You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Tim McCormick <ti...@timmcc.co.uk> on 2002/12/03 01:41:01 UTC
[users@httpd] New discovery
Ok, I think I've found what's happening to my server, but I still don't
know why. It has nothing to do with Flash.
Anyone who does not connect to the internet directly cannot access
anything other than plain HTML from the site (not even pictures).
According to the logs the files get sent out, but they never arrive.
Any insights as to what could be the problem?
Server: 2.0.43, Windows Binary
Tim McCormick
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Basic Auth and SSL
Posted by Issac Goldstand <ma...@beamartyr.net>.
SSLRequireSSL inside the same location block that does the Auth stuff
Issac
----- Original Message -----
From: "Duncan Brannen" <db...@st-andrews.ac.uk>
To: <us...@httpd.apache.org>
Sent: Tuesday, December 03, 2002 1:53 PM
Subject: [users@httpd] Basic Auth and SSL
>
> Just curious,
> Is there any way to force apache to use SSL any time it's
> asking a browser for authentication? We've a few areas of our web site
> where users ask for passwords & it would be nice if I could get apache
> to automatically switch to SSL for these areas without the user having to
> do it.
>
> Users would often forget the https:// if they had to type it and use
http://
> anyway.
>
> Cheers,
> Dunk
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Basic Auth and SSL
Posted by Dirk-Willem van Gulik <di...@webweaving.org>.
On Tue, 3 Dec 2002, Duncan Brannen wrote:
> Is there any way to force apache to use SSL any time it's
> asking a browser for authentication? We've a few areas of our web site
> where users ask for passwords & it would be nice if I could get apache
> to automatically switch to SSL for these areas without the user having to
> do it.
>
> Users would often forget the https:// if they had to type it and use http://
> anyway.
When I am nice I use somethign like
<Directory ....
or.. VirtualHost .. whatver.. (thouhg see below; directory isbetter)
# Make rather sure we are using TLS before we start
# messing with passwords and all that.
#
RewriteEngine On
RewriteCond %{HTTPS} !=on # or use SSLRequireSSL
# + error routing depending
# on threath model
RewriteRule (.*) https://intranet.asemantics.net/ [R]
and then the usual
AuthType basic
...
require valid user
This is the fairly friendly and not that locked down config which is fine
in an environment where you control the resources and trust the users who
have an account on your system.
If I am not so nice; have a paranoid customer; or just as a precaution I
may defined the above but also put a SSLRequireSSL on the more sensitive
resources as well (say with a very narrow directory or file pointer) - to
trap any errors should someone fiddle with the config.
Do not use this with things like Location or other URI rather than
physical file path avoiding techniques.
Dw.
--
Dirk-Willem van Gulik, Apache Consultancy, The Tribal Knowledge Group.
dirkx@tribalknowledgegroup.com http://www.ttkg.com/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Basic Auth and SSL
Posted by Duncan Brannen <db...@st-andrews.ac.uk>.
Just curious,
Is there any way to force apache to use SSL any time it's
asking a browser for authentication? We've a few areas of our web site
where users ask for passwords & it would be nice if I could get apache
to automatically switch to SSL for these areas without the user having to
do it.
Users would often forget the https:// if they had to type it and use http://
anyway.
Cheers,
Dunk
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] New discovery
Posted by Issac Goldstand <ma...@beamartyr.net>.
From: "Chris Meadors" <cl...@hereintown.net>
> How is an image or any other "data" different from HTML?
>
I don't know whether it's the issue, but take the DEFLATE filter
(mod_deflate) - that works only on HTML "data". Although we sometimes take
our understanding that HTTP payloads can be generic data for granted,
sometimes the data type does make a difference at some small point in the
server - like a HTML-aimed module. Now in this case, it could be that, for
example, mod_deflate is gzipping all content, which while it *should* be OK,
is not supported by most browsers (which mostly accept only gzipped HTML)
Issac
Issac
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] New discovery
Posted by Tim Wort <ti...@pobox.com>.
One way that a router could cause this: first if the server is behind a
firewall that blocks all ICMP messages (a typical mistake by inexperienced
firewall admins) it is possible that a router between the server and the
client requires the the MTU of the packets be reduced. Most modern systems
send packets with the DNF (do not fragment) flag set. When fragmentation
is required on such a packet the router that requires this will return a
ICMP message to the sender requesting a reduced packet size. If the
firewall blocks this your data will appear to be sent but will never
arrive and only the logs (or using a sniffer beyond the router) on the
router will explain why the packets (ICMP messages) are dropped. Because
HTML is typically smaller amounts of data it will make it past the router
that requires fragmentation.
This type of problem is generally inconsistant depending on where the
packets need frgmentation, if its a long way down stream you will only see
it when talking with particualr machines (beyond the offending router) but
not from other parts of the network. If the offending router is close to
you it is possible you will see this problem with all larger files. Does
ftp work from the same client to youe server?
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
= Inkling Research Inc. =
= Tim.Wort@InklingResearch.com =
= Tim.Wort@pobox.com =
= =
= Eschew Obfuscation =
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] New discovery
Posted by Chris Meadors <cl...@hereintown.net>.
Alex Pilson wrote:
> At 12:41 AM +0000 12/3/02, Tim McCormick wrote:
>
>> Ok, I think I've found what's happening to my server, but I still don't
>> know why. It has nothing to do with Flash.
>>
>> Anyone who does not connect to the internet directly cannot access
>> anything other than plain HTML from the site (not even pictures).
>> According to the logs the files get sent out, but they never arrive.
>>
>> Any insights as to what could be the problem?
>
>
> I had seen that problem when I had a T-1 with Savvis. It was a router
> issue.
How is an image or any other "data" different from HTML?
How is a person not directly connected to the Internet? Even a pigeon
carrying datagrams is still IP.
I have to admit this problem does have me a little intrigued. I don't
know if the problem does relate specifically to the type of data or the
connection.
Thinking about it. The HTML is more than likely all 7-bit. Images and
Flash will have 8-bit data. Do images show up broken in people's
browsers that don't work? Have you tried wget (or even telnet to see if
the headers look okay) on a machine that can't display the pages, to see
if anything is retrieved, and what state it is in. But why can some
people retrieve it correctly, and others can't? If the problem was on
the server's end, it would effect everyone. If the problem was on the
client's end, they shouldn't be able to view any images. Maybe a
strange interaction between both ends or a router somewhere in the middle?
I like a good mystery I'll keep reading.
--
Chris
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] New discovery
Posted by Alex Pilson <al...@flagshipinteractive.com>.
At 12:41 AM +0000 12/3/02, Tim McCormick wrote:
>Ok, I think I've found what's happening to my server, but I still don't
>know why. It has nothing to do with Flash.
>
>Anyone who does not connect to the internet directly cannot access
>anything other than plain HTML from the site (not even pictures).
>According to the logs the files get sent out, but they never arrive.
>
>Any insights as to what could be the problem?
I had seen that problem when I had a T-1 with Savvis. It was a router issue.
--
<--------------------------------------------------------------->
Alex Pilson
FlagShip Interactive, Inc.
alex@flagshipinteractive.com
404.728.4417
404.642.8225 CELL
<--------------------------------------------------------------->
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org