[us...@httpd] Apache 2.2 asks for client certificate when it shouldn't
Hi all, I recently installed an apache web server using version 2.2.9, and I'm having strange issues with the SSL behaviour. I don't need client certificate validation so I didn't use the directive SSLVerifyClient. However, as apache asked for a client certificate, I changed the SSLVerifyClient directive to 'none', with the same results. I thought it could be a browser issue, however the same config in apache 2.0 doesn't behave this way. On the other hand I'm able to reproduce the problem with firefox 2, 3, seamonkey 1.1.7 and konqueror. I don't see anything related to this in the apache logs. I've done many tests and now I have no clue about why it keeps asking for a certificate. It should be noted though that apache asks for the certificate only once, if I don't restart the browser or delete cookies. Are there other configuration directives in mod_ssl besides SSLVerifyClient that may influence this behaviour? Some system information: SO: Linux 2.6, 64 bit (Gentoo distribution) Server Version: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8h PHP/5.2.6-pl7-gentoo mod_jk/1.2.26 Any help is greatly appreciated. Thanks! - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] 32 bit Apache on 64 bit RHEL5.2 machine
Hi, I would like to run Apache 2.2.11 in 32 bit mode on RHEL5.2 64 bit machine. Is it possible? If Yes how? \Vinay - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Caching "virtual directory" requests
Hello everyone, I'm running Apache 2.2.11 with mod_jk and mod_cache. Apache doesn't seem to be caching requests for "virtual directories" (i.e. requests for URIs that don't end in a file name). My back-end Tomcat application uses such URLs (e.g. http:///http://%3chost-%3e/%3cvirtual-directory>>) which result in a dynamic page being generated. Requests to such URIs come to Apache, they are forwarded to Tomcat using mod_jk, but the response is not cached. Is there a way to convince Apache to cache these URLs? Thanks, Karim --- "Although the moon is smaller than the earth, it is farther away."
[us...@httpd] Add new instance in apache load balancer at runtime.
Hi experts; A new instance can be added in apache load balancer by following configuration: ServerName impetus-887.impetus.co.in:801 BalancerMember ajp://192.168.98.62:11009 route=tomcat2 loadfactor=1 BalancerMember ajp://192.168.96.181:12009 route=tomcat1 loadfactor=1 BalancerMember ajp://192.168.96.181:12008 route=tomcat3 loadfactor=1 ProxyPass balancer://medyaCluster/TestProject lbmethod=byrequests stickysession=JSESSIONID If I want to add new instance then I will put one more configuration like in blue color, will stop apache and again start it for making tomat3 as member of load balancing. Is there any option in apache where I can add new instance at runtime. (Apache must not be bounced for making a new instance as a member of load balancing) Thanks, Narendra Impetus, Indore NOTE: This message may contain information that is confidential, proprietary, privileged or otherwise protected by law. The message is intended solely for the named addressee. If received in error, please destroy and notify the sender. Any use of this email is prohibited when received in error. Impetus does not represent, warrant and/or guarantee, that the integrity of this communication has been maintained nor that the communication is free of errors, virus, interception or interference. Impetus is the winner of the Economic Times Intel Smart Workplace Awards 2008 and the CNBC emerging India 2008. Visit www.impetus.com for details.
[us...@httpd] Troubles enforcing canonical hostname in a .htaccess file
Hi all,
I have a website with an associated domain name hosted by a third party
provider.
They let me place .htacess files in folders and mod_rewrite is enabled.
I would like that any request for "mydomain.com" be redirected to
"www.mydomain.com" while letting through any request for other third
level domains (such as test.mydomain.com or static.mydomain.com)
For the CMS that is handling the web content, I already have a
RewriteRule that redirects any non existent folder or file to index.php,
declared like this :
---
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^.*$ index.php [L,NC]
---
I looked around and saw the example about canonical hostnames indicated
inside the mod_rewrite guide here:
http://httpd.apache.org/docs/2.0/misc/rewriteguide.html#url
So I tried to adapt the given example and modified my .htacess file to this:
---
RewriteEngine On
RewriteCond %{HTTP_HOST} ^mydomain.com [NC]
RewriteRule ^/(.*)$ http://www.mydomain.com/$1 [L,R=301]
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^.*$ index.php [L,NC]
---
Unfortunately, this does not seem to work, requests made to
http://domain.com/ are not redirected to http://www.mydomain.com/ but
served directly by index.php, it's as if the first rule is not used at all.
I must be missing something obvious here, but I can't figure it right now.
Any help will be very much appreciated.
Regards
Olivier
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Troubles enforcing canonical hostname in a .htaccess file
On Tue, Dec 30, 2008 at 10:30 AM, Olivier Sannier wrote:
>
> So I tried to adapt the given example and modified my .htacess file to this:
>
> ---
> RewriteEngine On
>
> RewriteCond %{HTTP_HOST} ^mydomain.com [NC]
> RewriteRule ^/(.*)$ http://www.mydomain.com/$1 [L,R=301]
In .htaccess, the RewriteBase including a trailing slash are stripped
before the comparison
RewriteRule (.*) http://www.mydomain.com/$1 [L,R=301]
--
Eric Covener
cove...@gmail.com
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Apache 2.2 asks for client certificate when it shouldn't
On 12/30/08, Miguel Angel Tormo Alfaro wrote: > I thought it could be a browser issue, however the same config in apache 2.0 > doesn't behave this way. On the other hand I'm able to reproduce the problem > with firefox 2, 3, seamonkey 1.1.7 and konqueror. I don't see anything > related to this in the apache logs. I've done many tests and now I have no > clue about why it keeps asking for a certificate. It should be noted though > that apache asks for the certificate only once, if I don't restart the > browser or delete cookies. > Are there other configuration directives in mod_ssl besides SSLVerifyClient > that may influence this behaviour? Which other SSL directives do you have in your config? Can you show it to us? Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Problem with mod_headers ?
Hi. I am a bit at my wit's end here. Using Apache 2.2.3 under Suse Linux, with a mod_jk re-director to Tomcat for certain links, such as the one of which question below. I am using a Tomcat java application which unfortunately sets the Content-Type response header wrongly : it says "text/html; charset=iso-8859-1" instead of "text/html; charset=iso-8859-2", and there is no way I can change that application itself. So I am trying to rectify that header after-the-fact, using mod_headers. Unfortunately, it does not seem to work. I have this Vhost configuration (snippet) : SetEnvIf REQUEST_URI "/servlet\.[^\.]+$" is-jk Header always set Content-Type: "text/html; charset=ISO-8859-2" env=is-jk Header always set Test-Header: "VHost level" env=is-jk SetHandler jakarta-servlet Header always set Content-Type: "text/html; charset=ISO-8859-2" Header always set Test-Header: "Location level" I capture the HTTP headers resulting from a request, using the LiveHttpHeaders plugin of Firefox, as follows (sorry for the email wrap-around, and sensitive bits edited-out with XXX): POST /starweb/XXX/servlet.starweb HTTP/1.1 Host: XXX.XXX.XXX User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.15) Gecko/20080623 Firefox/2.0.0.15 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-gb,en;q=0.7,de-de;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http:///starweb/wideoteka/servlet.starweb?path=wideoteka/wideoteka-sso.web&auth=y Cookie: , JSESSIONID=3AD2CE2435CDCC2CFD3C90D7DF23868B Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 273 HTTP/1.x 200 OK Date: Tue, 30 Dec 2008 17:30:33 GMT Server: Apache/2.2.3 (Linux/SUSE) mod_jk/1.2.28-dev-727724 mod_perl/2.0.2 Perl/v5.8.8 Content-Type: text/html;charset=ISO-8859-1 Test-Header: Location level Expires: Mon, 26 Jul 1997 05:00:00 GMT Pragma: no-cache Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked As can be seen above, the "Test-Header" that I set with mod_headers comes out perfectly, from the Location section. But the Content-Type header, which I believe should be set in the same exact conditions, does not. Does anyone have an idea why ? Thanks. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Troubles enforcing canonical hostname in a .htaccess file
The way to deal with this is never in the .htaccess file but in the virtual
hosts configuration. If you do not have access to this, you need to ask
whoever does to make sure that www.domain.com and domain.com both go to the
same virtual host.
for instance, these lines in your httpd.conf file or httpd-vhosts.conf file
would direct all urls ending in domain.com to one place
ServerName domain.com
ServerAlias *.domain.com
On Tue, Dec 30, 2008 at 8:37 AM, Eric Covener wrote:
> On Tue, Dec 30, 2008 at 10:30 AM, Olivier Sannier wrote:
> >
> > So I tried to adapt the given example and modified my .htacess file to
> this:
> >
> >
> ---
> > RewriteEngine On
> >
> > RewriteCond %{HTTP_HOST} ^mydomain.com [NC]
> > RewriteRule ^/(.*)$ http://www.mydomain.com/$1 [L,R=301]
>
> In .htaccess, the RewriteBase including a trailing slash are stripped
> before the comparison
> RewriteRule (.*) http://www.mydomain.com/$1 [L,R=301]
>
> --
> Eric Covener
> cove...@gmail.com
>
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> " from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
Re: [us...@httpd] Troubles enforcing canonical hostname in a .htaccess file
On Tue, Dec 30, 2008 at 1:09 PM, ernst schoen-rene wrote: > The way to deal with this is never in the .htaccess file but in the virtual > hosts configuration. If you do not have access to this, you need to ask > whoever does to make sure that www.domain.com and domain.com both go to the > same virtual host. > > for instance, these lines in your httpd.conf file or httpd-vhosts.conf file > would direct all urls ending in domain.com to one place > > > ServerName domain.com > ServerAlias *.domain.com > OP wanted to force a canonical hostname, which this doesn't do. -- Eric Covener cove...@gmail.com - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Problem with mod_headers ?
On Tue, Dec 30, 2008 at 12:48 PM, André Warnier wrote: > Hi. > > I am a bit at my wit's end here. > > Using Apache 2.2.3 under Suse Linux, with a mod_jk re-director to Tomcat for > certain links, such as the one of which question below. > > I am using a Tomcat java application which unfortunately sets the > Content-Type response header wrongly : it says "text/html; > charset=iso-8859-1" instead of "text/html; charset=iso-8859-2", and there is > no way I can change that application itself. > So I am trying to rectify that header after-the-fact, using mod_headers. > Unfortunately, it does not seem to work. > > I have this Vhost configuration (snippet) : > > SetEnvIf REQUEST_URI "/servlet\.[^\.]+$" is-jk > Header always set Content-Type: "text/html; charset=ISO-8859-2" env=is-jk > Header always set Test-Header: "VHost level" env=is-jk > > > SetHandler jakarta-servlet > Header always set Content-Type: "text/html; charset=ISO-8859-2" > Header always set Test-Header: "Location level" > > > I capture the HTTP headers resulting from a request, using the > LiveHttpHeaders plugin of Firefox, as follows (sorry for the email > wrap-around, and sensitive bits edited-out with XXX): > > POST /starweb/XXX/servlet.starweb HTTP/1.1 > Host: XXX.XXX.XXX > User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.15) > Gecko/20080623 Firefox/2.0.0.15 > Accept: > text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 > Accept-Language: en-gb,en;q=0.7,de-de;q=0.3 > Accept-Encoding: gzip,deflate > Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 > Keep-Alive: 300 > Connection: keep-alive > Referer: > http:///starweb/wideoteka/servlet.starweb?path=wideoteka/wideoteka-sso.web&auth=y > Cookie: , JSESSIONID=3AD2CE2435CDCC2CFD3C90D7DF23868B > Pragma: no-cache > Cache-Control: no-cache > Content-Type: application/x-www-form-urlencoded > Content-Length: 273 > > HTTP/1.x 200 OK > Date: Tue, 30 Dec 2008 17:30:33 GMT > Server: Apache/2.2.3 (Linux/SUSE) mod_jk/1.2.28-dev-727724 mod_perl/2.0.2 > Perl/v5.8.8 > Content-Type: text/html;charset=ISO-8859-1 > Test-Header: Location level > Expires: Mon, 26 Jul 1997 05:00:00 GMT > Pragma: no-cache > Keep-Alive: timeout=15, max=100 > Connection: Keep-Alive > Transfer-Encoding: chunked > > > As can be seen above, the "Test-Header" that I set with mod_headers comes > out perfectly, from the Location section. > But the Content-Type header, which I believe should be set in the same exact > conditions, does not. > > Does anyone have an idea why ? Headers generated by Apache late during processing (read: after mod_headers acts!) will overlay what you've set. Things like Content-Encoding, Content-Type, Server, etc. Maybe ForceType would convince the piece of the core Apache to set the proper header while it's doing its work. -- Eric Covener cove...@gmail.com - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Troubles enforcing canonical hostname in a .htaccess file
Eric Covener wrote:
On Tue, Dec 30, 2008 at 10:30 AM, Olivier Sannier wrote:
So I tried to adapt the given example and modified my .htacess file to this:
---
RewriteEngine On
RewriteCond %{HTTP_HOST} ^mydomain.com [NC]
RewriteRule ^/(.*)$ http://www.mydomain.com/$1 [L,R=301]
In .htaccess, the RewriteBase including a trailing slash are stripped
before the comparison
RewriteRule (.*) http://www.mydomain.com/$1 [L,R=301]
Bugger, I missed that.
Thanks for pointing it out, it now works perfectly fine.
Cheers
Olivier
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] actual DBDParams format
On Wed, Dec 24, 2008 at 1:52 PM, ernst schoen-rene wrote: > I'm trying to get mod_dbd and mod_authn_dbd to work. Can someone please > post an example of the correct syntax for the DBDParam statement to use with > MySQL? The mod_dbd page says that it should be in this format: > > DBDParam host=localhost,user=userid,pass=password > > but the mod_authn_dbd uses this format for postgres sql: > > DBDParam "host=localhost user=userid pass=password" > > Most pages I have found via google suggest the latter format as well. Which > is it? > > -Ernst Schoen-René > Have you tried either or both? Bruce
[us...@httpd] Problems with dynamically generating certificate...
I would wish to dynamically generate a certificate for each request. I tried with: SSLCertificateFile prg:/usr/bin/certgenerate I also tried: SSLCertificateFile |/usr/bin/certgenerate and SSLCertificateFile exec:/usr/bin/certgenerate But nothing works, it just generates error messages and does not allow the server to start. How can I specify a certificate dynamically for each request? (certgenerate fetches the certificate from the original IP, extracts the DN and then creates a new certificate out of this. Then it signs the certificate with my private key, and then prints the completed certificate on STDOUT) Im currently using Apache as a transparent forward proxy, and to enable virus scanning of SSL traffic, I have configured it to pass SSL traffic unencrypted to a parent proxy which scans traffic for viruses, and this parent then forwards traffic to a another port of apache (a separate virtualhost), that converts the traffic back to SSL and sends it out the internet. The problem is that this generate a security warning in the browser, even when the CA root is imported. This because the DN host name does not match the real host name, and using a DN of "*" or something like that dosen't help. I need to dynamically create and sign certificates for each request, so the DN always stays valid. If this isn't possible, make this a feature request. Some users would like the possible to dynamically generate a certificate. Especially users who wants to set up a SSL proxy, OR users that is managing a large number of IPs for example a large webhosting and want to dynamically fetch a certificate from a folder, based on the SERVER_ADDR header, instead of configuring about lets say 200 virtualhosts (one for each IP and certificate). =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Scanned with Copfilter Version 0.84beta3a (ProxSMTP 1.7) AntiVirus: ClamAV 0.91.2/8814 - Tue Dec 30 09:43:21 2008 AntiVirus: AVG 7.5.51, engine 442 269.21.0/1296 2008-02-24 by Markus Madlener @ http://www.copfilter.org - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Re: mod_rewrite infinite loop
Am trying to redirect all site url's that do not match "/index.php" to
> "/index.php" but sem to be getting into an infinite loop. Have spent hours
> on this and get only partial success every time. Does anyone know what I
> have done wrong? I have been over the Jack Daniels cheat sheets and haven't
> a clue what is missing?
>
> RewriteCond %{REQUEST_URI} !/index.php [NC]
> RewriteRule ^(.*)$ /index.php
>
>
Re: [us...@httpd] Problems with dynamically generating certificate...
On Tue, Dec 30, 2008 at 5:08 PM, wrote: > SSLCertificateFile prg:/usr/bin/certgenerate > SSLCertificateFile |/usr/bin/certgenerate > SSLCertificateFile exec:/usr/bin/certgenerate None of these syntax are supported, and if they were they wouldn't be evaluated per-request or connection. > How can I specify a certificate dynamically for each request? I don't think this is possible with mod_ssl > The problem is that this generate a security warning in the browser, even > when the CA root is imported. > This because the DN host name does not match the real host name, and using a > DN of "*" or something like that dosen't help. Since the request follows the handshake, would you even know the hostname being requested at the right time? (SNI aside) -- Eric Covener cove...@gmail.com - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Re: help with rewrites - changing the base path
hi list, new problem: when i try to add a rewrite just for the base url, it doesn't work and appends the destination url twice and ends up as a 404: how can i accommodate the wild-card and the base path (RewriteRule ^/$ http://www.foobar.com)? # BEGIN WordPress RewriteEngine On RewriteBase /techblog RewriteRule ^/$ http://www.foobar.com RewriteRule /about http://www.foobar.com/about [R=301] RewriteRule /(.*)$ http://www.foobar.com/$1 [R=301] On Mon, Dec 29, 2008 at 3:03 PM, Eric Covener wrote: > On Mon, Dec 29, 2008 at 5:53 PM, André Warnier wrote: >> Hi. >> >> Am I interpreting this correctly, that the .htaccess file you are talking >> about, is the one that is in the original /techblog location ? >> >> If so, and without taking my word for it, isn't it so for a RewriteRule that >> is in a .htaccess file in such a location "/techblog", that the original URL >> you are comparing against already has the "/techblog" prefix removed ? >> (because you are "already there" so to speak) >> >> Maybe you want to try this instead : >> >> RewriteRule /(.*)$ http://www.foo.com/$1 [R=301] > > in techblog/.htaccess, "/techblog/" is removed, including the trailing slash. > > -- > Eric Covener > cove...@gmail.com > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
