[users@httpd] Fwd: HTTP Header Security Filter (antiClickJackingEnabled x-frame-options) doesn't work with mod_proxy as expected

Note: already asked the tomcat mailing list without receiving any reply I'm trying to configure the header x-frame-options in tomcat8 web.xml: httpHeaderSecurity org.apache.catalina.filters.HttpHeaderSecurityFilter true antiClickJackingOption

Re: [users@httpd] ExecCGI ignored within nfs share

er what you do on the client side you will still > not be able to run exe files. > > Since this is not the case maybe the perms of the directories on that path > have no exe permissions them self? > > IC > > On Fri, Jan 31, 2020, 10:46 PM Michele Mase' > wrote: &g

Re: [users@httpd] ExecCGI ignored within nfs share

rt=635,mountproto=tcp,local_lock=none,addr=10.10.10.10 0 0 The apache process user can execute scripts under nfs share: su - www-data -s /bin/bash -c "/shared/www_root/cgi2/test.sh" #working On Thu, Jan 30, 2020 at 8:57 PM Igor Cicimov wrote: > On Wed, Jan 29, 2020, 11:35 PM Michele Mase&

[users@httpd] ExecCGI ignored within nfs share

I'm trying to execute some gci scripts under a certain directory stored under an nfs share without any success; the same configuration is working outside nfs share (i.e. under local filesystem). What am I missing? Regards Michele Masè Local Working: curl https://www.example.com/cgi2/ Alias /cgi2/

[users@httpd] mod_proxy_balancer cookie issue

I have 2 zope servers behind a reverse proxy; i'm trying to balance them, following the apache-wiki guide "Load balancing with appservers who set a bad sticky cookie" The configuration works with problems: Planning a Server maintenance: under the balancer web page, i need to put one server offline.

Re: [users@httpd] Unable to fork new process

t Regards Michele MAsè On Thu, Jan 26, 2017 at 5:58 PM, Michele Mase' wrote: > Ok, I've just tried the loop within apache2.4.x and I confirm it is not > affected by the error. > So, what could be the better solution? > ASAP, I plan to migrate my system on apache 2.4.x

Re: [users@httpd] Unable to fork new process

2017 at 1:27 AM, Yann Ylavic wrote: > Hi, > > On Wed, Jan 25, 2017 at 10:33 PM, Michele Mase' > wrote: > > > I checked restarts with valgrind on latest 2.2.x and found this fixes: > > Index: modules/ssl/mod_ssl.c > =

Re: [users@httpd] Unable to fork new process

Darryl Baker* > > *Sr. System Administrator* > > *Northwestern* | Information Technology > > www.it.northwestern.edu > > > > *From:* Michele Mase' [mailto:michele.m...@gmail.com] > *Sent:* January 25, 2017 11:50 AM > *To:* Httpd Users List > *Subject:* Re: [users@

Re: [users@httpd] Unable to fork new process

erally-available > > > > Darryl Baker > > NIT - CI -DAPS > > X76674 > > > > *From:* Michele Mase' [mailto:michele.m...@gmail.com] > *Sent:* January 25, 2017 8:59 AM > *To:* Httpd Users List > *Subject:* Re: [users@httpd] Unable to fork new process > &

Re: [users@httpd] Unable to fork new process

On Wed, Jan 25, 2017 at 3:39 PM, Darryl Philip Baker < darryl.ba...@northwestern.edu> wrote: > e Due to redhat subscription, we must use redhat's rpms. Now I'm trying the php loop against another web server. Then I will try with apache 2.4.x in a offline env. My question is the same: After xx re

Re: [users@httpd] Unable to fork new process

t 12:22 PM, Eric Covener wrote: > On Wed, Jan 25, 2017 at 5:29 AM, Michele Mase' > wrote: > > Any better suggestion? Anyone ever will correct the httpd code? > > Not without a more specific/realistic bug report on a recent release, > and even then it's unlik

Re: [users@httpd] Unable to fork new process

eir version. If you find one that wasn’t > backported time to nudge Res Hat. Maybe someone on this list more in tune > with the releases can point you at one or two of these. Or just build a > newer version of Apache 2.2 from source > > > > Darryl Baker > > NIT - CI -DAPS

[users@httpd] Unable to fork new process

All, I've a apache web server with 600 web sites as reverse proxy. The average of req. is more than 100 req/sec during all the day. The apache is a 2.2.15 release 56.el6_8.3 (RedHat 6.x system up to date) + mod_ssl. Every 10 days, the system has problems, and in the error log i found dozen of: [e

Re: [users@httpd] SSLHonorCipherOrder not working as expected

ualhost available. > > 2016-07-28 23:43 GMT+02:00 Yann Ylavic : > >> On Thu, Jul 28, 2016 at 10:00 PM, Michele Mase' >> wrote: >> > >> > Any suggestion? >> >> Ciphers must be negotiated before HTTP is decrypted (and hence vhost >> selection

Re: [users@httpd] SSLHonorCipherOrder not working as expected

> for the time being. > > It will be better if you check Java 1.4 compatibility table to know which > ciphers will work or not and not enable the most insecure ones you are > enabling right now. > > Either that or migrate your client to a recent Java version > > El 28/

[users@httpd] SSLHonorCipherOrder not working as expected

I've a reverse proxy based on apache 2.2.x (centos6.x) with soma name based virtualhosts; trying to connect with an old app axis and java1.4.2.x based, it only works with the following configuration: SSLProtocol ALL -SSLv2 -SSLv3 SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA

Re: [users@httpd] CVE-2014-0226 vulnerability: mod_status.so was no longer ABI-compatible

http://mattiasgeniar.be/2014/07/28/httpd-cannot-load-mod_status-so-into-server-undefined-symbol-ap_copy_scoreboard_worker/ On Fri, Aug 1, 2014 at 2:04 PM, Eric Covener wrote: > On Fri, Aug 1, 2014 at 3:31 AM, Michele Mase' > wrote: > > After applying some vendor's patches (red

[users@httpd] CVE-2014-0226 vulnerability: mod_status.so was no longer ABI-compatible

After applying some vendor's patches (redhat and ubuntu), mod_status was broken; as a workaround, disabling it solves the issue Issue solved: #LoadModule status_module modules/mod_status.so #ExtendedStatus On Issue is present: LoadModule status_module modules/mod_status.so ExtendedStatus On Is i

[users@httpd] Similar issuer dn mod_ssl client authentication issue

I'm testing a client authentication using: SSLCACertificateFile /path/to/pemfile.pem SSLVerifyClient require SSLVerifyDepth 2 /LocationMatch> My env: CentOS 6.4, OpenSSL 1.0.0-fips 29 Mar 2010, Server version: Apache/2.4.3 (Unix) - Server built: Feb 7 2013 14:32:46 I have 2 C

Re: [users@httpd] Re: mod_ssl help

of my > certificates it comes out as "issuer=/C=AU/ST=NSW/L=Sydney/" so sorry > for the confusion seams the / separator is correct. > > Any way, what does the test "openssl s_client -ssl3 -connect > server_name:443" show in your case? > > >> >&

Re: [users@httpd] Re: mod_ssl help

The issuer dn is the same; the pem file is a ca bundle. On Sun, Mar 3, 2013 at 11:23 PM, Igor Cicimov wrote: > > On 04/03/2013 7:33 AM, "Michele Mase'" wrote: > > > > Anyone? > > > > > > On Fri, Mar 1, 2013 at 7:39 PM, Michele Mase'

[users@httpd] Re: mod_ssl help

Anyone? On Fri, Mar 1, 2013 at 7:39 PM, Michele Mase' wrote: > I'm testing a client authentication using: > > SSLCACertificateFile /path/to/pemfile.pem > > SSLVerifyClient require > SSLVerifyDepth 2 > SSLOptions +StdEnvVars +Expo

[users@httpd] mod_ssl help

I'm testing a client authentication using: SSLCACertificateFile /path/to/pemfile.pem SSLVerifyClient require SSLVerifyDepth 2 SSLOptions +StdEnvVars +ExportCertData SSLRequire %{SSL_CLIENT_I_DN} eq "/C=US/O=acme/OU=acme/CN=acme" /LocationMatch> I should use two

Re: [users@httpd] Rewrite Role: navigation toolbar trouble

Tx! AliasMatch should be more than enough. Michele MAsè On Thu, May 24, 2012 at 10:53 AM, Pete Houston wrote: > If you can solve it with a symlink in the filesystem then the equivalent > in the httpd configuration is to use an Alias. > > Pete > -- > Openstrike - improving business through open s

[users@httpd] Rewrite Role: navigation toolbar trouble

I need that the url http://www.example.com/a.htm will point http://www.example.com/a/b/c/d.htm; in navigation toolbar of the browser you should view only http://www.example.com/a.htm. I've "solved" using a symlink between the file /webroot/a/b/c/d.htm and /webroot/a.htm. Is it possible to solve it

Re: [users@httpd] UTF8 uri encoding mod_proxy

The server locale is EN-US.UTF8 and the apache web server runs under the default settings on a RedHat 6.x system; the /etc/sysconfig/httpd is untouched. On Thu, Oct 27, 2011 at 3:49 PM, Eric Covener wrote: > I would have guessed the proxy would re-encode those anyway.  Do you > run your httpd und

[users@httpd] UTF8 uri encoding mod_proxy

Unluckly I should manage UTF8 characters in hte URI, more exactly in the query string. All requests pass through an apache 2.2.x mod_proxy. Request correctly made by Firefox 10.10.10.10-27/10/2011 12:23:49 CEST 4FF6BE8CC0EF4B9505FEEA75FC85954CHTTP/1.1GET7 /path1/path2/detail.ac

Re: [users@httpd] Smarter rewrite rule

, Rich Bowen wrote: > > On Sep 22, 2011, at 2:23 AM, Michele Mase' wrote: > > > Hi folks, I'using a lazy rule on my site: > > ... > > ProxyPass /app1/ http://192.168.1.1/app1/ > > ProxyPassReverse /app1/ http://192.168.1.1/app1/ > > RewriteRule ^/app1$

[users@httpd] Smarter rewrite rule

Hi folks, I'using a lazy rule on my site: ... ProxyPass /app1/ http://192.168.1.1/app1/ ProxyPassReverse /app1/ http://192.168.1.1/app1/ RewriteRule ^/app1$ /app1/ [R] ProxyPass /app2/ http://192.168.1.1/app2/ ProxyPassReverse /app2/ http://192.168.1.1/app2/ RewriteRule ^/app2$ /app2/ [R] Prox

[users@httpd] Fwd: Virtualhost location variable

Anyone? -- Forwarded message -- From: Michele Mase' Date: Wed, Mar 30, 2011 at 10:30 AM Subject: Virtualhost location variable To: users@httpd.apache.org I've the following situation: I need to block the access on a particular location,as the example: ... Order Deny,

Re: [users@httpd] Rewrite inside Location directive

>From the official documentation: http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#rewriterule Context: server config, virtual host, directory, .htaccess ... Although rewrite rules are syntactically permitted in

[users@httpd] Virtualhost location variable

I've the following situation: I need to block the access on a particular location,as the example: ... Order Deny,Allow Deny from all Allow from localhost safenet1 safenet2 ... ... I need to do the same for all the virtualhosts, more than 1K... Solution1: using sed|awk put the rule inside all v

Re: Multiple authentication sources

Does the option 3 work changing the username from the form domain\username into [EMAIL PROTECTED] (domain in fqd form i.e. example.com)? Regards Michele On Thu, Dec 11, 2008 at 9:12 AM, Craig McQueen <[EMAIL PROTECTED]>wrote: > My company (in Australia) has a working Apache server on its Intrane

Re: [EMAIL PROTECTED] proxy_ajp webdav http 1.1 authentication

ou chose for logging in > when you DAV pops up its authentication dialog. > > If that does not work, then ask further on the Tomcat list. > > > > > > Michele Mase' wrote: > >> here is the conf: >> >> Frontend server: >> >>ServerN

Re: [EMAIL PROTECTED] proxy_ajp webdav http 1.1 authentication

The Entire Web Application /* admin BASIC Tomcat Supported Realm An example role defined in "conf/tomcat-users.xml" admin On Mon, Oct 27, 2008 at 12:16 PM, André Warnier <[EMAIL PROTECTED]>

[EMAIL PROTECTED] proxy_ajp webdav http 1.1 authentication

I've the following problem: A ftontend server with apache2.2.x (http1.1) mod_proxy mod_proxy_ajp A backend server: tomcat 6.x with 2 webapps: /app1 /app2 (webdav, basic authentication via http) Problem: /app1 works well under proxy_ajp: ProxyPass /some_path ajp://server:8009/app1 webdav authen

Re: [EMAIL PROTECTED] how to uninstall httpd-2.2.10

My suggestion is: 1 packetize it if you can (it depends of which is your env: I mean, 4 example if you use linux rpm compatible with the command rpmbuild -ta httpd-x.y.z.tar.gz you should build all the packages apache related. I don't know the deb package syntax. If you don't use linux it depends o