httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: [users@httpd] HTTP misconfiguration?
Date Tue, 14 Apr 2009 07:15:39 GMT
Hi.
Probably nothing to do with your problem, and I am not quite sure it 
really matters because I have not analysed your configuration in detail, 
but in principle ...
This line
   DocumentRoot /d01/tomcat/webapps/zeABC
means that you are allowing Apache to serve the files that are below 
that directory, including what is below WEB-INF in that directory, for 
example the web.xml of your application.


Pete Beebe wrote:
> Thank you, Tony,
> 
> HTTPD was installed form the 2.2.6 source against a RHES4.0 OS.
> 
> The end-user that reported the issue simply stated "web site down" whereas when I navigated
to the default pages I was looking at the contents of the http-ssl.conf file with no error
message.
> 
> The only recent changes to the Apache install was an update to the ssl.conf file's certificate
names and adjusting the proxy_pass/rewrite commands in order to properly pass traffic from
Apache to Tomcat's webapp.  I thought that perhaps the proxy_pass/rewrite bit might have been
the issue but figured if it was configured wrong a more persistent error would be evident.
> 
> Config params for the source compile were:
> 
> "./configure" \
> "-prefix=/d01/apache" \
> "--enable-ssl" \
> "--enable-proxy" \
> "--enable-dav" \
> "--enable-dav-fs" \
> "--enable-dav-lock" \
> "--enable-vhost-alias" \
> "--enable-rewrite" \
> "--enable-so" \
> "--with-include-apr" \
> "--with-ssl=/usr/include/openssl" \
> "--with-mpm=worker" \
> 
> The Apache server listens on two NICs for two sites which both run on a Tomcat back-end.
> 
> -----------
> HTTPD.CONF:
> -----------
> 
> ServerRoot "/d01/apache"
> Listen 80
> <IfModule !mpm_netware_module>
> User daemon
> Group daemon
> </IfModule>
> ServerAdmin jondoe.admin@jondoe.com DocumentRoot "/d01/apache/htdocs"
> <Directory />
>     Options FollowSymLinks
>     AllowOverride None
>     Order deny,allow
>     Deny from all
> </Directory>
> <Directory "/d01/apache/htdocs">
>     Options Indexes FollowSymLinks
>     AllowOverride None
>     Order allow,deny
>     Allow from all
> </Directory>
> <IfModule dir_module>
>     DirectoryIndex index.html
> </IfModule>
> <FilesMatch "^\.ht">
>     Order allow,deny
>     Deny from all
>     Satisfy All
> </FilesMatch>
> ErrorLog logs/error_log
> LogLevel warn
> LoadModule jk_module modules/mod_jk.so
> Include "/d01/apache/conf/mod_jk.conf"
> <IfModule log_config_module>
>     LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
>     LogFormat "%h %l %u %t \"%r\" %>s %b" common
>     <IfModule logio_module>
>       # You need to enable mod_logio.c to use %I and %O
>       LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O"
combinedio
>     </IfModule>
>     CustomLog logs/access_log common
> </IfModule>
> <IfModule alias_module>
>     ScriptAlias /cgi-bin/ "/d01/apache/cgi-bin/"
> </IfModule>
> <IfModule cgid_module>
> </IfModule>
> <Directory "/d01/apache/cgi-bin">
>     AllowOverride None
>     Options None
>     Order allow,deny
>     Allow from all
> </Directory>
> DefaultType text/plain
> <IfModule mime_module>
>     TypesConfig conf/mime.types
>     AddType application/x-compress .Z
>     AddType application/x-gzip .gz .tgz
> </IfModule>
> Include conf/extra/httpd-mpm.conf
> Include conf/extra/httpd-ssl.conf
> <IfModule ssl_module>
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> </IfModule>
> Alias /abc /d01/tomcat/webapps/zeABC
> <Directory /d01/tomcat/webapps/zeABC>
> Options FollowSymLinks Includes
> DirectoryIndex index.html
> AddHandler server-parsed shtml
> order allow,deny
> allow from all
> </Directory>
> 
> <VirtualHost 10.0.0.11:80>
>   ServerAdmin jondoe.admin@jondoe.com
>   DocumentRoot /d01/tomcat/webapps/zeABC
>   ServerName www.zeABC.com
>   ServerAlias zeABC.com
>   ScriptAlias /cgi-bin/ /home/zeABC/cgi-bin/
>   RewriteEngine on
>   RewriteCond   %{SERVER_PORT}  !^443$
> #  RewriteRule ^(.*)$ https://www.zeABC.com/abc/$1 [L,R]
>   RewriteRule ^(.*)$ https://www.zeABC.com/zeABC$1 [L,R]
> </VirtualHost>
> <VirtualHost 10.0.0.12:80>
>   ServerAdmin jondoe.admin@jondoe.com
>   DocumentRoot /d01/tomcat/webapps/zeABC
>   ServerName www.XYZ.com
>   ServerAlias XYZ.com
>   ScriptAlias /cgi-bin/ /home/zeABC/cgi-bin/
>   RewriteEngine on
>   RewriteRule ^(.*) https://www.XYZ.com/abc
> </VirtualHost>
> ServerTokens Minimal
> 
> --------------
> HTTP-SSL.CONF:
> --------------
> Listen 443
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl    .crl
> SSLPassPhraseDialog  builtin
> SSLSessionCache        "shmcb:/d01/apache/logs/ssl_scache(512000)"
> SSLSessionCacheTimeout  300
> SSLMutex  "file:/d01/apache/logs/ssl_mutex"
> <VirtualHost 10.0.0.11:443>
>   DocumentRoot "/home/ABC_ssl/tmp"
>   ServerName www.ABC.com
>   ServerAdmin jondoe.admin@jondoe.org
>   ErrorLog logs/ssl_error_log
>   CustomLog logs/ssl_access_log combined
>   <Directory "/home/ABC_ssl/tmp">
>     Options Indexes FollowSymLinks MultiViews
>     AllowOverride None
>     Order allow,deny
>     Allow from all
>   </Directory>
>    ScriptAlias /cgi-bin/ "/home/ABC_ssl/cgi-bin/"
>   <Directory "/home/ABC_ssl/cgi-bin">
>     AllowOverride None
>     Options None
>     Order allow,deny
>     Allow from all
>     SSLOptions +StdEnvVars
>   </Directory>
>   ProxyPass        /ABC/ http://10.0.0.11:9001/ABC/
>   ProxyPassReverse /ABC/ http://10.0.0.11:9001/ABC/
>   SSLEngine on
>   SSLProtocol -ALL +SSLv3 +TLSv1
>   SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
>   SSLCertificateFile /d01/apache/conf/ssl.crt/www_ABC_com.2009.crt
>   SSLCertificateKeyFile /d01/apache/conf/ssl.key/www.ABC.com.key
>   SSLCACertificateFile /d01/apache/conf/ssl.prm/intermediate.crt
>   SSLCertificateChainFile /d01/apache/conf/ssl.crt/www_ABC_com.ca-bundle
>    <Location />
>     SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
>     ErrorDocument 403 http://www.ABC.com/error_4035.cfm
>   </Location>
>    SetEnvIf User-Agent ".*MSIE.*" \
>          nokeepalive ssl-unclean-shutdown
> </VirtualHost>
> <VirtualHost 10.0.0.12:443>
>   DocumentRoot "/home/xyz"
>   ServerName www.XYZ.com
>   ServerAdmin jondoe.admin@jondoe.org
>   <Directory "/home/xyz">
>     Options Indexes FollowSymLinks MultiViews
>     AllowOverride None
>     Order allow,deny
>     Allow from all
>   </Directory>
>   ScriptAlias /cgi-bin/ "/home/xyz/cgi-bin/"
>   <Directory "/home/xyz/cgi-bin">
>     AllowOverride None
>     Options None
>     Order allow,deny
>     Allow from all
>     SSLOptions +StdEnvVars
>   </Directory>
>   RewriteEngine on
>   RewriteRule ^/abc /ABC/XYZOMG/ [R]
>   ProxyPass        /ABC/ http://10.0.0.11:9001/ABC/
>   ProxyPassReverse /ABC/ http://10.0.0.11:9001/ABC/
>  
>   SSLEngine on
>   SSLProtocol -ALL +SSLv3 +TLSv1
>   SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
>   SSLCertificateFile /d01/apache/conf/ssl.crt/www_XYZ_com.crt
>   SSLCertificateKeyFile /d01/apache/conf/ssl.key/www.XYZ.com.key
>   SSLCACertificateFile /d01/apache/conf/ssl.prm/intermediate.crt
>   SSLCertificateChainFile /d01/apache/conf/ssl.crt/www_XYZ_com.ca-bundle 
>    <Location />
>     SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
>     ErrorDocument 403 http://www.ABC.com/error_4035.cfm
>   </Location>
>   SetEnvIf User-Agent ".*MSIE.*" \
>          nokeepalive ssl-unclean-shutdown
> </VirtualHost>
> 
>> From: Tony Stevenson <tony@pc-tony.com>
>> Subject: Re: [users@httpd] HTTP misconfiguration?
>> Pete,
>>
>> I would suggest initially you tell us about your install of
>> of HTTPD, is from source, or from a vendor package?
>> Ca you show us your config? Either an anonomised one, or
>> one that covers the main httpd config, along with your ssl
>> config.
>>
>> Is it possible that you have an overlapping config, that
>> exposes your config files.  i.e. a misconfigured docroot, or
>> symlinks?
>>
>> Also, what error were you getting when the "site was
>> down"  40x?, 50x? - Specifics can help us here.
> 
> 
>       
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message