Re: [EMAIL PROTECTED] mod_rewrite, mod_proxy and content-length

[Daniel JavaDev]

Unfortunately it's not my client, but Nokia's EAIF MMSC (emulator in this
case).

Like I said, I've coded my application to the protocol (EAIF) and it works.
I only need to add apache httpd in between in order to restrict access to
the application (by IP address range).

The response headers without using apache httpd:

HTTP/1.1 202 Accepted
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4 (build: CVSTag=JBoss_4)/Tomcat-5.5
Transfer-Encoding: chunked
Date: Wed, 25 Jul 2007 08:39:07 GMT


And the headers using apache httpd and mod_proxy:

HTTP/1.1 202 Accepted
Date: Wed, 25 Jul 2007 08:43:37 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4 (build: CVSTag=JBoss_4)/Tomcat-5.5
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/plain


As you can see, httpd is replacing Transfer-Encoding with C-L, which is
breaking things.
I've used 'SetEnv proxy-sendchunked 1' in my httpd config, but it did not
make a difference.

Another kind of response (204 No Content) used for synchronous ACKs has the
same issue.

I'm tempted to hack the mod_proxy code but only has a last resort. Surely
there must be some way to configure httpd to stick with the original
headers.

Cheers

Dan

On 25/07/07, Vincent Bray <[EMAIL PROTECTED]> wrote:


On 25/07/07, Daniel JavaDev <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> I have the following rules on my apache 2.2.4 config:
>
> RewriteEngine on
> RewriteRule ^/someURL http://anotherURL [P]
>
> where someURL is the a publicly available url, and anotherURL is a
private
> url (localhost on another port). This setup is for restricting access to
an
> application server.
>
> It all works fine, except that the application needs to return an empty
body
> response (ACK) for some HTTP POSTs, and apache is adding the
CONTENT-LENGTH:
> 0 header to those responses, which is an invalid header in the context
of
> the protocol used by the application.
>
> Is there anyway of forcing apache not to add the content-length header
to
> the responses?
>

Apache is a http server, not a http-but-not-really server. If your
client barfs on a correct Content-Length header then your client is
broken. I'd suggest either using 204 No Content, or designing your own
protocol.

--
noodl

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] How in the name of LINUX do u set apache2.2 to run as user www-data

[Dmitri Colebatch]

Hi Demetri,

Change the User parameter in httpd.conf.  Here's what I have in mine:

# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
#  . On SCO (ODT 3) use "User nouser" and "Group nogroup".
#  . On HPUX you may not be able to use shared memory as nobody, and the
#suggested workaround is to create a user www and use that user.
#  NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
#  when the value of (unsigned)Group is above 6;
#  don't use Group #-1 on these systems!
#
User apache
Group apache

Hope that helps.

cheers,
dim


On 7/25/07, Demetri T. <[EMAIL PROTECTED]> wrote:

I have googled for information in configuring apache to run as www-data
user a couple of days and all i find are tid bits and they are very general.
I tried changing permissions for the directories, the www-data user and
group were added by the installation of xubuntu

I have search high and low and cant find a HOW-TO anywhere. Please help

Thank you,
Demetri

running:
Xubuntu 7.04
Apache 2.2
PHP 5.2.1
mySql 5.0.38



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] mod_rewrite, mod_proxy and content-length

[Vincent Bray]

On 25/07/07, Daniel JavaDev <[EMAIL PROTECTED]> wrote:

Unfortunately it's not my client, but Nokia's EAIF MMSC (emulator in this
case).

Like I said, I've coded my application to the protocol (EAIF) and it works.
I only need to add apache httpd in between in order to restrict access to
the application (by IP address range).

The response headers without using apache httpd:
 HTTP/1.1 202 Accepted
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4 (build: CVSTag=JBoss_4)/Tomcat-5.5
Transfer-Encoding: chunked
Date: Wed, 25 Jul 2007 08:39:07 GMT


And the headers using apache httpd and mod_proxy:
 HTTP/1.1 202 Accepted
Date: Wed, 25 Jul 2007 08:43:37 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4 (build: CVSTag=JBoss_4)/Tomcat-5.5
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/plain

As you can see, httpd is replacing Transfer-Encoding with C-L, which is
breaking things.
I've used 'SetEnv proxy-sendchunked 1' in my httpd config, but it did not
make a difference.

Another kind of response (204 No Content) used for synchronous ACKs has the
same issue.

I'm tempted to hack the mod_proxy code but only has a last resort. Surely
there must be some way to configure httpd to stick with the original
headers.


I'm not familliar with the semantics of 202 Accepted, sorry. Seems
very strange that you would need Transfer-Encoding: chunked for an
empty response though. I don't suppose ProxyBadHeader would help?
Also, you should really use ProxyPass rather than RewriteRule is your
setup is that simple, not that it'll 'fix' this issue.


--
noodl

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] mod_rewrite, mod_proxy and content-length

[Nick Kew]

On Wed, 25 Jul 2007 10:59:33 +0100
"Daniel JavaDev" <[EMAIL PROTECTED]> wrote:

> Unfortunately it's not my client, but Nokia's EAIF MMSC (emulator in
> this case).
> 
> Like I said, I've coded my application to the protocol (EAIF) and it
> works. I only need to add apache httpd in between in order to
> restrict access to the application (by IP address range).

Do you mean EAIF is a protocol that looks like something-over-HTTP
but is too poorly thought out to work over HTTP?

> As you can see, httpd is replacing Transfer-Encoding with C-L, which
> is breaking things.

AFAICT HTTP permits a proxy to do that.  If you think otherwise,
please point to the relevant section in RFC2616.

> I've used 'SetEnv proxy-sendchunked 1' in my httpd config, but it did
> not make a difference.

That's for requests, not responses.  An HTTP/1.0 server (or client)
is not required to accept chunked encoding.  That setting means Apache
can proxy HTTP/1.0 without having to sacrifice efficiency with HTTP/1.1.

> I'm tempted to hack the mod_proxy code but only has a last resort.
> Surely there must be some way to configure httpd to stick with the
> original headers.

I'm not sure: it's not something anyone's raised before (AFAIK).
If mod_headers doesn't help (and I suspect it won't, as it comes
before the protocol filter), then you'll have to hack the code.
The good news is: it's probably as simple as setting r->chunked = 1
at the right point, and perhaps removing the Content-Length filter,
if your environment variable is set to do that.

If you do that, you might want to contribute your patch back.
Under bugzilla, you could enter it as an enhancement request
something like "support EAIF protocol in the proxy".

-- 
Nick Kew

Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Authorization - require question

[Manuel Vacelet]

Hello all,

I'm facing some problems trying to understand how Require actually works.
Here is my objectives:
- I want to authenticate user against a file.
- I want to restrict a list of users to access to a Location.
- I have 3rd party authorization (AuthzSvnAccessFile) that may
restrict again the browsing.

And now my problem:
- I can restrict access to Location to the list of people in my file
with a 'Require valid-user'.
- But I cannot restrict access to a list of people with 'Require user'

Here the example of config:
->8-

   DAV svn
   SVNPath /var/lib/codex/svnroot/code

   AuthType Basic
   AuthName "Subversion Authorization"

   AuthUserFile /etc/httpd/conf/htpasswd
   Require user manuel
   AuthzSVNAccessFile /var/lib/svnroot/code/.SVNAccessFile

->8-

Even if I don't authenticate as 'manuel' account I can browse my repository

FYI svnaccessfile is:
->8-
@member=manuel, john
[/]
* = r
@members = rw
->8-

Can anyone explain to me what happens ?
Thanks,
-- Manuel

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] Authorization - require question

[Luis Moreira (ESI-GSQP)]

First, the directive "require user" fits not only a single user, but a list,
too

Doing just

Require user Manuel Vacelet Admin Power 

Will validate 4 users, Manuel, Vacelet, Admin and Power

HOWEVER,

1) Location applies to contents outside the file system
2) Otherwise you can use Directory directive
3) Maybe you have a set of permissions that supersede this one, giving
access to ALL to a higher-level directory ??


Luis



-Original Message-
From: Manuel Vacelet [mailto:[EMAIL PROTECTED] 
Sent: quarta-feira, 25 de Julho de 2007 13:33
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] Authorization - require question

Hello all,

I'm facing some problems trying to understand how Require actually works.
Here is my objectives:
- I want to authenticate user against a file.
- I want to restrict a list of users to access to a Location.
- I have 3rd party authorization (AuthzSvnAccessFile) that may
restrict again the browsing.

And now my problem:
- I can restrict access to Location to the list of people in my file
with a 'Require valid-user'.
- But I cannot restrict access to a list of people with 'Require user'

Here the example of config:
->8-

   DAV svn
   SVNPath /var/lib/codex/svnroot/code

   AuthType Basic
   AuthName "Subversion Authorization"

   AuthUserFile /etc/httpd/conf/htpasswd
   Require user manuel
   AuthzSVNAccessFile /var/lib/svnroot/code/.SVNAccessFile

->8-

Even if I don't authenticate as 'manuel' account I can browse my repository

FYI svnaccessfile is:
->8-
@member=manuel, john
[/]
* = r
@members = rw
->8-

Can anyone explain to me what happens ?
Thanks,
-- Manuel

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] (solved) help with XML refresh and cache control

[Jim Owens]

Thanks, Joshua, for the tip. What worked in the end was:


Header set Cache-Control no-cache


Note that this references the XSLT file, not the script. Also for some 
reason this didn't seem to work until I put the  section after 
the  section for cgi-bin.



Joshua Slive wrote:

On 7/24/07, Jim Owens <[EMAIL PROTECTED]> wrote:

I'm using Apache on an intranet to serve an XML database. Users can
modify what they see by selecting radio buttons on an HTML form. The
form sends off a CGI GET request with different parameters, based on the
buttons selected -- for example, generic_xsl.rex?product=A&revision=B.
The script generates a customized XSLT file called "specific.xsl" and
then sends the XML file with an xsl:stylesheet header invoking 
specific.xsl.


On some browsers, successive different requests don't change the
display. The user has to hit Refresh to see the updated XSLT output.



. . .




The header directive can be scoped inside
// sections. So for example,

Header set ...


You could also try different cache-control directives like
must-revalidate to see if the effect was better.

Joshua.



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] How in the name of LINUX do u set apache2.2 to run as user www-data

[Demetri T.]

Dmitri Colebatch wrote:

Hi Demetri,

Change the User parameter in httpd.conf.  Here's what I have in mine:

# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
#  . On SCO (ODT 3) use "User nouser" and "Group nogroup".
#  . On HPUX you may not be able to use shared memory as nobody, and the
#suggested workaround is to create a user www and use that user.
#  NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
#  when the value of (unsigned)Group is above 6;
#  don't use Group #-1 on these systems!
#
User apache
Group apache

Hope that helps.

cheers,
dim


On 7/25/07, Demetri T. <[EMAIL PROTECTED]> wrote:

I have googled for information in configuring apache to run as www-data
user a couple of days and all i find are tid bits and they are very 
general.

I tried changing permissions for the directories, the www-data user and
group were added by the installation of xubuntu

I have search high and low and cant find a HOW-TO anywhere. Please help

Thank you,
Demetri

running:
Xubuntu 7.04
Apache 2.2
PHP 5.2.1
mySql 5.0.38



-
The official User-To-User support forum of the Apache HTTP Server 
Project.

See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




-
The official User-To-User support forum of the Apache HTTP Server 
Project.

See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Thanks for the reply Dim

thats already set by default when i installed apache(which is 
www-data).  I think i am having an issue either with file/directory 
permissions and/or on how Apache is starting up; it just stays running 
as root instead switching over to www-data (the user/group set when 
installed).


I am having a hard time finding the requirements for apache to run as 
another user, would you or anyone know. i have checked the apache docs 
to no avail, and still searching the net.


Thanks
Demetri

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] How in the name of LINUX do u set apache2.2 to run as user www-data

[Joshua Slive]

On 7/25/07, Demetri T. <[EMAIL PROTECTED]> wrote:


thats already set by default when i installed apache(which is
www-data).  I think i am having an issue either with file/directory
permissions and/or on how Apache is starting up; it just stays running
as root instead switching over to www-data (the user/group set when
installed).

I am having a hard time finding the requirements for apache to run as
another user, would you or anyone know. i have checked the apache docs
to no avail, and still searching the net.


You are probably misinterpreting something, since apache will not run
as root without compile-time changes.

There is supposed to be one (control) process running as root that
launches child processes running under the specified User/Group that
actually handle requests.

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Authorization - require question

[Manuel Vacelet]

Thanks for the quick reply.

I do use  because of subversion and there is no global
permissions set at a upper level.

What seems strange to me is that "Require user XXX" works w/o having
another authorization level (w/o AuthzSVNAccessFile) but as soon as I
add this statement the Require user seems overrided.

Actually is 'Require user' authoritative (I don't know if it's the
right term to use to describe what I want to achieve) ?

And maybe a stupid question but:
- Is what I want to achieve possible or not ?

-- Manuel

On 7/25/07, Luis Moreira (ESI-GSQP) <[EMAIL PROTECTED]> wrote:
> First, the directive "require user" fits not only a single user, but a list,
> too
>
> Doing just
>
> Require user Manuel Vacelet Admin Power
>
> Will validate 4 users, Manuel, Vacelet, Admin and Power
>
> HOWEVER,
>
> 1) Location applies to contents outside the file system
> 2) Otherwise you can use Directory directive
> 3) Maybe you have a set of permissions that supersede this one, giving
> access to ALL to a higher-level directory ??
>
>
> Luis
>
>
>
> -Original Message-
> From: Manuel Vacelet [mailto:[EMAIL PROTECTED]
> Sent: quarta-feira, 25 de Julho de 2007 13:33
> To: users@httpd.apache.org
> Subject: [EMAIL PROTECTED] Authorization - require question
>
> Hello all,
>
> I'm facing some problems trying to understand how Require actually works.
> Here is my objectives:
> - I want to authenticate user against a file.
> - I want to restrict a list of users to access to a Location.
> - I have 3rd party authorization (AuthzSvnAccessFile) that may
> restrict again the browsing.
>
> And now my problem:
> - I can restrict access to Location to the list of people in my file
> with a 'Require valid-user'.
> - But I cannot restrict access to a list of people with 'Require user'
>
> Here the example of config:
> ->8-
> 
>DAV svn
>SVNPath /var/lib/codex/svnroot/code
>
>AuthType Basic
>AuthName "Subversion Authorization"
>
>AuthUserFile /etc/httpd/conf/htpasswd
>Require user manuel
>AuthzSVNAccessFile /var/lib/svnroot/code/.SVNAccessFile
> 
> ->8-
>
> Even if I don't authenticate as 'manuel' account I can browse my repository
>
> FYI svnaccessfile is:
> ->8-
> @member=manuel, john
> [/]
> * = r
> @members = rw
> ->8-
>
> Can anyone explain to me what happens ?
> Thanks,
> -- Manuel
>
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] How in the name of LINUX do u set apache2.2 to run as user www-data

[Dragon]

Demetri T. wrote:

thats already set by default when i installed apache(which is 
www-data).  I think i am having an issue either with file/directory 
permissions and/or on how Apache is starting up; it just stays 
running as root instead switching over to www-data (the user/group 
set when installed).


I am having a hard time finding the requirements for apache to run 
as another user, would you or anyone know. i have checked the apache 
docs to no avail, and still searching the net.

 End original message. -

I am sure somebody will correct me if I am wrong but IIRC, invoking 
httpd directly results in it continuing to run as the user that invoked it.


As stated in the manpage for httpd:

   httpd is the Apache HyperText Transfer Protocol (HTTP) server 
program. It is designed to be run as a standalone
   daemon process. When used like this it will create a pool of 
child processes or threads to handle requests.


   In general, httpd should not be invoked directly, but rather 
should be invoked via apachectl on Unix-based sys-
   tems or as a service on Windows NT, 2000 and XP and as a 
console application on Windows 9x and ME.




How are you starting Apache?

Are you using the startup script apachectl or are you starting it directly?


Most *nix type OS distributions also have a startup script that is 
run at system boot to invoke httpd which generally does some house 
keeping stuff and then invokes apachectl. You may have to use a 
utility like checkcfg on Red Hat systems or your system's equivalent 
to enable the startup on boot.


Dragon

~~~
 Venimus, Saltavimus, Bibimus (et naribus canium capti sumus)
~~~


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] How in the name of LINUX do u set apache2.2 to run as user www-data

[Joshua Slive]

On 7/25/07, Dragon <[EMAIL PROTECTED]> wrote:



I am sure somebody will correct me if I am wrong but IIRC, invoking
httpd directly results in it continuing to run as the user that invoked it.


Consider yourself corrected ;-)

httpd always switches users for child processes when started as root.

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] Authorization - require question

[Luis Moreira (ESI-GSQP)]

"Require user XXX" should work on its own.
For me it does, at least.
Just add the directive, edit the users and if you access that directory the
users will be validated against the PWD file.

I don't use AuthzSVNAccessFile, but if you search the web you find info on
it, that may help you.
Using both is mixing directives, and the result may lead to confusion.

Using AuthzSVNAccessFile, as far as I browsed, is for use with "Require
valid-user", but as I said I don't use it so I don't have first hand
experience...


Luis

-Original Message-
From: Manuel Vacelet [mailto:[EMAIL PROTECTED] 
Sent: quarta-feira, 25 de Julho de 2007 16:07
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] Authorization - require question

Thanks for the quick reply.

I do use  because of subversion and there is no global
permissions set at a upper level.

What seems strange to me is that "Require user XXX" works w/o having
another authorization level (w/o AuthzSVNAccessFile) but as soon as I
add this statement the Require user seems overrided.

Actually is 'Require user' authoritative (I don't know if it's the
right term to use to describe what I want to achieve) ?

And maybe a stupid question but:
- Is what I want to achieve possible or not ?

-- Manuel

On 7/25/07, Luis Moreira (ESI-GSQP) <[EMAIL PROTECTED]> wrote:
> First, the directive "require user" fits not only a single user, but a
list,
> too
>
> Doing just
>
> Require user Manuel Vacelet Admin Power
>
> Will validate 4 users, Manuel, Vacelet, Admin and Power
>
> HOWEVER,
>
> 1) Location applies to contents outside the file system
> 2) Otherwise you can use Directory directive
> 3) Maybe you have a set of permissions that supersede this one, giving
> access to ALL to a higher-level directory ??
>
>
> Luis
>
>
>
> -Original Message-
> From: Manuel Vacelet [mailto:[EMAIL PROTECTED]
> Sent: quarta-feira, 25 de Julho de 2007 13:33
> To: users@httpd.apache.org
> Subject: [EMAIL PROTECTED] Authorization - require question
>
> Hello all,
>
> I'm facing some problems trying to understand how Require actually works.
> Here is my objectives:
> - I want to authenticate user against a file.
> - I want to restrict a list of users to access to a Location.
> - I have 3rd party authorization (AuthzSvnAccessFile) that may
> restrict again the browsing.
>
> And now my problem:
> - I can restrict access to Location to the list of people in my file
> with a 'Require valid-user'.
> - But I cannot restrict access to a list of people with 'Require user'
>
> Here the example of config:
> ->8-
> 
>DAV svn
>SVNPath /var/lib/codex/svnroot/code
>
>AuthType Basic
>AuthName "Subversion Authorization"
>
>AuthUserFile /etc/httpd/conf/htpasswd
>Require user manuel
>AuthzSVNAccessFile /var/lib/svnroot/code/.SVNAccessFile
> 
> ->8-
>
> Even if I don't authenticate as 'manuel' account I can browse my
repository
>
> FYI svnaccessfile is:
> ->8-
> @member=manuel, john
> [/]
> * = r
> @members = rw
> ->8-
>
> Can anyone explain to me what happens ?
> Thanks,
> -- Manuel
>
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] problems with the bandwidth and apache

[Roberto Tortolero]

The apache installed on Linux fedora is taking the half of the bandwidth of
the company were a work for.

The apache have configure three virtual host redirecting to other server
through proxy directives, so, it possible to know why the apache server is
consuming so many bandwidth.

thank you.

Re: [EMAIL PROTECTED] How in the name of LINUX do u set apache2.2 to run as user www-data

[Dragon]

Joshua Slive wrote:

On 7/25/07, Dragon <[EMAIL PROTECTED]> wrote:



I am sure somebody will correct me if I am wrong but IIRC, invoking
httpd directly results in it continuing to run as the user that invoked it.


Consider yourself corrected ;-)

httpd always switches users for child processes when started as root.

 End original message. -

Hey, we learn something new every day. :-)

Thanks for the clarification.

Dragon

~~~
 Venimus, Saltavimus, Bibimus (et naribus canium capti sumus)
~~~


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] Force to Push data from a reverse proxy

[Jean-Baptiste Mayer]

I solved my problem by installing and configuring squid which does not seem
to bufferize data.

Jean-Baptiste.

-Message d'origine-
De : Jean-Baptiste Mayer [mailto:[EMAIL PROTECTED] 
Envoyé : mercredi, 25. juillet 2007 08:14
À : users@httpd.apache.org
Objet : RE: [EMAIL PROTECTED] Force to Push data from a reverse proxy


Hello,

Yes I put "ProxyIOBufferSize 1" to have the minimum buffer size and it
unfortunately did not change anything. 

Best Regards,
 
Jean-Baptiste

-Message d'origine-
De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Joshua Slive
Envoyé : mardi, 24. juillet 2007 18:14
À : users@httpd.apache.org
Objet : Re: [EMAIL PROTECTED] Force to Push data from a reverse proxy


On 7/24/07, Jean-Baptiste Mayer <[EMAIL PROTECTED]> wrote:
> Hello,
>
> I have a trouble using a reverse proxy:
>
> Server A (HTTP) <---> Reverse-Proxy (apache-2.0) <---> Client
>
> The client is a java application that displays real time financial data
that
> uses HTTP as transport.
>
> Without the reverse proxy in the middle, everything is working fine.
>
> Using the reverse proxy, we loose the real time aspect of the application
> because data come once in a while (every ten seconds or so) by "big
chunks".
>
> Using a tcpdump of the session, here is what we have:
>
> From Server A to Reverse-Proxy Server: a lot of small size packets (about
95
> bytes) of HTTP payload, a TCP push is used for each frame.
>
> From the reverse proxy server to the Java client: we can see packets but
> more seldom, HTTP payload of 1380 bytes.
>
> Reverse proxy Apache seems to always want to "bufferize" at least the
number
> of bytes equivalent to a frame.
>
> Does any one know an option to disable this functioning and to push data
to
> the client every time the Server A pushes?

Have you looked at the ProxyIOBufferSize directive?

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



smime.p7s
Description: S/MIME cryptographic signature

Re: [EMAIL PROTECTED] How in the name of LINUX do u set apache2.2 to run as user www-data

[Demetri T.]

Joshua Slive wrote:

On 7/25/07, Demetri T. <[EMAIL PROTECTED]> wrote:


thats already set by default when i installed apache(which is
www-data).  I think i am having an issue either with file/directory
permissions and/or on how Apache is starting up; it just stays running
as root instead switching over to www-data (the user/group set when
installed).

I am having a hard time finding the requirements for apache to run as
another user, would you or anyone know. i have checked the apache docs
to no avail, and still searching the net.


You are probably misinterpreting something, since apache will not run
as root without compile-time changes.

There is supposed to be one (control) process running as root that
launches child processes running under the specified User/Group that
actually handle requests.

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server 
Project.

See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


Ok so looking at my proc list i see 6 apache process(only one with PID 
1) and all of them running as root.  Does that mean i need to compile 
apache with specific options?

I looked over my apache setup this is what i have:

apache is executed using the apache2 script in /etc/init.d
the apache2 script then calls on apachectl in the /usr/bin directory
apachectl then executes apache2 which is in the same directory

I also went over my apache2.conf file and the user/group directives are 
listed as:

user www-data
group www-data

I am still trying to find the permissions apache needs for the server 
root, document root, and log directory. any idea on this?


Also if you know any good books that you can recommend i am all ears?

Thanks for your help and time
Demetri

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Re: Apache2 and Upload Progress in mod_jk

[Constantin Moisei]

No one experienced this problem by now ?

On 24/07/07, Constantin Moisei <[EMAIL PROTECTED]> wrote:


Any ideas ?

On 24/07/07, Constantin Moisei <[EMAIL PROTECTED]> wrote:
>
> Hi,
>
> I have this Java application that runs in tomcat and is fronted by a
> Apache2 in mod_jk.
> My problem is that when I connect from outside and do a upload it looks
> like that the upload is firstly performed by apache and then reached my java
> struts action. That approach basically disable my upload progress feature
> since my app is not yet aware of the upload.
>
> I know that the in mod_perl there is PerlPostReadRequestHandler that is
> supposedly allowing to monitor an upload. How do I set my mod_jk to deal
> with this ?
>
> Why would this behave like that only when uploading from internet ? From
> the intranet works great.
>
> Thanks in advance!
> C
>
>


--
Constantin
www.goodstockimages.com





--
Constantin
www.goodstockimages.com

Re: [EMAIL PROTECTED] Re: Apache2 and Upload Progress in mod_jk

[Ricardo Stella]

Constantin Moisei wrote:
> No one experienced this problem by now ?
>
> On 24/07/07, *Constantin Moisei* <[EMAIL PROTECTED]
>  > wrote:
>
> Any ideas ?
>
>
> On 24/07/07, *Constantin Moisei* <[EMAIL PROTECTED]
> > wrote:
>
> Hi,
>
> I have this Java application that runs in tomcat and is
> fronted by a Apache2 in mod_jk.
>

Some netiquette...

Mailing lists are not online chat groups.
Replies go to the bottom, not the top
Some people receive messages once a day in a digest, others file them to
folders and only access them once a day, so wait at least 24 hours
before asking again.

My .02..

-- 

°(((=((===°°°(((===

begin:vcard
fn:Ricardo Stella
n:Stella;Ricardo
org:Rider University;Office of Information Technology
adr;dom:;;2083 Lawrenceville Rd;Lawrenceville;NJ;08648
title:Assistant Director
version:2.1
end:vcard


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] problems with the bandwidth and apache

[Tony Stevenson]

Roberto Tortolero wrote:
The apache installed on Linux fedora is taking the half of the bandwidth 
of the company were a work for.


The apache have configure three virtual host redirecting to other server 
through proxy directives, so, it possible to know why the apache server 
is consuming so many bandwidth.


Roberto, where are these proxy connections pointing to?
We really need to see your configuration before we can suggest any 
worthwhile answers.  Even then we may not be able to see the cause of this.


So can you send us your configuration for these vhosts, and an excerpt 
of your access and error logs?




-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Re: Apache2 and Upload Progress in mod_jk

[Constantin Moisei]

On 25/07/07, Ricardo Stella <[EMAIL PROTECTED]> wrote:




Constantin Moisei wrote:
> No one experienced this problem by now ?
>
> On 24/07/07, *Constantin Moisei* <[EMAIL PROTECTED]
>  > wrote:
>
> Any ideas ?
>
>
> On 24/07/07, *Constantin Moisei* <[EMAIL PROTECTED]
> > wrote:
>
> Hi,
>
> I have this Java application that runs in tomcat and is
> fronted by a Apache2 in mod_jk.
>

Some netiquette...

Mailing lists are not online chat groups.
Replies go to the bottom, not the top
Some people receive messages once a day in a digest, others file them to
folders and only access them once a day, so wait at least 24 hours
before asking again.

My .02..

--

°(((=((===°°°(((===


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Very good points, I appreciate you being candid.
I just followed the email client way - all of the clients I know give you
control on the top of the email, also that how emails are written across
corporations. I see the point doing it the other way around on a digested
list.

C

Re: [EMAIL PROTECTED] How in the name of LINUX do u set apache2.2 to run as user www-data

[Demetri T.]

Demetri T. wrote:
I have googled for information in configuring apache to run as 
www-data user a couple of days and all i find are tid bits and they 
are very general.
I tried changing permissions for the directories, the www-data user 
and group were added by the installation of xubuntu


I have search high and low and cant find a HOW-TO anywhere. Please help

Thank you,
Demetri

running:
Xubuntu 7.04
Apache 2.2
PHP 5.2.1
mySql 5.0.38



-
The official User-To-User support forum of the Apache HTTP Server 
Project.

See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


OK does anyone here know why when i run ps aux in a terminal i can see 4 
www-data and 1 as root for apache, but when i use xfce taskmanager i see 
the root user running all apache process?

all this time i was thinking there was some config error.

Thanks
Demetri

running:
Xubuntu 7.04
Apache 2.2
PHP 5.2.1
mySql 5.0.38

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Re: Apache2 and Upload Progress in mod_jk

[Constantin Moisei]

On 25/07/07, Constantin Moisei <[EMAIL PROTECTED]> wrote:




On 25/07/07, Ricardo Stella <[EMAIL PROTECTED]> wrote:

>
>
> Constantin Moisei wrote:
> > No one experienced this problem by now ?
> >
> > On 24/07/07, *Constantin Moisei* <[EMAIL PROTECTED]
> >  > wrote:
> >
> > Any ideas ?
> >
> >
> > On 24/07/07, *Constantin Moisei* < [EMAIL PROTECTED]
> > > wrote:
> >
> > Hi,
> >
> > I have this Java application that runs in tomcat and is
> > fronted by a Apache2 in mod_jk.
> >
>




I realize that this may not be an Apache thing afterall since works from my
intranet...

However I wanted to add that I'm using a DynDNS(zoneedit.com). I have to
feeling that my problem evolves around zoneedit, ISP, router and apache2. I
will try to see if I enable the reverse lookup will change anything.

It looks like my upload is happening all at once, like there is a stage area
then my apps received is it's all there...

Re: [EMAIL PROTECTED] The Apache user

[Victor Trac]

There's no need to send out two emails to the wrong mailing list asking the
same thing.  While one of us may know the answer, it's more likely that
you'll get a positive response when asking xfce folks.  Perhaps one of these
lists will help:

http://www.xfce.org/community/lists

--Victor

On 7/26/07, Demetri T. <[EMAIL PROTECTED]> wrote:


OK does anyone here know why when i run ps aux in a terminal i can see 4
www-data and 1 as root for apache, but when i use xfce taskmanager i see
the root user running all apache process?
All this time i was thinking there was some config error.

Thanks
Demetri

running:
Xubuntu 7.04
Apache 2.2
PHP 5.2.1
mySql 5.0.38

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
http://www.victortrac.com

Re: [EMAIL PROTECTED] mod_rewrite, mod_proxy and content-length

[Daniel JavaDev]

Nick,

works out the header was actually being added by protocol.c (in
ap_set_content_length)

I've fixed it for what I needed by simply commenting out the body of that
method. This keeps the EAIF MMSC happy and this httpd instance will only be
used for this purpose anyway.

Not sure what the best way of fixing this would be, but I've already lost 1
1/2 days over this and need to crack on with other work. My C skills aren't
that hot anyways, so I'm just happy I got some result out of my effort ;)

Thanks all for the help.

Cheers

Dan

On 25/07/07, Nick Kew <[EMAIL PROTECTED]> wrote:


On Wed, 25 Jul 2007 10:59:33 +0100
"Daniel JavaDev" <[EMAIL PROTECTED]> wrote:

> Unfortunately it's not my client, but Nokia's EAIF MMSC (emulator in
> this case).
>
> Like I said, I've coded my application to the protocol (EAIF) and it
> works. I only need to add apache httpd in between in order to
> restrict access to the application (by IP address range).

Do you mean EAIF is a protocol that looks like something-over-HTTP
but is too poorly thought out to work over HTTP?

> As you can see, httpd is replacing Transfer-Encoding with C-L, which
> is breaking things.

AFAICT HTTP permits a proxy to do that.  If you think otherwise,
please point to the relevant section in RFC2616.

> I've used 'SetEnv proxy-sendchunked 1' in my httpd config, but it did
> not make a difference.

That's for requests, not responses.  An HTTP/1.0 server (or client)
is not required to accept chunked encoding.  That setting means Apache
can proxy HTTP/1.0 without having to sacrifice efficiency with HTTP/1.1.

> I'm tempted to hack the mod_proxy code but only has a last resort.
> Surely there must be some way to configure httpd to stick with the
> original headers.

I'm not sure: it's not something anyone's raised before (AFAIK).
If mod_headers doesn't help (and I suspect it won't, as it comes
before the protocol filter), then you'll have to hack the code.
The good news is: it's probably as simple as setting r->chunked = 1
at the right point, and perhaps removing the Content-Length filter,
if your environment variable is set to do that.

If you do that, you might want to contribute your patch back.
Under bugzilla, you could enter it as an enhancement request
something like "support EAIF protocol in the proxy".

--
Nick Kew

Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]