[us...@httpd] Can not access port 2000
Dear All, Our server is Centos 5 and we are using Webmin. When I try to log-in in our server using https://ourServer.com:1 it works fine when I try to use https://ourServer.com:2 it keep processing it and never bring log-in page. It used to work fine last week. I will appreciate if any one know where will be the problem. Thanks in advance hateSpam -- View this message in context: http://www.nabble.com/Can-not-access-port-2000-tp23813439p23813439.html Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [us...@httpd] Can not access port 2000
Did you changed the login port from 2 to port 1? Check your config. -Original Message- From: hateSpam [mailto:khwaja_a...@yahoo.co.uk] Sent: Monday, 1 June 2009 9:17 PM To: users@httpd.apache.org Subject: [us...@httpd] Can not access port 2000 Dear All, Our server is Centos 5 and we are using Webmin. When I try to log-in in our server using https://ourServer.com:1 it works fine when I try to use https://ourServer.com:2 it keep processing it and never bring log-in page. It used to work fine last week. I will appreciate if any one know where will be the problem. Thanks in advance hateSpam -- View this message in context: http://www.nabble.com/Can-not-access-port-2000-tp23813439p23813439.html Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [us...@httpd] Use of NoProxy without a DNS lookup
Chris, Thanks for those suggestions. The LAN is only connected to the main network via a satellite link, which is slow and expensive. I am working on an intelligent DNS server that will only process requests when a user is logged on, but this won't be available for a few months yet. In the mean time I've split the main Apache server into two virtual servers - port 80 is used for intranet traffic and port 8080 is the proxy server - hence there is no need for the NoProxy directive. Thanks for your help Dave > -Original Message- > From: Kristof Zelechovski [mailto:giecr...@stegny.2a.pl] > Sent: 29 May 2009 10:43 > To: users@httpd.apache.org > Subject: RE: [us...@httpd] Use of NoProxy without a DNS lookup > > Hi Dave, > Requiring local applications to use raw IP numbers is rather extreme. > You > should have a DNS running on the LAN; local hosts can be referred to by > name, DNS or no DNS, and your proxy would send these request to > nowhere. > IMHO, > Chris > > -Original Message- > From: David Vaughan [mailto:david.vaug...@satemail.com] > Sent: Thursday, May 28, 2009 12:46 PM > To: users@httpd.apache.org > Subject: [us...@httpd] Use of NoProxy without a DNS lookup > > Hi there. > > I have an Apache server (2.2.11 running on Windows XP) which acts as a > forward proxy for a small network connected via a slow IP link to a > main > proxy server. > > The network has an intranet so the NoProxy command is used to prevent > sending these requests to the main proxy. However this causes Apache > to > do a DNS lookup for every request. After re-reading the documentation > I > changed the NoProxy subnet address for a dotted IP address (e.g. > 192.168.0.20), but this still causes a DNS lookup. > > The proxy section of the config file is: > ProxyRemote * http://my.ipaddress.com:8080 > Noproxy 192.168.0.0/16 > > > Order Deny,Allow > Deny from all > Allow from 192.168 > > > What I'd like is for Apache to only process the NoProxy command if the > host name is in a dotted address format - anything else can be sent to > the main proxy server as this will not be on the local intranet. > > > Any suggestions gratefully received > > Thanks > Dave Vaughan > > > > - > The official User-To-User support forum of the Apache HTTP Server > Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >" from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Use of NoProxy without a DNS lookup
On 01.06.09 12:17, David Vaughan wrote: > Thanks for those suggestions. The LAN is only connected to the > main network via a satellite link, which is slow and expensive. I am > working on an intelligent DNS server that will only process requests > when a user is logged on, but this won't be available for a few months > yet. Why to do that? What's expensive, the link or the data transferred? If it's the link, why to avoid the traffic when nobody's logged? Do you have local (caching) DNS server with local zones, so the requests for local hostnames don't have to be sent over the link? > > -Original Message- > > From: David Vaughan [mailto:david.vaug...@satemail.com] > > Sent: Thursday, May 28, 2009 12:46 PM > > To: users@httpd.apache.org > > Subject: [us...@httpd] Use of NoProxy without a DNS lookup > > > > Hi there. > > > > I have an Apache server (2.2.11 running on Windows XP) which acts as a > > forward proxy for a small network connected via a slow IP link to a > > main > > proxy server. > > > > The network has an intranet so the NoProxy command is used to prevent > > sending these requests to the main proxy. However this causes Apache > > to > > do a DNS lookup for every request. After re-reading the documentation > > I > > changed the NoProxy subnet address for a dotted IP address (e.g. > > 192.168.0.20), but this still causes a DNS lookup. > > > > The proxy section of the config file is: > > ProxyRemote * http://my.ipaddress.com:8080 > > Noproxy 192.168.0.0/16 > > > > > > Order Deny,Allow > > Deny from all > > Allow from 192.168 > > > > > > What I'd like is for Apache to only process the NoProxy command if the > > host name is in a dotted address format - anything else can be sent to > > the main proxy server as this will not be on the local intranet. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Chernobyl was an Windows 95 beta test site. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] php downloaded instead of running
Hi there, I am running apache2 on an ubuntu server and I must not have php installed. When I attempt to run a php program my browser, firefox for mac in this case, attempts to download it. I also placed the following line in my /etc/apache2/http.conf I hope that is the right place to put it. Cheers, Noah - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] php downloaded instead of running
Noah, Please read: http://wiki.apache.org/httpd/PHPDownload Frank admin2 wrote: Hi there, I am running apache2 on an ubuntu server and I must not have php installed. When I attempt to run a php program my browser, firefox for mac in this case, attempts to download it. I also placed the following line in my /etc/apache2/http.conf I hope that is the right place to put it. Cheers, Noah - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Strange Apache error (appears to be related to bad pidfile)
Good morning, I've had a strange problem with Apache twice in the past week, and I'm out of ideas as to what might be going on. Here's the background: I run a website that uses a plain-vanilla Apache server to serve images, and uses mod_proxy to forward requests for everything else to a backend mod_perl server on a different port on the same ip address. The problem that I ran into is that after running on the same configuration for years, and without a reboot for a month or so, the plain-vanilla Apache server stopped serving requests. - I did not *intentionally* make any changes that I would expect to result in problems, either to file permissions or to the userid that Apache runs under. - My first try was to execute apachectl stop and then apachectl start. apachectl printed: "/usr/local/apache-light/bin/apachectl start: httpd started". However, it wasn't running (which I verified by trying to run apachectl status and then apachectl stop). - The first time this happened, I was running Apache 1.3.37. I downloaded the tarball for Apache 1.3.41 and installed that in place of 1.3.37. The second time this error occurred it occurred with 1.3.41. - No messages were written to the access_log or error_log. (I have since been told that I should interact directly with httpd, and that this would likely result in messages written to the log.) - /usr/local/apache-light/bin/apachectl configtest returned "Syntax OK" - apachectl points to the correct pidfile (at least it's the one specified in /usr/local/apache-light/conf/httpd.con), and it looks to me like root has perfectly reasonable rights to the pidfile. I was eventually able to restart the apache process the first time by deleting the pidfile. When I ran apachectl start without a pidfile, the apache process started up and ran without problems for 3 days. The second time this happened, it wasn't enough to delete the pid file. I again reinstalled apache, and went so far as to reboot the server. (fsck did not find any file system errors on reboot.) This time, I was only able to restart the sever after running the following: [r...@data2]# touch /usr/local/apache-light/logs/httpd.pid [r...@data2]# rm -f /usr/local/apache-light/logs/httpd.pid [r...@data2]# /usr/local/apache-light/bin/apachectl start This finally worked, and the server has been serving requests for 3 days now. Any ideas on what might be going on? I'd love to have some ideas before this happens again -- it's been a stressful 45 minutes each time while I scrambled to try to figure out how to restart it. Thanks! -Chris
[us...@httpd] How to retrieve contents from memcache using POST request parameter
Hi, I was wondering if there is a way to retrieve content from memcached using a POST request parameter as a key? As in, if the POST request had a "x=1" parameter, I would look into memcached to see if there is something whose key is "1", if there is, I would get the corresponding value from memcached. Right now I've installed the modmemcache module from http://code.google.com/p/modmemcachecache/ First of all, I'm new to Apache configuration, but there doesn't seem to exist a directive that says "look in cache and try to retrieve this request" (in Nginx, using the Nginx memcached module the $memcached_key directive does this...) Secondly, is there a way at all to get the parameters in a POST request? (in Nginx this was NOT possible...) Really appreciate your help! - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Apache 1.3 on Vista Home issue
Darryle Steplight wrote: > Hi Evgeny, > I just installed Apache 2.2 on Windows Vista last week. I'm just > curious , how are you starting Apache? Are you using the "net" command > from the command line or are do you have it running as a windows > service? There is no difference above, the net command simply controls windows services. > On Mon, Jun 1, 2009 at 1:44 AM, Evgeny Savitsky > wrote: >> >> I'm trying to start apache on Windows Vista home premium and get the >> following error: We hope you are both aware that their are security issues with 1.3 on windows which cannot be resolved (it wasn't designed to run on Windows, but the behavior was hacked in after the fact). Apache 2.0 is designed for windows, Apache 2.2 considered changes to windows vista, so you are strongly encouraged to upgrade, especially if looking for help. Even 1.3.34 has a host of vulnerabilities solved in 1.3.41. Where did you find this thing, poor soul? Now for all packages, the download site; http://archive.apache.org/dist/httpd/binaries/win32/symbols/ contains a .zip file matching your package you can unzip into the apache directory. These .pdb files allow Dr. Watson to untangle where the crash is, and you can share that information with the list to see if there are any ideas. Unfortunately, poor Vista users don't have Dr. Watson anymore, so they must obtain a package called windbg and actually load the crash dump. Not our doing, sorry about that. The .dmp file would allow us to unwind where the crash is, but we certainly aren't going fishing in such an ancient package; move to 2.2 and go from there. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] php downloaded instead of running
Frank Gingras wrote: Noah, Please read: http://wiki.apache.org/httpd/PHPDownload Frank thanks Frank - that was the answer - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Re: How to retrieve contents from memcache using POST request parameter
Suan-Aik Yeo writes: > Right now > I've installed the modmemcache module from > http://code.google.com/p/modmemcachecache/ If you're using a module you didn't get from Apache, you should probably ask somebody at the place where you got it rather than an Apache list. -- Dan Poirier - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Re: How to retrieve contents from memcache using POST request parameter
Dan Poirier pobox.com> writes: > > Suan-Aik Yeo gmail.com> writes: > > > Right now > > I've installed the modmemcache module from > > http://code.google.com/p/modmemcachecache/ > > If you're using a module you didn't get from Apache, you should probably > ask somebody at the place where you got it rather than an Apache list. > Noted. However, I was also wondering whether there were ways native to apache to do the things I mentioned. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] https works, http doesn't
Forbidden You don't have permission to access / on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. Web server is RHEL 5.2 running httpd-2.2.3-22.el5 Nothing is logged to any error_log. Access attempts are logged and look OK. There is no firewall... iptables is stopped, and I get the same result from localhost. Nothing is logged to audit.log, and the problem persists afetr "setenforce 0" There is an index.html with 644, and it's in /var/www/html with 755, and that is set as the DocumentRoot. HTTPS works perfectly. -- *** * John Oliver http://www.john-oliver.net/ * * * *** - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] https works, http doesn't
John, What does the error log say, exactly? Frank John Oliver wrote: Forbidden You don't have permission to access / on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. Web server is RHEL 5.2 running httpd-2.2.3-22.el5 Nothing is logged to any error_log. Access attempts are logged and look OK. There is no firewall... iptables is stopped, and I get the same result from localhost. Nothing is logged to audit.log, and the problem persists afetr "setenforce 0" There is an index.html with 644, and it's in /var/www/html with 755, and that is set as the DocumentRoot. HTTPS works perfectly. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] https works, http doesn't
On Jun 1, 2009, at 2:52 PM, John Oliver wrote: Forbidden You don't have permission to access / on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. Web server is RHEL 5.2 running httpd-2.2.3-22.el5 Nothing is logged to any error_log. I believe that is impossible: 403s are logged. Are you sure you are looking in the right log? What are the access controls on your DocumentRoot? What is the LogLevel in your configuration file? Access attempts are logged and look OK. There is no Do you mean the access attempt that resulted in the above response? What response code is logged? firewall... iptables is stopped, and I get the same result from localhost. Nothing is logged to audit.log, and the problem persists afetr "setenforce 0" You are definitely talking to the httpd, not to your firewall. There is an index.html with 644, and it's in /var/www/html with 755, and that is set as the DocumentRoot. HTTPS works perfectly. What are the differences in access controls between your SSL vhost and your plaintext vhost (or the main server, as the case may be)? S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [us...@httpd] https works, http doesn't
On Mon, Jun 01, 2009 at 06:00:22PM -0400, Frank Gingras wrote: > John, > > What does the error log say, exactly? Absolutely nothing, besides the messages from httpd starting. > John Oliver wrote: > >Forbidden > > > >You don't have permission to access / on this server. > > > >Additionally, a 403 Forbidden error was encountered while trying to use > >an ErrorDocument to handle the request. > > > > > > > > > >Web server is RHEL 5.2 running httpd-2.2.3-22.el5 Nothing is logged to > >any error_log. Access attempts are logged and look OK. There is no > >firewall... iptables is stopped, and I get the same result from > >localhost. Nothing is logged to audit.log, and the problem persists > >afetr "setenforce 0" There is an index.html with 644, and it's in > >/var/www/html with 755, and that is set as the DocumentRoot. HTTPS > >works perfectly. -- *** * John Oliver http://www.john-oliver.net/ * * * *** - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] https works, http doesn't
On Mon, Jun 01, 2009 at 03:09:23PM -0700, Sander Temme wrote: > > > >Web server is RHEL 5.2 running httpd-2.2.3-22.el5 Nothing is logged > >to > >any error_log. > > I believe that is impossible: 403s are logged. Are you sure you are > looking in the right log? What are the access controls on your > DocumentRoot? It ought to be! But... [r...@mda-vm1h ~]# tail /var/log/httpd/access_log 192.49.61.83 - - [01/Jun/2009:14:34:27 -0700] "GET /aspl/ HTTP/1.1" 403 247 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10" 128.49.61.123 - - [01/Jun/2009:14:34:46 -0700] "POST /threshold/services/ThresholdQuery?wsdl HTTP/1.0" 403 328 "-" "Axis/1.2.1" 127.0.0.1 - - [01/Jun/2009:14:36:13 -0700] "get /" 403 - "-" "-" 127.0.0.1 - - [01/Jun/2009:14:36:26 -0700] "get /index.html" 403 305 "-" "-" 192.49.61.83 - - [01/Jun/2009:14:46:43 -0700] "GET /verification/verify/editAPM.action HTTP/1.1" 403 263 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10" 192.49.61.83 - - [01/Jun/2009:14:46:51 -0700] "GET / HTTP/1.1" 403 - "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10" 192.49.61.83 - - [01/Jun/2009:14:48:20 -0700] "GET / HTTP/1.1" 403 - "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10" 192.49.61.83 - - [01/Jun/2009:14:48:22 -0700] "GET / HTTP/1.1" 403 - "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10" 192.49.61.83 - - [01/Jun/2009:15:12:35 -0700] "GET / HTTP/1.1" 403 - "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10" 192.49.61.83 - - [01/Jun/2009:15:12:38 -0700] "GET /favicon.ico HTTP/1.1" 403 250 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10" [r...@mda-vm1h ~]# tail /var/log/httpd/error_log [Mon Jun 01 14:30:46 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Mon Jun 01 14:30:47 2009] [notice] Digest: generating secret for digest authentication ... [Mon Jun 01 14:30:47 2009] [notice] Digest: done [Mon Jun 01 14:30:47 2009] [notice] Apache/2.2.3 (Red Hat) configured -- resuming normal operations [Mon Jun 01 14:33:45 2009] [notice] caught SIGTERM, shutting down [Mon Jun 01 14:33:45 2009] [notice] SELinux policy enabled; httpd running as context user_u:system_r:httpd_t [Mon Jun 01 14:33:45 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Mon Jun 01 14:33:46 2009] [notice] Digest: generating secret for digest authentication ... [Mon Jun 01 14:33:46 2009] [notice] Digest: done [Mon Jun 01 14:33:46 2009] [notice] Apache/2.2.3 (Red Hat) configured -- resuming normal operations There isn't exactly a plethora of log files for me to choose from: [r...@mda-vm1h ~]# ls -l /var/log/httpd/ | grep "Jun 1" -rw-r--r-- 1 root root 5879 Jun 1 15:12 access_log -rw-r--r-- 1 root root 2578 Jun 1 14:33 error_log -rw-r--r-- 1 root root 1412 Jun 1 14:46 ssl_access_log -rw-r--r-- 1 root root 637 Jun 1 14:45 ssl_error_log -rw-r--r-- 1 root root 1684 Jun 1 14:46 ssl_request_log As for "access controls" on /var/www/html... none besides file permissions. [r...@mda-vm1h ~]# ls -la /var/www/html/ total 32 drwxr-xr-x 3 root root 4096 Nov 12 2008 . drwxr-xr-x 6 root root 4096 Nov 12 2008 .. -rw-r--r-- 1 root root 1480 Apr 22 21:58 index.html > What is the LogLevel in your configuration file? Right now, "warn". I'll bump it up and try again. > >Access attempts are logged and look OK. There is no > > Do you mean the access attempt that resulted in the above response? > What response code is logged? See above. > >firewall... iptables is stopped, and I get the same result from > >localhost. Nothing is logged to audit.log, and the problem persists > >afetr "setenforce 0" > > You are definitely talking to the httpd, not to your firewall. No firewall. iptables is stoipped, browser and client are on same segment / subnet, and I get the same result from localhost. > >There is an index.html with 644, and it's in > >/var/www/html with 755, and that is set as the DocumentRoot. HTTPS > >works perfectly. > > What are the differences in access controls between your SSL vhost and > your plaintext vhost (or the main server, as the case may be)? There are no "access controls", as in htaccess or anything like that. Both httpd.conf and ssl.conf are pretty much stock. I had to point SSL to my certificate, key, and cabundle. Both are going to be materially the same as what comes out of the box. -- *** * John Oliver http://www.john-oliver.net/ * * * *** --
Re: [us...@httpd] https works, http doesn't
On Mon, Jun 01, 2009 at 03:09:23PM -0700, Sander Temme wrote: > > I believe that is impossible: 403s are logged. Are you sure you are > looking in the right log? What are the access controls on your > DocumentRoot? > > What is the LogLevel in your configuration file? I bumped LOgLevel to 'debug' and got: [r...@mda-vm1h ~]# tail -f /var/log/httpd/error_log [Mon Jun 01 15:20:52 2009] [debug] proxy_util.c(1967): proxy: initialized single connection worker 1 in child 8833 for (*) [Mon Jun 01 15:20:52 2009] [notice] Apache/2.2.3 (Red Hat) configured -- resuming normal operations [Mon Jun 01 15:20:52 2009] [info] Server built: Nov 12 2008 07:09:27 [Mon Jun 01 15:20:52 2009] [debug] prefork.c(991): AcceptMutex: sysvsem (default: sysvsem) [Mon Jun 01 15:20:52 2009] [debug] proxy_util.c(1854): proxy: grabbed scoreboard slot 0 in child 8830 for worker ajp://192.168.1.2:8009/ [Mon Jun 01 15:20:52 2009] [debug] proxy_util.c(1873): proxy: worker ajp://192.168.1.2:8009/ already initialized [Mon Jun 01 15:20:52 2009] [debug] proxy_util.c(1967): proxy: initialized single connection worker 0 in child 8830 for (192.168.1.2) [Mon Jun 01 15:20:52 2009] [debug] proxy_util.c(1854): proxy: grabbed scoreboard slot 1 in child 8830 for worker proxy:reverse [Mon Jun 01 15:20:52 2009] [debug] proxy_util.c(1873): proxy: worker proxy:reverse already initialized [Mon Jun 01 15:20:52 2009] [debug] proxy_util.c(1967): proxy: initialized single connection worker 1 in child 8830 for (*) [Mon Jun 01 15:21:10 2009] [debug] mod_deflate.c(447): [client 128.49.61.83] Zlib: Compressed 414 to 293 : URL / [Mon Jun 01 15:21:16 2009] [debug] mod_deflate.c(447): [client 128.49.61.83] Zlib: Compressed 305 to 232 : URL /index.html [Mon Jun 01 15:21:18 2009] [debug] mod_deflate.c(447): [client 128.49.61.83] Zlib: Compressed 305 to 232 : URL /index.html [Mon Jun 01 15:21:19 2009] [debug] mod_deflate.c(447): [client 128.49.61.83] Zlib: Compressed 305 to 232 : URL /index.html [Mon Jun 01 15:21:19 2009] [debug] mod_deflate.c(447): [client 128.49.61.83] Zlib: Compressed 305 to 232 : URL /index.html [Mon Jun 01 15:21:19 2009] [debug] mod_deflate.c(447): [client 128.49.61.83] Zlib: Compressed 305 to 232 : URL /index.html The last six lines are me shift-refreshing trying to get to index.html -- *** * John Oliver http://www.john-oliver.net/ * * * *** - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] https works, http doesn't
John, Then you are looking in the wrong error log, since a 403 is always logged. The other possibility is that you're hitting browser cache. Frank John Oliver wrote: On Mon, Jun 01, 2009 at 06:00:22PM -0400, Frank Gingras wrote: John, What does the error log say, exactly? Absolutely nothing, besides the messages from httpd starting. John Oliver wrote: Forbidden You don't have permission to access / on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. Web server is RHEL 5.2 running httpd-2.2.3-22.el5 Nothing is logged to any error_log. Access attempts are logged and look OK. There is no firewall... iptables is stopped, and I get the same result from localhost. Nothing is logged to audit.log, and the problem persists afetr "setenforce 0" There is an index.html with 644, and it's in /var/www/html with 755, and that is set as the DocumentRoot. HTTPS works perfectly. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] https works, http doesn't
On Jun 1, 2009, at 3:27 PM, Frank Gingras wrote: John, Then you are looking in the wrong error log, since a 403 is always logged. The other possibility is that you're hitting browser cache. Yes, but John's other e-mail does show activity, which means he's actually serving pages. We're looking at the right log, and it's trying to serve the right file. S. Frank John Oliver wrote: On Mon, Jun 01, 2009 at 06:00:22PM -0400, Frank Gingras wrote: John, What does the error log say, exactly? Absolutely nothing, besides the messages from httpd starting. John Oliver wrote: Forbidden You don't have permission to access / on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. Web server is RHEL 5.2 running httpd-2.2.3-22.el5 Nothing is logged to any error_log. Access attempts are logged and look OK. There is no firewall... iptables is stopped, and I get the same result from localhost. Nothing is logged to audit.log, and the problem persists afetr "setenforce 0" There is an index.html with 644, and it's in /var/www/html with 755, and that is set as the DocumentRoot. HTTPS works perfectly. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [us...@httpd] https works, http doesn't
On Mon, Jun 01, 2009 at 06:27:35PM -0400, Frank Gingras wrote: > John, > > Then you are looking in the wrong error log, since a 403 is always logged. > > The other possibility is that you're hitting browser cache. There are no other log files. [r...@mda-vm1h ~]# date Mon Jun 1 15:46:53 PDT 2009 [r...@mda-vm1h ~]# ls -l /var/log/httpd/ | grep "Jun 1" -rw-r--r-- 1 root root 8927 Jun 1 15:46 access_log -rw-r--r-- 1 root root 13210 Jun 1 15:46 error_log -rw-r--r-- 1 root root 3527 Jun 1 15:43 ssl_access_log -rw-r--r-- 1 root root 637 Jun 1 14:45 ssl_error_log -rw-r--r-- 1 root root 3979 Jun 1 15:43 ssl_request_log [r...@mda-vm1h ~]# tail /var/log/httpd/error_log [Mon Jun 01 15:21:52 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Mon Jun 01 15:21:53 2009] [notice] Digest: generating secret for digest authentication ... [Mon Jun 01 15:21:53 2009] [notice] Digest: done [Mon Jun 01 15:21:53 2009] [notice] Apache/2.2.3 (Red Hat) configured -- resuming normal operations [Mon Jun 01 15:46:13 2009] [notice] caught SIGTERM, shutting down [Mon Jun 01 15:46:14 2009] [notice] SELinux policy enabled; httpd running as context user_u:system_r:httpd_t:s0 [Mon Jun 01 15:46:14 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Mon Jun 01 15:46:14 2009] [notice] Digest: generating secret for digest authentication ... [Mon Jun 01 15:46:14 2009] [notice] Digest: done [Mon Jun 01 15:46:14 2009] [notice] Apache/2.2.3 (Red Hat) configured -- resuming normal operations And I'm using shift-refresh, so it isn't likely to be browser cache. Unless httpd is writing the logged 403s to somewhere else. Not sure how that could be,a s I have: ErrorLog logs/error_log And maybe it isn't a 403? Browser just says: Forbidden You don't have permission to access /index.html on this server. -- *** * John Oliver http://www.john-oliver.net/ * * * *** - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] https works, http doesn't
On Mon, Jun 01, 2009 at 03:51:33PM -0700, Sander Temme wrote: > > On Jun 1, 2009, at 3:27 PM, Frank Gingras wrote: > > >John, > > > >Then you are looking in the wrong error log, since a 403 is always > >logged. > > > >The other possibility is that you're hitting browser cache. > > Yes, but John's other e-mail does show activity, which means he's > actually serving pages. > > We're looking at the right log, and it's trying to serve the right file. Exactly. This totally smacks of an selinux issue, but with nothing logged by auditd, and "setenforce 0" doesn't fix... -- *** * John Oliver http://www.john-oliver.net/ * * * *** - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] https works, http doesn't
On Jun 1, 2009, at 3:24 PM, John Oliver wrote: [Mon Jun 01 15:21:19 2009] [debug] mod_deflate.c(447): [client 128.49.61.83] Zlib: Compressed 305 to 232 : URL /index.html So it's trying to serve you something. This is probably the internally generated response from the server after it boinked on serving the standard error page document. Your access log: 192.49.61.83 - - [01/Jun/2009:15:12:35 -0700] "GET / HTTP/1.1" 403 - "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10" 192.49.61.83 - - [01/Jun/2009:15:12:38 -0700] "GET /favicon.ico HTTP/ 1.1" 403 250 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv: 1.9.0.10) Gecko/2009042316 Firefox/3.0.10" Interesting that it would serve *no content* for the / and 250 bytes for the favicon.ico. Suggests a different data path is followed. As you may know, if you don't put any content in /var/www/html, Red Hat will serve the 403 error page because it has configured Directory Listings of /var/www/html to be forbidden. By striking coincidence, that error page HTML document is dolled up to look like the default "this is a Red Hat box" page you (should) see in your browser. So what have you changed to your config? You HAVE changed things: for starters deflate is not on by default. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [us...@httpd] https works, http doesn't
John Oliver wrote: You don't have permission to access / on this server. [...] There is an index.html with 644, and it's in /var/www/html with 755, and that is set as the DocumentRoot. And DirectoryIndex is set to use it? Regards /Jonas -- Jonas Eckerman Fruktträdet & Förbundet Sveriges Dövblinda http://www.fsdb.org/ http://www.frukt.org/ http://whatever.frukt.org/ - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] https works, http doesn't
On Mon, Jun 01, 2009 at 04:10:24PM -0700, Sander Temme wrote: > > On Jun 1, 2009, at 3:24 PM, John Oliver wrote: > > >[Mon Jun 01 15:21:19 2009] [debug] mod_deflate.c(447): [client > >128.49.61.83] Zlib: Compressed 305 to 232 : URL /index.html > > > So it's trying to serve you something. This is probably the > internally generated response from the server after it boinked on > serving the standard error page document. > > Your access log: > > >192.49.61.83 - - [01/Jun/2009:15:12:35 -0700] "GET / HTTP/1.1" 403 - > >"-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) > >Gecko/2009042316 Firefox/3.0.10" > >192.49.61.83 - - [01/Jun/2009:15:12:38 -0700] "GET /favicon.ico HTTP/ > >1.1" 403 250 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv: > >1.9.0.10) Gecko/2009042316 Firefox/3.0.10" > > Interesting that it would serve *no content* for the / and 250 bytes > for the favicon.ico. Suggests a different data path is followed. > > As you may know, if you don't put any content in /var/www/html, Red > Hat will serve the 403 error page because it has configured Directory > Listings of /var/www/html to be forbidden. By striking coincidence, > that error page HTML document is dolled up to look like the default > "this is a Red Hat box" page you (should) see in your browser. Yup, but DirectoryIndex (or my manually spoecifying index.html) ought to take care of that. > So what have you changed to your config? You HAVE changed things: for > starters deflate is not on by default. ServerTokens OS ServerRoot "/etc/httpd" PidFile run/httpd.pid Timeout 120 KeepAlive Off MaxKeepAliveRequests 100 KeepAliveTimeout 15 StartServers 8 MinSpareServers5 MaxSpareServers 20 ServerLimit 256 MaxClients 256 MaxRequestsPerChild 4000 StartServers 2 MaxClients 150 MinSpareThreads 25 MaxSpareThreads 75 ThreadsPerChild 25 MaxRequestsPerChild 0 Listen 80 LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule auth_digest_module modules/mod_auth_digest.so LoadModule authn_file_module modules/mod_authn_file.so LoadModule authn_alias_module modules/mod_authn_alias.so LoadModule authn_anon_module modules/mod_authn_anon.so LoadModule authn_dbm_module modules/mod_authn_dbm.so LoadModule authn_default_module modules/mod_authn_default.so LoadModule authz_host_module modules/mod_authz_host.so LoadModule authz_user_module modules/mod_authz_user.so LoadModule authz_owner_module modules/mod_authz_owner.so LoadModule authz_groupfile_module modules/mod_authz_groupfile.so LoadModule authz_dbm_module modules/mod_authz_dbm.so LoadModule authz_default_module modules/mod_authz_default.so LoadModule ldap_module modules/mod_ldap.so LoadModule authnz_ldap_module modules/mod_authnz_ldap.so LoadModule include_module modules/mod_include.so LoadModule log_config_module modules/mod_log_config.so LoadModule logio_module modules/mod_logio.so LoadModule env_module modules/mod_env.so LoadModule ext_filter_module modules/mod_ext_filter.so LoadModule mime_magic_module modules/mod_mime_magic.so LoadModule expires_module modules/mod_expires.so LoadModule deflate_module modules/mod_deflate.so LoadModule headers_module modules/mod_headers.so LoadModule usertrack_module modules/mod_usertrack.so LoadModule setenvif_module modules/mod_setenvif.so LoadModule mime_module modules/mod_mime.so LoadModule status_module modules/mod_status.so LoadModule autoindex_module modules/mod_autoindex.so LoadModule info_module modules/mod_info.so LoadModule vhost_alias_module modules/mod_vhost_alias.so LoadModule negotiation_module modules/mod_negotiation.so LoadModule dir_module modules/mod_dir.so LoadModule actions_module modules/mod_actions.so LoadModule speling_module modules/mod_speling.so LoadModule userdir_module modules/mod_userdir.so LoadModule alias_module modules/mod_alias.so LoadModule rewrite_module modules/mod_rewrite.so LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_balancer_module modules/mod_proxy_balancer.so LoadModule proxy_ftp_module modules/mod_proxy_ftp.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule proxy_connect_module modules/mod_proxy_connect.so LoadModule cache_module modules/mod_cache.so LoadModule suexec_module modules/mod_suexec.so LoadModule disk_cache_module modules/mod_disk_cache.so LoadModule file_cache_module modules/mod_file_cache.so LoadModule mem_cache_module modules/mod_mem_cache.so LoadModule cgi_module modules/mod_cgi.so Include conf.d/*.conf User apache Group apache ServerAdmin r...@localhost UseCanonicalName Off DocumentRoot "/var/www/html" Options FollowSymLinks AllowOverride None Options -Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all UserDir disable #UserDir public_html DirectoryIndex index.html index.html.var AccessFileName .htaccess Order allow,deny Deny from all TypesConfig /etc/mime.typ
Re: [us...@httpd] https works, http doesn't
On Jun 1, 2009, at 4:57 PM, John Oliver wrote: As you may know, if you don't put any content in /var/www/html, Red Hat will serve the 403 error page because it has configured Directory Listings of /var/www/html to be forbidden. By striking coincidence, that error page HTML document is dolled up to look like the default "this is a Red Hat box" page you (should) see in your browser. Yup, but DirectoryIndex (or my manually spoecifying index.html) ought to take care of that. In the bare install, there is nothing in /var/www/html, and Options -Indexes forbids to serve directory listing. So you get the 403, which is the "yay I'm using Red Hat" page. And it's logged in error_log as a 403. At log level "error", so your default catches it. The fact that you're not seeing that is very, very weird. So what have you changed to your config? You HAVE changed things: for starters deflate is not on by default. ServerTokens OS No, nothing there that leaps out at me. What's in conf.d/*.conf? S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
