You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Chris Edwards <ch...@obinet.com> on 2003/12/31 16:19:31 UTC
[users@httpd] how to rewrite 443 port to another
Hi
My server does virtual hosting and has a single ip address. There is a cert
installed on the 443 port. I want to install another certificate. I'm
trying to use rewrite to change the port. Its not working and I need some
help if anyone can offer. Here is what I currently have configured:
<VirtualHost *:80>
SSLDisable
ServerName domain.com
ServerAlias www.domain.com
DocumentRoot /home/sites/www.domain.com/web
</Virtualhost>
<VirtualHost *:443>
SSLDisable
#AliasMatch ^(.*) https://www.domain.com:4443/$1
RewriteEngine on
RewriteRule ^/(.*) https://www.domain.com:4443/$1 [L,R]
#RewriteCond %{SERVER_PORT} ^443$
#RewriteRule ^.*$ https://www.domain.com:4443{REQUEST_URI} [R,L]
</Virtualhost>
<VirtualHost *:4443>
SSLEnable
SSLCertificateFile /usr/local/certs/www.domain.com.pem
SSLCACertificateFile /usr/local/certs/ca_new.txt
ServerName domain.com
ServerAlias www.domain.com
DocumentRoot /home/sites/www.domain.com/web
</Virtualhost>
Thanks!
--
Chris Edwards
Web Application Developer
Outer Banks Internet, Inc.
252-441-6698
chris.edwards@obinet.com
http://www.OuterBanksInternet.com
----- Original Message -----
From: "Lenny Sorey" <lr...@fatdot.com>
To: "Tomcat Users Group" <to...@jakarta.apache.org>
Cc: "Apache HTTP Users List" <us...@httpd.apache.org>
Sent: Wednesday, December 31, 2003 9:13 AM
Subject: [users@httpd] Subject: HOWTO: Apache + Tomcat + mod_jk OR mod_jk2
even IIS
> For those seeking a solution to Integrating the following:
>
> Tomcat 4(or 5) and mod_jk2 (Tomcat/Jk2Generic)
> Tomcat 4.1.x and Apache 2.0.x on Linux with mod_jk2 and IP sockets
(LinuxJK2)
> Tomcat 4.1.x and Apache 2.0.x on Linux with mod_jk and IP sockets
(LinuxJK)
> Tomcat 4.1.x and IIS on Windows/2000 Professional with mod_jk and IP
sockets (WinJKIIS)
> Tomcat 4.1.x and IIS on Windows/2000 Professional with mod_jk2 and IP
sockets (WinJK2IIs)
> Tomcat 4.1.x and Apache 2.0.x on Windows/2000 Professional with mod_jk and
IP sockets (WinJKApache)
> Tomcat 4.1.x and Apache 2.0.x on Windows/2000 Professional with mod_jk2
and IP sockets (WinJK2Apache)
>
> I found the following site very helpful: I used this site to help me get
up and going with Tomcat 4.1.29 + Apache 2.0.48 + mod_jk2
>
>
> http://nagoya.apache.org/wiki/apachewiki.cgi?TomcatWeb
>
>
> Happy New Year and Good Luck!!
>
>
> Lenny Sorey
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how to rewrite 443 port to another
Posted by Brian Dessent <br...@dessent.net>.
Chris Edwards wrote:
>
> > Remember that SSL happens above the
> > entire HTTP protocol level, so to get to the point of being able to
> > issue a redirect, all of the certificate authentication and key exchange
> > has already taken place.
>
> What I'm trying to accomplish is having someone come in on port 443, and be
> directed to port 4443.
>
> I don't want the url to change and I don't want the certificate prompts to
> say the domain doesn't match.
>
> >From your previous statement. This sounds impossible. Am I right?
The only way that you can issue a redirect without a certificate is if
they come in using 'http:' and not 'https:'. If they come in on
"http://site.com:443" then it will work, but "https://site.com" won't,
because https requires a certificate before you can even start talking
HTTP.
But, if you have a certificate for both "site-a.com" and "site-b.com"
then you can serve https requests on site-a with the site-a certificate,
and then issue a redirect to site-b.com. But if you don't have a
site-a.com cert then there's no way you can answer any 'https' queries
for site-a, even if it's just to redirect. (unless you want to prompt
about lack of cert, which you don't.)
Brian
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how to rewrite 443 port to another
Posted by Chris Edwards <ch...@obinet.com>.
> Remember that SSL happens above the
> entire HTTP protocol level, so to get to the point of being able to
> issue a redirect, all of the certificate authentication and key exchange
> has already taken place.
What I'm trying to accomplish is having someone come in on port 443, and be
directed to port 4443.
I don't want the url to change and I don't want the certificate prompts to
say the domain doesn't match.
>From your previous statement. This sounds impossible. Am I right?
--
Chris Edwards
Web Application Developer
Outer Banks Internet, Inc.
252-441-6698
chris.edwards@obinet.com
http://www.OuterBanksInternet.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] backout works : re: Apache/Redhat Simple AuthType Basic not working :( help please
Posted by Ben Yau <by...@cardcommerce.com>.
Tom.
Thanks for the tip. We recentlyupgraded to 2.0.48. I downgraded to 2.0.45
(prevoius versoin) and it works now.
Also, the authname on the dialog box is a valid one defined in the
httpd.conf file. The identical httpd.conf file in the 2.0.48 apache
1) did not auth for reports.auto-rebate.com
2) did auth for youthfocusfund.com but with an authname that wasn't in
httpd.conf
go figure :/
Thanks for your help! And for tolerating my crazinesss!
ben y
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] IT GETS WEIRDER!!! RE: [users@httpd] Apache/Redhat Simple AuthType Basic not working :( help please
Posted by Ben Yau <by...@cardcommerce.com>.
Tom !! I'm not alone in the world!
Okay, so the old admin had a habit of doing a lot of copying and pasting.
In doing so of the 9 authnames there were only 2 unique ones . So Iwent in
and made each authname unique. Then I went to a server were the auth was
working and the authname on the dialog box WAS NOT EVEN ONE DEFINED IN THE
HTTPD.CONF!!
I created "hello world" test.html files just to ensure that it was loading
the HTML from the machine i though it should be. and it was . However, the
authname that came up was not in the httpd.conf file for the apache server
running on that machine.
So anyone seen THAT before ?
echo "hello world from youthfocusfund" > /home/www/yff/test.html
echo "hello world from auto-rebates.com" >
/home/www/reports.auto-rebates.com/test.html
# grep -i "authname" httpd.conf
AuthName SSLStaging1
AuthName SSLStaging2
AuthName testing3
AuthName "Escrip Staging1"
AuthName "Escrip Staging2"
AuthName SSLStaging4
AuthName YOUTHFOCUSFUND
AuthName SSLStaging5
AuthName REPORTSAUTOREBATE
# apachectl stop
# apachectl start
(just to be sure)
load up www.youthfocusfund.com/test.html
asks for user/password and the authname says "SSLStaging" (??) . I type in
my user pass and it loads up the proper test.html page. (how is my
user/pass even working ? Or how is that authname getting in there?)
load up www.reports.auto-rebates.com/test.html
loads up, no questoins asked.
Further, just to make sure.
# grep -i documentroot httpd.conf
all the docroots are in /home/www. Just to make sure there are no stray
.htaccess flie (or any other access file)
# cd /home/www
# find . -type f -print | xargs grep -i authname 2> /dev/null
All the authnames which come up are not SSLStaging
agggghhh
thanks for your help so far guys :) I think this one may be beyond me .
I'm asking the legacy admin right now and he's just as puzzled.
ben y
> -----Original Message-----
> From: Tom Holmes Jr. [mailto:tom@tomholmes.net]
> Sent: Friday, January 02, 2004 3:59 PM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Apache/Redhat Simple AuthType Basic not
> working :( help please
>
>
> Yep, same issue I am having ... we are both using 2.0.48 and everything I
> setup is the same as what you did. I went to a slightly older version of
> Apache on another machine, and set the configuration up the same
> way and it
> worked.
>
> I am also taking shots in the dark and restarting Apache everytime. I
> wonder how many other people are having the same problem? At least I feel
> better that I am not alone in this.
>
> Thanks.
> Tom
>
> p.s. If I get it working, I'll let you know.
>
> ----- Original Message -----
> From: "Ben Yau" <by...@cardcommerce.com>
> To: <us...@httpd.apache.org>
> Sent: Friday, January 02, 2004 5:06 PM
> Subject: [users@httpd] Apache/Redhat Simple AuthType Basic not working :(
> help please
>
>
> > Hi all.
> >
> > Happy New Year everybody.
> >
> > I'm really having problems with this and I can't figure it out.
> >
> > The problem is that apache seems to be ignoring any of the
> authentication
> > setup i've put in for a new virtual host. The pages are freely
> available
> to
> > anyone who goes to the URL. The error logs and access logs
> reflect this.
> > No errors, and access entries show regular web page serving.
> >
> > I went through the tutorial
> (http://httpd.apache.org/docs/howto/auth.html)
> > and the apache manual (html version downlaoded to my computer) just to
> make
> > sure I wasn't missing anything and still having problems. I'm sure I've
> > overlooked something obvious so hopefully someone can help me out. (at
> least
> > I'm hoping it's something obvious that i've overlooked)
> >
> > We're running Redhat 8.x, Apache2.0.48.
> >
> > The httpd.conf file is quite convoluted (legacy, and this is
> where I think
> > i'm overlooking something). There are several virtualhost
> entries and the
> > problem I'm having is wiht a new Virtualhost for accessing reports of
> > webstats for a specific site.
> >
> > There is an AllowOverride None in the main config area (before all the
> > Virtual hosts directives) in a <Directory /> directive . From what I
> > remember and what I read in one of the tutorials or manuals that means
> that
> > the .htaccess file is completely ignored which is why I'm doing
> everything
> > in the VirtualHost directive to be safe. (is this correct?)
> >
> > Here is my Virtualhost entry:
> > <VirtualHost 10.253.32.174:80>
> >
> > ServerName reports.auto-rebates.com
> > ServerAdmin webmaster@cardcommerce.com
> > DocumentRoot /home/www/reports.auto-rebates.com
> > DirectoryIndex index.html
> > Alias /awstatsjs "/usr/local/awstats/wwwroot/js/"
> > Alias /awstatsclasses "/usr/local/awstats/wwwroot/classes/"
> > Alias /awstatscss "/usr/local/awstats/wwwroot/css"
> > Alias /awstatsicons "/usr/local/awstats/wwwroot/icon"
> > <Directory />
> > AuthType Basic
> > AuthName "ReportsAutoRebates"
> > AuthUserFile /home/www/reports.auto-rebates.com/.rarpasswd
> > Require valid-user
> > </Directory>
> > </VirtualHost>
> >
> > I've also tried
> >
> > Require user byau
> >
> > as well (my test username) with no luck.
> > I created the password file using
> >
> > # htpasswd -c /home/www/reports.auto-rebates.com/.rarpasswd byau
> >
> > I've stopped and restarted the server every time I've changed anything.
> > I've also stopped and restarted my browser (IE on WinXP) and
> deleted temp
> > browser files in case I was already auth for that dir and for
> that reason
> > was skipping future auth. Also accessed the pages using lynx
> on localhost
> > and still no auth required. There are no errors. only entries in access
> > just like normal web page serving
> >
> > It's worth mentioning that there is a virtual host that uses
> /home/www as
> > its documentroot that has its own auth configs. These do work
> by the way.
> > When I close/repoen browser and attepmt to go to the reports website in
> > /home/www/reports.auto-rebates.com, there is no auth asked for
> at all so
> I
> > don't think it is that I have already somehow been validated into
> /home/www
> > and am now being validated into
> /home/www/reports.auto-rebates.com. Is it
> > possible that configurations for /home/www i affecting configs for
> > /home/www/reports.auto-rebates.com even though they are in different
> > <Virtualhost> directives?
> >
> > Here is the first <Virtualhost> entry:
> > <VirtualHost 10.253.32.174:80>
> >
> > ServerName www.escrip.com
> > CauchoConfigFile /usr/local/resin/conf/escrip.conf
> > Serveradmin webadmin@rmsys.net
> > DirectoryIndex index.html index.htm index.jsp index.HTM /error/404.html
> > ScriptAlias /cgi-bin/ /home/www/escripinc_pub/cgi-bin/
> > Alias /dev/ /home/www/dev/escripinc_pub/
> > DocumentRoot /home/www/escripinc_pub/
> >
> >
> > <Directory />
> >
> > AuthType Basic
> > AuthName "Escrip Staging"
> > AuthUserFile /home/www/.esipasswd
> > AuthGroupFile /dev/null
> > Require valid-user
> >
> > </Directory>
> > </Virtualhost>
> >
> >
> > And here is the config stuff before the first <Virtualhost>. I took out
> all
> > the things that didn' tlook relevant (like Add* and BrowserMatch* and
> things
> > like that)
> >
> > User nobody
> > Group nobody
> > ServerAdmin webmaster@cardcommerce.com
> > ServerName tarpon.internal.cci
> > UseCanonicalName Off
> > DocumentRoot "/usr/local/apache2.0.48/htdocs"
> > <Directory />
> > Options FollowSymLinks
> > AllowOverride None
> > </Directory>
> > AccessFileName .htaccess
> > <Files ~ "^\.ht">
> > Order allow,deny
> > Deny from all
> > </Files>
> > TypesConfig conf/mime.types
> > DefaultType text/plain
> > <IfModule mod_mime_magic.c>
> > MIMEMagicFile conf/magic
> > </IfModule>
> > HostnameLookups Off
> >
> >
> >
> >
> > Thanks anybody for any ideas on where I can look. At this
> point I'm just
> > trying random things out to see if anything works. I realize there are
> > other issues to solve (such as not putting the AuthUserFile in
> same dir as
> > DocumentRoot). That's the legacy they are using on the test server that
> > I'll talk to him about later. All I need to do right now is
> just get the
> > username/password working for this virtual host.
> >
> > Thanks!
> > Cheers!
> > Ben
> >
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP
> Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > " from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache/Redhat Simple AuthType Basic not working :( help please
Posted by "Tom Holmes Jr." <to...@tomholmes.net>.
Yep, same issue I am having ... we are both using 2.0.48 and everything I
setup is the same as what you did. I went to a slightly older version of
Apache on another machine, and set the configuration up the same way and it
worked.
I am also taking shots in the dark and restarting Apache everytime. I
wonder how many other people are having the same problem? At least I feel
better that I am not alone in this.
Thanks.
Tom
p.s. If I get it working, I'll let you know.
----- Original Message -----
From: "Ben Yau" <by...@cardcommerce.com>
To: <us...@httpd.apache.org>
Sent: Friday, January 02, 2004 5:06 PM
Subject: [users@httpd] Apache/Redhat Simple AuthType Basic not working :(
help please
> Hi all.
>
> Happy New Year everybody.
>
> I'm really having problems with this and I can't figure it out.
>
> The problem is that apache seems to be ignoring any of the authentication
> setup i've put in for a new virtual host. The pages are freely available
to
> anyone who goes to the URL. The error logs and access logs reflect this.
> No errors, and access entries show regular web page serving.
>
> I went through the tutorial (http://httpd.apache.org/docs/howto/auth.html)
> and the apache manual (html version downlaoded to my computer) just to
make
> sure I wasn't missing anything and still having problems. I'm sure I've
> overlooked something obvious so hopefully someone can help me out. (at
least
> I'm hoping it's something obvious that i've overlooked)
>
> We're running Redhat 8.x, Apache2.0.48.
>
> The httpd.conf file is quite convoluted (legacy, and this is where I think
> i'm overlooking something). There are several virtualhost entries and the
> problem I'm having is wiht a new Virtualhost for accessing reports of
> webstats for a specific site.
>
> There is an AllowOverride None in the main config area (before all the
> Virtual hosts directives) in a <Directory /> directive . From what I
> remember and what I read in one of the tutorials or manuals that means
that
> the .htaccess file is completely ignored which is why I'm doing everything
> in the VirtualHost directive to be safe. (is this correct?)
>
> Here is my Virtualhost entry:
> <VirtualHost 10.253.32.174:80>
>
> ServerName reports.auto-rebates.com
> ServerAdmin webmaster@cardcommerce.com
> DocumentRoot /home/www/reports.auto-rebates.com
> DirectoryIndex index.html
> Alias /awstatsjs "/usr/local/awstats/wwwroot/js/"
> Alias /awstatsclasses "/usr/local/awstats/wwwroot/classes/"
> Alias /awstatscss "/usr/local/awstats/wwwroot/css"
> Alias /awstatsicons "/usr/local/awstats/wwwroot/icon"
> <Directory />
> AuthType Basic
> AuthName "ReportsAutoRebates"
> AuthUserFile /home/www/reports.auto-rebates.com/.rarpasswd
> Require valid-user
> </Directory>
> </VirtualHost>
>
> I've also tried
>
> Require user byau
>
> as well (my test username) with no luck.
> I created the password file using
>
> # htpasswd -c /home/www/reports.auto-rebates.com/.rarpasswd byau
>
> I've stopped and restarted the server every time I've changed anything.
> I've also stopped and restarted my browser (IE on WinXP) and deleted temp
> browser files in case I was already auth for that dir and for that reason
> was skipping future auth. Also accessed the pages using lynx on localhost
> and still no auth required. There are no errors. only entries in access
> just like normal web page serving
>
> It's worth mentioning that there is a virtual host that uses /home/www as
> its documentroot that has its own auth configs. These do work by the way.
> When I close/repoen browser and attepmt to go to the reports website in
> /home/www/reports.auto-rebates.com, there is no auth asked for at all so
I
> don't think it is that I have already somehow been validated into
/home/www
> and am now being validated into /home/www/reports.auto-rebates.com. Is it
> possible that configurations for /home/www i affecting configs for
> /home/www/reports.auto-rebates.com even though they are in different
> <Virtualhost> directives?
>
> Here is the first <Virtualhost> entry:
> <VirtualHost 10.253.32.174:80>
>
> ServerName www.escrip.com
> CauchoConfigFile /usr/local/resin/conf/escrip.conf
> Serveradmin webadmin@rmsys.net
> DirectoryIndex index.html index.htm index.jsp index.HTM /error/404.html
> ScriptAlias /cgi-bin/ /home/www/escripinc_pub/cgi-bin/
> Alias /dev/ /home/www/dev/escripinc_pub/
> DocumentRoot /home/www/escripinc_pub/
>
>
> <Directory />
>
> AuthType Basic
> AuthName "Escrip Staging"
> AuthUserFile /home/www/.esipasswd
> AuthGroupFile /dev/null
> Require valid-user
>
> </Directory>
> </Virtualhost>
>
>
> And here is the config stuff before the first <Virtualhost>. I took out
all
> the things that didn' tlook relevant (like Add* and BrowserMatch* and
things
> like that)
>
> User nobody
> Group nobody
> ServerAdmin webmaster@cardcommerce.com
> ServerName tarpon.internal.cci
> UseCanonicalName Off
> DocumentRoot "/usr/local/apache2.0.48/htdocs"
> <Directory />
> Options FollowSymLinks
> AllowOverride None
> </Directory>
> AccessFileName .htaccess
> <Files ~ "^\.ht">
> Order allow,deny
> Deny from all
> </Files>
> TypesConfig conf/mime.types
> DefaultType text/plain
> <IfModule mod_mime_magic.c>
> MIMEMagicFile conf/magic
> </IfModule>
> HostnameLookups Off
>
>
>
>
> Thanks anybody for any ideas on where I can look. At this point I'm just
> trying random things out to see if anything works. I realize there are
> other issues to solve (such as not putting the AuthUserFile in same dir as
> DocumentRoot). That's the legacy they are using on the test server that
> I'll talk to him about later. All I need to do right now is just get the
> username/password working for this virtual host.
>
> Thanks!
> Cheers!
> Ben
>
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Apache/Redhat Simple AuthType Basic not working :( help please
Posted by Ben Yau <by...@cardcommerce.com>.
> -----Original Message-----
> From: Brian Dessent [mailto:brian@dessent.net]
> Sent: Friday, January 02, 2004 2:24 PM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Apache/Redhat Simple AuthType Basic not
> working :( help please
>
>
> Ben Yau wrote:
>
> > <Directory />
> > AuthType Basic
> > AuthName "ReportsAutoRebates"
> > AuthUserFile /home/www/reports.auto-rebates.com/.rarpasswd
> > Require valid-user
> > </Directory>
> > </VirtualHost>
>
> Are you sure you want a Directory container and not a Location
> container? Directory referrs to the filesystem, whereas Location refers
> to URLs. So if you want authentication for every URL of a virtual host,
> I'd use "<Location />" in that vhost container. But that doesn't
> actually explain why the above works for one vhost and not another.
>
> Brian
Hi Brian.
Hmm. I hadn't used <Location> before. Basically, any file in the document
root of this virtual host should require the AuthType Basic to work. And so
far in each virtual host directive used in our httpd.conf file the auth
stuff is put in a directory container and i want to keep up their convention
for now. Would there be a difference in this case using <Location> vs.
<Directory> since every file will be accesed throuhg a URL and I believe
once accessed they don't have to authenticate again (like for any images
included in the web page?). Or is that incorrect? The docs I had seen led
me to believe once authneticated they didn't have to again for each image,
etc in the page that is downloaded with that page.
I'll try the <Location> for kicks to see what happens.
Thanks
Ben
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache/Redhat Simple AuthType Basic not working :(
help please
Posted by Brian Dessent <br...@dessent.net>.
Ben Yau wrote:
> <Directory />
> AuthType Basic
> AuthName "ReportsAutoRebates"
> AuthUserFile /home/www/reports.auto-rebates.com/.rarpasswd
> Require valid-user
> </Directory>
> </VirtualHost>
Are you sure you want a Directory container and not a Location
container? Directory referrs to the filesystem, whereas Location refers
to URLs. So if you want authentication for every URL of a virtual host,
I'd use "<Location />" in that vhost container. But that doesn't
actually explain why the above works for one vhost and not another.
Brian
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Apache/Redhat Simple AuthType Basic not working :( help please
Posted by Ben Yau <by...@cardcommerce.com>.
Hi all.
Happy New Year everybody.
I'm really having problems with this and I can't figure it out.
The problem is that apache seems to be ignoring any of the authentication
setup i've put in for a new virtual host. The pages are freely available to
anyone who goes to the URL. The error logs and access logs reflect this.
No errors, and access entries show regular web page serving.
I went through the tutorial (http://httpd.apache.org/docs/howto/auth.html)
and the apache manual (html version downlaoded to my computer) just to make
sure I wasn't missing anything and still having problems. I'm sure I've
overlooked something obvious so hopefully someone can help me out. (at least
I'm hoping it's something obvious that i've overlooked)
We're running Redhat 8.x, Apache2.0.48.
The httpd.conf file is quite convoluted (legacy, and this is where I think
i'm overlooking something). There are several virtualhost entries and the
problem I'm having is wiht a new Virtualhost for accessing reports of
webstats for a specific site.
There is an AllowOverride None in the main config area (before all the
Virtual hosts directives) in a <Directory /> directive . From what I
remember and what I read in one of the tutorials or manuals that means that
the .htaccess file is completely ignored which is why I'm doing everything
in the VirtualHost directive to be safe. (is this correct?)
Here is my Virtualhost entry:
<VirtualHost 10.253.32.174:80>
ServerName reports.auto-rebates.com
ServerAdmin webmaster@cardcommerce.com
DocumentRoot /home/www/reports.auto-rebates.com
DirectoryIndex index.html
Alias /awstatsjs "/usr/local/awstats/wwwroot/js/"
Alias /awstatsclasses "/usr/local/awstats/wwwroot/classes/"
Alias /awstatscss "/usr/local/awstats/wwwroot/css"
Alias /awstatsicons "/usr/local/awstats/wwwroot/icon"
<Directory />
AuthType Basic
AuthName "ReportsAutoRebates"
AuthUserFile /home/www/reports.auto-rebates.com/.rarpasswd
Require valid-user
</Directory>
</VirtualHost>
I've also tried
Require user byau
as well (my test username) with no luck.
I created the password file using
# htpasswd -c /home/www/reports.auto-rebates.com/.rarpasswd byau
I've stopped and restarted the server every time I've changed anything.
I've also stopped and restarted my browser (IE on WinXP) and deleted temp
browser files in case I was already auth for that dir and for that reason
was skipping future auth. Also accessed the pages using lynx on localhost
and still no auth required. There are no errors. only entries in access
just like normal web page serving
It's worth mentioning that there is a virtual host that uses /home/www as
its documentroot that has its own auth configs. These do work by the way.
When I close/repoen browser and attepmt to go to the reports website in
/home/www/reports.auto-rebates.com, there is no auth asked for at all so I
don't think it is that I have already somehow been validated into /home/www
and am now being validated into /home/www/reports.auto-rebates.com. Is it
possible that configurations for /home/www i affecting configs for
/home/www/reports.auto-rebates.com even though they are in different
<Virtualhost> directives?
Here is the first <Virtualhost> entry:
<VirtualHost 10.253.32.174:80>
ServerName www.escrip.com
CauchoConfigFile /usr/local/resin/conf/escrip.conf
Serveradmin webadmin@rmsys.net
DirectoryIndex index.html index.htm index.jsp index.HTM /error/404.html
ScriptAlias /cgi-bin/ /home/www/escripinc_pub/cgi-bin/
Alias /dev/ /home/www/dev/escripinc_pub/
DocumentRoot /home/www/escripinc_pub/
<Directory />
AuthType Basic
AuthName "Escrip Staging"
AuthUserFile /home/www/.esipasswd
AuthGroupFile /dev/null
Require valid-user
</Directory>
</Virtualhost>
And here is the config stuff before the first <Virtualhost>. I took out all
the things that didn' tlook relevant (like Add* and BrowserMatch* and things
like that)
User nobody
Group nobody
ServerAdmin webmaster@cardcommerce.com
ServerName tarpon.internal.cci
UseCanonicalName Off
DocumentRoot "/usr/local/apache2.0.48/htdocs"
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
TypesConfig conf/mime.types
DefaultType text/plain
<IfModule mod_mime_magic.c>
MIMEMagicFile conf/magic
</IfModule>
HostnameLookups Off
Thanks anybody for any ideas on where I can look. At this point I'm just
trying random things out to see if anything works. I realize there are
other issues to solve (such as not putting the AuthUserFile in same dir as
DocumentRoot). That's the legacy they are using on the test server that
I'll talk to him about later. All I need to do right now is just get the
username/password working for this virtual host.
Thanks!
Cheers!
Ben
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how to rewrite 443 port to another
Posted by Brian Dessent <br...@dessent.net>.
Chris Edwards wrote:
> <VirtualHost *:443>
> SSLDisable
> #AliasMatch ^(.*) https://www.domain.com:4443/$1
> RewriteEngine on
>
> RewriteRule ^/(.*) https://www.domain.com:4443/$1 [L,R]
>
> #RewriteCond %{SERVER_PORT} ^443$
> #RewriteRule ^.*$ https://www.domain.com:4443{REQUEST_URI} [R,L]
> </Virtualhost>
How about just: "Redirect / https://www.domain.com:4443/"
Also, you have SSL disabled for this vhost that's listening on port 443,
but if someone tries to access this vhost with "https://www.domain.com"
or "https://www.domain.com:443" then their browser is expecting to speak
https (i.e. SSL) so you may need to enable that, even if all you want to
do is redirect to another site. Remember that SSL happens above the
entire HTTP protocol level, so to get to the point of being able to
issue a redirect, all of the certificate authentication and key exchange
has already taken place.
Brian
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org