You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Romeo Theriault <ro...@gmail.com> on 2006/04/14 15:44:48 UTC
[users@httpd] How to SSL protect certain directories
I have an apache website that I need some directories protected by
ssl. So I got the certificate etc... Now I have two virtual hosts,
one that is the unsecure and one that is the secure. There are only a
few directories that I need secured by ssl.
for example:
http://www.some.domain.name.com/distance/register/
http://www.some.domain.name.com/registrar/request/
So to get those directories secured I put this mod_rewrite code into
the unsecure httpd.conf file.
<Directory /var/www/www/distance >
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^register/(.*) https://
www.some.domain.com/distance/register/$1 [C]
</Directory>
<Directory /var/www/www/registrar >
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^request/(.*) https://
www.some.domain.com/registrar/request/$1 [C]
</Directory>
This works great.
The problem is that once people have viewed those pages that are in
those secure directories the rest of the pages they view on the site
are on the secure site. I would like to have a rewriterule in the
secure virtual host to check if they are not in one of those
directories and redirect them back to the unsecure site.
I've been banging my head trying to get this and I can't figure it
out. (I'm new to regular expressions and mod_rewrite). I keep getting
redirected back and forth until the browser tells me "Too many
redirects." or some such error.
Here's what I have so far for the secure virtual host, but again, it
doesn't seem to work.
RewriteEngine On
RewriteRule !^register(.*) - [C]
RewriteRule ^/(.*) http://www.some.domain.com/$1 [L]
RewriteRule !^registrar/request/(.*) - [C]
RewriteRule ^/(.*) http://www.some.domain.com/$1 [L]
Could someone tell me what I'm doing wrong?
Do I need to put the secure rewrite rules in a <Directory> structure.
Thank you.
[users@httpd] Re: How to SSL protect certain directories
Posted by Joost de Heer <sa...@xs4all.nl>.
Romeo Theriault wrote:
> Joost, I've tried you option,
>
>> RewriteCond %{REQUEST_URI} !^/secure_dir(.*)
>> RewriteCond %{HTTPS} on
>> RewriteRule /^(.*) http://my.site/$1
>
> but still get no change in behaviour. It won't go back to http once
> it's gone to https:.
Change the RewriteRule to
RewriteRule /^(.*) http://my.site/$1 [R]
But what's so bad about people using SSL?
Joost
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Re: How to SSL protect certain directories
Posted by Romeo Theriault <ro...@gmail.com>.
Joost, I've tried you option,
> RewriteCond %{REQUEST_URI} !^/secure_dir(.*)
> RewriteCond %{HTTPS} on
> RewriteRule /^(.*) http://my.site/$1
but still get no change in behaviour. It won't go back to http once
it's gone to https:.
Is there any additional information that I can provide to you to make
this easier.
Thank you,
Romeo
On Apr 14, 2006, at 11:36 AM, Joost de Heer wrote:
> Romeo Theriault wrote:
>> I have an apache website that I need some directories protected by
>> ssl. So I got the certificate etc... Now I have two virtual hosts,
>> one that is the unsecure and one that is the secure. There are only a
>> few directories that I need secured by ssl.
>>
>> for example:
>> http://www.some.domain.name.com/distance/register/
>> http://www.some.domain.name.com/registrar/request/
>>
>> So to get those directories secured I put this mod_rewrite code into
>> the unsecure httpd.conf file.
>
>> <Directory /var/www/www/distance >
>> RewriteEngine On
>> RewriteBase /
>> RewriteCond %{REQUEST_FILENAME} -f [OR]
>
> 'RewriteCond %{HTTPS} off' is a better check
>
>> The problem is that once people have viewed those pages that are in
>> those secure directories the rest of the pages they view on the site
>> are on the secure site. I would like to have a rewriterule in the
>> secure virtual host to check if they are not in one of those
>> directories and redirect them back to the unsecure site.
>
> Something like
>
> RewriteCond %{REQUEST_URI} !^/secure_dir(.*)
> RewriteCond %{HTTPS} on
> RewriteRule /^(.*) http://my.site/$1
>
> Joost
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Re: How to SSL protect certain directories
Posted by Joost de Heer <sa...@xs4all.nl>.
Romeo Theriault wrote:
> I have an apache website that I need some directories protected by
> ssl. So I got the certificate etc... Now I have two virtual hosts,
> one that is the unsecure and one that is the secure. There are only a
> few directories that I need secured by ssl.
>
> for example:
> http://www.some.domain.name.com/distance/register/
> http://www.some.domain.name.com/registrar/request/
>
> So to get those directories secured I put this mod_rewrite code into
> the unsecure httpd.conf file.
> <Directory /var/www/www/distance >
> RewriteEngine On
> RewriteBase /
> RewriteCond %{REQUEST_FILENAME} -f [OR]
'RewriteCond %{HTTPS} off' is a better check
> The problem is that once people have viewed those pages that are in
> those secure directories the rest of the pages they view on the site
> are on the secure site. I would like to have a rewriterule in the
> secure virtual host to check if they are not in one of those
> directories and redirect them back to the unsecure site.
Something like
RewriteCond %{REQUEST_URI} !^/secure_dir(.*)
RewriteCond %{HTTPS} on
RewriteRule /^(.*) http://my.site/$1
Joost
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] 1.3.34 Crashing Regularly on Windows
Posted by tr...@clayst.com.
I have been fighting this issue for a while now but recently I've been
trying to track it down as it has become very annoying.
Here's the setup I am currently using on my Windows system when doing
some development (the live server is on Unix and there are no such
issues):
XP Professional SP1 Build 2600
Apache 1.3.34, Windows binaries downloaded via apache.org
PHP 4.4.0, Windows binaries downloaded via php.net; no other
modules added beyond Apache base configuration
Name-based virtual hosting with three server names off
of localhost
I am getting regular crashes on an attempt to redirect via a Location:
header -- if I kill Apache and restart it will get somewhat further
before crashing so it isn't always the first redirect that fails.
Browser doesn't seem to matter, it fails with Mozilla 1.7.8 and IE
6.0.2800.1106.
Log level debug yields the following in error.log, which doesn't look
like it says much of import:
[Sat Apr 15 00:04:48 2006] [info] Parent: Created child process
2884
[Sat Apr 15 00:04:48 2006] [info] Parent: Duplicating socket 1900
and sending it to child process 2884
[Sat Apr 15 00:04:48 2006] [info] BytesRead = 372 WSAProtocolInfo
= 2006620
[Sat Apr 15 00:04:59 2006] [info] master_main: Child processed
exited prematurely. Restarting the child process.
For the technically inclined the crashes are access violations at
0x77f585c0. If I allow the debugger to run the instruction is:
77F585C0 mov dword ptr [ecx],eax
and ecx is 0x00080100.
Anyone have a clue here? I first thought it was due to use of the SSL-
enabled version but I switched to the non-SSL version and get the same
results.
The pieces I added to the default httpd.conf were:
- Add LoadModule, AddModule, and AddType for PHP.
- Add virtual hosting section (below)
- Add index.php to DirectoryIndex
- Adjust DocumentRoot
Here is the virtual hosting section:
================================================================
NameVirtualHost 127.0.0.1:80
# Default local host
<VirtualHost 127.0.0.1:80>
ServerName localhost
ServerAdmin tr@localhost
DocumentRoot "d:/webdev/htdocs/"
DirectoryIndex index.php index.html index.shtml index.htm
UseCanonicalName Off
ErrorDocument 404 /missing.php
</VirtualHost>
# Client "live" local host
<VirtualHost 127.0.0.1:80>
ServerName live
ServerAdmin tr@localhost
DocumentRoot "d:/client/live/html/"
DirectoryIndex index.php index.html index.shtml index.htm
UseCanonicalName Off
ErrorDocument 404 /missing.php
</VirtualHost>
# Client "dev" local host
<VirtualHost 127.0.0.1:80>
ServerName dev
ServerAdmin tr@localhost
DocumentRoot "d:/client/dev/html/"
DirectoryIndex index.php index.html index.shtml index.htm
UseCanonicalName Off
ErrorDocument 404 /missing.php
</VirtualHost>
================================================================
Thanks for any feedback!
--
Tom
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] How to populate MSAccess Database while Apache HTTPD Queries it?
Posted by Siegfried Heintze <in...@signitek.com>.
Yikes! I'm running as the SYSTEM account according to a little program I
wrote that prints out
System.Security.Principal.WindowsIdentity.GetCurrent().Name using the cli.
This looks like a security threat. Can I change this so the web server is
running in a less privledged account?
Sieg
_____
From: Siegfried Heintze [mailto:info@signitek.com]
Sent: Friday, April 14, 2006 12:49 PM
To: users@httpd.apache.org
Subject: RE: [users@httpd] How to populate MSAccess Database while Apache
HTTPD Queries it?
Gary,
Why cannot I not just run the cygwin cron jobs under the same account as
Apache httpd is using? That ought to fix the problem. Can someone tell me
where in the httpd.conf file I specify the account that Apache httpd uses? I
thought I saw it in there once.
If it is not specified there, what is the account that the web server is
running under?
Sieg
_____
From: Garry Taylor
Sent: Friday, April 14, 2006 8:15 AM
To: users@httpd.apache.org
Subject: RE: [users@httpd] How to populate MSAccess Database while Apache
HTTPD Queries it?
-----Original Message-----
From: Siegfried Heintze [mailto:info@signitek.com]
Sent: 14 April 2006 15:08
To: users@httpd.apache.org
Subject: [users@httpd] How to populate MSAccess Database while Apache HTTPD
Queries it?
Sorry if this appears twice. When I did not see it echo I sent it again
-----Original Message-----
From: siegfried [mailto:siegfried@heintze.com]
Sent: Thursday, April 13, 2006 6:16 PM
To: 'users@httpd.apache.org'
Subject: Populating Microsoft MDB file and simultaneously querying it
I have some cygwin cron jobs populating a Microsoft Access database while
users are trying to simultaneouly query the database via C#/httpd.
I think my problem is that the cygwin cron jobs are running in the
Administrator account and they create a .mdl file (the lock) under the
administrator account and then, while httpd can open the .mdb file (because
I put an access control list on it), httpd cannot open the mdl file (because
the cron job just created it with the Administrator account).
What account should my cron jobs be running in to be compatible with with
httpd? I think they could all access the database fine if they were all
running in the same account?
Thanks,
Siegfried
I think your stuffed. You could get the script to make a copy of the
database and put all the new record into that one. Then copy the file over
replacing the old one. You may have you restart Apache with graceful after
this, if it changes anything. Adding records should be ok.
Giz
RE: [users@httpd] How to populate MSAccess Database while Apache HTTPD Queries it?
Posted by Siegfried Heintze <in...@signitek.com>.
Gary,
Why cannot I not just run the cygwin cron jobs under the same account as
Apache httpd is using? That ought to fix the problem. Can someone tell me
where in the httpd.conf file I specify the account that Apache httpd uses? I
thought I saw it in there once.
If it is not specified there, what is the account that the web server is
running under?
Sieg
_____
From: Garry Taylor
Sent: Friday, April 14, 2006 8:15 AM
To: users@httpd.apache.org
Subject: RE: [users@httpd] How to populate MSAccess Database while Apache
HTTPD Queries it?
-----Original Message-----
From: Siegfried Heintze [mailto:info@signitek.com]
Sent: 14 April 2006 15:08
To: users@httpd.apache.org
Subject: [users@httpd] How to populate MSAccess Database while Apache HTTPD
Queries it?
Sorry if this appears twice. When I did not see it echo I sent it again
-----Original Message-----
From: siegfried [mailto:siegfried@heintze.com]
Sent: Thursday, April 13, 2006 6:16 PM
To: 'users@httpd.apache.org'
Subject: Populating Microsoft MDB file and simultaneously querying it
I have some cygwin cron jobs populating a Microsoft Access database while
users are trying to simultaneouly query the database via C#/httpd.
I think my problem is that the cygwin cron jobs are running in the
Administrator account and they create a .mdl file (the lock) under the
administrator account and then, while httpd can open the .mdb file (because
I put an access control list on it), httpd cannot open the mdl file (because
the cron job just created it with the Administrator account).
What account should my cron jobs be running in to be compatible with with
httpd? I think they could all access the database fine if they were all
running in the same account?
Thanks,
Siegfried
I think your stuffed. You could get the script to make a copy of the
database and put all the new record into that one. Then copy the file over
replacing the old one. You may have you restart Apache with graceful after
this, if it changes anything. Adding records should be ok.
Giz
RE: [users@httpd] How to populate MSAccess Database while Apache HTTPD Queries it?
Posted by Garry Taylor <gi...@gbdesign.net>.
-----Original Message-----
From: Siegfried Heintze [mailto:info@signitek.com]
Sent: 14 April 2006 15:08
To: users@httpd.apache.org
Subject: [users@httpd] How to populate MSAccess Database while Apache
HTTPD Queries it?
Sorry if this appears twice. When I did not see it echo I sent it again
-----Original Message-----
From: siegfried [mailto:siegfried@heintze.com]
Sent: Thursday, April 13, 2006 6:16 PM
To: 'users@httpd.apache.org'
Subject: Populating Microsoft MDB file and simultaneously querying it
I have some cygwin cron jobs populating a Microsoft Access database
while users are trying to simultaneouly query the database via C#/httpd.
I think my problem is that the cygwin cron jobs are running in the
Administrator account and they create a .mdl file (the lock) under the
administrator account and then, while httpd can open the .mdb file
(because I put an access control list on it), httpd cannot open the mdl
file (because the cron job just created it with the Administrator
account).
What account should my cron jobs be running in to be compatible with
with httpd? I think they could all access the database fine if they were
all running in the same account?
Thanks,
Siegfried
I think your stuffed. You could get the script to make a copy of the
database and put all the new record into that one. Then copy the file
over replacing the old one. You may have you restart Apache with
graceful after this, if it changes anything. Adding records should be
ok.
Giz
[users@httpd] How to populate MSAccess Database while Apache HTTPD Queries it?
Posted by Siegfried Heintze <in...@signitek.com>.
Sorry if this appears twice. When I did not see it echo I sent it again
-----Original Message-----
From: siegfried [mailto:siegfried@heintze.com]
Sent: Thursday, April 13, 2006 6:16 PM
To: 'users@httpd.apache.org'
Subject: Populating Microsoft MDB file and simultaneously querying it
I have some cygwin cron jobs populating a Microsoft Access database while
users are trying to simultaneouly query the database via C#/httpd.
I think my problem is that the cygwin cron jobs are running in the
Administrator account and they create a .mdl file (the lock) under the
administrator account and then, while httpd can open the .mdb file (because
I put an access control list on it), httpd cannot open the mdl file (because
the cron job just created it with the Administrator account).
What account should my cron jobs be running in to be compatible with with
httpd? I think they could all access the database fine if they were all
running in the same account?
Thanks,
Siegfried