Im trying to add ssl to my Ubuntu apache2 server it wants me to enter this command openssl x509 -req -days 365
November 4, 2007 at 1:29 pm
· Filed under Tomcat
The Best Webmail Web Hosting Services
lol, ok
you should only chmod the directory where it needs to write to.
but.. I don't think the apache user is part of wheel, which means I would have to 777 it otherwise.. unless it is part of wheel
in that case, 777 would be required, yes
ONLY on that directory
also, best make sure that directory is not accessible from the documentroot
for obvious reasons.
security isn't that big a deal in this case - the server is ran inside a vmware client on my windoze laptop. I am setting this up so I can develop while I travel
security should never ve neglected.
heh. I have my firewall setup so that no incoming traffic can access port 80 on any IPs from my machine - so I do have some security
suit yourself
what do you mean by the directory is not accessible from the dicumentroot?
it's not a subdirectory.
oh, of public persay ?
if it is, consider putting Deny directives
not a subdirectory of %DOCUMENTROOT
this is a great idea…..
what is?
has this and or that permissions per default.
I don't see where you're going.
and give default permissions you want to have, and then in the Vhost context you don't have to define it explicitly for each vhost.
oh.
mildly useful, I guess.
Yeah.. probably.
Well.. it was my first try for today.
teehee
jMCg++
^_-
I'll go play some more with mod_proxy_fcgi and lua…
Yay! no more errors in my apache log - but… that doesn't mean my ruby is working =(
you're getting there
cgi? fcgi? mod_ruby? webrick? someothersuck?
[or the soon to be mod_proxy_fcgi ;]
fcgi
and ror
mod_fcgid
mod_fcgid is like mod_fastcgi, but uses a new process management strategy, which concentrates on reducing the number of fastcgi server. or at http://fastcgi.coremail.cn/. See also http://paul.querna.org/journal/articles/2006/01/01/using-mod_fcgid-for-ruby-on-rails-applications
change this error message for exceptions thrown outside of an action (like in Dispatcher setups or broken Ruby code) in public/500.html
you read the last link thingy?
I'm sorry -I'm using fastcgi - I thought fcgi was a short hand for it
fcgi
fcgi is resident like mod_php
fastcgi
fastcgi is http://www.fastcgi.com/ or see mod_fcgid, which is more up-to-date
some one here with apache,access to access.log,nc,perl and can send this http://cxg.de/?id=xgJDbHrWqOCPstX by using "perl script.pl | nc webserver port" and say me the access log entry?
nevermind, ive access to the access.log
wow
I had figured that if I accessed the machine in my lan from its DNS name, it'd be treated as an incoming connection from the internet
change this error message for exceptions thrown outside of an action (like in Dispatcher setups or broken Ruby code) in public/500.html
anyideas about this?
is it impossible to make a negated/inverted LocationMatch?
I want to match all urls NOT containing some regex
nope
this error message is really unhelpful, and apache log says everything is a-ok
well, how do I do what I need then?
you can't do it with any of the *Match directives. the only thing is with mod_rewrite
and do some kind of rewritecond
most likely against the %{REQUEST_URI} variable
rewritecond
rewritecond is http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html#rewritecond
rewriteguide
http://httpd.apache.org/docs-2.0/misc/rewriteguide.html http://httpd.apache.org/docs/misc/rewriteguide.html http://www.engelschall.com/pw/apache/rewriteguide/ http://httpd.apache.org/docs/2.2/rewrite/rewrite_guide.html http://rewrite.drbacchus.com/ http://httpd.apache.org/docs/1.3/misc/rewriteguide.html
well ok, thanks
could this be my problem? [warn] (22)Invalid argument: Failed to enable the 'httpready' Accept Filter
hm, why likes apache the NUL string inside the request header?
°character
hm, someone running the lastest apache release and can test a request please?
(lastest = development branch)
could this be my problem? [warn] (22)Invalid argument: Failed to enable the 'httpready' Accept Filter
RewriteRule ^/ao/(\d+)/([^.]+)\.(.*)$ /ao/rk$1.php?nick=$2
Is that RewriteRule incorrect?
hi, is it possible to redirect to another url only if the original request url matches a certain pattern and is missing (404)?
errordocument 404 in location container
LocationMatch that is (for the pattern part)
ah, thank you.
When I try /etc/init.d/apache2 start it returns this error: "apache2: Could not determine the server's fully qualified domain name, using 127.0.0.1 for ServerName"
fqdn
fqdn is http://wiki.apache.org/httpd/CouldNotDetermineServerName
^^
this is a warning. Apache will still start.
what?
and that didn't change anything
same warning
then you did not understand the factoid.
read it again.
apache2 starts with no errors now but telnet 127.0.0.1 80 and telnet localhost 80 returns nothing
what does netstat and lsof tell you , then?
lsof
lsof is your friend! lsof -i:80 to see what's using port 80. You may need to run lsof as root on some platforms
netstat
netstat prints network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. Use netstat -an grep -w 80 to check if port 80 is in use. (On linux, you can use netstat -pan to see which program uses the port, or -ltpn.) (For Windows use -ano to show the state, PID, and connection in IP not name format, or -abn).
2650 localhost:http
that seems like the pertinent line
no, you need LISTENING lines.
pastebin the last 30 lines from your error log
apc
Try using http://apache.pastebin.ca - It's a good pastebin, and is even set up to highlight Apache 'stuff'.
http://apache.pastebin.com/mf3c875f
so it seems to be running
what port are you using, exactly?
i believe i am using port 80 and port 443
i set those two up to forward
and find your Listen line, please
paste your Listen ilnes here.
i dont think there is a listen line in linux
no in the httpd config files, dummy
Listen
Listen tells apache what IP address and port to listen to. See http://httpd.apache.org/docs/2.2/mod/mpm_common.html#listen or see binding.
lol
Listen 80
listen localhost:80?
would that be better?
no, Listen 80 is correct.
are those logs recent?
yes
if so, try opening up your page with http://localhost
doesnt load
i tried telnet localhost 80 too and that returned nothing
is there any error message on the command line when you start apache manually with apachectl start?
no
try to stop it, then start it again, please
done
didnt change anything
and of course, there is a corresponding entry in the error log?
ok, pastebin your config file.
http://apache.pastebin.com/m6cb79ea5
Include /etc/apache2/vhosts.d/*.conf
setting the servername outside your vhosts is a bad idea.
let's see the output of httpd -S
where do i run httpd -S
in a terminal.
where else?
lol
i know that
command not fouund
you might need to specify the full path
default layout
Pop along to http://wiki.apache.org/httpd/DistrosDefaultLayout for an idea on where the main distros place Apache files.
gentoo isnt in that list
you're right
I have no idea where gentoo places the apache binary files
whats weird
is i had this working when this computer was hooked up to the SAME router except on a wired connection
oh you're the wireless guy?
haha
yes
*shrug*
sounds like a networking problem to me.
hmmmmmmm
fajita be frank
be frank is )letting your frustrations out all at once
YES
be niq
mmm, tea
:P
heh, evening friends
aw…
Yeah,… isn't it a bit past your bedtime… :p
HEADSHOT!
boom!
HEADSHOT!
heh
be chipig
I hate character sets. Bane of my existance.
heh
still are.
unicode–
jibba jabba
aww
everything-else–
quit yo jibba-jabbin, foo!
chipig :[
im in ur locale, changin ur charsetz ;p
im in ur pad, cleanin ur digz ;p
:o
heh
you messy slob
haha, yeah
you know you like :p
i do.
dirty boy!
servertokens cia.vc
Couldn't get a useful value for http://cia.vc
figures
can someone tell me what the error - rootpath/.htaccess: order not allowed here means?
order context
directory, .htaccess
order override
Order may be used in .htaccess files if AllowOverride is set to Limit
^^
so does that mean I'm most likely getting this error because AllowOverride isn't set to Limit?
that's very likely.
thanks, that does seem to be the issue. However, AllowOverride All works while AllowOverride FileInfo Limit doesn't seem to do it
but I read that AllowOverride All is a securitiy issue
another directive might be blocked. Check your error log.
the error log doesn't say anything about another directive being blocked. However, I have the AllowOverride directive in both within the context of my web path and within the web path within Virtual Host tags. Could that be causing a conflict?
context
I believe it's in the proper context - directory web-root. However, AllowOverride All works while AllowOverride FileInfo Limit doesn't. I'd be fine with that if that's secure, but I'm not sure if it is
Howdy all
oh no
Glad to see you too, thumbs
:P
with AllowOverride FileInfo Limit, what does the error log say?
it says rootpath/.htaccess: order not allowed here
allowoverride
AllowOverride tells Apache what things you wish to permit in .htaccess files. See http://httpd.apache.org/docs/2.2/mod/core.html#allowoverride
will take a look. thanks
help please, i'm having a devil of a time with apach2 and htaccess
Whoops! That's not the name of a module.
how about you ask your question?
i have googled, man paged, and attempted for 1 week to set up .htaccess for directory control to no avail
how do I appropriately set up .htaccess in apache1
sorry apache 2
it depends on what you want to do in your htaccess file.
i created the .htaccess file
it's simple
it depends on what you want to do in your htaccess file.
just require valid-user
Hey guys - I'm a bit stuf with apache 2.2. I want to use mod_rewrite, but it doesn't appear to be in the modules direectory. Nothing is! :/
AuthType basic
auth
Take a look at http://httpd.apache.org/docs/2.2/howto/auth.html or http://wiki.apache.org/httpd/PasswordBasicAuth for some basic examples!
AuthName "Section Name"
AuthType Basic
AuthUserFile /full/path/to/.htpasswd
Require valid-user
sorry
You will be!!
Do you have "AllowOverride auth" set in httpd.conf for the directory that contains your .htaccess?
yes
i'm using virtual hosting also
so install it.
what does 'apachectl configtest' say?
Erm…
Since when?
Since when is 'Include' a syntax error?
what distribution are you using?
…. I run FreeBSD
since when what?
in order to load/use a module, you need to install it first. Or compile it statically.
Since when did it come separately, I could have sworn it was 'just there' previously
well is the module present in your modules directory?
It is "just there" in my distro. However, I run Fedora 7. Maybe you should check the documentation for FreeBSD, or a FreeBSD help channel for assistance with FreeBSD packages?
Packages can suck my dong.
i don't have apachectl installed
OK, if I've got to install it, where the hell do I get it? Is it in the httpd tarball?
You're obviously attempting to use them, since you expect files to 'just be there'
You compile host it, and it will be one of the compiled files.
make install may even put it in the right place for you.
double checking my configuration files
meow!
meow is a small Cat's BIG roarrrrr
I passed –enable-rewrite when I compiled it :/
meow, megaspaz.
beware of lion cubs.
:o
..
perhaps that means it's compiled in statically…. if you didn't do –enable-so that is…
in which case you wouldn't use LoadModule… you'd just do rewrite directives…
Well, when I try to start it, it says RewriteEngine isn't valid in the conf file…
ah hrm…
That's why I went to enable the mod
so you're compiling apache right?
Yup
./configure –prefix=/usr/local/Apache2.2.X –enable-so –enable-mods-shared=all –enable-ssl –enable-proxy –enable-proxy-connect –enable-proxy-ftp –enable-proxy-http –enable-proxy-ajp –enable-proxy-balancer –enable-ldap –enable-authnz-ldap –with-ssl –with-ldap –with-mysql –with-mpm=prefork –enable-exception-hook
that enables most modules…
as DSOs
Blimey
change the prefix and get rid of the extra enables if you don't want to use them
i get pretty explicit
but rewrite is handled in the –enable-mods-shared=all line
anyhoo… it's at least a guide…
oh unless you're planning on downloading the mod_dbd mysql driver, definately dump the –with-mysql
:o
wtf? mysql support in apache? What for?!
just because
*shrugs*
Yeah, but what /for/ ?
allows apache to talk directly to mysql
no php
needed
for example
because it's awesome?
why not!?
or for using some things like db driven dynamic vhosts
fajita karma mysql
mysql has karma of -5
wtf
bucket to identify that AuthName is allowed in /home/*/public_html?
megaspaz, yeah it works well
for my 2000+ vhosts
but there's a whole bunch of db drivers that mod_dbd supports
*shrugs*
Eurgh, nah. Think I'll leave database stuff out of my web java server hosting :/
fajita ricer
what?
heh
that link that used to be there has changed content as well
it was funny… always put a smile on my face…
:/
yeah
I miss funroll-loops
I should remirror
FOR TEH INTARNET!
+1
\o/
purr
o.O
Poke!
what the fuck!?
! is the "not" or excitement
megaspaz http://www.ilovemeow.com/img/mc10188.jpg
fucking intarnet
haha
that's a fat cat :p
jabba the fat :p
hehe
haha omg
this is so wrong…
…. and yet I can't stop catting!
Invalid command 'Order', perhaps misspelled or defined by a module not included in the server configuration
http://www.ilovemeow.com/img/wizard.jpg
WTF?!
megaspaz, that's so wrong… for so many reasons… 
~
yeah, if you're using apache2.2, there's been a change to the auth module name
mod_access
mod_access is http://httpd.apache.org/docs-2.0/mod/mod_access.html or http://httpd.apache.org/docs/mod/mod_access.html Called mod_authz_host in 2.1 and later
mod_access is a href="http://httpd.apache.org/docs-2.0/mod/mod_access.html"http://httpd.apache.org/docs-2.0/mod/mod_access.html/a or a href="http://httpd.apache.org/docs/mod/mod_access.html"http://httpd.apache.org/docs/mod/mod_access.html/a Called mod_authz_host in 2.1 and later
:o
fajita ps3?
megaspaz will never get one of those! what a looser!!
:O!
haha, so true
poor bastard
already got one
yeah
but what'd you have to sacrifice?
your family
your morality?
So I need to LoadModule it, megaspaz ?
yes
yeah, with the right module name alias
fajita, family?
bugger all, i dunno, daveman
haha
is it still access_module?
but a new filename?
no
look at fajita's reply
I told you to load that module two horus ago.
I assume you ignored me
There WAS no module to load!
there is.
mod_access
mod_access is http://httpd.apache.org/docs-2.0/mod/mod_access.html or http://httpd.apache.org/docs/mod/mod_access.html Called mod_authz_host in 2.1 and later
err
mod_authz_host
mod_authz_host is http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html provides Order and used to be called mod_access
You're really not listening
megaspaz is helping, you are being condescending. _
spazcat 
If I have provide Cache Control headers like Expires header or cache-control-directive = max-age for 302 redirection where in the httpd.conf do I specify them?
morning fajita.
spaz, you ever go on vacation?
yeah
went on one in may
went to .uk and met up with noodl and pctony
Anywhere nice in the UK?
I was in London today..
yeah, i stayed for like 5 days in london
i thought it was cool
wouldn't want to drive around in london though… looked pretty fscked
Driving there sucked
hah
one basic question, how are headers which needs to be returned added ?
megaspaz
megaspaz, would you drive in manhattan?
:P
nope
i heard the subways in ny were good enough
which is what i did in .uk
anyways
:p
manhatten traffic = teh suk
yeah well
get used to it!
:P
NOOBS
megaspaz, so was pctony as much of a jerk in real life?
no
:/
Supaplex
megaspaz, haha, disappointed, were we?
Supaplex, nasty
Daveman–
sorry
what the fuck?
asshole.
is this irc connected to reality?
fuck no
this is freenode
fajita, freenode?
freenode is usaully pretty forgiving but not with tor cloaks
%-)
could be better
needs more glines
I agree.
i have a dyndns.org accout and i want to learn how to get it to mirror to webpages that i make on my buy dedicated ip address.
is there a howTo or documentation for setting-up / configuring Apache for DNS?
dyndns just sets up the mapping of "hostname.com" to an IP address
servername
servername is http://httpd.apache.org/docs-2.0/mod/core.html#servername or http://httpd.apache.org/docs/mod/core.html#servername
oh man. is this dejavu?
he needs to learn a lot more first
set your servername to your dyndns.org hostname.
perhaps
pardon my bad mood
you need to set up a HTTP server (apache) on your local server. set up portforwarding on your router
and set dyndns to map your hostname to your IP
thanks thumbs
okay this has all been done
the 3rd step has not, by the way
however, on my DNS account, i have given it my ip, so perhaps it is setip.
yes
router
In order to access your web server behind a NAT router, you must forward the port apache is listening on to your internal IP. Then you can access your site by pointing your browser to http://your external IP here:port. If your ISP blocks port 80, see 'port 80 redirection'. Instructions on how to forward a port using most common routers can be found at http://portforward.com.
anyways, i will look into learning a lot more first
i am familiar with portforwarding and starting the apache2 server
where does a ServerName directive get specified?
in the httpd.conf
cool
vhost examples
Look at these for examples http://wiki.apache.org/httpd/ExampleVhosts : http://httpd.apache.org/docs/2.2/vhosts/examples.html
^^
cool, thanks guys
these are Virtual Hosts, i thought that is not what i want for dyndns?
yes, you can set up one virtual host.
or you can simply set the servername in the main config.
cool, that's what i want to do
however, if you have existing virtual hosts, you must alter one, or add another.
or at least try to do
i have nothing so far.
you're starting from a blank config file?
not blank, but virtually default from the generic install
the generic 2.2.4 config has vhosts.
default layout
Pop along to http://wiki.apache.org/httpd/DistrosDefaultLayout for an idea on where the main distros place Apache files.
i'm still running version 2.0.58
i installed mine via the package with my linux distro, it's not exactly matching the default install config file locations. but i'm learning.
which example can i expect to use if i am just going to try a simple setup consisting of one site on one dyn virtual host on one ip address?
the simplest vhost instance from the factoid.
is that on the examples page that fajita posted up above?
yes
vhost examples
Look at these for examples http://wiki.apache.org/httpd/ExampleVhosts : http://httpd.apache.org/docs/2.2/vhosts/examples.html
yes, i'm looking at that page still, it's just so over my head and Greek to me. 
sorry, i'm too n00b for all this eh…
I'm trying to add ssl to my Ubuntu apache2 server; it wants me to enter this command, "openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt", but then I get "server.csr: no such file or directory" .. and the guide I'm following doesn't say much in that area… can anyone point me in the right direction?
erm. Nevermind. Always helps to follow /every/ direction
yup. that's technology.
Evening. What is the best host way to allow http and https to the same website with the same settings in VirtualHost..?
you'll generally have some differences (related to ssl)
the preferred way is to make two separate vhsots.
ack
That's what I have now, but it's a pain to try and keep both up to date when I'm changing stuff all the time.
include
include is http://httpd.apache.org/docs/2.2/mod/core.html#include and can take a file, directory, or shell wildcard as an argument.
I was hoping there was a way to cascade settings.
mod_macro
mod_macro is an Apache module written by Fabien Coelho that lets you define and use macros in the Apache configuration file. or http://www.cri.ensmp.fr/~coelho/mod_macro/
I'd try include first.
that gets applied to both?
it's news to me if you can
rats
I mean seperate but overlapping virtualhosts
which makes no sense now
just use include files.
Okay.
is there anyone that is willing to give this n00b a clue
would anyone be willing to put into layman terms where i could read on how to use dyndns to setup a simple webpage with apache?
or is this a situation where i should contact dyndns directly to learn how?
it's easy
i'm sure it is, but i have no idea where or how to start. i have apache installed and my dyndns account started.
ServerName foobar.dyndns.org DocumentRoot /path/to/docroot /VirtualHost
before that, you need Listen 80 and NameVirtualHost *:80
is that a script i but into my httpd.conf ?
it's not a scripr. It's a series of directives.
where do directives go?
in the config file.
so can i just copy and paste those series of directives which you just typed, and paste them into the appropriate places in the config file, and see if anything works?
sure
Thanks guys. Include tested and working.
you will need to put them on a separate line
each directive, anyway
hi, i've tried to disable apaches trace method using mod rewrite but it doesn't seem to work. anyone got any ideas? is it my configuration?
i changed Listen 8080 to Listen 80, yet i see no place for NameVirtualHost
namevirtualHost context
server config
^^
what does that mean.
what are you trying to achieve, exactly?
to disable the trace method
it means that you can only use that directive in the server config.
context
context is http://httpd.apache.org/docs/mod/directive-dict.html#Context http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Context http://httpd.apache.org/docs/2.2/mod/directive-dict.html#Context
^^
trace
trace is a standard HTTP method. Also ask me about "TRACE hype" or http://schroepl.net/cgi-bin/http_trace.pl
i know its standard
um, I'm not sure then.
i want it disabled
I've never fiddled with it
anything. but specifically just have like a simple html file or whatever kind, and be able to host it on apache and redirect to it from my dyndns dave.homeip.net account.
you need to understand how vhosts work first.
i want to just start learning about making webpages, or hosting, networking, etc.
okay, so back to the en.wikipedia.org/wiki/DNS and read up on it?
http://rafb.net/p/tSFuIz25.html
the vhost examples are a good start
each vhost represents a server.
which can be reached with a servername
vhost
vhost is http://httpd.apache.org/docs-2.0/vhosts/ or http://httpd.apache.org/docs/vhosts/
which vhost example would be the most simple one to learn from
or start with
the first ones.
ah yes, and there are the series of directives which you gave me in the first example
i doubt you want a vhost anyway
thanks.
use a CNAME RR?
why not a vhost?
well im assuming you have one java server hosting only
his config has vhosts already set up, most likely.
i don't want to do anything fancy yet, i just want to learn how to use it
i am just trying to play with apache on my home desktop and make a simple webpage redirected from the dyndns name. is that a bad way to start learning?
i would configure the domains zone file to redirect via a cname resource record to the dynamic dns A pointer
his dyndns.org hostname already points to his external IP
no need to complicate his life
wow reading that gave me a headache, i'm so confused
heh :p
he needs to have apache respond to $SERVERNAME. That is it. Vhosts or not.
sorry, i am just a total n00b trying to play frisbee with an atomicbomb it seems.
yes
it's the only way one learns though, keep at it
so i am just going to blindly plug the series of directives from the first example into my config file.
thanks force.
old dog trying to learn new tricks here.
anyone know the default location for a file such as www/example1 on a gentoo linux apache install?
default layout
Pop along to http://wiki.apache.org/httpd/DistrosDefaultLayout for an idea on where the main distros place Apache files.
^^
Hi
ok thanks
how can I have a directory protected with a password? please link me to a "tutorial".
auth
Take a look at http://httpd.apache.org/docs/2.2/howto/auth.html or http://wiki.apache.org/httpd/PasswordBasicAuth for some basic examples!
^^
thanks friend.
DocumentRoot [/var/www/localhost/htdocs/example1] does not exist' and 'apache2: Could not determine the server's fully qualified domain name, using 127.0.0.1 for ServerName'. any tips?
create the documentroot.
i did. i can open both of them in firefox and view them just fine.
must the document root have a file extension?
its a folder?
ooohhh
right
wow cool, that worked!
what about the ' Could not determine the server's fully qualified online domain registration name, using 127.00.1 for ServerName
message.?
If you want help with a message from Apache, report it exactly. Don't paraphrase.
hey, fajita mate, chill
hi
hello
HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Microsoft-IIS/6.0
X-Powered-By: ASP.NET
7
close
I wanted to understand this HTTP Headers
davo put un i ServerName in the conf
davo, fajita is a bot xD
X-Powered-BY means
fqdn
fqdn is http://wiki.apache.org/httpd/CouldNotDetermineServerName
^^
close
thumbs, sorry, could you help me with htpasswd?
in my vhosts conf or the httpd.conf ?
It should be Keep-Alive
oh okay thanks
so should i put my dyndns site name there?
yes
ok cool.
ServerName is set to my dyndns URL address.
apache is trying to execute any file as CGI, and i cant figure out why.
scriptalias
scriptalias is http://httpd.apache.org/docs/2.2/mod/mod_alias.html#scriptalias or Don't forget to load mod_cgi
^^
can i explicitly add something in .htaccess to say "everything under this directory is static"?
does the ServerName belong in the httpd.conf or the vhosts.conf?
Options -ExecCGI
in the vhost block, if you have one
the only thing in my httpd.conf that says vhosts is 'Include /etc/apache2/vhosts.d/*.conf'
i know this should be simple, but what causes a 403 for apache?
i have cgi disabled now, and the file is o+r
rewriterule context
server config, virtual host, directory, .htaccess
rewriterule override
RewriteRule may be used in .htaccess files if AllowOverride is set to FileInfo
holy cow it worked!
thank you all sooo much!
you're welcome
especially you thumbs and Sconk , etc
woohoo!
oh man this is awesome
i love it
okay i gotta take a break from the room before i start babbling
bye all
fill us in
Trying to transfer four domains from netsol to godaddy
turned off domain protect, gave godaddy the auth codes from netsol, etc etc
godaddy says I now have to get netsol to authorize the transfer
netsol says the auth code was supposed to do that
godaddy says netsol still has to approve it even after issuing the auth code
….argh.
ouch
Smack!!
fajita, be quiet.
shutting up
i wonder how long that lasts.
ouch
Smack!!
haha
if a file has o+r mode, why would i get 403 accessing it?
what does the error log say, exactly?
/home/ironfroggy/ironfroggy.com/projects/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable, referer: http://www.ironfroggy.com/projects/coroutines/
(13)
(13) indicates a file permissions problem. Make sure that Apache can read the file(s) and directories being accessed. See also http://wiki.apache.org/httpd//13PermissionDenied
^^
OK, so the transfer worked
but why is failing because it cant read .htaccess?
after I responded to some emails a supervisor sent me
kudos to ironfroggy for having the errorlog handy.
….for 3 out of 4 domains
i cant have an .htaccess in that directory, its a darcs repo
and of course, now godaddy is trying to sell me everything from web hosting to "private whois service"
it's failing because it can't read the htaccess file.
such bullshit.
I need a real domain registrar.
cheap is real enough for me
solution: make sure apache can read it, or rename the file.
there is no htaccess file.
i cant have one.
apache is saying there is
apache is not lying
it is.
im looking at the file listing right now.
ls -al
yup.
yup. is now, as always
.., .., and coroutines directories.
thats it.
what about /home/ironfroggy/ironfroggy.com/projects/ ?
is that readable?
namei
namei follows a pathname until a terminal point is found. Use namei -m /path/to/files to check the permissions of the file and the path up to it. See http://sial.org/howto/debug/unix/parsepath if your system doesn't have namei
its readable to all
every single segment?
segment?
segment is /seg'ment/ vi. To experience a {segmentation fault}. Confusingly, this is often pronounced more like the noun `segment' than like mainstream v. segment; this is because it is actually a noun shorthand that has been verbed.
/every/single/path/segment
yes
how are you listing the content of the directory, exactly?
it's MUCH SIMPLER than stracing apache…
come again?
ls -la path/to/directory
strace (for this issue)
well ironfroggy is not reading the output of namei properly
forget I said anything about strace.
Supaplex, I didn't have anything matching i said anything about strace
pastebin the output of namei
of which path? the directory apache things an htaccess is in?
no. The output of namei -m /home/ironfroggy/ironfroggy.com/projects/
Good day room, I am just trying to make a LOCAL server for testing websites on my computer. I would like to map the IP to localhost or 127.0.0.1 or a relative IP. I have been trying to do this but seem to be having problems. Am I supposed to be using virtual hosts? I did it on Linux, but I have windows now (I have a wife who 'needs' it) and am having problems making it work. Thanks for the help…)
vhost examples
Look at these for examples http://wiki.apache.org/httpd/ExampleVhosts : http://httpd.apache.org/docs/2.2/vhosts/examples.html
^^
Thanks!
http://deadbeefbabe.org/paste/5683
you're missing o+r on /home/.maybelle/ironfroggy
that should be readable?
and o+x on projects
you're missing o+r on /home/.maybelle/ironfroggy
and o+x on projects
im not used to the permissions above a file stopping me from reading the file
so chmod those accordingly
also, wouldn't o+r on my home directory be a security issue?
if you need to serve content for apache, it needs to be done
you might as well chmod o-rwx on your private files.
do those two steps, and it will work.
i serve from my other domains without issue
ok fine, ignore me.
it won't work
apache needs to be able to read the files
so it needs read + execute (traversal) permissions
i understand what you are saying
end of story.
then do it.
but i dont like not knowing why something works or doesnt. knowing why means i can figure out the next problem easier, instead of asking you again.
so what i am not understanding here, is why does it need to look in my home directory at all?
because without the r and x permissions, apache cannot acces that directory.
it needs to start from /
this is unix permissions 101
so you are telling me no unix host process can read directory foo/bar/ without reading foo/ ?
since apache runs as a unpriviledged user, you need to grant access to your files and directories
correct.
no
it cannot.
you NEED read and execute access to foo in order to get to bar
as a matter of fact, this is implemented to prevent traversal attacks
incorrect.
IIS is particularly suscetible to those.
i am not a unix novice. i simply dont use apache normally.
http://deadbeefbabe.org/paste/5684
can you explain what you say in context of that shell output?
i am seeing completely contradictory behavior to what you are saying.
apache implements a different restriction; It's built as such to prevent directory traversal exploits
this is unix permissions 101
so that implied it wasnt apache specific, but a rule of all unix processes
thats what i was confused on, knowing that not to be so outside of apache.
i.e. if a parent directory does not permit listing to the apache user, then a subdirectory which does permit it will still be denied.
Cheap is nice, but not enough
ok, I am tired, and I worked all night
ok
thank you for the help
i dont need anything from them once the domain is registered.
i have the entire path +xr with the 403 still shining brightly
is the error still the same?
I suppose I don't, but getting rid of all the spam would be worth a couple extra bucks to me
hmm… now i get "Options ExecCGI is off in this directory: /home/ironfroggy/ironfroggy.com/projects/coroutines/cosched.py, referer: http://www.ironfroggy.com/projects/coroutines/"
i suppose that means it thinks it should execute the file, but it should not.
Options +ExecCGI
Options +ExecCGI allows a directory to execute CGI scripts.
its not cgi
i dont want it to execute this
your script probably has a shebang line.
yes
so remove it.
you're kidding me? apache wont let me host it without trouble?
i cant.
well
thats the file. thats what it is. its a repository of a project. without the shebang, the file is broken.
there is probably a handler for .py
you could remove the handler.
removehandler
removehandler is http://httpd.apache.org/docs-2.0/mod/mod_mime.html#removehandler or http://httpd.apache.org/docs/mod/mod_mime.html#removehandler
i dont have one. maybe the global settings do.
they most likely do.
i would think, if i say "-ExecCGI" it should just serve the file.
you could try that
Options override
Options may be used in .htaccess files if AllowOverride is set to Options
can i remove _all_ handlers for a certain directory?
have a small quick question about network masks
no, only one at a time.
is it 192.168.0.0/16 to designate all of 192.168?
are you saying i could try the -ExecCGI thing?
yes.
if the admin allowed it.
i have -ExecCGI the entire domain
do you have a scriptalias?
also, are you applying this in htaccess or the main config?
what i dont want is for other files that happen to be added to the repo to suddenly break a pull from it, because apache tries to execute them.
i only have rights to htaccess.
understood.
now, make sure your htaccess file is recognised.
garbage
try putting junk in your htaccess file. If it's being read, you will get an Internal Server Error when accessing that resource.
if the directive is not allowed, you will get a 500.
it is. the -ExecCGI is definately seen, because without it apache does execute the file, which fails, not being cgi.
(it doesnt output anything)
ok then.
the RemoveHandler works
it usually does.
but i feel its fragile, since other handlers could break other files that slip in.
i am surprised if there is no way to just say "this directory and everything in it is static. period."
because of the nature of CGIs, that is not possible.
i am not sure i understand why
of course, Options -ExecCGI does exactly that
since what im trying to tell apache is "i have no CGI scripts, at all."
don't load mod_cgi then
if it does that, then why does it still think it should execute things?
i cant control that, Roobarb
well, I was gonna say, unless that directive is ignored and the handler kicks in
and i have a cgi script or two elsewhere, but not in this directory.
the directive isn't ignored
its what apache was complaining about when the handler tried to execute my file.
either way, the handler has precedence
so the directive was effective in that way.
understood.
can i add a handler for _all_ files and is there a handler that just servers staticly?
a handler is tied to one of many extensions.
can i say *?
as such, removing it requires specifying an extension. No, * is not valid.
ok
well, i dont imagine my project will have any other files apache would think are cgi scripts
i just dont like the idea that it _could_ break
tell the admin to fix the Options, then
tell him to remove all handlers for your directories
since he knows which ones are enabled, he can easily remove them.
that would be the safest move.
its probably global settings on all accounts
Removehandler /directory
removehandler context
virtual host, directory, .htaccess
ah, i see.
it's a matter of him being willing to do it.
hm is a company with many, many accounts to manage. i dont know if they do specific settings like that.
try your luck.
explain the issue it creates for you, and I'm sure they'll apreciate that.
Can anyone help? Apache is telling me that i'm forbidden to access localhost, i'm the system admin and i installed Apache.
what does the error log say, exactly?
One moment please.
client denied by server configuration: C:/Documents and Settings/User/My Documents/Apache/
client denied by server configuration
client denied by server configuration is http://wiki.apache.org/httpd/ClientDeniedByServerConfiguration
^^
hi
hello, gabber.
….
Aha! Thanks thumbs.
no problemo
how common is it that other http servers ignore the CRLF stated in the http protocol spec and use LF instead ?
sorry if this is offtopic.. I couldn't find a #http or similar
hi. what is the root directory on an apache server running on a Mac? (MAMP)
serverroot
serverroot is http://httpd.apache.org/docs/2.2/mod/core.html#serverroot
default layout
Pop along to http://wiki.apache.org/httpd/DistrosDefaultLayout for an idea on where the main distros place Apache files.
^^
thanks
Hi
hi leo
login into new push
call to undefiend function mysql_connect() in /var/www/db.php on line 2
this is apache…check this in concern channel…
Any way restart mysql and give a try
how can i do that please
aha,ok
look at the topic dude
We're still not ##php.. duh
else check the database and username password
