Re: Case insensitive username in htaccess.

On Tuesday 28 February 2006 21:40, Jesper Krogh wrote:
> Hi.
>
>
> Is it possible to make apache match the username "case-insensitive"
> against lists in AuthUserFile /AuthGroupFile?

That would potentially be a security hole.

> We're using mod_ntlm and it generally works fine, but the different
> platforms tend to send usernames in mixed cases.

Hmmm.  Don't you get that behaviour if you use a case-insensitive filesystem?

--

-- 
Nick Kew

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe <at> httpd.apache.org
   "   from the digest: users-digest-unsubscribe <at> httpd.apache.org
For additional commands, e-mail: users-help <at> httpd.apache.org

Re: How to limit the size of each apache child process

On 2/28/06, Khai Doan <khai_quyen <at> hotmail.com> wrote:
> Hi list,
>
> I am running apache 2 using prefork model, and wish to limit the size of
> each apache process.  After a request, it should check its size, and if
> exceed a certain threshold, terminate itself.  I have looked at RLimitMEM
> directive, but it says that this directive only apply to subprocess (CGI)
> launch by apache child, and not the apache child itself.  So, how can I do
> this without using mod_perl ?

I don't think that can be done without some OS-specific C code and
possibly a new mpm.  You can set the rlimitmem under which apache
itself operates, but that will just kill off processes in the middle
of serving if they exceed the limit.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe <at> httpd.apache.org
   "   from the digest: users-digest-unsubscribe <at> httpd.apache.org
For additional commands, e-mail: users-help <at> httpd.apache.org

Re: Installation problems of Apache2

Re: Case insensitive username in htaccess.

On 3/1/06, Nick Kew <nick <at> webthing.com> wrote:
> On Tuesday 28 February 2006 21:40, Jesper Krogh wrote:
> > Is it possible to make apache match the username "case-insensitive"
> > against lists in AuthUserFile /AuthGroupFile?
>
> That would potentially be a security hole.

Yes if it could be done without people knowing it. If it were
configurable, it would be a feature 

If I didn't explain the problem well enough, then an example would work:
I just would like apache to assume that Jesper, JESPER, jesper, and so
on, was the same user
when matching up agaings the lists.

> > We're using mod_ntlm and it generally works fine, but the different
> > platforms tend to send usernames in mixed cases.
>
> Hmmm.  Don't you get that behaviour if you use a case-insensitive filesystem?

No. That would give me flexibillity in the names of the files
containing the user-list, not the
usernames.

I have got the mod_ntlm C-code, so if anyone could give me directions
on how to modify
the REMOTE_USER stuff from a C-apache module, then I could probably do
it that way.

Jesper

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe <at> httpd.apache.org
   "   from the digest: users-digest-unsubscribe <at> httpd.apache.org
For additional commands, e-mail: users-help <at> httpd.apache.org

Re: Case insensitive username in htaccess.

On 3/1/06, Jesper Krogh <jesper.krogh <at> gmail.com> wrote:
> On 3/1/06, Nick Kew <nick <at> webthing.com> wrote:
> > On Tuesday 28 February 2006 21:40, Jesper Krogh wrote:
> > > Is it possible to make apache match the username "case-insensitive"
> > > against lists in AuthUserFile /AuthGroupFile?
> >
> > That would potentially be a security hole.
>
> Yes if it could be done without people knowing it. If it were
> configurable, it would be a feature 
>
> If I didn't explain the problem well enough, then an example would work:
> I just would like apache to assume that Jesper, JESPER, jesper, and so
> on, was the same user
> when matching up agaings the lists.
>
> > > We're using mod_ntlm and it generally works fine, but the different
> > > platforms tend to send usernames in mixed cases.
> >
> > Hmmm.  Don't you get that behaviour if you use a case-insensitive filesystem?
>
> No. That would give me flexibillity in the names of the files
> containing the user-list, not the
> usernames.
>
> I have got the mod_ntlm C-code, so if anyone could give me directions
> on how to modify
> the REMOTE_USER stuff from a C-apache module, then I could probably do
> it that way.

Sometimes "fresh eyes" in the morning helps a lot. This patch against
mod_ntlm2 makes
the usernames in lowercase:

diff -Nur mod_ntlm2-0.1/mod_ntlm.c mod_ntlm2-0.1-mod/mod_ntlm.c
--- mod_ntlm2-0.1/mod_ntlm.c    2003-02-23 16:58:02.000000000 +0100
+++ mod_ntlm2-0.1-mod/mod_ntlm.c        2006-03-01 09:06:13.000000000 +0100
 <at>  <at>  -522,6 +522,12  <at>  <at> 
             /* silently accept login with same credentials */
             r->user = apr_pstrdup(r->connection->pool,
                                   ntlm_connection->user);
+
+           char *user= r->user;
+           while(*user){
+               *user = tolower(*user);
+               user++;
+           }
             r->ap_auth_type = apr_pstrdup(r->connection->pool,
                                           NTLM_AUTH_NAME);
             return OK;
 <at>  <at>  -557,6 +563,11  <at>  <at> 
      * NULL; */
     r->user = apr_pstrdup(r->connection->pool,
                           ntlm_connection->user);
+    char *user= r->user;
+    while(*user){
+       *user = tolower(*user);
+       user++;
+    }
     r->ap_auth_type = apr_pstrdup(r->connection->pool,
                                   NTLM_AUTH_NAME);

 <at>  <at>  -664,6 +675,11  <at>  <at> 
      * connection.  The other allocations are temporary and can be
      * tossed away any time. */
     r->user = apr_pstrcat(r->connection->pool, sent_user, NULL);
+    char *user= r->user;
+    while(*user){
+       *user = tolower(*user);
+       user++;
+    }
     r->ap_auth_type = "Basic";

Jesper

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe <at> httpd.apache.org
   "   from the digest: users-digest-unsubscribe <at> httpd.apache.org
For additional commands, e-mail: users-help <at> httpd.apache.org

Re: Case insensitive username in htaccess.

On Wednesday 01 March 2006 07:45, Jesper Krogh wrote:

> > Hmmm.  Don't you get that behaviour if you use a case-insensitive
> > filesystem?
>
> No. That would give me flexibillity in the names of the files
> containing the user-list, not the
> usernames.

It's a fair cop - I misread your question.  It seems you found
your own answer anyway

Actually your patch looks puzzling: you're introducing a new variable
but not using it.  Why not just fold r->user?

--

-- 
Nick Kew

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe <at> httpd.apache.org
   "   from the digest: users-digest-unsubscribe <at> httpd.apache.org
For additional commands, e-mail: users-help <at> httpd.apache.org

Re: Case insensitive username in htaccess.

On 3/1/06, Nick Kew <nick <at> webthing.com> wrote:
> On Wednesday 01 March 2006 07:45, Jesper Krogh wrote:
> > > Hmmm.  Don't you get that behaviour if you use a case-insensitive
> > > filesystem?
> >
> > No. That would give me flexibillity in the names of the files
> > containing the user-list, not the
> > usernames.
>
> It's a fair cop - I misread your question.  It seems you found
> your own answer anyway
>
> Actually your patch looks puzzling: you're introducing a new variable
> but not using it.  Why not just fold r->user?

"fold"? ..

I belive that r->user is a char * if I modify that directly with
r->user++ the the next
user of the string would start at the end position.

Well..  I'm usually coding Perl, so this is very far from what I
usually do so I might
be very wrong. :-/

--
Jesper

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe <at> httpd.apache.org
   "   from the digest: users-digest-unsubscribe <at> httpd.apache.org
For additional commands, e-mail: users-help <at> httpd.apache.org

Re: OS Env variables - TMP

Tx for the tip, this module is exactly what i am looking for. The pb is that it does not seem  to be working on
windows problem, unfortunately!!! Going through some sites, I was wondering if mod_perl would do the job
as well, i.e. reading the full config file and replacing, using regular expressions, relevant part of it.
I however did not find anything related to that.

I think my last solution, if I cannot find any easy way, would be to use windows batch script, which I hate for
its akward syntax.

Thanks a lot

---------- Initial Header -----------

From      : "William A. Rowe, Jr." <wrowe <at> rowe-clan.net>
To          : users <at> httpd.apache.org
Cc          : 
Date      : Tue, 28 Feb 2006 15:52:52 -0600
Subject : Re: [users <at> httpd] OS Env variables - TMP

Apache doesn't perform environment expansion from the core distribution.

Look at mod_macro, see if anyone's ported this to apache 2.x for your
purposes.  Portable syntax is '$SystemRoot' (or '$(SystemRoot)' - either
is sans ' tic marks in actual use.)

s_i <at> tiscali.fr wrote:
> Tx for your answer. I actually tried this solution before with %tmp% window env variable, but did not work,
nor with %systemroot". I tried to do that for the directive:
> PidFile %temp%/apache.pid
> 
> Error message i get is:
> "fopen: no such file or directory
> Apache.exe: could not log pid to file /apache/%systemroot%/temp"
> 
> Major problem:
> 1. "/apache" is prepended which i do not want, therefore the full path is wrongly interpreted
> 
> If any answer to that, thanks to let me know.
> 
> Regards,
> Sébastien
> 
> ---------- Initial Header -----------
> 
> From      : <Oliver.Schaudt <at> unilog.de>
> To          : <users <at> httpd.apache.org>
> Cc          : 
> Date      : Tue, 28 Feb 2006 14:09:12 +0100
> Subject : RE: [users <at> httpd] OS Env variables - TMP
> 
> 
> On attempt on Windows Systems 
>  %SystemRoot%\temp
> 
> Greets 
> Oliver
> 
> 
> -----Ursprüngliche Nachricht-----
> Von: s_i <at> tiscali.fr [mailto:s_i <at> tiscali.fr]
> Gesendet: Di 28.02.2006 11:29
> An: users
> Betreff: [users <at> httpd] OS Env variables - TMP
>  
> Hello,
> 
> In my attempt to ship Apache as a standlone server on a CD-ROM to run a Web-based application, I would need to
access my OS environment variables from httpd.conf, since i would like to access TEMP directory on any
computer (at least Windows-based computers). Any idea how to achieve that?
> Thanks for your help
> 
> -------------- ALICE HAUT DEBIT : TRIPLE PLAY A 29,95 EUR/MOIS -------------- 
> Découvrez vite ALICEBOX : avec le modem WIFI, profitez de l'ADSL, de la TELEPHONIE et en exclusivité de
la TELEVISION ! 
> Bénéficiez aussi de la hotline gratuite 24h/24 ! Soumis à conditions. Pour en profiter cliquez ici http://abonnement.aliceadsl.fr

> 
> 
> 
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe <at> httpd.apache.org
>    "   from the digest: users-digest-unsubscribe <at> httpd.apache.org
> For additional commands, e-mail: users-help <at> httpd.apache.org
> 
> 
> 
> 
> -------------- ALICE HAUT DEBIT : TRIPLE PLAY A 29,95 EUR/MOIS -------------- 
> Découvrez vite ALICEBOX : avec le modem WIFI, profitez de l'ADSL, de la TELEPHONIE et en exclusivité de
la TELEVISION ! 
> Bénéficiez aussi de la hotline gratuite 24h/24 ! Soumis à conditions. Pour en profiter cliquez ici http://abonnement.aliceadsl.fr

> 
> 
> 
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe <at> httpd.apache.org
>    "   from the digest: users-digest-unsubscribe <at> httpd.apache.org
> For additional commands, e-mail: users-help <at> httpd.apache.org
> 
> 
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe <at> httpd.apache.org
   "   from the digest: users-digest-unsubscribe <at> httpd.apache.org
For additional commands, e-mail: users-help <at> httpd.apache.org


-------------- ALICE HAUT DEBIT : TRIPLE PLAY A 29,95 EUR/MOIS -------------- 
Découvrez vite ALICEBOX : avec le modem WIFI, profitez de l'ADSL, de la TELEPHONIE et en exclusivité de la
TELEVISION ! 
Bénéficiez aussi de la hotline gratuite 24h/24 ! Soumis à conditions. Pour en profiter cliquez ici http://abonnement.aliceadsl.fr

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe <at> httpd.apache.org
   "   from the digest: users-digest-unsubscribe <at> httpd.apache.org
For additional commands, e-mail: users-help <at> httpd.apache.org

Re: Case insensitive username in htaccess.

On Wednesday 01 March 2006 09:05, Jesper Krogh wrote:

> "fold"? ..

Bah.  That's exactly what you do in your patch.
/me needs to wake up.

--

-- 
Nick Kew

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe <at> httpd.apache.org
   "   from the digest: users-digest-unsubscribe <at> httpd.apache.org
For additional commands, e-mail: users-help <at> httpd.apache.org

RE: Basic Authentication with mod_proxy

Hi,

Sorry, I was using <Directory>, I tried <Location> and now it works!
Thanks :)

Henrique 

PS - By the way, which is the reason for it not to work using Directory?

-----Original Message-----
From: jslive <at> gmail.com [mailto:jslive <at> gmail.com] On Behalf Of Joshua Slive
Sent: segunda-feira, 27 de Fevereiro de 2006 16:58
To: users <at> httpd.apache.org
Subject: Re: [users <at> httpd] Basic Authentication with mod_proxy

On 2/27/06, Henrique Craveiro <henrique.craveiro <at> ef.pt> wrote:
> Hi,
>
> Ok, since not everybody uses or used mod_auth_kerb, I present my 
> question speaking about using Basic authentication (instead of 
> mod_auth_kerb) and mod_proxy.
>
> I configured my Web Server with Basic Authentication and mod_proxy 
> acting as reverse Proxy. What I want is Apache to authenticate and 
> only in case of succeeding in it it redirects to another server. How 
> can I do it? Mod_proxy always takes charge and authentication doesn't 
> occur because of it... :(
>
> Anybody?

You never answered my question asking exactly how you have it configured and
whether you are using <Directory> or <Location>.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe <at> httpd.apache.org
   "   from the digest: users-digest-unsubscribe <at> httpd.apache.org
For additional commands, e-mail: users-help <at> httpd.apache.org

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe <at> httpd.apache.org
   "   from the digest: users-digest-unsubscribe <at> httpd.apache.org
For additional commands, e-mail: users-help <at> httpd.apache.org