combine client certificate authentication with ldap based authentication
Hi, I want to authenticate users on apache. In case they have a valid x509 client certificate in their browser for authentication, then that should be sufficient. In case the client does not have such a certificate, the user should be able to authenticate via username/password against ldap. I got both working on its own, but when I try to combine both, and I have a x509 certificate, then it still asks for a username/password. ServerName test.intern HostnameLookups Off SSLEngine on SSLCertificateFile /etc/apache2/certs/server.crt SSLCertificateKeyFile /etc/apache2/certs/server.key SSLCertificateChainFile /etc/apache2/certs/ca.crt SSLCACertificateFile /etc/apache2/certs/ca.crt CustomLog /var/log/apache2/ssl_test_request_log ssl_combined Order deny,allow Deny from all Allow from 127.0.0.1 Satisfy any SSLRequireSSL #SSLVerifyClient optional SSLVerifyClient require SSLVerifyDepth 9 SSLOptions +FakeBasicAuth +StrictRequire AuthUserFile /etc/apache2/conf.d/httpd.passwd require valid-user AuthType Basic AuthBasicProvider "ldap" AuthName "TEST Login" AuthLDAPUrl "ldap://ldap:389/ou=people,dc=intern"; AuthzLDAPAuthoritative off require ldap-user testuser I'm not sure, when I read the manual, whether the Satisfy any is relevant for my case at all. Any pointer into the right direction is highly appreciated. kind regards Sebastian - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: syntax error
Ok status update
I have changed the SeverRoot to reflect the change as mentioned below but I
now get the following error :-
Httpd.exe : could not reliably determine the servers fully qualified domain
name, using {IP ADDRESS REMOVED FOR SECURITY} for server name
only one usage of each socket address is normally permitted. : make_sock: could not
Bind to address 0.0.0.0:80 no listening sockets available, shutting down
Unable to open logs
What am I doing wrong??
Again many thanks in advance
From: Arthur, Simon [mailto:simonart...@norwich.gov.uk]
Sent: 15 December 2008 11:42
To: users@httpd.apache.org
Subject: RE: syntax error
Hi James,
It sounds like the ServerRoot directive has been amended to point to the
location of the website being hosted. It should point at the location where
apache is installed.
For example, in a default install on windows, it looks like this:
ServerRoot "C:/Program Files/Apache Software Foundation/Apache2.2"
This directive tells the server where to put the configuration, error and
log files.
Regards,
Simon (sga101)
_
From: James Taylor-Bye [mailto:jtaylor-...@hotmail.com]
Sent: 15 December 2008 10:49
To: users@httpd.apache.org
Subject: syntax error
Hello again, its me. (oh boy i hear you groan, lol)
I have setup apache to use my pc as a local server by typing localhost in
the sever and domain sections during setup. Now when I run apache i get the
following error :-
Httpd.exe : syntax error on line 60 of c:/program files/Apahe software
foundation/apache 2.2/con/httpd.conf:
Cannot load c:/website/module/mod_actions.so into server: The specified
module could not be found.
What if anything am I doing wrong, or am I just missing a simple step out
somewhere.
Many thanks in advance.
Thanks (so far to)
Morgan Gangwere and
André Warnier
**
E-Mail Disclaimer - Please Read
Confidentiality:
This email and any files transmitted with it are confidential and intended
solely for the individual to whom it is addressed. The information in this
e-mail may not be used or disclosed except for the purpose for which it has
been sent. If you are not the intended recipient you must not disclose it,
copy it, distribute it, or take any action based on its contents.
Please reply and highlight the error then delete it.
Security:
Please note that Internet email is not a fully secure method of
communication. You should be aware of this lack of security
when emailing us.
This email message has been swept by for the presence of computer viruses.
**
RE: syntax error
It sounds like (at least) two problems:
1) You may already have another web server, e.g. IIS bound to port 80.
The simplest solution is to stop the competing service, or assign it to another
port.
If you can't do this, you have several options, including:
a) Add another IP address to your host PC, and then assign one IP address to
each web server
Apache tries to bind to port 80 on all IP addresses by default. To prevent
this, tell it which IP address to use with the listen directive like this:
Listen 192.168.0.1:80
You can use more than one listen directive if you need to bind more than one IP
address or port.
b) Change the port for the competing web service, and then use apache to
reverse proxy the service via a name based virtual host and mod proxy
2) You may have specified a name based virtual host, but not specified
ServerName for each virtual host.
I could be more certain if you posted the httpd.conf file in its entirety.
Hope this helps,
Simon
From: James Taylor-Bye [mailto:jtaylor-...@hotmail.com]
Sent: 15 December 2008 14:14
To: users@httpd.apache.org
Subject: RE: syntax error
Ok status update
I have changed the SeverRoot to reflect the change as mentioned below but I now
get the following error :-
Httpd.exe : could not reliably determine the servers fully qualified domain
name, using {IP ADDRESS REMOVED FOR SECURITY} for server name
only one usage of each socket address
is normally permitted. : make_sock: could not
Bind to address 0.0.0.0:80 no listening sockets available, shutting down
Unable to open logs
What am I doing wrong??
Again many thanks in advance
From: Arthur, Simon [mailto:simonart...@norwich.gov.uk]
Sent: 15 December 2008 11:42
To: users@httpd.apache.org
Subject: RE: syntax error
Hi James,
It sounds like the ServerRoot directive has been amended to point to the
location of the website being hosted. It should point at the location where
apache is installed.
For example, in a default install on windows, it looks like this:
ServerRoot "C:/Program Files/Apache Software Foundation/Apache2.2"
This directive tells the server where to put the configuration, error and log
files.
Regards,
Simon (sga101)
From: James Taylor-Bye [mailto:jtaylor-...@hotmail.com]
Sent: 15 December 2008 10:49
To: users@httpd.apache.org
Subject: syntax error
Hello again, it's me. (oh boy i hear you groan, lol)
I have setup apache to use my pc as a local server by typing localhost in the
sever and domain sections during setup. Now when I run apache i get the
following error :-
Httpd.exe : syntax error on line 60 of c:/program files/Apahe software
foundation/apache 2.2/con/httpd.conf:
Cannot load c:/website/module/mod_actions.so into server: The specified module
could not be found.
What if anything am I doing wrong, or am I just missing a simple step out
somewhere.
Many thanks in advance.
Thanks (so far to)
Morgan Gangwere and
André Warnier
**
E-Mail Disclaimer - Please Read
Confidentiality:
This email and any files transmitted with it are confidential and intended
solely for the individual to whom it is addressed. The information in this
e-mail may not be used or disclosed except for the purpose for which it has
been sent. If you are not the intended recipient you must not disclose it,
copy it, distribute it, or take any action based on its contents.
Please reply and highlight the error then delete it.
Security:
Please note that Internet email is not a fully secure method of
communication. You should be aware of this lack of security
when emailing us.
This email message has been swept by for the presence of computer viruses.
**
Re: combine client certificate authentication with ldap based authentication
On Mon, Dec 15, 2008 at 3:55 AM, Sebastian Reitenbach wrote: > Hi, > > I want to authenticate users on apache. In case they have a valid x509 > client certificate in their browser for authentication, then that should be > sufficient. In case the client does not have such a certificate, the user > should be able to authenticate via username/password against ldap. > > I got both working on its own, but when I try to combine both, and I have a > x509 certificate, then it still asks for a username/password. > > >ServerName test.intern >HostnameLookups Off > >SSLEngine on >SSLCertificateFile /etc/apache2/certs/server.crt >SSLCertificateKeyFile /etc/apache2/certs/server.key >SSLCertificateChainFile /etc/apache2/certs/ca.crt >SSLCACertificateFile /etc/apache2/certs/ca.crt > > >CustomLog /var/log/apache2/ssl_test_request_log ssl_combined > > >Order deny,allow >Deny from all >Allow from 127.0.0.1 > >Satisfy any > >SSLRequireSSL > >#SSLVerifyClient optional >SSLVerifyClient require >SSLVerifyDepth 9 >SSLOptions +FakeBasicAuth +StrictRequire >AuthUserFile /etc/apache2/conf.d/httpd.passwd >require valid-user > >AuthType Basic >AuthBasicProvider "ldap" >AuthName "TEST Login" >AuthLDAPUrl "ldap://ldap:389/ou=people,dc=intern"; >AuthzLDAPAuthoritative off >require ldap-user testuser > > > > > I'm not sure, when I read the manual, whether the Satisfy any is relevant > for my case at all. > > Any pointer into the right direction is highly appreciated. I think to test the FakeBasic stuff first you'd need: AuthBasicProvider file ldap But I also think users would be able to type in cert details + the magic FakeBasic password. Additionaly, for every user in the file, if they didn't use a cert it would never be let in because the "file" provider would see that they were actually in the file and not DECLINE. Maybe SSLUsername instead of FakeBasic would be another avenue? http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslusername I do think there is just a littlte bit missing in Apache to let this work -- mod_ssl might need to participate a little in the basic auth stuff to let some of the fancy configs work. Please let us know how it works out! -- Eric Covener cove...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
syntax error
Hello again, its me. (oh boy i hear you groan, lol) I have setup apache to use my pc as a local server by typing localhost in the sever and domain sections during setup. Now when I run apache i get the following error :- Httpd.exe : syntax error on line 60 of c:/program files/Apahe software foundation/apache 2.2/con/httpd.conf: Cannot load c:/website/module/mod_actions.so into server: The specified module could not be found. What if anything am I doing wrong, or am I just missing a simple step out somewhere. Many thanks in advance. Thanks (so far to) Morgan Gangwere and André Warnier
htcacheclean ignoring -l (limit)?
I'm running apache 2.2.9 on several nodes that serve static content only. I'm running into a problem where the disk cache is filling up (and subsequently problems serving the files). I've the following configuration: # /etc/fstab tmpfs /www/cache tmpfs auto,rw,size=1200M,nr_inodes=1M 0 0 # ps aux | grep htcacheclean /opt/apache2/bin/htcacheclean -d10 -t -p/www/cache -l750M # httpd.conf LoadModule cache_module modules/mod_cache.so LoadModule disk_cache_modulemodules/mod_disk_cache.so LoadModule mem_cache_module modules/mod_mem_cache.so ## ## Cache Config ## ## CacheRoot /www/cache # The default expire time for items in seconds: CacheDefaultExpire 14400 CacheIgnoreCacheControl On CacheEnable disk /img CacheEnable disk /images CacheEnable disk /aimages CacheEnable disk /css CacheEnable disk /js ### ## DCache config ## ### # Maximum size of disk to use for caching in kbytes: CacheDirLength 6 CacheDirLevels 3 # Maximum size of object to disk cache in bytes: CacheMaxFileSize 10 and the appropriate directives. So I've setup the disk_cache on a tmpfs and I'm running htcacheclean every 10 minutes to trim the cache down to 750M. If I run a df -h on that filesystem I see that I've passed that 750M mark: FilesystemSize Used Avail Use% Mounted on tmpfs 1.2G 926M 275M 78% /www/cache I'm not sure what I'm missing here. The only thing I can think of is that htcacheclean will only clean down to the limit if there is content that is expired and needs to be removed (all the content is below the 4 hour expire time). Any insights would be appreciated. Matt
RewriteRule / RewriteCond don't interpolate server variables in pattern regex
I have vhost like this structure:
/www/some_host/htdocs - doc root
/www/some_host/htdocs/usr/user1 - user1 dir
/www/some_host/htdocs/usr/user2 - user2 dir
/www/some_host/htdocs/usr/user3 - user3 dir
...
I use authorization for this vhost, and try restrict every
autorized user inside his user dir. User_name correspond with dir_name.
I use next simple .htaccess file for my vhost:
===
Order Allow,Deny
Allow from All
AuthType Basic
AuthName "Some Secured Area"
AuthUserFile /www/some_host/usr.passwd
Require valid-user
Satisfy All
RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_USER} !^$
RewriteRule !^usr/%{REMOTE_USER}/ /usr/%{REMOTE_USER}/ [R]
===
If user try to get out from own dir, server forcibly redirect him to correct
dir.
But, this rules don't work, because mod_rewrite not interpolate server
variables in pattern (i see this in log file).
If i use this rules (rule block for every user, without any server
variables), it's work fine:
===
RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_USER} ^user1$
RewriteRule !^usr/user1/ /usr/user1/ [R]
RewriteCond %{REMOTE_USER} ^user2$
RewriteRule !^usr/user2/ /usr/user2/ [R]
RewriteCond %{REMOTE_USER} ^user3$
RewriteRule !^usr/user3/ /usr/user3/ [R]
===
But, for hundred users i need write minimum two hundreds rules ... ?!
Why interpolation inside regex not work???
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
RE: syntax error
Hi James, It sounds like the ServerRoot directive has been amended to point to the location of the website being hosted. It should point at the location where apache is installed. For example, in a default install on windows, it looks like this: ServerRoot "C:/Program Files/Apache Software Foundation/Apache2.2" This directive tells the server where to put the configuration, error and log files. Regards, Simon (sga101) From: James Taylor-Bye [mailto:jtaylor-...@hotmail.com] Sent: 15 December 2008 10:49 To: users@httpd.apache.org Subject: syntax error Hello again, it's me. (oh boy i hear you groan, lol) I have setup apache to use my pc as a local server by typing localhost in the sever and domain sections during setup. Now when I run apache i get the following error :- Httpd.exe : syntax error on line 60 of c:/program files/Apahe software foundation/apache 2.2/con/httpd.conf: Cannot load c:/website/module/mod_actions.so into server: The specified module could not be found. What if anything am I doing wrong, or am I just missing a simple step out somewhere. Many thanks in advance. Thanks (so far to) Morgan Gangwere and André Warnier ** E-Mail Disclaimer - Please Read Confidentiality: This email and any files transmitted with it are confidential and intended solely for the individual to whom it is addressed. The information in this e-mail may not be used or disclosed except for the purpose for which it has been sent. If you are not the intended recipient you must not disclose it, copy it, distribute it, or take any action based on its contents. Please reply and highlight the error then delete it. Security: Please note that Internet email is not a fully secure method of communication. You should be aware of this lack of security when emailing us. This email message has been swept by for the presence of computer viruses. **
the /SYSV00000000 file in shared-mapping mem of apache
all, we have two servers with exactly the same hardware running apache service. but always, there are difference between apache processes on the two boxes, in "shared memory" of the output result of cmd- "top". in detail the difference lies in the file of /SYSV, as is displayed below(this is the output of a smem.pl tool, which analyze smap msg): _ SHARED MAPPINGS vmsize rss clean rss dirty file 30720 kb19856 kb 2676 kb /SYSV 30720 kb 9292 kb 2540 kb /SYSV what's more, when 'cat /proc/PID/maps', we saw: __ 8275/maps:2ab550d26000-2ab552b26000 rw-s 00:09 13139968 /SYSV (deleted) 8275/maps:2ab552b26000-2ab554926000 rw-s 00:09 13172737 /SYSV (deleted) 8275/maps:2ab554926000-2ab556726000 rw-s 00:09 13205506 /SYSV (deleted) 8275/maps:2ab556726000-2ab558526000 rw-s 00:09 13238275 /SYSV (deleted) and output of cmd 'pmap': __ 2ab550d26000 30720K rw-s-[ shmid=0xc88000 ] 2ab552b26000 30720K rw-s-[ shmid=0xc90001 ] 2ab554926000 30720K rw-s-[ shmid=0xc98002 ] 2ab556726000 30720K rw-s-[ shmid=0xca0003 ] and finally output of cmd 'ipcs' __ # ipcs -m -- Shared Memory Segments keyshmid owner perms bytes nattch status 0x 13139968 root 62231457280 44 dest 0x 13172737 root 62231457280 44 dest 0x 13205506 root 62231457280 44 dest 0x 13238275 root 62231457280 44 dest platform: gentoo 2.6.18 x86_64 intel 5130, apache 2.0.61, php5, 8G RAM+8G swap, a lot of free memory. it seems like, apache is simply utilizing shared memory. but my question are: 1) is it necessary to use shm? b'coz apache runs happily as well on another box without quoting the SYSVxx file. 2) if it is necessary, what's that for?
Re: RewriteRule / RewriteCond don't interpolate server variables in pattern regex
2008/12/15 Pavel Ustyugov :
> RewriteEngine On
> RewriteBase /
> RewriteCond %{REMOTE_USER} !^$
> RewriteRule !^usr/%{REMOTE_USER}/ /usr/%{REMOTE_USER}/ [R]
> ===
> If user try to get out from own dir, server forcibly redirect him to correct
> dir.
> But, this rules don't work, because mod_rewrite not interpolate server
> variables in pattern (i see this in log file).
Use a RegEx internal backreference to compare two values like
RewriteCond $1<>%{REMOTE_USER} !^([^<]+)<>\1$
RewriteRule ^usr/([^/]+)/ /usr/%{REMOTE_USER}/ [R]
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
X-Forwarded-For
Our traffic is going through proxy, how can I enable X-Forwarded-For in apache to get the original IP. Does this also work for users using ISP (private IP) and are behind the ISP router. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
apache
How can I get apache to interpret both php and html extenstions at the same time for PHP and apache's virtual includes? Basically I need an html and php file to be parsed for apache includes and php includes. I'm running Apache 2. thanks in advanced for any assitance - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: syntax error
Just off the top of my head, try changing the Listen directive from Listen 80 to Listen 127.0.0.1:80 -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://pgp.mit.edu/ On Mon, Dec 15, 2008 at 10:33 AM, James Taylor-Bye wrote: > This is the complete config file for you to browse:- > > > > > > # This is the main Apache HTTP server configuration file. It contains the > > # configuration directives that give the server its instructions. > > # See http://httpd.apache.org/docs/2.2> for detailed information. > > # In particular, see > > # http://httpd.apache.org/docs/2.2/mod/directives.html> > > # for a discussion of each configuration directive. > > # > > # Do NOT simply read the instructions in here without understanding > > # what they do. They're here only as hints or reminders. If you are unsure > > # consult the online docs. You have been warned. > > # > > # Configuration and logfile names: If the filenames you specify for many > > # of the server's control files begin with "/" (or "drive:/" for Win32), the > > # server will use that explicit path. If the filenames do *not* begin > > # with "/", the value of ServerRoot is prepended -- so "logs/foo.log" > > # with ServerRoot set to "C:/Program Files/Apache Software > Foundation/Apache2.2" will be interpreted by the > > # server as "C:/Program Files/Apache Software > Foundation/Apache2.2/logs/foo.log". > > # > > # NOTE: Where filenames are specified, you must use forward slashes > > # instead of backslashes (e.g., "c:/apache" instead of "c:\apache"). > > # If a drive letter is omitted, the drive on which httpd.exe is located > > # will be used by default. It is recommended that you always supply > > # an explicit drive letter in absolute paths to avoid confusion. > > > > # > > # ServerRoot: The top of the directory tree under which the server's > > # configuration, error, and log files are kept. > > # > > # Do not add a slash at the end of the directory path. If you point > > # ServerRoot at a non-local disk, be sure to point the LockFile directive > > # at a local disk. If you wish to share the same ServerRoot for multiple > > # httpd daemons, you will need to change at least LockFile and PidFile. > > # > > ServerRoot "C:/Program Files/Apache Software Foundation/Apache2.2" > > > > # > > # Listen: Allows you to bind Apache to specific IP addresses and/or > > # ports, instead of the default. See also the > > # directive. > > # > > # Change this to Listen on specific IP addresses as shown below to > > # prevent Apache from glomming onto all bound IP addresses. > > # > > #Listen 82.19.185.246 > > Listen 80 > > > > # > > # Dynamic Shared Object (DSO) Support > > # > > # To be able to use the functionality of a module which was built as a DSO > you > > # have to place corresponding `LoadModule' lines at this location so the > > # directives contained in it are actually available _before_ they are used. > > # Statically compiled modules (those listed by `httpd -l') do not need > > # to be loaded here. > > # > > # Example: > > # LoadModule foo_module modules/mod_foo.so > > # > > LoadModule actions_module modules/mod_actions.so > > LoadModule alias_module modules/mod_alias.so > > LoadModule asis_module modules/mod_asis.so > > LoadModule auth_basic_module modules/mod_auth_basic.so > > #LoadModule auth_digest_module modules/mod_auth_digest.so > > #LoadModule authn_alias_module modules/mod_authn_alias.so > > #LoadModule authn_anon_module modules/mod_authn_anon.so > > #LoadModule authn_dbd_module modules/mod_authn_dbd.so > > #LoadModule authn_dbm_module modules/mod_authn_dbm.so > > LoadModule authn_default_module modules/mod_authn_default.so > > LoadModule authn_file_module modules/mod_authn_file.so > > #LoadModule authnz_ldap_module modules/mod_authnz_ldap.so > > #LoadModule authz_dbm_module modules/mod_authz_dbm.so > > LoadModule authz_default_module modules/mod_authz_default.so > > LoadModule authz_groupfile_module modules/mod_authz_groupfile.so > > LoadModule authz_host_module modules/mod_authz_host.so > > #LoadModule authz_owner_module modules/mod_authz_owner.so > > LoadModule authz_user_module modules/mod_authz_user.so > > LoadModule autoindex_module modules/mod_autoindex.so > > #LoadModule cache_module modules/mod_cache.so > > #LoadModule cern_meta_module modules/mod_cern_meta.so > > LoadModule cgi_module modules/mod_cgi.so > > #LoadModule charset_lite_module modules/mod_charset_lite.so > > #LoadModule dav_module modules/mod_dav.so > > #LoadModule dav_fs_module modules/mod_dav_fs.so > > #LoadModule dav_lock_module modules/mod_dav_lock.so > > #LoadModule dbd_module modules/mod_dbd.so > > #LoadModule deflate_module modules/mod_deflate.so > > LoadModule dir_module modules/mod_dir.so > > #LoadModule disk_cache_module modules/mod_disk_cache.so > > #LoadModule dumpio_module modules/mod_dumpio.so > > LoadModule env_module modules/mod_env.so > > #LoadModule expires_module modules/mod_expires.so > > #LoadModule ext
Re: apache
Sorry, I can't help with your problem, I just wanted to give a little friendly advice about posting to the mailing list: The subject of your email is "apache", which has an entropy of almost 0. That is to say, it conveys no information about what your problem is because the fact that you're writing to the Apache mailing list implies that the subject of the message is going to be Apache. You're more likely to get a useful response if you provide a little more classification of what your problem is. Good luck resolving your issue. -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://pgp.mit.edu/ On Mon, Dec 15, 2008 at 2:37 PM, monkey wrote: > How can I get apache to interpret both php and html extenstions at the same > time > for PHP and apache's virtual includes? > > Basically I need an html and php file to be parsed for apache includes and php > includes. > > I'm running Apache 2. > > thanks in advanced for any assitance > > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: apache
On Mon, Dec 15, 2008 at 2:37 PM, monkey wrote: > How can I get apache to interpret both php and html extenstions at the same > time > for PHP and apache's virtual includes? > > Basically I need an html and php file to be parsed for apache includes and php > includes. How have you configured Apache to parse the .php? Have you tried duplicating it and wrapping it in e.g. a container? -- Eric Covener cove...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: X-Forwarded-For
"Mohit Anchlia" writes: > Our traffic is going through proxy, how can I enable X-Forwarded-For > in apache to get the original IP. Does this also work for users using > ISP (private IP) and are behind the ISP router. Do you mean you have Apache acting as a proxy and you want it to send the X-Forwarded-For header, or you have another proxy server and you want Apache to do something with the information in its X-Forwarded-For header? Apache should generally send this information properly on its own, see: http://httpd.apache.org/docs/trunk/mod/mod_proxy.html The easiest way to handle the headers in in the application side. ISPs may use proxies, too, so if you only want special treatment for requests from your own proxy, you should check the IP address of the connection, and if it's your proxy use the information from the last X-Forwarded-For header, which should always be the one it added (you can also use the Via header). For an example in PHP see: http://devcentral.f5.com/weblogs/macvittie/archive/2008/06/02/3323.aspx That's how I've always done it, but there are some modules that claim to do some of this work for you so you could avoid changing your Web apps: http://www.cotds.org/mod_extract_forwarded2/ http://search.cpan.org/~jvanasco/Apache2-xForwardedFor-0.04/lib/Apache2/xForwardedFor.pm I haven't used either, and there may be others. Good luck! Scott. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: apache
On Mon, 15 Dec 2008 15:10:19 -0500, Brian Mearns wrote: > Sorry, I can't help with your problem, I just wanted to give a little > friendly advice about posting to the mailing list: The subject of your > email is "apache", which has an entropy of almost 0. Yes, one should always use the tried and true Subject: help!!! :-) - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: apache
Jonesy wrote: On Mon, 15 Dec 2008 15:10:19 -0500, Brian Mearns wrote: Sorry, I can't help with your problem, I just wanted to give a little friendly advice about posting to the mailing list: The subject of your email is "apache", which has an entropy of almost 0. Yes, one should always use the tried and true Subject: help!!! :-) Advertisement : Let me add a reference from another list, but applicable at least in part here too. http://marc.info/?l=tomcat-user&m=122823060425367&w=2 ;-) - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
help with rewrites - changing the base path
i am trying to change the base path of a directory to rewrite to a new
location, there are no files in the location, so it is just a
cosmetic/seo change.
i have some rewrites that are put in place by my hosting provider, and
im having some difficulty getting the rewrite to work:
here is my .htaccess file:
# BEGIN WordPress
RewriteEngine On
RewriteBase /techblog/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
#RewriteRule ^/techblog /technology-blog [L]
RewriteRule . /techblog/index.php [L]
# END WordPress
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
RE: help with rewrites - changing the base path
Matthew
Is this more like a directory name change if so all you need is
RewriteRule ^/techblog(.*)$ /technology-blog$1 [R=301,L]
R is the browser return code and also forces the users browser to refresh. It
is also possible to make this transfer internally without a response to the
users browser but sending the return code does tell the browser to update its
bookmarks.
Christopher Evens
Web Programmer, Christian Record Services for the Blind
Free lending library for the blind
www.christianrecord.org
-Original Message-
From: Matthew Sacks [mailto:ntw...@gmail.com]
Sent: Monday, December 15, 2008 4:54 PM
To: users@httpd.apache.org
Subject: help with rewrites - changing the base path
i am trying to change the base path of a directory to rewrite to a new
location, there are no files in the location, so it is just a
cosmetic/seo change.
i have some rewrites that are put in place by my hosting provider, and
im having some difficulty getting the rewrite to work:
here is my .htaccess file:
# BEGIN WordPress
RewriteEngine On
RewriteBase /techblog/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
#RewriteRule ^/techblog /technology-blog [L]
RewriteRule . /techblog/index.php [L]
# END WordPress
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: apache
Jonesy wrote: Yes, one should always use the tried and true Subject: help!!! :-) Or.. URGENT! or ASSISTANCE REQUIRED! or I have a question. Those are always good :) - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re[2]: [RESOLVED] RewriteRule / RewriteCond don't interpolate server variables in pattern regex
Hello, Bob Ionescu.
> 2008/12/15 Pavel Ustyugov :
>> RewriteEngine On
>> RewriteBase /
>> RewriteCond %{REMOTE_USER} !^$
>> RewriteRule !^usr/%{REMOTE_USER}/ /usr/%{REMOTE_USER}/ [R]
>> ===
>> If user try to get out from own dir, server forcibly redirect him to correct
>> dir.
>> But, this rules don't work, because mod_rewrite not interpolate server
>> variables in pattern (i see this in log file).
> Use a RegEx internal backreference to compare two values like
> RewriteCond $1<>%{REMOTE_USER} !^([^<]+)<>\1$
> RewriteRule ^usr/([^/]+)/ /usr/%{REMOTE_USER}/ [R]
Huge thanks for greap idea. Genius trick!
I add some additions and obtain work config:
RewriteCond %{REMOTE_USER} !^$
RewriteCond $1<>%{REMOTE_USER} !^([^<]+)<>\1$
RewriteRule ^usr/([^/]+)/ /usr/%{REMOTE_USER}/ [R,L]
RewriteRule !^usr/[^/]+/ /usr/%{REMOTE_USER}/ [R,L]
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
