httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ion LarraƱaga <ila...@s21sec.com>
Subject RE: mod-ssl and authz modules
Date Mon, 26 Aug 2002 12:53:18 GMT
Looks like you haven't really connected ssl on port 443, and that apache is
listening for HTTP connections in that port. There's a directive (SSLEngine)
that you need to connect ssl on a given virtual host (in this case,
_default_:443). You should have something like:

.....
<IfDefine SSL>
<VirtualHost _default_:443>
  SSLEngine on
  DocumentRoot "/usr/unibase/webapps/uniweb"
.....

Hope it helps,

  Ion LarraƱaga



-----Mensaje original-----
De: Jose Correia (J) [mailto:CorreiJ@telkom.co.za]
Enviado el: lunes, 26 de agosto de 2002 14:34
Para: users@httpd.apache.org
CC: dirkx@webweaving.org
Asunto: RE: mod-ssl and authz modules
Importancia: Alta


Hi Dirk

In errors.log I'm not getting anything.

In ssl_engine.og I'm getting

[26/Aug/2002 13:25:06 13435] [warn]  Init:
(descartes.telkom.co.za:443) You configured HTTP(80) on the standard
HTTPS(443) port!

here is my test httpd.conf (btw I'm starting apache with -DSSL
option):

ServerType standalone
ServerRoot "/opt/apache"
PidFile /opt/apache/logs/httpd.pid
ScoreBoardFile /opt/apache/logs/httpd.scoreboard
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MinSpareServers 5
MaxSpareServers 10
StartServers 5
MaxClients 150
MaxRequestsPerChild 0

LoadModule vhost_alias_module libexec/mod_vhost_alias.so
LoadModule env_module         libexec/mod_env.so
LoadModule define_module      libexec/mod_define.so
LoadModule config_log_module  libexec/mod_log_config.so
LoadModule mime_magic_module  libexec/mod_mime_magic.so
LoadModule mime_module        libexec/mod_mime.so
LoadModule negotiation_module libexec/mod_negotiation.so
LoadModule status_module      libexec/mod_status.so
LoadModule info_module        libexec/mod_info.so
LoadModule includes_module    libexec/mod_include.so
LoadModule autoindex_module   libexec/mod_autoindex.so
LoadModule dir_module         libexec/mod_dir.so
LoadModule cgi_module         libexec/mod_cgi.so
LoadModule asis_module        libexec/mod_asis.so
LoadModule imap_module        libexec/mod_imap.so
LoadModule action_module      libexec/mod_actions.so
LoadModule speling_module     libexec/mod_speling.so
LoadModule userdir_module     libexec/mod_userdir.so
LoadModule alias_module       libexec/mod_alias.so
LoadModule rewrite_module     libexec/mod_rewrite.so
LoadModule access_module      libexec/mod_access.so
LoadModule auth_module        libexec/mod_auth.so
LoadModule anon_auth_module   libexec/mod_auth_anon.so
LoadModule dbm_auth_module    libexec/mod_auth_dbm.so
LoadModule digest_module      libexec/mod_digest.so
LoadModule proxy_module       libexec/libproxy.so
LoadModule cern_meta_module   libexec/mod_cern_meta.so
LoadModule expires_module     libexec/mod_expires.so
LoadModule headers_module     libexec/mod_headers.so
LoadModule usertrack_module   libexec/mod_usertrack.so
LoadModule unique_id_module   libexec/mod_unique_id.so
LoadModule setenvif_module    libexec/mod_setenvif.so
LoadModule php_module         libexec/mod_php.so
<IfDefine SSL>
LoadModule authz_ldap_module  libexec/mod_authz_ldap.so
LoadModule ssl_module         libexec/libssl.so
</IfDefine>

ClearModuleList
AddModule mod_vhost_alias.c
AddModule mod_env.c
AddModule mod_define.c
AddModule mod_log_config.c
AddModule mod_mime_magic.c
AddModule mod_mime.c
AddModule mod_negotiation.c
AddModule mod_status.c
AddModule mod_info.c
AddModule mod_include.c
AddModule mod_autoindex.c
AddModule mod_dir.c
AddModule mod_cgi.c
AddModule mod_asis.c
AddModule mod_imap.c
AddModule mod_actions.c
AddModule mod_speling.c
AddModule mod_userdir.c
AddModule mod_alias.c
AddModule mod_rewrite.c
AddModule mod_access.c
AddModule mod_auth.c
AddModule mod_auth_anon.c
AddModule mod_auth_dbm.c
AddModule mod_digest.c
AddModule mod_proxy.c
AddModule mod_cern_meta.c
AddModule mod_expires.c
AddModule mod_headers.c
AddModule mod_usertrack.c
AddModule mod_unique_id.c
AddModule mod_so.c
AddModule mod_setenvif.c
AddModule mod_php.c
<IfDefine SSL>
AddModule mod_authz_ldap.c
AddModule mod_ssl.c
</IfDefine>

ExtendedStatus On
Port 80

<IfDefine SSL>
Listen 80
Listen 443
</IfDefine>

User nobody
Group nobody

ServerAdmin correij@telkom.co.za

DocumentRoot "/usr/test/webapps/testweb"

<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>

<Directory "/usr/test/webapps/testweb">
	Options Indexes FollowSymLinks MultiViews ExecCGI
	AllowOverride None
	Order allow,deny
      Allow from all
</Directory>

<IfModule mod_userdir.c>
    UserDir public_html
</IfModule>

<Directory /usr/test/webapps/testweb/bugzilla>
	Options All ExecCGI
	AllowOverride None
	Order allow,deny
	Allow from all
</Directory>

<Directory /opt/bugzilla>
        Options All ExecCGI
        AllowOverride None
        Order allow,deny
        Allow from all
</Directory>

<IfModule mod_dir.c>
    DirectoryIndex index.html
</IfModule>

<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>

UseCanonicalName On

<IfModule mod_mime.c>
    TypesConfig /opt/apache/conf/mime.types
</IfModule>

DefaultType text/plain

<IfModule mod_mime_magic.c>
    MIMEMagicFile /opt/apache/conf/magic
</IfModule>

HostnameLookups on
<Files ~ "\.(html|cgi)$">
    HostnameLookups on
</Files>

ErrorLog /opt/apache/logs/apache.err
LogLevel debug
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
LogFormat "%h %l %u %t \"%r\" %>s %b %U %H %m %p %T %b" insane
CustomLog /opt/apache/logs/apache.log insane

ServerSignature EMail

<IfModule mod_alias.c>
	Alias /icons/ "/opt/apache/icons/"
   <Directory "/opt/apache/icons">
        Options Indexes MultiViews
        AllowOverride None
        Order allow,deny
        Allow from all
    </Directory>

   ScriptAlias /cgi-bin/ "/opt/apache/cgi-bin/"
   <Directory "/opt/apache/cgi-bin">
        AllowOverride None
        Options None
        Order allow,deny
        Allow from all
    </Directory>

</IfModule>

<IfModule mod_autoindex.c>

    IndexOptions FancyIndexing

    AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip

    AddIconByType (TXT,/icons/text.gif) text/*
    AddIconByType (IMG,/icons/image2.gif) image/*
    AddIconByType (SND,/icons/sound2.gif) audio/*
    AddIconByType (VID,/icons/movie.gif) video/*

    AddIcon /icons/binary.gif .bin .exe
    AddIcon /icons/binhex.gif .hqx
    AddIcon /icons/tar.gif .tar
    AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
    AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
    AddIcon /icons/a.gif .ps .ai .eps
    AddIcon /icons/layout.gif .html .shtml .htm .pdf
    AddIcon /icons/text.gif .txt
    AddIcon /icons/c.gif .c
    AddIcon /icons/p.gif .pl .py
    AddIcon /icons/f.gif .for
    AddIcon /icons/dvi.gif .dvi
    AddIcon /icons/uuencoded.gif .uu
    AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
    AddIcon /icons/tex.gif .tex
    AddIcon /icons/bomb.gif core

    AddIcon /icons/back.gif ..
    AddIcon /icons/hand.right.gif README
    AddIcon /icons/folder.gif ^^DIRECTORY^^
    AddIcon /icons/blank.gif ^^BLANKICON^^
    DefaultIcon /icons/unknown.gif

    AddHandler cgi-script .cgi
</IfModule>

Action cgi-script /usr/bin/perl
ErrorDocument 404 /Error.xml

<IfModule mod_setenvif.c>
    BrowserMatch "Mozilla/2" nokeepalive
    BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0
force-response-1.0

    BrowserMatch "RealPlayer 4\.0" force-response-1.0
    BrowserMatch "Java/1\.0" force-response-1.0
    BrowserMatch "JDK/1\.0" force-response-1.0

</IfModule>

<Location /server-status>
    SetHandler server-status
    Order allow,deny
    Allow from all
</Location>

<Location /server-info>
    SetHandler server-info
    Order deny,allow
    Deny from all
    Allow from .telkom.co.za
</Location>

<IfDefine SSL>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
</IfDefine>

SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:/opt/apache/logs/ssl_scache
SSLSessionCacheTimeout  300
SSLMutex  file:/opt/apache/logs/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog      /opt/apache/logs/ssl_engine_log
SSLLogLevel info

</IfModule>

<IfDefine SSL>
<VirtualHost _default_:443>
  DocumentRoot "/usr/unibase/webapps/uniweb"
  ServerName descartes.telkom.co.za
  ServerAdmin rhoder1@telkom.co.za
  ErrorLog /opt/apache/logs/error_log
  TransferLog /opt/apache/logs/access_log

  SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
  SSLCertificateKeyFile /opt/apache/conf/ssl.key/server.key
  SSLCACertificateFile /opt/apache/conf/ssl.crt/ca-bundle.crt
  SSLVerifyClient require
  SSLVerifyDepth  10

  <Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
  </Files>
  <Directory "/opt/apache/cgi-bin">
    SSLOptions +StdEnvVars
  </Directory>

  <Directory "/servlet">

    #Jose 21/08/2002 -  Inserted to get mod_authz_ldap authentication
going
     #SSLRequireSSL

     AuthName        AuthzLDAP
     AuthType        Basic
     AuthzLDAPServer "localhost:389"

     AuthzLDAPUserKey     users
     AuthzLDAPUserBase    ou=users,o=telkom
     AuthzLDAPUserScope   base

     require valid-user

    </Directory>

  SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

</VirtualHost>

</IfDefine>

LoadModule jrun_module136
"/opt/jrun/connectors/apache/intel-linux/mod_jrun.so"
<IfModule mod_jrun.c>
	JRunConfig jrun.rootdir "/opt/jrun/bin/.."
	JRunConfig jvmlist unibase
	JRunConfig Verbose false
	JRunConfig ProxyHost 127.0.0.1
	JRunConfig ProxyPort 8007
	JRunConfig Mappings "/opt/jrun/servers/test/local.properties"
</IfModule>

include /opt/jakarta-tomcat-3.2.1/conf/mod_jk.conf-auto

END OF HTTPD.CONF

Any idea? Sorry for my cluelessness... I'm trying though

Best regards
Jose Correia




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message