Lynn Schaper | 1 Apr 01:55 2003
Picon

apache with mod_ssl + dynamic openssl libs

I'm building apache 1.3.26 with mod_ssl_2.8.10 with gcc 3.2 on Solaris
6.  We want a new mod_ssl for an openssl upgrade, and I don't want to
also upgrade apache (yet).

I'm using openssl-0.9.7a's dynamic libraries, and building apache and
mod_ssl without setting an LD_LIBRARY_PATH.  I'm having a hard time
having libssl.so find libssl/libcrypto plus libucb.  I end up having to
hard-code changes to the mod_ssl Makefile to get libssl/libcrypto linked
properly.

Here's what I do to configure:
CC=gcc \
LDFLAGS="-L/usr/ucblib -R/usr/local/openssl/lib" \
SSL_BASE=/usr/local/openssl \
EAPI_MM=../modules/mod_ssl/mm-1.1.3.solaris2.6 \
./configure \
    --prefix=/usr/local/apache_1.3.26-mod_ssl_2.8.10 \
    --enable-module=so \
    --enable-module=ssl \
    --enable-module=mime_magic \
    --enable-module=rewrite \
    --enable-module=info \
    --enable-module=usertrack \
    --enable-module=log_config \
    --enable-shared=max \
    --enable-shared=ssl \
    --disable-rule=SSL_COMPAT \
    --enable-rule=SHARED_CORE

Configure shows that it finds ssl:
(Continue reading)

Dennis Foreman | 1 Apr 03:02 2003
Picon

~users in a domain

Hello all,

My windows XP system is on a LAN within our university domain, so the
profile for my userid is FOREMAN.wtsn (where wtsn is the internal LAN name).

For example, dforeman.cs.binghamton.edu/~foreman.wtsn would be the URL. And
my <Directory> statements specify the actual folder that contains my files
(public_html). (The site is not currently running.)

Is there a way to specify multiple such userids in a <Directory> statement
or by using Alias or Aliasmatch, such that requestors do NOT have to know
and use the LAN part of the ID?

It is not clear from the Apache manual whether regular expressions can be
used inside a <Directory> or not, and if so, how to use them to specify
their use for ~ references.

I need a URL that works for internal and external users.

Could someone send me a few examples?

regards,
D. J. Foreman, Ph. D.
website: http://WWW.CS.Binghamton.EDU/~foreman

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe <at> httpd.apache.org
   "   from the digest: users-digest-unsubscribe <at> httpd.apache.org
(Continue reading)

Joshua Santelli | 1 Apr 03:21 2003
Picon

Re: GET requests for other hosts

thanks - It doesn't look innocent but I think the
permissions and config will keep them at bay.

Thought on the proxy requests?

1.2.3.4 - - [03/Mar/2003:15:06:14 -0500] "HEAD
http://auth.redclouds.com/members4/ HTTP/1.0" 404 -
"-" "Mozilla/3.0 (compatible)"

1.2.3.4 - - [03/Mar/2003:20:39:13 -0500] "HEAD
http://members.milfhunter.com/ HTTP/1.0" 200 - "-"
"Mozilla/3.0 (compatible)"

1.2.3.4 - - [03/Mar/2003:21:20:26 -0500] "HEAD
http://www.karupspc.com/members/members.shtml
HTTP/1.0" 404 - "-"

5.6.7.8 - - [28/Mar/2003:20:09:07 -0500] "GET
http://www.yahoo.com/ HTTP/1.1" 200 956 "-"
"Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"

5.6.7.8 - - [28/Mar/2003:20:09:39 -0500] "GET
http://www.s3.com/ HTTP/1.1" 200 956 "-" "Mozilla/4.0
(compatible; MSIE 4.01; Windows 95)"

--- Joshua Slive <joshua <at> slive.ca> wrote:
> 
> On Mon, 31 Mar 2003, Joshua Santelli wrote:
> 
> >
(Continue reading)

Joshua Slive | 1 Apr 03:45 2003
Picon

Re: GET requests for other hosts


On Mon, 31 Mar 2003, Joshua Santelli wrote:

> thanks - It doesn't look innocent but I think the
> permissions and config will keep them at bay.
>
> Thought on the proxy requests?

Did you read the FAQ entry?

> > It's not a basic question, but the first part is a
> > FAQ:
> > http://httpd.apache.org/docs/misc/FAQ.html#proxyscan

Since the "/" requests all return the same file size, I'm sure you don't
have a problem.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe <at> httpd.apache.org
   "   from the digest: users-digest-unsubscribe <at> httpd.apache.org
For additional commands, e-mail: users-help <at> httpd.apache.org

Joshua Slive | 1 Apr 03:52 2003
Picon

Re: ~users in a domain


On Mon, 31 Mar 2003, Dennis Foreman wrote:

> Hello all,
>
> My windows XP system is on a LAN within our university domain, so the
> profile for my userid is FOREMAN.wtsn (where wtsn is the internal LAN name).
>
> For example, dforeman.cs.binghamton.edu/~foreman.wtsn would be the URL. And
> my <Directory> statements specify the actual folder that contains my files
> (public_html). (The site is not currently running.)
>
> Is there a way to specify multiple such userids in a <Directory> statement
> or by using Alias or Aliasmatch, such that requestors do NOT have to know
> and use the LAN part of the ID?
>
> It is not clear from the Apache manual whether regular expressions can be
> used inside a <Directory> or not, and if so, how to use them to specify
> their use for ~ references.
>
> I need a URL that works for internal and external users.
>
> Could someone send me a few examples?

It is almost impossible to decipher what it is you want to do.  Perhaps if
you supplied some examples of what you want URLs to look like and where in
the filesystem they should map to people would be able to help.  Any help
I tried to give based on what you wrote would just be guessing about what
you mean.

(Continue reading)

Jeffrey D. Means | 1 Apr 04:37 2003

strange error message in my logs and I can not use a post to load large form data

I am getting a strange error message in my error log file about a file size limit that I can not find any documentation for in the apache docs.  I am running Apache 2.0 from RedHat 8.0 with all updates applied, and PHP 4.2.2 again loaded from RedHat 8.0.  The following is the error message that is confusing me:  

 

[Mon Mar 31 19:21:06 2003] [error] [client 192.168.100.2] Requested content-length of 600250 is larger than the configured limit of 524288, referrer: http://www.picotech.net/~html8/admin/new_item.html

 

Where can I change this setting so my web site will work with large POSTs??

---

Jeffrey D. Means

CIO for MeansPC

meaje <at> meanspc.com http://www.meanspc.com

 


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.463 / Virus Database: 262 - Release Date: 3/17/2003

gebser | 1 Apr 04:42 2003
Picon
Picon

Re: How does HTTPS work?


I think you're mixing up http(s) headers and packet headers.  The latter 
are visible to the proxy server but not the former.

ken

At 10:16 (UTC-0800) on Mon, 31 Mar 2003 Rufoo said:

= What misled me is that I forgot that HTTPS
= communication takes over a totally different port -
= 443 and not 80, that is both http and https cannot go
= over the same wire. 
= 
= Now, how do proxies work for https? proxies rely on
= the http(s) headers, which are now not available.
= Also, what is the semantics for page caching? 
= 
= Thanks
= rf
= 
= 
= --- Jurgen <apache <at> squarehosting.com> wrote:
= > Well rf,
= > 
= > there are no headers to see because all of it is
= > encrypted. You will not be able to read anything at
= > all.
= > Imagine the web server set's a cookie as a session
= > id for a login into sensitive data. The browser
= > would submit the cookie in the http headers and
= > anyone listening could simply join the session and
= > act as the actual owner of the account with the
= > sensitive data.
= > The connection established between the client and
= > server is an encrypted connection where absolutely
= > everything is encrypted through a secure socket.
= > That's why it is called secure socket layer (SSL)
= > and not secure http layer, which could be the name
= > of what you seem to think.
= > The secure socket layer is simply a layer between
= > tcp and http. Somehow embeded in the secure socket
= > layer is a regular http connection.
= > 
= > You also seem to have a wrong perception of headers.
= > A http connection is not really something
= > sophisticated from the transmission point of view.
= > The client simply transmitts a chunk of text and the
= > server answers with another junk. That's it. Not
= > even the headers are transmitted in a seperate way.
= > They are simply the start of this junk of text
= > seperated by 2 line breaks. In https when these
= > headers are transmitted they are just a part of the
= > encrypted chunk of text and therefore you can't read
= > them.
= > 
= > If there is anything you don't understand now let us
= > know.
= > 
= > Jurgen
= > 
= > 
= > On Mon, 31 Mar 2003 03:04:05 -0800 (PST)
= > Rufoo <rufoo2001 <at> yahoo.com> wrote:
= > 
= > > 
= > > --- Boyle Owen <Owen.Boyle <at> swx.com> wrote:
= > > > >-----Original Message-----
= > > > >From: Rufoo [mailto:rufoo2001 <at> yahoo.com]
= > > > >
= > > > >For a https:// url, after the browser and
= > server
= > > > >negotiate on the certificates and the sessoin
= > key,
= > > > the
= > > > >browser encrypts all the communication with
= > this
= > > > key.
= > > > >I want to see a 'sample HTTPS session', with
= > the
= > > > >browser doing the above and then sending the
= > > > GET/POST
= > > > >request with the encrypted content. Are any
= > > > additional
= > > > >headers sent in the case of HTTPS?
= > > > 
= > > > How can you see the session if it's all
= > encrypted
= > > > :-)
= > > > 
= > > 
= > > 
= > > I do not want to *understand* or *interpret* the
= > data,
= > > I just want to see the HTTP Headers (which I dont
= > > think are encrypted) followed by the MIME part of
= > the
= > > encrypted data(Yeah this another question - is the
= > > encrypted data sent as HTTP body or as a MIME
= > part?).
= > > 
= > > 
= > > > The HTTPS protocol is quite different from HTTP
= > - it
= > > > starts off with
= > > > client_hello and server_hello and so on. Once
= > the
= > > > session is
= > > > established, it is plain HTTP but all requests
= > and
= > > > responses are
= > > > encrypted. Check out the mod_ssl docs for an
= > > > overview
= > > > (http://www.modssl.org/docs/2.8/ssl_intro.html)
= > and
= > > > the refs therein
= > > > (esp.
= > http://wp.netscape.com/eng/ssl3/draft302.txt) 
= > > > 
= > > 
= > > This doc says the SSL layer sits in between TCP
= > and
= > > HTTP. So I am interested in what SSL write over
= > TCP.
= > > I do not want it all, just a simple example as
= > > ordinary HTTP is explained in
= > > http://www.jmarshall.com/easy/http/
= > > 
= > > 
= > > > >
= > > > >Looking at the RAW HTTP data, can one identify
= > if
= > > > its
= > > > >a http session or https session?
= > > > 
= > > > If you can read it, it's not HTTPS...
= > > > 
= > > 
= > > Now that I have explained what I am really looking
= > > for, I ask this again: When the SSL layer writes
= > to
= > > the TCP layer, does it put any additional headers
= > that
= > > identifies that this URL has an 'https'. Do not
= > say
= > > that if you cannot read the body content it is
= > https -
= > > I might be sending the same over plain http too. I
= > > hope you get it.
= > > 
= > > Thanks again, and if this is not related to this
= > > mailing list, please let me know who can me help
= > me.
= > > -rf
= > > 
= > > 
= > > 
= > > 
= > > 
= > > __________________________________________________
= > > Do you Yahoo!?
= > > Yahoo! Platinum - Watch CBS' NCAA March Madness,
= > live on your desktop!
= > > http://platinum.yahoo.com
= > > 
= > >
= >
= ---------------------------------------------------------------------
= > > The official User-To-User support forum of the
= > Apache HTTP Server Project.
= > > See <URL:http://httpd.apache.org/userslist.html>
= > for more info.
= > > To unsubscribe, e-mail:
= > users-unsubscribe <at> httpd.apache.org
= > >    "   from the digest:
= > users-digest-unsubscribe <at> httpd.apache.org
= > > For additional commands, e-mail:
= > users-help <at> httpd.apache.org
= > 
= >
= ---------------------------------------------------------------------
= > The official User-To-User support forum of the
= > Apache HTTP Server Project.
= > See <URL:http://httpd.apache.org/userslist.html> for
= > more info.
= > To unsubscribe, e-mail:
= > users-unsubscribe <at> httpd.apache.org
= >    "   from the digest:
= > users-digest-unsubscribe <at> httpd.apache.org
= > For additional commands, e-mail:
= > users-help <at> httpd.apache.org
= > 
= 
= 
= __________________________________________________
= Do you Yahoo!?
= Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
= http://platinum.yahoo.com
= 
= ---------------------------------------------------------------------
= The official User-To-User support forum of the Apache HTTP Server Project.
= See <URL:http://httpd.apache.org/userslist.html> for more info.
= To unsubscribe, e-mail: users-unsubscribe <at> httpd.apache.org
=    "   from the digest: users-digest-unsubscribe <at> httpd.apache.org
= For additional commands, e-mail: users-help <at> httpd.apache.org
= 
= 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe <at> httpd.apache.org
   "   from the digest: users-digest-unsubscribe <at> httpd.apache.org
For additional commands, e-mail: users-help <at> httpd.apache.org

Picon

question on gzip Encoding

Hello.
Ive been trying PHPWiki, but I cant read the page with mozilla if it
does it with HTTP/1.1 protocol.
It does look right with 1.0, or through a proxy (which in turn
comunicates with apache using 1.0 too)

1.0 replies headers include an 
Content-Encoding: gzip
field, but its not present when mozilla asks for HTTP/1.1, and then
mozilla displays only garbage.
Is this a know bug of apache 2.0.40 or may I be missing something on the
configuration ?

What do you think?
thank you for any advice you can give.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe <at> httpd.apache.org
   "   from the digest: users-digest-unsubscribe <at> httpd.apache.org
For additional commands, e-mail: users-help <at> httpd.apache.org

Zac Stevens | 1 Apr 05:37 2003

Re: strange error message in my logs and I can not use a post to load large form data

Hi Jeffrey,

On Mon, Mar 31, 2003 at 07:37:21PM -0700, Jeffrey D. Means wrote:
> [Mon Mar 31 19:21:06 2003] [error] [client 192.168.100.2] Requested
> content-length of 600250 is larger than the configured limit of 524288,
> referrer: http://www.picotech.net/~html8/admin/new_item.html
>  
> Where can I change this setting so my web site will work with large
> POSTs??

I presume it is a PHP page which is generating this message?  As far as I
know, Apache imposes no such limits while PHP has configuration options to
specify them.  I seem to recall that 512KB was the default limit, but I do
not have a PHP installation handy to check.

Have a look for PHP options starting with 'max_' and you should be able to
sort it out.

Cheers,

Zac

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe <at> httpd.apache.org
   "   from the digest: users-digest-unsubscribe <at> httpd.apache.org
For additional commands, e-mail: users-help <at> httpd.apache.org

Rufoo | 1 Apr 06:42 2003
Picon

Re: How does HTTPS work?


--- gebser <at> ameritech.net wrote:
> 
> I think you're mixing up http(s) headers and packet
> headers.  The latter 
> are visible to the proxy server but not the former.

A http proxy gets the target host's name from the GET
line, now in the case of https where is this
available?

> 
> ken
> 
> At 10:16 (UTC-0800) on Mon, 31 Mar 2003 Rufoo said:
> 
> = What misled me is that I forgot that HTTPS
> = communication takes over a totally different port
> -
> = 443 and not 80, that is both http and https cannot
> go
> = over the same wire. 
> = 
> = Now, how do proxies work for https? proxies rely
> on
> = the http(s) headers, which are now not available.
> = Also, what is the semantics for page caching? 
> = 
> = Thanks
> = rf
> = 

__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - File online, calculators, forms, and more
http://platinum.yahoo.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe <at> httpd.apache.org
   "   from the digest: users-digest-unsubscribe <at> httpd.apache.org
For additional commands, e-mail: users-help <at> httpd.apache.org


Gmane