[users@httpd] apache 2.4 handling of subdomains with unallowed characters
Hello list, i have some subdomains with unallowed characters, in my case the underscore. In apache 2.2 subdomains like this worked: sub_domain.domain.com In apache 2.4 this produces a 400 servererror (bad request) It seems that apache 2.4's handling of allowed/not allowed chars is more strict. Is there a config-option to relax this behaviour to 2.2 standard? I looked but did not find proper directives. Otherwise i would quit using not allowed chars. Thanks, Hajo - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] https://www.berkshirefurniture.com Issue on .htaccess rule.
Hi Katz,
Yes i active access logs, now which date i see the log.
Problem Statement : Few Products redirects to Cart page.
Cart Page URL : https://www.berkshirefurniture.com/cart/
Cart Page htaccess redirects rule : RewriteRule ^cart(.*)$ cart.php
Products:
1. Click on : https://www.berkshirefurniture.com/search?q=carter&otracker=on
2. It opens Product Gallery.
3. Click on any first three product and normally it redirects to product
details page but it shows cart page content.
Product page Url:
https://www.berkshirefurniture.com/carter-mirrored-hall-chest/p/U0h8Y2FydGVy
https://www.berkshirefurniture.com/carter-motion-chair/p/U0h8Y2FydGVy
https://www.berkshirefurniture.com/carter-upholstered-bed/p/U0h8Y2FydGVy
Product Page htaccess redirects rule :
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([^/]*)/p/([^/]*)$ product-details.php?slug=$1&itmpath=$3
[L,NC]
First four letter of products url "carter" to "cart" matched with the cart
page link and that's the reason it moved to the cart page.
Sincerely
-
Rajib Karmakar
Creative Web Logo Technologies
Website: http://www.creativeweblogo.com
Mobile: +919874704940
Skype: creative.web.logo
© 2008-2017 Creative Web Logo Technologies.
On Sun, Jan 22, 2017 at 6:58 AM, Yehuda Katz wrote:
> It looks more likely to be a problem with your PHP script. When I searched
> your website for the product in your URL, I found a different URL:
> https://www.berkshirefurniture.com/carter-upholstered-bed/p/
> U0h8Y2FydGVyIHVwaG9sc3RlcmVkIGJlZA==
>
> Check your access logs and/or turn on rewrite logging to see what is going
> on.
>
> - Y
>
>
> On Sat, Jan 21, 2017 at 8:52 AM, Rajib Karmakar > wrote:
>
>> Good morning Team,
>>
>>
>> Below 2 rule i used for 2 different pages but 2nd URL when i click then
>> it nothing display any products, it show cart page. I need help regard this
>> issue.
>>
>>
>>
>> RewriteRule ^cart(.*)$ cart.php
>>
>> https://www.berkshirefurniture.com/cart/
>>
>>
>>
>> https://www.berkshirefurniture.com/carter-upholstered-bed/p/
>> bmV3LWFycml2YWw=
>>
>> ## For showing leaf sub category of item
>> RewriteCond %{REQUEST_URI} !^/([^/]*)/p
>> RewriteCond %{REQUEST_FILENAME} !-f
>> RewriteCond %{REQUEST_FILENAME} !-d
>> RewriteRule ^([^/]*)/([^/]*)/([^/]*)$
>> leafsub-category-gallery.php?slug=$1&subcat=$2&leafsubcat=$3
>> [L,NC]
>>
>>
>>
>>
>>
>>
>>
>> System Linux gator4245.hostgator.com 3.12.65-188.ELK6.x86_64 #1 SMP Thu
>> Oct 20 23:27:48 CDT 2016 x86_64
>> Build Date Oct 5 2015 15:33:22
>> Configure Command './configure' '--with-libdir=lib64' '--enable-bcmath'
>> '--enable-calendar' '--enable-dbase' '--enable-exif' '--enable-'
>> '--enable-ftp' '--enable-gd-native-ttf' '--enable-libxml'
>> '--enable-mbstring' '--enable-pdo' '--enable-soap' '--enable-sockets'
>> '--enable-sqlite-utf8' '--enable-wddx' '--enable-zip' '--prefix=/opt/php54'
>> '--with-bz2' '--with-curl' '--with-freetype-dir' '--with-gd'
>> '--with-gettext' '--with-imap=/opt/php_with_imap_client/'
>> '--with-imap-ssl' '--with-mcrypt=/opt/libmcrypt' '--with-kerberos'
>> '--with-jpeg-dir=/usr' '--with-xsl' '--with-mhash' '--with-mssql'
>> '--with-mysql=/usr' '--with-mysql-sock=/var/lib/mysql/mysql.sock'
>> '--with-mysqli=/usr/bin/mysql_config' '--with-openssl'
>> '--with-pdo-mysql=/usr' '--with-png-dir' '--with-pspell' '--with-tidy'
>> '--with-unixODBC=/usr' '--with-xmlrpc' '--with-zlib' '--enable-intl'
>> '--with-gmp' '--with-sqlite'
>> Server API CGI/FastCGI
>> Virtual Directory Support disabled
>> Configuration File (php.ini) Path /opt/php54/lib
>> Loaded Configuration File /opt/php54/lib/php.ini
>> Scan this dir for additional .ini files (none)
>> Additional .ini files parsed (none)
>> PHP API 20100412
>> PHP Extension 20100525
>> Zend Extension 220100525
>> Zend Extension Build API220100525,NTS
>> PHP Extension Build API20100525,NTS
>> Debug Build no
>> Thread Safety disabled
>> Zend Signal Handling disabled
>> Zend Memory Manager enabled
>> Zend Multibyte Support provided by mbstring
>> IPv6 Support enabled
>> DTrace Support disabled
>> Registered PHP Streams https, ftps, compress.zlib, compress.bzip2, php,
>> file, glob, data, http, ftp, phar, zip
>> Registered Stream Socket Transports tcp, udp, unix, udg, ssl, sslv3,
>> sslv2, tls
>> Registered Stream Filters zlib.*, bzip2.*, convert.iconv.*, mcrypt.*,
>> mdecrypt.*, string.rot13, string.toupper, string.tolower,
>> string.strip_tags, convert.*, consumed, dechunk
>>
>>
>> Sincerely
>> -
>> Rajib Karmakar
>>
>> Creative Web Logo Technologies
>> Website: http://www.creativeweblogo.com
>> Mobile: +919874704940
>> Skype: creative.web.logo
>> © 2008-2017 Creative Web Logo Technologies.
>>
>
>
Re: [users@httpd] https://www.berkshirefurniture.com Issue on .htaccess rule.
Hi, On Mon, Jan 23, 2017 at 11:20 AM, Rajib Karmakar wrote: > > Yes i active access logs, now which date i see the log. > > Problem Statement : Few Products redirects to Cart page. > > Cart Page URL : https://www.berkshirefurniture.com/cart/ > Cart Page htaccess redirects rule : RewriteRule ^cart(.*)$ cart.php You could possibly require the final '/' here to avoid trailing match, something like: RewriteRule ^cart(/.*)?$ cart.php Regards, Yann. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] apache 2.4 handling of subdomains with unallowed characters
i don't see any underscores here: ALPHA *( ALPHA / DIGIT / "+" / "-" / "." ) https://tools.ietf.org/html/rfc3986 On 23 January 2017 at 11:06, Hajo Locke wrote: > Hello list, > > i have some subdomains with unallowed characters, in my case the > underscore. > > In apache 2.2 subdomains like this worked: sub_domain.domain.com > In apache 2.4 this produces a 400 servererror (bad request) > > It seems that apache 2.4's handling of allowed/not allowed chars is more > strict. > > Is there a config-option to relax this behaviour to 2.2 standard? I looked > but did not find proper directives. > Otherwise i would quit using not allowed chars. > > Thanks, > Hajo > > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
Re: [users@httpd] apache 2.4 handling of subdomains with unallowed characters
also i dont recall to see any URL with _ before. is this spam? E On 23 January 2017 at 22:06, Erik Dobák wrote: > i don't see any underscores here: > > ALPHA *( ALPHA / DIGIT / "+" / "-" / "." ) > > https://tools.ietf.org/html/rfc3986 > > > On 23 January 2017 at 11:06, Hajo Locke wrote: > >> Hello list, >> >> i have some subdomains with unallowed characters, in my case the >> underscore. >> >> In apache 2.2 subdomains like this worked: sub_domain.domain.com >> In apache 2.4 this produces a 400 servererror (bad request) >> >> It seems that apache 2.4's handling of allowed/not allowed chars is more >> strict. >> >> Is there a config-option to relax this behaviour to 2.2 standard? I >> looked but did not find proper directives. >> Otherwise i would quit using not allowed chars. >> >> Thanks, >> Hajo >> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> >> >
RE: [users@httpd] apache 2.4 handling of subdomains with unallowed characters
DNS doesn’t allow underscore in host and domain names so how a URL with an underscore would have ever worked is beyond me. Darryl Baker Sr. System Administrator Northwestern | Information Technology www.it.northwestern.edu
[users@httpd] Configuring redirects httpd behind a TLS-terminating proxy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, I've got an EC2 instance behind a load balancer where TLS is being terminated. I've arranged for two separate httpd (2.4.25) VirtualHosts: one for the secure connections (proxied from the lb) and another for the non-secure connections. I have a Redirect directive that isn't behaving as I'd like it to behave : RedirectMatch permanent ^/$/site/ I have the same redirect in both VirtualHosts. The redirect itself works, but it doesn't preserve the secure-protocol when I'm using the secure VirtualHost. I have this directives to attempt to set the HTTPS environment variable: # Handle ELB requests; maintain client information SetEnvIf X-Forwarded-Proto "https" HTTPS=On SetEnvIf X-Forwarded-Port "(.*)" JK_LOCAL_PORT=$1 I can confirm that ELB is in fact sending the "X-Forwarded-Proto: https" header to my httpd instance. I can also see that the HTTPS environment variable is in fact being set to "On" when I make a request. I'm expecting httpd to redirect a request from "https://www.example.com/"; to "https://www.example.com/site/"; but instead I'm getting redirected to "http://www.example.com/site/";. Can anyone see anything wrong with my configuration? Or do I have a misunderstanding of how RedirectMatch will built its relative URLs? I'd expect the redirects to be protocol-relative, but even though HTTPS=On, the request from the LB is actually using HTTP and not HTTPS. Am I not able to override the protocol by setting the HTTPS environment variable? Do I have to build an absolute redirect using other environment variable s? - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYhn6RAAoJEBzwKT+lPKRYPGgQAJxY2qq2wAxhzV21iQJFz/qz vviFasPk17/ezD7ZGM1yHuxOrTrZRglvIRUXrRB3MWBX55fX11NsryxfKNigxOpw TXtmJQNAScvXZfGdSVkVNcSNHN6FWKE+QRNhtPNhVoyxWP1fUdc00bzFCX3PDvoo +8ASJJDV+0Qy5O0IlVv4B1uBnfzhVaxBgi2UYzGF8jyrbgUXHUA9R14FtXN6DNqw Q4UKBXD6W5wS1zPYep9oHs0aqQIycvAXTFB20dwfaZ/Qft/wED2ACNOg60hRtQ3x tP57zjEQqxzHKPHsTYaM4k6so69lIL9uoNUBgN1Q/Eqyl+ufF13y2EasjL4Y2Svz qUFzyP85xFHTxnR8QvAYvmL4jqrf2ynZWnKHLDoVs1y9BOb0Iv4/8EWqcaIOG4QF MlUxoSY32Z/BA3oxkE3pTzzqeyjZTY3ITMtdNDFMWFoDa3iTDBFNjfcUOYJSuaZx 7Q9A7NYtMpTFvTxVpQmz+PFkVpDqmF/xxHO/B9LaPcjTCWqqYU+m5/GTugW/pcoH LVKfiPEbAYkjmOIR/+BE2x2YU4PglTIrzKfB2MlyHq/3qU3/SNvL+qM0xs6V1tdN OtLx83lrEKecuqiH3A6zGPpcKqzdCGCMJxbg/jq5QJXMLs3/sSYyo15EjUEQYfjZ Wn+RdQYSpwcWQ8eoLQVF =mJ4i -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Guidance on Fail Over for Load Balancers
I did search the archives of this list before posting. We are going to use the Apache HTTP Server as a load balancer for a cluster of Tomcat servers. We do not want the load balancer to be a single point of failure. Is it possible to cluster or set up fail over for the load balancers? Any guidance would be appreciated. There are of course expensive corporate solutions available. We would like to stay with Apache if we can. Kind regards, Mike
Re: [users@httpd] Guidance on Fail Over for Load Balancers
You could set up two HTTPD servers with a shared IP address (using VRRP with keepalived). In that case, I highly recommend using a configuration management tool (for example, puppet or chef) to make sure both systems have the same settings. If the two load balancers need to share session information (for example, for visitor pinning) then it gets a bit more complicated. - Y On Mon, Jan 23, 2017 at 6:32 PM, Michael Duffy wrote: > I did search the archives of this list before posting. > > We are going to use the Apache HTTP Server as a load balancer for a > cluster of Tomcat servers. > > We do not want the load balancer to be a single point of failure. > > Is it possible to cluster or set up fail over for the load balancers? Any > guidance would be appreciated. > > There are of course expensive corporate solutions available. We would > like to stay with Apache if we can. > > Kind regards, > > Mike > >
[users@httpd] Piping creates process per hour
I am writing messages to error_log file as well as sending to std out. The setting looks like ErrorLog "| /usr/bin/tee -a /var/log/httpd/error_log | java -cp producer.jar stdin.producer.StdInProducer /CustomProducer/config.json >> /producer_init.log 2>&1"`
[users@httpd] Piping logs to a java process : creates multiple processes
> > I am writing messages to error_log file as well as sending to std out. > > The setting looks like > > > ErrorLog "| /usr/bin/tee -a /var/log/httpd/error_log | java -cp > producer.jar stdin.producer.StdInProducer /CustomProducer/config.json >> > /producer_init.log 2>&1"` > > When httpd is started it spawns 2 processes and adds one every one hour, keeping all alive Only other thing happening per hour is rotation of error_log file by logrotate with copytruncate option (which copies the file data and truncates original file keeping the file descriptor unchanged ) I also tested it with another program with setting as follows which runs fine, so what am I doing wrong here ? ErrorLog "| /usr/bin/tee -a /var/log/httpd/error_log | /usr/bin/logger -u /tmp/apache_log.socket"
Re: [users@httpd] Piping logs to a java process : creates multiple processes
On Mon, Jan 23, 2017 at 7:36 PM, Milind Vaidya wrote: > When httpd is started it spawns 2 processes and adds one every one hour, > keeping all alive Your java program needs to exit when stdin returns EOF. -- Eric Covener cove...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Piping logs to a java process : creates multiple processes
Thanks for prompt reply Eric. Adding relevant code resolved, the issue of 2 processes at the beginning. Let me wait for logrotate to kick in and see over few hours how it behaves. On Mon, Jan 23, 2017 at 4:41 PM, Eric Covener wrote: > On Mon, Jan 23, 2017 at 7:36 PM, Milind Vaidya wrote: > > When httpd is started it spawns 2 processes and adds one every one hour, > > keeping all alive > > > Your java program needs to exit when stdin returns EOF. > > -- > Eric Covener > cove...@gmail.com > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
RE: [users@httpd] Configuring redirects httpd behind a TLS-terminating proxy
Try this in your non-ssl virtualhost
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
More about mod_ssl variables
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#envvars
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Tuesday, January 24, 2017 12:07 AM
To: users@httpd.apache.org
Subject: [users@httpd] Configuring redirects httpd behind a TLS-terminating
proxy
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
All,
I've got an EC2 instance behind a load balancer where TLS is being terminated.
I've arranged for two separate httpd (2.4.25)
VirtualHosts: one for the secure connections (proxied from the lb) and another
for the non-secure connections.
I have a Redirect directive that isn't behaving as I'd like it to behave
:
RedirectMatch permanent ^/$/site/
I have the same redirect in both VirtualHosts. The redirect itself works, but
it doesn't preserve the secure-protocol when I'm using the secure VirtualHost.
I have this directives to attempt to set the HTTPS environment variable:
# Handle ELB requests; maintain client information
SetEnvIf X-Forwarded-Proto "https" HTTPS=On
SetEnvIf X-Forwarded-Port "(.*)" JK_LOCAL_PORT=$1
I can confirm that ELB is in fact sending the "X-Forwarded-Proto:
https" header to my httpd instance.
I can also see that the HTTPS environment variable is in fact being set to "On"
when I make a request.
I'm expecting httpd to redirect a request from "https://www.example.com/"; to
"https://www.example.com/site/"; but instead I'm getting redirected to
"http://www.example.com/site/";.
Can anyone see anything wrong with my configuration? Or do I have a
misunderstanding of how RedirectMatch will built its relative URLs?
I'd expect the redirects to be protocol-relative, but even though HTTPS=On, the
request from the LB is actually using HTTP and not HTTPS. Am I not able to
override the protocol by setting the HTTPS environment variable?
Do I have to build an absolute redirect using other environment variable s?
- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJYhn6RAAoJEBzwKT+lPKRYPGgQAJxY2qq2wAxhzV21iQJFz/qz
vviFasPk17/ezD7ZGM1yHuxOrTrZRglvIRUXrRB3MWBX55fX11NsryxfKNigxOpw
TXtmJQNAScvXZfGdSVkVNcSNHN6FWKE+QRNhtPNhVoyxWP1fUdc00bzFCX3PDvoo
+8ASJJDV+0Qy5O0IlVv4B1uBnfzhVaxBgi2UYzGF8jyrbgUXHUA9R14FtXN6DNqw
Q4UKBXD6W5wS1zPYep9oHs0aqQIycvAXTFB20dwfaZ/Qft/wED2ACNOg60hRtQ3x
tP57zjEQqxzHKPHsTYaM4k6so69lIL9uoNUBgN1Q/Eqyl+ufF13y2EasjL4Y2Svz
qUFzyP85xFHTxnR8QvAYvmL4jqrf2ynZWnKHLDoVs1y9BOb0Iv4/8EWqcaIOG4QF
MlUxoSY32Z/BA3oxkE3pTzzqeyjZTY3ITMtdNDFMWFoDa3iTDBFNjfcUOYJSuaZx
7Q9A7NYtMpTFvTxVpQmz+PFkVpDqmF/xxHO/B9LaPcjTCWqqYU+m5/GTugW/pcoH
LVKfiPEbAYkjmOIR/+BE2x2YU4PglTIrzKfB2MlyHq/3qU3/SNvL+qM0xs6V1tdN
OtLx83lrEKecuqiH3A6zGPpcKqzdCGCMJxbg/jq5QJXMLs3/sSYyo15EjUEQYfjZ
Wn+RdQYSpwcWQ8eoLQVF
=mJ4i
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] apache 2.4 handling of subdomains with unallowed characters
On Mon, 2017-01-23 at 21:26 +, Darryl Philip Baker wrote: > DNS doesn’t allow underscore in host and domain names so how a URL > with an underscore would have ever worked is beyond me. Yeah, but is it the webserver's role to enforce that? Old answer: be liberal in what you accept. New answer: enforce HTTP much more strictly to pre-empt the next security alert based on smuggling something through. In reply to the OP, does HTTPProtocolOptions may be what you're looking for, though I haven't verified it. -- Nick Kew - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] apache 2.4 handling of subdomains with unallowed characters
Hello, Am 24.01.2017 um 07:01 schrieb Nick Kew: On Mon, 2017-01-23 at 21:26 +, Darryl Philip Baker wrote: DNS doesn’t allow underscore in host and domain names so how a URL with an underscore would have ever worked is beyond me. Yeah, but is it the webserver's role to enforce that? Old answer: be liberal in what you accept. New answer: enforce HTTP much more strictly to pre-empt the next security alert based on smuggling something through. In reply to the OP, does HTTPProtocolOptions may be what you're looking for, though I haven't verified it. yes, |HttpProtocolOptions is the option i was looking for, Thanks. The invalid subdomain is working again. I am aware of dangers by setting this to unsafe. I will try to avoid this und eliminate this invalid hosts. Thanks, Hajo |
