[us...@httpd] Webdav - Files sent twice with
Hi all, I have a server running apache with mod_dav enabled. I try to set up a directory where only valid users can put files. Anonymous can get these files. I have an issue with this configuration. Below is the behavior when a valid user put a file on the server : - file is uploaded to server - server ask login/password - file is uploaded to server again. Does anyone have an idea why file is put twice ? How can I fix it ? Please find my webdav configuration below: DavLockDB /local/var/apache2/DavLock DAV On DavMinTimeout 300 Options Indexes MultiViews FollowSymlinks AllowOverride None Order allow,deny Allow from all AuthName "Company" AuthType Basic AuthBasicProvider ldap AuthLDAPURL "ldap:// ldap.company.com:389/ou=users,dc=company,dc=com?uid" AddDefaultCharset utf-8 AuthzLDAPAuthoritative off Require valid-user Kind Regards ! Remi
Re: [us...@httpd] Webdav - Files sent twice with
On 26 May 2010, at 11:18, Remi wrote: > Hi all, > > I have a server running apache with mod_dav enabled. > I try to set up a directory where only valid users can put files. Anonymous > can get these files. > I have an issue with this configuration. Below is the behavior when a valid > user put a file on the server : Your trouble is you've "limited the limits", so clients don't know they're going to be asked to authenticate until they send the PUT (or POST/etc) request. At the same time, you evidently have clients that are either new or too dumb to remember their credentials (a debug client might present itself as new more often than an operational one). If the upload is actually happening, it also means HTTP's conditional request (Expect / 100-Continue) isn't happening. That could be for many reasons: hopefully it's not a server bug(!) Does it happen with all clients? Is there a proxy involved? What Apache version? -- Nick Kew - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Webdav - Files sent twice with
> > > If the upload is actually happening, it also means HTTP's conditional > request > (Expect / 100-Continue) isn't happening. That could be for many reasons: > hopefully it's not a server bug(!) Does it happen with all clients? Is > there a > proxy involved? What Apache version? > > I'm using apache2-mpm-worker 2.2.9-10+lenny7 on debian system. This happens with cadaver and also gnome/nautilus. No proxy What I see with network traces is that I have PUT file.txt, then 401 Authorization Required from server, and PUT again. Remi
[us...@httpd] mod_rewrite problem IP address coming in URL instead of domain name.
The configuration is like this Code: |--192.168.1.1 |(site1.abc.com) | |--192.168.1.2 |(site2.abc.com) | | | | |--192.168.1.3 |(site3.abc.com) | | | | |--192.168.1.4 |(site4.abc.com) (Public IP ) | A- | (reverse proxy server)| (192.168.1.25) | |--192.168.1.5 |(site5.abc.com) I am now talking about site5.abc.com here is my virtualhost file http://educommons.com/dev/browser/eduCommons-extras/trunk/eduCommons.conf.example.redhat line 15 is specially noticeable. RewriteRule ^/(.*) http://127.0.0.1:8080/VirtualHostBase/http/192.168.1.5:8080/eduCommons/VirtualHostRoot/$1 [P,L] As far as I understand the above rule will match any URL and replace it with http://127.0.0.1:8080/VirtualHostBase/http/:80/eduCommons/VirtualHostRoot/$1 What is happening is when I use at server A in above diagram following for site5.abc.com (where site5 is where I hosted) ProxyPass /192.168.1.5:8080/eduCommons ProxyPassReverse /192.168.1.5:8080/eduCommons any request for site5.abc.com gets replaced by 192.168.1.5:8080/eduCommons at server A and then gets to 192.168.1.5 which is where it is hosted. Here is the problem URL when I logged out or log in it is similar http://192.168.1.5:8080/eduCommons/acl_users/credentials_cookie_auth/require_login?came_from=http://192.168.1.5:8080/eduCommons/%40%40coursebuilderform So a part of it can be because I am using ProxyPass at Server A. Should I change the vhost settings at Server A or internal machine where site5.abc.com is hosted. Right now all the settings you see are on httpd.conf of internal machine and not at A do I need to do some thing on server A in above diagram. -- Tapas - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] graceful restart occasionally gives "could not bind" error
Hi, With an apache 2.2 running on FreeBSD, I occasionally get a problem with a graceful restart. Issuing the command apachectl graceful results in these messages in the error log: [Wed May 26 14:45:48 2010] [notice] Graceful restart requested, doing restart [Wed May 26 14:45:53 2010] [warn] module dav_module is already loaded, skipping [Wed May 26 14:45:53 2010] [crit] (22)Invalid argument: make_sock: for address [::]:443, apr_socket_opt_set: (IPV6_V6ONLY) (48)Address already in use: make_sock: could not bind to address 0.0.0.0:443 no listening sockets available, shutting down or this [Wed May 26 15:02:52 2010] [notice] Graceful restart requested, doing restart [Wed May 26 15:02:57 2010] [warn] module dav_module is already loaded, skipping (48)Address already in use: make_sock: could not bind to address [::]:443 This error is not systematic, but it makes the command unreliable and unusable in a cron task. Any hint as to what causes this problem? Thanks in advance! Raph -- Web database: http://www.myowndb.com Free Software Developers Meeting: http://www.fosdem.org - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] HTTP doesn't work after upgrading from 2.0.55 to 2.2.15
Hi, I encountered a problem after upgrading Apache to 2.2.15. The client will be stuck and load infinitely via the HTTP protocol, but it worked correctly in 2.0.55 before I upgraded. I tried to sniffer the packet, and found 1. If the page size is larger, most of the page and http header will be received in the client but the last chunk won't be sent out from the Apache. 2. If the page size is small, the client only can see the http header. It seems that some packets are queued in the Apache, ..?! I describe the process as below, 1. Client send http request to the server, http://myhost/web.cgi, the cgi is implemented in GNU CGI which has been dead since 2002. 2. web.cgi fetches the login.html file and sends back to the client. 3. The client gets stuck... There are some things weird: 1. When I remove the directive "Listen 443" or "Keepalive On", then the HTTP can work correctly via "Listen 80" without stall. 2. If both the "Listen 443" and "Listen 80" are enabled, only the HTTPS can work. HTTP will have the problem I just mentioned. Do you guys have any idea about my problem? Why the behavior of dealing with output file is different between HTTP and HTTPS protocol? My Apache configuration ServerRoot "/usr/local/apache" ServerName localhost PidFile /var/run/httpd.pid Timeout 300 KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 15 StartServers 5 MinSpareServers 5 MaxSpareServers 20 ServerLimit 2 MaxClients 41 MaxRequestsPerChild 1 NumServers 5 StartThreads 5 MinSpareThreads 5 MaxSpareThreads 10 MaxThreadsPerChild 20 Listen 80 User www Group www ServerAdmin y...@example.com UseCanonicalName Off DocumentRoot "/usr/local/apache/htdocs" " Options FollowSymLinks ExecCGI AllowOverride none Order allow,deny Allow from all UserDir diabled ErrorLog /var/log/error_log LogLevel warn " AllowOverride None Options None Order allow,deny Allow from all TypesConfig conf/mime.types DefaultType text/plain MIMEMagicFile conf/magic DirectoryIndex web.cgi AddHandler cgi-script .cgi HostnameLookups Off ServerTokens Full ServerSignature On ReadmeName README.html HeaderName HEADER.html IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t BrowserMatch "Mozilla/2" nokeepalive BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 BrowserMatch "RealPlayer 4\.0" force-response-1.0 BrowserMatch "Java/1\.0" force-response-1.0 BrowserMatch "JDK/1\.0" force-response-1.0 BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-caref BrowserMatch "^WebDrive" redirect-carefully BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully BrowserMatch "^gnome-vfs" redirect-carefully Listen 443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl.crl SSLPassPhraseDialog builtin SSLSessionCache dbm:/var/log/ssl_scache SSLSessionCacheTimeout 300 SSLMutex file:/var/log/ssl_mutex SSLRandomSeed startup builtin SSLRandomSeed connect builtin SSLCryptoDevice cryptodev DocumentRoot "/usr/local/apache/htdocs" ServerName www.example.com ServerAdmin y...@example.com ErrorLog /var/log/error_log TransferLog /var/log/access_log SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:-RC4:+AES:+DES:+3DES:+RSA:-RC2:-IDEA:+HIGH:+ME SSLCertificateFile /etc/cert/default SSLCertificateKeyFile /etc/cert/default.prv SSLOptions +StdEnvVars SSLOptions +StdEnvVars SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 Thanks in advance. Best regards honercek
Re: [us...@httpd] client denied by server configuration, but sometimes works and sometimes not!
Guys, i think that i've solved the problem. I created a file /etc/apache2/mods-enabled/mod-evasive.conf containing: DOSHashTableSize 3097 DOSPageCount 500 DOSSiteCount 300 DOSPageInterval 2 DOSSiteInterval 2 DOSBlockingPeriod 50 DOSSystemCommand "%s > /home/mario/teste" DOSEmailNotify msi...@mydomain.com DOSLogDir "/var/lock/mod_evasive" Wow, i was getting crazy with that error! Thanks all for your attention. Cheers, On 25 May 2010 10:27, Mario Mol wrote: > All right, so what can i do to check it? > > I found out that this file doesnt exists and there are a plenty of files in > website that reffer to a file that doest no exits. > > So on error.log shows a lot of file not found but sometimes shows a lot of > client denied by server > configuration, and at this time can happen Forbidden on users browser. > > Any ideias? > > > On 25 May 2010 09:26, Eric Covener wrote: > >> On Tue, May 25, 2010 at 4:33 AM, Tom Evans >> wrote: >> > On Tue, May 25, 2010 at 5:54 AM, Mario Mol wrote: >> >> Well, >> >> >> >> i`ve done apt-get update , so its all fresh new. >> >> >> >> Could this be related to some of security mods? For example, >> mod-security, >> >> qos, psad? >> >> >> >> Cheer,s >> >> >> > >> > In order to serve a file, apache must be able to access it. Since your >> > configuration looks correct, try this as root: >> > >> > su -m www -c 'ls -l >> > /var/www/sites/dtc/ >> gemt.com.br/subdomains/www/html/imagens/layout/fundo_topo.gif' >> > >> > Change www for the user you run apache as. >> > >> > If the output from this says "Permission denied", then you either the >> > file or a directory in the path to the file is not accessible to the >> >> Errors of this type are never reported as "client denied by server >> configuration" -- that refers to Apaches configuration itself, not >> filesystem permissions / SELinux. >> >> -- >> Eric Covener >> cove...@gmail.com >> >> - >> The official User-To-User support forum of the Apache HTTP Server Project. >> See http://httpd.apache.org/userslist.html> for more info. >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> " from the digest: users-digest-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> >> >
[us...@httpd] multi-language manual/ directory: how to use it.
I've installed Apache HTTP 2.2 on Win 7. I am a real newcomer to web servers, etc. As a learning exercise, I want to be able to enter http://localhost/doc or some variant of that and then be able to browse the docs in manual/ I put this in httpd.conf: Alias /doc/ "C:/Program Files/Apache Software Foundation/Apache2.2/manual/" Options Indexes FollowSymLinks MultiViews AllowOverride all Order allow,deny Allow from all I've tried putting an .htaccess file in C:/Program Files/Apache Software Foundation/Apache2.2/manual with various options related to Content Negotiation, but http://localhost/doc just shows me the text of index.html which appears to be a typemap file. http://localhost/doc/index.html.en displays the 1st page of the doc, but when I click on a link the content of an .html (typemap?) file is displayed instead the appropriate html.en file. How can I make this mechanism work? Thanks, Ken - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] httpd vhost centralized logging
Have you looked at syslog-ng? Also might want to take a look at loganalysis.org. They have some resources which may (or may not) be of some help. Sheryl > We wanted to use syslog too, but it's very rigid (only 8 localX facility > for custom logs) so we discarded this solution. > > We heard of scribe, the logs aggregator Facebook uses; it seems very > flexible, and since FB is using it for his web servers, it's probably > doing its job quite well. Sitll, we didn't have time to pilot it. > > Sandro > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Stealthing a vhost
On 06:59, Igor Cicimov wrote: > > Have you tried mod_security? It's very configurable so might suite your needs. > > Sent from my phone >> On May 20, 2010 3:52 PM, "Peter Horn" wrote: >> >> I have a home server running 4 name vhosts, using a dynamic DNS. The second, third and fourth vhosts are "real" and known to the DNS. The default (first) vhost is only accessible by IP address (or an abstruse and unpublished servername). It gets quite a bit of traffic by IP address which is clearly attempted intrusion. I have "nailed down" the vhost so any access receives an error response [but see footnote 1 for an exception]. This does not stop the intruders, of course. If they get any kind of response at all, they keep trying. Reporting abuse to ISPs does not seem to help significantly. >> What I would love to do is behave like a good firewall and not respond at all to these [insert derogatory expletive]s. I have looked high and low in the Apache docs and can't find any way to NOT respond. There are lots of ways to set up sophisticated error responses, but no way of staying silent. >> Anyone got any ideas, or should I float this in front of dev@ ? >> >> [1] An HTTP OPTIONS request is (correctly) responded to with 200 OK. I thought this was a bug until I read the RFC again, slowly. An OPTIONS request refers to the SERVER, not the HOST. >> >> [2] For anyone that wants to provoke an attack, visit h t t p : / / 8 8 . 8 0 . 1 0 . 1 from (the public IP of) your server. I haven't tried this recently, so you may find they've been shut down. They are far from the worst offenders, but easy to provoke. >> >> Regards to all, >> Peter >> I have read the mod_security docs, and it appears that the 'drop' action is not available in my environment (Windows). The 'deny' action is no different to what I can achieve anyway. The only thing mod_security can do for me is more sophisticated classification of malice. So, my original question remains: Is there a way that Apache can not respond at all on the default vhost? Peter ps This is my fifth attempt to get this message past the apache.org spam filter... Ripped out anything I can see that might trigger it (assuming my own email address is innocuous! - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] graceful restart occasionally gives "could not bind" error
Loading the dav module twice in your config? On Wed, May 26, 2010 at 11:22 PM, Raphael Bauduin wrote: > Hi, > > With an apache 2.2 running on FreeBSD, I occasionally get a problem > with a graceful restart. > Issuing the command apachectl graceful results in these messages in > the error log: > > [Wed May 26 14:45:48 2010] [notice] Graceful restart requested, doing > restart > [Wed May 26 14:45:53 2010] [warn] module dav_module is already loaded, > skipping > [Wed May 26 14:45:53 2010] [crit] (22)Invalid argument: make_sock: for > address [::]:443, apr_socket_opt_set: (IPV6_V6ONLY) > (48)Address already in use: make_sock: could not bind to address > 0.0.0.0:443 > no listening sockets available, shutting down > > or this > > [Wed May 26 15:02:52 2010] [notice] Graceful restart requested, doing > restart > [Wed May 26 15:02:57 2010] [warn] module dav_module is already loaded, > skipping > (48)Address already in use: make_sock: could not bind to address [::]:443 > > > > This error is not systematic, but it makes the command unreliable and > unusable in a cron task. > > Any hint as to what causes this problem? > > Thanks in advance! > > Raph > > > > -- > Web database: http://www.myowndb.com > Free Software Developers Meeting: http://www.fosdem.org > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
Re: [us...@httpd] Stealthing a vhost
Peter Horn wrote: On 06:59, Igor Cicimov wrote: > > Have you tried mod_security? It's very configurable so might suite your needs. > ~snip~ I have read the mod_security docs, and it appears that the 'drop' action is not available in my environment (Windows). ~snip~ Peter Then you may have to consider changing environments to achieve your desired result. personally, I would consider a permanent redirect to 127.0.0.1 for all but your one excepted case on access of the default virtual host. their bots will screw their own server that way. ;) - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Stealthing a vhost
Ok for the first problem, apache responding to the OPTIONS request...What about Limit and LimitExcept commands? Limiting the OPTIONS to the local network or blocking them totally maybe? Cheers On Thu, May 27, 2010 at 2:10 PM, J. Greenlees wrote: > Peter Horn wrote: > >> On 06:59, Igor Cicimov wrote: >> > >> > Have you tried mod_security? It's very configurable so might suite >> your needs. >> > >> > ~snip~ > > > I have read the mod_security docs, and it appears that the 'drop' action >> is not available in my environment (Windows). >> > ~snip~ > > Peter >> > > Then you may have to consider changing environments to achieve your desired > result. > > personally, I would consider a permanent redirect to 127.0.0.1 for all but > your one excepted case on access of the default virtual host. > their bots will screw their own server that way. ;) > > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
[us...@httpd] Apache MPM
Hi, how can i decide to use prefork or worker MPM. Can anyone describe in detail and how can i make a server which can handle 2000 users per second. How can I optimize the server response. i am using Apache 2.2.15. Regards Nasir
[us...@httpd] .htaccess redirect issue
Hello list,
I am trying to achieve a very particular .htaccess redirect arrangement.
I have made it worked but halfway :-(
I have written a redirect rule as
`
RewriteCond %{HTTP_HOST} ^testyou.mydomain.com
RewriteRule ^(.*)$ http://www.mydomain.com\?domain=testyou.mydomain.com
[R=301,L]
`
So http://testyou.mydomain.com should redirect to
http://www.mydomain.com\?domain=testyou.mydomain.com
But with the above rule the link redirects to
http://www.mydomain.com\?=testyou.mydomain.com
So without the *domain* in between.
Could any one suggest to
[1] how can I fixed this so the *domain* appears like
http://www.mydomain.com\?domain=testyou.mydomain.com
[2] Can there be any arrangement so that I can use bulk redirection ?
Say putting a variable in place of testyou.mydomain.com , so that those
two rules can effectively redirect all subdomains pointed to that server
? I don't know if it really possible. Any sugestion/clue please ?
Thanks
--
জয়দীপ বক্সী
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] .htaccess redirect issue
On 05/27/2010 12:16 PM, J. Bakshi wrote:
> Hello list,
>
> I am trying to achieve a very particular .htaccess redirect arrangement.
> I have made it worked but halfway :-(
>
> I have written a redirect rule as
>
> `
> RewriteCond %{HTTP_HOST} ^testyou.mydomain.com
> RewriteRule ^(.*)$ http://www.mydomain.com\?domain=testyou.mydomain.com
> [R=301,L]
>
> `
>
> So http://testyou.mydomain.com should redirect to
> http://www.mydomain.com\?domain=testyou.mydomain.com
>
> But with the above rule the link redirects to
>
> http://www.mydomain.com\?=testyou.mydomain.com
>
> So without the *domain* in between.
>
> Could any one suggest to
>
> [1] how can I fixed this so the *domain* appears like
> http://www.mydomain.com\?domain=testyou.mydomain.com
>
> [2] Can there be any arrangement so that I can use bulk redirection ?
> Say putting a variable in place of testyou.mydomain.com , so that those
> two rules can effectively redirect all subdomains pointed to that server
> ? I don't know if it really possible. Any sugestion/clue please ?
>
> Thanks
>
>
[1] is fixed by
RewriteRule ^(.*)$ http://www.mydomain.com\?domain=testyou.mydomain.com
[R=301,L]
[2] Is there any way to modify the rule for bulk domain or should I
write the rule set for each individual domain ?
Thanks for our time
--
জয়দীপ বক্সী
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
