Re: [users@httpd] reverse proxy wishlist

2015-12-07 Thread Christian Georg
Hi Jim, Here are a couple of suggestions, although I am not sure whether this is implemented in mod_proxy or one of the supporting modules. - request routing based on custom headers and patterns. I am currently using conditional url rewrites but I think the matching would be more efficient and

Re: [users@httpd] Certificate check on Apache reverse proxy with upstream SSL

2015-12-07 Thread Christian Georg
Hi Jim, Not sure I understand your response. The attachment it's the JDK release notes and I did not find anything specific in there. I partially solved his by migrating to Apache 2.4 and using checkpeername. With Apache 2.4 the host name from the http request is checked against the certificat

Re: [users@httpd] explicitly including other ciphers for use with https

2015-12-07 Thread Marat Khalili
what gives you the suggestion that the user agent or the httpd server would notice any modification of plaintext bytes in transit through a router or other network intermediate? Isn't this authentication is for? -- With Best Regards, Marat Khalili On 08/12/15 08:54, William A Rowe Jr wrote:

Re: [users@httpd] explicitly including other ciphers for use with https

2015-12-07 Thread William A Rowe Jr
On Dec 7, 2015 11:36 PM, "Marat Khalili" wrote: >> >> Everything *after* that handshake, in cleartext, is open for inspection or for manipulation > > Are you sure about the manipulation part? Why do you think encryption helps here then? To turn the question around, what gives you the suggestion t

Re: [users@httpd] explicitly including other ciphers for use with https

2015-12-07 Thread Marat Khalili
Everything *after* that handshake, in cleartext, is open for inspection or for manipulation Are you sure about the manipulation part? Why do you think encryption helps here then? -- With Best Regards, Marat Khalili On 08/12/15 05:30, William A Rowe Jr wrote: On Mon, Dec 7, 2015 at 7:40 PM, J

Re: [users@httpd] explicitly including other ciphers for use with https

2015-12-07 Thread William A Rowe Jr
On Mon, Dec 7, 2015 at 7:40 PM, Jacob Champion wrote: > On 12/07/2015 05:06 PM, William A Rowe Jr wrote: > >> On Mon, Dec 7, 2015 at 2:39 PM, Ron Croonenberg > > wrote: >> >> Hello, >> >> I a building a storage system, using HTTP/HTTPS for ingesting data. >> >> I

Re: [users@httpd] explicitly including other ciphers for use with https

2015-12-07 Thread Jacob Champion
On 12/07/2015 05:06 PM, William A Rowe Jr wrote: On Mon, Dec 7, 2015 at 2:39 PM, Ron Croonenberg mailto:r...@lanl.gov>> wrote: Hello, I a building a storage system, using HTTP/HTTPS for ingesting data. I would like to use the authentication over HTTPS, while after that I want n

Re: [users@httpd] explicitly including other ciphers for use with https

2015-12-07 Thread William A Rowe Jr
On Mon, Dec 7, 2015 at 2:39 PM, Ron Croonenberg wrote: > Hello, > > I a building a storage system, using HTTP/HTTPS for ingesting data. > > I would like to use the authentication over HTTPS, while after that I want > no encryption on the data because of peformance. > Then you probably don't unde

[users@httpd] explicitly including other ciphers for use with https

2015-12-07 Thread Ron Croonenberg
Hello, I a building a storage system, using HTTP/HTTPS for ingesting data. I would like to use the authentication over HTTPS, while after that I want no encryption on the data because of peformance. I think using null ciphers, like eNULL would work, but how do I change the configurations is

Re: [users@httpd] mod_proxy - Status lines without response phrases are getting turned into 500 errors

2015-12-07 Thread Adam
Thanks Nick! I'm not sure what our plans are to upgrade, but we do have an easy fix in our application for now. Thanks for clarifying where it was fixed and not fixed. Adam On Mon, Dec 7, 2015 at 2:34 PM, Nick Kew wrote: > On Mon, 2015-12-07 at 14:03 -0500, Adam wrote: > > We are using Apache

Re: [users@httpd] mod_proxy - Status lines without response phrases are getting turned into 500 errors

2015-12-07 Thread Nick Kew
On Mon, 2015-12-07 at 14:03 -0500, Adam wrote: > We are using Apache 2.2.29 in production with mod_perl and mod_proxy What's the role of mod_perl in your proxy? Can the problem be replicated without mod_perl? Oh, right, just looked up the bug you reference: seems I was there. The final comment

[users@httpd] mod_proxy - Status lines without response phrases are getting turned into 500 errors

2015-12-07 Thread Adam
Hi, We are using Apache 2.2.29 in production with mod_perl and mod_proxy (we're acting as a reverse proxy) and are experiencing a problem with proxying responses from the back end server that don't include a response phrase being turned into a 500 error by Apache when it proxies to the client. Th

Re: [users@httpd] Apache2 and Tomcat : Simultaneously running both servers and Virtual Hosting.

2015-12-07 Thread William A Rowe Jr
Pretty simple answer, you either, 1. Change the Tomcat port, E.g. 8080 so it doesn't collide with httpd, or 2. Listen (IPaddr1):80 to httpd and bind (IPaddr2):80 to Tomcat. The second can be more confusing, since if you bind localhost:80 to Tomcat, httpd won't respond unless you make a request t

[users@httpd] PHP and mod_fcgid: ap_pass_brigade failed in handle_request_ipc function

2015-12-07 Thread Steven Barre
OK, so I've been trying to solve this for a while now,. and I still can't even figure out what this error means. Can someone tell me what has gone wrong in fcgi to cause this error? I posted on Stack Overflow, but haven't gotten much help yet so I'm trying this mailing list. http://stackoverf

[users@httpd] Apache2 and Tomcat : Simultaneously running both servers and Virtual Hosting.

2015-12-07 Thread Kernel freak
Hello friends, I am working on some server side changes in which I have the webapps or website hosted by Apache server is called by the URL. So if url is www.domain-one.com, then the specific webapp or website must be served. I have partial success in these regards as I have already configured Ap