You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by "Daniel R. Blair" <jo...@realcoders.org> on 2003/05/28 23:54:37 UTC

[users@httpd] Problems with SSL All of a Sudden - FIXED!!!

Ok guys, fixed it.  Finally.  Thank you all for your help, you don't know
what it's meant to me over the past week, and how much of a help it was in
troubleshooting the problem and where it was.

The fix:  /sbin/iptables -F (flush) INPUT

apparently *SOMETHING* in the iptables was causing it to reject something
that was allowing localhost, but *NOT* allowing anything else.. but, in
anycase, flushing the rules fixed it... so.. that was the problem all
along.. damnit.. well.. at least we/you guys will know if/when a next time
occurs.. I just wish I had more experience with linux to have known to
check the IP Tables configuration (even though we've rebooted multiple
times before and never had a problem.. and didn't change ANY of the rules,
and *DIDN'T* reboot to cause the problem to start happening) anyways, it's
over.. I'm happy, I'm sure you guys are too so you can stop seeing these
posts... but.. thank you ALL again, you guys were excellent!

Too thankful to state in words,

Danny

                           = Daniel Blair =
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- dblair@realcoders.org -                   [http://www.realcoders.org]
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Problems with SSL All of a Sudden - FIXED!!!

Posted by Ryan Tracey <ry...@thawte.com>.

Great! Quite a load off then.  Been there too, though. Except it was 
with ipchains. Various cgi scripts connected to localhost:25 to send 
confirmation emails. However, our MTA, in its then configuration, had a 
30 second timeout for ident -- and I didn't have a localhost:ident 
ipchains rule, with the result that it took at least 30 seconds to 
execute the cgi script... Looked at database connectivity, contacted the 
ISP, sent shrapnel in all directions and then finally a colleague went 
through the cgi code step by step and noticed that it took a long time 
to send emails... forehead, hand, slap! Anyway, now there's an ident 
rule *and* the MTA no longer requires ident...

Cheers,
Ryan

Daniel R. Blair wrote:
> Ok guys, fixed it.  Finally.  Thank you all for your help, you don't know
> what it's meant to me over the past week, and how much of a help it was in
> troubleshooting the problem and where it was.
> 
> The fix:  /sbin/iptables -F (flush) INPUT
> 
> apparently *SOMETHING* in the iptables was causing it to reject something
> that was allowing localhost, but *NOT* allowing anything else.. but, in
> anycase, flushing the rules fixed it... so.. that was the problem all
> along.. damnit.. well.. at least we/you guys will know if/when a next time
> occurs.. I just wish I had more experience with linux to have known to
> check the IP Tables configuration (even though we've rebooted multiple
> times before and never had a problem.. and didn't change ANY of the rules,
> and *DIDN'T* reboot to cause the problem to start happening) anyways, it's
> over.. I'm happy, I'm sure you guys are too so you can stop seeing these
> posts... but.. thank you ALL again, you guys were excellent!
> 
> Too thankful to state in words,
> 
> Danny
> 
>                            = Daniel Blair =
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> - dblair@realcoders.org -                   [http://www.realcoders.org]
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 


-- 
Ryan Tracey          | +27 21 917 8909
Thawte Certification | https://www.thawte.com
Mollison's Bureaucracy Hypothesis:
	If an idea can survive a bureaucratic review and be implemented
	it wasn't worth doing.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org