You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Richard de Vries <ri...@yahoo.com> on 2006/02/10 18:54:52 UTC
[users@httpd] mod_rewrite directive in main config does not trickle down into the https instance
Hey all,
I configured a couple of mod_rewrite directives in the
main configuration file to disable the TRACE/TRACK
methods. However, these rules do not seem to make it
into the HTTPS instance; even though I put them in the
main config, and not in the virtual hosts.
# Disable/Block TRACE/TRACK requests.
RewriteEngine on
RewriteOptions inherit
RewriteLog logs/mod_rewrite.log
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
I was hoping to not have to explicitly put these rules
in the SSL's config, to keep things clean and simple.
Any suggestions ?
Thank you!
R
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Virtual Hosts on 127.0.0.*
Posted by Diona Kidd <dk...@modernflow.com>.
Beautiful and simple! Worked like a charm. ;)
Thanks Joshua...
Joshua Slive wrote:
> On 2/10/06, Diona Kidd <dk...@modernflow.com> wrote:
>>
>> (98)Address already in use: make_sock: could not bind to address
>> 127.0.0.10:80
>> no listening sockets available, shutting down
>> Unable to open logs
>>
>> What am I missing? I'm running Debian 3.1, no iptable rules configured,
>> no
>> firewall. Does anyone else have a setup like this?
>
> Check your front-end instance of apache. It probably has something like
> Listen 80
> Listen 443
>
> These will grab all IP addresses on the machine, including the
> loopback. Change those to grab only the external addresses.
>
> Joshua.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
--
Modern Flow Technology Solutions
http://www.modernflow.com
Office: 704.347.2886
dkidd@modernflow.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Virtual Hosts on 127.0.0.*
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
Joshua Slive wrote:
> On 2/10/06, Diona Kidd <dk...@modernflow.com> wrote:
>
>>(98)Address already in use: make_sock: could not bind to address
>>127.0.0.10:80
>>no listening sockets available, shutting down
>>Unable to open logs
>>
>>What am I missing? I'm running Debian 3.1, no iptable rules configured, no
>>firewall. Does anyone else have a setup like this?
> Check your front-end instance of apache. It probably has something like
> Listen 80
> Listen 443
>
> These will grab all IP addresses on the machine, including the
> loopback. Change those to grab only the external addresses.
FYI, for Win32 XP SP2 users, there is a hotfix from Microsoft if you are trying
to using 127.0.0.2 - 127.255.255.255 - because Microsoft had the silly idea
that loopback addresses other than 127.0.0.1 were bad, and they broke this
rather standard behavior in that service pack.
Bill
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Virtual Hosts on 127.0.0.*
Posted by Joshua Slive <jo...@slive.ca>.
On 2/10/06, Diona Kidd <dk...@modernflow.com> wrote:
>
> (98)Address already in use: make_sock: could not bind to address
> 127.0.0.10:80
> no listening sockets available, shutting down
> Unable to open logs
>
> What am I missing? I'm running Debian 3.1, no iptable rules configured, no
> firewall. Does anyone else have a setup like this?
Check your front-end instance of apache. It probably has something like
Listen 80
Listen 443
These will grab all IP addresses on the machine, including the
loopback. Change those to grab only the external addresses.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Virtual Hosts on 127.0.0.*
Posted by Diona Kidd <dk...@modernflow.com>.
Hi all,
This may not be an Apache issue but it's related. Perhaps someone here has
some input.
I'm trying to set up virtual hosts on 127.0.0.* so I can use a front
instance of apache for SSL negotiations and proxy back to the
heavy-lifting, mod_perl apache when necessary. For security reasons, I was
thinking that if I put the second apache on 127.0.0.* then the request
would not go out and back in.
Apache runs fine on an external address and my config (for internal
127.0.0.*) looks like so:
Listen 127.0.0.10:80
NameVirtualHost 127.0.0.10
<VirtualHost 127.0.0.10>
(normal vhost stuff here)
</VirtualHost>
When I start Apache, I get the error:
(98)Address already in use: make_sock: could not bind to address
127.0.0.10:80
no listening sockets available, shutting down
Unable to open logs
What am I missing? I'm running Debian 3.1, no iptable rules configured, no
firewall. Does anyone else have a setup like this?
Thanks in advance,
Diona Kidd
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_rewrite directive in main config does not trickle down into the https instance
Posted by Richard de Vries <ri...@yahoo.com>.
excellent feedback. Thank you!
I was unaware of the TraceEnable method. I must have
read over it :(
I agree, it's not really dangerous anymore, but it's
something that should be considered when applying a
defense-in-depth strategy.
Thanks again for the prompt reply!
--- Joshua Slive <jo...@slive.ca> wrote:
> On 2/10/06, Richard de Vries
> <ri...@yahoo.com> wrote:
> > Hey all,
> >
> > I configured a couple of mod_rewrite directives in
> the
> > main configuration file to disable the TRACE/TRACK
> > methods. However, these rules do not seem to make
> it
> > into the HTTPS instance; even though I put them in
> the
> > main config, and not in the virtual hosts.
> >
> > # Disable/Block TRACE/TRACK requests.
> > RewriteEngine on
> > RewriteOptions inherit
> > RewriteLog logs/mod_rewrite.log
> > RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
> > RewriteRule .* - [F]
> >
> > I was hoping to not have to explicitly put these
> rules
> > in the SSL's config, to keep things clean and
> simple.
>
> 1. You are wasting your time because the TRACK
> method doesn't even
> exist in Apache and the TRACE method is not
> dangerous.
>
> 2. If you really want to waste your time, then use a
> recent version of
> apache that has the TraceEnable directive to solve
> this "problem".
>
> 3. If you must use mod_rewrite, then put
> RewriteEngine On
> RewriteOptions inherit
> inside the <VirtualHost> block for your ssl vhost.
>
> Joshua.
>
>
---------------------------------------------------------------------
> The official User-To-User support forum of the
> Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for
> more info.
> To unsubscribe, e-mail:
> users-unsubscribe@httpd.apache.org
> " from the digest:
> users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail:
> users-help@httpd.apache.org
>
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_rewrite directive in main config does not trickle down into the https instance
Posted by Joshua Slive <jo...@slive.ca>.
On 2/10/06, Richard de Vries <ri...@yahoo.com> wrote:
> Hey all,
>
> I configured a couple of mod_rewrite directives in the
> main configuration file to disable the TRACE/TRACK
> methods. However, these rules do not seem to make it
> into the HTTPS instance; even though I put them in the
> main config, and not in the virtual hosts.
>
> # Disable/Block TRACE/TRACK requests.
> RewriteEngine on
> RewriteOptions inherit
> RewriteLog logs/mod_rewrite.log
> RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
> RewriteRule .* - [F]
>
> I was hoping to not have to explicitly put these rules
> in the SSL's config, to keep things clean and simple.
1. You are wasting your time because the TRACK method doesn't even
exist in Apache and the TRACE method is not dangerous.
2. If you really want to waste your time, then use a recent version of
apache that has the TraceEnable directive to solve this "problem".
3. If you must use mod_rewrite, then put
RewriteEngine On
RewriteOptions inherit
inside the <VirtualHost> block for your ssl vhost.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org