[users@httpd] Apache 2.2 - Query String Validation Capability

[prasanna cg <pr...@yahoo.co.in>]

Hello there,

I am a beginner in Apache and trying to figure out a way to validate a query string in the request handled by Apache and proxy the request to backend application only upon validation of the query string value. I am using Oracle HTTP Server 11g (Apache 2.2) 

For Example My current Virtual Host directive is like this. Please excuse me if this is lengthy.
==================================================
<Location /fed/idp>
 # Standalone weblogic that contains the custom code
 WebLogicHost <hostname>.<domain>.com
 WebLogicPort 7499
 # If Client Certificate Authentication successful in Apache,
 # redirect to AD Authentication for 2nd Factor
 RewriteEngine On
 RewriteCond %{SSL:SSL_CLIENT_VERIFY} ^SUCCESS$
 # If referenceid is not found in the query string, it means the user is first time user.
 # Send him to custom code for 2nd factor AD AuthN
 RewriteCond %{QUERY_STRING} !referenceid
 # Application deployed in Weblogic for AD AuthN
 RewriteRule .* /authenticator/internal/Processor [L]
==================================================

In the above piece, I am passing the request to a custom AD Authentication module deployed in my Weblogic if Certificate AuthN succeeds to perform a 2-factor AuthN.

1) For a first time user, upon certificate AuthN success in Apache, his request will not contain a query string named "referenceid" (which is set by my custom AuthN module that gets invoked in #2 below ) and so the user will be directed to AD Authentication module for 2nd factor Authentication. 

2) Upon successful AD Authentication, I will set a random "referenceid:value" in the original request URL as query string and redirect back to Apache.

3) Now when Apache receives this access request from #2 above, Cert AuthN will not be invoked as there will be a SSL session maintained. But to identify whether this user access has to be sent to AD AuthN, i currently validate the existence of referenceid in query string. 

However, I want to actually validate whether the value of referenceid in the query string matches with what i have set in #2. If successful, I do not want the second factor AuthN to be invoked. The user must be proxied to the backend application directly.


It would be helpful if you can shed some lights on how to achieve this. 


Thanks,
Prasanna CG

[users@httpd] apachectl -k graceful

[Gil Dawson <Gi...@GilDawson.com>]

Hi--

I found it.  

	sudo apachectl -k graceful

...did the trick.

Seems to be working!

--Gil

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Version Number on a Mac?

[Gil Dawson <Gi...@GilDawson.com>]

Hi--

I'm rather new at Unix and apache.  I'm trying to set up two vhosts so that two DNS names can have two websites sharing one IP address.

I made copies the http.conf and httpd-vhosts.conf files in a new folder before modifying them, then wanted to restart Apache to try out my modifications. 

I used a directive I found in the V2.2 documentation.  It didn't seem to work:

h-66-134-xxx:~ gil$ apachectl -k graceful
httpd not running, trying to start
(13)Permission denied: make_sock: could not bind to address [::]:80
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
h-66-134-xxx:~ gil$ apachectl configtest
Syntax OK

APache is still running fine and serving pages under the old pattern.  I suppose I could restart my computer, but I'd prefer to know what's wrong with this directive.  

Any ideas?

--Gil

Re: [users@httpd] Version Number on a Mac?

[Gil Dawson <Gi...@GilDawson.com>]

Thanks!

On Aug 16, 2014, at 1:26 AM, Anurag Mathur wrote:

> $ apachectl -V


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Version Number on a Mac?

[Anurag Mathur <ma...@gmail.com>]

$ apachectl -V
Server version: Apache/2.2.26 (Unix)
Server built:   Dec 10 2013 22:09:38
Server's Module Magic Number: 20051115:33
Server loaded:  APR 1.4.5, APR-Util 1.3.12
Compiled using: APR 1.4.5, APR-Util 1.3.12
Architecture:   64-bit
Server MPM:     Prefork
  threaded:     no
    forked:     yes (variable process count)
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_FLOCK_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=128
 -D HTTPD_ROOT="/usr"
 -D SUEXEC_BIN="/usr/bin/suexec"
 -D DEFAULT_PIDLOG="/private/var/run/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="/private/var/run/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="/private/etc/apache2/mime.types"
 -D SERVER_CONFIG_FILE="/private/etc/apache2/httpd.conf"


On Sat, Aug 16, 2014 at 4:39 AM, Gil Dawson <Gi...@gildawson.com> wrote:

> How can I tell which Apache version number is running on my MacOS 10.6.8
> Mini?
>
> I looked for either "Apache" or "Httpd" under...
>
>         System Profiler -> Software ->  Applications
> and     System Profiler -> Software ->  Extensions
>
> ...and didn't find any.
>
> I did find eight "httpd" processes in...
>
>         Applications -> Utilities -> Activity Monitor.app
>
> ...but I didn't see any version numbers.
>
> --Gil
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

[users@httpd] Version Number on a Mac?

[Gil Dawson <Gi...@GilDawson.com>]

How can I tell which Apache version number is running on my MacOS 10.6.8 Mini?

I looked for either "Apache" or "Httpd" under...

	System Profiler -> Software ->  Applications
and	System Profiler -> Software ->  Extensions

...and didn't find any.

I did find eight "httpd" processes in...

	Applications -> Utilities -> Activity Monitor.app

...but I didn't see any version numbers.

--Gil
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org