The Apache Haus Forum

Advanced search  

News:

Welcome to Apache Haus Distribution Forum

Pages: [1] 2 3 ... 10
 1 
 on: July 30, 2021, 09:46:15 AM 
Started by RichV - Last post by mario
Hi Rich,

if your computer apache is running on is Connected to Azure you can use mod_authn_ntlm. We have that on our download page. For me, it works. I gotta say that we have a VPN connection to Azure. If you have also an on-premise AD controller it makes it way easier.

 2 
 on: July 29, 2021, 02:33:05 PM 
Started by RichV - Last post by RichV
All,
  Does anyone know if there is a module built in to Apache 2.4 or a module I can download that works with this install. that can allow me to authenticate with an Azure AD solution?

 3 
 on: July 08, 2021, 09:11:52 AM 
Started by basd - Last post by mario
You can check HostnameLookups[1] in your apache config


[1] https://httpd.apache.org/docs/2.4/en/mod/core.html#hostnamelookups

 4 
 on: July 08, 2021, 02:06:09 AM 
Started by basd - Last post by basd
My question is whether I can put a statement in .htaccess that will insure I receive IP addresses in my raw access log file.

I have a website on a shared hosting account.  Recently, my account began providing hostname_lookup rather than raw IPs. The best information from the hosting company tech support is that if I put hostname deny statements (eg., deny someone.com), then my raw access logs will show hostname_lookup. I have a pretty long deny list, but I attempted as a test to remove all hostname deny statements.  I still failed to get IP addresses. Maybe I have [still] overlooked an error, because among other things I found a deny statement I made that was "deny xxx-xxx-xxx-xxx" instead of "deny xxx.xxx.xxx.xxx". It's possible I have overlooked a similar statement.

It would be helpful if I could elicit IP addresses along with hostname_lookup.  Hostname blocking can be more convenient than IP blocking. But, sometimes this is not useful.  The reason is, a few of the hostname_lookup names are gibberish and the IP cannot be found by DNS lookup. So, I could end up trying to block an infinite number of hostnames.

Thank you for any help you can provide.

 5 
 on: June 25, 2021, 03:49:44 AM 
Started by AJPRO2021 - Last post by AJPRO2021
It seems easy enough to follow your steps to convert over to mod_proxy_ajp.

Trying to keep thing simple I have just added  the following line to the httpd.conf file to point to the below configuration. include "D:/Apache/Apache24/conf/ajp.conf"

No more redirect with “port 80 vhost” or “port 443 vhost"

[ajp.conf]
=================================================================
LoadModule proxy_ajp_module D:/Apache/Apache24/modules/mod_proxy_ajp.so
LoadModule proxy_module D:/Apache/Apache24/modules/mod_proxy.so

ProxyRequests Off
<Proxy *>
        Options Indexes Includes FollowSymLinks
        AllowOverride All
        Require all granted
</Proxy>

<Proxy "https://ecma.epri.com">
  ProxySet connectiontimeout=5 timeout=300
</Proxy>

ProxyPass /otcs/cs.exe !
ProxyPass       / ajp://ecma.epri.com:8009/  secret=namnetiq
ProxyPassReverse    / ajp://ecma.epri.com:8009/  secret=namnetiq
=================================================================


[httpd-vhosts.conf]
=================================================================
<VirtualHost _default_:80>
DocumentRoot "${SRVROOT}/htdocs"
#ServerName www.example.com:80
ServerName ecma.epri.com:80
ErrorLog "logs/ecma.epri.com-error.log"
CustomLog "logs/ecma.epri.com-access.log" common
</VirtualHost>
=================================================================

[httpd-ssl.conf]
=================================================================
Listen 443

SSLPassPhraseDialog  builtin

#SSLSessionCache       "dbm:${SRVROOT}/logs/ssl_scache"
SSLSessionCache        "shmcb:${SRVROOT}/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300

<VirtualHost _default_:443>
DocumentRoot "${SRVROOT}/htdocs"
ServerName ecma.epri.com:443
ServerAdmin ecma.epri.com

ErrorLog "${SRVROOT}/logs/error.log"
TransferLog "${SRVROOT}/logs/access.log"
SSLCertificateFile "${SRVROOT}/conf/ssl/ecm.cer"
SSLCertificateKeyFile "${SRVROOT}/conf/ssl/ecm.cer"

#SSLVerifyClient require
#SSLVerifyDepth  10

<FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>

<Directory "${SRVROOT}/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

BrowserMatch ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog "${SRVROOT}/logs/ssl_request.log" \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>
=================================================================

However,  unfortunately I am back to the main issue I had initially reported “Gateway Timeout".
Since we've upgraded Tomcat Web Services from 2.4.46 to 2.4.47/48 is when we've started to have Gateway Timeout problem.
I have had no lock with neither of the two setups: mod_jk or mod_proxy_ajp.
In both setup cases, we seems to be bypassing the main application processor (/otcs/cs.exe) for the site to become operational.

I am not sure what we have so far accomplished and what more needs to be done to overcome the Gateway Timeout problem!

I greatly appreciate your support in this matter as I am not so certain what has changed in the latest release that has caused this problem.

Thanks again.

-AJ

 6 
 on: June 24, 2021, 10:06:11 AM 
Started by AJPRO2021 - Last post by mario
I never used mod jk, but mod_proxy_ajp

Code: [Select]
<VirtualHost *:80>
    ServerName ecmaa.epri.com
    DocumentRoot "/mario/Apache24/htdocs"
    <Directory "/mario/Apache24/htdocs">
        Options Indexes Includes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
    <Location />
        ProxyPass /ostcs/csas.exe !
        ProxyPass ajp://localhost:8009/
        ProxyPassReverse ajp://localhost:8009/
    </Location>
</virtualhost>

or is ajp is not working

Code: [Select]
<VirtualHost *:80>
    ...
    <Location />
        ProxyPass /ostcs/csas.exe !
        ProxyPass http://localhost:8080/
        ProxyPassReverse http://localhost:8080/
    </Location>
...

use the same location config also for the ssl vhost.

 7 
 on: June 23, 2021, 06:43:20 PM 
Started by AJPRO2021 - Last post by AJPRO2021
Thank you and I do appreciate your feedback.

Somehow, under current setting (Configuration), Tomcat is serving the sites and Apache is doing the redirect!

To your point, I have started looking into configuring Tomcat to work with Apache using the mod_jk module.
Available documents are self-explanatory and I have been able to make the appropriate changes.
Although tomcat and Apache starts up with no issues, but then the Apache Web Server is complaining about “jk_map_to_storage::mod_jk.c (3816): no match for /otcs/cs.exe found"

Here are the version of the Tomcat running on the windows 2016 64bit server.

Apache Tomcat/9.0.46 --> (apache-tomcat-9.0.46-windows-x64)
Apache/2.4.48 (Win64) OpenSSL/1.1.1k mod_jk/1.2.40 --> (httpd-2.4.48-o111k-x64-vc15)
Apache-tomcat connector module ” tomcat-connectors-1.2.40-windows-x86_64-httpd-2.4.x"

As you have already noticed our application runs its processes through “cs.exe" That is mapped to httpd.conf; Physical location “D:\OPENTEXT\cgi\”

# Content Server support directory mapping
Alias /img "D:/OPENTEXT/support"
<Directory "D:/OPENTEXT/support">
AllowOverride all
Order allow,deny
Allow from all
Deny from none
Require all granted
</Directory>

# Content Server CGI directory mapping
ScriptAlias /otcs "D:/OPENTEXT/cgi"
<Directory "D:/OPENTEXT/cgi">
AllowOverride all
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
#Options Indexes MultiViews ExecCGI
Order allow,deny
Allow from all
Deny from none
Require all granted
</Directory>

<Directory "D:/OPENTEXT/appData/supportasset/">
Options Indexes FollowSymlinks MultiViews
AllowOverride all
Allow from all
Deny from none
Require all granted
</Directory>

At the endo the httpd.conf I have included the mod_jk.conf directive.

   include "D:/Apache/Apache24/conf/mod_jk.conf"

Here is configuration of the mod_jk.conf

# Load mod_jk module
# Update this path to match your modules location
LoadModule jk_module D:/Apache/Apache24/modules/mod_jk.so

# Where to find workers.properties
# Update this path to match your conf directory location
JkWorkersFile D:/Apache/Apache24/conf/workers.properties

# Where to put jk logs
# Update this path to match your logs directory location
JkLogFile D:/Apache/Apache24/logs/mod_jk.log

# Set the jk log level [debug/error/info]
JkLogLevel debug

# Select the log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y]"

# JkOptions indicate to send SSL KEY SIZE,
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
#JkOptions +RejectUnsafeURI +ForwardKeySize +ForwardURICompat -ForwardDirectories


# JkRequestLogFormat set the request format
JkRequestLogFormat "%w %V %T"

JkExtractSSL On
#JkMountCopy All
#JkMount /* ajp13


# Send everything for context /otcs to worker ajp13
JkUnMount /otcs/*.exe ajp13

# Send everything for context /cws to worker ajp13
JkMount /cws ajp13
JkMount /cws/* ajp13

# Send everything for context /img to worker ajp13
JkMount /img ajp13
JkMount /img/* ajp13

JKMount /pulse ajp13
JKMount /pulse/* ajp13

JKMount /cgi-bin ajp13
JKMount /cgi-bin/* ajp13

JKMount /appimg ajp13
JKMount /appimg/* ajp13

  I have also included “JkMountCopy On" line in httpd-ssl.conf
   
<VirtualHost _default_:443>
JkMountCopy On

The problem I am running into:
As long as I exclude “JkUnMount /otcs/*.exe ajp13" the site works but then I get “jk_map_to_storage::mod_jk.c (3816): no match for /otcs/cs.exe found"
If I include the “JkMount /otcs/*.exe ajp13" the site fails with “HTTPS Status 404 – not found
   The requested resource [/otcs/cs.exe] is not available
   The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.

Let me know what you think of the problem or if it is possible please provide a link to a document that I can follow.

-AJ

 8 
 on: June 17, 2021, 10:06:25 PM 
Started by AJPRO2021 - Last post by mario
The two important parts (at least I think)

are

port 80 vhost
Redirect permanent /index.html https://ecmaa.epri.com/otcs/cs.exe
Redirect permanent / https://ecmaa.epri.com/

and

port 443 vhost
Redirect permanent /index.html /otcs/cs.exe

So in the very end of very request to httpd Apache web server is to call /otcs/cs.exe. I've no clue what that is for. It is not a part of the orig. apache.

How your httpd apache is connected to Tomcat apache I wonder about that, if it is at all.

 9 
 on: June 17, 2021, 09:54:43 PM 
Started by shanmugam_k - Last post by mario
The error log start at 12:40:00 while the access log ends at 12:32:07. There is nothing to compare ...

Well the "CONNECT" shows that the 500 errors occur while apache is used as a proxy.

 10 
 on: June 17, 2021, 06:37:02 AM 
Started by shanmugam_k - Last post by shanmugam_k
https://apaste.info/21Lg

https://apaste.info/yjab

I have pasted the freshly collected access and error logs for analyze. Please help us to resolve the issue.

-Shan

Pages: [1] 2 3 ... 10