Re: [users@httpd] Re: confirm unsubscribe from users@httpd.apache.org

[Julian H. Stacey]

Dien-Foon Wu wrote:
> Yes, please remove the related address from the list for I am
> currently have no time to check these emails. Thanks.

> 2015-06-25 21:42 GMT+08:00 Hanns Mattes :
> >
> > Zitat von users-h...@httpd.apache.org:

To unsubscribe yourself: do it yourself: see footer & header.

Cheers,
Julian
--
Julian Stacey, BSD Linux Unix C Sys Eng Consultant Munich http://berklix.com
 Reply after previous text, like a play - Not before, which looses context.
 Indent previous text with "> " Insert new lines before 80 chars.
 Send plain text, Not quoted-printable, Not HTML, Not ms.doc, Not base64.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] Cannot access my webserver any longer

[Cohen, Laurence]

I have a test server on which we have a self-signed certificate.  I get the
error "There is a problem with this website's security certificate." which
is expected because I'm using a self-signed cert.  Normally I click on
"Continue to this website (not recommended)." and it goes through to my
website without a problem.  Now, however, the only thing that happens is
that the link mentioned in the last sentence disappears, and I don't get to
my website.

I'm using IE currently, but I've also tested in Firefox and Chrome and I
basically have the same problem.  The apache version is 2.2.  I looked
around for a solution, and I've added my site to the trusted sites as
recommended, but it still doesn't work.  I looked in the error_log and I
don't see anything except a child connecting and then disconnecting right
after that.

Any suggestions would be appreciated.

Thanks,

Larry Cohen

Re: [users@httpd] Does Apache have an equivalent to nginx "fastcgi_intercept_errors"?

[Rose, John B]

It looks like the Apache directive ...

ProxyErrorOverride

Allows the implementation of a custom error page within Apache/PHP-FPM

Similar in functionality to what "fastcgi_intercept_errors" does in nGinx.

Is that a correct observation? Any potential problems?

Thanks

From: , John Rose mailto:jbr...@utk.edu>>
Reply-To: "users@httpd.apache.org" 
mailto:users@httpd.apache.org>>
Date: Monday, June 22, 2015 4:25 PM
To: "users@httpd.apache.org" 
mailto:users@httpd.apache.org>>
Subject: [users@httpd] Does Apache have an equivalent to nginx 
"fastcgi_intercept_errors"?

We have spent a bit of time looking around with no success.

We would like to implement a custom error page using Apache 2.4 and PHP-FPM

So far unsuccessful.

Any help appreciated.

Thanks

Re: [users@httpd] Cannot access my webserver any longer

[Yehuda Katz]

I have seen this happen when you send an HSTS header. The Chrome error
would say that specifically.
A workaround would be to install that certificate on your system (with the
mmc certificate snap-in) so that it becomes a trusted certificate - trusted
site in IE is not enough.

- Y

On Fri, Jun 26, 2015 at 10:54 AM, Cohen, Laurence 
wrote:

> I have a test server on which we have a self-signed certificate.  I get
> the error "There is a problem with this website's security certificate."
> which is expected because I'm using a self-signed cert.  Normally I click
> on "Continue to this website (not recommended)." and it goes through to my
> website without a problem.  Now, however, the only thing that happens is
> that the link mentioned in the last sentence disappears, and I don't get to
> my website.
>
> I'm using IE currently, but I've also tested in Firefox and Chrome and I
> basically have the same problem.  The apache version is 2.2.  I looked
> around for a solution, and I've added my site to the trusted sites as
> recommended, but it still doesn't work.  I looked in the error_log and I
> don't see anything except a child connecting and then disconnecting right
> after that.
>
> Any suggestions would be appreciated.
>
> Thanks,
>
> Larry Cohen
>

Re: [users@httpd] Cannot access my webserver any longer

[Cohen, Laurence]

Thanks for the response Yehuda.  Unfortunately Chrome doesn't give me this
error.  It just tells me that my connection isn't private.  When I click on
advanced there is no option to go forward to the web server like I get on
some of the other servers I work with.

Larry Cohen

On Fri, Jun 26, 2015 at 12:33 PM, Yehuda Katz  wrote:

> I have seen this happen when you send an HSTS header. The Chrome error
> would say that specifically.
> A workaround would be to install that certificate on your system (with the
> mmc certificate snap-in) so that it becomes a trusted certificate - trusted
> site in IE is not enough.
>
> - Y
>
> On Fri, Jun 26, 2015 at 10:54 AM, Cohen, Laurence 
> wrote:
>
>> I have a test server on which we have a self-signed certificate.  I get
>> the error "There is a problem with this website's security certificate."
>> which is expected because I'm using a self-signed cert.  Normally I click
>> on "Continue to this website (not recommended)." and it goes through to my
>> website without a problem.  Now, however, the only thing that happens is
>> that the link mentioned in the last sentence disappears, and I don't get to
>> my website.
>>
>> I'm using IE currently, but I've also tested in Firefox and Chrome and I
>> basically have the same problem.  The apache version is 2.2.  I looked
>> around for a solution, and I've added my site to the trusted sites as
>> recommended, but it still doesn't work.  I looked in the error_log and I
>> don't see anything except a child connecting and then disconnecting right
>> after that.
>>
>> Any suggestions would be appreciated.
>>
>> Thanks,
>>
>> Larry Cohen
>>
>
>


-- 

[image: www.novetta.com]

Larry Cohen

System Administrator


12021 Sunset Hills Road, Suite 400

Reston, VA 20190

Email  lco...@novetta.com

Office  703-885-1064

Re: [users@httpd] Cannot access my webserver any longer

[Yehuda Katz]

When Chrome does not show the coninue option, it usually has an additional
error message where the button would be that shows more details.
For example, this is an HSTS error:
http://blogs.msdn.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-47-13-metablogapi/8446.chrome37_5F00_404325B2.png

Microsoft lists several reasons that the continue button would not be shown
in IE.
http://blogs.msdn.com/b/ieinternals/archive/2014/02/02/10481591.aspx

The error page’s *Continue* link is hidden:

   1. If the certificate is revoked
   2. If the certificate is deemed insecure
   

(e.g.
   contains a 512-bit RSA key)
   3. If the page is in a “pinned site” instance
   

   4. If group policy is set to Prevent Ignoring Certificate Errors


The article is old, but I believe these are still correct.
Could one of those be your issue?
- Y

On Fri, Jun 26, 2015 at 1:06 PM, Cohen, Laurence  wrote:

> Thanks for the response Yehuda.  Unfortunately Chrome doesn't give me this
> error.  It just tells me that my connection isn't private.  When I click on
> advanced there is no option to go forward to the web server like I get on
> some of the other servers I work with.
>
> Larry Cohen
>
> On Fri, Jun 26, 2015 at 12:33 PM, Yehuda Katz  wrote:
>
>> I have seen this happen when you send an HSTS header. The Chrome error
>> would say that specifically.
>> A workaround would be to install that certificate on your system (with
>> the mmc certificate snap-in) so that it becomes a trusted certificate -
>> trusted site in IE is not enough.
>>
>> - Y
>>
>> On Fri, Jun 26, 2015 at 10:54 AM, Cohen, Laurence 
>> wrote:
>>
>>> I have a test server on which we have a self-signed certificate.  I get
>>> the error "There is a problem with this website's security certificate."
>>> which is expected because I'm using a self-signed cert.  Normally I click
>>> on "Continue to this website (not recommended)." and it goes through to my
>>> website without a problem.  Now, however, the only thing that happens is
>>> that the link mentioned in the last sentence disappears, and I don't get to
>>> my website.
>>>
>>> I'm using IE currently, but I've also tested in Firefox and Chrome and I
>>> basically have the same problem.  The apache version is 2.2.  I looked
>>> around for a solution, and I've added my site to the trusted sites as
>>> recommended, but it still doesn't work.  I looked in the error_log and I
>>> don't see anything except a child connecting and then disconnecting right
>>> after that.
>>>
>>> Any suggestions would be appreciated.
>>>
>>> Thanks,
>>>
>>> Larry Cohen
>>>
>>
>>
>
>
> --
>
> [image: www.novetta.com]
>
> Larry Cohen
>
> System Administrator
>
>
> 12021 Sunset Hills Road, Suite 400
>
> Reston, VA 20190
>
> Email  lco...@novetta.com
>
> Office  703-885-1064
>
>

Re: [users@httpd] Cannot access my webserver any longer

[Cohen, Laurence]

Thank you.  Chrome says "You cannot visit website xxx.yyy.com right now
because the website sent scrambled credentials that Chrome cannot process.
I'm not sure where these credentials are coming from, but I'm assuming this
is the .crt files in httpd/conf/ssl.crt.

Thanks,

Larry

On Fri, Jun 26, 2015 at 1:16 PM, Yehuda Katz  wrote:

> When Chrome does not show the coninue option, it usually has an additional
> error message where the button would be that shows more details.
> For example, this is an HSTS error:
> http://blogs.msdn.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-47-13-metablogapi/8446.chrome37_5F00_404325B2.png
>
> Microsoft lists several reasons that the continue button would not be
> shown in IE.
> http://blogs.msdn.com/b/ieinternals/archive/2014/02/02/10481591.aspx
>
> The error page’s *Continue* link is hidden:
>
>1. If the certificate is revoked
>2. If the certificate is deemed insecure
>
> 
>  (e.g.
>contains a 512-bit RSA key)
>3. If the page is in a “pinned site” instance
>
> 
>4. If group policy is set to Prevent Ignoring Certificate Errors
>
>
> The article is old, but I believe these are still correct.
> Could one of those be your issue?
> - Y
>
> On Fri, Jun 26, 2015 at 1:06 PM, Cohen, Laurence 
> wrote:
>
>> Thanks for the response Yehuda.  Unfortunately Chrome doesn't give me
>> this error.  It just tells me that my connection isn't private.  When I
>> click on advanced there is no option to go forward to the web server like I
>> get on some of the other servers I work with.
>>
>> Larry Cohen
>>
>> On Fri, Jun 26, 2015 at 12:33 PM, Yehuda Katz  wrote:
>>
>>> I have seen this happen when you send an HSTS header. The Chrome error
>>> would say that specifically.
>>> A workaround would be to install that certificate on your system (with
>>> the mmc certificate snap-in) so that it becomes a trusted certificate -
>>> trusted site in IE is not enough.
>>>
>>> - Y
>>>
>>> On Fri, Jun 26, 2015 at 10:54 AM, Cohen, Laurence 
>>> wrote:
>>>
 I have a test server on which we have a self-signed certificate.  I get
 the error "There is a problem with this website's security certificate."
 which is expected because I'm using a self-signed cert.  Normally I click
 on "Continue to this website (not recommended)." and it goes through to my
 website without a problem.  Now, however, the only thing that happens is
 that the link mentioned in the last sentence disappears, and I don't get to
 my website.

 I'm using IE currently, but I've also tested in Firefox and Chrome and
 I basically have the same problem.  The apache version is 2.2.  I looked
 around for a solution, and I've added my site to the trusted sites as
 recommended, but it still doesn't work.  I looked in the error_log and I
 don't see anything except a child connecting and then disconnecting right
 after that.

 Any suggestions would be appreciated.

 Thanks,

 Larry Cohen

>>>
>>>
>>
>>
>> --
>>
>> [image: www.novetta.com]
>>
>> Larry Cohen
>>
>> System Administrator
>>
>>
>> 12021 Sunset Hills Road, Suite 400
>>
>> Reston, VA 20190
>>
>> Email  lco...@novetta.com
>>
>> Office  703-885-1064
>>
>>
>


-- 

[image: www.novetta.com]

Larry Cohen

System Administrator


12021 Sunset Hills Road, Suite 400

Reston, VA 20190

Email  lco...@novetta.com

Office  703-885-1064

Re: [users@httpd] Cannot access my webserver any longer

[Yehuda Katz]

That is a generic error message when Chrome does not have a more specific
error to show.

Something else I would try is to use something like the openssl command
line to verify the certificate.
You can use the command "openssl s_client -connect server_name:443" to have
OpenSSL tell you what certificate is actually being served.
Once it gets to the end of the output, it will appear to hang - it is
actually waiting for input, so you can just stop it.
The output should show you the protocol and ciphers that were in use.
Example:
[image: Inline image 1]

What does yours say?

- Y


On Fri, Jun 26, 2015 at 1:21 PM, Cohen, Laurence  wrote:

> Thank you.  Chrome says "You cannot visit website xxx.yyy.com right now
> because the website sent scrambled credentials that Chrome cannot process.
> I'm not sure where these credentials are coming from, but I'm assuming this
> is the .crt files in httpd/conf/ssl.crt.
>
> Thanks,
>
> Larry
>
> On Fri, Jun 26, 2015 at 1:16 PM, Yehuda Katz  wrote:
>
>> When Chrome does not show the coninue option, it usually has an
>> additional error message where the button would be that shows more details.
>> For example, this is an HSTS error:
>> http://blogs.msdn.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-47-13-metablogapi/8446.chrome37_5F00_404325B2.png
>>
>> Microsoft lists several reasons that the continue button would not be
>> shown in IE.
>> http://blogs.msdn.com/b/ieinternals/archive/2014/02/02/10481591.aspx
>>
>> The error page’s *Continue* link is hidden:
>>
>>1. If the certificate is revoked
>>2. If the certificate is deemed insecure
>>
>> 
>>  (e.g.
>>contains a 512-bit RSA key)
>>3. If the page is in a “pinned site” instance
>>
>> 
>>4. If group policy is set to Prevent Ignoring Certificate Errors
>>
>>
>> The article is old, but I believe these are still correct.
>> Could one of those be your issue?
>> - Y
>>
>> On Fri, Jun 26, 2015 at 1:06 PM, Cohen, Laurence 
>> wrote:
>>
>>> Thanks for the response Yehuda.  Unfortunately Chrome doesn't give me
>>> this error.  It just tells me that my connection isn't private.  When I
>>> click on advanced there is no option to go forward to the web server like I
>>> get on some of the other servers I work with.
>>>
>>> Larry Cohen
>>>
>>> On Fri, Jun 26, 2015 at 12:33 PM, Yehuda Katz  wrote:
>>>
 I have seen this happen when you send an HSTS header. The Chrome error
 would say that specifically.
 A workaround would be to install that certificate on your system (with
 the mmc certificate snap-in) so that it becomes a trusted certificate -
 trusted site in IE is not enough.

 - Y

 On Fri, Jun 26, 2015 at 10:54 AM, Cohen, Laurence 
 wrote:

> I have a test server on which we have a self-signed certificate.  I
> get the error "There is a problem with this website's security
> certificate." which is expected because I'm using a self-signed cert.
> Normally I click on "Continue to this website (not recommended)." and it
> goes through to my website without a problem.  Now, however, the only 
> thing
> that happens is that the link mentioned in the last sentence disappears,
> and I don't get to my website.
>
> I'm using IE currently, but I've also tested in Firefox and Chrome and
> I basically have the same problem.  The apache version is 2.2.  I looked
> around for a solution, and I've added my site to the trusted sites as
> recommended, but it still doesn't work.  I looked in the error_log and I
> don't see anything except a child connecting and then disconnecting right
> after that.
>
> Any suggestions would be appreciated.
>
> Thanks,
>
> Larry Cohen
>


>>>
>>>
>>> --
>>>
>>> [image: www.novetta.com]
>>>
>>> Larry Cohen
>>>
>>> System Administrator
>>>
>>>
>>> 12021 Sunset Hills Road, Suite 400
>>>
>>> Reston, VA 20190
>>>
>>> Email  lco...@novetta.com
>>>
>>> Office  703-885-1064
>>>
>>>
>>
>
>
> --
>
> [image: www.novetta.com]
>
> Larry Cohen
>
> System Administrator
>
>
> 12021 Sunset Hills Road, Suite 400
>
> Reston, VA 20190
>
> Email  lco...@novetta.com
>
> Office  703-885-1064
>
>

Re: [users@httpd] Cannot access my webserver any longer

[Cohen, Laurence]

Thank you.  We now found a couple of other users which are able to get
through to the website, so now some of us can and some of us can't.  I'm
guessing it has to be in the browsers of those of us who can't, but why
would we not be able to access from all browsers (IE, Firefox, Chrome)?
I'm extremely confused.

Thanks for all of your help.  This has taken a different turn so I think I
can take it from here.

Larry Cohen

On Fri, Jun 26, 2015 at 1:57 PM, Yehuda Katz  wrote:

> That is a generic error message when Chrome does not have a more specific
> error to show.
>
> Something else I would try is to use something like the openssl command
> line to verify the certificate.
> You can use the command "openssl s_client -connect server_name:443" to
> have OpenSSL tell you what certificate is actually being served.
> Once it gets to the end of the output, it will appear to hang - it is
> actually waiting for input, so you can just stop it.
> The output should show you the protocol and ciphers that were in use.
> Example:
> [image: Inline image 1]
>
> What does yours say?
>
> - Y
>
>
> On Fri, Jun 26, 2015 at 1:21 PM, Cohen, Laurence 
> wrote:
>
>> Thank you.  Chrome says "You cannot visit website xxx.yyy.com right now
>> because the website sent scrambled credentials that Chrome cannot process.
>> I'm not sure where these credentials are coming from, but I'm assuming this
>> is the .crt files in httpd/conf/ssl.crt.
>>
>> Thanks,
>>
>> Larry
>>
>> On Fri, Jun 26, 2015 at 1:16 PM, Yehuda Katz  wrote:
>>
>>> When Chrome does not show the coninue option, it usually has an
>>> additional error message where the button would be that shows more details.
>>> For example, this is an HSTS error:
>>> http://blogs.msdn.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-47-13-metablogapi/8446.chrome37_5F00_404325B2.png
>>>
>>> Microsoft lists several reasons that the continue button would not be
>>> shown in IE.
>>> http://blogs.msdn.com/b/ieinternals/archive/2014/02/02/10481591.aspx
>>>
>>> The error page’s *Continue* link is hidden:
>>>
>>>1. If the certificate is revoked
>>>2. If the certificate is deemed insecure
>>>
>>> 
>>>  (e.g.
>>>contains a 512-bit RSA key)
>>>3. If the page is in a “pinned site” instance
>>>
>>> 
>>>4. If group policy is set to Prevent Ignoring Certificate Errors
>>>
>>>
>>> The article is old, but I believe these are still correct.
>>> Could one of those be your issue?
>>> - Y
>>>
>>> On Fri, Jun 26, 2015 at 1:06 PM, Cohen, Laurence 
>>> wrote:
>>>
 Thanks for the response Yehuda.  Unfortunately Chrome doesn't give me
 this error.  It just tells me that my connection isn't private.  When I
 click on advanced there is no option to go forward to the web server like I
 get on some of the other servers I work with.

 Larry Cohen

 On Fri, Jun 26, 2015 at 12:33 PM, Yehuda Katz 
 wrote:

> I have seen this happen when you send an HSTS header. The Chrome error
> would say that specifically.
> A workaround would be to install that certificate on your system (with
> the mmc certificate snap-in) so that it becomes a trusted certificate -
> trusted site in IE is not enough.
>
> - Y
>
> On Fri, Jun 26, 2015 at 10:54 AM, Cohen, Laurence 
> wrote:
>
>> I have a test server on which we have a self-signed certificate.  I
>> get the error "There is a problem with this website's security
>> certificate." which is expected because I'm using a self-signed cert.
>> Normally I click on "Continue to this website (not recommended)." and it
>> goes through to my website without a problem.  Now, however, the only 
>> thing
>> that happens is that the link mentioned in the last sentence disappears,
>> and I don't get to my website.
>>
>> I'm using IE currently, but I've also tested in Firefox and Chrome
>> and I basically have the same problem.  The apache version is 2.2.  I
>> looked around for a solution, and I've added my site to the trusted sites
>> as recommended, but it still doesn't work.  I looked in the error_log 
>> and I
>> don't see anything except a child connecting and then disconnecting right
>> after that.
>>
>> Any suggestions would be appreciated.
>>
>> Thanks,
>>
>> Larry Cohen
>>
>
>


 --

 [image: www.novetta.com]

 Larry Cohen

 System Administrator


 12021 Sunset Hills Road, Suite 400

 Reston, VA 20190

 Email  lco...@novetta.com

 Office  703-885-1064


>>>
>>
>>
>> --
>>
>> [image: www.novetta.com]
>>
>> Larry Cohen
>>
>> Sys

Re: [users@httpd] ReDirect question

[James Moe]

On 06/25/2015 10:18 PM, Eric Covener wrote:
>> 
>> Redirect /catalog/?app=ecom&ns=catshow&ref=books \ 
>> https://ya250.infusionsoft.com/app/storeFront/handleStoreFrontLink?displayType=Category&id=1&displayName=Books
>>
>
>> 
> Redirect doesn't match against the query string. Try mod_rewrite.
> 
  The original URL is
http://sma-v3.sma.com/catalog/?app=ecom&ns=catshow&ref=books

  I then tried this:
RewriteEngine on
RewriteCond %{QUERY_STRING} app=ecom&ns=catshow&ref=books
RewriteRule ^
https://ya250.infusionsoft.com/app/storeFront/handleStoreFrontLink?displayType=Category&id=1&displayName=Books
[R=301,L]

  It does not match either. :-(

-- 
James Moe
moe dot james at sohnen-moe dot com
520.743.3936



signature.asc
Description: OpenPGP digital signature

Re: [users@httpd] ReDirect question

[Eric Covener]

On Fri, Jun 26, 2015 at 3:21 PM, James Moe  wrote:
> RewriteCond %{QUERY_STRING} app=ecom&ns=catshow&ref=books
> RewriteRule ^
> https://ya250.infusionsoft.com/app/storeFront/handleStoreFrontLink?displayType=Category&id=1&displayName=Books
> [R=301,L]

RewriteRule matches aginstt just the path, without the scheme host or
query string.

-- 
Eric Covener
cove...@gmail.com

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] ReDirect question

[Kurtis Rader]

On Fri, Jun 26, 2015 at 12:34 PM, Eric Covener  wrote:

> On Fri, Jun 26, 2015 at 3:21 PM, James Moe  wrote:
> > RewriteCond %{QUERY_STRING} app=ecom&ns=catshow&ref=books
> > RewriteRule ^
> >
> https://ya250.infusionsoft.com/app/storeFront/handleStoreFrontLink?displayType=Category&id=1&displayName=Books
> > [R=301,L]
>
> RewriteRule matches aginstt just the path, without the scheme host or
> query string.


That isn't the issue in this example. Notice that the rewrite rule pattern
is simply "^" which will match any path as it simply tests that the path
has a beginning (i.e., it anchors any subsequent part of the pattern to the
start of the path).

My question for James would be how do you know the query string has the
parameters in that exact order? Unless the query string has been
hand-crafted you cannot assume the parameters will appear in any specific
order. Also, your pattern doesn't handle the case where the parameters are
separated by semicolons (which is a legal alternative to ampersand). In
general matching against QUERY_STRING is very difficult to do in a robust
manner.

-- 
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank

Re: [users@httpd] ReDirect question

[Kurtis Rader]

On Fri, Jun 26, 2015 at 1:36 PM, Kurtis Rader  wrote:

> My question for James would be how do you know the query string has the
> parameters in that exact order? Unless the query string has been
> hand-crafted you cannot assume the parameters will appear in any specific
> order. Also, your pattern doesn't handle the case where the parameters are
> separated by semicolons (which is a legal alternative to ampersand). In
> general matching against QUERY_STRING is very difficult to do in a robust
> manner.
>

P.S., Here is an example from my config of how to robustly check for the
presence of a specific query string parameter. In this case I'm looking for
a reference to the WordPress "Revolution Slider" plugin which has had
numerous security flaws and I will never install on my site as a
consequence.

# Malware loves to probe for revslider plugin vulnerabilities. Since we
don't
# use it (and never will given its history of vulnerabilities) blacklist
# references to it. This is related to the blacklisted-path rules above.
RewriteCond %{REQUEST_URI} ^/wp-content/plugins/revslider/ [NC,OR]
RewriteCond %{QUERY_STRING} (?:^|&|;)action=revslider_ajax_action(?:&|;|$)
[NC,OR]
RewriteCond %{QUERY_STRING} (?:^|&|;)action=revslider_show_image(?:&|;|$)
[NC]
RewriteRule ^ /blocked.php [END,E=error-notes:probe-for-revslider-plugin]


-- 
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank

Re: [users@httpd] ReDirect question

[James Moe]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 06/26/2015 01:36 PM, Kurtis Rader wrote:
> My question for James would be how do you know the query string has
> the parameters in that exact order?
> 
  That is how our current shopping cart generates an URL to locate a
page. It is completely predictable. I wish to match the Query String
exactly as a string; I do not care about names and values.
  We are transitioning to another e-commerce service. I want to have
the current store category URLs and a select number of product URLs
re-directed to the new site's corresponding locations. Hence the
rewrite rule.

- -- 
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iEYEARECAAYFAlWN3G8ACgkQzTcr8Prq0ZMr/gCeJQEeFXbHBKjHVzpw4pPzwubI
fkoAnRXzkwDOpbsjmI1SRIRypiqVdv+D
=U7l9
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] Using LogLevel?

[James Moe]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


apache 2.4.10

  The mod_rewrite page mentions LogLevel as a useful way to trace
problems with ReWrite. So I added "LogLevel info
rewrite:trace5" to .htaccess and got "Internal Server Error".
  What else is needed to get LogLevel to work?

- -- 
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iEYEARECAAYFAlWN6V0ACgkQzTcr8Prq0ZPVkgCfd0mYC4kDhIVqpy+oXYwE8CNt
BTsAnizlR9j7xdIG2nhz8jS6o0oDDXj2
=rv2l
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] ReDirect question

[Kurtis Rader]

On Fri, Jun 26, 2015 at 4:12 PM, James Moe  wrote:

>   That is how our current shopping cart generates an URL to locate a
> page. It is completely predictable. I wish to match the Query String
> exactly as a string; I do not care about names and values.
>   We are transitioning to another e-commerce service. I want to have
> the current store category URLs and a select number of product URLs
> re-directed to the new site's corresponding locations. Hence the
> rewrite rule.


Works for me. I added

RewriteCond %{QUERY_STRING} app=ecom&ns=catshow&ref=books
RewriteRule ^ /forbidden.php [END,E=error-notes:qstring-matched]

to my config and did a "apachectl graceful". I then did

curl -v 'http://localhost/?app=ecom&ns=catshow&ref=books' > x

and received my expected  403 /forbidden.php output. If I repeat the curl
command with a single character changed in the query string it no longer
matches that rewrite rule and I get the index page for my server. So I
submit to you that either the query string is not in the form you expect or
there is something else wrong with your configuration. For example, perhaps
you have the rewrite rule in the wrong container (i.e., server, location,
directory, virtual host).

P.S., If you want to match the query string literally rather than as a
pattern which matches a subset of the query string you should preface the
pattern with an equal-sign:

RewriteCond %{QUERY_STRING} =app=ecom&ns=catshow&ref=books


-- 
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank

Re: [users@httpd] ReDirect question

[James Moe]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 06/26/2015 06:36 PM, Kurtis Rader wrote:
> So I submit to you that either the query string is not in the form
> you expect or there is something else wrong with your
> configuration. For example, perhaps you have the rewrite rule in
> the wrong container (i.e., server, location, directory, virtual
> host).
> 
  The rewrite is in <.htaccess>. Other rewrites work as expected.

> RewriteCond %{QUERY_STRING} =app=ecom&ns=catshow&ref=books
> 
  That was one of the many variants I have tried. It does not work
either. Since I cannot get logging to work either (grr), I cannot see
what is happening.

- -- 
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iEYEARECAAYFAlWOMXYACgkQzTcr8Prq0ZN5IgCaApg8zqo4q5kzW0L8gwVNOSU5
XdgAoK48mhdhaLxhcW5fDKx9v4FxJ0Rh
=Cv9w
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org