logo
IRC Archive / Freenode / #httpd / 2010 / January / 07 / 4
RLa
i'm having a problem doing http auth with pam with system users
Bad file descriptor: Could not open password file: (null)
this is relevant part of the configuration: http://pastebin.com/m3b7ad233
thumbs
fajita: pam
fajita
Pluggable Authentication Modules or http://pam.sourceforge.net/mod_auth_pam/ or probably a bad idea for doing apache authentication[for good documentation on PAM read http://www.freebsd.org/doc/en_US.ISO8859-1/articles/pam/
thumbs
fajita: AuthPAM_Enabled
RLa
so why is this a bad idea?
thumbs
tibyke: it exposes system users.
err
RLa: it exposes system users
RLa
so what?
jmut
hi lets say I have url /moo/foo but now I am creating new api and want to temporallly support /moo/foo and /moo2/foo thing is both should end up as url /moo/foo (the request uri) but one should run index.php the other index2.php
I hope it makes sense.
thumbs
RLa: so it's very insecure.
RLa
or what do you mean by "exposes"?
thumbs
RLa: allows remote hackers to known the names of your real unix users.
jmut: ok.
RLa
thumbs, without having account on the system first?
thumbs
RLa: yes.
RLa
wow
jmut
thumbs: yeah well questions was for any tips howto achievce it with modrewrite
fajita
[ fbeyond] thumbs, I don't need security
thumbs
fajita: you're on topic, too!
fajita: rewriteguide
thumbs
jmut: ^^
jmut
thumbs: thanks
RLa
thumbs, htpasswd file will not reveal users?
it looks like plain text
thumbs
RLa: those are not system users.
RLa
haha
thumbs
RLa: those can be arbitrary users.
RLa: what's so funny?
mjoe
thumbs: He does not want to learn something. :)
thumbs
mjoe: shame, then.
Perun
I have configured an auth vs windows ad (mod_authnz_ldap). It works but I ever need to login with the full domain user nam like user@mydomain.local... it is possible to do it without the domain part? only as user without @mydomain.local
mjoe
thumbs: Learning action should begin with respect to person who teachs.
thumbs
mjoe: I agree.
publikb
I have a mod_jk question ? is there another channel I should go for that ?
thumbs
publikb: there is no specific channel, I believe.
jMCg
mod_jk
jMCg
Even #tomcat says: Use mod_proxy_ajp instead:
thumbs
yes, use that instead.
jMCg
15:24 [freenode] -!- Topic for #tomcat: Stable versions: 6.0.20, 5.5.28, 4.1.40. Newbies use the official binary from tomcat.apache.org, or an RPM package from http://www.webdroid.org/archives/tomcat-package. Check your Tomcat logs before you ask for an answer. SLOW MOTION CHANNEL (we all have jobs & kids): Ask your question
including your TC,Java, & OS versions, then wait; check back often for aenswers.. Use mod_proxy_ajp, not mod_jk
publikb
hm
I am using ajp connector
but using mod_jk
I am recieving a mod_jk error : get_most_suitable_worker::jk_lb_worker.c (766) : locking failed (errno=22) which is flooding my logs every few seconds
all though connections still go through
jMCg
My eyes are burning. I need caffeine.
publikb: I can't find anyone out there having that problem.
So.. why, again, are you not using mod_proxy_ajp?
publikb
to be honest... not sure. we worked with a third party to setup two apache load balancers, and two tomcat servers and thats what was used
I havent really looked into mod_proxy_ajp
is mod_proxy_ajp much better
I know that parts of mod_jk were implemented in apache 2.2 but never got around to reconfiguring the setup
thumbs
publikb: yes. it's much better
publikb
cool I will look into it
need to try and stop this error though
bas84
I get the following message when trying to get a php page on our server : You have to chosen to open [blank line] which is a: PHTML file
apache2 virtualhost configuration seems te be normal, and page worked before server upgrade (debian)
thumbs
fajita: php download
thumbs
bas84: ^^
nils__
Hi! I have a problem that apache httpd processes grow in size. All threads use memory from 0x09536000 and forward, and this range only grows in size (in different rates for each process) when the httpd threads serve requests. When I inspect the memory in GDB I see that alot of document (CGI-program output) is "permanently" stored in that region, for example 30 MB PDF files.. Is my version of apache leaking or is this normal behaviour?
gryzor
nils__: usually, we blame php for that
aro
is there a way when POSTing a file using php to not make it store the file in RAM first before writing it to disk?
thumbs
aro: ##php
nils__
gryzor: The output that is "stuck" in the memory is from a CGI-program in C in this case
thumbs
aro: apache httpd does not handle POST data.
aro
ok
thumbs
nils__: how are you releasing the memory?
gryzor
nils__: Does your CGI program conform to CGI specifications ? if so this is not normal of course.
thumbs: shouldn't matter, since CGI is an external forked program
nils__
thumbs: Well. I think the program is releasing it with free and delete, but even if it was leaking it should be released when the CGI-process dies by the Linux kenrel?
bas84
thumbs: thx
nils__
not "stuck" in the httpd process memory pool
gryzor: I believe it is conforming
I am using Apache/2.2.3
gryzor
nils__: do you use mod_cache*
?
Covener
nils__: MaxMemFree ?
nils__
gryzor: No
Covener: thanks for the hint, I will try that directive
gryzor
fajita: maxmemfree?
fajita
okay, gryzor
nils__
is MaxMemFree 8192 enough in general?
Covener
nils__: it's already in kb fwiw
nils__: for debugging, the only downside is more calls to free/new
nils__: so if you set 64[kb] for example you might just see more CPU if that was way less than what was needed
nils__
Covener: Thanks
beta[a]
gm guys... i read thru the apache docs over and over and i'm having difficulty understanding rewritecon and rewriterules... do rewriterules apply underneath each rewrite condition?
thumbs
beta[a]: the condition only applies to the rule that follows it.
beta[a]: conditions are cumulative, however.
beta[a]: i.e. RewriteCond ${REQUEST_URI} foo // RewriteCond %{REQUEST_URI} bar [OR] // RewriteRule . - [L]
beta[a]
ok cool..
b/c i'm trying to redirect 2 non-secure pages to https://pagename
thumbs
beta[a]: ok.
fajita: http2https
beta[a]
all the while, making sure that secure and non secure domainname.com redirect to www.domainname.com
can someone PM me so i can send them the existing code i have?
i really appreciate it
barefoot
pastebin
fajita
http://pastie.org or http://apache.pastebin.ca/ or http://dpaste.com/
thumbs
beta[a]: no, use a pastebin instead.
beta[a]
http://apache.pastebin.ca/1741435
and i'm geting problems b/c https://americancareergroup.com/apply-online.asp is redicting to http://www.americancareergroup.com/apply-online.asp
hershel
Is this the correct channel to ask a question about why my symlink and vhost.conf is not working (with Plesk)?
barefoot
beta[a]: there is no https_host ?
hershel: ill help you
thumbs
hershel: yes, ask.
beta[a]: {HTTPS_HOST} is not a valid variable.
hershel
I did ln -s and then I made vhost.conf and then I ran /usr/local/psa/admin/sbin/websrvmng -u --vhost-name=
but I get now a 403 error when I browse to the URL
bas84
i get the following error whene loading the php module in apache2 http://pastie.org/770169 /usr/lib/apache2/modules/libphp5.so does not exist, but i had php5 running on this server before server upgrade
barefoot
a symlink to and from what?
thumbs
hershel: what does the error log say, exactly?
bas84: supply a valid path, obviously.
hershel
barefoot the symlink is from /var/www/vhosts/SECONDdomain/httpdocs to /var/www/vhosts/FIRSTdomain/httpdocs
thumbs
hershel: what does the error log say, exactly?
hershel
thumbs there is no error there
thumbs
hershel: a 403 is always logged. Look again.
barefoot
use a serveralias instead?
hershel
thumnbs u r right. i was looking in FIRST domain error log. in SECOND I see Symbolic link not allowed or link target not accessible:
Huvet
hi! I'm trying to redirect all www-urls on my site to non-www versions. I'm using apache with mod_wsgi. Problem is, my www.example.com redirects to example.com/mysite.wsgi/ how can I solve this? Here's my .htaccess and httpd.conf: http://apache.pastebin.ca/1741445
thumbs
hershel: run namei -m on the full path.
fajita: canonical hostname
fajita
thumbs
Huvet: ^^
hershel
thumbs you mean: namei -m /var/www/vhosts/SECONDname/htttpdocs
Huvet
thanks thumbs, I'll try
thumbs
hershel: tias
Huvet
thumbs: I'm using a very similar rule now, is that one better?
hershel
thumbs (i didn't know what that command does) it looks correct to me. the last line is httpdocs under the FIRST domain.
thumbs
hershel: pastebin the output.
hershel
thumbs http://pastebin.com/m1b14d711 I thoght maybe it's due to ownership by root
of the symlink
thumbs
hershel: no.
hershel: what distro is this?
hershel
forget the command for that
thumbs
hershel: linux distribution.
hershel
Linux jeconline.com 2.6.18-164.2.1.el5 #1 SMP Mon Sep 21 04:37:51 EDT 2009 i686 i686 i386 GNU/Linux
thumbs
hershel: what linux distribution is this?
hershel
what command shows the distro name? I forgot that command
thumbs
hershel: it depends on the distro.
beta[a]
thumbs... sorry i went away
thumbs
hershel: surely, you know what your server is running.
beta[a]
ok.. so https_host is not valid
thumbs
beta[a]: correct.
beta[a]
ok.. so lemme try this code: hold on
hershel
hershel thumbs LOL . bit of a catch 22, then. No I don't, it's not mine. I will check with the host
thumbs
hershel: thanks
mjoe
hershel: It's rhel or CentOS.
mysgroda
What exactly is "Apache (internal dummy connection)"?
barefoot
internal dummy connection
fajita
http://mail-archives.apache.org/mod_mbox/httpd-users/200604.mbox/<4434308F.9030003@googlemail.com> or http://wiki.apache.org/httpd/InternalDummyConnection
hershel
mjoe i thought it was RH of some sort.
mjoe how can we prove that? :)
thumbs
hershel: then see audit.log and selinux.
mysgroda
I see.
Thanks.
barefoot
hershel: cat /etc/redhat-release
thumbs
hershel: selinux might very well deny access to the file.
hershel
Red Hat Enterprise Linux Server release 5.4 (Tikanga)
mjoe
hershel: rpm -qa *-release
barefoot
hershel: why symlink instead of just using a serveralias?
steve_j
hey folks, am not sure where's best to ask this, but i want to grep logs for a particular string, and then extract a chunk of that line from each hit in the log
thumbs
steve_j: #yourdistrohere
steve_j
sure thanks
hershel
mjoe: redhat-release-5Server-5.4.0.3
barefoot, can u send a link explaining how to setup a serveralias?
mjoe
hershel: then, did we prove it? :)
barefoot
serveralias
Huvet
thumbs: now I'm using that code, still the same problem...
barefoot
you would do it via the control panel
hershel
mjoe, yes, we can now take the host to court. :)
barefoot, u talking to me? I called host support today and they said to use vhosts.conf. that's why i tried that. oh, they did say to try an alias but since someone already setup MAIL for this domain name, we couldnt' do that. i think that was the issue
beta[a]
http://apache.pastebin.ca/1741454
thumbs: http://apache.pastebin.ca/1741454
thumbs
ok, sec.
beta[a]
the http://domain -> http://www.domain works... but https://domain -> https://www.domain doesnt... we dont have a wildcard cert... so you HAVE to go to https://www.domain
barefoot
vhost.conf is fine, create it in domainA with a serveralias for domainB
thumbs
beta[a]: why .? ?
barefoot
hershel: http://kb.parallels.com/en/894
thumbs
beta[a]: what URI are you trying to match on line 8?
hershel
barefoot, OK, I understand. I will try that now.
beta[a]
well anything... i guess i shoulda used $1? it doesnt really matter for now.. the weird thing is this
https://domain gives cert error... THEN prepends WWW
thumbs
beta[a]: then ^ will do just fine.
beta[a]
is the cert on https://domain read first before htaccess can process the site?
thumbs
beta[a]: yes, you can't avoid the warning.
beta[a]
hold on.. i'm a newb at this.. like 8 is this: RewriteRule .? http://www.americancareergroup.com%{REQUEST_URI} [R=301,L]
what should it be?
and i've seen websites avoid the warning before! do i have to get a wildcard cert?
thumbs
beta[a]: change the matching portion to ^