CheapWebHosting.co.nz
|
CheapWebHosting.co.nz
|
oh i see sarcasm is rife inhere today
So is idiocy.
oi
play nice, or you will be ignored
give me an answer, or *you* will be ignored. bitch.
I thought fajita was a bot
is fajita a bot?
Is yango a hippo?
hey
fuck you
Don't make me get your mother and a bar of soap! Wash your
mouth out this instant
You gonna ban the whole intarwebs?
your whole domain
if you make it necessary
but we hope you won't!
hmph.
if you evade bans you will be reported to the freenode
staff
ooooooOOOoOOoo
them's fightin' words.
If you remove log files while Apache is still running, it is
highly likely that you will have to restart Apache. If "apachectl
graceful" doesn't appear to work, Do a full apache
restart.
Roobarb-Work: I did /etc/init.d/apache restart. I will try
apachectl if it is installed, I'm not sure if it is packaged or
not
Now, stop acting like a prat and try out some of our
suggestions.
Are _any_ of the logs recreated ?
I've gotten *one* suggestion
still nothing in access.log. error.log is fine, and being written
to
and does it say something about not being able to write in
the access log? :P
no. of course error.log is the first thing I checked when I had
problems.
Is any access to your website happening that would cause
anything to be written to that partiulat access.log ?
nothing in it but people looking for favicon.ico
hi. i try to get sticky sessions with mod_proxy_ajp to run
without success
i have ProxyPass / balancer://tomcat_1_2/
stickysession=JSESSIONID in my config
Roobarb-Work: well, me and other people loading pages
but the request for one session goes to both servers
This may sound stupid, but do you actually have any CustomLog
lines writing logs to the location you are looking in?
how to configure apache2 to create a site
Roobarb-Work: no, haven't fiddled with the config besides doing
static ip
hosting based vhosts
explain
you sure you haven't configured the access log per vhost in
some other files ? do a grep -ri Log your_conf_dir
Roobarb-Work, i am creating a project in django
Well, if you don't have anything writing to an access_log,
Apache won't automatically creat one
error_log is created whether you specify an ErrorLog directive or
not
access logs are a different matter
Roobarb-Work, i want to develop as a site
example vhosts
example vhost
Take a look at this for an example vhost http://wiki.apache.org/httpd/Recipes/ExampleVhosts
look here ^^
...
pctony, where
I will try manually specifying a log
the line above my last one
from fajita
be george
[USER] would like read and write access to her computer
be george
[USER] would like to have access for her laptop login access
multi user acces for that laptop and
pctony, i create all that but it show erros
what errors?
step one
whatever the problem, step one is to look in the error log
(and any other logs that may apply, such as suexec, mod_rewrite, or
mod_security).
^^
hm
well I specify CustomLog and now it's writing.. not quite what I
want but oh well :p
heh
what did yo uwant then, exactly?
The second argument for CustomLog is some type of format.. what
is the default format ?
Well, this will probably be better, since I can sort by vhost
:p
heh
"combined" which is usually defined elsewhere in your
configs
combined
combined is LogFormat "%h %l %u %t "%r " %s %b "%{Referer}i "
"%{User-Agent}i "" combined - Just like common, but adds referer
and browser type
Roobarb-Work: k, that's what I put. thanks everyone
common is the default one
look for LogFormat definitions
depends on your Distro I guess
Roobarb-Work: yeah
true
debian!
debian is "we complicate it for you so you don't have to" or see
/usr/share/doc/apache*/README.Debian* or http://wiki.apache.org/httpd/Platform/DebianLike
we complicate it for you? :p
if you don't specify a LogFormat, I assume you end up with
CLF ?
they do mess with the apache stuff a bit I think. but I can't
imagine using something else. I mean what else is there, red hat?
barf
Roobarb-Work: yip
Gentoo!
Apache is Apache, regardless of platform.
Gentoo is somewhat cool, simply 'cause it's made to be like
FreeBSD. It's not suitable for production though
I used debian for nearly 6/7 years
I now use CentOS
whyyy
Yeah, I was joking. I'm on a shared
hosting web host with Debian... stability is nice, but
software from this millennium would be nice too. *shrug*
pctony, what are the files to be configure
yea, them's the breaks. running testing is always an
option..
Okay, so, I'm on a shared web host with Apache 2.0.54 on
Linux. I have a directory with indexes. How can I stop
mod_autoindex from appending README.html to the index and removing
it from the file listing? If I set ReadmeName to something bugos,
it will stop appending it, but it still removes it from the file
listing,
sorry, what do you mean?
Hmph, I'll probably just let it append it to the page, but it
would still be nice if it didn't remove it from the file
listing.
they may be hiding it with an IndexIgnore
example index
sample index
You can see a sample/demo index page here http://index.eta-beta-pi.net/
(The config used is in the index too..)
^^
that shows the indexes, and indexignore stuff
Roobarb-Work: Probably, but I don't see an IndexUnignore.
Thanks, I'll check it out.
there is no IndexUnignore
lol
Roobarb-Work: So there's nothing I can do?
which might be considered an oversight actually
That website is interesting (I didn't know about
IndexStyleSheet), but it doesn't help.
yeah, I use +Indexes quite a lot
stylesheets are nice to make them more useable
lunchtime...
Time is an illusion. But lunchtime is here and now.
fajita++
pctony,
pctony, http://apache.pastebin.ca/566227
this myconf
fajita, http://apache.pastebin.ca/566227
this myconf
sorry...
ok, it looks a little broken to me
fajita ia a bot, and cannot hold conversations
bot
Danger Will Robinson!
pctony, where
your directory blocks to start with
sod of fwith your blame
hey niq
niq is http://people.apache.org/~niq/
tea?
please
need some
you have alias 's without matching directory blocks
pctony, what i put there
another thing, you have a directory block "Directory
/home/johnson/helpline/helpline/templates/" that matches
nothing
I have editied your posting and this is the result so far http://apache.pastebin.ca/566238
also, you dont need trailing slashes on your directives
in fact i would suggest you dont have any
the same goes for your alias directives
http://apache.pastebin.ca/566244
-- Further updated
^^
http://apache.pastebin.ca/566245
another change
another change is that i've added a bunch of vhosts to this
machine as well as renaming it - one of the vhosts is http://www.medill.northwestern.edu
- which was the original machine rewrite was pointing to
wow that is a few changes
forget another change
I forgot another change
food time
mmm
mmm, dingleberry tea
oh, he's gone
Hi
Can someone please help me configure apache to have virtual
directories
i.e make http://myserver/mydir
point to a different directory as http://myserver?
is it possible at all?
yse
*yes
Alias
Alias is http://httpd.apache.org/docs/2.2/mod/mod_alias.html#alias
nice
is mod_alias loaded by default ?
depends on your config
look for a line like:
LoadModule alias_module modules/mod_alias.so
LoadModule alias_module modules/mod_alias.so is set
ok
Thanks guys
anyone help to conf apache
that depends on the question
Roobarb-Work, i create a project with djanog and i configure
apache2 but the site is not opening
paste your httpd config
apc
Try using http://apache.pastebin.ca - It's a
good pastebin, and is even set up to highlight Apache
'stuff'.
Roobarb-Work, http://apache.pastebin.ca/566348
ok, and what isn't working
Roobarb-Work: his old config was borked so i fixed it up as much
as i could, but he disappeared
blocks etc
*nod*
Roobarb-Work, its not working
and dir blocks that point to nothing, i.e. no matching alias
etc
I appreciate that _something_ isn't working, but what exactly
"doesnt work" ?
Roobarb-Work, if i type www.djangoproject.web it show
errors
ok, what errors
and patience
patience is a virtue...
Roobarb-Work, server
hosting not found
aghh, dns
.web, isn't a valid TLD
.web
well yeah
sorry, /me relurks
do you have a Domain
hosting to host this site on ?
Roobarb-Work, i don't have any domain
ok, well no-one will be able to see your serve rby name, they'll
have to type an IP Address
Roobarb-Work, so what i do
Roobarb-Work, i am new to django
I guess that depends on whether you want people on the
Internet to be able to see your site by a hostname ?
Roobarb-Work, yes
django is just content. you're currently stuck on getting
your server connected to the Internet properly
well then, you need to buy a domain
pointed to the IP Address of your server (or the IP Address of
your router which has port 80 forwarded to your server)
Roobarb-Work, then how i configure for that
im trying to have a section of my online application show up
at a different domain address... i have a feeling I need to use
serverproxy but Im not sure how
once you have a DNS entry for www.yourdomain, you should be
able to at least see your server through a browser.
before you do this however, you should be able to do: http://127.0.0.1/ to talk to it from the
server itself
Roobarb-Work: no-www!!!!
Roobarb-Work, how
through a web browser running on the webserver
I'm getting the impression that you're not entirely comfortable
with setting up a website for the first time ?
yes
Roobarb-Work, yes
Roobarb-Work, when i run python manage.py runserver 8080 its
working
Roobarb-Work, and also working localhost:80/
localhost and 127.0.0.1 are the same thing
both of them refer to _your_ box
for now, concentrate on taking to http://localhost/
Roobarb-Work, ok
do you have an index.html in /var/www/djangoproject ?
Roobarb-Work, yes
do you see it when you browse to http://localhost/ ?
Roobarb-Work, yes
router
In order to access your web site behind a router, you must
forward the port apache is listening on to your internal IP. Then
you can access your site by pointing your browser to http://your external IP here:port. If your ISP
blocks port 80, see 'port 80 redirection'. Instructions on how to
forward a port using most common routers can be found at http://portforward.com
ok, do you see anything when you browse to http://localhost/web ?
he doesn't have a domain...
then he can use the IP
Roobarb-Work, no
yes, that has been explained. we're trying to get something
working before we take that step
what _do_ you see?
Roobarb-Work, but when i entered localhost/djangoproject it show
that contents
does http://localhost/djangoproject/
show what you want?
Roobarb-Work, i want to run as www.djangoproject.web that is the
way i configured
well you can't. .web is not a valid domain code
I can only access the server from localhost.. I tried messing
with the conf file, changing the server host port to 1221,
and opening the 1221 incoming/outgoing port in my ethernet
router... still nothing.. what should I do?
Germ^^^: what does your "Listen" statement say ?
Roobarb-Work, i goive any other .com means that will run
www.djangoproject.com already exists
Listen 1221
Roobarb-Work, djangoproject1.com
Roobarb-Work, it also show error
Germ^^^: when Apache should be listening to all interfaces.
Are you _sure_ that you're forwarding those ports
properly?
I've never configured a server.. so I might've messed something
up
yeah, I'm sure I opened the 1221 port
for both incoming and outgoing connections
you're missing the fundamental point - you can't just pick the
domain
host you use in a URL. You need to buy it
Germ^^^: whats the URL ?
It's a home server.. I don't even need it for internet use,
internal ethernet use would be sufficient
http://77.49.5.109:1221
Germ^^^: oh I see
Roobarb-Work, so if i run in localhost means which index.html i
put any html
or that project index.html
Germ^^^: well theres nothing I can see that would be preventing
you from accessing port 1221 via the LAN dedicated ip hosting address
of that server (I'm guessing its 192.168.x.x) ?
Germ^^^: you should be able to access that from any machine
on the LAN
don't know... simply doesn't open
Germ^^^: if you can't, you might have iptables running
I'll try again
Germ^^^: or some other firewall if you're not running
Linux
I'm using Apache2Triad if that makes any difference
Germ^^^: which Operating System ?
nope.. only the router, but I opened the ports
XP PRO
ugh
well, ServicePack 2 has a firewall
you;ll need to open port 1221 within the firewall control
panel
the windows firewall?
Roobarb-Work, what which index.html
I'm not sure I understand your question.
Roobarb-Work, but i put one index.html content with i am here
it shows that
Roobarb-Work, but i put my project index.html it not
showing
where does that index.html file reside?
Roobarb-Work, var/www/djangoproject/index.html
Roobarb-Work, i copy my base.html and copied here but it shows
the old index.html
Roobarb-Work, as index.html but it shows the old one
johnsoncls, there are currently only 2 pcs on the network.. the
other PC cannot even ping me.. isn't properly connected to the
network.. so I think that the server is running properly, I only
need a proper PC to be connected in order to test it. Can you try
to view my page.. http://77.49.5.109:1221
servertokens http://77.49.5.109:1221
Couldn't get a useful value for http://77.49.5.109:1221
Germ^^^: it does not seem to be functional
Germ^^^: can you access it locally?
Germ^^^: turn off the windows firewall
Germ^^^, it take a long time to connect
please refrain from commenting
yeah
thumbs, what??
thumbs, is that for me or vinvin?
forget thumbs,
I forgot thumbs,
I can access it locally, 127.0.0.1 and also as 192.168.1.2 from
the machine where the server is located
Germ^^^: ok.
I guess it's okay, I cannot really test it
Germ^^^: either your ISP is blocking all incoming requests
(possible)
Germ^^^: it sounds like it
Germ^^^: or your didnt forward the port properly or you have
a firewall on the server
Germ^^^, its still loading
your comment was not constructive, nor useful. Until you know
what you're doing on your own server, please refrain from making
those comments.
I opened the TCP incoming/outgoing ports on 1221
I'm not really sure how you want to lay-out your website to know
how it should be configured.
Germ^^^: explore every options I enumerated
Roobarb-Work, can i paste dpaste.com
I'll mess with the router rules
a bit
Germ^^^: as standard, WindowsXP has a firewall that blocks most
ports
yes
jink
jink is jinkies scooby-do where are you or awesomr or
grumpy
well that firewall is disabled
Roobarb-Work, http://dpaste.com/12250/
I hate that firewall
it's useless
Germ^^^: ok, explore the last two remaining options.
okay
working on it right now
yes, you pasted that earlier, but it doesn't really answer my
question.
it would help if yuo could access it from another host on the
same LAN, too.
how do you want your website to work? do you want http://localhost/ to be your django website
?
Roobarb-Work, they are asking customer independent site but
they say it work but ill try to run as www
who is "they" ?
Roobarb-Work, it is possible or not
if you're paid for this, I would inform the employer that you
are unable to do it yourself, and I would hire someone to do it for
you.
thumbs, ok
221 I found that I wrote
in the conf file.. doesn't seem right
Roobarb-Work, i want to know which secure linux web
hosting edition is good
if it's a hobby, you can work on it as much as you like. But
telling someone you can do it when n fact you have no idea how is
fraud.
Germ^^^: take out the port
thumbs, not like that
Germ^^^: however, that should not prevent the site from being
reached from the outside.
thumbses
huh?
Roobarb-Work, but its not also running localhost
hmm
if you say so.
haha
Hello François :p
How are we today?
Roobarb-Work, it is running 127.0.0.1
and listen is 'Listen 1221'
I see someone discovered the whois command.
I strongly suggest you work from a simple httpd.conf and add
stuff a piece at a time. www.linux-corner.info/httpd-simple.conf is
a good starting point
Roobarb-Work, i am leaving
Germ^^^: I already enumerated what can cause your problem. Work
on one item at a time
nah
Roobarb-Work, thankyou
okay
thumbs, thankyou
Germ^^^, thankyo
Unless you changed your name again, after your nick change
;p
you should understand what each configuration option does before
you start putting in things you don't understand
Frank is cool :]
johnsoncls thank you for your coherency too
I don't get to meet people as eloquent as you every day
johnsoncls
servertokens http://77.49.5.109:1221/
Couldn't get a useful value for http://77.49.5.109:1221/
Germ^^^: nope.
okay
thanks
Does anybody have any idea why thread handles would be leaked
inside of an apache module using APR but not in a stand-alone
program using the same code?
Germ^^^: consider calling your ISP to make sure they don't
block all incoming requests. It would save you a great deal of
time
I will do that
#apache-modules might be a better place to ask
I'm checking what I've done in order to ensure that I haven't
done anything wrong
servertokens http://77.49.5.109:1221/
Couldn't get a useful value for http://77.49.5.109:1221/
servertokens http://87.203.109.167:1221
Couldn't get a useful value for http://87.203.109.167:1221
redirect?
redirect is http://httpd.apache.org/docs-2.0/mod/mod_alias.html#redirect
or http://httpd.apache.org/docs/mod/mod_alias.html#redirect
or see 'Redirect Context'
Roobarb-Work, one doubt how to use my machine to another machine
and how view to all the files
rewrite?
rewrite is one of the crustiest bits of code out there, but also
the most useful see also mod_rewrite
mod_rewrite?
mod_rewrite is http://httpd.apache.org/docs-2.0/mod/mod_rewrite.html
or http://httpd.apache.org/docs/mod/mod_rewrite.html
or see http://rewrite.drbacchus.com/
Roobarb-Work, how to connect
you would need to use the IP Address of your server
thanks for the help yesterday regards the apache authentication
problem I mentioned. I have a question regards HARD_SERVER_LIMIT.
If this is set to 256 at compile hosting time
is that the number of concurrent connection requests teh server can
deal with?
ServerLimit
ServerLimit is http://httpd.apache.org/docs-2.0/mod/mpm_common.html#serverlimit
I am looking at http://httpd.apache.org/dev/apidoc/apidoc_HARD_SERVER_LIMIT.html
its the _maximim_ number of clients you can have
Roobarb-Work, i got dedicated ip hosting address
and when we are entered it show apache
the apache ver in question is 1.3.33
thanks
you'd have to explicitly change it from the default of
20,000
Roobarb-Work, and how to view the files
the same way you would for http://localhost/
httpd -V returns
-D HARD_SERVER_LIMIT=256
ah, Apache 2.x has a built-in limit of 20,000
johnsoncls if you keep up this work... You'll never be able
to buy a CLS, except if you have rich daddy
like 20k?
I'd consider upgrading to Apache 2.2 tbh
MyASSql, what??
Apache 1.3.x is past its prime
CLS as in Mercedes CLS... get it?
so what other things do i need to change when moving from
apache 1.3.33 to apache 2.x?
do you use any form of authentication ?
yes
AuthNTML
well, thats the first thing that has changed
that also needs to be recompiled
it might be wise for you to setup a test machine (vmware
maybe) before you upgrade your live server(s)
2.0 isn't too bad, but 2.2 has a fair few differences
have a read of the "Release Notes" section on http://httpd.apache.org/docs/2.2/
thanks roobarb-work
for reference, www.linux-corner.info/httpd.conf is an example
config for apache 2.2, using the new auth modules (for Basic
auth)
... this is lacking a NamevirtualHost *:80 directive,
innit?
is there a place to discuss other apache software foundation
projects, such as lucene and solr?
sort of
it would need one if you wanted to host something other than
www.example.com, yes
uit would need one if you wanted to host something other than
www.example.com, yes/u
would it give you a warm feeling if I added that line
?
Hi all. Question: for security reasons I'm using a SSL proxy,
to handle encryption/decryption. Although this seems to work fine
initially, squirrelmail, for instance, starts using some "http://"
redirects, that it did not use when SSL was on the same
server.
Roobarb-Work: YES
It would give me a warm AND fuzzy feeling!
Any ideas?
thinking is *hard*!
actually, I'm not - I haven't used more than one :80 or :443
VHost, so it makes little sense for _that_ config to have a
NameVirtualHost
are you using Apache as the SSL proxy ?
no, stunnel
I'm guessing you're proxying on to an http:// server ?
exactly.
that is probably your problem - Apache is handing out http://
links because it doesn't know any better.
an Apache reverse proxy in conjunction with mod_proxy_html would
probably fix this
I'm not sure I see how. SSL is at a level "below" http and
doesn't modify the http headers.
What I'm looking for is a way to get apache to set all its env
variables as if connections came in via https:// urls
thats not the point. you're not ultimatly connecting to the
squirrelmail content via https, so Apache doesn't know it should be
using https links
Exactly, so how is http_proxy going to make a
difference?
mod_proxy_html allows you to change URL's in transit
the incoming urls *are* https. the problem is squrremail, in
writing its urls starts using http:// (but didn't before)
So somehow squirrelmail (etc) is picking up this fact, presumably
because apache has set some environmental variable about it
ok lets back-up a bit
how is your service configured ?
inet-itenernal net-ssl server decryptor-apache (port 80)
then the final request _is_ http
Yes.
hey all. im having a little trouble getting mysql to work on my
local machine. the mysqld service is running, but nothings being
processed. is there any specific configuration changes i need to
put into apache to let it know mysql is there, or where to find
it?
what are you using mysql for?
in normal circumstances apache has nothing to do with
mysql.
But I don't see how http_proxy is going to improve
matters.
it's up to you to add mysql support to your scripting
language... php, perl, python, ruby, etc...
just for testing mysql code without having to upload it to my
webserver every time i change it
it would appear that the pages being returned form
squirrelmail have embedded http:// links, correct ?
that is my guess as to what is happening
yes, exactly, but these links were not present when the
squirrelmail server ran ssl
usually your browser would add the http://domain.com/ or https://domain.com/ to a relative link,
so I'm guessing you have some absolute links there somewhere
can you verify (by looking on disk) whether the pages containing
http:// links use absolute or relative links ?
sq is somehow picking up on the lack of SSL and writing the
http:// links accordingly. i.e Apache it telling to use
http://
in which case, its a coding error in squirrelmail
And that communication is probably an environmental variable,
set by apache. What I want is to force this to say the connection
is SSL
I'm trying to ascertain whether the raw pages handed back by
Apache contain absolute links or not
They do. But when there was only inet-apachessl, this did not
happen
the links were written as https://
are you getting that from your browse or a tcpdump of the
connection ?
So apache is setting some variable like "URL" with http://
prepended and sq is picking it up to write the absolute
urls
Apache doesn't add content to files.
first few sq redirects work fine, then there is a redirect to
http://
your browser is adding the http:// or https:// part
Argh.
then the browser will _not_ add anything
This is what I've been trying to say. Sq is writing a url
with "http://". However that did *not* happen when the apache
server was listening on 443
So squirrelmail *knows* about the connection to port 80
the only way it can know is that apache is telling it
They only way it can tell it is via some variable
I want a way of telling apache to lie
he's already dismissed that because he doesn't know what it
does
heh
well then i guess his issue is over
next!
next is making a non-existant subdomain map to www ...
I am unaware of a way to make apache "lie" about its current
state.
even if you could, it would probably have rar-reaching consequences
that neither of us can know about.
ergo, I would use a mechanism to change any http:// link to an
https:// one _in transit_
mod_proxy_html is that mechanis,
no, that won't work
ive connected apache and tomcat using mod_jk. if i goto http://localhost i can see the default "It
Works" page from apahce how can i change this so when i got to
http://localhost is see the default
page from tomcat ?
why wont it work?
and why not?
you are asking for our advice, we give it (frelly might i
add), then you dismiss it out of hand
reverse proxy
reverse proxy is http://www.apachetutor.org/admin/reverseproxies
Tomcat usually listens on a differnt port. You'd need to
proxy through to Tomcay somehow
look at fajita's reverse proxy factoid
is that site old and out of date now?
oh... nevermind... you said you're using mod_jk...
yep
which site...
niq.com/revprox
sorry, don't use mod_jk... don't know nor do i have a
clue...
aghh
i don't think i've even met anyone here that's admitted to
using mod_jk extensively... .
SSLPassPhraseDialog
SSLPassPhraseDialog is
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslpassphrasedialog
ok thats cool
yeah, i just use a reverse proxy to my tomcat server..
I think you need to configure a workers2.proerties file
[uri:/blah/]
context=/blah
worker=ajp13:localhost:8009
or similar
ok i can try the manual method, i used the auto method before
to generate tomcat\conf\auto
to be fair, not using mod_jk and using a reverse proxy may be
easier
and less to type.
well it is very simple... just 2 directives
possibly more if you do it in a vhost...
lol it mod_jk was recommended
what do you loose not using mod_jk ?
pain and suffering
the only thing i know of for sure is logging of the
host...
:o)
lol
i could do with logging
niq.com/revprox --- causing irc to flash at me
ill keep the revese proxy idea in mind in case all else
fails
the logging gets taken care of on the httpd frontend... you
lose the requesting host in tomcat
you get the logging, at the proxy
right
you can shove it in a requestsheader though
so it finds its way there
yeah, but request headers are like colons... not made for
having things shoved in them...
that was a joke...
don't everybody laugh at once now...
*sheesh... tough crowd...*
actually, it will work, but that's an extremely bloated
solution.
I'm still grimmacing
SSLPassPhraseDialog context
server config
hello all, i have a perl script that people need to download as
a text file, but apache keeps running it instaed (and im going over
my cpu quota) -- how can i tell apache to just spit out text from a
specific directory?
probably to just change Location: via php
sendasis
send as is
bah
humbug
Of course, pctony...
you could change the file extension of the perl script...
:P
block of where that script lives...
there's probably a whole slew of other things you could do as
well...
anybody have an idea on how to make apache not run perl
scripts in a specific directory?
well... good to see that you're paying attention
read what megaspaz has just spat out
megaspaz - i have changed the extension to .dl (for download)
but it still likes to run it (i think because of the #! in the
top)
sorry - i usually only read the highlighted stuff if they type
my name
if i create worker.properties do i not need to use the Listener
for mod_jk in tomcats server.xml ?
block of where that script lives...
it's ok. we just dont always prefix with nicks
personally I think that using stunnel is a rather crude
solution for doing SSL offload
be george
[USER] is havening problems with her internet opening up. it
freezes up every time she opens her internet.
you may be better served asking in #tomcat
megaspaz - thanks!
lol
ooh, rothchild is in Cambridge
my home town
cude in what manner?
$getEnvVar = getenv('HTTPS');
if ((isset($getEnvVar) && strcasecmp($getEnvVar, 'on') ===
0) ||
(sqgetGlobalVar('HTTPS', $https_on, SQ_SERVER) &&
strcasecmp($https_on,
'on') === 0) ||
(sqgetGlobalVar('SERVER_PORT', $server_port, SQ_SERVER)
&& $server_port
== 443)) {
hi pctony
$proto = 'https://';
}
oi!
pastebin!
Please use http://apache.pastebin.ca/
apc
Try using http://apache.pastebin.ca - It's a
good pastebin, and is even set up to highlight Apache
'stuff'.
my eyes!
kick!
kick is in order
if i set it for the parent directory does it propagate to the
sub directories?
That's the offending code. So you see, all that is necessary is
to set HTTPS
yes it does
do not paste more than 3 lines at a time
hi rothchild
looks like bad coding IMHO. It should alway be using relative
links
how can i setup apache so index.jsp is the default page when i
goto http://locahost
i can give you the reverse proxy method...
DirectoryIndex index.jsp
I agree, it's bad code, but such is life.
if you're talking about serving it up from tomcat that
is...
its ok i got mod_jk working with a worker.properties
file
ah ok... good for ya
i found this guide
http://docs.codehaus.org/display/GEOSDOC/Apache+HTTP+Server
we've presented a very workable solution for you. If you feel
it is not suitable, let us know if anything changes.
i just need to tell apache http server to point to index.jsp so
it loads this when i navigate to http://localhost
I just did...
not sure how to configure apache though
How can I set the environmental variable HTTPS=ON from with
apache?
ty roobarb i found it in httpd.conf DocumentRoot
go to https://yoursite
x99, ^
you could try: SetEnv HTTPS on
thanks. Whether that works or not I suppose dependson whether
it happens before or after apache sets it
heya all
all is relative
fajita, "some of you"? :P
huh?
i think he meant hey all except for fajita
nm, bot
anyway!!!!!
"RewriteRules ...... [F,L]" means....? (the F & L bit
[F]
[F] is a rewrite flag which results in a 403 Forbidden
status. See 'Rewrite Flags' for more details
[L]
[L] is for last
perl
Check out #perl or http://www.perlmonks.org. To test a
perl script, use \\ at a shell prompt. DO NOT use "perl
scriptname.pl" as, that will mask shebang errors. .
Rewrite Flags
Rewrite Flags is
http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#rewriteflags
bingo
and bingo was his name-o.
i have a modrewrite question too. i expect this to resolve the
first rewrite then stop if it fits the criteria, and redirect to a
local address if not. instead, it always redirects. http://phpfi.com/241718 any
ideas?
pay attention to fajita
she already told you what f and l are
but good to look at the official docs nonetheless
[OR]
gah
oh well
after the first line?
[OR]
[OR] can be used as a RewriteCond flag to change the default AND
behavior (which doesn't have a corresponding flag)
i see
i think
:s
ProxyBlock *|word|host|domain [word|host|domain] .. , can i
specify to block all EXCEPT mentioned hosts|domain|word etcc..
like ProxyBlock * EXCEPT x y z
in fact, was that to me?
what are you trying to achieve in the bigger picture?
set up proxy for lan , but only to 5 websites
for 5 website
Gothfunc, huh?
the rest should be blocked
was that to me?
the [or]
[OR] can be used as a RewriteCond flag to change the default
AND behavior (which doesn't have a corresponding flag)
lamp, i mean the destination of the websites..
goth, no, was looking up for myself
so all http trafic from your lan goes through your proxy and
only the requests to 5 target hosts are allowed
i see
lamp, yes.
so can anyone tell me what i'm doing wrong here?
sections for each target you want to allow (and those
sections allowing your lan)
Proxy?
Proxy is http://httpd.apache.org/docs-2.0/mod/mod_proxy.html#proxy
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxy
block to last one of Proxy blocks in your config
fajita r u pro at mod rewrite?
i don't know
ask
If you have an apache related question, please go ahead and
ask it. We will not beat it out of you. We won't bite you either,
at least until we get to know you better
i have a bug in my redirect code but when i asked for help
last night here they couldn't help me and just told me to use a
different function
lamp, no need for use of ProxyBlock ?
would be easier just to fix the bug though
think your up for it fajita?
it's only like 2 lines
apc
Try using http://apache.pastebin.ca - It's a
good pastebin, and is even set up to highlight Apache
'stuff'.
hey lamp, someone said yesterday that you're the local ssl
guru through ssl sometimes i get a delay of several seconds at the
beginning of a request, and im struggling to work out what's
causing it
I don't think so
are there any obvious things to check?
tim^^: oh my, local ssl guru
tim^^: do you have also non-ssl url's and are they responding as
fast as expected?
yep the non-ssl is consistently fast
http://apache.pastebin.ca/566663
- problem is that it encodes question marks at the end of the url
as /? so name becomes name/? and name?/ becomes name/?/
Hmm. No matches for that, Saberu.
and the ssl is sometimes slow, perhaps half the time
lamp, how does the apache server know it's recieving a proxy
request
could just be the negotiation
*shrugs*
u mean the link fajita? works fine for me
yeah, it's something like that, once the data starts coming it
comes as quickly as usual
i hate to break it to you, but fajita's a bot
oh
it just seems to sit there for a bit
lol
rici-- # ruining the entertainment
thanks
that was embarrassing
tim^^: several seconds sounds bit too much to be caused by
ssl handshaking
it was entertaining up to a point
heh
anyway so can anyone else help me because the bot isn't very
helpful
and I though very hard about which factoid to feed her next
to maintain the illusion
it's amazing how often she passes the turing test
she's fooled many a people... fooled me when i first started
coming to this channel...
not too hard
:P
tim^^: do you have SSLMutex / SSLSessionCache?
[NE]
[NE] is noescape (no uri escaping of output)
lamp, can apache do transparent proxy
shes only fooling us because yango is causing her to say stuff
:p
no... pctony disabled that module... or it'd be niq making
fajita say stuff...
pctony-- # bot mangler
hmmm, not really imo
no i meant with prompts
lamp, not as far as i know, but it's possible. is there an
easy way to check?
like [ne]
[ne]
[ne] is noescape (no uri escaping of output)
tim^^: check those directives from your configuration
megaspaz-- #whining bot pimp
[l]
[l] is for last
anyway can someone actually help me out
oke 1 mo
you are not telling the whole story
ppl i want to know , is my hosting provider (the planet)
responsible always to upgrade Apache to the last version
?
you can't have a -- with pimp in the explanation!
pimp++
well noodl couldn't help me so it needs to be someone more
pro than him
the first rule looks like it would loop
or less drunk umm
check your contract?
hmm
no
I would assume no though
htaccess?
htaccess files apply to the directory in which they are placed,
and to all subdirectories thereof. or Only needed if you don't have
access to the main server config. or http://httpd.apache.org/docs/howto/htaccess.html
or http://httpd.apache.org/docs/configuring.html#htaccess
or http://httpd.apache.org/docs-2.0/howto/htaccess.html
or if it doesn't work, checkyour AllowOverride directives in http.
Ask me about AllowOv
didn't i mention the problem?
you mentioned it but i didn't quite get it
quote myself again.. "problem is that it encodes question
marks at the end of the url as /? so name becomes name/? and name?/
becomes name/?/"
I don't know if you could use some external tool like iptables
to forward all http traffic to your apache, never played with that
kind of setup
is it my job then ?
so www.a.com/folder?/ becomes www.a.com/folder/?/
if you're hosting provider let's you muck around like that,
yeah, it'd be your job
yes, however your server should have automatic updates that
keep the version you have patched
or.. job then ?
so w
oops
oops is an understatement... :P
remove the NE then
and put in an L
and what;s the last supported version ?
you don't want to drop into the second rule
the bug was there before i had the NE, noodl actually told me
to add the NE to try and fix it but it didn't
apache 2.2.4
that's the latest version of apache...
doesn't mean that your distro will have that packaged
though...
because I have links with question marks in which need to be
redirected to a php file
lamp, there aren't any directives for either of those. might
one or the other help? also, there is a line SSLProtocol all -SSLv2
is excluding v2 a silly idea?
tim^^: no
i could always encode the question marks as some non
alphabetical character which works in URL's
and then convert it back to a question mark in my php
script
shall i do that?
you should encode it in the standard encoding
that's what it is for
well the question mark isn't working
urlencode() urldecode() in PHP
i used urlencode
and in case that the Apache Upgrade needs an Upgrade for the
distro , is it always my job ?
the problem isn't with the php
it's with the rewrite script in my .htaccess file
the one i showed u
tell me a real URI you're trying to access
not having SSLSessionCache could damage your performance when
you have more requests coming in
heck i'll show u it on my site..saves trying to explain
it
hosting providers are lazy. So assume that any more questions
you have about stuff being your job is a "YES!"
and SSLMutex is related to that
ah oki
http://www.moozic.net/lyrics/Aaliyah/+Are+You+That+Somebody?
try that
then u can see what i mean
tim^^: not test, you
figured
surely this should work? if the top rule is applied i don't want
the other rules applied. http://apache.pastebin.ca/566673
it applies the bottom rules
[L] on the rewriterules
depending on what exactly you want...
you want http://www.moozic.net/lyrics/Aaliyah/+Are+You+That+Somebody%3F/
not http://www.moozic.net/lyrics/Aaliyah/+Are+You+That+Somebody?
%3F
tim^^: try e.g. 'SSLSessionCache shm:/path/to/datafile(512000)'
where /path/to points e.g. to your logfile directory
Aaliyah - Verse 1 (Playa sings the parentheses)
i've already put a script in php to do just that
well it's certainly doing it wrongly
lamp, it'll create datafile(512000) ?
but it only works inside the string, maybe it's not working
on the last character i'll hav a look
because I just tried the other link and I got to the
lyric
yeh me too :p
it should work right?
anybody experienced w/ apache on windows
or am i doing something wrong?
tim^^: (512000) tell's the cache size in bytes and you don't
have to take care of creating the file
cool one mo
if you want processing to stop after the top rule works, use
[L] like megaspaz says
i tried that too, it keeps processing
hmm
tim^^: if you haven't had SSLSessionCache set, I guess you've
had warnings in error_log?
guess my script isn't working properly
on windows and apache 2.0, simply double clicking apache.exe
starts the server not as a service (at least not one picked up by
the service manager), and then closing it will close it nicely. I'd
like to do this programmatically in c#, but calling Close does not
stop apache gracefully and killing it leaves behind all fcgi
processes, etc.
keeps processing? or does it trigger on the second
request?
nope, I guess this is a bug in modrewrite
let me fetch a link for you
ah ok. how would i stop it triggering on the second
request?
i have put a condition there
to stop it
but it still rewrites
oh wait
i get it
lamp, still the pause sometimes, and there are a few warnings in
error log, trying to make more sense of them
pastebin?
Please use http://apache.pastebin.ca/
ok, so i set the condition to ignore the last too lines on the
second request, but it processes them anyway: http://apache.pastebin.ca/566694
can someone tell me how do i add support for .py file in
apache ?
so that http://server.example.com/test.py
runs it ?
ah thanks yango
according to that mail, you'd have to match against
%{THE_REQUEST} to get the content encoded, pass it to a script
(through rewritemap), or apply the patch there
QUERY_STRING
THE_REQUEST would work too, i suppose
ah ok sounds complicated
anyone ?
aha
regarding installing SVN on apache 1.3 isn't supported can i
load the modules required by SVN to this apache version
the URI is just the part which refers to the path
mod_cgi, mod_python
cgi?
cgi is http://httpd.apache.org/docs/2.0/howto/cgi.html
the quesry string has been removed already
mod_cgi?
mod_cgi is http://httpd.apache.org/docs/mod/mod_cgi.html
or http://httpd.apache.org/docs-2.0/mod/mod_cgi.html
mod_python?
mod_python is HTML generation the way Guido indented. or
http://modpython.org or not to
be confused with Monty Python.
cool
if it's not supported, then no
yango
yango is my foster daddy or an anagram for agony.
nice nick
i've realised that for some reason
lamp, http://apache.pastebin.ca/566701
is what is added to the error log when i restart apache. i think a
lot of it is red herrings though
the %3F is being encoded back into a question mark in my browser
:/
when i send it from php
yes
thats why my php script didn't work before!
that's the bug
of mod_rewrite
lamp, the box in question has two ip addresses, and most
(possibly all actually) refer to hosts pointing to the other
address
no i meant
when the html page is created with links
most of the log i mean
it's encoded the question mark as "?" in the html link
i mean before the mod rewrite stage
lines?
i'm talking about the link i'm using to get to http://www.moozic.net/lyrics/Aaliyah/+Are+You+That+Somebody%3F/
lamp, just for the site in question? or ones on the other ip
too?
tim^^: well, in general. Do you use ip:port or
host:port?
ahhh i see where i'm going wrong. how do you bind two rules to
one condition?
is the beginning for the site in question
tim^^: how about the others, do you use ip as well?
lamp, yep they're all ip
yango u there?
the HTML should say %3F
the html says ?
i'll show u
lamp, the pause effect is happening for ssl on both ips, if
that's relevant
i'm having a problem with firefox complaining about
"incorrect message authentication code" when SSLv3 is enabled on my
apache2 server. anyone else had this problem or know how to fix
it?
well, if it says ?, fix it!
rule, rule
anyone?
ah wait no it doesn't say ?
it's just firefox being gay
i close firefox and reopen it and it still uses cache
tim^^: I don't think any of those warnings causes your
problems
or cond { rule; rule; } i should say
works fine in ie thats why i realised it does work
browser cache
Browser caches can be very persistent. Restarting the
browser, or even rebooting, will not necessarily clear the cache.
You must expressly clear the cache via the menus.
yep sucks. even if i do ctrl+shift+r it doesn't refresh
it
it will look like asshttp://rafb.net/p/eZbJYA34.html
any way to suppress that/
?
wtf
ok sorry about that my irc client just freaked out
a bad workman blames his fools!
damn keyboard
rools?
tim^^: if you can you could pastebin the ssl sites
configuration. or then ssl handshaking just takes time for some odd
reason. Btw. do you use KeepAlive, that gives performance benefits
with ssl connections (where handshaking overhead is fairly
high)
is it possible even, to have two rules processed by one
condition with mod rewrite?
no
omg
i still have the problem yango
so i just have to repeat the same condition many times?
it is [Cond 1.1 ... 1.N] [Rule 1] [Cond 2.1 ... 2.N] [Rule
2]
or try to phrase what you want in a way that doesn't need that
much repetition
yango it's because IE sucks
firefox works fine but in ie if u open http://www.moozic.net/lyrics/Aaliyah/+Are+You+That+Somebody%3F/
it converts it to a question mark
ok, cheers
anyone know about firefox reporting incorrect message
authentication code with sslv3?
with 56bit encryption?
IE 6 opens that link perfectly
would that be specified in ssl.conf?
o
but i use ie6
maybe my version of ie6 is slightly outdated?
I don't know what to believe
where would i find out the encryption length?
right ok i realised
if i paste the url in the url bar it works
run then it doesn't
kind of yes. If you have only 512bit key and client and
server negotiate 56bit encryption, then there's a problem as
firefox2 does not allow that encryption by default
run is essentially a link anyway
so same problem
SSLRandomSeed is set to 512.
but i don't see where it specifies 56bit encryption.
easiest fix would be to translate that things in PHP to a
specific code, as you first said
($)·"()%$"·
or somehting
what is the ssl key length? ('openssl x509 -noout -text -in
your.crt' and RSA Public Key: (1024 bit) from there)
and there's 'security.ssl3.rsa_1024_rc4_56_sha' in firefox
about:config, you could try if setting that to true helps. But that
is just a local workaround, you need to fix your key/cert or your
ciphersuite
it's a 2048bit key.
ok, good. what do you have in SSLCipherSuite line?
it's not
oops
oops is an understatement... :P
it's not specified in ssl.conf
this is also a problem with subversion, which occasionally reports
Could not read response body: SSL error: decryption failed or bad
record mac
okay, Redbush.
is there anything in error_log files?
no, nothing unusual.
lamp, the server's been consistently fast for the last 20 mins,
i wonder if that line really did do it. going to try taking it out
again
i think %3F/ works
for some reason if theres a forward slash after the question
mark it works ok
Is there a way when using apache security to secure/login to
a page to have them be able to log out using a link?
have this worked earlier? have you upgraded openssl
recently?
wha?
this has been a problem ever since i installed apache on this
machine. i've tried fiddling with openssl version with no
success.
no.
you'd have to go a single signon approach
i don't think apache2 will use openssl0.9.7
via cookies or something...
I have read there are ways in php/perl to kill the login behind
the scenes
sending certain headers
yeah, but then that's using php/perl... not apache...
and if you're going to do that, you might as well code up a
login page...
apache (as well as other applications) are compiled on
certain openssl minor version, you can't up/downgrade to
0.9.7-0.9.8 without compiling apache too
besides, that's pretty hackish
Well I am using apache with mod_auth_mysql and the php hooks
to define a session after login - the rest of the security is
handled by php but using php for it all made a lot of the streaming
content/images uncacheable
So the log in stuff works
but when they go to log out, it destroys the session but creates
it again immediately since apache is still logged in
yeah, that's what i mean. it's not dynamically linked.
but it may in fact be an openssl problem. i don't know.
my first suggestions about key length were due to misreading
your question a bit. this error of yours gave some hits from
google, atleast with older sun compilers there have been
problems
have you compiled openssl/apache by yourself? on what
platform?
Apache security is the simplest most secure way to for me to
protect the content, it would be perfect if there was a way to log
out...
yeah, i saw those as well.
it's a binary debian package.
(2.2.3 i think)
that's bit strange..
Is there a PHP equivalent of the Perl AuthCookie for
apache?
what does AuthCookie do?
It looks like it extends AuthBasic to call custom perl
scripts to handle authentication but apache still handles the
security
So you can have a custom log in form and the ability to log out,
but I dont want to use perl
werkkrew, you can write code really easily to do that in
PHP
lamp, i take it requests appear in the log once apache has
finished with them? is there a way to tell when apache has
-started- dealing with a request?
but keep in mind that php (afiak) is just a content handler,
it doesn't have as much access to the apache request cycle as
mod_perl.
I had a full blown PHP log in system but it presented
problems with some of my content
werkkrew, then I guess you were doing it wrong?
basically I have a an entire folder loaded with subfolders I
want to protect, but using php in many ways was making protecting
the content more complex then it needed to be for my needs
and apache security makes it very easy
yes it does, mod_perl wins for that
you could possibly intertwine the two to work together pretty
easily.
use the same cookie as a session cookie and what not.
I am not well versed in perl, I have always been a php
guy
i'm poring over debian bugs, i think the problem is somewhere in
openssl. thanks for your help!
Hi all! internet accessible webdav via password - what are
security concerns, and can I do ?
werkkrew, why woudl you need to be versed in perl?
1. the module seems to be already written for you, just
configure it in apache.
2. if you know php, you can learn perl in a couple of days.
Yes I am reading up on it now a bit
lamp, heh right now i can't seem to do anything to slow it
down. cheers for all your help, i'll poke it some more
tomorrow
hi there, I have some troubles trying to set some vhosts
under ssl
I've configured one and runs just fine
Domain Name Mismatch"
and shows my the cert from my first domain
I've set SSLCertificateFile, SSLCertificateKeyFile and
SSLCertificateChainFile pointing to its file according to each
domain
could you give me a word of advice?
thanks
ssl vhosts
When using SSL, each virtual host must have either its own IP
address or its own port. Or both. or for details see http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#vhosts2
or http://www.onlamp.com/pub/a/apache/2005/02/17/apacheckbk.html
or see SNI or consider wildcard certificates or http://wiki.cacert.org/wiki/VhostTaskForce
or see ip based vhosts
OK, I've set two different IP adressess but I'll take a look at
the links you sent me and let you know, thanks
wow the onLapm article just covers exactly what I'm loking for,
thanks
no idea
botsnack
Danke schön
Hi all! internet accessible webdav via password - what are
security concerns, and can I do ?
i guess the dav aspect is immiterial
can you elaborate please ?
the isue is having basic auth over a none encrypted channel
i appear to have forgotten how to spell
and keyloggers even if it is encrypted
how willing are you to risk access to this protected data?
hmm not much :-) so what should I do ?
you dont control the client machine, you dont know if your
users are access the data from public kiosks
lots of things to consider before publishing sensitive data
the clients are half-dozen of my friends, and very very
unlikely of public PC access
restrict access by client address and require
authentication
client address ? what you mean ? authentication I already
request "basic" with password
it;s one way to make sure only the people you want to access
your site, can.
what is a client address ?? you mean an IP ??
have apache look at the source address of the request (the
client) and compare it to a list of allowed ip's
yup
what if he has a dynamic IP from his ISP ?
allow the subnet
still better than allowing the entire world, if the entire world
doesnt need access
subnet ? that mean everybody from that ISP ??
probably not, but could be. You'd still be requiring auth as
well
security is about layers
if it's pron, then i want access!
;3
well, what if my friends are from 3 or 4 of the largest ISP i
my country ?? and no... it's not porn, it's work, wanna share the
word ?? ;-)
share the work... that is
bah, work
pre-happy hour*
then restriction by address may not be real practical, I was
just pointing options
pointing out
I know, np, so what else can /should I do ?
.htaccess?
.htaccess is used for apache config directives - if it is not
readable, apache can't use it - if you don't want to use htaccess
at all, then set AllowOverride None in httpd.conf or http://httpd.apache.org/docs/configuring.html#htaccess
or http://httpd.apache.org/docs/howto/htaccess.html
or or see htaccess purpose
heh
self sign a cert, ssl the site. basic auth, etc... the
standards
fajita I'll look into the .htaccess and SSL stuff and I'll be
back - I can self sign a SSL cert ? no need to buy one from Thawthe
or alike ?
u can buy one from me
etronik- you can get a free 90 trial cert from comodo
some CA offers free certs imho too
Last I saw, they were pretty expensive .. at least for a home
server... 200 USD approx
you can, but your users do not get the trust assurance offred
by a 3rd party signer. and the insurance that is often offered as
part of thepurchase price in the event that somehow things go bad
with regard to the 3rd party signed crt
$125 USD for a single domain
it gets pretty expensive when you venture into the wildcard
ones.
OK I understand... but I think for a home server for project
related file sharing, and for 6 to 8 persons, I probably can do
with a homebrewed cert no ??
ubuntu-rocks: thanks for the tip, it's the best price I seen
though
if the users don't mind the security popup when they hit the
site at https://yoursite.com,
you don't need to buy a cert.
i'm using a free 90 trial on a production box and it works just
fine. I will mostly likely be purchasing it or upgrading to a
wildcard cert
any good guides on compiling a apache shared module separate of
compiling the whole server? I just need mod_proxy
im trying to load a dynamic library. It is shared object used to
create pdf provided by pdflib.
I have copied libpdf_php.so to the extension_dir given in
php.ini
extension=libpdf_php.so
now when i restart apache my fedora machine says starting
starting httpd OK but when i try to access localhost it says page
cannot be displayed
looking at error_log i found these lines
7 2007] [notice] suEXEC mechanism enabled (wrapper:
Related Topic:
Hi i am trying to display phtml page when i go to that page i get the option of saving phtml page i have installed