free blog   apache   shopping directory   php powered
RLai'm having a problem doing http auth with pam with system users
RLaBad file descriptor: Could not open password file: (null)
RLathis is relevant part of the configuration:
thumbsfajita: pam
fajitaPluggable Authentication Modules or or probably a bad idea for doing apache authentication[for good documentation on PAM read
thumbsfajita: AuthPAM_Enabled
RLaso why is this a bad idea?
thumbstibyke: it exposes system users.
thumbsRLa: it exposes system users
RLaso what?
jmuthi lets say I have url /moo/foo          but now I am creating new api and want to temporallly  support   /moo/foo and /moo2/foo     thing is both should end up as url /moo/foo (the request uri)   but one should run index.php the other index2.php
jmutI hope it makes sense.
thumbsRLa: so it's very insecure.
RLaor what do you mean by "exposes"?
thumbsRLa: allows remote hackers to known the names of your real unix users.
thumbsjmut: ok.
RLathumbs, without having account on the system first?
thumbsRLa: yes.
jmutthumbs: yeah well questions was for any tips howto achievce it with modrewrite
fajita[ fbeyond] thumbs, I don't need security
thumbsfajita: you're on topic, too!
thumbsfajita: rewriteguide
fajita or
thumbsjmut: ^^
jmutthumbs: thanks
RLathumbs, htpasswd file will not reveal users?
RLait looks like plain text
thumbsRLa: those are not system users.
thumbsRLa: those can be arbitrary users.
thumbsRLa: what's so funny?
mjoethumbs: He does not want to learn something. :)
thumbsmjoe: shame, then.
PerunI have configured an auth vs windows ad (mod_authnz_ldap). It works but I ever need to login with the full domain user nam like user@mydomain.local... it is possible to do it without the domain part? only as user without @mydomain.local
mjoethumbs: Learning action should begin with respect to person who teachs.
thumbsmjoe: I agree.
publikbI have a mod_jk question ?  is there another channel I should go for that ?
thumbspublikb: there is no specific channel, I believe.
fajita or Use mod_proxy_ajp instead.
jMCgEven #tomcat says: Use mod_proxy_ajp instead:
thumbsyes, use that instead.
jMCg15:24 [freenode] -!- Topic for #tomcat: Stable versions: 6.0.20, 5.5.28, 4.1.40. Newbies use the official binary from, or an RPM package from Check your Tomcat logs before you ask for an answer. SLOW MOTION CHANNEL (we all have jobs & kids): Ask your question
jMCg including your TC,Java, & OS versions, then wait; check back often for aenswers..  Use mod_proxy_ajp, not mod_jk
publikbI am using ajp connector
publikbbut using mod_jk
publikb I am recieving a mod_jk error : get_most_suitable_worker::jk_lb_worker.c (766) : locking failed (errno=22) which is flooding my logs every few seconds
publikball though connections still go through
jMCgMy eyes are burning. I need caffeine.
jMCgpublikb: I can't find anyone out there having that problem.
jMCgSo.. why, again, are you not using mod_proxy_ajp?
publikbto be honest... not sure. we worked with a third party to setup two apache load balancers, and two tomcat servers and thats what was used
publikbI havent really looked into mod_proxy_ajp
publikbis mod_proxy_ajp much better
publikbI know that parts of mod_jk were implemented in apache 2.2 but never got around to reconfiguring the setup
thumbspublikb: yes. it's much better
publikbcool I will look into it
publikbneed to try and stop this error though
bas84I get the following message when trying to get a php page on our server : You have to chosen to open [blank line] which is a: PHTML file
bas84apache2 virtualhost configuration seems te be normal, and page worked before server upgrade (debian)
thumbsfajita: php download
thumbsbas84: ^^
nils__Hi! I have a problem that apache httpd processes grow in size. All threads use memory from 0x09536000 and forward, and this range only grows in size (in different rates for each process) when the httpd threads serve requests. When I inspect the memory in GDB I see that alot of document (CGI-program output) is "permanently" stored in that region, for example 30 MB PDF files.. Is my version of apache leaking or is this normal behaviour?
gryzornils__: usually, we blame php for that
aro is there a way when POSTing a file using php to not make it store the file in RAM first before writing it to disk?
thumbsaro: ##php
nils__gryzor: The output that is "stuck" in the memory is from a CGI-program in C in this case
thumbsaro: apache httpd does not handle POST data.
thumbsnils__: how are you releasing the memory?
gryzornils__: Does your CGI program conform to CGI specifications ? if so this is not normal of course.
gryzorthumbs: shouldn't matter, since CGI is an external forked program
nils__thumbs: Well. I think the program is releasing it with free and delete, but even if it was leaking it should be released when the CGI-process dies by the Linux kenrel?
bas84thumbs: thx
nils__not "stuck" in the httpd process memory pool
nils__gryzor: I believe it is conforming
nils__I am using Apache/2.2.3
gryzornils__: do you use mod_cache*
Covenernils__: MaxMemFree ?
nils__gryzor: No
nils__Covener: thanks for the hint, I will try that directive
gryzorfajita: maxmemfree?
gryzorfajita: maxmemfree is
fajitaokay, gryzor
nils__is MaxMemFree 8192 enough in general?
Covenernils__: it's already in kb fwiw
Covenernils__: for debugging, the only downside is more calls to free/new
Covenernils__: so if you set 64[kb] for example you might just see more CPU if that was way less than what was needed
nils__Covener: Thanks
beta[a]gm guys... i read thru the apache docs over and over and i'm having difficulty understanding rewritecon and rewriterules...  do rewriterules apply underneath each rewrite condition?
thumbsbeta[a]: the condition only applies to the rule that follows it.
thumbsbeta[a]: conditions are cumulative, however.
thumbsbeta[a]: i.e. RewriteCond ${REQUEST_URI} foo // RewriteCond %{REQUEST_URI} bar [OR] // RewriteRule . - [L]
beta[a]ok cool..
beta[a]b/c i'm trying to redirect 2 non-secure pages to https://pagename
thumbsbeta[a]: ok.
thumbsfajita: http2https
beta[a]all the while, making sure that secure and non secure redirect to
beta[a]can someone PM me so i can send them the existing code i have?
beta[a]i really appreciate it
fajita or or
thumbsbeta[a]: no, use a pastebin instead.
beta[a]and i'm geting problems b/c is redicting to
hershelIs this the correct channel to ask a question about why my symlink and vhost.conf is not working (with Plesk)?
barefootbeta[a]: there is no https_host ?
barefoothershel: ill help you
thumbshershel: yes, ask.
thumbsbeta[a]: {HTTPS_HOST} is not a valid variable.
hershelI did ln -s and then I made vhost.conf and then I ran /usr/local/psa/admin/sbin/websrvmng -u --vhost-name=
hershelbut I get now a 403 error when I browse to the URL
bas84i get the following error whene loading the php module in apache2  /usr/lib/apache2/modules/ does not exist, but i had php5 running on this server before server upgrade
barefoota symlink to and from what?
thumbshershel: what does the error log say, exactly?
thumbsbas84: supply a valid path, obviously.
hershelbarefoot the symlink is from /var/www/vhosts/SECONDdomain/httpdocs to /var/www/vhosts/FIRSTdomain/httpdocs
thumbshershel: what does the error log say, exactly?
hershelthumbs there is no error there
thumbshershel: a 403 is always logged. Look again.
barefootuse a serveralias instead?
hershelthumnbs u r right. i was looking in FIRST domain error log. in SECOND I see Symbolic link not allowed or link target not accessible:
Huvethi! I'm trying to redirect all www-urls on my site to non-www versions. I'm using apache with mod_wsgi. Problem is, my redirects to how can I solve this? Here's my .htaccess and httpd.conf:
thumbshershel: run namei -m on the full path.
thumbsfajita: canonical hostname
thumbsHuvet: ^^
hershelthumbs you mean: namei -m /var/www/vhosts/SECONDname/htttpdocs
Huvetthanks thumbs, I'll try
thumbshershel: tias
Huvetthumbs: I'm using a very similar rule now, is that one better?
hershelthumbs (i didn't know what that command does) it looks correct to me. the last line is httpdocs under the FIRST domain.
thumbshershel: pastebin the output.
hershelthumbs  I thoght maybe it's due to ownership by root
hershelof the symlink
thumbshershel: no.
thumbshershel: what distro is this?
hershelforget the command for that
thumbshershel: linux distribution.
hershelLinux 2.6.18-164.2.1.el5 #1 SMP Mon Sep 21 04:37:51 EDT 2009 i686 i686 i386 GNU/Linux
thumbshershel: what linux distribution is this?
hershelwhat command shows the distro name? I forgot that command
thumbshershel: it depends on the distro.
beta[a]thumbs... sorry i went away
thumbshershel: surely, you know what your server is running.
beta[a]ok.. so https_host is not valid
thumbsbeta[a]: correct.
beta[a]ok..  so lemme try this code:  hold on
hershelhershel thumbs LOL .  bit of a catch 22, then.  No I don't, it's not mine. I will check with the host
thumbshershel: thanks
mjoehershel: It's rhel or CentOS.
mysgrodaWhat exactly is "Apache (internal dummy connection)"?
barefootinternal dummy connection
fajita<> or
hershelmjoe i thought it was RH of some sort.
hershelmjoe how can we prove that? :)
thumbshershel: then see audit.log and selinux.
mysgrodaI see.
barefoothershel: cat /etc/redhat-release
thumbshershel: selinux might very well deny access to the file.
hershelRed Hat Enterprise Linux Server release 5.4 (Tikanga)
mjoehershel: rpm -qa *-release
barefoothershel: why symlink instead of just using a serveralias?
steve_jhey folks, am not sure where's best to ask this, but i want to grep logs for a particular string, and then extract a chunk of that line from each hit in the log
thumbssteve_j: #yourdistrohere
steve_jsure thanks
hershelmjoe: redhat-release-5Server-
hershelbarefoot, can u send a link explaining how to setup a serveralias?
mjoehershel: then, did we prove it? :)
Huvetthumbs: now I'm using that code, still the same problem...
barefootyou would do it via the control panel
hershelmjoe, yes, we can now take the host to court. :)
hershelbarefoot, u talking to me? I called host support today and they said to use vhosts.conf. that's why i tried that.   oh, they did say to try an alias but since someone already setup MAIL for this domain name, we couldnt' do that. i think that was the issue
thumbsok, sec.
beta[a]the http://domain -> http://www.domain works... but https://domain -> https://www.domain doesnt... we dont have a wildcard cert... so you HAVE to go to https://www.domain
barefootvhost.conf is fine, create it in domainA with a serveralias for domainB
thumbsbeta[a]: why .? ?
thumbsbeta[a]: what URI are you trying to match on line 8?
hershelbarefoot, OK, I understand. I will try that now.
beta[a]well anything...  i guess i shoulda used $1?  it doesnt really matter for now..  the weird thing is this
beta[a]https://domain gives cert error... THEN prepends WWW
thumbsbeta[a]: then ^ will do just fine.
beta[a]is the cert on https://domain read first before htaccess can process the site?
thumbsbeta[a]: yes, you can't avoid the warning.
beta[a]hold on.. i'm a newb at this..  like 8 is this:  RewriteRule .?{REQUEST_URI} [R=301,L]
beta[a]what should it be?
beta[a]and i've seen websites avoid the warning before!  do i have to get a wildcard cert?
thumbsbeta[a]: change the matching portion to ^
Popular searches: postgresql dynamic sql   

Generated by 2.1mg by Jeff Waugh - return