:[EMAIL PROTECTED]
> > Sent: Dienstag, 18. April 2006 18:29
> >
> > No, I am trying to figure out how to separate the two
> > different request streams.
>
> I did read your description below and I think I get it:
>
> if (HTTP)
> if (mirrored)
> serve from cache
> else
> fetch from web
> else if (HTTPS)
> fetch from web
>
> Is that right? Your problem is that you have only a main
> config that is handling all requests through the same
> ruleset. HTTPS requests can't be rewritten because you can't
> decrypt them - you can only proxy HTTPS traffic using the
> CONNECT method and in this case the packets are passed
> through the proxy untouched (apache routes them using only
> their TCP/IP attributes so you can't see the URI or hostname
> or whatever).
>
> I think splitting your traffic between two port-based VHs
> should work, something like:
>
> # HTTPS
>
> ProxyRequests on
>
>
> #HTTP
>
> ... mod_rewrite stuff
>
>
> Rgds,
> Owen Boyle
> Disclaimer: Any disclaimer attached to this message may be ignored.
>
> >
> > My config is as follows:
> >
> > 1) The workstations on our LAN have IE configured to use the Apache
> > Server as a proxy
> > 2) The Apache listens on 80
> > 3) The workstations request items from hosts they believe
> > are valid,
> > but are actually in a folder on the Apache server
> > (several millionsites are mirrored by our company to
> > save bandwidth and to monitor
> > ALL outgoing requests-- workstations have only been
> > allowed to receive this mirrored content). We implement
> > this using mod_rewrite and rewriting all requests to
> > /webfolder/servername/requesturi.
> > 4) Our specification changed and now, we need to support
> > workstation
RE: [EMAIL PROTECTED] mod rewrite not working
mod_rewrite is definitely not loaded. Are you sure that the config file you posted is the one really loaded by your Apache server ? Would it be possible that the administrator uses another configuration file ? If you execute ps -ef | grep httpd can you make out if there is a -f option on the command line of httpd? What happens if you execute: [ -f /etc/httpd/run/httpd.pid ] && ps -p `cat /etc/httpd/run/httpd.pid` -o stime,args || echo "No PID file" Does the start time of the Apache process reported by the above command coincide with the creation date of the file /etc/httpd/run/httpd.pid? Why don't you just talk to your administrator? -ascs -Original Message- From: Paulo J. Matos [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 19, 2006 11:21 PM To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] mod rewrite not working Here's my config file in case someone might want to take a look: On 18/04/06, Boyle Owen <[EMAIL PROTECTED]> wrote: > > -Original Message- > > From: Paulo J. Matos [mailto:[EMAIL PROTECTED] > > Sent: Dienstag, 18. April 2006 14:52 > > To: users@httpd.apache.org > > Subject: [EMAIL PROTECTED] mod rewrite not working > > > > Hi all, > > > > My server is running version 2.0.49 and it has the LoadModule for > > mod_rewrite in its config file but when I had .htaccess with: > > RewriteEngine On > > RewriteRule ^(.*)$ http://localhost:8080/$1 > > > > I get the following in the log: > > [Tue Apr 18 12:41:02 2006] [alert] [client 146.193.36.49] > > /home/pocm/public_html > > /schemept/.htaccess: Invalid command 'RewriteEngine', perhaps > > mis-spelled or def ined by a module not included in the server > > configuration > > mod_rewrite is definately not loaded. There must be something wrong with your > LoadModule line - is the path correct? Is it contained in a conditional block > (eg, IfDefine)? > It seems so but I have the following line in /etc/httpd/conf/httpd.conf: LoadModule rewrite_module modules/mod_rewrite.so Not wrapped at all in a conditional block. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] SSLPassPhraseDialog exec problem
no one out there with a tip for me? :) > hi! > > i try to upgrade from apache 1.3.x to > apache 2.0.55. > > for apache 1.3 i used SSLPassPhraseDialog exec and it works perfectly. > > the problem with apache 2 is: > [Tue Apr 18 11:49:59 2006] [info] Init: Requesting pass phrase from > dialog filter program (...) > [Tue Apr 18 11:49:59 2006] [error] Init: Pass phrase incorrect > > when i use SSLPassPhraseDialog builtin it works. > > User and Group for apache2 is nobody:nogroup (#-1) > the shell script for SSLPassPhraseDialog root.root 555 so 'nobody' > can execute it (and i verified that). > > i also tried to chown the script to nobody.nogroup. no difference > > then i added some more log output into the ssl_engine_pphrase.c and > compiled apache again. > until now it seems so either apache can't execute the script > (also i don't get an error) or it can't read the output (the buffer > returned from reading the output of the script is empty, no error > here too). > > i'm really confused :( > > what's the difference between apache1 SSLPassPhraseDialog and the > apache2 version??? > > > best regards christian - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] ScriptAlias file permissions deny execution
I was able to have someone send me the actual log entry. Her it is.
[Thu Apr 20 12:57:12 2006] [error] [client 214.4.227.224] file
permissions deny server execution: /opt/cognos/c8/cgi-bin/cognos.cgi
Thanks
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joshua
Slive
Sent: Wednesday, April 19, 2006 1:36 PM
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] ScriptAlias file permissions deny execution
On 4/19/06, DeVelvis, Ralph (US SSA) <[EMAIL PROTECTED]>
wrote:
> It says file permissions deny execution.
No, that's not an exact quote. When you paraphrase error messages,
you make things much more difficult.
>
> I haven't done:
>
> su - nobody
> cd /full/path/to/cgi-bin
> ./cgi-script
>
> I did do this:
>
> su - nobody -c /full/path/to/cgi-bin/cgi-script
>
> and the script runs.
If I guessed correctly about what your *real* error message is, then
the following is the code that is failing. This implies either the
userid running apache isn't what you think it is, or the permissions
are not correct.
API_EXPORT(int) ap_can_exec(const struct stat *finfo)
{
#ifdef MULTIPLE_GROUPS
int cnt;
#endif
#if defined(OS2) || defined(WIN32) || defined(NETWARE)
/* OS/2 dosen't have Users and Groups */
return 1;
#else
if (ap_user_id == finfo->st_uid)
if (finfo->st_mode & S_IXUSR)
return 1;
if (ap_group_id == finfo->st_gid)
if (finfo->st_mode & S_IXGRP)
return 1;
#ifdef MULTIPLE_GROUPS
for (cnt = 0; cnt < NGROUPS_MAX; cnt++) {
if (group_id_list[cnt] == finfo->st_gid)
if (finfo->st_mode & S_IXGRP)
return 1;
}
#endif
return ((finfo->st_mode & S_IXOTH) != 0);
#endif
}
-
The official User-To-User support forum of the Apache HTTP Server
Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Is per file configuration easily possible?
Hi If I have an index.html in directory xxx that I want to be accessible only from the yyy domain I know that I can use something like: Order Deny,Allow Deny from all Allow from yyy in a .htaccess file or enclosed in ... in the main configuration. However, it will block access to every index.html from this directory down, until told not to. To stop this configuration from propagating down the directory tree, I need something like: Allow from all for all contained directories. Is there any better way to associate configuration with a single file? The reason I ask is that I'm porting an existing site developed using Netscape/iPlanet/Sun serving software, where many directories contain .nsconfig files to provide per file access control. Thanks Steven - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Forward port 443 requests, but use mod_rewrite on port 80 requests
OK, thanks. You guys helped me a lot, but now you have raised a few other
issues.
First, is that the mod_rewrite [P] flag won't proxy a CONNECT.
Two, is that it will redirect to a different virtual host, but I can't use the
[R] flag to redirect the original CONNECT request. There may be a way to do
this, and this looks the most promising, but I can't seem to make it work. For
example, using:
RewriteCond %{REQUEST_METHOD} CONNECT
RewriteRule ^/(.*)$ http://address_of_virtualhost:port/ [R,L,S=3]
Doesn't correctly send the request to the virtualhost. It also appears to apply
the other rewrite rules in spite of the S and L flags.
Three, that leaves open that it cannot be done completely with mod_rewrite.
Originally, I wanted to use mod_proxy to distinguish 443's from other traffic
and proxy 443's when they were encountered, leaving 80 traffic to be processed
by mod_rewrite. Basically, I need to the ideal situation would be:
if(HTTPS)
use ProxyRequests On
else if(HTTP)
use RewriteRules for mirrored or web content
Can this be done without too much trouble? The problem really seems to be that
mod_proxy trumps mod_rewrite. You can only use mod_rewrite to check the
REQEUST_METHOD, but this module won't correctly forward proxy ssl and mod_proxy
can correctly forward proxy ssl, but you cannot check the REQEUST_METHOD
(unless this possible). I've exhausted making rewrite proxy CONNECTs after it's
determined the REQEUST_METHOD.
So, the new questions are can mod_rewrite correctly redirect the original
CONNECT to a second virtual host that is using ProxyRequests On? Pointers on
this would be greatly appreciated. And/or can mod_proxy determine the
REQEUST_METHOD before ProxyRequests are turned on?
-Original Message-
From: Boyle Owen [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 20, 2006 2:07 AM
To: users@httpd.apache.org
Subject: RE: [EMAIL PROTECTED] Forward port 443 requests, but use mod_rewrite
on port 80 requests
> -Original Message-
> From: Browne, Anthony A [mailto:[EMAIL PROTECTED]
> Sent: Mittwoch, 19. April 2006 23:14
> To: users@httpd.apache.org
> Subject: RE: [EMAIL PROTECTED] Forward port 443 requests, but use
> mod_rewrite on port 80 requests
>
> OK, I've been working on this all day and I have some more
> observations. The workstation browsers (hereinafter
> 'browsers') have their LAN proxy settings configured to the
> Apache server's IP and port 80.
This is becoming clearer...
> Now, the Apache server is only listening on 80. So,
> when the browsers want to CONNECT to an https site, what does
> the request look like to Apache?
The request arrives at the apache proxy on port 80 and looks like this:
CONNECT www.securesite.com:443
The apache proxy then acts as a pipe and just passes packets back and forth
between the client and server. It's the client and server who check the cert,
negotiate the cipher etc. Once the SSL session is established, the client makes
an encrypted GET request (which apache cann't see) for the resource required.
All this happens via the proxy's port 80.
> How do
> I a) listen on one port and b) use different virtual hosts to
> proxy requests from the browsers?
I see that http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#rewritecond
has a server-variable called REQUEST_METHOD. So this might work:
RewriteCond %{REQUEST_METHOD} CONNECT
RewriteRule ^\.$ - [L]
... rest of HTTP rewrite rules
So what happens is that the RewriteCond detects the CONNECT method and then
activates the following rule. The rule does nothing (target = "-" means no
substitution) and then breaks out of all further rewriting (the [L] flag). Then
the request gets proxied normally - possibly...
If not (if proxying supersedes mod_rewrite - I think you said it did), then
maybe replace the rule with:
RewriteRule ^\.$ http://apache-proxy:81/ [R]
ie, redirect the request to the same proxy but on a different port. Then try:
Listen 81
ProxyRequests On
as before...
I think you might *have* to have two ports on the proxy - I don't think you can
separate the streams otherwise...
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.
>
>
> -Original Message-
> From: Boyle Owen [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, April 19, 2006 1:26 AM
> To: users@httpd.apache.org
> Subject: RE: [EMAIL PROTECTED] Forward port 443 requests, but use
> mod_rewrite on port 80 requests
>
>
>
> > -Original Message-
> > From: Browne, Anthony A [mailto:[EMAIL PROTECTED]
> > Sent: Dienstag, 18. April 2006 18:29
> >
> > No, I am trying to figure out how to separate the two
> > different request streams.
>
> I did read your description below and I think I get it:
>
> if (HTTP)
> if (mirrored)
> serve from cache
> else
> fetch from web
> else if (HTTPS)
> fetch from web
>
> Is that right? Your problem is that you have only a ma
[EMAIL PROTECTED] rewrite and virtualdocumentroot question
Title: rewrite and virtualdocumentroot question We are running the following in the httpd.conf file. This works well for our virtual domain hosting. VirtualDocumentRoot /exports/home/%-2.0.%-1/virtualdomains/%0 VirtualScriptAlias /exports/home/%-2.0.%-1/virtualdomains/%0/cgi-bin For the users we have a prefix as part of their username. For example, the domain domain.tld might have the following prefix domain_ so the user accounts would look like domain_bob, domain_john, etc. We have a need to strip the this prefix off for a particular domain that we are hosting and expose their home directory. The users home directories are always under a partitular path: /exports/home/domain.tld/users/prefix_username What we would like to do is have all traffic for /bob to go to the folder /exports/home/domain.tld/users/domain_bob. The second part of this is that we only want this to happen for domain.tld, not domain2.tld or domain3.tld. Is this possible? If so, how would I approach this? I figure the first part of the equation is getting /domain_bob to map to /exports/home/domain.tld/users/domain_bob but I don’t know how to do this when we are running VirtualDocumentRoot. It should also be noted that there is no content on this particular virtual host. It was specifically create for the purposes of putting home directories on the network. Any help would be greatly appreciated. Gary Smith
[EMAIL PROTECTED] You don't have permission to access /pipermail/ on this server.
mailman-2.1.7 apache 2.2.0 Okay I just upgrade from apache 1.3.x to apache 2.2.0 and arriving at a permissions problem when viewing pipermail mailman directories: ---s nip --- You don't have permission to access /pipermail/garbled-name/ on this server. --- snip --- Here is what I've done so far: apache httpd.conf file int he virtual host stanza ScriptAlias /mailman/ /usr/home/mailman/cgi-bin/ Alias /pipermail/ /usr/home/mailman/archives/public/ Alias /icons/ /usr/home/mailman/icons/ Options +FollowSymlinks Allow from all ---s nip --- restarted apache. and I ran bin/check_perms --- snip # /usr/home/mailman/bin/check_perms -f No problems found = snip what else could be the problem here? cheers, Noah - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] You don't have permission to access /pipermail/ on this server.
Noah wrote: You don't have permission to access /pipermail/garbled-name/ on this server. Can you find anything related in your error.log? -- Robert - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] You don't have permission to access /pipermail/ on this server.
On Thu, 20 Apr 2006 23:45:09 +0200, Robert Ionescu wrote > Noah wrote: > > You don't have permission to access /pipermail/garbled-name/ on this server. > > Can you find anything related in your error.log? > Excellent question: Symbolic link not allowed or link target not accessible > -- > Robert > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] >" from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] ext_filter blocks cookies with forward proxy
Hello! I have a forward proxy that handles cookies perfectly fine. But as soon as I turn on an ext_filter, websites that have cookies are not coming through. What I am getting instead is something like this: I am trying to do some HTML transformation for proxied traffic. I do the transformations with an external filter. However, websites with cookies return the above-given example without any changes. And Websites without cookies are transformed as expected. I've been trying really hard to find a solution to this problem. :( I would appreciate any help. Eugene. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] ext_filter blocks cookies with forward proxy
On 4/20/06, Yevgen Borodin <[EMAIL PROTECTED]> wrote: > Hello! > > I have a forward proxy that handles cookies perfectly fine. > But as soon as I turn on an ext_filter, websites that have cookies are not > coming through. What I am getting instead is something like this: > > > > > > > I am trying to do some HTML transformation for proxied traffic. > I do the transformations with an external filter. However, websites with > cookies return the above-given example without any changes. And Websites > without cookies are transformed as expected. > > I've been trying really hard to find a solution to this problem. :( Are you sure that isn't just the default content the browser returns when the server returns zero-content? Perhaps your external filter program is crashing on these requests, causing the server to return nothing. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] ext_filter blocks cookies with forward proxy
Well, the way the external filter works is this. It's just any exec program that accepts input from stdin and writing to std out. I just changed my filter so that it doesn't produce any output. > Are you sure that isn't just the default content the browser returns > when the server returns zero-content? And you are totally right, I am getting the same " Perhaps your external filter program is crashing on these requests, > causing the server to return nothing. I am not getting any error logs. :( So, there's no way to find out whether it's crashing... I still believe that this occurs only for websites cookies... Could this be another bug in mod_ ext_filter?... Thank you! Your suggesting was very useful! Eugene. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joshua Slive Sent: Thursday, April 20, 2006 7:33 PM To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] ext_filter blocks cookies with forward proxy On 4/20/06, Yevgen Borodin <[EMAIL PROTECTED]> wrote: > Hello! > > I have a forward proxy that handles cookies perfectly fine. > But as soon as I turn on an ext_filter, websites that have cookies are not > coming through. What I am getting instead is something like this: > > > > > > > I am trying to do some HTML transformation for proxied traffic. > I do the transformations with an external filter. However, websites with > cookies return the above-given example without any changes. And Websites > without cookies are transformed as expected. > > I've been trying really hard to find a solution to this problem. :( Are you sure that isn't just the default content the browser returns when the server returns zero-content? Perhaps your external filter program is crashing on these requests, causing the server to return nothing. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] content of httpd.conf file
Hi, I see the following in our httpd.conf file: #AddHandler type-map var_123EOL321--123EOL321--123EOL321-- and it just repeats with 123EOL321 and fills up pages. This section is in the same section as the AddLanguage, which is inside the IfModule mod_mime.c.On one of the servers, this line is so huge, it prevents vi opening the httpd.conf file. Anyone know why its so huge? Why do it keep on growing? What is the purpose of this line?Thanks, Charles Li__Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: [EMAIL PROTECTED] ext_filter blocks cookies with forward proxy
On 4/20/06, Yevgen Borodin <[EMAIL PROTECTED]> wrote: > > Perhaps your external filter program is crashing on these requests, > > causing the server to return nothing. > > I am not getting any error logs. :( So, there's no way to find out whether > it's crashing... I still believe that this occurs only for websites > cookies... Could this be another bug in mod_ ext_filter?... Anything's possible. But it is more likely that your external filter program is simply filtering all the content into the bit bucket for some reason. You can try using ExtfilterOptions to get more debugging info. You can also try inserting trival filters before and after your main filter to dump content to a file. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] ext_filter blocks cookies with forward proxy
Yes, the ext filter is being called normally. I tried dumping the data to a file. I am getting total garbage there. On average 300 bytes. I am passing it to the browser unchanged. The browser doesn't recognize it and outputs a default No error logs. So, there still may be some bug... :( Eugene. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joshua Slive Sent: Thursday, April 20, 2006 9:35 PM To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] ext_filter blocks cookies with forward proxy On 4/20/06, Yevgen Borodin <[EMAIL PROTECTED]> wrote: > > Perhaps your external filter program is crashing on these requests, > > causing the server to return nothing. > > I am not getting any error logs. :( So, there's no way to find out whether > it's crashing... I still believe that this occurs only for websites > cookies... Could this be another bug in mod_ ext_filter?... Anything's possible. But it is more likely that your external filter program is simply filtering all the content into the bit bucket for some reason. You can try using ExtfilterOptions to get more debugging info. You can also try inserting trival filters before and after your main filter to dump content to a file. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] You don't have permission to access /pipermail/ on this server.
mailman-2.1.7 apache 2.2.0 Okay I just upgrade from apache 1.3.x to apache 2.2.0 and arriving at a permissions problem when viewing pipermail mailman directories: ---s nip --- You don't have permission to access /pipermail/garbled-name/ on this server. --- snip --- Here is what I've done so far: apache httpd.conf file int he virtual host stanza ScriptAlias /mailman/ /usr/home/mailman/cgi-bin/ Alias /pipermail/ /usr/home/mailman/archives/public/ Alias /icons/ /usr/home/mailman/icons/ Options +FollowSymlinks Allow from all ---s nip --- restarted apache. and I ran bin/check_perms --- snip # /usr/home/mailman/bin/check_perms -f No problems found = snip what else could be the problem here? cheers, Noah - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] content of httpd.conf file
That does not sound right at all. 1. AddHandler adds a handler for processing URLs having a specific extension. In the case of the type-map handler, the default is the .var extension. 2. Apache does not modify the httpd.conf file so it should not grow or change. 3. You can safely remove that line since it is commented anyway. 4. You can try figuring out what process(es) has the file open for r/w. You do not mention what OS you use, but on Solaris you can use pfiles or lsof. On Linux you can probably use lsof. Do you publish a PHP or CGI application on that server? Does it run with the same ownership as the httpd.conf file? In order to prevent Apache from beeing able to modify its configuration file should it be compromised, change the ownership of the file to something else than the owner of the Apache processes or change the ownership of the Apache process to something like "nobody" using the User and Group directives in httpd.conf. As an example, do the following: - Stop Apache. - Put the following two lines in your httpd.conf, and make sure it does not contain anything that could compromise the security of your server. User nobody Group nobody - Make sure that Apache cannot write httpd.conf chmod 644 httpd.conf - Make sure that Apache can still write to its log files chown -R nobody:nobody /var/logs/httpd (replace the path with the path to where your Apache log files are) - Start Apache -ascs From: Charles Li [mailto:[EMAIL PROTECTED] Sent: Friday, April 21, 2006 2:50 AM To: users@httpd.apache.org Subject: [EMAIL PROTECTED] content of httpd.conf file Hi, I see the following in our httpd.conf file: #AddHandler type-map var_123EOL321--123EOL321--123EOL321-- and it just repeats with 123EOL321 and fills up pages. This section is in the same section as the AddLanguage, which is inside the IfModule mod_mime.c. On one of the servers, this line is so huge, it prevents vi opening the httpd.conf file. Anyone know why its so huge? Why do it keep on growing? What is the purpose of this line? Thanks, Charles Li __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
