|
Related Topic: |
and you've ignored it everytime
partially
where can I start researching that method
*rolleyes*
ssl tutorial
ssl tutorial is http://www.vanemery.com/Linux/Apache/apache-SSL.html but look out fot the typos
i think there
is 128bit encryption difficult to crack any more?
heh
aes?
depends on the cypher
be sufficient?
you'd need NameVirtualHost *:27016 before that
and a servername
a servername is http://httpd.apache.org/docs-2.0/mod/core.html#servername or http://httpd.apache.org/docs/mod/core.html#servername
Ok. Ill try that.
since apache will use the servername value to determine which vhost to use for name based vhosts.
Do I replace NameVirtualHost with that ServerName once I fiqure that out?
no.
leave it
no, NameVirtualHost goes before the VirtualHost
Ok.
ServerName goes inside the VirtualHost
Right, for more virtual hosts with differant ports, do I ADD extra of those in though?
:443
no, you only want one NameVirtualHost in the config
blocks as you like
jpeg, then how would one run more than one virtual host on differant port numbers?
one NameVirtualHost ip:port combo. if you have more than one port, then yeah, add another directive.
blocks as well
So, at all times, only one NameVirtualHost ip:port?
for each ip/port config yeah
for each. okay.
yes, the namevirtualhost ip:port must be unique in the config file
only got one going now. ill try and fiqure out the servername.
... virtualhost *:80
read a book. fuck off
hahaha
... virtualhost *:8000
megaspaz, just said more than one NameVirtualHost is kosher, but jpeg just said it must be unique. im lost,.
... but it's not recommended
so one namevirtualhost line for each group of ip/port combos
... virtualhost *:80
... virtualhost *:8000
for example
Right okay.
the hostname is reset4, would I do a hlstasts.reset4 as a servername?
hostname and servername don't have to match
it's preferable they don't
for migration, etc...
hegh?
what if you wanted to move your server to another machine?
hmmm
you gonna change your domain names to match the hostname of the machine?
how do I force http://domain.com to go to https://domain.com ?
http2https
http2https is http://rewrite.drbacchus.com/rewritewiki/SSL
thx megaspaz
did you complete your mission?
What I want is to have a subdomain for this machine, http://reset4 brings me to default apache htdocs, how do I get subDomain.reset4 to go to this other document root? What servername?
servername sub1.reset4
if that's what you want
*shrugs*
name based vhosts
name based vhosts is http://httpd.apache.org/docs/2.2/vhosts/name-based.html#using
^^
allright, I'll fiqure it out thanks.
hey I'm trying to use mod_rewrite on my local server host but as soon as I put RewriteEngine on in my .htaccess I get a 403 forbidden on any page I try to go to
I can put other directives in .htaccess, but not RewriteEngine on
even if I have no RewriteRules or anything
just one line, RewriteEngine on
where are the apache logs usually stored (not for the domains, but for apache errors)
im on fc5
/var/logs?
might be httpd inside of that
or just apache
ah
what does the error log say, exactly?
how do i check what ports apache is listening to?
errr, what ips
httpd.conf
httpd.conf is the main apache configuration file.
hi, can anyone suggest adequate arguments for ab to simulate a "slashdotting", i.e., 3-5 hits/sec for an hour+ ?
it would be more than that, more like spasms of 100 every 20 seconds for 30 minutes
okay, apache is set to Listen 80, and i am using name-based virtualhosting
i have a conf file that has a servername set
but it is displaying the wrong virtualhost when i go to that domain
imMute, ok, so can you suggest ab args? i'm new to the app ... 3-5/sec is historically what I've recorded on omninerd.com when we've been /.'ed
dunno, i havent used ab
ah, I should have known better - i didn't think 403 would log a more detailed error, but i was wrong. I guess FollowSymLinks was off so it assumed mod_rewrite forbidden...
I'm just using the -n arg right now to up the requests
My rails app is happily handling a load of 5000 requests at 5 reqs a second with no caching ... w00t! :-) ... I just don't know if I using ab properly and may be getting excited about nothing
there is a peepcode about using httperf
aaronblohowiak, ok, i'll check it out
uh, pong?
I failed miserably
ya
I get a 403 forbidden error when i try to access my page on apache
any ideas?
thinking is *hard*!
the files have the right permissions set, same user and grioup as apache config
it says directory indexing forbidden
but i don't want it to directory index.. i want the index.php
okay fixed that.. but now it shows the php file as plain text :o
having trouble configuring vhosts. multiple domains, single ip, my first vhost handles all requests for some reason
iit's supposed too
you should set up first one the same as the main server one
then add the others after it
first one the same as the main server one ?
yes
the first vhost is the default vhost
the second one is your first "real" one
oh
sec, trying
what do i put in 'ServerName' for the first default one ?
whatever you want
sweet, thanks a bunch
what's the logic behind this ?
isn't ServerName used as some sort of filter ?
it's what ppl type in their browser to get to your site
http 1.1 brings support for using the hostname supplied by the browser
thus making vhosts possible
name based ones rather
and so I thought that the SeverName in the vhost config is used to filter, how come when i had just 2 vhosts for my 2 hostnames even the second domain was handled by the first vhost ?
odd, for some requests to my first domain i'm being handled by the 'default' host...
the first vhost is the default and handles requests that are not handled by any other vhost
hmm, ok
what's the best way now to add support for www.mydomain.com, since the vhost is configured for 'mydomain.com'
serveralias
serveralias is http://httpd.apache.org/docs/2.2/mod/core.html#serveralias or http://httpd.apache.org/docs/1.3/mod/core.html#serveralias
servername lloyd4.com serveralias www.lloyd4.com
great
thanks very much for your help
can i use a crt and a key from another webserver on this server
like transfer it over
Or unfriendly takeover.
Yes, of course.
?
do i have to make directory for ssl?
in vhosts?
is this your first time doing such a thing?
yeah
I suppose the easiest way to do this, is to replicate the orl server's setup [without the fuckups, if any]
its lighttpd
so... why are you here?
apache
[instead of vice versa ;]
^^
that would make sense
http://picasaweb.google.com/ademan555/Misc/photo#5076870108898759058 is my setup, but mentally replace banshee with apache, clients behind router B can access the server fine, but the intended client can't, and
router B DOES forward port 80 to the correct server, so wtf's up?
ssl?
ssl is *Secure Sockets Layer. Ask me about mod_ssl or ssl vhosts see also http://httpd.apache.org/docs/2.2/ssl/
is this setup really necesary?
unfortunately yes
well i suppose it's not NECESSARY, but it works best with the resources i've got
the computers behind router B are 1ft away from each other, but both at least 50 feet away from router A
plus router A's maxed out on ports
er, slots? i dunno, physical connections
but necessary or not, this shouldn't be happening should it?
is it possible apache isn't accepting connections from a range of IPs or something?
Ademan can't you just hookup a switch?
i dunno, how would that help?
well if instead of router B you add a switch that should work I think
no need to forward, same network and only one cable between the 2 locations
hrm, well maybe in the future, but i mean, if i've got the port forwarded there shouldn't be any problem should there
no but you do need to use the routers IP and not the server though
right
which i am doing as far as i know
k
i've checked both the server's IP and router B's ip address host several times
no idea then
yeah me neither :-/
i guess it might be worth it just to restart on the off chance that might fix something...
why isn't apache creating a pid file in /var/run ?
neozonz_ have what path have you set for the pid file in httpd.conf?
pid
pid is process see http://httpd.apache.org/docs/2.2/mod/mpm_common.html#pidfile or http://httpd.apache.org/docs/2.2/stopping.html/var/run/apache.pid
sjorge it's set to /var/run/apache2.pid
then it should be there if apache is running
if i ps -ax
0 /usr/sbin/apache2 -D DEFAULT_VHOST -D PHP5 -d /usr/lib/apache2 -f /etc/apache2/httpd.conf -k
yet no pid..
odd
step one
whatever the problem, step one is to look in the error log (and any other logs that may apply, such as suexec, mod_rewrite, or mod_security).
i make a vhost for my domain in /home/derotel/ and when i try to access a direcotry from it i get You don't have permission to access /mrtgs on this server.
why ?
your mrtg has taken over the port 80
growltiger?
meeeoooowwww
Is there some kind of upper limit on the size of a file apache can deal with? I've got a whole directory of stuff that works fine, and one large file that doesn't among it. (2.xGB)
is it possible to check if the requested url is a file (and not a virtual url) in .htaccess ?
fajita supported headers?
wish i knew
Stonefish, it's your os that has the filesize limits
fajita foobar?
foobar is a CNAME to bazzle.domain.com
The apache is on Gentoo. FS is ext3.
clients are windows. Firefox and IE
LFS?
LFS is Large File Support. For Apache 1.3 configure with CFLAGS="-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64". For Apache 2.1 LFS is enabled by default in recent versions. It is available in 2.0.53 and later. [fedora/redhat users see: https://www.redhat.com/archives/fedora-list/2004-May/msg04534.html or a good reason to upgrade to 2.2
interesting
interesting is not always good
one moment
does anyone know where I can find a list of which http request headers Apache supports?
how do i point urls to different vhosts?
Apache is 2.0.58. Latest stable in Gentoo, apparently
read the topic.
I did
rfc2616 section 10
read the /topic again.
thanks noodl,
(:
Are you trying to point out the bit that says 2.2.4?
WE HAVE A WINNER!
Anyways.... gentoo is weird.. maybe you'll have to compile with some weird flags that say LFS
and also a condescending dick.
and yeah, I looked. There isn't one.
How old is 2.0.58?
Trying to figure out why Gentoo would be two major versions behind.
FYI I manually compiled 2.2 on my gentoo server hosting and I can download 4gb dvd images without a problem
manually?
like, with make commands and all? Why do that?
because I want full controle over httpd
I use emere blabla for the rest though
and emerge just uses defaults and I don't like half of em
righto then
I'm only after some primitive usage. Nothing clever.
Section 10 of rfc2616 seems to be about http status codes, rather than the request headers which apache would support
http://forums.gentoo.org/viewtopic-p-1547147.html#1547147
^ stonefish
more people are having the same problem it seems
yeah, read it
If 2.2 "just works", then I'll see about unmasking it
basically, it supports the standard. is there some specific behaviour you're looking for?
notsure if it jsut works, I know it works after compiling it manually (including mod_macro, php,...)
I'm trying to figure out what request headers it supports, so that I can find out if Flash can be abused to send any headers (which Apache understands, and Flash allows) that could be used in an attack, and it would be easier to have a list, than to just keep making guesses
Someone please help me
apache is crashing as far as I can see...
it starts up, doesn't create a pid- doesn't display a page- doesn't allow me to stop it because the pid isn't created
and when i kill it manually and start it, it does the same thing..
and there is nothing in the error logs.
there MUST be SOMETHING in the error log.
http://rafb.net/p/PAqiJB76.html
2 2007] [info] removed PID file /var/opt/apache2/run/httpd.pid
2 2007] [notice] caught SIGTERM, shutting
:o
try with killall -s 9 httpd
on one of your production machines, obviously
i don't know of such a list, sorry. really though ther's an endless number of them depending on that modules are installed
I don't kill -9. If, I kill -KILL. But.. I don't. no... no. NO.
/pkill -KILL $(pidof yango)
Cannot kill yango
oh well, thanks anyway,
crap another zombie process
how do i create a self signed ssl with apache?
you didn't possibly boot with init=yango, or did you?
the list is the source...
neozonz_try http://www.tc.umn.edu/~brams006/selfsign.html
yeah, that's what I'm planning on doing if I don't find anything online, but I'm lazy
we all are, publish the list when you're done 8)
how do i generate a self signed certificate without a passphrase pem
7] sjorge neozonz_try
just don't encrypt the key, leave -aes -des or something off while generating key. or you can decrypt the key later
0, do I don't have to have two complete, identical configurations of the site which I want to be on those two IP's (out of several
serveralias
serveralias is http://httpd.apache.org/docs/2.2/mod/core.html#serveralias or http://httpd.apache.org/docs/1.3/mod/core.html#serveralias
I just noticed something interesting about those gentoo/lfs bugs. They're dated 2004.
listen to two IP's and those two IP's alone...
have you tried apache-2.2.4-r10? maybe its resolved not really sure
No I haven't
oh wait. found it.
my unmask-fu is fairly weak
unmask-fu?
there's a line that needs to go into a portage config file somewhere
deosn't
ACCEPT_MARK="~x86" emerge blablabla work?
Golden rule of Gentoo is to not do that, ever.
true but why would you permanently unmask it if it might not even solve the problem
if it does you can add it to /etc/portage/package.keywords
that's the one
What's the line? =net-www/apache-2.2.4-r10 ?
personaly i use app-portage/flagedit
~gnome-extra/gdesklets-core-2.10.9 ~*
iirc
been a while since I had to do it
well fix the package name
= seems to work
k
been way to long since I messed with gentoo masks
same
same is true if something is in /etc/hosts that has a different IP for that hostname
forget same
I forgot same
does anyone know if Apache supports the Request-Range header like it does the Range header, since the code seems to say it does, but I can't get it to workin practice.....
event mpm
event mpm is a new MPM for Apache 2.1 It uses a hybrid of the traditional Event model to efficiently handle KeepAlive requests. or available in SVN trunk or http://httpd.apache.org/docs-2.1/mod/event.html
9 2007] [error] [client 193.145.48.254] access to /webdav/!svn/ver/4061/vicente/calendar.ics failed, reason: user mpalenzuela not allowed
9 2007] [error] [client 193.145.48.254] The locks could not be queried for verification against a possible "If:" header. [500,
9 2007] [error] [client 193.145.48.254] (2)No such file or directory: Path is not accessible. [403,
It says my certificate has a invalid signituire!!
someone plz help
i followed http://www.tc.umn.edu/~brams006/selfsign.html to the dot..
looks like 2.2 "just works"
restarted apache, refreshed the page I already had open, and the missing file just slotted itself into the list
wonderful. Now we can call it a day.
:p
5 2007] [warn] RSA server certificate CommonName (CN) `www.myspaceproxyonline.com' does NOT match server
but it does! _
in vhosts i put beside ServerName www.myspaceproxyonline.com
where was I...
looks like 2.2 "just works"
restarted apache, refreshed the page I already had open, and the missing file just slotted itself into the list
do you have SSLCertificateFile directive inside that same vhost?
?
yay me
directives for each ne domain name. I have now switched to using multiple config files for each domain names in "sites-avaiolable"... My question is where should i have my "NameVirtualHost ip_address" directive? if i need one at all... Thx for advice...
somoene plz tell me how to create a simple self signed certificate
i followed that website but it doesn't work..
open ssl
open ssl host is fun to upgrade
self signed method?
server.crt'
thx for expanding on ssl.. any idea about my "NameVirtualHost" problem?
wish i knew
before your vhosts e.g. before you include sites-available
so in apache2.conf, before i include sites-available?
yeah.
Thx. is it a security problem to not have it in at all? because apache seems to work fine withoput it... going to add it now, but just wondering for the past few months it hasnt been there...
what?
you do need NameVirtualhost if you are using name based hosting (multiple vhosts on same ip:port)
if you have only one vhost per ip:port, you don't need NameVirtualhost
strange, I have 10 sites on same machine, and for the last few months have been running all of them fine without the directive NameVirtualHost in my apache2.conf ...
nor at begingin of each Vhost conf file
1 2007] [warn] NameVirtualHost *:0 has no
any ideas?
thinking is *hard*!
Someone please help me...
?
i haven't a clue, tls_81
now ssl is giving me a unable to connect page...
i'm about to go insane here...
NameVirtualhost?
NameVirtualhost is http://httpd.apache.org/docs-2.0/mod/core.html#namevirtualhost or http://httpd.apache.org/docs/mod/core.html#namevirtualhost or
You must specify only one NameVirtualHost directive, hopefully with an IP address or a *. It says on which interfaces should Apache listen to name based vhosts requests, nothing more.
0 or *:80 in both
directive...
bugger all, i dunno, tls_81
fajita is a bot
directives and it works without NameVirtualHost directive in apache2.conf...
lol
going to investigate some more brb
hi, I'm having problems with some scripts being blocked from accessing other files in the same webfolder, I've checked permissions on most of the dir and files and they are read able to the user that apache runs as, as well as world and group readable
hmmm, how does one tell the bundled apr-util lib to compile against a particular berkeley db version?
just running configure after the main configure?
are you compiling httpd and apr [from srclib]?
Ok got it figured... Lol just had to grep NameVirtualHost /etc/apache2/sites-available/* to find the offending config file where i had the directive... It seems that the NameVirtualHost directive can be anywhere...
all working now, Lamp, Fajita thank you
I'm getting the following error msg in my httpd error logs when trying to access a few .js and .css files "client denied by server configuration" I've enabled these files to be world readable (on the file system) any other suggestions?
yeah
after the "client denied by server configuration" it has the ip and url of the file that was trying to load as well as the url that called the file
you can supply all of apr-util's ./configure options to httpd's configure -- so take a look at that, I suggest.
I must admit not to know, since I ALWAYS configure apr WITHOUT BDB.
where?
cd srclib/apr-utils && ./configure --help | grep -i bdb
cd ../.. && apply what you learned.
you mean any unknown option for main configure gets passed to each "subconfigure" ?
indeed
jMCg++
Compiling httpd is so easy
hello i am using an ubuntu 7.10, i have apache2 installed but i need apache ssl, do i need apache-ssl or there is any module for apache 2?
ok where should I look in my apache config or .htaccess when .css and .js files are being blocked
no.
apache2 on Ubuntu comes per default with mod_ssl.
so how can i active then ? please
ssl?
ssl is *Secure Sockets Layer. Ask me about mod_ssl or ssl vhosts see also http://httpd.apache.org/docs/2.2/ssl/
https:// is not accesbiel
hello all
All is not in today, thecoolone19
ssl vhosts
When using SSL, each virtual host must have either its own IP address or its own port. Or both. or for details see http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#vhosts2 or http://www.onlamp.com/pub/a/apache/2005/02/17/apacheckbk.html or see SNI or consider wildcard certificates or http://wiki.cacert.org/wiki/VhostTaskForce or see ip based
vhosts
are you sure apache is to blame?
thanks
well the error in the says that client denied by server configuration
client denied by server configuration
client denied by server configuration is http://wiki.apache.org/httpd/ClientDeniedByServerConfiguration
I love you.
You really looked in the error log!
ryan8404++
wow
[ Sn|per] i hate subdirs hence why i left freebsd
that's where you always start when you have problems
jMCg, thanks for the link but I don't think that's what's happening here
then the error log is lying to you.
scope?
section, or a Location, perhaps. or http://httpd.apache.org/docs/configuring.html#scope or http://httpd.apache.org/docs/2.2/configuring.html#scope
Somewhere something is set to something that is denying something.
If you understand what I mean.
!pastebin
apc
Try using http://apache.pastebin.ca - It's a good pastebin, and is even set up to highlight Apache 'stuff'.
thanks
jMCg, here is a line from the error log http://apache.pastebin.ca/621709
all the lines are similar to that and there are only 3 or 4 files affected, all are .js or .css
hi guys
do you have a .htaccess in wp-admin or the directory above?
jMCg, dir above...
i want every request to the files/addresses etc be redirected to index.php? Assume I link to /p/4 and I want it converted to /index.php/p/4, would RewriteRule ^/$ /index.php/$ be enough for this?
no, that would loop
and it's incorrect too
seo without mod_rewrite
Overrides Require
seo without mod_rewrite is http://seo.phpmagazine.net/2005/08/search_engine_optimization_les_2.html
Override Require
Require?
require override
Require is http://httpd.apache.org/docs/2.2/mod/core.html#require or http://httpd.apache.org/docs/mod/core.html#require
Require may be used in .htaccess files if AllowOverride is set to AuthConfig
RewriteCond %{REQUEST_URI} !^index.php \\ RewriteRule (.*) index.php/$1
jMCg, this was the .htaccess that was impacting everything http://apache.pastebin.ca/621714
Roobarb-Work: !^ means if the request_uri is not index.php, right ?
correct; it prevents looping
specifically its checking that the request doesnt start with index.php
Roobarb-Work: but $1 is limited to only one parameter, right? I must use $ instead ?
$1 refers to the first back-reference
the stuff in ()
oh, the .* part, i see
wtf is that.?
I have not a clue honestly, looks like it was there to prevent direct linking, it was in the .htaccess file
Roobarb-Work: and this makes sure i don't have to have to have, say /a/xyz.php, because a/xyz.php part will be interpreted by index.php i suppose
sorry direct linking to the scripts in the plugins
that isn't what you asked for though...
you asked for URL's of the form /index.php/something/else
those work by using PATH_INFO within the index.php
gtl
Enjoy your lunch, Roobarb-Work!
guys, i just setup a new virtual host in my computer
the thing is, when I tried to access my image folder from the browser, it is forbidden
jMCg, thanks for your help, that seemed solve two problems in one go
how to make the images folder accessible again?
forbidden?
look in the error log or Directory permissions don't permit read, or index.html is missing and Options Indexes is not in effect, or Deny from all is in effect for the directory. Look in the error log http://www.onlamp.com/pub/a/apache/2004/04/22/apacheckbk.html
/var/www/mysite/images
so I have to change in the conf.d right?
ups sorry, the httpd.conf I mean
tias
tias is Try it and See - if you want to know if something will work, give it a go. If not, then you can ask why it didn't work as expected
which directive do I have to use to allow me to access the image hosting folder from browser?
Options +Indexes
Options +Indexes is If a URL which maps to a directory is requested, and the there is no DirectoryIndex (e.g., index.html) in that directory, then the server host will return a formatted listing of the directory.
hi, i'd like to cache dynamic pages created in tomcat using mod_proxy/mod_cache, load balancing works and static pages are cached but i cannot get dynamic pages to be cached... anybody got any pointers by any chance?
hi
hello, Guy-.
I have a reverse proxying apache2.2 that reports a "proxy error" when a certain large POST request is made through it to a tomcat host server behind it
making the request to tomcat directly works
I tried to increase the ProxyTimeout to 3600, but it didn't help
played around with CacheIgnoreCacheControl and CacheIgnoreNoLastMod already
(the request takes about 10-20 minutes to process)
any ideas what else I could/should try?
Error reading from remote server returned by ..."
RewriteInherit
REwriteOptions inherit
REwriteOptions inherit is needed for RewriteRules in global context to be applied in VirtualHost or other contexts
the rewrite rule you suggested the other day didnt work
bfl
Related Topic: