[us...@httpd] use mod_rewrite and mod_jk

[andre wang]

hi all

I have an apache server ( 2.2.9 ) running on debian lenny, and
have name virtualhosts support. The following is my config:


ServerName www.example.com
DocumentRoot /var/www
JkMount /* tomcat
RewriteEngine On
RewriteRule ^/images/ - [L]


   There is a directory named "images" under the document root
"/var/www", so if i send a request
"http://www.example.com/images/a.jpg";, could Apache do NOT send the
requst to my tomcat server, is that possible?

thanks
andre.ease

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] FIPS 140_2 compliant for mod_proxy?

[Krist van Besien]

On Tue, Mar 2, 2010 at 2:39 PM, Mike Trent  wrote:

> There is a patch that turns on FIPS mode in mod_ssl (listed in my last post)
> We can run apache as a server for HTTPS (SSL) in FIPS mode. However when
> communicating over HTTPS (SSL) via mod_proxy - mod_ssl is not running FIPS
> mode. This can be verified by running a line trace and seeing that the TLS
> handshaking client HELLO packet presents a cipher suite that includes non
> FIPS compliant algorithms (RC4 for example).
>
> While running in server mode (not using mod_proxy) FIPS is enabled properly.
> This can be seen in the TLS server HELLO which presents only FIPS compliant
> algorithms such as 3DES.
>
> i.e.
> SSL - as a server -FIPS compliant

I would love to help you, but I need more information from you in
order to do so. I have trouble finding out what it is exactly that you
are trying to achieve, and in what way, because the context fail.
Precise language us usefull. I have trouble trying to imagine what you
mean with "running in proxy mode" and "via mod_proxy". That is where
the exact language of a config file helps.
So please, just post us the SSL part of your config, and we may be
able to point out to you what you need to modify.

> SSL - as a client via mod_proxy - not FIPS compliant

Are you saying that apache is here acting as an SSL client in an non -
FIPS compliant way? ie. apache is here used by you as a proxy that
forwards towards an https server? In that case have a look at the
SSLProxy* directives.

Krist

-- 
krist.vanbes...@gmail.com
kr...@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Number of https virtual hosts support under v2.0.59

[Krist van Besien]

On Mon, Mar 1, 2010 at 4:30 PM, Ruiyuan Jiang  wrote:
> Thanks for the response, Krist.
> The version of openssl that I am using is good 0.98l. The problem is the 
> Apache since I can't use 2.2.14 because the bug it has. See my another post 
> about the page does not refresh automatically after user logs in. I guess I 
> have to try to use work around.
> By the way, you stated "only works with recent browsers though." What 
> browsers and versions work with that, Firefox or IE or both?
(from wikipedia)
Browsers

Browsers with support for TLS server name indication:

* Mozilla Firefox 2.0 or later
* Opera 8.0 or later (the TLS 1.1 protocol must be enabled)
* Internet Explorer 7 (Vista or higher, not XP) or later
* Google Chrome (Vista or higher, not XP)
* Safari Safari 3.2.1 and newer on Mac OS X 10.5.6 and Windows
Vista or higher, not XP


Krist

-- 
krist.vanbes...@gmail.com
kr...@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[us...@httpd] Spider Monkey

[antoine]

Hello, I have a question in spider monkey api for parsing javascript.

Is this the right list to apply ?? If not please tell me where to ask.

Regards

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Spider Monkey

[Krist van Besien]

On Wed, Mar 3, 2010 at 12:46 PM, antoine  wrote:
> Hello, I have a question in spider monkey api for parsing javascript.
>
> Is this the right list to apply ?? If not please tell me where to ask.

http://lmgtfy.com/?q=spidermonkey+api+mailing+list

Krist




-- 
krist.vanbes...@gmail.com
kr...@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] use mod_rewrite and mod_jk

[Nick Tkach]

Yes, you want to look at JkUnmount directive (something like JkUnmount 
/images/*).  Just put it before your JkMount statement(s).

This email message and any attachments are for the sole use of the intended 
recipient(s) and may contain information that is proprietary to Ahold and/or 
its subsidiaries (“Ahold”) or otherwise confidential or legally privileged.  If 
you have received this message in error, please notify the sender by reply, and 
delete all copies of this message and any attachments.  If you are the intended 
recipient you may use the information contained in this message and any files 
attached to this message only as authorized by Ahold.  Files attached to this 
message may only be transmitted using secure systems and appropriate means of 
encryption, and must be secured using the same level of password and security 
protection with which the file was provided to you.  Any unauthorized use, 
dissemination or disclosure of this message or its attachments is strictly 
prohibited.

- Original Message -
From: "andre wang" 
To: users@httpd.apache.org
Sent: Wednesday, March 3, 2010 4:07:37 AM
Subject: [us...@httpd] use mod_rewrite and mod_jk

hi all

I have an apache server ( 2.2.9 ) running on debian lenny, and
have name virtualhosts support. The following is my config:


ServerName www.example.com
DocumentRoot /var/www
JkMount /* tomcat
RewriteEngine On
RewriteRule ^/images/ - [L]


   There is a directory named "images" under the document root
"/var/www", so if i send a request
"http://www.example.com/images/a.jpg";, could Apache do NOT send the
requst to my tomcat server, is that possible?

thanks
andre.ease

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Spider Monkey

[Monkey Daemon]

On 3 March 2010 12:09, Krist van Besien  wrote:
> On Wed, Mar 3, 2010 at 12:46 PM, antoine  wrote:
>> Hello, I have a question in spider monkey api for parsing javascript.
>>
>> Is this the right list to apply ?? If not please tell me where to ask.
>
> http://lmgtfy.com/?q=spidermonkey+api+mailing+list

WIN.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] use mod_rewrite and mod_jk

[andre wang]

thanks Nick, JkUnmount works well.


On Wed, Mar 3, 2010 at 8:46 PM, Nick Tkach  wrote:
> Yes, you want to look at JkUnmount directive (something like JkUnmount 
> /images/*).  Just put it before your JkMount statement(s).
>
> This email message and any attachments are for the sole use of the intended 
> recipient(s) and may contain information that is proprietary to Ahold and/or 
> its subsidiaries (“Ahold”) or otherwise confidential or legally privileged.  
> If you have received this message in error, please notify the sender by 
> reply, and delete all copies of this message and any attachments.  If you are 
> the intended recipient you may use the information contained in this message 
> and any files attached to this message only as authorized by Ahold.  Files 
> attached to this message may only be transmitted using secure systems and 
> appropriate means of encryption, and must be secured using the same level of 
> password and security protection with which the file was provided to you.  
> Any unauthorized use, dissemination or disclosure of this message or its 
> attachments is strictly prohibited.
>
> - Original Message -
> From: "andre wang" 
> To: users@httpd.apache.org
> Sent: Wednesday, March 3, 2010 4:07:37 AM
> Subject: [us...@httpd] use mod_rewrite and mod_jk
>
> hi all
>
>    I have an apache server ( 2.2.9 ) running on debian lenny, and
> have name virtualhosts support. The following is my config:
>
>    
>        ServerName www.example.com
>        DocumentRoot /var/www
>        JkMount /* tomcat
>        RewriteEngine On
>        RewriteRule ^/images/ - [L]
>    
>
>   There is a directory named "images" under the document root
> "/var/www", so if i send a request
> "http://www.example.com/images/a.jpg";, could Apache do NOT send the
> requst to my tomcat server, is that possible?
>
> thanks
> andre.ease
>
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>   "   from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>   "   from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] FIPS 140_2 compliant for mod_proxy?

[Mike Trent]

Thanks for the response.

Yes, we are running apache acting as an SSL client. And yes I am saying that
apache is running as a proxy that forwards towards an HTTPS server.

It does communicate in SSL so there is no issue with the SSL directives in
the config. But for your interest here are the pertinent lines we have in
the proxy.conf file:

SSLProxyEngine on
SSLProxyProtocol all

The issue is FIPS 140-2 compliance. As a server, apache runs SSL in FIPS
140-2 compliance, but does not run SSL in FIPS 140-2 compliance as a client.
As stated in the early post the FIPS 140-2 patch was applied but does not
seem to have an affect on apache when acting as a client as a proxy.

This is a FIPS 140-2 compliance issue not an SSL issue. The SSL
communication is fine.

Thank you.





Krist van Besien wrote:
> 
> I would love to help you, but I need more information from you in
> order to do so. I have trouble finding out what it is exactly that you
> are trying to achieve, and in what way, because the context fail.
> Precise language us usefull. I have trouble trying to imagine what you
> mean with "running in proxy mode" and "via mod_proxy". That is where
> the exact language of a config file helps.
> So please, just post us the SSL part of your config, and we may be
> able to point out to you what you need to modify.
> 
>> SSL - as a client via mod_proxy - not FIPS compliant
> 
> Are you saying that apache is here acting as an SSL client in an non -
> FIPS compliant way? ie. apache is here used by you as a proxy that
> forwards towards an https server? In that case have a look at the
> SSLProxy* directives.
> 
> Krist
> 
> 

-- 
View this message in context: 
http://old.nabble.com/FIPS-140_2-compliant-for-mod_proxy--tp27748496p27768701.html
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[us...@httpd] which cache is faster ?

[Sachin Gopal]

Hi

On a production machine we want to deploy caching where users would be
around 300. Which cache is
faster and why ? Mod_mem_cache or mod_disk_cache.

Thanks

-- 
Sachin

Re: [us...@httpd] which cache is faster ?

[Philip Wigg]

On 3 March 2010 14:12, Sachin Gopal  wrote:
> Hi
> On a production machine we want to deploy caching where users would be
> around 300. Which cache is
> faster and why ? Mod_mem_cache or mod_disk_cache.

There's a good explanation of the advantages and disadvantages of both here:-

http://httpd.apache.org/docs/2.2/mod/mod_mem_cache.html
http://httpd.apache.org/docs/2.2/caching.html#inmemory

Basically it says you're probably better off using mod_disk_cache and
letting your OS handle the in-memory caching unless you're using
Apache as a proxy.

Phil.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] FIPS 140_2 compliant for mod_proxy?

[Krist van Besien]

On Wed, Mar 3, 2010 at 3:12 PM, Mike Trent  wrote:

> The issue is FIPS 140-2 compliance. As a server, apache runs SSL in FIPS
> 140-2 compliance, but does not run SSL in FIPS 140-2 compliance as a client.
> As stated in the early post the FIPS 140-2 patch was applied but does not
> seem to have an affect on apache when acting as a client as a proxy.
>
> This is a FIPS 140-2 compliance issue not an SSL issue. The SSL
> communication is fine.

Of course it could be that when operating as a client Apache assumes
that it is the server it communicates with that will enforce FIPS
compliance. However, you can probably make it compliant by restricting
the cyphers it will use as a client. That is why I suggested you look
in to the possibilitiess the SSLProxy* directives offer. If you
consult the mod_ssl documentation you will see that there is a
directive  SSLProxyCipherSuite, that you can use to limit the ciphers
offered in the HELLO packet.


Krist

-- 
krist.vanbes...@gmail.com
kr...@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] FIPS 140_2 compliant for mod_proxy?

[Mike Trent]

Unfortunatley restricting the algorithms to FIPS compliant algorithms in the
apache configs is not good enough to claim FIPS 140-2 compliance. The
openSSL library 'must' be running in FIPS mode. It is a requirement of FIPS
140-2 that the module doing the cryptographic functions is a FIPS
'validated' module. When in FIPS mode SSL will automatically restrict the
algorithms.  Perhaps I need to post this on the openSSL forum instead.

Thanks again.


Krist van Besien wrote:
> 
> 
> Of course it could be that when operating as a client Apache assumes
> that it is the server it communicates with that will enforce FIPS
> compliance. However, you can probably make it compliant by restricting
> the cyphers it will use as a client. That is why I suggested you look
> in to the possibilitiess the SSLProxy* directives offer. If you
> consult the mod_ssl documentation you will see that there is a
> directive  SSLProxyCipherSuite, that you can use to limit the ciphers
> offered in the HELLO packet.
> 
> 
> Krist
> 
> -- 
> krist.vanbes...@gmail.com
> kr...@vanbesien.org
> Bremgarten b. Bern, Switzerland
> --
> 

-- 
View this message in context: 
http://old.nabble.com/FIPS-140_2-compliant-for-mod_proxy--tp27748496p27768938.html
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] which cache is faster ?

[Sachin Gopal]

Thanks Phil.

On Wed, Mar 3, 2010 at 7:51 PM, Philip Wigg  wrote:

> On 3 March 2010 14:12, Sachin Gopal  wrote:
> > Hi
> > On a production machine we want to deploy caching where users would be
> > around 300. Which cache is
> > faster and why ? Mod_mem_cache or mod_disk_cache.
>
> There's a good explanation of the advantages and disadvantages of both
> here:-
>
> http://httpd.apache.org/docs/2.2/mod/mod_mem_cache.html
> http://httpd.apache.org/docs/2.2/caching.html#inmemory
>
> Basically it says you're probably better off using mod_disk_cache and
> letting your OS handle the in-memory caching unless you're using
> Apache as a proxy.
>
> Phil.
>
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>   "   from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>


-- 
Sachin Gopal

[us...@httpd] HTTP-413 error when server recieves a blank POST

[Chaminda Divitotawela]

Hi,

I use httpd server 2.2.4.1 and due to some issue of one of the client 
application, client sends a blank(with no payload) POST request. In this case 
httpd wait and times out and returns the HTTP-413 error. HTTP-413 error 
indicates 'request entity too large'. However in this case this error is not 
anything related to the size of the request content. I have not configured 
LimitRequestBody in the apache server so there is no restriction imposed on the 
size of the request.

I would like to know whether this is the correct error httpd suppose to send in 
such situation, if so what is the explanation.

This is the information in the POST request and no further communication from 
the client.

POST /soap/publicationConsumerHttp_v1_0 HTTP/1.1 Content-type: text/xml; 
charset=utf-8..SOAPACTION: "publish"..Transfer-Encoding: chunked..User-Agent: 
Java_1.6..Host: hostname..Accept: text/html, image/gif, image/jpeg, */*; 
q=.2..Connection: Keep-Alive  

I need to provide an explanation why httpd server return 413 error given that 
this is not related to the size of the request. I have not configured the 

Many Thanks,
Chaminda


  

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] FIPS 140_2 compliant for mod_proxy?

[William A. Rowe Jr.]

On 3/3/2010 8:34 AM, Mike Trent wrote:
> 
> Unfortunatley restricting the algorithms to FIPS compliant algorithms in the
> apache configs is not good enough to claim FIPS 140-2 compliance. The
> openSSL library 'must' be running in FIPS mode. It is a requirement of FIPS
> 140-2 that the module doing the cryptographic functions is a FIPS
> 'validated' module. When in FIPS mode SSL will automatically restrict the
> algorithms.  Perhaps I need to post this on the openSSL forum instead.

It does more than that.  It invokes validated implementations of those specific
algorithms, not the optimized but not FIPS approved implementations that are 
used
by openssl by default.

Bring it to the attention of dev@, or more specifically, raise an issue on the
httpd bugzilla against 2.2.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Reverse proxy with mod_rewrite using RewriteRule [P]

[Daniel López Robles]

Tom Evans escribió:

2010/3/2 Daniel López Robles :
  

Hello:

We have two Apaches in a server:

Apache 2.2.14, reverse proxy, listening to IP 192.168.24.X
Apache 2.2.11, which actually serves the websites, listening to IP
192.168.24.Y

Domain name proxy.mysite.es points to our reverse proxy Apache, and we need
it to send requests to the other Apache in this way:

http://proxy.mysite.es/something -> http://something.mysite.es

Our rewrite rule:

RewriteRule ^/(.*) http://$1.mysite.es/ [L,P]



This looks very wrong.

  

In RewriteLog we can see that the rewrite rule is working fine up to some
point:

[pre.mysite.es/sid#db73a0][rid#eef078/initial] (2) rewrite '/something' ->
'http://something.mysite.es/'
...
[pre.mysite.es/sid#db73a0][rid#ef3088/initial] (2) rewrite
'/public/index.aspx' -> 'http://public/index.aspx.mysite.es/'



as these two lines point out.

If you request the URL http://proxy.mysite.es/foo/bar.html on the
proxy, your rule says to rewrite this to http://foo/bar.html.mysite.es
- does that LOOK right?!

I would do this much more explicitly, rather than allow the users to
specify the hosts that we will proxy to:

ProxyPass /something/ http://something.mysite.es/
ProxyPassReverse /something/ http://something.mysite.es/
ProxyPassReverseCookieDomain something.mysite.es proxy.mysite.es

and then repeat those lines for each host that you wish to be proxied.

If you really can't do this, and must have it dynamic, then I suggest
a regular expression tutorial :)

Cheers

Tom
  
Yes, you are right, Tom, if the user requests 
"http//proxy.mysite.es/something/public/index.aspx" it will be rewritten 
to "http//something/public/index.aspx.mysite.es/" that is of course not 
correct. I know this is not the best RewriteRule directive. The question 
is that if http//proxy.mysite.es/something/ is being properly rewritten 
as http//something.mysite.es/, and http://something.mysite.es redirects 
to http://something.mysite.es/public/index.aspx, why is being logged the 
attempt to rewrite "'/public/index.aspx' -> 
'http://public/index.aspx.mysite.es/'" in the reverse proxy Apache? It 
seems that the http//something.mysite.es/ request is being sent to the 
reverse proxy Apache itself.


Actually, I have changed the RewriteRule directive for a more explicity one:

RewriteRule ^/something/(.*) http://www.mysite.es/$1 [L,P]

And some kind of infinite loop is being created. RewriteLog:

192.168.24.X - - [03/Mar/2010:17:23:50 +0100] 
[proxy.mysite.es/sid#dbb478][rid#ef0130/initial] (2) init rewrite engine 
with requested uri /something/
192.168.24.X - - [03/Mar/2010:17:23:50 +0100] 
[proxy.mysite.es/sid#dbb478][rid#ef0130/initial] (3) applying pattern 
'^/something/(.*)' to uri '/something/'
192.168.24.X - - [03/Mar/2010:17:23:50 +0100] 
[proxy.mysite.es/sid#dbb478][rid#ef0130/initial] (2) rewrite 
'/something/' -> 'http://www.mysite.es/'
192.168.24.X - - [03/Mar/2010:17:23:50 +0100] 
[proxy.mysite.es/sid#dbb478][rid#ef0130/initial] (2) forcing 
proxy-throughput with http://www.mysite.es/
192.168.24.X - - [03/Mar/2010:17:23:50 +0100] 
[proxy.mysite.es/sid#dbb478][rid#ef0130/initial] (1) go-ahead with proxy 
request proxy:http://www.mysite.es/ [OK]

[...] Then, those 5 lines again and again.

But if I look the access log of the Apache that actually serves 
www.mysite.es, I can see also a lot of request at the same time, so it 
looks like the request is being sent from the reverse proxy to the 
Apache 2.2.11 and back a lot of times.


192.168.24.Y - - [03/Mar/2010:17:23:52 +0100] "GET / HTTP/1.0" 302 191 
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; WOW64; SV1; .NET 
CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 
3.5.30729)"

[...] Again and again.

I don't get it, I must be missing something. Any clue, please?

Thank you very much.

Daniel


Protecci�n de Datos: ACOTELSA le informa de que los datos facilitados por Ud. y 
utilizados para el env�o de esta comunicaci�n ser�n objeto de tratamiento 
automatizado o no en nuestros ficheros, con la finalidad de gestionar la agenda 
de contactos de nuestra empresa y para el env�o de comunicaciones profesionales 
por cualquier medio electr�nico o no. Vd. podr� en cualquier momento ejercer el 
derecho de acceso, rectificaci�n, cancelaci�n y oposici�n en los t�rminos 
establecidos en la Ley Org�nica 15/1999. El responsable del tratamiento es 
ACOTELSA, con domicilio en Ronda de Poniente, 3 bajo, 28760 Tres Cantos, Madrid.

Confidencialidad El contenido de esta comunicaci�n, as� como el de toda la 
documentaci�n anexa, es confidencial y va dirigido �nicamente al destinatario 
del mismo. En el supuesto de que usted no fuera el destinatario, le solicitamos 
que nos lo indique y no comunique su contenido a terceros, procediendo a su 
destrucci�n. Gracias.

Confidenciality The content of this communication and any attached information 
is confidential and exclusively for the use of the addressee. If you are not 
the addressee, we ask yo

Re: [us...@httpd] Reverse proxy with mod_rewrite using RewriteRule [P]

[Tom Evans]

2010/3/3 Daniel López Robles :
> Tom Evans escribió:
>>
>> 2010/3/2 Daniel López Robles :
>>
>>>
>>> Hello:
>>>
>>> We have two Apaches in a server:
>>>
>>> Apache 2.2.14, reverse proxy, listening to IP 192.168.24.X
>>> Apache 2.2.11, which actually serves the websites, listening to IP
>>> 192.168.24.Y
>>>
>>> Domain name proxy.mysite.es points to our reverse proxy Apache, and we
>>> need
>>> it to send requests to the other Apache in this way:
>>>
>>> http://proxy.mysite.es/something -> http://something.mysite.es
>>>
>>> Our rewrite rule:
>>>
>>> RewriteRule ^/(.*) http://$1.mysite.es/ [L,P]
>>>
>>
>> This looks very wrong.
>>
>>
>>>
>>> In RewriteLog we can see that the rewrite rule is working fine up to some
>>> point:
>>> 
>>> [pre.mysite.es/sid#db73a0][rid#eef078/initial] (2) rewrite '/something'
>>> ->
>>> 'http://something.mysite.es/'
>>> ...
>>> [pre.mysite.es/sid#db73a0][rid#ef3088/initial] (2) rewrite
>>> '/public/index.aspx' -> 'http://public/index.aspx.mysite.es/'
>>>
>>
>> as these two lines point out.
>>
>> If you request the URL http://proxy.mysite.es/foo/bar.html on the
>> proxy, your rule says to rewrite this to http://foo/bar.html.mysite.es
>> - does that LOOK right?!
>>
>> I would do this much more explicitly, rather than allow the users to
>> specify the hosts that we will proxy to:
>>
>> ProxyPass /something/ http://something.mysite.es/
>> ProxyPassReverse /something/ http://something.mysite.es/
>> ProxyPassReverseCookieDomain something.mysite.es proxy.mysite.es
>>
>> and then repeat those lines for each host that you wish to be proxied.
>>
>> If you really can't do this, and must have it dynamic, then I suggest
>> a regular expression tutorial :)
>>
>> Cheers
>>
>> Tom
>>
>
> Yes, you are right, Tom, if the user requests
> "http//proxy.mysite.es/something/public/index.aspx" it will be rewritten to
> "http//something/public/index.aspx.mysite.es/" that is of course not
> correct. I know this is not the best RewriteRule directive. The question is
> that if http//proxy.mysite.es/something/ is being properly rewritten as
> http//something.mysite.es/, and http://something.mysite.es redirects to
> http://something.mysite.es/public/index.aspx, why is being logged the
> attempt to rewrite "'/public/index.aspx' ->
> 'http://public/index.aspx.mysite.es/'" in the reverse proxy Apache? It seems
> that the http//something.mysite.es/ request is being sent to the reverse
> proxy Apache itself.
>
> Actually, I have changed the RewriteRule directive for a more explicity one:
>
> RewriteRule ^/something/(.*) http://www.mysite.es/$1 [L,P]
>
> And some kind of infinite loop is being created. RewriteLog:
>
> 192.168.24.X - - [03/Mar/2010:17:23:50 +0100]
> [proxy.mysite.es/sid#dbb478][rid#ef0130/initial] (2) init rewrite engine
> with requested uri /something/
> 192.168.24.X - - [03/Mar/2010:17:23:50 +0100]
> [proxy.mysite.es/sid#dbb478][rid#ef0130/initial] (3) applying pattern
> '^/something/(.*)' to uri '/something/'
> 192.168.24.X - - [03/Mar/2010:17:23:50 +0100]
> [proxy.mysite.es/sid#dbb478][rid#ef0130/initial] (2) rewrite '/something/'
> -> 'http://www.mysite.es/'
> 192.168.24.X - - [03/Mar/2010:17:23:50 +0100]
> [proxy.mysite.es/sid#dbb478][rid#ef0130/initial] (2) forcing
> proxy-throughput with http://www.mysite.es/
> 192.168.24.X - - [03/Mar/2010:17:23:50 +0100]
> [proxy.mysite.es/sid#dbb478][rid#ef0130/initial] (1) go-ahead with proxy
> request proxy:http://www.mysite.es/ [OK]
> [...] Then, those 5 lines again and again.
>
> But if I look the access log of the Apache that actually serves
> www.mysite.es, I can see also a lot of request at the same time, so it looks
> like the request is being sent from the reverse proxy to the Apache 2.2.11
> and back a lot of times.
>
> 192.168.24.Y - - [03/Mar/2010:17:23:52 +0100] "GET / HTTP/1.0" 302 191 "-"
> "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; WOW64; SV1; .NET CLR
> 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR
> 3.5.30729)"
> [...] Again and again.
>
> I don't get it, I must be missing something. Any clue, please?
>
> Thank you very much.
>
> Daniel
>

Here's the big clue: stop using rewrite rules for proxying! If you
want to pass requests for http://proxy.mysite.es/something/ to
http://www.mysite.es/, then use ProxyPass - it is what it was written
for.

I'm not seeing an infinite loop in your rewrite log - that looks
normal to me. The access log from your application server
(www.mysite.es) shows that it is redirecting when the proxy requests
/. I imagine that is getting passed to your browser, which then
follows the redirect again. If it is looping, it is the redirection on
your application server that is causing it.

Cheers

Tom

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: user

[us...@httpd] Apache not logging remote user for PHP files protected by Shibboleth

[Svend Sorensen]

(I posted this to the shibboleth-users list, but I haven't found a
solution yet.)

I have a directory protected with Shibboleth on an Apache 2 server.
Everything works as expected except the Apache logging. When I request
a PHP file, I am forced to log in, but the remote user (%u) shows up as
"-" in the Apache logs. PHP sees the correct value for REMOTE_USER.

When I request an HTML file, my Shibboleth ID shows up in the Apache
logs.

The .htaccess file protecting the directory is:

AuthType shibboleth
ShibRequireSession On
Require valid-user

The test PHP file which prints the correct remote user name is



Here is an edited version of what is logged:

XXX.XXX.XXX.XXX - - [02/Mar/2010:11:11:56] "GET /shib/test.php HTTP/1.1" 200 31 
"-" ...
XXX.XXX.XXX.XXX - - [02/Mar/2010:11:11:56] "GET /favicon.ico HTTP/1.1" 200 - 
"https://example.com/shib/test.php"; ...
XXX.XXX.XXX.XXX - m...@myidp [02/Mar/2010:11:11:59] "GET /shib/test.html 
HTTP/1.1" 200 32 "-" ...

Why isn't the remote user logged for PHP files?

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[us...@httpd] Re: Apache not logging remote user for PHP files protected by Shibboleth

[Svend Sorensen]

I think that this is caused by a bug in the version of PHP we are
running.

http://bugs.php.net/46005

On Wed, Mar 03, 2010 at 10:44:36AM -0800, Svend Sorensen wrote:
> (I posted this to the shibboleth-users list, but I haven't found a
> solution yet.)
> 
> I have a directory protected with Shibboleth on an Apache 2 server.
> Everything works as expected except the Apache logging. When I request
> a PHP file, I am forced to log in, but the remote user (%u) shows up as
> "-" in the Apache logs. PHP sees the correct value for REMOTE_USER.
> 
> When I request an HTML file, my Shibboleth ID shows up in the Apache
> logs.
> 
> The .htaccess file protecting the directory is:
> 
> AuthType shibboleth
> ShibRequireSession On
> Require valid-user
> 
> The test PHP file which prints the correct remote user name is
> 
> 
> 
> Here is an edited version of what is logged:
> 
> XXX.XXX.XXX.XXX - - [02/Mar/2010:11:11:56] "GET /shib/test.php HTTP/1.1" 200 
> 31 "-" ...
> XXX.XXX.XXX.XXX - - [02/Mar/2010:11:11:56] "GET /favicon.ico HTTP/1.1" 200 - 
> "https://example.com/shib/test.php"; ...
> XXX.XXX.XXX.XXX - m...@myidp [02/Mar/2010:11:11:59] "GET /shib/test.html 
> HTTP/1.1" 200 32 "-" ...
> 
> Why isn't the remote user logged for PHP files?

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[us...@httpd] issue in debian lenny.

[J. Bakshi]

Hello list,

Here in debian lenny the rewrite rules are working well. I have checked
by this .htaccess and successful


DirectoryIndex index.php
RewriteEngine On

#RewriteRule ^typo3$ - [L]
#RewriteRule ^typo3/.*$ - [L]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule .* index.php
```


Now I like to place the rewrite stuff in apache configuration so that I
don't need to place .htaccess for all the sites. and here is the config
I have placed in apache

```

Options Indexes FollowSymLinks MultiViews
# .htaccess slows down apache; only use it when required #
AllowOverride All
Order allow,deny
allow from all

### Begin: Rewrite stuff for typo3 ###


# Enable URL rewriting
RewriteEngine On
RewriteBase /

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l

RewriteRule .* index.php [L]





restart apache and remove the .htaccess from webroot directory of the
site. the rewite stuff is not working now !!! Is it a problem with
 which is not recognized here in lenny ? Does
anyone have any idea or faced the same problem.

BTW: The above config running fine with opensuse 11.2

Thanks

-- 
জয়দীপ বক্সী


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] issue in debian lenny.

[Nilesh Govindarajan]

On Thu, Mar 4, 2010 at 11:12 AM, J. Bakshi  wrote:

> Hello list,
>
> Here in debian lenny the rewrite rules are working well. I have checked
> by this .htaccess and successful
>
> 
> DirectoryIndex index.php
> RewriteEngine On
>
> #RewriteRule ^typo3$ - [L]
> #RewriteRule ^typo3/.*$ - [L]
>
> RewriteCond %{REQUEST_FILENAME} !-f
> RewriteCond %{REQUEST_FILENAME} !-d
> RewriteCond %{REQUEST_FILENAME} !-l
> RewriteRule .* index.php
> ```
>
>
> Now I like to place the rewrite stuff in apache configuration so that I
> don't need to place .htaccess for all the sites. and here is the config
> I have placed in apache
>
> ```
> 
> Options Indexes FollowSymLinks MultiViews
> # .htaccess slows down apache; only use it when required #
> AllowOverride All
> Order allow,deny
> allow from all
>
> ### Begin: Rewrite stuff for typo3 ###
> 
>
> # Enable URL rewriting
> RewriteEngine On
> RewriteBase /
>
> RewriteCond %{REQUEST_FILENAME} !-f
> RewriteCond %{REQUEST_FILENAME} !-d
> RewriteCond %{REQUEST_FILENAME} !-l
>
> RewriteRule .* index.php [L]
> 
> 
>
> 
>
> restart apache and remove the .htaccess from webroot directory of the
> site. the rewite stuff is not working now !!! Is it a problem with
>  which is not recognized here in lenny ? Does
> anyone have any idea or faced the same problem.
>
> BTW: The above config running fine with opensuse 11.2
>
> Thanks
>
> --
> জয়দীপ বক্সী
>
>
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>   "   from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
I think you should be using rewrite_module.c instead of mod_rewrite.c

-- 
Nilesh Govindarajan
Site & Server Administrator
www.itech7.com

Re: [us...@httpd] mod_deflate logging issue when not using virtual hosts

[Anand Sathe]

Hello everyone,
Trying for the 3rd time ! am i in a minority of 1 on this issue? Would 
appreciate any thoughts at all anyone has
Regards
-Anand

--- On Tue, 2/23/10, Anand Sathe  wrote:

> From: Anand Sathe 
> Subject: [us...@httpd] mod_deflate logging issue when not using virtual hosts
> To: users@httpd.apache.org
> Date: Tuesday, February 23, 2010, 11:10 AM
> Trying one more time as the earlier
> post failed to garner any replies :)
> Any help appreciated
> Anand
> ---
> 
> 
> 
> > Hi,
> > I am having a peculiar issue with turning on logging
> for
> > mod_deflate.
> > 
> > Environment:
> > Apache 2.2.6 running on Linux (SuSE 11 x86 64 bit).
> > I have no virtual hosts defined - all my configuration
> is
> > in httpd.conf
> >  Here is a snapshot of my httpd.conf
> > --
> > # Filters allow you to process content before it is
> sent to
> > the client.
> > 
> > 
> >  AddOutputFilterByType DEFLATE text/html
> text/plain
> > text/xml application/xml application/xhtml+xml 
> > 
> > text/javascript text/css application/x-javascript
> >  BrowserMatch ^Mozilla/4 gzip-only-text/html
> >  BrowserMatch ^Mozilla/4.0[678] no-gzip
> >  BrowserMatch bMSIE !no-gzip
> !gzip-only-text/html
> >  DeflateCompressionLevel 9
> >  DeflateFilterNote Input instream
> >  DeflateFilterNote Output outstream
> >  DeflateFilterNote Ratio ratio
> >  LogFormat '"%r" %{outstream}n/%{instream}n
> > (%{ratio}n%%)' DEFLATE
> >  DeflateFilterNote ratio
> >  LogFormat '"%r" %b (%{ratio}n)
> "%{User-agent}i"'
> > DEFLATE
> >  CustomLog logs/deflate_log DEFLATE
> > 
> > 
> > 
> > The Problem: 
> > Content is getting zipped as expected. However, the
> custom
> > log (logs/deflate_log) gets created but stays empty -
> > nothing ever is recorded there.
> > I AM aware of this issue as mentioned in the httpd
> docs:
> > " If CustomLog or ErrorLog directives are placed
> inside a
> >  section, all requests or errors
> for that
> > virtual host will be logged only to the specified
> file. Any
> > virtual host which does not have logging directives
> will
> > still have its requests sent to the main server
> logs."
> > 
> > However, since i do not have a virtual hosts section
> > defined and my CustomLog and ErrorLog directives are
> for the
> > entire server, this should not apply to me (i think?)
> > 
> > Any help appreciated
> > Thanks!
> > Anand
> > 
> > 
> > 
> > 
> > 
> > 
> >
> -
> > The official User-To-User support forum of the Apache
> HTTP
> > Server Project.
> > See http://httpd.apache.org/userslist.html> for more
> > info.
> > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> >    "   from the digest: users-digest-unsubscr...@httpd.apache.org
> > For additional commands, e-mail: users-h...@httpd.apache.org
> > 
> > 
> 
> 
>   
> 
> -
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See http://httpd.apache.org/userslist.html> for more
> info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>    "   from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
> 
> 




-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] issue in debian lenny.

[J. Bakshi]

On 03/04/2010 11:40 AM, Nilesh Govindarajan wrote:
> On Thu, Mar 4, 2010 at 11:12 AM, J. Bakshi  > wrote:
>
> Hello list,
>
> Here in debian lenny the rewrite rules are working well. I have
> checked
> by this .htaccess and successful
>
> 
> DirectoryIndex index.php
> RewriteEngine On
>
> #RewriteRule ^typo3$ - [L]
> #RewriteRule ^typo3/.*$ - [L]
>
> RewriteCond %{REQUEST_FILENAME} !-f
> RewriteCond %{REQUEST_FILENAME} !-d
> RewriteCond %{REQUEST_FILENAME} !-l
> RewriteRule .* index.php
> ```
>
>
> Now I like to place the rewrite stuff in apache configuration so
> that I
> don't need to place .htaccess for all the sites. and here is the
> config
> I have placed in apache
>
> ```
> 
> Options Indexes FollowSymLinks MultiViews
> # .htaccess slows down apache; only use it when required #
> AllowOverride All
> Order allow,deny
> allow from all
>
> ### Begin: Rewrite stuff for typo3 ###
> 
>
> # Enable URL rewriting
> RewriteEngine On
> RewriteBase /
>
> RewriteCond %{REQUEST_FILENAME} !-f
> RewriteCond %{REQUEST_FILENAME} !-d
> RewriteCond %{REQUEST_FILENAME} !-l
>
> RewriteRule .* index.php [L]
> 
> 
>
> 
>
> restart apache and remove the .htaccess from webroot directory of the
> site. the rewite stuff is not working now !!! Is it a problem with
>  which is not recognized here in lenny ? Does
> anyone have any idea or faced the same problem.
>
> BTW: The above config running fine with opensuse 11.2
>
> Thanks
>
> --
> জয়দীপ বক্সী
>
>
>
>
> I think you should be using rewrite_module.c instead of mod_rewrite.c
>
>

Checked by   but no luck.  How can I check
the correct module in my server ?

Thanks


-- 
জয়দীপ বক্সী


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org