RewriteRules vs ProxyRemote
2014-11-27 00:20:25 GMT
I am attempting to use WebDAV ('Web-based Distributed Authoring and Versioning') functionality for Apache Http.
I have installed Http server. The httpd.conf has been modified as
Require all granted
AuthName "Restricted Files"
Require group GroupName
User/Passwords are stored in passwords file, multiple users are added under groups.
After starting the Http server, I can see the designated folder
However when I access the above link in browser - I can see that I am able to access the directory /CREF.
I am also able to map this to a network drive in my Windows machine.
However I see the following issues
1. I am not asked to authenticate - i.e. I am not asked to enter username/password
2. I can get files out of the folder /CREF but not able to copy into the folder /CREF
Can someone review the httpd.conf changes I had mentioned above?
Folks; trying to track down a strange error, I am ending up here. Situation: We run a web application built on top of Java and Jetty exposed through an apache2 + mod_proxy reverse proxy. Generally, this works fine. However, some of our users experience troubles doing file uploads this way. In those situations, in example while using an upload Java applet such as JUpload, there are three things to be seen: - the upload component on the Java server complains about an EOF / empty request and guesses the client stopped sending data, - the user client stops upload after throwing a SocketException - "connection reset by peer", - on the mod_proxy machine, I see the request in the log files obviously returning a 400 Bad Request: xx.x.xx.xx - - [26/Nov/2014:09:24:51 +0100] "POST /webprojekt/tasks/upload HTTP/1.1" 400 4533 .... ... but why? So far I have been playing with configuration options on both sides (apache2 ProxyPass parameters, configuration options in the Jetty running the backend applications) but didn't really manage to get these things resolved. So, two questions: - Is there any way to make apache2 / mod_proxy provide more logging output in these situations? I'd not just like to know that it actually does return a 400, I'd also like to know _why_ it does so. This would be of great help but I fail to see how to set a log level to debug just for mod_proxy. - In case someone has experience with mod_proxy: What could probably cause a 400 in such a setup? Temporary connection issues? Resource limitations in the backend? Client stuff? TIA and all the best, Kristian
I've implemented a custom module to handle some translate hooks.
I'd like to add some stats info so i need some shared memory between all the workers.
Can you point me to the right resources/documentation/example about it?
Basically i'd like to increment some counters and then show them if i receive a specific request.
Thanks to all in advance
Hi, I using the following .htaccess AuthBasicProvider ldap file AuthType Basic AuthzLDAPAuthoritative off Authname "..." AuthUserFile /srv/www/.htusers-mf AuthLDAPURL "ldap://ldapserver/ou=humans,ou=foo,c=de?mail??(mail=* <at> ofd-*.foo.de)" <Limit PROPFIND OPTIONS GET> #Require ldap-group ou=Benutzer-Opst,ou=gruppen,ou=humans,ou=foo,c=de #Require user k1-st-01 Require valid-user </Limit> ... The "require valid-user" does not work for ldap users. I get the following message in error_log: /var/log/apache2/error_log:[Thu Nov 21 09:40:48 2014] [error] [client 10.49.64.85] access to /documents/ failed, reason: user 'user <at> foo.de' does not meet 'require'ments for user/valid-user to be allowed access Apache is version 2.2.10 If I set it to "require ldap-user user <at> foo.de" or "require ldap-group ..." it is all fine, so the ldap part does it's thing. Marc
Hi, I'm using the latest windows apache 2.4 (provided by apachelounge) together with tomcat 7 connected using mod_proxy_ajp. No custom configuration, just enabling mod_proxy, mod_proxy_ajp and define: ProxyPass / ajp://127.0.0.1:8009/ ProxyPassReverse / ajp://127.0.0.1:8009/ After opening http://localhost/ by browser, I see on console (netstat -an) that few TCP connections with TIME_WAIT status are listed (from httpd to tomcat, ie. 127.0.0.1:56233->127.0.0.1:8009). After refreshing the page again, new connections appears. And after 4 minutes (windows default timeout: TcpTimedWaitDelay), there are destroyed. In extreme, number of TCP connection will exceed windows limit (by default it's ~14K). I confirmed that by sending lots of request to apache one by one. I have check the same scenario using apache 2.2 on windows, and with apache 2.4 on linux. It works it different way. Httpd creates few connections to tomcat and reuse them. They have ESTABLISHED status. Is it a bug in windows apache 2.4? How to force it to use the poll? I have tried with different ProxyPass parameters but without success. Cheers! s.
Hi All, I want to do the httpd URL access control through visitors' IP addresses as the following : all source IP address can visit ^/action.php?login and only specified IP addresses can visit ^/action.php?manage Anyone can give me some advises? Thanks.
Looking at http://httpd.apache.org/docs/current/howto/auth.html I am able to at least use file authentication. I tried using dbd with DBDriver mysql but that reports Can't load driver file apr_dbd_mysql.so and it's not obvious where to get that (using fedora 19). So one question is where to find that, or how to find out. Yum whatprovides is not helping so far. In any case it's not really what I want. What I really wanted seems to have been in mod_auth_mysql but that seems to be no longer supported. So another question is whether there's some other way to get that functionality that I'm just not seeing. This could have been supported by dbd if the user query were not required to produce the password. It would have made more sense to me for the query to accept both the user and password and return at least one row possibly containing other data if the user and password "match". Then the query could have been something like select 1 from mysql.user where user=x and password=password(y) So my next question is why that is not supported. Alternatively, my first suggestion is that dbd should support that. However, I also am surprised that I don't see some more general module that allows the user to write his own script for authentication. For instance, one could simply replace the dbd query with a url to retrieve, again taking user and password parameters (either as get or post parameters). This proposed module would then be used something like this: AuthBasicProvider script AuthScriptURL http://localhost/authenticate.php?user=%s&pass=%s which would seem to provide all the capability of all of the other authentication modules (at the cost of writing a small amount of code). So my last question is why there isn't something like that. Or alternatively, my last suggestion is that something like that be provided.