You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Patrick Horgan <ph...@yahoo.com> on 2010/01/06 06:40:48 UTC
[users@httpd] Multiple ssh login prompts
On a site that I set up on fedora, https://ootbcomp.com, which brings
you to a mediawiki installation, there are ten ssl login prompts each
above the other, so if you log in to one of them, the next one down in
the stack appears in my firefox browser. If I log in ten times I get
the site, if I log in once and cancel the other nine I get one pane of
the site and a refresh in the browser gets the whole site. After that
I'm not prompted again unless I restart the browser of course. Does
anyone have any idea what I did? I've never seen this behavior before.
The system:
Linux s2.ootbcomp.com 2.6.30.8-64.fc11.x86_64 #1 SMP Fri Sep 25 04:43:32
EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
The server is loaded from a fedora package:
httpd.x86_64 2.2.13-1.fc11
@updates
Server version: Apache/2.2.13 (Unix)
mediawiki is from a fedora package:
mediawiki.x86_64 1.15.1-50.fc11
@updates
In the ssl_access_log I can see the multiple requests for the page,
favicon, a php file, some css, some images, etc...and it seems that for
each of them, I get an ssl login prompt.
Patrick
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Multiple ssh login prompts
Posted by Patrick Horgan <ph...@yahoo.com>.
Boyle Owen wrote:
>> -----Original Message-----
>> From: Patrick Horgan [mailto:phorgan1@yahoo.com]
>> Sent: Wednesday, January 06, 2010 6:41 AM
>> To: users@httpd.apache.org
>> Subject: [users@httpd] Multiple ssh login prompts
>>
>> On a site that I set up on fedora, https://ootbcomp.com, which brings
>> you to a mediawiki installation, there are ten ssl login prompts each
>> above the other, so if you log in to one of them, the next
>> one down in
>> the stack appears in my firefox browser. If I log in ten times I get
>> the site, if I log in once and cancel the other nine I get
>> one pane of
>> the site and a refresh in the browser gets the whole site.
>> After that
>> I'm not prompted again unless I restart the browser of course. Does
>> anyone have any idea what I did? I've never seen this
>> behavior before.
>> The system:
>>
>
> How are your Basic Auth realms defined? Do you have a single realm with
> all content within? Or many parallel realms? Or nested realms?
>
Just one, set up in the Directory for wiki. Here's my ssl.conf
LoadModule ssl_module modules/mod_ssl.so
Listen 443
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<VirtualHost _default_:443>
DocumentRoot "/var/www/https"
DefineExternalAuth pwauth pipe /usr/local/libexec/pwauth
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/pki/tls/certs/ootbcomp.crt
SSLCertificateKeyFile /etc/pki/tls/private/ootbcomp.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/https/">
Allow From All
AuthBasicProvider external
AuthBasicAuthoritative Off
AuthType Basic
AuthName "Password Required"
AuthExternal pwauth
Options FollowSymLinks
Require valid-user
</Directory>
<Directory "/var/www/https/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
Include /etc/httpd/conf.d/mailman.conf
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
ScriptAlias /cgi-bin "/var/www/https/cgi-bin/"
Include /etc/httpd/conf.d/millwiki.include
</VirtualHost>
It includes inside the virtual host the mailman configuration and the
wiki configuration.
Here's the mailman.conf:
ScriptAlias /mailman/ /usr/lib/mailman/cgi-bin/
<Directory /usr/lib/mailman/cgi-bin/>
AllowOverride None
Options ExecCGI
Order allow,deny
Allow from all
</Directory>
Alias /pipermail/ /var/lib/mailman/archives/public/
<Directory /var/lib/mailman/archives/public>
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
AddDefaultCharset Off
</Directory>
RedirectMatch ^/mailman[/]*$ http://s2.ootbcomp.com/mailman/listinfo
and here's the millwiki.conf
Alias /wiki /home/ootbc/site/https/htdocs/mediawiki/index.php
Alias /index.php /home/ootbc/site/https/htdocs/mediawiki/index.php
<Directory "/home/ootbc/site/https/htdocs/mediawiki">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Directory "/home/ootbc/site/https/htdocs/mediawiki/upload">
AllowOverride None
AddType text/plain .html .htm .shtml
</Directory>
<Directory /home/ootbc/site/https/htdocs/mediawiki/config>
Options -FollowSymLinks
AllowOverride None
</Directory>
<Directory /home/ootbc/site/https/htdocs/mediawiki/images>
Options -FollowSymLinks
AllowOverride None
</Directory>
RewriteEngine on
RewriteRule ^/wiki/en/(.*)$
/home/ootbc/site/https/htdocs/mediawiki/wiki.phtml?title=$1
> You mention "panes" so I guess that components of the site are loaded
> with dojo ContentPanes or iframes or similar? If so, how do the hrefs
> look? Do they have absolute URLs
> (href="https://ootbcomp.com/path/to/content") or relative links
> (href="/path/to/content")?
>
The wiki seems to only use relative for it's content, certainly so for
this initial load. The gets upon connecting unauthenticated (from
ssl_request_log) are:
99.61.74.22 - - [06/Jan/2010:09:52:12 -0800] "GET /wiki/Main_Page
HTTP/1.1" 200 7309
99.61.74.22 - - [06/Jan/2010:09:52:24 -0800] "GET
/mediawiki/index.php?title=MediaWiki:Monobook.css&usemsgcache=yes&ctype=text%2Fcss&smaxage=18000&action=raw&maxage=18000
HTTP/1.1" 401 480
99.61.74.22 - - [06/Jan/2010:09:52:28 -0800] "GET
/mediawiki/skins/common/shared.css?207 HTTP/1.1" 401 480
99.61.74.22 - - [06/Jan/2010:09:52:34 -0800] "GET
/mediawiki/skins/common/commonPrint.css?207 HTTP/1.1" 401 480
99.61.74.22 - - [06/Jan/2010:09:52:38 -0800] "GET
/mediawiki/index.php?title=-&action=raw&maxage=18000&gen=css HTTP/1.1"
401 480
99.61.74.22 - - [06/Jan/2010:09:52:40 -0800] "GET
/mediawiki/skins/monobook/main.css?207 HTTP/1.1" 401 480
99.61.74.22 - - [06/Jan/2010:09:52:40 -0800] "GET
/mediawiki/skins/common/ajax.js?207 HTTP/1.1" 401 480
99.61.74.22 - - [06/Jan/2010:09:52:42 -0800] "GET
/mediawiki/skins/common/wikibits.js?207 HTTP/1.1" 401 480
99.61.74.22 - - [06/Jan/2010:09:52:42 -0800] "GET
/mediawiki/index.php?title=-&action=raw&gen=js&useskin=monobook
HTTP/1.1" 401 480
99.61.74.22 - - [06/Jan/2010:09:52:42 -0800] "GET
/mediawiki/index.php?title=MediaWiki:Common.css&usemsgcache=yes&ctype=text%2Fcss&smaxage=18000&action=raw&maxage=18000
HTTP/1.1" 401 480
99.61.74.22 - - [06/Jan/2010:09:52:43 -0800] "GET /favicon.ico HTTP/1.1"
401 480
99.61.74.22 - - [06/Jan/2010:09:52:46 -0800] "GET
/mediawiki/index.php?title=MediaWiki:Print.css&usemsgcache=yes&ctype=text%2Fcss&smaxage=18000&action=raw&maxage=18000
HTTP/1.1" 401 480
You see that there are 13 of them for which I receive 10 requests for
username and password.
Patrick
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Multiple ssh login prompts
Posted by Boyle Owen <Ow...@six-group.com>.
> -----Original Message-----
> From: Patrick Horgan [mailto:phorgan1@yahoo.com]
> Sent: Wednesday, January 06, 2010 6:41 AM
> To: users@httpd.apache.org
> Subject: [users@httpd] Multiple ssh login prompts
>
> On a site that I set up on fedora, https://ootbcomp.com, which brings
> you to a mediawiki installation, there are ten ssl login prompts each
> above the other, so if you log in to one of them, the next
> one down in
> the stack appears in my firefox browser. If I log in ten times I get
> the site, if I log in once and cancel the other nine I get
> one pane of
> the site and a refresh in the browser gets the whole site.
> After that
> I'm not prompted again unless I restart the browser of course. Does
> anyone have any idea what I did? I've never seen this
> behavior before.
> The system:
How are your Basic Auth realms defined? Do you have a single realm with
all content within? Or many parallel realms? Or nested realms?
You mention "panes" so I guess that components of the site are loaded
with dojo ContentPanes or iframes or similar? If so, how do the hrefs
look? Do they have absolute URLs
(href="https://ootbcomp.com/path/to/content") or relative links
(href="/path/to/content")?
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.
>
> Linux s2.ootbcomp.com 2.6.30.8-64.fc11.x86_64 #1 SMP Fri Sep
> 25 04:43:32
> EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
> The server is loaded from a fedora package:
> httpd.x86_64 2.2.13-1.fc11
>
> @updates
> Server version: Apache/2.2.13 (Unix)
> mediawiki is from a fedora package:
> mediawiki.x86_64 1.15.1-50.fc11
>
> @updates
>
> In the ssl_access_log I can see the multiple requests for the page,
> favicon, a php file, some css, some images, etc...and it
> seems that for
> each of them, I get an ssl login prompt.
>
> Patrick
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message.
The sender's company reserves the right to monitor all e-mail communications through their networks.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org