[EMAIL PROTECTED] Cluster Question
Before I begin, let me make it clear I'm new to apache and open to suggestion/ direction to references. Thanks in advance. We have an IBM cluster at work. It is set up as a typical cluster. Box A and Box B with shared space. It is supposed to be our HTTP server. So virtual Box C is the entry point. So as I understand it, I need to install Apache on both Box A and Box B. What esle do I need to do to get this up and running? Is it just a matter of the config files? What would thoses settings look like? Thanks for any help/direction. Brian __ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Apache 2.2.8 VirtuaHost and a NAS
I have windows XP SP2 and have just upgraded to Apache 2.2.8 and have all of the settings running for my existing websites on local hard drives. However, due to a large increase in multimedia content I have added a 2TB NAS device and have it mapped as a drive letter 'L:' for the local machine that Apache is running on. When I change the DocumentRoot in the virtualhost (httpd-vhosts.conf) and under httpd.conf to read as: DocumentRoot "L:/test" When I compile the configs it checks out ok. Then when starting the Apache server I get a popup box stating that "requested operation has failed". Then when checking the error logs I see the message that: "Syntax error on line 246 of E:/AppServ/Apache 2.2.8/conf/httpd.conf: path is invalid." Is there no way to reference to a network mapped device that Apache will accept? Normally I would direct reference the local NAS device IP via \\\share\test\ but I am unsure how that would be entered for Apache. Thoughts? Thanks. Brian - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Apache 2.2.8 VirtuaHost and a NAS
Yes but all of the paths are treated as Unix style. Ie... The original working website works with a local hard drive called 'E:' So "E:/test/" works and displays the website. However "L:/test/" does not. -Original Message- From: Graeme Fowler [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 04, 2008 3:13 AM To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] Apache 2.2.8 VirtuaHost and a NAS Hi On Mon, 2008-03-03 at 21:10 -0900, Brian wrote: > DocumentRoot "L:/test" Wouldn't that be "L:\test", with a backslash? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Apache 2.2.8 VirtuaHost and a NAS
William A. Rowe, Jr. wrote: >Joshua Slive wrote: >> On Tue, Mar 4, 2008 at 7:13 AM, Graeme Fowler <[EMAIL PROTECTED]> wrote: >>> Hi >>> >>> On Mon, 2008-03-03 at 21:10 -0900, Brian wrote: >>> > DocumentRoot "L:/test" >>> >>> Wouldn't that be "L:\test", with a backslash? >> >> No, all paths in httpd.conf should use forward slashes. >> >> The problem of not being able to access network drives is typically >> explained by running apache as a service under privileges that don't >> allow network access (usually LocalSystem). See: >> http://httpd.apache.org/docs/2.2/platform/windows.html#winsvc > >Exactly; it's also worth using //machine/share/ syntax instead of L: since >the service control manager won't mount up L: for you. > >But if the service "run as" account doesn't have access to //machine/share, >httpd won't start. See your application event log for details. > Ok, thank you both to you Will and Joshua! It works now. First off in case anyone tried to do something similar setting it up to run as a windows account which has access to the NAS was already done, but I missed the step where it had to have log on as a service modified. 1. Create a normal domain user account, and be sure to memorize its password. **2. Grant the newly-created user a privilege of Log on as a service and Act as part of the operating system. You can also manually set these via the Local Security Policy MMC snap-in. ** 3. Confirm that the created account is a member of the Users group. Grant the account read and execute (RX) rights to all document and script folders (htdocs and cgi-bin for example). 4. Grant the account change (RWXD) rights to the Apache logs directory. 5. Grant the account read and execute (RX) rights to the httpd.exe binary executable Additionally I did not know until now that the service control manager would not mount the drive even though it shows in the OS as already being mounted. Good to know. And yes, ///share/test/ did work perfectly!! Thanks again to both of you. Brian - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Slow/incomplete response on subsequent dynamic page reloads
Running Apache 2.2.8/PHP 4.3.10 on Linux 2.6.9-42 kernel. After some tweaking, initial response time for static pages is very fast. The first access of a dynamic page is extremely fast as well. However, subsequent reloads are usually much slower, and many time the response is incomplete (or, the browser simply waits for a response that never comes). I and others have tested with several different browsers from several different locations; results always the same: Dynamic pages load quickly on initial access, but reloads are slow and/or incomplete. I'm running all defaults for directives in httpd.conf. There is no swapping going on and the httpd process doesn't appear "hung" on subsquent reloads: It briefly jumps to the top of the process list, then returns to idle again. Doesn't matter what PHP app I access: The few I'm running exhibit the same behavior, even a test page displaying phpinfo(). Any ideas on how to troubleshoot, or what the problem might be? Anyone suspect that this might not be an Apache problem, but a PHP problem instead? Caching issue? --Brian
[users@httpd] Problem with suexec in apache 2.4
/I'm getting a 404 when I try to use suexec. I'm using centos 7, apache
2.4.9, and php 5.5.14. I compiled from source./
/Here is my virtual host:/
/-/
//
/ServerAdmin ad...@example.com/
/ServerName tst01.local/
/DocumentRoot "/home/tst01/public_html"/
/#for suexec/
/SuexecUserGroup tst01 tst01/
/ScriptAlias /php5-cgi /home/tst01/bin/php-cgi /
/Action php5-cgi /php5-cgi /
/AddHandler php5-cgi .php /
//
/Options Indexes FollowSymLinks /
/AllowOverride all/
/Require all granted/
//
//
/Options Indexes FollowSymLinks ExecCGI /
/AllowOverride all/
/Require all granted/
//
/ErrorLog /home/tst01/logs/error.log/
/CustomLog /home/tst01/logs/access.log combined/
//
/-/
/My /etc/hosts has: 10.0.2.15 tst01.local/
/I have the file /home/tst01/public_html/whoami.php/
//
/";/
/echo exec('/usr/bin/whoami');?>/
/-/
/I changed the permissions to 755/
/The file has /home/tst01/bin/php-cgi/
//
/#!/bin/bash /
//usr/local/php5p5/bin/php-cgi "$@"/
//
/It permissions is 755 and owner is tst01/
/In a browser if I go to http://tst01.local/whoami.php. I get a 404 with
the msg "The requested URL /php5-cgi/whoami.php was not found on this
server"./
/I can run php without suexec when I link directly to the php in
/usr/local. /
/I'm trying to replace suphp. I'm open to other options. /
/Brian/
[us...@httpd] Shared DavLockDB between servers?
Is it possible to share the DavLockDB between more than one apache server? I'd like to use two apache servers for webdav and load balance between them, but I also need consistent file locking between them. Each one mounts the web root over NFS. I've tried pointing the DavLockDB to a shared location on the nfs share, but our developers are still able to check out files in Dreamweaver that are already locked if they don't hit the same server the file was originally checked out on. Brian - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] IPv4 -> IPv6 name based proxy?
Hello all, I'm working on a project to redesign our web hosting infrastructure. For various reasons our basic plan is to have a fleet of VMs that do virtual hosting from an IPv6 only VLAN. Since most of the world is still IPv4 we'll need some service to allow IPv4 only clients to talk to our IPv6 only servers. We'd like this service to be fairly stupid simple and require little to no configuration so our current thought is a little Perl daemon. Basically, when a request comes in the service will look at the Host header, do a lookup and begin a proxy session between the client and the corresponding IPv6 vhost. It will populate the X-Forwarded-* headers, but other than that just pass data back and forth. Now, my question is is there a way to do something like this directly with Apache without specifying for each virtual host which IPv6 address to send the request to? Thanks, Brian - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Question about how to fetch html?
Hi all.
Currently I am creating a http-based proxy system to fetch a html data
between users' browser ans web server.
In fact, I did it by adding some code in
ap_proxy_http_process_response function as follows
Here is a part of ap_proxy_http_process_response function and I added
some code to see bb (apr_bucket_brigade)
in the place, "/* my code */"
do {
.
/* found the last brigade? */
if (APR_BUCKET_IS_EOS(APR_BRIGADE_LAST(bb))) {
/* signal that we must leave */
finish = TRUE;
}
/* my code */
/* try send what we read */
if (ap_pass_brigade(r->output_filters, bb) != APR_SUCCESS
|| c->aborted) {
/* Ack! Phbtt! Die! User aborted! */
backend->close = 1; /* this causes socket
close below */
finish = TRUE;
}
}while(...);
By the way, this given code seems to repeat getting a partial html and
passing it down. However,
I want to parse the complete html, analyze it and send it to users' browser.
By concatenating the partial html, I can create a complete html data
and parse it. However, it only can happen
after the html is already sent according to the above program structure.
Does anyone know about how to fix this problem? Is there any general
way to fetch html?
Thanks.
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Question about how to fetch html?
Thanks. Sorry for unclear explanations. Basically I want to make my proxy system do (1) parsing the html data, (2) analyzing the html data, (3) modifying some of the html data and then sending it to users. Here, the problem is that it is hard to finish (1), (2) & (3) jobs before sending the html data. I am looking for the way of implementing it. Does André or anybody have any idea? On Fri, Jun 12, 2009 at 5:15 PM, André Warnier wrote: > Brian Kim wrote: >> >> Hi all. >> > Hi Brian. > >> Currently I am creating a http-based proxy system to fetch a html data >> between users' browser ans web server. > > That's usually what browsers do already, but ok.. > >> >> In fact, I did it by adding some code in >> ap_proxy_http_process_response function as follows >> > ... some courageous lines removed for clarity here ... > >> >> By the way, this given code seems to repeat getting a partial html and >> passing it down. > > Yep, that's usually what webservers do. And proxies too. > Suggestions and patches for improvement are always welcome though. > > However, I want to parse the complete html, analyze it and send it to users' > browser. > > Well, the browser already does that all by itself, so it's not clear what > your purpose is, here. > >> >> By concatenating the partial html, I can create a complete html data >> and parse it. > > That basic idea is ok. > > However, it only can happen after the html is already sent according to the > above program structure. > > Don't understand exactly what structure you're referring to, but yes, it is > hard to parse the html before the server sent it. > >> >> Does anyone know about how to fix this problem? > > It is not quite clear what the problem is, here. > > Is there any general way to fetch html? >> > > With a browser maybe ? > > ;-) > > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] How to modify ap_proxy_http_process_response in mod_proxy_http.c
Hi. All.
Here is a part of ap_proxy_http_process_response function.
static
apr_status_t ap_proxy_http_process_response(. ) {
do {
apr_off_t readbytes;
apr_status_t rv;
rv = ap_get_brigade(rp->input_filters, bb,
AP_MODE_READBYTES, mode,
conf->io_buffer_size);
.
.
/* found the last brigade? */
if (APR_BUCKET_IS_EOS(APR_BRIGADE_LAST(bb))) {
/* signal that we must leave */
finish = TRUE;
}
/* try send what we read */
if (ap_pass_brigade(r->output_filters, bb) != APR_SUCCESS
|| c->aborted) {
/* Ack! Phbtt! Die! User aborted! */
backend->close = 1; /* this causes socket close below */
finish = TRUE;
}
/* make sure we always clean up after ourselves */
apr_brigade_cleanup(bb);
} while (!finish);
}
I understood they work this way.
(1) ap_get_brigade function gets a brigade data structure (bb) from network .
(2) Then, ap_pass_brigade passes it to r->output_filters,which seems
to send it to network
(3) (1) & (2) repeat until it gets the last part of html data.
Each brigade seems to get a partial data of input html.
The above (1) process seems to get a data from web server of accessed url,
and (2) process seems to pass the received data to a client(Web browser)
I would like to pass each brigade to r->output_filters after I get
every brigade.
Simply saying, let's say a html is a collection of partial data, H1, H2 and H3.
The way that the current source is doing is,
Get H1, Pass H1, Get H2, Pass H2, Get H3, Pass H3..
The way that I would like to change is,
Get H1, Get H2, Get H3, Pass H1, Pass H2, Pass H3..
Does anybody have any experience?
Thanks
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] global variable use in mod_proxy_http.c
Hi. All. In mod_proxy_http.c, I globally declared a variable, like unsiged int count = 0; And I make it increase whenever the proxy gets a new http request. I expect it increases like 1, 2, 3, 4,... but it is always same 1. Does anydoby know why this happens? How can I use a global variable in mod_proxy_http? I am really new to this proxy stuff. I hope somebody can anwser to my simple question. Thanks. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] global variable use in mod_proxy_http.c
Thanks to Sander & André, I clearly understood why it happened and how I can get it over. Now I am looking at an example,.mod_example_ipc.c, to use a shared memory space. Thanks again. On Wed, Jun 24, 2009 at 5:31 PM, André Warnier wrote: > Brian Kim wrote: >> >> Hi. All. >> >> In mod_proxy_http.c, I globally declared a variable, like unsiged int >> count = 0; >> >> And I make it increase whenever the proxy gets a new http request. >> >> I expect it increases like 1, 2, 3, 4,... but it is always same 1. >> >> Does anydoby know why this happens? How can I use a global variable in >> mod_proxy_http? >> > Not a simple answer, but read this : > http://marc.info/?l=apache-httpd-users&m=124467015611975&w=2 > > The basic point is : when it starts, Apache is a single process. That one > loads mod_proxy, with your variable initialised to 0. > Then that main Apache forks into children. Each child is an exact copy, > thus also with the variable = 0. > The main Apache does not serve requests, so its copy always remains 0. > But it distributes requests, 1 per child, as they come in. > So probably your first request gets handled by child #1. It serves the > request, and increments the variable, which for this child is now 1. > Then your next request comes in, and is handled by child #2. > Its variable is still 0. So it serves the request and increments the > variable. > Then your next request comes in and is served by child #3. > And so on. > Until... enough requests have come in, that a child that has been used > before, gets re-used. Then the variable is at 1, and now becomes 2. > But only in that child. > And so on. > > Got it ? > > If you start your Apache with a maximum of 3 children e.g., then after 4 > requests you are guaranteed to see a 2. > > Morality : you have to find a place to store your counter, that is common to > all children (or threads). And of course synchronise access to it. > > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Shared Memory Size?
Hi all Due to some fellows' advice, I got to know we cannot use a global variable as we do in a single program. Now I use an example, "mod_example_ipc.c" to use the shared memory. The shared memory is containing user specific data for each ip accessing to my proxy server. I was wondering about how much the shared memory is available. If it does not guarantee much space, the scalibility may be issue later. Does anybody know about the size spec of the shared memory? Thanks! - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Shared Memory Size?
Hi. I am a beginner of Apache. When you say, "what "sessions" are for", does that mean I can create sessions to make more shared memory? Do you have any sample code for sessions? Does anybody know what the limit of shared memory is exactly? Thanks. On Wed, Jul 1, 2009 at 5:47 PM, Lyle Wincentsen wrote: > I don't know what the limit on shared memory would be, but it seems like > what you're describing is exactly what "sessions" are for. > > On Wed, Jul 1, 2009 at 3:51 PM, Brian Kim <09su.resea...@gmail.com> wrote: >> >> Hi all >> >> Due to some fellows' advice, I got to know we cannot use a global >> variable as we do in a single program. >> >> Now I use an example, "mod_example_ipc.c" to use the shared memory. >> >> The shared memory is containing user specific data for each ip >> accessing to my proxy server. >> >> I was wondering about how much the shared memory is available. >> >> If it does not guarantee much space, the scalibility may be issue later. >> >> Does anybody know about the size spec of the shared memory? >> >> Thanks! >> >> - >> The official User-To-User support forum of the Apache HTTP Server Project. >> See http://httpd.apache.org/userslist.html> for more info. >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> " from the digest: users-digest-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> > > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd]
The answer is 12. On Mon, Jul 6, 2009 at 4:03 AM, John Winther wrote: > help -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Invalid ELF Header?
Hi. all. I tried to add hash library(polarssl) to apache, but I got the Invalid ELF Header error when I began proxy module. Is there anybody who knows the reason? Is it a library problem? Thanks in advance - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Transparent Proxy?
Hi all. I am trying to make the current proxy into transparent one. I got to know I may need to use squid software. Is it right? Is there anybody who can explain how to implement transparent proxy? Is there any good tutorial or good starting point? Thanks. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Transparent Proxy Server Installation
Hi. All. I am a beginner. So I really need somebody's help. I have asked a question about the transparent http apache server. Nobody answers it yet, so I ask it again and add what I have done until now. I have set up a server to have two ethernet interface. One is connected to a swtich to get all packets from users. The other is connected to WWW My Apache uses 8080 port and I use "iptables" to get all users' http-request(80) packet to have 8080 port # as follows iptables -t nat -A PREROUTING -i incomminginterface -s sourceip -p tcp --dport 80 -j REDIRECT --to-port proxyport I guess I have to make the server work as a gateway for all accessing users, too. In addition, I need to do one more thing. After redirection, the destination address of a packet from a user will be changed to the local gateway address. So "something" should change the destination ip by looking at the tcp payload. For example. if it is www.google.com, the redirected data packet should have google's ip address as a destination. Then, the packet can be sent to outside. This is all I understand about transparent proxy background. I have no clue about "something" that I mentioned above. Does the proxy do it? Probably not.. I have searched that squid software does it. Is there anybody who have some ideas about transparent http proxy? Thanks. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Transparent Proxy Server Installation
Hi. As Andre mentioned, the browser needs a configuration for proxy. However, the transparent proxy allows users to access WWW without any configuration. In fact, I am suing Forward Proxy now and the reverse proxy seems to be the proxy that I meant. Am I right? Can anybody make it sure? On Tue, Jul 21, 2009 at 6:24 PM, André Warnier wrote: > Brian Kim wrote: > ... > I don't know about "transparent proxy", but I think what you are talking > about is a "forward proxy". > Have you read this on-line Apache documentation ? > > http://httpd.apache.org/docs/2.2/mod/mod_proxy.html > and in particular the section : > Forward Proxies and Reverse Proxies/Gateways > > ? > > You don't need to play with IPTables for this, at least not between your > internal client stations and the Apache forward proxy server. > But your client workstations browsers need to be configured to use the > Apache server as a HTTP proxy. > > Note that if this Apache server is directly connected to the internet, you > must protect this forward proxy function, so that it will be *only* > available to your internal clients. Otherwise anyone could use your proxy > to access other sites, and these accesses would be traced back to you. > Read the above documentation carefully. > > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Transparent Proxy Server Installation
The big picture for my http proxy is to install it to ISP level. It means users must not need to set up the proxy configuration In that sense, I thought a reverse proxy seems to be the transparent proxy. Is it right? On Wed, Jul 22, 2009 at 1:20 PM, Nick Kew wrote: > Brian Kim wrote: >> >> Hi. All. I am a beginner. So I really need somebody's help. >> >> I have asked a question about the transparent http apache server. >> >> Nobody answers it yet, so I ask it again and add what I have done until >> now. > > I haven't answered, because I'd need to look it up, and I haven't > found time. > > Last I recollect, transparent proxying support isn't in mod_proxy. > However, there's a simple patch somewhere in bugzilla. As I > recollect it, I didn't add the patch myself because I had no > time to test or document it. > > It may have been added since then, but if so I've either missed > or forgotten it. > > You're now showing evidence of demand for the feature, which > could possibly raise the motivation to get a round tuit. > > -- > Nick Kew > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Transparent Proxy Server Installation
Hi all. The basic configuration is as follows (1) (2) (3)(4) Users switch (eth2 -- eth0) -- WWW Users located in (1) will access WWW via http Apache server in (3). For non-transparent proxy, every user across the proxy has to set up proxy configuration by putting proxy IP address. Again, I just want to make users access WWW without the setup. In other words, (3) proxy should be transparent. For example, if I only need a proxy for general usage(e.g.caching), I may be able to use Squid software, not Apache. However, my intention of the proxy is more than that. Currently I am using mod_proxy_http where I put some code for looking at each html data and modify it if necessary. Of course, I have added other functionality too. Is this enough information to answer to my question? Thanks in advance. On Wed, Jul 22, 2009 at 6:04 PM, André Warnier wrote: > Brian Kim wrote: >> >> The big picture for my http proxy is to install it to ISP level. >> >> It means users must not need to set up the proxy configuration >> >> In that sense, I thought a reverse proxy seems to be the transparent >> proxy. >> >> Is it right? > > Can you remind us exactly of what you want to do ? I am getting a bit lost > here... > Like, > - where are the users ? > - where is (are) the webserver(s) they are trying to reach ? > - where should Apache figure in all that ? > > I mean, if you really mean "transparent", then you mean a router (maybe with > NAT), and you do not need Apache for that. > > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Transparent Proxy Server Installation
Hi. Thanks. The initial idea is to make (3) work as a gateway too. Thus, (3) can pass all protocols except 80 to WWW. Then, users may get DNS address for WWW After then, when http requests occur, my proxy will hook all packets. Is my idea weird? Can a reverse apache help for my configuration? On Thu, Jul 23, 2009 at 5:27 AM, André Warnier wrote: > Brian Kim wrote: >> >> Hi all. >> >> The basic configuration is as follows >> >> (1) (2) (3) (4) >> Users switch (eth2 -- eth0) -- WWW >> >> >> Users located in (1) will access WWW via http Apache server in (3). >> >> For non-transparent proxy, every user across the proxy has to set up >> proxy configuration >> >> by putting proxy IP address. Again, I just want to make users access >> WWW without the setup. >> >> In other words, (3) proxy should be transparent. >> > > I think there might be a flaw in your thinking above. > Most probably, the real setup is not *only* what you indicate above. > In reality, it is like this : > >> (1) (2) (3) (4) >> Users switch (eth2 -- eth0) -- WWW > | > (router) > | > WWW > > In other words, when the user enters "http://www.google.com"; in the URL bar > of his browser, what happens is : > > - the browser does a DNS lookup for "www.google.com", and obtains an IP > address. Say this is : 74.125.39.99 (just guessing). > > - then the browser sets up a TCP connection with the IP address > 74.125.39.99, port 80, and sends a HTTP request like : > GET / HTTP/1.1 > Host: www.google.com > > on that connection > > - most likely, this TCP connection goes through (router), not through > (eth2--eth0). That is because the users workstations probably have > "(router)" set up as their default gateway (at the TCP network setup level, > not at the browser level). > > If you do not "tell" these browsers that for HTTP connections, they have to > use "(eth2--eth0)" as a "proxy", then how are they going to know any > different ? > > > > > > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] How to Release Apache?
Hi all. Until now, I just downloaded source code, modified some of them(mostly, mod_http_proxy.c) and finished adding some functionality. In the meantime, I tested it by getting my web browser to have local host IP as its proxy server. Now it is time to release the apache to other testers who may use Windows mostly. In the end, through this, I can be sure the correctness of the system. For this, I may need to prepare the following two things. (1) Creates a kind of automatic install program which install my http pache server to their OS (2) Set up all possible web browsers to get local IP as its proxy server automatically I think (1) is the main functionality that I have to make. In fact, regarding (2), I can make a guideline sheet asking for setting up proxy. Does anybody have any suggestion for this? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] How to Release Apache?
Hi. Jorge Thank you for your advice. However, sorry but I do not think I understood completely what you said. You have said, "You can checkout the windows install source files from subversion and start working from there." When you say, "subversion", does it mean S/W for version controlling? Or does it mean a bunch of Win32 version apache source codes? How can I deal with install files with it? Ultimately what I want to do is to make an installer like msi, including original apache source files , modified source files and my own CGI file. Could Jorge or anybody else explain how to create an installer more explicitly for the beginner like me? Thanks On Mon, Aug 10, 2009 at 1:10 PM, Jorge Schrauwen wrote: > You can checkout the windows install source files from subversion and > start working from there. > > Other than that, I don't have any advice, but make sure to clearly > state this isn't released by the ASF but by a 3rd party > It's probably a good idea to read "Licensing of Distributions " > section of http://apache.org/licenses/ as wel. > > > ~Jorge > > > > On Mon, Aug 10, 2009 at 5:51 PM, Brian Kim<09su.resea...@gmail.com> wrote: >> Hi all. >> >> Until now, I just downloaded source code, modified some of >> them(mostly, mod_http_proxy.c) and finished adding >> >> some functionality. In the meantime, I tested it by getting my web >> browser to have local host IP as its proxy server. >> >> Now it is time to release the apache to other testers who may use >> Windows mostly. In the end, through this, >> >> I can be sure the correctness of the system. >> >> >> For this, I may need to prepare the following two things. >> >> (1) Creates a kind of automatic install program which install my http >> pache server to their OS >> >> (2) Set up all possible web browsers to get local IP as its proxy >> server automatically >> >> I think (1) is the main functionality that I have to make. In fact, >> regarding (2), I can make a guideline sheet asking for >> >> setting up proxy. >> >> Does anybody have any suggestion for this? >> >> - >> The official User-To-User support forum of the Apache HTTP Server Project. >> See http://httpd.apache.org/userslist.html> for more info. >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> " from the digest: users-digest-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> >> > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Is it okay to not use exportable ciphers?
For the sake of security, I'd like to configure my SSL/TLS server to not allow export level ciphers (using the SSLCipherSuite directive). Is this going to realistically limit the number of people who can use a secure connection to my site? Specifically, will visitors from other countries (outside the US) be able to support the stronger (non-exportable) ciphers? Thanks, -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Is it okay to not use exportable ciphers?
On Thu, Aug 20, 2009 at 3:24 PM, Sander Temme wrote: > > On Aug 20, 2009, at 3:16 PM, Brian Mearns wrote: > >> For the sake of security, I'd like to configure my SSL/TLS server to >> not allow export level ciphers (using the SSLCipherSuite directive). >> Is this going to realistically limit the number of people who can use >> a secure connection to my site? Specifically, will visitors from other >> countries (outside the US) be able to support the stronger >> (non-exportable) ciphers? > > > You can configure a logfile to record what ciphers your users are currently > using, and draw conclusions from that. > > S. [clip] Good idea, but I'm not currently getting many users. I'm thinking in the long term, I don't want to lock out potential visitors just because they're using weak crypto. -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] How to distinguish the first web page?
Hi. Currently I am using mod_proxy_http module for http apache. I would like to know how to get the very first page(text/html type) among a series of returned pages. For example, the following is a html of a site, www.foo.com. It has two iframe in itself. We get a html of www.foo.com, a html of www.foo1.com ,and then a html of www.foo2.com in this order. All of these pages have text/html type that I want to get. My proxy wants to modify the very first web page only which is a html of www.foo.com in the above example. Is there any way to distinguish the main page and the other webpages that is requested by the main page? Thanks. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] How to add a user-defined thread to apache module?
Hi. all. I am currently working on mod_proxy & mod_proxy_http. I would like to add my own thread to the apache. As I did in other general program, I tried to use POSIX threads programming(e.g.pthread_create), but it does not seem to work. The reason why I need that thread is to clean unusefuly memory and move data in memory to disk. Is there any general way of adding user-defined thread to apache source code? Thanks. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] How to distinguish the first web page?
Thanks. Krist van Besien. I have used referer part of HTTP header. The problem is as follows. Actually, I also need to keep track on where users go. In other words, if I only use the refer part of URL header, I cannot distinguish it from the case an user click one of the hyperlinks. For this, I have used time check which may be weak. I am looking for a better way than these referer & time check. Is there a concept of level in apache? For me, the main page is top level, but other iframe links of the main page is the lower level than that. Or Isn't there a concept of ID for each page? I mean the main page and other iframe links from the main page seems to belong to the same page,that is the main page. If they share the globally-unique id representing packets for the page, it would be helpful. These two are imaginary way that I expect from apache. Is there something like that in apache? Or Any other suggestion? On Wed, Aug 26, 2009 at 4:08 AM, Krist van Besien wrote: > On Tue, Aug 25, 2009 at 11:54 PM, Brian Kim<09su.resea...@gmail.com> wrote: >> Hi. >> >> Currently I am using mod_proxy_http module for http apache. >> I would like to know how to get the very first page(text/html type) >> among a series of returned pages. >> >> For example, the following is a html of a site, www.foo.com. It has >> two iframe in itself. >> >> >> >> >> >> >> >> >> We get a html of www.foo.com, a html of www.foo1.com ,and then a html >> of www.foo2.com in this order. >> All of these pages have text/html type that I want to get. >> My proxy wants to modify the very first web page only which is a html >> of www.foo.com in the above example. >> Is there any way to distinguish the main page and the other webpages >> that is requested by the main page? > > You can look at the "referrer" field. This contains the URL of the > page the currently requested URL was found on. > > Krist > > > -- > krist.vanbes...@gmail.com > kr...@vanbesien.org > Bremgarten b. Bern, Switzerland > -- > A: It reverses the normal flow of conversation. > Q: What's wrong with top-posting? > A: Top-posting. > Q: What's the biggest scourge on plain text email discussions? > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Question about conditional logging
Hi, I have a proxy/mod_rewrite server set up between an application and our users. All of the logging is done on the the application side which is required because of some custom information that's included is the logs that the proxy doesn't have access to. The proxy does have some basic features on it that allows it to block a request before it even gets to the application, returning a 403 to the user agent. In these cases, I would like to be able to log these, but since the site has high traffic, I don't want to turn on combined logging since it would generate 10G+ daily of unnecessary logs that are already captured elsewhere. All i'm really interested in is maybe a few hundred requests out of that entire file. From the best I can tell, the conditional logging can only be based on the request data, not the outcome of the rewrite rules. I hope I'm missing something here, and there are some suggestions on how to deal with this. Ideally, I'd like to be able to do this with a vanilla apache/mod_rewrite/mod_proxy setup. I have some thoughts on how to handle this if I can't solve this my 'ideal' way. One idea is to create a 403 page in the application that handles the logging i'm looking for, and have the proxy do an internal redirect to the application instead of stopping it during the rewrite phase with a "RewriteRule .* - [forbidden]" Thanks in advance, Brian Hirt - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Question about conditional logging
Thank you, I was only looking at the core apache logging, not the mod_rewrite logging. I'll check this out. Kind Regards, Brian On Aug 31, 2009, at 11:12 AM, Eric Covener wrote: On Mon, Aug 31, 2009 at 12:54 PM, Brian Hirt wrote: Hi, From the best I can tell, the conditional logging can only be based on the request data, not the outcome of the rewrite rules. Didn't follow, but can you setup conditional logging and use the "E" RewriteRule flag as in [E=dontlog:1] -- Eric Covener cove...@gmail.com - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Multiple authentication sources (OUs) - AuthnProviderAlias
We are trying to allow Apache to authenticate users to a certain site based on being in one of 3 OU designations in AD. 3. A specific client OU (Client ABC in our example) 1. Service Accounts 2. Internal Support We have set up 3 "AuthnProviderAlias" directives. Notably, all the alias definitions use the same AuthLDAPBindDN, AuthLDAPBindPassword and only slight changes to the " AuthLDAPURL" specifying the OU for each grouping. AuthLDAPBindDN "" AuthLDAPBindPassword "test" AuthLDAPURL "ldap://util.joesgarage.com:3268/OU=Client ABC,OU=External,OU=ALL_Users,DC=joesgarage,DC=com?sAMAccountName?sub?(objectClass=user)" AuthLDAPBindDN "" AuthLDAPBindPassword "test" AuthLDAPURL ldap://util.joesgarage.com:3268/OU=SERVICE ACCOUNTS,OU=Internal,OU=ALL_Users,DC=joesgarage,DC=com?sAMAccountName?sub?(objectClass=user)" AuthLDAPBindDN "" AuthLDAPBindPassword "test" AuthLDAPURL "ldap://util.joesgarage.com:3268/OU=INTERNAL SUPPORT,OU=Internal,OU=ALL_Users,DC=joesgarage,DC=com?sAMAccountName?sub?(objectClass=user)" Our "Directory" directive is set to try each of these aliases (different OUs in the same directory) in order until a match is found: ... AuthBasicProvider CLIENT_ABC SERVICE_ACCOUNTS INTERNAL_SUPPORT AuthType Basic AuthName "Client ABC Login" AuthzLDAPAuthoritative off Require valid-user This doesn't seem to work. I know your thinking - "why not just use groups"? Ans: Simply because we don't want to have to maintain groups for our many clients. We would like to rely on the client user's presence in the OU (and allow our service accounts and support personnel at the same time to all sites) Is this a bug or is there a better way to accomplish this? Regards, Brian
[us...@httpd] Limit output filter by response code
I'm using external filters to minify javascript and CSS files as they head out of the server. The minifier takes a good 500ms to run, causing serious drag. So I put Squid in front of the server and configured it as a caching proxy. The problem is, the filters are running even on "304 Not Modified" responses, meaning there isn't actually any content to minify. So I want to be able to configure whether or not the filter is used based on the response code. Is this possible? Alternatively, if I can access the response code in the ext filter (as an env var or command line parameter, for instance), then I can make the decision there. Any help would be really great. Thanks, -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] pdf report generation - content type text/html
On Tue, Nov 3, 2009 at 2:26 PM, Marcin 'Rambo' Roguski
wrote:
> On Tue, 3 Nov 2009 14:20:27 -0500
> b k wrote:
>
>> Hi all,
>> PDF reports are not being generated on any browser. [...]Any help would be
>> greatly
>> appreciated
>
> Send Content-Type: application/pdf or application/octet-stream from your PDF
> generator
> text/html is just plain wrong.
>
> --
> Maslow's Maxim:
> If the only tool you have is a hammer, you treat everything like
> a nail.
>
Well what's generating the PDF's? If they're coming from a file, you
need to configure Apache to correctly detect the mime type (as with
mod_mime: http://httpd.apache.org/docs/2.2/mod/mod_mime.html). Or if
they're all accessed through a particular root URL (like
/reports/pdf/), you can use the tag and ForceType:
http://httpd.apache.org/docs/2.2/mod/core.html#forcetype.
If it's being generated by a server side script, you can try the above
method, or better, just get your script to generate the
correct Content-Type header. If you're using PHP, the default mime
type if you don't say otherwise is usually text/html, as you found,
but you can use the header() function to send the CT header like:
header("Content-Type: application/pdf").
-Brian
--
Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from: http://keys.gnupg.net
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] pdf report generation - content type text/html
On Tue, Nov 3, 2009 at 3:06 PM, b k wrote:
> Thanks!! Actually, it's a java based app on the WebSphere app server that
> sends the response to Apache web server which in turn sends the response to
> the browser. I tested the reports directly on the App server which are
> working fine. I suspect something is wrong in the apache config. I also
> checked mime.types file which includes pdf entry.
>
> On Tue, Nov 3, 2009 at 2:32 PM, Brian Mearns wrote:
>>
>> On Tue, Nov 3, 2009 at 2:26 PM, Marcin 'Rambo' Roguski
>> wrote:
>> > On Tue, 3 Nov 2009 14:20:27 -0500
>> > b k wrote:
>> >
>> >> Hi all,
>> >> PDF reports are not being generated on any browser. [...]Any help would
>> >> be greatly
>> >> appreciated
>> >
>> > Send Content-Type: application/pdf or application/octet-stream from your
>> > PDF generator
>> > text/html is just plain wrong.
>> >
>> > --
>> > Maslow's Maxim:
>> > If the only tool you have is a hammer, you treat everything like
>> > a nail.
>> >
>>
>> Well what's generating the PDF's? If they're coming from a file, you
>> need to configure Apache to correctly detect the mime type (as with
>> mod_mime: http://httpd.apache.org/docs/2.2/mod/mod_mime.html). Or if
>> they're all accessed through a particular root URL (like
>> /reports/pdf/), you can use the tag and ForceType:
>> http://httpd.apache.org/docs/2.2/mod/core.html#forcetype.
>>
>> If it's being generated by a server side script, you can try the above
>> method, or better, just get your script to generate the
>> correct Content-Type header. If you're using PHP, the default mime
>> type if you don't say otherwise is usually text/html, as you found,
>> but you can use the header() function to send the CT header like:
>> header("Content-Type: application/pdf").
>>
>> -Brian
>>
>> --
>> Feel free to contact me using PGP Encryption:
>> Key Id: 0x3AA70848
>> Available from: http://keys.gnupg.net
It sounds like you're saying you get the correct content-type header
if you communicate directly with the app server, and that Apache is
blowing it away? That's quite odd, but you might still try the
tag or similar to match the URL's the reports are accessed
by, and then use ForceType. I'm not sure if Apache will replace an
existing Content-Type header in this case, but it's worth a try.
-Brian
--
Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from: http://keys.gnupg.net
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Conditional behavior by status code
Is there any way to get Apache to behave differently based on the status code, specifically apply different OutputFilters? This is similar in concept, I believe, to AddOutputFilterByType, which relies on the generated Content-Type header to determine what filter to apply. But I want to apply different filters based on the status code. If there is any way to set an environment variable based on the status code, that would work as well. Thanks, -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] apache configuration: always go to parent directory
On Tue, Nov 10, 2009 at 4:43 AM, J. Bakshi wrote:
> Hello,
>
> I have configured a personal work-space for mine in apache where I can
> experiment with different sites and here is the configuration
>
>
> Alias /personal/joydeep /var/personal_work_area/joydeep
>
> DocumentRoot /var/personal_work_area/joydeep/
>
>
>
> DirectoryIndex index.php
>
> Options Indexes FollowSymLinks MultiViews
> AllowOverride All
> Order allow,deny
> allow from all
>
>
> ``
>
> I have placed a folder ( a site) there. So the absolute path of that
> folder is /var/personal_work_area/joydeep/experiment. Whenever I access
> the folder through browser by visiting
> http://192.168.1.1/personal/joydeep/experimet I get "page not found
> error". the log reports
>
> ``
> URL /personal/joydeep/experiment/index.php, referer:
> http://192.168.1.1/personal/joydeep/
> ```
> It is definitely wrong as it refer the parent folder and not the
> subfolder "experiment" hence the index.php is missing. Is there any
> problem with my configuration ?
>
[clip]
I don't really understand the problem. The error log shows that the
index page for the child ("experiment") directory is being requested.
I'm not sure why the referer is showing up the way it is, but that
shouldn't be relevant. The URL of interest in the log is
/personal/joydeep/experiment/index.php, so it would appear that this
file, /var/personal_work_area/joydeep/experiment/index.php, doesn't
exist.
On a probably unrelated note, is there a reason you have an alias set
up for your document root? Aliases are usually used to make
directories that are not under the DocumentRoot available through the
web server, or sometimes to give alternate URLs to content that is
under the DocumentRoot (though RewriteRules are more common for that,
I think).
-Brian
--
Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from: http://keys.gnupg.net
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd]
On Tue, Nov 10, 2009 at 8:28 AM, Eric Covener wrote: > On Tue, Nov 10, 2009 at 8:19 AM, Stephen Love wrote: >> I have set up a routine in my server that logs all incoming IP addresses and >> parses for duplicates in the same list. HOWEVER...a person posting almost >> NEVER has the same address. I believe I am not using the actual IP Address >> at all. What I WANT is the actual SERIAL NUMBER (If you could call it that!) >> of the HARDWARE (Network Adapter) actually sending the message, or its REPLY >> TO address... the address it is COMMUNICATING FROM in order to actually send >> the message. I am SURE if it is to establish a 2-way link to send and >> confirm the message, the receiving end HAS that info, buried deep within >> what it receives. HOW can I get that, so that the route steps inbetween do >> not matter? > > You don't have access to their MAC address or any other universal > identifier, no matter how much you use the shift key. > > -- > Eric Covener > cove...@gmail.com > [clip] As Eric says, what you're looking for is a MAC address which is a universally unique identifier that every network device has (though I think even here, "universally unique" might have some qualifying conditions). MAC addresses are used in very low level protocols (link layer protocols, I believe) to send packets to specific devices. MAC addresses are for point-to-point communications, not end-to-end. You could set up a packet sniffer, like Wireshark, and capture the source MAC addresses of incoming packets, but that would probably just give you the MAC address of your router or modem. As you've discovered, IP addresses are not valid ways to identify end users. Most residential internet access is done through a dynamic IP address, meaning their ISP can change their IP address whenever it wants. Further, a lot of people access the web through proxy servers, so that a large number of end users are seen as the same IP address, and others access through proxy pools or networks like Tor so that the same person may have a different IP address for every request they make. It sounds like what you're looking for is a way to track your visitors. Google Analytics is a pretty good free service for doing exactly that, or you can set up your own similar system. The way these things work is by using cookies to track individual browsers. But of course, a lot of people don't use cookies. Further, if you're worried about active menace, cookies are terribly insecure unless you're using secure connections (and even then through various types of attack), so a malicious user could snoop other people's cookies and submit it with their own request, making it look like the request came from the other user. If you want to do more strict tracking, something along the lines of "sorry, you already voted, and you can only vote once.", you'll need to get much more sophisticated. Some sort of user-authentication (i.e., "log in") is a must for this, and you'll need to be very careful about people snooping cookies and log-in date (like, only use secure HTTPS connections). -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Caching files on reverse proxy
On Tue, Nov 10, 2009 at 1:36 PM, vara prasad wrote: > Hi All, > I have set up a reverse proxy www.example.com for an internal tomcat server > http://internal:8080 > Few files are hosted on http://internal:8080. > My requirement is when user downloads a file from http://internal:8080 using > the proxy, the proxy should cache the file with its original extension. A > .pdf file downloaded from http://internal:8080 should be available in the > reverse proxy's cache as a .pdf file. Can any one help to get to it? > Thanks in advance. > > What kind of reverse proxy did you set up? Using Apache and mod_proxy, or some other software, like Squid? If you're using mod_proxy with Apache, I don't think caching is done automatically, you'll want to look at mod_cache: http://httpd.apache.org/docs/2.0/mod/mod_cache.html For other software, dedicated caching proxies (again, like Squid) usually keep their cache is a more complex way then you seem to be expecting. For instance, the cache may be stored partially in RAM and partially on disk, or in a database. At any rate, cahce entries are not generally stored in any kind of user-friendly way where you can just browse to the cache directory and look for *.pdf files. They're typically stored based on some sort of hashing mechanism so they can be quickly recovered. -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd]
On Tue, Nov 10, 2009 at 6:37 PM, Eric Covener wrote: > On Tue, Nov 10, 2009 at 6:20 PM, Stephen Love wrote: >> So what you are telling me is that there IS no REAL 2-way handshaking going >> on. Then we've lost ALL hope of security. >> > > What's "REAL" in this context? It's not authenticated and doesn't > result in some session establishment unless you configure your > application to require/manage such a thing? > > -- > Eric Covener > cove...@gmail.com [clip] Yes, why don't you tell us exactly what you want to do, what's your end goal? Visitor stats? Geographic locating? Authentication of a real-world identity? There's a lot of very bright and very knowledgeable people on this list, so if there's any way at all to do what you want, then there is a very good chance that somebody here will be able to tell you. It just might not be done the way you think it should be. As many of us have said, TCP is an end to end protocol. And in fact, it is stateful, so you can send messages back and forth between the two end points for as long as the connection is open. There is a handshake that goes on between the two end points to setup this connection, but this is not any sort of real authentication process that confirms the identity of either end. What TCP gets you is pretty good confidence that you are talking to the same person you were when you started the conversation, but even that confidence is really only upheld in the absence of active attacks like IP spoofing, and it provides absolutely no confidence that there aren't other people listening to the conversation, and potentially even participating in the conversation. If you're looking for security: like making sure no one else is listening to the conversation, no one else is modifying the conversation data, and or making sure that the person on the other end is who they claim to be...then you're going to need a much more sophisticated protocol than TCP, IP, or HTTP. SSL/TLS provides all these things, with the latest TLS version believed to be quite secure with current technologies and techniques. HTTPS layers HTTP over a secure SSL or TLS connection, and is available in Apache with mod_ssl. Your comment that "we've lost ALL hope of security" is quite accurate with regards to HTTP, TCP, and IP alone. These protocols were really not designed with any attention to security as security wasn't really an acknowledged concern at the time they were created. Thus we have add on protocols like SSL and TLS. Anyway, back to my point: tell us what you're actually trying to do and there's a good chance someone can help you, as long as you're willing to let go of any preconceived notions on how to get the job done (that's always the biggest stumbling block to learning something new). Cheers, -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd]
On Tue, Nov 10, 2009 at 10:29 PM, Stephen Love wrote: > Ok, now we're getting somewhere... just ENOUGH to eliminate the path > inbetween... I'd just like to ask APACHE for a unique signature of the > machine sending the message to compare it against others. Nothing more, > nothing less. > > > See us online at http://www.LOVEnCompany.com. > Well, see my most recent message, but just to summarize, apache can't uniquely identify the end machine on it's own, all it has is what that machine send to it, which is IP packet, which contains the TCP packet, which contains the HTTP packet, none of which include (on their own) a unique identifier for the end machine. The best you can do with just these protocols is generate a unique id, send it to the client, and ask them to send it back. You can do this using cookies, or by encoding the id in the URL. But either way, you're relying on the end user to cooperate (i.e., send back the same identifier). If you're looking for something that they can't reasonably fake or alter without your knowing, you'll need a crypto protocol like TLS (again, see my last message). -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] apache configuration: always go to parent directory
On Tue, Nov 10, 2009 at 10:00 PM, J. Bakshi wrote:
> Brian Mearns wrote:
>> On Tue, Nov 10, 2009 at 4:43 AM, J. Bakshi wrote:
>>
>>> Hello,
>>>
>>> I have configured a personal work-space for mine in apache where I can
>>> experiment with different sites and here is the configuration
>>>
>>>
>>> Alias /personal/joydeep /var/personal_work_area/joydeep
>>>
>>> DocumentRoot /var/personal_work_area/joydeep/
>>>
>>>
>>>
>>> DirectoryIndex index.php
>>>
>>> Options Indexes FollowSymLinks MultiViews
>>> AllowOverride All
>>> Order allow,deny
>>> allow from all
>>>
>>>
>>> ``
>>>
>>> I have placed a folder ( a site) there. So the absolute path of that
>>> folder is /var/personal_work_area/joydeep/experiment. Whenever I access
>>> the folder through browser by visiting
>>> http://192.168.1.1/personal/joydeep/experimet I get "page not found
>>> error". the log reports
>>>
>>> ``
>>> URL /personal/joydeep/experiment/index.php, referer:
>>> http://192.168.1.1/personal/joydeep/
>>> ```
>>> It is definitely wrong as it refer the parent folder and not the
>>> subfolder "experiment" hence the index.php is missing. Is there any
>>> problem with my configuration ?
>>>
>>>
>> [clip]
>>
>> I don't really understand the problem. The error log shows that the
>> index page for the child ("experiment") directory is being requested.
>> I'm not sure why the referer is showing up the way it is, but that
>> shouldn't be relevant. The URL of interest in the log is
>> /personal/joydeep/experiment/index.php, so it would appear that this
>> file, /var/personal_work_area/joydeep/experiment/index.php, doesn't
>> exist.
>>
>>
>
> the file exist here.
>
>
> debian:~# ls -l /var/personal_work_area/joydeep/experiment/index.php
>
> lrwxrwxrwx 1 wwwrun www 19 2009-10-28 22:22
> /var/personal_work_area/joydeep/experiment/index.php
>
> `
>
>
>> On a probably unrelated note, is there a reason you have an alias set
>> up for your document root? "
>
> As I have configured it is actually a personal workspace for
> experimental work. Actually it is protected by the " Require user"
> directive that only user can login there.
>
>
>> Aliases are usually used to make
>> directories that are not under the DocumentRoot available through the
>> web server, or sometimes to give alternate URLs to content that is
>> under the DocumentRoot (though RewriteRules are more common for that,
>> I think).
>>
>> -Brian
>>
>>
[clip]
Ok, so the file exists, but is still giving a 404? Your original post
mentions that it always goes to the parent directory, but that's not
what's happening. Why it's not giving you the file that is there I
can't say for sure, but I don't think it has anything to do with
parent directories.
This Alias thing is troubling me, and may be causing your problem. You
have an alias that points to the same directory as your document root:
I don't see why specifically this would cause problems, but it doesn't
sit well with me. Try removing it, see if that happens to do anything.
On the other hand, I noticed a typo in your original post; I assumed
it was just a typo in your email, but maybe you're actually trying to
visit the wrong address? http://192.168.1.1/personal/joydeep/experimet
should have an 'n' in "experimet".
-Brian
--
Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from: http://keys.gnupg.net
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd]
cookies. cookies. COOKIES. For god sake just listen to somebody. The only way to achieve what you want is to send data to the client and get them to send it back. That's a cookie. What you're looking for is exactly what Google Analytics does, which I mentioned early yesterday. Hit vs. Unique visitors, they even have a graph to show you this exact statistic. Regarding this little gem: "Then it becomes impossible to know if a page REALLY exists or if my emails are going where intended, or coming from where stated... so am I to assume that traffic addressing in general has FAILED?". No, like I said you cannot be sure of where traffic is coming from or who is getting it with IP, TCP, or HTTP. That's exactly right. In general, we can take it for granted that messages most likely go where intended and most likely come from where they claim to, but this is definitely open to attack and require stronger protocols if you absolutely need to be sure of it. When you search Google, you can feel pretty confident that the results really come from Google because nobody has much to gain by sneaking in their own results. When you connect to your bank's website, it's a much different story and you shouldn't take anything for granted: you need additional protection outside of these three protocols. TLS and SSL use cryptographic techniques to authenticate end points in the communication and to encrypt and sign the data being transmitted so that you can verify it was not tampered with along the way. If you want more information on how to use cookies for what you're doing, I'd be happy to help, and we can probably take the discussion off-list. If you're not willing to use cookies, you can encode it in the URL, and I can help you with that as well. But either way, you are relying on the user to send the information back in tact. If you can't trust your end users to do that and it's important that you know for sure, you will need TLS or SSL. I can hep you get started with these, but there are others on this list with much more knowledge on the subject than myself. -Brian On Wed, Nov 11, 2009 at 4:28 PM, Stephen Love wrote: > > Hmmm... somewhat new to the inner details... all I know is what I research > on my own... have not had a book-learning course on this... but TLS... what > is that? AND... I simply want a list of source identifiers of incoming > requests so that I can check each new one for duplicate incoming source... > just a HITS vs UNIQUE VISITORS. I want NOTHING MORE. I can do add'l tracking > based on time, date, etc, on my own. Just site usage statistics. > > See us online at http://www.LOVEnCompany.com. > > -- Original Message -- > From: Brian Mearns > To: users@httpd.apache.org > Subject: Re: [us...@httpd] > Date: Tue, 10 Nov 2009 22:34:24 -0500 > > On Tue, Nov 10, 2009 at 6:37 PM, Eric Covener wrote: >> On Tue, Nov 10, 2009 at 6:20 PM, Stephen Love >> wrote: >>> So what you are telling me is that there IS no REAL 2-way handshaking >>> going >>> on. Then we've lost ALL hope of security. >>> >> >> What's "REAL" in this context? It's not authenticated and doesn't >> result in some session establishment unless you configure your >> application to require/manage such a thing? >> >> -- >> Eric Covener >> cove...@gmail.com > [clip] > > Yes, why don't you tell us exactly what you want to do, what's your > end goal? Visitor stats? Geographic locating? Authentication of a > real-world identity? There's a lot of very bright and very > knowledgeable people on this list, so if there's any way at all to do > what you want, then there is a very good chance that somebody here > will be able to tell you. It just might not be done the way you think > it should be. > > As many of us have said, TCP is an end to end protocol. And in fact, > it is stateful, so you can send messages back and forth between the > two end points for as long as the connection is open. There is a > handshake that goes on between the two end points to setup this > connection, but this is not any sort of real authentication process > that confirms the identity of either end. What TCP gets you is pretty > good confidence that you are talking to the same person you were when > you started the conversation, but even that confidence is really only > upheld in the absence of active attacks like IP spoofing, and it > provides absolutely no confidence that there aren't other people > listening to the conversation, and potentially even participating in > the conversation. > > If you're looking for security: like making sure no one else is > listening to the conversation, no one else is modifying
Re: [us...@httpd] SPDY protocol
On Fri, Nov 13, 2009 at 9:51 AM, Mike Cardwell wrote: > Does Apache intend to add support for Googles recently announced SPDY > protocol? > > http://sites.google.com/a/chromium.org/dev/spdy/spdy-whitepaper > > -- > Mike Cardwell - IT Consultant and LAMP developer > Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/ > Technical Blog: https://secure.grepular.com/blog/ [clip] Speaking as someone not at all involved in development of any Apache products, I'd say it seems awfully premature to really be thinking too hard about that. It looks like an interesting protocol, but it's still just a research project, right? Even once the protocol is "finalized" at Google, we'll have to see how it faces up to the IETF: without a recommendation on their part, I'd be very surprised if it goes anywhere at all. That said, if it does start going anywhere promising, it probably would be a good thing to support in Apache. One day, HTTP may go the way of the Gopher. Hey, maybe Google could provide some funding and/or other partnership benefits to the Apache Foundation in order to speed up adoption of their pet protocol. -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] SPDY protocol
On Fri, Nov 13, 2009 at 11:15 AM, David Henderson wrote: > I would vote to make it a module over a patch due to Brian Mearns making a > good point about it possibly not moving beyond the IEFT. At least a modular > design can just be dropped from the operation of the server without having > to remove code from the core of the project (and network admins having > upgrade etc). > > From what has been stated in the whitepaper, it shows very good positives > with very few drawbacks. I can't believe it would be voted against by the > IEFT with the increases that have been stated. Plus, using the application > layer, the incorporation of the protocol can be made painlessly (to the end > user) by the browser and web server companies/developers. > > Dave > > > Nick Kew wrote: >> >> Mike Cardwell wrote: >>> >>> Does Apache intend to add support for Googles recently announced SPDY >>> protocol? >>> >>> http://sites.google.com/a/chromium.org/dev/spdy/spdy-whitepaper >>> >> Patches welcome! Or in this case, maybe a module. >> [clip] Well as one blogger pointed out (http://arstechnica.com/web/news/2009/11/spdy-google-wants-to-speed-up-the-web-by-ditching-http.ars), the IETF is usually pretty reluctant to do a "wholesale" replacement of widely used protocols. I'm sure if it showed any promise at all, Firefox and (obviously) Chrome will implement support quickly, Opera and Safari probably will too. IE might be pretty reluctant until push really comes to shove. Therefore, HTTP and SPDY would need to co-exist side by side at least for a while in order to avoid mass disruption of the web. Could SPDY be snuck in as a backwards compatible extension to HTTP? In otherwords, could HTTP-only browsers still download resources the same way, while still allowing SPDY-enabled browsers to take advantage of the protocol? That would greatly simplify the transition, but I'm not sure that it's possible, at least based on the current SPDY design. Another thing pointed out in the same article is that SPDY requires the use of SSL. The author there mostly focused on the increased load this puts on processors, but I think this is relatively minor. The more important issue, to me, is that every site will need to have an SSL certificate to support SPDY. For name based virtual hosts, that's a problem (until SNI catches on). Additionally, casual site owners like myself are not typically going to want to invest in a CA signed certificate. All in all, if the entire web is SSL-only, there's going to be a huge chunk of it running with "invalid" or "untrusted" certificates, which is going to a) be a hassle, and b) cause people to disregard such warnings and just get accustomed to visiting sites with bad certificates, even if it's something important like a bank or on-line shopping site. Anyway, I think there are some kinks to work out but I'm very interested to see where it goes. -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Just curious on SPDY
On Tue, Nov 17, 2009 at 6:15 AM, Mike Cardwell wrote: > Kamaraj, Jayakumar wrote: > >> Just curious to know whether Google announcement on SPDY >> http://blog.chromium.org/2009/11/2x-faster-web.html needs change only in >> Apache web server side or even needs change in application point of view >> also. Sorry to spam you guys . > > Both the server and the client would need to be updated in order to take > advantage of it. If one or both don't support it, then the fallback would be > normal HTTP. > > -- > Mike Cardwell - IT Consultant and LAMP developer > Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/ > Technical Blog: https://secure.grepular.com/blog/ [clip] Yes, SPDY is a new protocol which will require both the server and client to support in order for it to work. However, from a user perspective, I believe the goal is for it to be transparent. In other words, if your browser and the web server it's talking to both support SPDY, they will figure that out and use it. If either of them don't support it, they'll just use plain old HTTP. Either way, you won't see the difference as a user other than the potential speed benefits. Just to be clear, SPDY is far from being a new web-standard. Right now, it's just a research project Google is undertaking: I think it's going to be quite a while (a year at minimum) before any one (other than Google, at least) thinks seriously about deploying it. But that's just my $0.02. -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Just curious on SPDY
On Tue, Nov 17, 2009 at 9:55 AM, Mike Cardwell wrote: > Brian Mearns wrote: > >>>> Just curious to know whether Google announcement on SPDY >>>> http://blog.chromium.org/2009/11/2x-faster-web.html needs change only in >>>> Apache web server side or even needs change in application point of view >>>> also. Sorry to spam you guys . >>> >>> Both the server and the client would need to be updated in order to take >>> advantage of it. If one or both don't support it, then the fallback would >>> be >>> normal HTTP. >>> >>> -- >>> Mike Cardwell - IT Consultant and LAMP developer >>> Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/ >>> Technical Blog: https://secure.grepular.com/blog/ >> >> [clip] >> >> Yes, SPDY is a new protocol which will require both the server and >> client to support in order for it to work. However, from a user >> perspective, I believe the goal is for it to be transparent. In other >> words, if your browser and the web server it's talking to both support >> SPDY, they will figure that out and use it. If either of them don't >> support it, they'll just use plain old HTTP. Either way, you won't see >> the difference as a user other than the potential speed benefits. >> >> Just to be clear, SPDY is far from being a new web-standard. Right >> now, it's just a research project Google is undertaking: I think it's >> going to be quite a while (a year at minimum) before any one (other >> than Google, at least) thinks seriously about deploying it. But that's >> just my $0.02. > > I agree with the above. I started this thread to make people aware of it's > existance and to provoke discussion on the matter. However, if someone were > to take up the reigns and begin developing an Apache module for it using the > open source code and specs Google has published, I think the project has a > more serious chance of succeeding. I also think that an Apache with SPDY > support available before the spec is finalised would be in a stronger > position to influence how the protocol evolves during it's development. I understand your point, but I personally think it's too early in the life of the spec to pull it from the sandbox. Putting it to actual use in the wild before it's had a chance to mature at all will just cause compatibility issues if and when the spec changes (which is likely when it's such a young and relatively isolated thing, meaning it hasn't had anybody from IETF or W3C or much of anybody else whack on it at all). > > I also wonder if a transition like this to a new protocol could/should be > taken advantage of to get rid of the one SSL cert per IP:port limitation we > currently suffer from? Although the transition to ipv6 will get rid of this > problem (lack of ip addresses) anyway without having to do any further work. I really don't see how they're related. I think removing this limitation is crucial if we're going to try to move towards a web that requires SSL (as SPDY is currently slated for, I believe), but it doesn't have anything to do with HTTP or SPDY, it's a limitation of SSL itself. The SNI extension to SSL resolves the issue by essentially allowing the equivalent of an HTTP Host: header to be included in the SSL handshake. This is already supported in most modern web browsers, and in Apache 2.2.12, I believe. Cheers, -Brian > > -- > Mike Cardwell - IT Consultant and LAMP developer > Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/ > Technical Blog: https://secure.grepular.com/blog/ [snip] -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] how to install gcc required for apache 2.2 on RHEL 4
On Thu, Nov 19, 2009 at 5:34 AM, Philip Wigg wrote: >> I am installing Apache web server 2.2.14 on RHEL 4. When I am running >> configure command in the apache, it is throwing error “No c++ compiler >> found”. > > This isn't an Apache question but anyway, you probably just need to > type 'up2date gcc'. Unless there's a reason why you want to install > Apache from source, you can probably also type 'up2date httpd' to > install Apache instead of building your own. Make sure you patch your > system up to date after you've done that. > > Cheers, > Phil. > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > I used Fedora, which is closely related to red-hat. I'm not sure was up2date is, but if that doesn't work, you should be able to use yum, like `yum install gcc`, as the super user. As Phil said, you can also install apache directly with `yum install httpd` (notice the package isn't called apache). -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Name virtual hosts and HTTPS
On Sat, Nov 21, 2009 at 11:54 AM, Florent Georges wrote: > Hi, > > I have one server one which I run two virtual hosts, say site1 > and site2. They run very well for HTTP stuff for months. Site1 > has also HTTPS access configured. I am trying to add HTTPS > support for site2 as well. So I created a new SSL certificate, > and added a new file in sites-available/: > > > cat /etc/apache2/sites-available/site1-https > NameVirtualHost *:443 > > Servername www.site1.com > SSLEngine on > SSLCertificateFile site.crt > SSLCertificateKeyFile site1.key > DocumentRoot /var/site1/htsdocs/ > > > > cat /etc/apache2/sites-available/site2-https > NameVirtualHost *:443 > > Servername www.site2.com > SSLEngine on > SSLCertificateFile site2.crt > SSLCertificateKeyFile site2.key > DocumentRoot /var/site2/htsdocs/ > > > and enabled the second HTTPS web site with a2ensite. > > The problem is when I try to access site1 over HTTPS, it > provides me the certificate for site2... > > I double-checked the documentation with my very low Apache > skills, but did not found anything about that problem. Did I > miss something? > > Regards, > > -- > Florent Georges > [snip] Only the latest Apache (2.2.14) and OpenSSL built with the tlsextensions options support this. It's case SNI (Server Name Identification), where the client can send the fully qualified domain name as part of the handshake process. Without this, the server has no way knowing which vhost the client is looking for until the certificate has already been presented (because the Host: HTTP request header is part of the encrypted payload, which can't be sent until the client has the cert), so it can't choose SSL options (including the cert file) based on host name. Also, not every client support SNI, unfortunately. I think most modern browsers do, but notably MSIE before 7 or any version running on an OS earlier than Vista do not (if I'm remembering correctly). Those clients will always see the same cert no matter what name based vhost they go to. It's a bummer, but a well known limitation of SSL. -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Name virtual hosts and HTTPS
On Sun, Nov 22, 2009 at 1:22 PM, Florent Georges wrote: > Peter Schober wrote: > > Thanks all for your responses! > >> Or put all vhosts in the certificate (as X.509v3 SubjectAltName >> extensions) and serve up the same cert on every vhost. > > Yes, that's what I started to think after have seen the other responses. > >> How you put these in the CSR is not part of this list and >> depends on your CA (some require to put all hostnames in the CN, >> i.e. multi-valued CNs, others require to stick these in the >> v3 extension.) > > Well, I must admit I am not familiar with this vocabulary: CSR, CA, CN? > > Thanks again, > > -- > Florent Georges [snip] CSR - Certificate Signing Request, the thing you send to a certificate authority to request a certificate from them. CA - The certificate authority who signs your certificate. CN - Common Name, the thing that identifies the entity to whom the cert belongs. For web sites, this is the exact domain name of your website, other wise the client will complain. Thanks to all for the follow up to my response, I had no idea there were so many ways to do this. I just spent a few hours a couple of day ago upgrading to 2.2.14 so I could do exactly this. -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Lightweight apache for fast proxying
I'm thinking of setting up apache as a fairly rich reverse proxy for a variety of different servers, and would like some suggestions on a) whether or not this is a good idea and if there are better alternatives, and b) how should I build and configure it to maximize performance. There's the executive summary, here are the details. I already have Apache httpd set up as a web server with several SSL and NonSSL name based vhosts. I also have Squid set up as a caching reverse proxy. Finally, I have a second apache web server instance set up as a test server: basically I work out my configuration options in this server (which listens on different ports), and then when it's working properly I push the configuration into my other (release) server. So here's what I want to do. Set up a third instance of Apache exclusively as a front end for my other servers. Generally, it will just service the same named vhosts as on my original server by reverse proxying to squid (which is already set up to reverse proxy to the origin server). I will also set it up with two different sets of vhosts to a) access my test server (for instance at test.mysite.com), and b) bypass the squid proxy and go straight to the origin server (e.g., at nosquid.mysite.com). Final detail is just that all of my vhosts (including test and no-cache varieties) will have SSL enabled. I've got SNI working fine with my current apache server, so I don't think this will be much of an issue. I'm pretty comfortable with Apache config, so I don't foresee any insurmountable difficulties in setting this up. But if anyone can offer any tips on the best way to do it (for instance, to make sure the apache reverse proxying happens as fast as possible, or just how to keep the front end server lightweight), or suggest better alternatives to using apache for this, I'd really appreciate it. Thanks, -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] how to get multiple SSL with name based vhost ?
On Tue, Dec 1, 2009 at 3:48 PM, Sheryl wrote: > >> Krist explained it very nicely... But maybe you still didn't get it: >> Without SNI, there is NO WAY TO DO THIS. It is a fundamental limitation of >> the HTTPS protocol with no production-grade work-around. SNI (server-name >> indication) was specifically added to address this limitation. There is >> simply NO ALTERNATIVE. > > To back up a moment, though -- another way to do this is to define > multiple IPs on the network card and run multiple instances of apache, > each with different config files. [snip] That's only if he has multiple IP addresses available on the network, right? If we assume this is a public sever, that means he needs multiple public IP addresses from his ISP that route to this server. That's certainly a possibility, in general, but I want to make sure I'm not missing something awesome. -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] href="frag.php&field=value" gets error 404.
Hi, I am using an html file to run a php script thus... Frag Frag Input The first link works file but the second produces a 404 error; correctly so as the php file being invoked is /var/www/frag.php&input=xxx according to the error log. Could anyone point me to a web page that explains what I need to do here? Thank you for your attention. Brian Hooper _ Use Hotmail to send and receive mail from your different email accounts http://clk.atdmt.com/UKM/go/186394592/direct/01/
RE: [us...@httpd] Re: href="frag.php&field=value" gets error 404.
Thank you for your help, ladies and gentlemen. I'd only been staring all day at that stupid mistake. Rgds, Brian Hooper From: krem...@kreme.com To: users@httpd.apache.org Date: Sat, 5 Dec 2009 17:20:47 -0700 Subject: [us...@httpd] Re: href="frag.php&field=value" gets error 404. On Dec 5, 2009, at 10:18, Brian Hooper wrote: Frag Input & is used to separate values from each other. ? Is used to seperate the values from the URL. _ Have more than one Hotmail account? Link them together to easily access both http://clk.atdmt.com/UKM/go/186394591/direct/01/
[us...@httpd] Compiling Apache 2.2.14 on 64 bit AIX 6.1
After I build and install Apache in the /modules/ directory I have paired files like libmod_dbd.a and mod_dbd.la. The httpd.conf has all modules with a .so extension. Have I compiled incorrectly? Here is the compile environment: export CC="cc_r -q64" export CFLAGS="-qmaxmem=16384 -DSYSV -D_AIX61 -D_ALL_SOURCE -DFUNCPROTO=15 -O -I/opt/freeware/include" export CXX="xlC" export CXXFLAGS=$CFLAGS export LD=ld export LDFLAGS="-L/opt/freeware/lib" export OBJECT_MODE=64 Here is the configure statement: ./configure \ --with-mpm=prefork \ --with-ssl=/opt/freeware \ --enable-cern-meta \ --enable-dbd \ --enable-deflate \ --enable-expires \ --enable-info \ --enable-proxy \ --enable-rewrite \ --enable-speling \ --enable-ssl \ --enable-vhost-alias \ --enable-mods-shared="cern_meta dbd deflate expires info proxy rewrite speling ssl vhost_alias" - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [us...@httpd] Compiling Apache 2.2.14 on 64 bit AIX 6.1
> Google can find the thread titled "problem with build on AIX 6.1" from the development list. Thanks, this gave me the information to fix my problem: http://www.mail-archive.com/d...@httpd.apache.org/msg45729.html I replaced the four Apache httpd config.guess with the AutoMake config.guess that contains *:AIX:*:[456] I compiled exactly the same way as before and now I get modules with the so extension. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] On 64 bit AIX 6.1 Apache 2.2.14 Not Responding
Compiled using this environment: export CC="xlc -q64" export CFLAGS="-qmaxmem=16384 -DSYSV -D_AIX61 -D_ALL_SOURCE -DFUNCPROTO=15 -O -I/opt/freeware/include" export CXX="xlC" export CXXFLAGS=$CFLAGS export LD=ld export LDFLAGS="-L/opt/freeware/lib" export OBJECT_MODE=64 Compiled and installed fine without errors. Using default httpd.conf only changed ServerName. Start using "apachectl start" and it starts fine. ps -ef | grep httpd shows httpd process. error_log shows start up, however, when I try to connect from a browser the error_log records nothing and the browser reports, "The Page Cannot Be Displayed". - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [us...@httpd] On 64 bit AIX 6.1 Apache 2.2.14 Not Responding
> Did you ensure that the Listen directive is set? I left the default which is: Listen 80 - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] "Perfect" Transparent Proxy Setup?
Hi. All. I am thinking a proxy system like a magic box. Let's say that we have a gateway where an interface 0 is for internal network and an interface 1 is for outsite. In front of the gateway, I would like to install my proxy system with two interface cards(interface 3 and interface 4) and to make users to access other webs without any browser configuration to my proxy. Without any doubt, I should run revere proxy in apache and also think that I need more network setups. For example, my system has to pass the ARP packet to interface 0. Then, it needs IP-forwarding between interface 3 and interface 4. Are there something else that I need to consider? I think that IP-forwarding can be done by IP-table configuration. What about ARP forwarding? Can I solve this with Proxy ARP? I hope that any network expert make my naive idea more concrete. Thanks. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] SSL Reverse Proxy
I'm looking for some clarification on how to setup a reverse proxy that supports SSL/TLS. My understanding is as follows (please correct me if I'm wrong): 1. Client connects with SSL, mod_ssl handles this 2. mod_proxy handles generating a proxy-request to the configured origin server 3. SSLProxyEngine should be set to on so that SSL is used to communicate securely with the origin server. What if any of the original client's SSL information is then available to the origin server? For instance, can clients still present certificates to authenticate with the origin server, or will that need to be handled by the reverse proxy? If this authentication is handled by the proxy, can the information from the client certificate be made available to the origin server? Will the proxy try to use the same SSL parameters (protocol version, ciphersuite, etc) as the client did, or will this information otherwise be made available to the origin server? Ideally, I'd like the proxy to be transparent to both the origin server and the client. Additionally, my origin server and reverse proxy are actually on the same machine, so I'm not especially concerned about securing communications between them, except that I would like all of the SSL-relevant information to be available to the origin server. Is there a way to do this without using secure communications between the proxy and origin server? My primary reason for not wanting to use secure connections here is to improve speed and avoid the increased drain on my entropy pool. Are these realistic concerns, or would the effect be negligible? Any help would be greatly appreciated. Thanks, -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] SSL Reverse Proxy
On Thu, Jan 28, 2010 at 5:34 AM, Matus UHLAR - fantomas wrote: > On 26.01.10 15:28, Brian Mearns wrote: >> I'm looking for some clarification on how to setup a reverse proxy >> that supports SSL/TLS. My understanding is as follows (please correct >> me if I'm wrong): >> 1. Client connects with SSL, mod_ssl handles this >> 2. mod_proxy handles generating a proxy-request to the configured origin >> server >> 3. SSLProxyEngine should be set to on so that SSL is used to >> communicate securely with the origin server. > > why to have SSL proxy in this case? > >> What if any of the original client's SSL information is then available >> to the origin server? For instance, can clients still present >> certificates to authenticate with the origin server, or will that need >> to be handled by the reverse proxy? If this authentication is handled >> by the proxy, can the information from the client certificate be made >> available to the origin server? > > you can only pass such infromations in request variables and the destination > server will hav to trust the proxy. The proxy can not sign the data with > clients certificate - it would need the clients private key. > >> Will the proxy try to use the same SSL parameters (protocol version, >> ciphersuite, etc) as the client did, or will this information otherwise be >> made available to the origin server? > > no. it will do complete different ssl negotiation. > >> Ideally, I'd like the proxy to be transparent to both the >> origin server and the client. > > why do you want the proxy at all in this case? > > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > Micro$oft random number generator: 0, 0, 0, 4.33e+67, 0, 0, 0... [snip] Thank you both for the helpful responses. To answer some of your questions: I want a proxy because I have multiple servers running and I want them accessible through the same address. So I just put the proxy at that address and let it figure out which server to use based on the Host header and SNI. I want it to support SSL connections from the client because I want to support SSL connections from clients for all the various reason a person might want to do that, notably privacy. I don't care if it actually speaks SSL to the origin servers, but I didn't know if that would make it more transparent, e.g., if there was a way that the same parameters would be used or something. It sounds like I can't get at the client SSL information /and/ maintain transparency for the backend servers, which is what I kind of figured, I guess. I'm already using a module to set the REMOTE_ADDR based on the X-Forward-For header, so I might try something similar to forward relevant SSL information from the proxy to the origin servers in HTTP X-headers, and then see if I can figure out how to set the SSL_* env vars from those. At least then it's transparent to the applications on the backend servers, even if it's not quite transparent to the server itself. Thanks. -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] proxy chaining to squid
On Mon, Feb 1, 2010 at 5:33 AM, Emmanuel Bailleul wrote: > > >> -Message d'origine- >> De : David Cotter [mailto:davidcot...@gmail.com] >> Envoyé : lundi 1 février 2010 11:30 >> À : users@httpd.apache.org >> Objet : Re: [us...@httpd] proxy chaining to squid >> >> n Mon, Feb 1, 2010 at 9:08 AM, Martin Barry wrote: >> > $quoted_author = "David Cotter" ; >> >> >> >> I have two virtual hosts and a squid proxy running. I want to be able >> to use >> >> the squid proxy on port 80 though it is running on 3128. >> > >> > Why? If you describe a bit more exactly what you are trying to achieve >> it >> > would help us help you. >> > >> > >> >> This does not work I get an error when I set my browser to use >> >> 111.222.22.22:80 as proxy what I want is for apache to chain to squid. >> > >> > You almost certainly don't want to configure your browser to use Apache >> as a >> > generic proxy. >> > >> > >> >> GET /urlrequested.html HTTP/1.1 >> >> >> >> Host: localhost:3128 >> >> ... >> >> Invalid Request >> > >> > Well, it's an invalid request. Port numbers don't belong in host >> headers. >> > >> >> I have a server that runs a web site. I also want that server to host >> a squid http proxy for a different project - but squid has to be >> listening on port 80 and so does the web server. So What I am trying >> do do is send the request appropriately based on domain name. If is is >> xyz.com then send it to the web site otherwise chain it to squid. >> Thanks, >> David >> > > Hi, > > My previous replies have been rejected because tagged as spam ... hope this > time it gets through ... > > If you need your Apache reverse proxy as a frontend, you should have a look > at http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxyremote as a > forward proxy would be more effective than a reverse, the latter only > forwards requests to configured origin servers. > Last, but it seems ok in your config, this "forward proxy" setup should be > used in the default vhost (the first one listed). > > Regards > > Emmanuel > Do you want a forward proxy or reverse proxy? Based on your config, it looks like you have it set up for reverse proxy. But if you're configuring your browser to know about the proxy, then it's a forward proxy. Not sure if this is the specific problem you're seeing, but I think it will be eventually. Hope that helps, -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[EMAIL PROTECTED] export.c build errors - many "solutions" found, none worked.
This seems to be a common problem, but none of the solutions I found online and in mailing list archives helped. The problem is when running make, and I get many errors about redefinitions in exports.c like: exports.c:743: error: redefinition of ap_hack_apr_allocator_create exports.c:728: error: previous definition of ap_hack_apr_allocator_create was here exports.c:744: error: redefinition of ap_hack_apr_allocator_destroy exports.c:729: error: previous definition of ap_hack_apr_allocator_destroy was here exports.c:745: error: redefinition of ap_hack_apr_allocator_alloc exports.c:730: error: previous definition of ap_hack_apr_allocator_alloc was here and on and on. I've already got apache 2.2.6 installed and running, and now I'm trying 2.2.9. The old version was built from /usr/local/apache/versions/2.2.6/src, and installed to a sibling folder /usr/local/apache/versions/2.2.6/installed. Similar set up for the new version, except obviously in versions/2.2.9 instead of versions/2.2.6. There are *no symlinks* in this path, but I do have a /usr/local/apache/current soft linked to /usr/local/apache/versions/2.2.6 (the parent folder for the old version), if that's relevant. I invoke configure with: ./configure \ --prefix=/usr/local/apache/versions/2.2.9/installed/ \ --with-apr=/usr/local \ --with-apr-util=/usr/local \ --enable-ssl \ --with-ssl=/usr/local/openssl/versions/0.9.8g/installed/ \ --enable-dav --enable-dav-fs --enable-dav-lock None of the paths there have symlinks either. I'm also getting this message from configure: configure: WARNING: Unrecognized options: --with-apr, --with-apr-util, --enable-ssl, --with-ssl, --enable-dav, --enable-dav-fs, --enable-dav-lock I tried leaving out the --with-apr and --with-apr-util options and got the same errors and warnings. All of the proposed solutions I've found online are that the path contains symlinks, or that the build is trying to go over an existing installation, but neither or those apply in this case. If anyone can help me, I'd really appreciate it. Thanks, -Brian - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] export.c build errors - many "solutions" found, none worked.
Nope, thanks anyway but that's not it either. It's a local drive. -Brian > Don't configure on an NFS-mounted filesystem. > > If you have only an NFS-mounted home directory at your > disposal, there's always /tmp. If you need debugging > in your executable to see the source, you may need to > move it after configuring, or play with links. > > -- > Nick Kew - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Why do I need /var/www as DocumentRoot & www-data as www owner?
Correct me if I'm wrong, but based on the way your message sounds, you don't appear to have any knowledge of the httpd.conf file? It's the main configuration file for your server, and it includes a DocumentRoot directive that allows you to specify the document root. The default may be /var/www, but you should be able to set it to anything you want. The same is true for the user and group that apache uses: these can be configured with the User and Group directives. I personally have no idea about the security implications of choosing one document root or user/group over another, but (as I said), it doesn't sound like you realize they can be changed, so I just wanted to make sure you knew that. Secondly---and not to be critical, but hopefully constructive---basing your work on the absolute paths is a common but dangerous mistake. Of course it's a lot easier but, as you're beginning to see now, it /always/ comes back to bite you in the long run. Not that it does you any good now, but it's something you'll probably remember in the future. Best of luck -Brian - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Re: exports.c: duplicate sections RESOLVED (sort of)
I resolved the issue by simply removing all traces of my old apr and apr-util, and just using the packaged versions. So help is no longer needed, but for those having the same issue, I can't offer any additional assistance. -Brian > Follow up: I found the problem, but still don't know how to fix it: > `apu-1-config --includedir` lists /usr/local//include/apr-1 as the include > dir, which the configure script is using. So my question is how to change > this? > > Thanks, > -Brian > > > I'm getting the familiar "redefinition of ap_hack_apr_version" and > several hundred similar errors rooted in exports.c. Neither the path I'm > building from, nor the path I'm installing to have any links in them, but > I've found that exports.c contains duplicate sections that define all > these different const void pointers: one section prefixed with a comment > saying "/usr/local//include/apr-1/apr_xml.h", and the other duplicate > section has a comment saying "/usr/local/include/apr-1/apr_xml.h" (notice > the extra back-slash in the first one). So I'm assuming that the awk > script that generates this file for some reason has this path in there > twice, but once with the extra slash. But I'm not familiar with awk yet: > can anyone tell me where these extra sections are coming from, and how I > can stop them? > > Thanks so much. > -Brian > > > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Cannot connect to apache from outside machines
Not sure what the default xampp setup is, but look for the Listen directive to verify which ports apache is actually listening on, and make sure those are forwarded. Also, I'm not sure how much you know about networks (so pardon me if you consider this suggestion offensive): are you connecting to your router's public IP address, or your system's local address? If you got the ip address from something like ipconfig, then it's the local address. If it's something like 192.168.x.x, it's a local address. To get the public address, you can go to a site like whatismyipaddress.com. Best of luck -Brian On Mon, Sep 29, 2008 at 10:05 PM, Nilesh Govindrajan <[EMAIL PROTECTED]> wrote: > check the logs > > On Tue, Sep 30, 2008 at 4:48 AM, <[EMAIL PROTECTED]> wrote: >> >> Ok done all the research I can, time for some collaboration. >> >> New Server apache 2.5 >> >> apache running default configuration xampp/htdocs/index.html >> >> http://localhost and http://ipaddress works great. >> >> outside machines cannot connect to http://ipaddress >> >> main gateway and routers have been forwarded from port 80 and port 443 as >> apache suggests, to the machines ip address. no machines outside the network >> can connect. Firewalls are temporarily off. >> >> is there anything in the httpd file or apache that needs to be changed in >> order to display a webpage via the web? >> >> Jay > > > -- > Nilesh Govindrajan ([EMAIL PROTECTED]) > > iTech7 Site and Server Administrator > > www.itech7.com > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Cannot connect to apache from outside machines
Okay, I'm not sure who's question I'm answering any more, but I'll try to explain: /Standard/ usage of port 80 is for standard (unencrypted) http, where as 443 is typically used for secure http (https://...). If you tell you web browser to go to an address without explicitly specifying a port, it will assume 80 for http and 443 for https. That said, your apache server can listen on any available port. Additionally, apache only manages a port with secure http if you've set it up to do so (or the default is set up to do so, which could be with xampp, though I'd be a little surprised). So if you don't have https set up in apache, and you connect to port 443, it's just regular http. Regardless of whether it is for secure http or not, you need to have any port that you want apache listening to explicitly given in a Listen directive, like the 'Listen 80' shown below. As far as I know, you need a separate Listen directive for each port. Furthermore, if you have multiple network interfaces on your system (i.e., multiple IP addresses), you can explicitly tell it which interface/ip-address to listen on for each Listen directive, like 'Listen: 192.168.0.1:80'. Without an IP address, it will listen to the specified port on all available interfaces. So whatever ports you want to be able to access your site via need to be setup with a Listen directive, AND need to be forwarded to the server-machine through any routers and firewalls between you and your intended audience (i.e., the Internet). The canonical unsecured (non-https) setup would be 'Listen 80' to listen to port 80 on all available network interfaces, and to forward incoming port 80 to port 80 (i.e., straight through) on the server machine from all routers/firewalls. For debugging, first see if you can connect to your site from the server machine with http://localhost, or if you used some port besides 80, do http://localhost: (there's a colon between localhost and the port, if you can't tell). If you're able to connect, then your apache is most likely set up. Next, if you want to be able to connect to your machine from elsewhere on the Internet, you'll need to use your LAN's public IP. Again, you can get this by going to whatismyipaddress.com from your server machine. If you're behind a router or firewall, then the address you get from ipconfig or ifconfig is not the public address and won't work outside your LAN. A final note, many ISPs block port 80 for residential clients. If you're able to connect locally, but not remotely, try /adding/ a new Listen directive, say 'Listen 8080' and forward the new port as well, then try connecting remotely with http://localhost:8080. If you're able to do that, then it probably means port 80 is blocked. There's really no work around for this: you'll have to either upgrade your ISP services, get a new ISP that doesn't block, or just plan to always have people specify the port number in the address. If you have to work on a non-standard port, 8080 is a common alternate HTTP port, so it's probably a safe bet. Using non-standard ports like 81 or 89 will increase the likelihood that other people won't be able to connect: many office and university networks limit the ports their users can connect to, figuring that they only have legitimate business connecting to a handful of standard ports like web and email. -Brian On Tue, Sep 30, 2008 at 11:24 AM, <[EMAIL PROTECTED]> wrote: > Should I change following below for my ip to be reached? The port forwarding > instructions on apaches website says to forward port 443(in router) to my ip > and all should be fine. Someone mentioned to edit this httpd statement > below. If that is true then would I have it listen on port 443 as apache > says or have it listen on my ip? > > # Change this to Listen on specific IP addresses as shown below to > # prevent Apache from glomming onto all bound IP addresses (0.0.0.0) > # > #Listen 12.34.56.78:80 > Listen 80 > > > > - Original Message - From: "Brian Mearns" <[EMAIL PROTECTED]> > To: > Sent: Tuesday, September 30, 2008 4:28 AM > Subject: Re: [EMAIL PROTECTED] Cannot connect to apache from outside machines > > >> Not sure what the default xampp setup is, but look for the Listen >> directive to verify which ports apache is actually listening on, and >> make sure those are forwarded. >> >> Also, I'm not sure how much you know about networks (so pardon me if >> you consider this suggestion offensive): are you connecting to your >> router's public IP address, or your system's local address? If you got >> the ip address from something like ipconfig, then it's the local >> address. If it's something like 192.168.x.x, it's a lo
Re: [EMAIL PROTECTED] Running Multiple Windows Services on port 8080
You /can/ run multiple sites from different IP addresses on the same or different ports, using virtual hosts, which are well documented in apache. It basically just allows you to use custom configurations depending on which IP address is accessed. So for instance, you could have a different DocumentRoot for each ip address, which will quite effectively give you different sites. Do you actually have different network interfaces for each ip address? Or do they all map to the same interface? If they're distinct interfaces, I don't see any reason you couldn't set up a different service for each one, but then again, I have no idea how to do it. If they're all just a single network interface, then I'm pretty certain it's not possible. This would pretty much defeat the purpose of a port, which is to map a specific network connection to a specific process. But it sounds like virtual hosts might be sufficient for what you need. You don't actually need different apache services to run different sites at the same time. Hope that helps. -Brian On Tue, Sep 30, 2008 at 3:36 PM, jwberger <[EMAIL PROTECTED]> wrote: > > I am novice when it comes to Apache. I have installed 2.2.9 on a Windows > 2003 server and can get it to run fine. The server has one NIC with three > IP addresses bound to it. In installed Apache as a Windows service and > edited the httpd.conf file so that the server listened on port 8080. I > would like each IP address to run a different site on port 8080 and I would > like each site to have its own Windows service so that I can individually > shut down a site. Is this possible? It seems like if I start just one > service I can hit each IP at port 8080 and they all work. Can you assist me > in what I am doing wrong. > -- > View this message in context: > http://www.nabble.com/Running-Multiple-Windows-Services-on-port-8080-tp19748920p19748920.html > Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com. > > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] > " from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Running Multiple Windows Services on port 8080
I see your issue. To the best of my knowledge, it just isn't possible. Like I said, a port maps a connection on an interface to a process: the OS has no way of knowing how to pick a process other than that. The only possible workaround I can think of would be a bit of a doozie: you could write your own sockets application to listen to port 8080, extract the destination IP address from the IP packet, and then forward it along to another process. It actually might not be that hard: you would set up each instance of apache to listen on a different port which only needs to be open locally, and then your multiplexing application could forward it to a specific port. On the other hand, you might be able to set up a "sandbox" apache server that listens on a different port, and do all your testing on that. Then when you're confident any maintenece changes you've made are correct, copy the changes to your real server, and do a quick restart. It only takes a few seconds for the apache server to restart: is that too long to keep all your sites down? -Brian On Tue, Sep 30, 2008 at 3:55 PM, jwberger <[EMAIL PROTECTED]> wrote: > > They are bound to one interface. I did see all the info on the Virtual host > and got it working. My issue is that since they are different sites, if I > do maintenance on one site and have to stop the service then all sites are > down and I cannot have that. This is why I was trying to setup different > services. Also I am limited to port 8080 because we will be using the BEA > Weblogic Plug-in to proxy back to our WL servers and we have established > only port 8080 is allowed to come through our firewall to talk to the WL > servers. > > John > > > Brian Mearns-2 wrote: >> >> You /can/ run multiple sites from different IP addresses on the same >> or different ports, using virtual hosts, which are well documented in >> apache. It basically just allows you to use custom configurations >> depending on which IP address is accessed. So for instance, you could >> have a different DocumentRoot for each ip address, which will quite >> effectively give you different sites. >> >> Do you actually have different network interfaces for each ip address? >> Or do they all map to the same interface? If they're distinct >> interfaces, I don't see any reason you couldn't set up a different >> service for each one, but then again, I have no idea how to do it. If >> they're all just a single network interface, then I'm pretty certain >> it's not possible. This would pretty much defeat the purpose of a >> port, which is to map a specific network connection to a specific >> process. >> >> But it sounds like virtual hosts might be sufficient for what you >> need. You don't actually need different apache services to run >> different sites at the same time. >> >> Hope that helps. >> -Brian >> >> On Tue, Sep 30, 2008 at 3:36 PM, jwberger <[EMAIL PROTECTED]> wrote: >>> >>> I am novice when it comes to Apache. I have installed 2.2.9 on a Windows >>> 2003 server and can get it to run fine. The server has one NIC with >>> three >>> IP addresses bound to it. In installed Apache as a Windows service and >>> edited the httpd.conf file so that the server listened on port 8080. I >>> would like each IP address to run a different site on port 8080 and I >>> would >>> like each site to have its own Windows service so that I can individually >>> shut down a site. Is this possible? It seems like if I start just one >>> service I can hit each IP at port 8080 and they all work. Can you assist >>> me >>> in what I am doing wrong. >>> -- >>> View this message in context: >>> http://www.nabble.com/Running-Multiple-Windows-Services-on-port-8080-tp19748920p19748920.html >>> Sent from the Apache HTTP Server - Users mailing list archive at >>> Nabble.com. >>> >>> >>> - >>> The official User-To-User support forum of the Apache HTTP Server >>> Project. >>> See http://httpd.apache.org/userslist.html> for more info. >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> " from the digest: [EMAIL PROTECTED] >>> For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> >> >> - >> The official User-To-User support forum of the Apache HTTP Server Project. >> See http://httpd.apache.org/userslist.html> for more info. >> To unsubscribe, e
Re: [EMAIL PROTECTED] Running Multiple Windows Services on port 8080
Well look at that. Thanks for correcting me, even if you did it rather unpleasantly. It's always nice to learn something new. That's why I try to preface my comments with soft phrases like "to the best of my knowledge". -Brian > > You seem to be getting quite a bit of incorrect advise, so I'll hint that > you would need *three* httpd.conf files (different names) that have three > different Listen directives (IP-address:8080), different log file names > (accesslog and errorlog), and different pidfile directives. > > Then, see > > http://httpd.apache.org/docs/2.2/platform/windows.html#winsvc > > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] > " from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Running Multiple Windows Services on port 8080
Some ISPs don't block port 80 for residential accounts, either. I'm on Comcast in the Boston area, and (for now) I've got port 80 free. They did just start blocking 25, though, so they might be coming for 80 next. -Brian On Tue, Sep 30, 2008 at 5:31 PM, Frank Gingras <[EMAIL PROTECTED]> wrote: > Jay, > > A business Internet account would not have that limitation - you might even > be able to call your ISP to lift this restriction, provided it does not > breach your contract agreement, and that you can prove that your server is > secure. > > Frank > > [EMAIL PROTECTED] wrote: >> >> John, >> >> We too are limited to port 8080. since our ISP blocks port 80. Have you >> ever found a work around for this? We currently have to have our domain >> [sub.domain.com] redirect to 72.x.x.x.:8080 in order for it to work. Now >> users see the ip address in the browser address bar. not good. not good at >> all. >> >> Apache 2.2.9 >> Linksys Gateway/Router WCG200 >> >> Jay >> >> - Original Message - From: "jwberger" <[EMAIL PROTECTED]> >> To: >> Sent: Tuesday, September 30, 2008 12:55 PM >> Subject: Re: [EMAIL PROTECTED] Running Multiple Windows Services on port 8080 >> >> >>> >>> They are bound to one interface. I did see all the info on the Virtual >>> host >>> and got it working. My issue is that since they are different sites, if >>> I >>> do maintenance on one site and have to stop the service then all sites >>> are >>> down and I cannot have that. This is why I was trying to setup different >>> services. Also I am limited to port 8080 because we will be using the >>> BEA >>> Weblogic Plug-in to proxy back to our WL servers and we have established >>> only port 8080 is allowed to come through our firewall to talk to the WL >>> servers. >>> >>> John >>> >>> >>> Brian Mearns-2 wrote: >>>> >>>> You /can/ run multiple sites from different IP addresses on the same >>>> or different ports, using virtual hosts, which are well documented in >>>> apache. It basically just allows you to use custom configurations >>>> depending on which IP address is accessed. So for instance, you could >>>> have a different DocumentRoot for each ip address, which will quite >>>> effectively give you different sites. >>>> >>>> Do you actually have different network interfaces for each ip address? >>>> Or do they all map to the same interface? If they're distinct >>>> interfaces, I don't see any reason you couldn't set up a different >>>> service for each one, but then again, I have no idea how to do it. If >>>> they're all just a single network interface, then I'm pretty certain >>>> it's not possible. This would pretty much defeat the purpose of a >>>> port, which is to map a specific network connection to a specific >>>> process. >>>> >>>> But it sounds like virtual hosts might be sufficient for what you >>>> need. You don't actually need different apache services to run >>>> different sites at the same time. >>>> >>>> Hope that helps. >>>> -Brian >>>> >>>> On Tue, Sep 30, 2008 at 3:36 PM, jwberger <[EMAIL PROTECTED]> >>>> wrote: >>>>> >>>>> I am novice when it comes to Apache. I have installed 2.2.9 on a >>>>> Windows >>>>> 2003 server and can get it to run fine. The server has one NIC with >>>>> three >>>>> IP addresses bound to it. In installed Apache as a Windows service and >>>>> edited the httpd.conf file so that the server listened on port 8080. I >>>>> would like each IP address to run a different site on port 8080 and I >>>>> would >>>>> like each site to have its own Windows service so that I can >>>>> individually >>>>> shut down a site. Is this possible? It seems like if I start just one >>>>> service I can hit each IP at port 8080 and they all work. Can you >>>>> assist >>>>> me >>>>> in what I am doing wrong. >>>>> -- >>>>> View this message in context: >>>>> >>>>> http://www.nabble.com/Running-Multiple-Windows-Services-on-port-8080-tp19748920p19748920.html >>>>> Sent from the Apache HTTP Server - Users
Re: [EMAIL PROTECTED] Running Multiple Windows Services on port 8080
How are you "redirecting" to the IP address? I used to use dyndns.com for my subdomain name, and I was able to append the port number with no problem. E.g., my subdomain was something like bmearns.homeip.net, so I just went to http://bmearns.homeip.net:8080. Do you not want users to see your IP address for security reasons? Or just because it's ugly and utterly forgettable? If it's for security reasons, and they're connecting directly to your site through the domain forwarding (i.e., not through a proxy), then they should be able to get your IP address anyway with a DNS lookup. -Brian >> [EMAIL PROTECTED] wrote: >>> >>> John, >>> >>> We too are limited to port 8080. since our ISP blocks port 80. Have you >>> ever found a work around for this? We currently have to have our domain >>> [sub.domain.com] redirect to 72.x.x.x.:8080 in order for it to work. Now >>> users see the ip address in the browser address bar. not good. not good at >>> all. >>> >>> Apache 2.2.9 >>> Linksys Gateway/Router WCG200 >>> >>> Jay - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Running Multiple Windows Services on port 8080
As far as I know, dyndns gives you an actual DNS lookup, so when someone types your subdomain into their browser, it does a DNS lookup, and gets the IP address you gave to dyndns. That's why port numbers work, it's not that dyndns is listening on every port and forwarding based on the requested subdomain. That being the case, I don't think there's any way to do what you want here: DNS maps names to ip addresses, it doesn't know anything about ports. I'm not sure how webhop works: you can't tell it to redirect my.domain.com to my.domain.com:8080? Are you only able to give an IP address and port for the destination? If you have legitimate business needs for this site, your best bet is probably to just get a business account with your ISP that will unblock port 80. You'd probably get a static IP with the account, too, so you wouldn't need dyndns, you can just buy a 5$ a year domain name of your own. Plus, additional bandwidth. -Brian On Tue, Sep 30, 2008 at 8:05 PM, <[EMAIL PROTECTED]> wrote: > We are using dydns too. We can append the port number, sure. that sucks for > users though. (thats why we use webhop)maybe we should petition dyndns to > allow the domains they hand out to be linked to an IPADDRESS:PORT instead of > just an IP. That would elminate any workarounds like webhop and suffice to > say solve the port 80 issue with ISP's. > > - Original Message - From: "Brian Mearns" <[EMAIL PROTECTED]> > To: > Sent: Tuesday, September 30, 2008 2:44 PM > Subject: Re: [EMAIL PROTECTED] Running Multiple Windows Services on port 8080 > > >> How are you "redirecting" to the IP address? I used to use dyndns.com >> for my subdomain name, and I was able to append the port number with >> no problem. E.g., my subdomain was something like bmearns.homeip.net, >> so I just went to http://bmearns.homeip.net:8080. >> >> Do you not want users to see your IP address for security reasons? Or >> just because it's ugly and utterly forgettable? If it's for security >> reasons, and they're connecting directly to your site through the >> domain forwarding (i.e., not through a proxy), then they should be >> able to get your IP address anyway with a DNS lookup. >> >> -Brian >> >>>> [EMAIL PROTECTED] wrote: >>>>> >>>>> John, >>>>> >>>>> We too are limited to port 8080. since our ISP blocks port 80. Have you >>>>> ever found a work around for this? We currently have to have our domain >>>>> [sub.domain.com] redirect to 72.x.x.x.:8080 in order for it to work. >>>>> Now >>>>> users see the ip address in the browser address bar. not good. not good >>>>> at >>>>> all. >>>>> >>>>> Apache 2.2.9 >>>>> Linksys Gateway/Router WCG200 >>>>> >>>>> Jay >> >> - >> The official User-To-User support forum of the Apache HTTP Server Project. >> See http://httpd.apache.org/userslist.html> for more info. >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> " from the digest: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> > > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] > " from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Running Multiple Windows Services on port 8080
That's pretty wild that they don't even let businesses host their own sites. I'd complain to them long before I complain to dyndns. They must have some account that lets you use port 80, right? -Brian On Wed, Oct 1, 2008 at 7:20 AM, <[EMAIL PROTECTED]> wrote: > Brian, > tried my.domain.com to my.domain.com:8080. doesnt work only allows IP:PORT. > btw Cox internet out here even with a business account blocks port 80. > > - Original Message - From: "Brian Mearns" <[EMAIL PROTECTED]> > To: > Sent: Wednesday, October 01, 2008 3:40 AM > Subject: Re: [EMAIL PROTECTED] Running Multiple Windows Services on port 8080 > > >> As far as I know, dyndns gives you an actual DNS lookup, so when >> someone types your subdomain into their browser, it does a DNS lookup, >> and gets the IP address you gave to dyndns. That's why port numbers >> work, it's not that dyndns is listening on every port and forwarding >> based on the requested subdomain. That being the case, I don't think >> there's any way to do what you want here: DNS maps names to ip >> addresses, it doesn't know anything about ports. >> >> I'm not sure how webhop works: you can't tell it to redirect >> my.domain.com to my.domain.com:8080? Are you only able to give an IP >> address and port for the destination? >> >> If you have legitimate business needs for this site, your best bet is >> probably to just get a business account with your ISP that will >> unblock port 80. You'd probably get a static IP with the account, too, >> so you wouldn't need dyndns, you can just buy a 5$ a year domain name >> of your own. Plus, additional bandwidth. >> >> -Brian >> >> On Tue, Sep 30, 2008 at 8:05 PM, <[EMAIL PROTECTED]> wrote: >>> >>> We are using dydns too. We can append the port number, sure. that sucks >>> for >>> users though. (thats why we use webhop)maybe we should petition dyndns to >>> allow the domains they hand out to be linked to an IPADDRESS:PORT instead >>> of >>> just an IP. That would elminate any workarounds like webhop and suffice >>> to >>> say solve the port 80 issue with ISP's. >>> >>> - Original Message - From: "Brian Mearns" <[EMAIL PROTECTED]> >>> To: >>> Sent: Tuesday, September 30, 2008 2:44 PM >>> Subject: Re: [EMAIL PROTECTED] Running Multiple Windows Services on port >>> 8080 >>> >>> >>>> How are you "redirecting" to the IP address? I used to use dyndns.com >>>> for my subdomain name, and I was able to append the port number with >>>> no problem. E.g., my subdomain was something like bmearns.homeip.net, >>>> so I just went to http://bmearns.homeip.net:8080. >>>> >>>> Do you not want users to see your IP address for security reasons? Or >>>> just because it's ugly and utterly forgettable? If it's for security >>>> reasons, and they're connecting directly to your site through the >>>> domain forwarding (i.e., not through a proxy), then they should be >>>> able to get your IP address anyway with a DNS lookup. >>>> >>>> -Brian >>>> >>>>>> [EMAIL PROTECTED] wrote: >>>>>>> >>>>>>> John, >>>>>>> >>>>>>> We too are limited to port 8080. since our ISP blocks port 80. Have >>>>>>> you >>>>>>> ever found a work around for this? We currently have to have our >>>>>>> domain >>>>>>> [sub.domain.com] redirect to 72.x.x.x.:8080 in order for it to work. >>>>>>> Now >>>>>>> users see the ip address in the browser address bar. not good. not >>>>>>> good >>>>>>> at >>>>>>> all. >>>>>>> >>>>>>> Apache 2.2.9 >>>>>>> Linksys Gateway/Router WCG200 >>>>>>> >>>>>>> Jay >>>> >>>> - >>>> The official User-To-User support forum of the Apache HTTP Server >>>> Project. >>>> See http://httpd.apache.org/userslist.html> for more info. >>>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>>> " from the digest: [EMAIL PROTECTED] >>>> For additional commands, e-mail: [EMAIL PROTECTED] &g
Re: [EMAIL PROTECTED] Apache server - Output to the same page whatever request
The QSA option is what you need to pass the GET arguments along to the rewritten url. For instance, if you want EVERY url to get served by a.php, including GET arguments, you can do: RewriteRule ^.*$ /a.php [QSA] I'm pretty sure that's the write matching pattern to match anything, but whether it is or not, the QSA option should do what you want. Hope that helps. -Brian - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Thanks ALOT!!!
> Where can I learn the basic concept of these Rewrite methods? I mean > before learning the sytax.. I would like to know whats the server is doing > while output the page page :] The online doc is always a great place to start. For basics on how apache decides where the file comes from, see http://httpd.apache.org/docs/2.2/urlmapping.html. For rewriting specifically, try http://httpd.apache.org/docs/2.2/rewrite/. For even more general info on how the server works, read through the reference manual, available from the main doc page at http://httpd.apache.org/docs/2.2/ -Brian - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Managed! thanks
Pleas try to avoid changing the subject line when following up on a message. It gets very confusing to keep track of the threads. Thanks! -Brian On Tue, Oct 14, 2008 at 4:14 PM, MierMier <[EMAIL PROTECTED]> wrote: > > > > MierMier wrote: >> >> >> >> MierMier wrote: >>> >>> Hey people, I need your help, thanks in advance! >>> >>> I have an appche server 2.x. + PHP, And I woundered rather it is possible >>> to output the same page (i.e. "a.php") for a request of whatever page. >>> >>> I will give an examples: >>> >>> if the client try to reach "/hello/index.php" (which do not really exist >>> in the server) >>> >>> Can apache just tell the client -> I return you that page >>> (/hello/index.php) but infact, this page's content is "a.php"'s content. >>> wiout 404 Errors and stuff? >>> >>> Thanks again >>> >>> Lior. >>> >> >> Well thanks alot, but somhing went wrong, and after reading, still can't >> understand why. >> >> I have an Apache server server on my PC, based on WinXP, >> >> and when I use these in .htaccess >> >> Options +FollowSymLinks >> >> RewriteEngine On >> RewriteRule ^.*$ /a.php [QSA] >> >> it works well. >> How ever at my Linux apache server server it doesn't, it always show me >> 404 error, and the rewrite mod is enabled. >> >> Any ideas? >> >> >> > > -- > View this message in context: > http://www.nabble.com/Apache-server---Output-to-the-same-page-whatever-request-tp19904387p19981320.html > Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com. > > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] > " from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Redirect/ReWrite config for multiple domains to different pages
If customer1's_domain.com and customer2's_comain.com are DNS entries to your server, then your solution can be found in VirtualHosts. This setup allows you to use different configurations depending on the hostname the client the provides when they connect. In this case, you can just set up the appropriate rewrite rule for each VirtualHost. If customer1's_domain.com, etc, are actually your customer's domains, then I don't see that you could possibly do it with Apache (or any other webserver, for that matter). If they're accessing their own address, the request will never get to your server. Hope that helps, -Brian On Wed, Oct 15, 2008 at 6:24 AM, Paul Robson <[EMAIL PROTECTED]> wrote: > Having read the Apache and mod_ReWrite docs I can't see how to setup the > below secienario and Google searches are fruitless as I'm not quite sure > exactly what to search for. > I have a web application which allows many customers to access it > without knowing about each other by suppling their id in the URL. I > would like some assistance in how to configure Apache to allow > connection from many different domains, redirecting their request to a > specific url depending upon their source domain e.g. > http://my_web_server.com/index.cfm - this is the default document > http://customer1's_domain.com/index.cfm should redirect to > http://customer1's_domain.com/index.cfm?owner=1 which is an alias or > mask for http://my_web_server.com/index.cfm?owner=1 > http://customer2's_domain.com/index.cfm -> > http://customer2's_domain/index.cfm?owner=52 -> > http://my_web_server.com/index.cfm?owner=52 > Each customer's browser should still show pages as returning from their > own domain rather than my own. > The application can be viewed at http://courses.gotfrom.me.uk a typical > customer url may be http://courses.nebpn.org > Any assistance or points towards the documents I should be reading would > be grateful. > > Cheers > > Paul > > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] > " from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Determine file system directory in DirectoryIndex script
Using the DirectoryIndex directive, I understand you can specify a non-relative file path, for instance /var/www/index_for_all.php. My question is this: is there a way to find out the system path for the directory being indexed from within that file? I know I can get the requested URL and various related informatio from env vars, but that's before it goes through all sorts of RewriteRules and Alias directives. I want Apache to tell me what system path it finally resolved the URL to. Anyone know of a way to get this information? A global directory indexer isn't very helpful if it doesn't know the directory to index. Thanks, -Brian - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Rewriting URLs to remove .html extension
It looks like %{REQUEST_FILENAME} is the /full/ system path to the
file, so I think the %{DOCUMENT_ROOT} is incorrect there. I'm not
familiar with RewriteCond's, but personally I would try removing the
DOCUMENT_ROOT from that condition.
Good luck.
-Brian
On Wed, Oct 15, 2008 at 12:29 PM, François Beausoleil
<[EMAIL PROTECTED]> wrote:
> ...
> RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME}.html -f
> RewriteRule ^(.*)$ $1.html [QSA,L]
> ...
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Please reply ...Requesting Counting = Round Robin ???
Sorry, I don't know the answer to your question, but as a bit of friendly advice, subject lines line "Please Answer", "Need Help", and other variations are often anti-effective. The fact that you're contacting the list means that you want help, so specifying it in the subject is redundant and tends to annoy a lot of people. Hope someone can help you with your proxy problem. Good luck. -Brian On Thu, Oct 16, 2008 at 6:43 PM, ricardo13 <[EMAIL PROTECTED]> wrote: > > hi, > > I wanted know if algorithm scheduler "Request Counting" of the mod_proxy is > equal "Round Robin" ??? > > I need know it > > Thank you > > Ricardo > -- > View this message in context: > http://www.nabble.com/Please-reply-...Requesting-Counting-%3D-Round-Robin-tp20017488p20017488.html > Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com. > > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] > " from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] how to uninstall httpd-2.2.10
I think it will probably depend on your set up, actually. For instance, if you set your prefix to /usr/local or something like that, then you obviously don't want to just delete that whole thing, but apache will have installed things through out various folders under there. Not sure if there's some automated tool to do the uninstall, but one thing you can do is re-build install with a different prefix, say /tmp/apache-install, and when that's done, you'll be able to see exactly what it installed where (relative to prefix, that is). That sounds like an aweful lot of work, though. Good luck, -Brian On Wed, Oct 22, 2008 at 9:02 PM, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > [EMAIL PROTECTED] wrote: >> Hello All, >> >> I've compile and installed apache-2.2.10 from source and would like to >> remove it from my system. I notice that I cannot use 'make uninstall' >> anymore. >> Could someone tell me how to go about uninstalling it? >> >> Thanks in advance. >> >> - >> The official User-To-User support forum of the Apache HTTP Server Project. >> See http://httpd.apache.org/userslist.html> for more info. >> To unsubscribe, e-mail: [EMAIL PROTECTED] >>" from the digest: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > Ok. I should have read the other posts as reference. It's removing the > installed apache directory that was specified in ./configure > -prefix=target_directory ... > > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] > " from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Running programs...
Can you run the program from the server itself? I.e., don't use a web browser or GUI, just go the command line and try to run the program. It sounds like it is running, but failing (or at least failing to do what you expect). Off hand, I'd guess this is a problem with the program, not apache or your configuration. Perhaps the program is trying to access some files or libraries that no longer exist since the upgrade? -Brian - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] How to connect from a remote machine
Each network connection on your Server machine has an IP address associated with it, which you can connect to. If the machine is connected to a LAN, then you can connect to the server FROM WITHIN THE LAN by using the IP address of the network adapter that connects it to the LAN. If you want to connect to it from the "outside world", you'll need to use your public IP address. If your server connects directly to the Internet, then it's just the same IP address. If you go through a router or firewall, then you need to find out what the IP address (the public one, not the local one) of the router or firewall. Regardless of how you connect, you can find out your public IP by going to whatismyip.com. Note that if you have a Dynamic IP address (which you probably do), then your ISP can (and will) change your ip address with out any notice. If this is the case and you want to access your system from anywhere, you'll need to use something like dyndns (dyndns.com) to map a [sub]domain name (like alberts_server.homeip.net, or something) to your IP address, and automatically update this mapping when your IP changes. Hope that helps. -Brian On Sat, Nov 22, 2008 at 5:23 PM, steve <[EMAIL PROTECTED]> wrote: > Albert Joseph wrote: >> Hi all >> >> I have a very basic question since I am very new to the Web server world. >> >> I have recently installed Apache HTTP server. I am running a stand-alone >> (not part of any network) machine on Windows 2000 Professional. When I was >> installing the server, I was asked for the domain and server names and I >> didn't know what to answer, so I put "localhost", which turned out to be a >> good guess. So, I am using http://localhost/ to connect to the Apache HTTP >> server. Now, I need to connect to the server from a remote machine. What >> http address should I use ? >> >> Thank you > > > > To access apache installation inside your LAN, just type the IP of the > computer that has apache running from another computer into the address > bar of your browser. find your internal IP by typing ipconfig at a > command line of the computer running apache. > > > > > > > -- > Steve Reilly > > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] > " from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: https://keyserver.pgp.com - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] How to connect from a remote machine
Just so there's no confusion, I believe what André is saying is that if its not part of a network, then you can't connect to it, however the Internet is a network, so if you're connected to that, you're fine. -Brian On Sun, Nov 23, 2008 at 8:35 AM, André Warnier <[EMAIL PROTECTED]> wrote: > Albert Joseph wrote: > [...] > I am running a stand-alone (not part of any network) machine on Windows > 2000 Professional. > [...] > Now, I need to connect to the server from a remote machine. What http > address should I use ? > > Well, assuming the two first sentences above are true, you are really > going to have a problem. > ;-) > > > > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] > " from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] How to connect from a remote machine
You said you don't have a router, correct? So there's no port forwarding you can do. However, there's a very good chance that your ISP is blocking port 80. To start with, have your friend open a command prompt and try to ping your machine: simply type the command ping, followed by a space and your IP address and hit enter. If it works (it gets replys back), then that's a good start, however it tells you nothing about port 80. If it doesn't work, it could just mean your system is set up to not accept ICMP echo requests, or it could mean that there's something more fundamentally wrong with your connection to the Internet (like it's not there). If that works, you can try to get around port 80: Edit your httpd.conf file, find the Listen directive, and if there's a :80 anywhere in it, change it to something like :81. If there's not a :80 in it, then append a :81 to whatever it currently says. Now have your friend try to connect to your web site again, but this time, have them add :81 to the end of your IP address. If they are able to connect now, then it probably means your ISP is blocking port 80, which is not uncommon. There's really no way that I know of to get around this, other than using a different port (like 81, described here), or begging your case to your ISP, which is not likely to help. Note that a lot of networks, like schools and offices, only allow connections on standard ports, which means if your friend is trying to connect from one of these places, he may not be able to get through on port 81. Your best chance is to try from a residential connection. Another common port to use is 8080, which is somewhat more likely than 81 to be blocked, but will improve the chances that your visitors will be able to connect on it. Hope that helps, let us know how it goes. -Brian On Mon, Nov 24, 2008 at 1:06 AM, Albert Joseph <[EMAIL PROTECTED]> wrote: > > Steve Reilly, > > Thank you. I am reading http://portforward.com/routers.htm which has much > information that I hope will lead to a solution. This might take sometime > from me though, since I found that I have to obtain a static IP first. > > Thanks again. > > _ > Proud to be a PC? Show the world. Download the "I'm a PC" Messenger themepack > now. > hthttp://clk.atdmt.com/MRT/go/119642558/direct/01/ > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] > " from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: https://keyserver.pgp.com - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Repost: is this the right list ??? Need "configure" directive to static link libssl.a on AIX 5.3
Sorry, I can't help you, but yes, this is the write lis, so hopefully someone else can. -Brian On Mon, Nov 24, 2008 at 10:47 AM, Bennett, Tony <[EMAIL PROTECTED]> wrote: > Version:Apache httpd version 2.2.10 > Platform: AIX 5.3 > Compiler: IBM "C" for AIX version 8.0 > SSL Version:OpenSSL 0.9.8f > > > Try as I might, I can't figure out what directive to give "configure" to > enable > statically linking libssl.a and libcrypto.a into httpd. > > In case it makes a difference, the OpenSSL was obtained from IBM, > via the "AIX Toolbox Cryptographic Content" link off of their Linux Toolbox > download page. > > Lastly, here is a link to the answer I got from the comp.unix.aix list > telling me > that static linking is possible: > http://groups.google.com/group/comp.unix.aix/browse_thread/thread/230606fe96ad4798?hl=en# > > Any help would be appreciated. > > -tony > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] > " from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: https://keyserver.pgp.com - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] How to connect from a remote machine
FYI, I've taken this thread off the list with Albert, since it's no longer related to Apache. If it comes back to server configuration, It will rejoin the mailing list. -Brian On Mon, Nov 24, 2008 at 12:37 PM, Evan Platt <[EMAIL PROTECTED]> wrote: > That doesn't mean anything. Most sensible firewalls nowdays block pings. > > Albert Joseph wrote: >> >> Brian Mearns, >> >> I think there is something wrong in the IP address I am using. I asked my >> friend to ping the IP address I got from www.whatismyip.com, he couldn't get >> replys. Then I asked him to use www.whatismyip.com to get his IP and I used >> it to ping his machine, and I couldn't get any replys either. He is using >> Windows XP and I am using Windows 2000. We both work from residential >> connections. >> > > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] > " from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: https://keyserver.pgp.com - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] recovering a .conf file
On Wed, Nov 26, 2008 at 8:21 AM, André Warnier <[EMAIL PROTECTED]> wrote: > John Clement wrote: >> >> I accidentally removed a .conf file from the conf.d directory. >> >> I had hopes that I could get the config back using httpd -S, but it >> seemingly only shows sites defined in the files that are still there and >> not a great deal of detail at that. >> >> Apache is still running, is there any way of dumping out the config from >> the running apache? >> I *thought* there was a trick of causing the httpd to dump core, then run strings on the corefile to aid in reconstruction. Hopefully, you are running on a UNIX type OS... -- brian - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] recovering a .conf file
On Wed, Nov 26, 2008 at 12:50 PM, André Warnier <[EMAIL PROTECTED]> wrote: > It prints absolutely the full configuration, even directives I did not even > know I had (probably the defaults assumed by Apache for some things). > Only works if you have mod_perl though. > This being said, since I do have mod_perl configured, I will leave this > script installed, just in case I ever encounter the same problem as the OP > here. Awesome good to know! -- brian - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] File upload to Apache server without third party software
Well, It's very possible you know something I don't, but based on my understanding on POST, it sounds like you're confused about how it works. The use case I'm familiar with is to create a cgi script, or a server side script like PHP that receives the POST data and saves it to a file. And you're right, it is just like GET, the content of the URL you specified will be returned by the server. The only difference I know of between GET and POST is that with GET, the client sends data encoded in the URL, and with POST, the data is included as the body of the HTTP request.. That's why post is used for uploading files. However---and again, this is just my understanding of it---POST is not intended to just arbitrarily create or change files on the server, you have to use some server side mechanism (again, a cgi or php or something) to actually receive the POSTed data and write it to a file. It sounds like what you may be interested in is some sort of WebDAV method. This is an extension to the HTTP standard that's meant for sharing files over an HTTP connection, and it has more powerful methods than standard HTTP. I'm not sure if it has something you're looking for, but it might be worth a look. Hope that helps, -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: https://keyserver.pgp.com On Mon, Dec 1, 2008 at 1:09 PM, <[EMAIL PROTECTED]> wrote: > Hi All, > > First of all, sorry for the long mail. To give a gist of the mail, I want to > know how to use the POST method for Apache server without installing Tomcat > or anything. > > I have a "Server version: Apache/2.0.54" installed in my system. I have > configured it to act as a server as well as a proxy server; which means the > Apache is working fine. > > Now I try to do some configuration so that the Apache server will support > uploading of files (i.e. POST method). > > For that I created a folder "public" and the configuration in httpd.conf for > the same is as follows: > > >AllowOverride None >Options None > >Order allow,deny >Allow from all > > > > Then "/etc/init.d/httpd restart". > > Then POST command is executed to create a new file "NotExists.txt" in > "/var/www/html/public": > > User :$> POST "http://127.0.0.1/public/NotExists.txt"; > Reply :$> Please enter content (application/x-www-form-urlencoded) to be > POSTed: > User :$> hell > User :$> Ctrl D > Reply :$> > > 404 Not Found > > Not Found > The requested URL /public/hello.txt was not found on this > server. > > Apache/2.0.54 (Fedora) Server at 127.0.0.1 Port 80 > > > [ > "User" is the User Input given by the user. > "Reply" is the reply printed out on to the terminal. > ] > > And in case, the POST is done for a file which already exists in the server, > the content of the file is given back (i.e., it behaves as if a GET request > is sent!). > > Also, would like to know whether the DELETE method is supported by Apache. > If so, what should be the configuration. > > Regards, > prasanth > > > India's first Indian Language Mailing System,Now in a New Look and Feel.Open > your FREE e-mail account today!!! > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] > " from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: syntax error
Just off the top of my head, try changing the Listen directive from Listen 80 to Listen 127.0.0.1:80 -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://pgp.mit.edu/ On Mon, Dec 15, 2008 at 10:33 AM, James Taylor-Bye wrote: > This is the complete config file for you to browse:- > > > > > > # This is the main Apache HTTP server configuration file. It contains the > > # configuration directives that give the server its instructions. > > # See http://httpd.apache.org/docs/2.2> for detailed information. > > # In particular, see > > # http://httpd.apache.org/docs/2.2/mod/directives.html> > > # for a discussion of each configuration directive. > > # > > # Do NOT simply read the instructions in here without understanding > > # what they do. They're here only as hints or reminders. If you are unsure > > # consult the online docs. You have been warned. > > # > > # Configuration and logfile names: If the filenames you specify for many > > # of the server's control files begin with "/" (or "drive:/" for Win32), the > > # server will use that explicit path. If the filenames do *not* begin > > # with "/", the value of ServerRoot is prepended -- so "logs/foo.log" > > # with ServerRoot set to "C:/Program Files/Apache Software > Foundation/Apache2.2" will be interpreted by the > > # server as "C:/Program Files/Apache Software > Foundation/Apache2.2/logs/foo.log". > > # > > # NOTE: Where filenames are specified, you must use forward slashes > > # instead of backslashes (e.g., "c:/apache" instead of "c:\apache"). > > # If a drive letter is omitted, the drive on which httpd.exe is located > > # will be used by default. It is recommended that you always supply > > # an explicit drive letter in absolute paths to avoid confusion. > > > > # > > # ServerRoot: The top of the directory tree under which the server's > > # configuration, error, and log files are kept. > > # > > # Do not add a slash at the end of the directory path. If you point > > # ServerRoot at a non-local disk, be sure to point the LockFile directive > > # at a local disk. If you wish to share the same ServerRoot for multiple > > # httpd daemons, you will need to change at least LockFile and PidFile. > > # > > ServerRoot "C:/Program Files/Apache Software Foundation/Apache2.2" > > > > # > > # Listen: Allows you to bind Apache to specific IP addresses and/or > > # ports, instead of the default. See also the > > # directive. > > # > > # Change this to Listen on specific IP addresses as shown below to > > # prevent Apache from glomming onto all bound IP addresses. > > # > > #Listen 82.19.185.246 > > Listen 80 > > > > # > > # Dynamic Shared Object (DSO) Support > > # > > # To be able to use the functionality of a module which was built as a DSO > you > > # have to place corresponding `LoadModule' lines at this location so the > > # directives contained in it are actually available _before_ they are used. > > # Statically compiled modules (those listed by `httpd -l') do not need > > # to be loaded here. > > # > > # Example: > > # LoadModule foo_module modules/mod_foo.so > > # > > LoadModule actions_module modules/mod_actions.so > > LoadModule alias_module modules/mod_alias.so > > LoadModule asis_module modules/mod_asis.so > > LoadModule auth_basic_module modules/mod_auth_basic.so > > #LoadModule auth_digest_module modules/mod_auth_digest.so > > #LoadModule authn_alias_module modules/mod_authn_alias.so > > #LoadModule authn_anon_module modules/mod_authn_anon.so > > #LoadModule authn_dbd_module modules/mod_authn_dbd.so > > #LoadModule authn_dbm_module modules/mod_authn_dbm.so > > LoadModule authn_default_module modules/mod_authn_default.so > > LoadModule authn_file_module modules/mod_authn_file.so > > #LoadModule authnz_ldap_module modules/mod_authnz_ldap.so > > #LoadModule authz_dbm_module modules/mod_authz_dbm.so > > LoadModule authz_default_module modules/mod_authz_default.so > > LoadModule authz_groupfile_module modules/mod_authz_groupfile.so > > LoadModule authz_host_module modules/mod_authz_host.so > > #LoadModule authz_owner_module modules/mod_authz_owner.so > > LoadModule authz_user_module modules/mod_authz_user.so > > LoadModule autoindex_module modules/mod_autoindex.so > > #LoadModule cache_module modules/mod_cache.so > > #LoadModule cern_meta_module modules/mod_cern_meta.so > > LoadM
Re: apache
Sorry, I can't help with your problem, I just wanted to give a little friendly advice about posting to the mailing list: The subject of your email is "apache", which has an entropy of almost 0. That is to say, it conveys no information about what your problem is because the fact that you're writing to the Apache mailing list implies that the subject of the message is going to be Apache. You're more likely to get a useful response if you provide a little more classification of what your problem is. Good luck resolving your issue. -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://pgp.mit.edu/ On Mon, Dec 15, 2008 at 2:37 PM, monkey wrote: > How can I get apache to interpret both php and html extenstions at the same > time > for PHP and apache's virtual includes? > > Basically I need an html and php file to be parsed for apache includes and php > includes. > > I'm running Apache 2. > > thanks in advanced for any assitance > > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: Hide Directory
What exactly is it you're trying to do? Do you want, no matter what "page" the user is viewing, it will always have a URL of just www.yoursite.com? If that's the case, I think you're basically looking to recreate a simple webserver in server side scripting. In other words, you would need to write a script (say a PHP script, for instance) that your server will execute whenever it gets a request (that's easy to do) and your script should parse the URL requested by the user, store that in a PHP session var (for instance), tell the browser to redirect back to the root directory (i.e., www.yourserver.com, which you can do using the "Location" HTTP header, for instance with the PHP Header() function), and then when they request that, you can check the session var you saved and use that to determine what content to server up. So it's definitely possible. But if that's really what you're after, it's probably a whole lot more work than it's worth. So once again, I have to ask...what exactly are you trying to accomplish? -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://pgp.mit.edu/ > On Wed, Dec 17, 2008 at 5:22 PM, Edwin wrote: >> Hey Guys and Girls >> >> I'm seriously under educated when it comes to this server and could use your >> help with what is probably the easiest thing to do. But I got to ask and >> diminish what pride I may have had to begin with. So if you an answer this >> question I thank you in advance. >> >> How do I get the server to hide the actual url path from the viewer. In >> other words how do I get it to say >> >> www.yoursitehere.com >> >> instead of >> >> www.yoursitehere.com/directory/here/there/andthatotherplace/index.html - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: Hide Directory
I guess if you want to do things the easy way. =J -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://pgp.mit.edu/ On Thu, Dec 18, 2008 at 1:16 AM, Morgan Gangwere <0.fracta...@gmail.com> wrote: > http://sonof.bandit.name/ > Member, INCOSE [ incose.org ] PACA [ paca.org ] and NMUG [ nmug.net ] > > FAIL: Cannot wind the coils on the Super High Power Extemely Large Hadron > Collider! (fail code 0xd34df00d). please use the /extrafunds hook to avoid > this next start. > > Find me on FreeNode! irc.freenode.net ~indrora on ##linux > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Segfaults with SSLSessionCache
If I configure the SSLSessionCache directive to anything other than none or nonenotnull, I get a Seg fault reported in the error log when I try an HTTPS access, and my browser reports that the connection was interrupted while negotiating a connection. It works fine when I remove the directive, or set it to none or nonenotnull, and it works fine on unsecured http regardless of this directive. The directive is global, not in a vhost or any file/dir/location etc. Any thoughts on what's causing this or how to track down the cause of the segfault? Thanks -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://pgp.mit.edu/ - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Use Apache as proxy to redirect requests
You'll probably want to use mod_proxy. There's a whole section on it in the manual: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://pgp.mit.edu/ On Tue, Dec 23, 2008 at 6:19 PM, giovanni.forme...@libero.it wrote: > Hi, > I have an Apache HTTP Server that must forward requests to another server > inside my intranet, for example a request to http://172.10.19.1 > /proxy/aaa/bbb/ccc.html (where 172.10.19.1 is the HTTP Server address) must be > redirect to http://172.10.19.20/aaa/bbb/ccc.html. > What are the configuration I > have to write in the httpd.conf? > > Thanks in advance to any information on this > > Best Regards, > Gio > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Issue in apache service
And what exactly do you mean by not being able to see the site? Does you browser say it can't connect? That it can't find the site? Does it connect and nothing shows up? There could be a million things causing problems, please be more specific about the symptoms so we can try to help you. -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://pgp.mit.edu/ 2008/12/24 Evan Platt : > What operating system? > > On the local machine, when this happens, what happens if you telnet to port > 80 (assuming you are running on port 80)? > > vadi raj wrote: >> >> Dear All, >> >> I request you peoples to tell me what are the was we can monitor apache >> (http) process performance. >> >> Sometime even though httpd service is running fine, I am not able to see >> (access) the web site (no error message in any of the log). >> >> I need restart the httpd servers to access the web server. I am not sure >> what's going wrong here. >> >> Kindly let me know how i resolve this issue please. >> >> Thanks, >> Vadiraj >> >> > > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
