[users@httpd] Reposted - SSO + LDAP Operation

2013-02-05 Thread nskarthik 
Hi

Spec :  
JDK1.6,  
Tomcat 7.0.30,
Linux 64 bit Suse
Apache Http2.2

This post is re-applied from my earlier on different product

http://tomcat.10.n6.nabble.com/LDAP-on-TOMCAT-7-0-30-tp4993107.html


So far we have been using  3 killer Ajax web based applications
with each app provided with separate DB schema.

The Requirement  is to provide a SSO "Single Sign On"  Logic with existing
LDAP Server.
The AAA has to validated  Only once for login

1) What Options do i have in providing SSO Logic
2)Can Cookies be used for resolving the requirement.
3)Can the browser pick up the Client System Login credentials ( Win start-up
credentials) for the authorization.

with regards
karthik




--
View this message in context: 
http://apache-http-server.18135.n6.nabble.com/SSO-LDAP-Operation-tp5003082p5003238.html
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Re: Changing the MPM

2013-02-05 Thread vishesh kumar 
Whats output of below

 httpd -t -M
On RHEL we used to change to worker by editing file /etc/sysconfig/httpd

Thanks

On Tue, Feb 5, 2013 at 12:46 AM, yogesh hingmire
wrote:

> Folks,
>
> Any inputs on the below problem ? Appreciate all your help
>
> Thank You,
> Yogesh
>
>
> On Sun, Feb 3, 2013 at 2:34 PM, yogesh hingmire  > wrote:
>
>> I recently bought a new Mac book pro, the apache server that comes
>> inbuilt is with a prefork option, here is below listing
>>
>> Yogeshs-MacBook-Pro:sbin yogesh$ httpd -l
>> Compiled in modules:
>>   core.c
>>   prefork.c
>>   http_core.c
>>   mod_so.c
>>
>> However i want to change it to worker mpm.
>>
>> What are my options, do i have to download a fresh apache distribution
>> and recompile and then specify that option in the ./configure script.
>> I thought there was another option using the loadmodule directive to
>> dynamically change the mpm.
>>
>> I really dont want to recompile and start from zero to change the mpm.
>>
>> Thank You for all your help !
>> Yogesh
>>
>
>


-- 
http://linuxmantra.com

Re: [users@httpd] Changing the MPM

2013-02-05 Thread Michiel Beijen 
Hi,

On Sun, Feb 3, 2013 at 9:34 PM, yogesh hingmire
 wrote:

> I recently bought a new Mac book pro, the apache server that comes inbuilt is 
> with a prefork option, here is below listing
>
> Yogeshs-MacBook-Pro:sbin yogesh$ httpd -l
> Compiled in modules:
>   core.c
>   prefork.c
>   http_core.c
>   mod_so.c
>
> However i want to change it to worker mpm.

The httpd that comes with OS X is prefork, there is not much you can
do about it.

> What are my options, do i have to download a fresh apache distribution and 
> recompile and then specify that option in the ./configure script.
> I thought there was another option using the loadmodule directive to 
> dynamically change the mpm.

Not for the MPM, it is compiled in.

> I really dont want to recompile and start from zero to change the mpm.

You can use macports to make it a little less painful.

On RHEL, you can switch the MPM by means of configuration, but what
they actually do is ship multiple httpds and let you choose the one to
start:

$ ls -l /usr/sbin/http*
-rwxr-xr-x 1 root root 341200 feb 13  2012 /usr/sbin/httpd
-rwxr-xr-x 1 root root 356536 feb 13  2012 /usr/sbin/httpd.event
-rwxr-xr-x 1 root root 353112 feb 13  2012 /usr/sbin/httpd.worker

$ /usr/sbin/httpd -l
Compiled in modules:
  core.c
  prefork.c
  http_core.c
  mod_so.c
$ /usr/sbin/httpd.event -l
Compiled in modules:
  core.c
  event.c
  http_core.c
  mod_so.c
$ /usr/sbin/httpd.worker -l
Compiled in modules:
  core.c
  worker.c
  http_core.c
  mod_so.c

--
Mike

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] response with 400 when URI params are malformed

2013-02-05 Thread Jakub Nieznalski 
Hi,

I've got problem that Apache accepts malformed URI, for example
localhost/?foo=bar% The percent sign makes that request unvalid, but Apache
will accept that. Nginx, or Unicorn will respond with 400.
How can I achieve the same result? Is there any mod or rule that will tell
apache to return 400 for invalid request?

Best regards

Jakub Nieznalski

[users@httpd] ProxyPassReverse using rewrite to go BACK to SSL?

2013-02-05 Thread Dave Shevett 
Hi folks, I've come a long way understanding how ProxyPassReverse is 
supposed to work, and in many ways it's doing exactly what I want it to 
do - it rewrites the URLs on returning redirects to match a specific 
pattern.


However, my problem is I want to rewrite the protocol side of the URL, 
not just the path.  I need to change it from 'http' to 'https'.


Here's the situation.

My application is hosted in AWS, and we're using ELB (the load balancer) 
to act as an SSL endpoint.  This means that queries to 
https://eventj.com/customer/ come from the browser as SSL, but hit 
Apache via HTTP on port 80.  ProxyPass is working correctly to forward 
that into Tomcat, and returned traffic is correct.


However.

If a redirect happens in Tomcat (which the application does on a regular 
basis, say to redirect to a login page), the redirect comes back as a 
non-SSL request (503 http://eventj.com/customer/).


This rule is what I'm using in my proxy:

# customer
ProxyPass /customer/ ajp://10.122.103.207:8009/customer/
ProxyPassReverse /customer/  http://eventj.com/customer

I've tried adding this to the responses:
RequestHeader set X-Forwarded-Protocol "https"

but no dice.

I've tried doing things like "ProxyPassReverse 
https://eventj.com/customer/ http://eventj.com/customer"; but that 
results in a mangled URL of 
'http://eventj.com/https://eventj.com/customer/customer' or something 
like that (I don't have the exact result.  It didn't work :)


How can i use proxypassreverse (or something similar) to ensure that my 
traffic doesn't get redirected out of ALL SSL, ALL the time?


Thanks!

-d

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Changing the MPM

2013-02-05 Thread Tom Evans 
On Sun, Feb 3, 2013 at 8:34 PM, yogesh hingmire
 wrote:
> I recently bought a new Mac book pro, the apache server that comes inbuilt
> is with a prefork option, here is below listing
>
> Yogeshs-MacBook-Pro:sbin yogesh$ httpd -l
> Compiled in modules:
>   core.c
>   prefork.c
>   http_core.c
>   mod_so.c
>
> However i want to change it to worker mpm.
>
> What are my options, do i have to download a fresh apache distribution and
> recompile and then specify that option in the ./configure script.
> I thought there was another option using the loadmodule directive to
> dynamically change the mpm.
>
> I really dont want to recompile and start from zero to change the mpm.
>
> Thank You for all your help !
> Yogesh

In Apache 2.2 the MPM choice is fixed at compile time, in 2.4 it can
be changed by loading a module, if and only if loading MPM modules was
enabled at compile time.

If it wasn't, compiling httpd yourself only takes a very short amount of time.

Cheers

Tom

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Re: "Official" apache win32 binaries for 2.2.23

2013-02-05 Thread Tom Evans 
On Sat, Feb 2, 2013 at 9:24 AM, Michiel Beijen  wrote:
> Op 2 feb. 2013 02:16 schreef "Good Guy"  het volgende:
> I don't
>> mind doing it but whenever I try do build it in VS2010, I always get errors
>> and so I gave up.  even VS 2012 is out now and it is a very good package to
>> create fast binaries.
>
> As far as I know, the 32 bit binaries that were made available previously
> were compiled with MS Visual Studio 6, which is about fifteen years old by
> now. I still have copy of that, though. The instructions are a part of the
> Apache documentation: http://httpd.apache.org/docs/2.4/platform/
>
> So it would be still possible to build it yourself although the defined way
> includes using a proprietary and ancient compiler, which is no longer sold.
> And of course, sites like Apache Lounge and Apache Haus also distribute
> their own binary builds, including 64 bits.

There is also an issue that all the 'parts' of the webserver that you
assemble together (Apache, mod_php, etc) must be compiled with
compatible compilers. mod_php built with VS 2012 will not work with
httpd built with VC 6.

I believe* this issue came to a head because users began complaining
about this issue. The guy who selflessly had been creating the
'official unofficial' builds with VC 6 was suddenly getting grief and
issues from people complaining that he wasn't doing it quite how they
wanted.

Given that what he was doing (and was prepared to do) was not what
they wanted, it made sense to stop providing any build, and instead
point people towards 'stack' distributions of httpd and php etc from
places like ApacheLounge, since this will actually give them what they
want.

This should also explain why documenting the old build instructions is
not overly useful - they would document a build system that doesn't
build what the users wanted.

Cheers

Tom

* 'I believe', because I don't use windows personally, and so issues
like this are really only noise to me, I've not cared to look in great
detail.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] response with 400 when URI params are malformed

2013-02-05 Thread Nick Kew 

On 5 Feb 2013, at 14:29, Jakub Nieznalski wrote:

> Hi,
> 
> I've got problem that Apache accepts malformed URI, for example 
> localhost/?foo=bar% The percent sign makes that request unvalid, but Apache 
> will accept that. Nginx, or Unicorn will respond with 400. 

That's a request for URL / , with parameters foo=bar%

I'd guess nothing in your server is looking at the parameters.
If it's a static page and there's no complex configuration that
might be affected by parameters, why should the server waste
its time?

Note that if you request /foo=bar% you will indeed get a 400.

> How can I achieve the same result? Is there any mod or rule that will tell 
> apache to return 400 for invalid request?

If you want to protect some vulnerable application, a WAF.
For a simpler solution to just the question, mod_taint.

-- 
Nick Kew
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] ProxyPassReverse using rewrite to go BACK to SSL?

2013-02-05 Thread Nick Kew 

On 5 Feb 2013, at 14:40, Dave Shevett wrote:

> Hi folks, I've come a long way understanding how ProxyPassReverse is supposed 
> to work, and in many ways it's doing exactly what I want it to do - it 
> rewrites the URLs on returning redirects to match a specific pattern.
> 
> However, my problem is I want to rewrite the protocol side of the URL, not 
> just the path.  I need to change it from 'http' to 'https'.

Sounds like you're looking for "Header edit" (mod_headers).

-- 
Nick Kew
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] ProxyPassReverse using rewrite to go BACK to SSL?

2013-02-05 Thread Dave Shevett 

On 2/5/13 12:16 PM, Nick Kew wrote:

On 5 Feb 2013, at 14:40, Dave Shevett wrote:


Hi folks, I've come a long way understanding how ProxyPassReverse is supposed 
to work, and in many ways it's doing exactly what I want it to do - it rewrites 
the URLs on returning redirects to match a specific pattern.

However, my problem is I want to rewrite the protocol side of the URL, not just 
the path.  I need to change it from 'http' to 'https'.

Sounds like you're looking for "Header edit" (mod_headers).
I actually tried Header edit as well - but maybe I didn't get the syntax 
just right, because it didn't seem to be working.  Could you give me an 
example?


-d


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] ProxyPassReverse using rewrite to go BACK to SSL?

2013-02-05 Thread Nick Kew 

On 5 Feb 2013, at 17:31, Dave Shevett wrote:

>>> However, my problem is I want to rewrite the protocol side of the URL, not 
>>> just the path.  I need to change it from 'http' to 'https'.
>> Sounds like you're looking for "Header edit" (mod_headers).
> I actually tried Header edit as well - but maybe I didn't get the syntax just 
> right, because it didn't seem to be working.  Could you give me an example?

Hmm.  Is yours not effectively the case described at
http://svn.haxx.se/users/archive-2006-03/0549.shtml

That's the use case that originally inspired "Header edit".
I thought there was an example in the docs?

Maybe you have a problem with server-generated URLs?
If so then specifying the prefix in your ServerName should fix it.

-- 
Nick Kew
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] ProxyPassReverse using rewrite to go BACK to SSL?

2013-02-05 Thread Dave Shevett 

On 2/5/13 1:16 PM, Nick Kew wrote:

On 5 Feb 2013, at 17:31, Dave Shevett wrote:
However, my problem is I want to rewrite the protocol side of the 
URL, not just the path. I need to change it from 'http' to 'https'. 
Sounds like you're looking for "Header edit" (mod_headers). 
I actually tried Header edit as well - but maybe I didn't get the 
syntax just right, because it didn't seem to be working. Could you 
give me an example? 
Hmm. Is yours not effectively the case described at 
http://svn.haxx.se/users/archive-2006-03/0549.shtml That's the use 
case that originally inspired "Header edit". I thought there was an 
example in the docs? Maybe you have a problem with server-generated 
URLs? If so then specifying the prefix in your ServerName should fix it.
I foudn the answer in a blog post - I had the syntax wrong, (wasn't 
actually doing the regexp substitution right), but this fellow nailed it.


Correct format:


Header edit Location ^http://(.*)$ https://$1

Working like a champ now.

-d

[users@httpd] moving from mod_php to mod_fcgid : rewrite problem

2013-02-05 Thread Riccardo Cohen 

Hello
I'm new to apache mailing list, sorry if I'm not 100% clear, and sorry 
for this long description.


I have developped a website with php/mysql : 
http://www.perspectives-musicales.org and placed it on a good hosting 
service (web4all.fr).
To improve search engine rank I decided to set all urls to 
/index.php/... and rewrite them to avoid having index.php in url (sort 
of MVC technique combined with SEO...)


Example : the catalog is at url : 
http://www.perspectives-musicales.org/en/all-albums
This should be transparantly mapped to 
http://www.perspectives-musicales.org/index.php/en/all-albums thanks to 
the rewrite rule :


RewriteRule ^en/(.*) ./index.php/en/$1

My application uses then $_SERVER["PATH_INFO"] (and not 
$_SERVER["QUERY_STRING"]) to retreive url information. This worked 
perfectly until last month, because web4all.fr changed the whole system 
and separated apache from php, using fast cgi instead of mod_php.


The system is supposed to be more reliable and more efficient like this, 
and apparently is. But the rewrite rule does not work anymore. So I 
investigated and made some test :


I have a small test.php that displays the path_info and query_string. 
You can presently test it here :


http://perspectives-musicales.org/test1/a/b/c
http://perspectives-musicales.org/test2/a/b/c
http://perspectives-musicales.org/test3/a/b/c
http://perspectives-musicales.org/test4/a/b/c

and I set the following rules :

RewriteRule ^test1/(.*) ./test.php/$1
RewriteRule ^test2/(.*) ./test.php?$1
RewriteRule ^test3/(.*) ./test.php?/$1
RewriteRule ^test4/(.*) http://www.perspectives-musicales.org/test.php/$1

None of these 4 rewrite rules are convenient. Here is why :

- test1 : the system anwsers 404 "No input file specified". I think (not 
sure) that Apache beleives that test.php is a folder, and cannot find it 
so answers 404


- test2 : the rewrite rule works, but of course the url information is 
no more in path_info, it is in query_string as shown in the page content


- test3 : same as test2

- test4 : almost good, I can have the url info in path_info, but apache 
begins first with a 302 redirection and then changes the url to 
http://www.perspectives-musicales.org/test.php/a/b/c, which looses all 
search engine efficiency (and also eventual POST variables if any).


My host tried several searches on forums including this one, and could 
not find any answer. It seems to be an apache bug, but not sure, I have 
no bug number to give anyway. If it is a bug, it is demontrated by test1 
I think.


So here is my question : Is there any way to make this rewrite rule work 
in fastcgi mode, and what is the syntax for it, to keep info in 
path_info without 302 redirection. The Apache version is 2.2.23  and 
mod_fcgid is version 2.3.7 with configuration flag cgi.fix_pathinfo=1


If there is a way, thanks for your help I'd be glad to test it. If no 
could you explain why and how to solve it. As workaround we used test4 
syntax in the whole site, to make it work, but it is bad for search 
engine, and creates problem in backoffice (because certain backoffice 
functions use POST variables)


I know I can change my code to use query_string everywhere instead of 
path_info, but if I can avoid changing and testing all my websites it 
would be really great


Thanks a lot for your anwser.


--
Riccardo Cohen
+33 (0)6 09 83 64 49
Société Realty-Property.com
1 rue de la Monnaie
37000 Tours
France



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] Issue with redirection from HTTP to HTTPS

2013-02-05 Thread Nikolas Kallis 

Hello,



I have an issue with redirection from HTTP to HTTPS.

The problem is that when someone visits a directory on my website in 
HTTP, such as 'http://nikolaskallis.com/contact/', they are redirected 
to 'https://nikolaskallis.comcontact/', which doesn't include a forward 
slash between '.com' and 'contact'.


I am using the redirect method of placing 'Redirect / 
https://nikolaskallis.com' in my HTTP htaccess file.


Can someone please tell me what I have done wrong, why this error is 
occurring, and what I can do to to get the forward slash included in the 
redirect?




Regards,

Nikolas Kallis

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Issue with redirection from HTTP to HTTPS

2013-02-05 Thread Igor Cicimov 
Redirect / https://nikolaskallis.com/


On Wed, Feb 6, 2013 at 11:17 AM, Nikolas Kallis wrote:

> Hello,
>
>
>
> I have an issue with redirection from HTTP to HTTPS.
>
> The problem is that when someone visits a directory on my website in HTTP,
> such as 
> 'http://nikolaskallis.com/**contact/',
> they are redirected to 
> 'https://nikolaskallis.**comcontact/',
> which doesn't include a forward slash between '.com' and 'contact'.
>
> I am using the redirect method of placing 'Redirect /
> https://nikolaskallis.com' in my HTTP htaccess file.
>
> Can someone please tell me what I have done wrong, why this error is
> occurring, and what I can do to to get the forward slash included in the
> redirect?
>
>
>
> Regards,
>
> Nikolas Kallis
>
> --**--**-
> To unsubscribe, e-mail: 
> users-unsubscribe@httpd.**apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] Issue with redirection from HTTP to HTTPS

2013-02-05 Thread Nikolas Kallis 

Dear Igor,




Redirect / https://nikolaskallis.com/


I don't get what your trying to saying.



Regards,

Nikolas Kallis

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Issue with redirection from HTTP to HTTPS

2013-02-05 Thread Igor Cicimov 
You can't see the difference between

Redirect / https://nikolaskallis.com

and

Redirect / https://nikolaskallis.com*/* 

???



On Wed, Feb 6, 2013 at 11:33 AM, Nikolas Kallis wrote:

> Dear Igor,
>
>
>
>  Redirect / https://nikolaskallis.com/
>>
>
> I don't get what your trying to saying.
>
>
>
>
> Regards,
>
> Nikolas Kallis
>
> --**--**-
> To unsubscribe, e-mail: 
> users-unsubscribe@httpd.**apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] Issue with redirection from HTTP to HTTPS

2013-02-05 Thread Nikolas Kallis 

Dear Igor,




You can't see the difference between

Redirect / https://nikolaskallis.com

and

Redirect / https://nikolaskallis.com*/* 

???


I suspect the issue may be related to my browser, and not Apache.

I will conduct a test after I eat lunch and advise what I find.



Regards,

Nikolas Kallis

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Issue with redirection from HTTP to HTTPS

2013-02-05 Thread Nikolas Kallis 

Hello,



The issue I am having is occurring in both Firefox & Opera and is not 
the fault of Apache.


The browsers should be placing a forward slash in front of the FQDM when 
redirecting a URL containing a directory.


I will notify browser vendors of this bug in their software.



Regards,

Nikolas Kallis

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Issue with redirection from HTTP to HTTPS

2013-02-05 Thread Walter H. 
On Wed, February 6, 2013 01:17, Nikolas Kallis wrote:
> Hello,
>
> I have an issue with redirection from HTTP to HTTPS.
>
> The problem is that when someone visits a directory on my website in
> HTTP, such as 'http://nikolaskallis.com/contact/', they are redirected
> to 'https://nikolaskallis.comcontact/', which doesn't include a forward
> slash between '.com' and 'contact'.
>
> I am using the redirect method of placing 'Redirect /
> https://nikolaskallis.com' in my HTTP htaccess file.
>
> Can someone please tell me what I have done wrong, why this error is
> occurring, and what I can do to to get the forward slash included in the
> redirect?

you have the following two possibilities

either
'Redirect / https://nikolaskallis.com/'
or
'Redirect . https://nikolaskallis.com'

then it works correct

Greetings,
Walter



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Issue with redirection from HTTP to HTTPS

2013-02-05 Thread Nikolas Kallis 

Dear Walter,




I have an issue with redirection from HTTP to HTTPS.

The problem is that when someone visits a directory on my website in
HTTP, such as 'http://nikolaskallis.com/contact/', they are redirected
to 'https://nikolaskallis.comcontact/', which doesn't include a forward
slash between '.com' and 'contact'.

I am using the redirect method of placing 'Redirect /
https://nikolaskallis.com' in my HTTP htaccess file.

Can someone please tell me what I have done wrong, why this error is
occurring, and what I can do to to get the forward slash included in the
redirect?


you have the following two possibilities

either
'Redirect / https://nikolaskallis.com/'
or
'Redirect . https://nikolaskallis.com'

then it works correct


I already thought of 'Redirect / https://nikolaskallis.com/' but don't 
want to use it because if someone enters from 
'http://nikolaskallis.com', then they should be taken to its HTTPS 
equivalent, which is 'https://nikolaskallis.com' - not 
'https://nikolaskallis.com/'.


'Redirect . https://nikolaskallis.com' didn't work for me. I got a 404 
because of the way my server is setup.


I have HTTP and HTTPS data kept in separate folders:

'/var/www/http/nikolaskallis.com/' is for HTTP and contains one file 
only - '.htaccess', which redirects to HTTPS, which is kept in 
'/var/www/https/nikolaskallis.com/'.




Regards,

Nikolas Kallis

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org