Re: [EMAIL PROTECTED] mod_proxy and unrequested URL-decoding

2007-10-16 Thread Robert Jaeschke
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Nick, Nick Kew schrieb: >> Why does mod_proxy behave this way? Is there a way to change the >> behaviour? Do workarounds exist? > > http://issues.apache.org/bugzilla/show_bug.cgi?id=41798 > > Stay tuned. I've been fixing quite a lot of mod_pr

Re: [EMAIL PROTECTED] server to test websites

2007-10-16 Thread Manuel Mendez
Yeah I know, I figured out the phpmyadmin thing, internet explorer's cache was to blame. The other problem I had was that for some reason it seems apache wasn't looking into subfolders. I just uninstalled everything and then went with a wamp. This is only for test purposes so that the there isn't

[EMAIL PROTECTED] Mod_perl and includes

2007-10-16 Thread Tony Rice (trice)
I'm trying to bring up a server with mod_perl configuration original created for an Apache 2.0 server but on an Apache 1.3 server. The problem is that "PerlSwitches" isn't available on the mod_perl running on the 1.3 server. How can I get this library path included on a 1.3 server? PerlSwitche

Re: [EMAIL PROTECTED] ssl_error_log: unusably short session_id provided

2007-10-16 Thread John P. Dodge
On Tue, 16 Oct 2007, Grant wrote: > For the last 24 hours I've been getting these errors in ssl_error_log: > > [error] unusably short session_id provided (0 bytes) > > and I've received no customer orders. This could correspond to my > upgrading to openssl-0.9.8f. I guess I'll downgrade to 0.9.8

Re: [EMAIL PROTECTED] SSL pass phrase

2007-10-16 Thread Aaron Dalton
On Tue, 16 Oct 2007, William A. Rowe, Jr. wrote: Aaron Dalton wrote: AFAIK there is no way around this. If you do not want Apache to wait for a pass phrase, you have to strip the private key of encryption. This of course has multiple security problems, but I'm afraid those are your only o

Re: [EMAIL PROTECTED] 100-continue response when 401 expected - Apache 2.2.26

2007-10-16 Thread Ragini Bisarya
Thanks for your response. I would like to clarify that the client does not know if the web resource is protected by authentication or not and if so, does it require Basic or Digest authentication scheme. Therefore the client can never send the authentication header in the initial request. The aim

Re: [EMAIL PROTECTED] SSL pass phrase

2007-10-16 Thread Dimitri Yioulos
On Tuesday 16 October 2007 2:58 pm, Aaron Dalton wrote: > On Tue, 16 Oct 2007, Tony Heal wrote: > > I am using apache v 1.3.34-4.1 and openssl on Debian and I have set up > > SSL, Although I can restart apache using the init script without issue I > > get prompted for a pass phrase if I stop and st

Re: [EMAIL PROTECTED] SSL pass phrase

2007-10-16 Thread William A. Rowe, Jr.
Aaron Dalton wrote: AFAIK there is no way around this. If you do not want Apache to wait for a pass phrase, you have to strip the private key of encryption. This of course has multiple security problems, but I'm afraid those are your only options that I am aware of. $ openssl rsa -in encr

Re: [EMAIL PROTECTED] SSL pass phrase

2007-10-16 Thread Michael McGlothlin
Possibly you could rewrite the start scripts so that they wait to be prompted for the password and then auto-fill the password. -- Michael McGlothlin Southwest Plumbing Supply - The official User-To-User support forum of the A

Re: [EMAIL PROTECTED] SSL pass phrase

2007-10-16 Thread Aaron Dalton
On Tue, 16 Oct 2007, Tony Heal wrote: I am using apache v 1.3.34-4.1 and openssl on Debian and I have set up SSL, Although I can restart apache using the init script without issue I get prompted for a pass phrase if I stop and start apache. This is a problem if I have a power loss as apache wi

Re: [EMAIL PROTECTED] SSL pass phrase

2007-10-16 Thread Scott Courtney
On Tuesday 16 October 2007 14:40, Scott Courtney wrote: > $ openssl -in foo.temp -out foo.key Sorry -- that should be: $ openssl rsa -in foo.temp -out foo.key Scott -- - Scott D. COURTNEY, Principal Engineer

Re: [EMAIL PROTECTED] SSL pass phrase

2007-10-16 Thread Scott Courtney
On Tuesday 16 October 2007 13:11, Tony Heal wrote: > This is a problem if I have a power loss as apache will wait in the > background until it receives a pass phrase. Is there a way around this > without regenerating the server.key? Yes, there is. The "openssl" command line utility won't let you

Re: [EMAIL PROTECTED] xradius_auth internal server error

2007-10-16 Thread Paul Querna
Alexander Fortin wrote: > Hi list. I'm experiencing the same problem with mod_auth_radius, but I > can't find anywhere what the "AuthBasicProvider" directive should be for > that module (no, unfortunately "radius" doesn't work :P) > > Apache version is 2.2.3 running on Debian Etch, mod_auth_radius

Re: [EMAIL PROTECTED] SSL pass phrase

2007-10-16 Thread Zakai Kinan
use this. openssl rsa -in private.key.org -out private.key. Replace private.key with your key. ZK --- Ajai Khattri <[EMAIL PROTECTED]> wrote: > On Tue, 16 Oct 2007, Tony Heal wrote: > > > I am using apache v 1.3.34-4.1 and openssl on > Debian and I have set up SSL, Although I can restart > a

Re: [EMAIL PROTECTED] SSL pass phrase

2007-10-16 Thread Ajai Khattri
On Tue, 16 Oct 2007, Tony Heal wrote: > I am using apache v 1.3.34-4.1 and openssl on Debian and I have set up SSL, > Although I can restart apache using the init > script without issue I get prompted for a pass phrase if I stop and start > apache. This is a problem if I have a power > loss as a

[EMAIL PROTECTED] dual apache2 proxyERRORS issue

2007-10-16 Thread Shaw, Dan
We have two apache2 proxy servers that work well except for the latest entry. Really need help on this one. See error and access log below. Access_Log 192.168.41.220 - - [16/Oct/2007:08:56:42 -0700] "GET /EloanWeb.aspx HTTP/1.1" 502 315 192.168.41.220 - - [16/Oct/2007:08:56:51 -0700] "GET /

[EMAIL PROTECTED] SSL pass phrase

2007-10-16 Thread Tony Heal
I am using apache v 1.3.34-4.1 and openssl on Debian and I have set up SSL, Although I can restart apache using the init script without issue I get prompted for a pass phrase if I stop and start apache. This is a problem if I have a power loss as apache will wait in the background until it receiv

Re: [EMAIL PROTECTED] server to test websites

2007-10-16 Thread Tom Hart
Hard to really tell what's going on, but here's a couple things to try. Don't forget to restart your server after changes (probably already are, just have to make sure). The vhost definitions all seem pretty unnecessary, why not just listen on localhost:80 and docroot to mecweb? Manuel Mend

Re: [EMAIL PROTECTED] Testing Apache Parameters

2007-10-16 Thread Christian Folini
Hey James, All your config proposals are DoS/DDoS relevant. Timeouts mean, that a client can block a process or a thread (depening on your MPM) for a given time. A high timeout means, it will be blocked longer. A blocked process can not serve other clients. If you were a bank and you would allo

[EMAIL PROTECTED] Testing Apache Parameters

2007-10-16 Thread James Wuerflein
I'm looking for a way to test Apache parameters to see what needs to be changed. So looking at how to test each of these parameters, and also if anybody has any comments or suggestions on each that would be great. I have the default listed plus what I have it set to right now. #Timeout 300

Re: [EMAIL PROTECTED] 100-continue response when 401 expected - Apache 2.2.26

2007-10-16 Thread Nick Kew
On Mon, 15 Oct 2007 18:15:42 -0700 "Ragini Bisarya" <[EMAIL PROTECTED]> wrote: > Hi, > > I see a difference in the way Apache responds to a Expect: > 100-continue header in version 1.3.33 vs 2.2.6. The 1.3.33 handling is > correct. I feel the 2.2.6 handling is a bug. > > For PUT requests with a

Re: [EMAIL PROTECTED] deflate module

2007-10-16 Thread Christian Folini
On Tue, Oct 16, 2007 at 09:20:51AM +0100, Melanie Pfefer wrote: > hi > I configured apache2 to enable deflate module. > > to disable this option, do i only need to comment it > in httpd.conf? > or should i do the configuration again? Hey Melanie, Disabling it in the config will do. Do not forget

[EMAIL PROTECTED] ssl_error_log: unusably short session_id provided

2007-10-16 Thread Grant
For the last 24 hours I've been getting these errors in ssl_error_log: [error] unusably short session_id provided (0 bytes) and I've received no customer orders. This could correspond to my upgrading to openssl-0.9.8f. I guess I'll downgrade to 0.9.8e-r3 for now. Does anyone have any suggestio

[EMAIL PROTECTED] deflate module

2007-10-16 Thread Melanie Pfefer
hi I configured apache2 to enable deflate module. to disable this option, do i only need to comment it in httpd.conf? or should i do the configuration again? thx ___ Want ideas for reducing your carbon footprint? Visit Yahoo! For Go