httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Christensen" <dpchr...@holgerdanske.com>
Subject Re: [users@httpd] CGI script runs under http, but browser tries to download under https
Date Wed, 15 Oct 2003 08:27:52 GMT
users@httpd.apache.org:

Boyle Owen wrote:
> Eh? If you do not have "Listen 443" somewhere in your apache config
> then apache is not listening on that port and so apache cannot be
> responding to the HTTPS requests. So it must be something else which
> is responding...
> Let me see if I understand your situation correctly:
> - you set up a plain HTTP site on the usual port 80 and with CGI: this
> worked as expected.
> - For some reason, you tried putting a small "s" into the URL to see
> what would happen if you HTTPS'd to the same URL. I'm not sure what
> you expected to happen, but you were suprised to find that the CGI
> source was listed in the browser.
> To be clear, when you type "https" into a browser, it makes the
> request to port 443 on the server. If you only had your plain HTTP
> apache running, this should not have worked - you should have got a
> "connection refused" error at the TCP/IP level. The fact that you got
> a response means that there must be something listening on that port -
> could it be a default webserver that comes with Debian?

Thanks for the reply.  :-)


Okay.  I had assumed that Apache was responding to both the http and the
https requests.


> To check this out, you need to "ps -ef" and look for httpd processes.

root@d3020g:~# ps -ef
UID        PID  PPID  C STIME TTY          TIME CMD
root         1     0  0 Oct14 ?        00:00:04 init [2]
root         2     1  0 Oct14 ?        00:00:00 [keventd]
root         3     0  0 Oct14 ?        00:00:00 [ksoftirqd_CPU0]
root         4     0  0 Oct14 ?        00:00:00 [kswapd]
root         5     0  0 Oct14 ?        00:00:00 [bdflush]
root         6     0  0 Oct14 ?        00:00:00 [kupdated]
root         7     1  0 Oct14 ?        00:00:00 [i2oevtd]
root         9     1  0 Oct14 ?        00:00:00 [kjournald]
root        44     1  0 Oct14 ?        00:00:00 [khubd]
root        52     1  0 Oct14 ?        00:00:00 [kapmd]
root        83     1  0 Oct14 ?        00:00:00 [kjournald]
root        84     1  0 Oct14 ?        00:00:00 [kjournald]
root       107     1  0 Oct14 ?        00:00:00 [eth0]
root       167     1  0 Oct14 ?        00:00:00 /sbin/syslogd
root       170     1  0 Oct14 ?        00:00:00 /sbin/klogd
root       178     1  0 Oct14 ?        00:00:00 /usr/sbin/inetd
root       185     1  0 Oct14 ?        00:00:00 /bin/sh /usr/bin/safe_my
sqld
mysql      220   185  0 Oct14 ?        00:00:00 /usr/sbin/mysqld --based
ir=/usr
mysql      222   220  0 Oct14 ?        00:00:00 /usr/sbin/mysqld --based
ir=/usr
mysql      223   222  0 Oct14 ?        00:00:00 /usr/sbin/mysqld --based
ir=/usr
mysql      224   222  0 Oct14 ?        00:00:00 /usr/sbin/mysqld --based
ir=/usr
root       236     1  0 Oct14 ?        00:00:00 /usr/sbin/sshd
daemon     239     1  0 Oct14 ?        00:00:00 /usr/sbin/atd
root       242     1  0 Oct14 ?        00:00:00 /usr/sbin/cron
root       246     1  0 Oct14 ?        00:00:00 /usr/sbin/apache
www-data   251   246  0 Oct14 ?        00:00:00 /usr/sbin/apache
www-data   252   246  0 Oct14 ?        00:00:00 /usr/sbin/apache
www-data   253   246  0 Oct14 ?        00:00:00 /usr/sbin/apache
www-data   254   246  0 Oct14 ?        00:00:00 /usr/sbin/apache
www-data   255   246  0 Oct14 ?        00:00:00 /usr/sbin/apache
root       256     1  0 Oct14 ?        00:00:00 /usr/sbin/apache-ssl
root       259     1  0 Oct14 tty1     00:00:00 /sbin/getty 38400 tty1
root       260     1  0 Oct14 tty2     00:00:00 /sbin/getty 38400 tty2
root       261     1  0 Oct14 tty3     00:00:00 /sbin/getty 38400 tty3
root       262     1  0 Oct14 tty4     00:00:00 /sbin/getty 38400 tty4
root       263     1  0 Oct14 tty5     00:00:00 /sbin/getty 38400 tty5
www-data   264   256  0 Oct14 ?        00:00:00 /usr/lib/apache-ssl/gcac
he 33 /v
root       265     1  0 Oct14 tty6     00:00:00 /sbin/getty 38400 tty6
www-data   266   256  0 Oct14 ?        00:00:00 /usr/sbin/apache-ssl
www-data   267   256  0 Oct14 ?        00:00:00 /usr/sbin/apache-ssl
www-data   268   256  0 Oct14 ?        00:00:00 /usr/sbin/apache-ssl
www-data   269   256  0 Oct14 ?        00:00:00 /usr/sbin/apache-ssl
www-data   270   256  0 Oct14 ?        00:00:00 /usr/sbin/apache-ssl
root       311   236  0 00:53 ?        00:00:00 /usr/sbin/sshd
dpchrist   313   311  0 00:53 ?        00:00:00 /usr/sbin/sshd
dpchrist   314   313  0 00:53 pts/0    00:00:00 -bash
root       315   314  0 00:53 pts/0    00:00:00 -su
www-data   323   246  0 00:53 ?        00:00:00 /usr/sbin/apache
root       343   315  0 00:55 pts/0    00:00:00 ps -ef


I see apache and apache-ssl.  I don't see httpd or httpsd (?).


> Also, look in the /etc/rc.local (or thereabouts) for startup scripts
> that might be starting a built-in apache at boot (find and grep will
> be useful here...)

root@d3020g:~# runlevel
N 2

root@d3020g:~# l /etc/rc2.d
./            S11klogd@  S20inetd@    S20ssh@   S91apache@
../           S14ppp@    S20makedev@  S89atd@   S91apache-ssl@
S10sysklogd@  S20exim@   S20mysql@    S89cron@  S99rmnologin@

root@d3020g:~# l /etc/init.d/apache*
/etc/init.d/apache*  /etc/init.d/apache-ssl*


Looks like apache and apache-ssl get started automatically in run level
2 (I run the server in text mode and SSH in).


> I'm not sure you understand the difference between HTTP and HTTPS - to
> be clear, they are separate protocols and, unless configured to do so,
> a webserver will not respond to HTTPS requests. So a new installation
> of apache will not respond to an HTTPS request (I get the impression
> you might've expected it to do so):

You're right -- I was assuming that one server was handling both
requests.


So, it looks like apache is serving port 80 and apache-ssl is serving
port 443.


I wonder -- is there an httpd.conf for apache-ssl?

root@d3020g:~# l /etc/apache*
/etc/apache:
./  ../  access.conf  conf@  httpd.conf  mime.types@  srm.conf

/etc/apache-ssl:
./   access.conf  c0bd8a4a.0@  httpd.conf   srm.conf
../  apache.pem   conf@        mime.types@


Yup.  Try adding per-user cgi-bin stuff to /etc/apache-ssl/httpd.conf:

root@d3020g:~/d3020g/etc/apache-ssl:CVS> cvs diff httpd.conf
Index: httpd.conf
===================================================================
RCS file: /cvs/dpchrist/d3020g/etc/apache-ssl/httpd.conf,v
retrieving revision 1.1
diff -r1.1 httpd.conf
395a396,399
> <Directory /home/*/public_html/cgi-bin>
>     Options +ExecCGI
> </Directory>
>
780a785
>     AddHandler cgi-script .pl

root@d3020g:~/d3020g/etc/apache:CVS> apache-sslctl configtest
[Wed Oct 15 01:18:59 2003] [alert] apache-ssl: Could not determine the
server's fully qualified domain name, using 192.168.254.2 for ServerName
Syntax OK

root@d3020g:~/d3020g/etc/apache:CVS> apache-sslctl graceful
/usr/sbin/apache-sslctl graceful: httpsd gracefully restarted


Now it works!

    http://192.168.254.2/~ramdra3/hello.html -> ok

    https://192.168.254.2/~ramdra3/hello.html -> ok

    http://192.168.254.2/~ramdra3/cgi-bin/hello.pl -> ok

    https://192.168.254.2/~ramdra3/cgi-bin/hello.pl -> ok


Hip, Hip, Hazzah! for Owen!  :-)


David


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message