I am trying to setup IIS (version 8.x, windows 2008) in front of two IBM WAS(Liberty Profile Version 8.5.5) servers.
I have also deployed my Runtime on both the WAS Servers and individually they both are working totally fine.
When I am trying to configure both in IIS, I am getting following issue :
When I hit /, It opens the Console but after supplying username and password and hit enter, It again shows me the login page.
After going through the log trace, I think there is some issue with setting cookie JSESSIONID, But I couldn't find a way to resolve it.
My plugin-cfg.xml looks like following :
<?xml version="1.0" encoding="UTF-8"?>
<Config ASDisableNagle="false" AcceptAllContent="false" AppServerPortPreference="HostHeader" ChunkedResponse="false" FIPSEnable="false" IISDisableNagle="false" IISPluginPriority="High" IgnoreDNSFailures="false" RefreshInterval="60" ResponseChunkSize="64" SSLConsolidate="false" TrustedProxyEnable="false" VHostMatchingCompat="false">
<Log LogLevel="Trace" Name="C:\AppServer\Logs\http_plugin.log"/>
<Property Name="ESIEnable" Value="true"/>
<Property Name="ESIMaxCacheSize" Value="1024"/>
<Property Name="ESIInvalidationMonitor" Value="false"/>
<Property Name="ESIEnableToPassCookies" Value="false"/>
<Property Name="PluginInstallRoot" Value="."/>
<VirtualHostGroup Name="default_host">
<VirtualHost Name="*:9443"/>
<VirtualHost Name="*:443"/>
<VirtualHost Name="*:80"/>
<VirtualHost Name="*:9080"/>
</VirtualHostGroup>
<ServerCluster CloneSeparatorChange="false" GetDWLMTable="false" IgnoreAffinityRequests="true" LoadBalance="Round Robin" Name="defaultServer_default_node_Cluster" PostBufferSize="0" PostSizeLimit="-1" RemoveSpecialHeaders="true" RetryInterval="60">
<Server CloneID="server1111" ConnectTimeout="5" LoadBalanceWeight="2" ExtendedHandshake="false" MaxConnections="-1" Name="default_node_defaultServer0" ServerIOTimeout="900" WaitForContinue="false">
<Transport Hostname="<IP1>" Port="9080" Protocol="http"/>
<Transport Hostname="<IP1>" Port="9443" Protocol="https">
<Property Name="keyring" Value="keyring.kdb"/>
<Property Name="stashfile" Value="keyring.sth"/>
<Property Name="certLabel" Value="LibertyCert"/>
</Transport>
</Server>
<Server CloneID="server2222" ConnectTimeout="5" LoadBalanceWeight="2" ExtendedHandshake="false" MaxConnections="-1" Name="default_node_defaultServer1" ServerIOTimeout="900" WaitForContinue="false">
<Transport Hostname="<IP2>" Port="9080" Protocol="http"/>
<Transport Hostname="<IP2>" Port="9443" Protocol="https">
<Property Name="keyring" Value="keyring.kdb"/>
<Property Name="stashfile" Value="keyring.sth"/>
<Property Name="certLabel" Value="LibertyCert"/>
</Transport>
</Server>
<PrimaryServers>
<Server Name="default_node_defaultServer0"/>
<Server Name="default_node_defaultServer1"/>
</PrimaryServers>
</ServerCluster>
<UriGroup Name="default_host_defaultServer_default_node_Cluster_URIs">
<Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/worklightconsole/*"/>
<Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/wladmin/*"/>
<Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/appcenterconsole/*"/>
<Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/HelloWorld/*"/>
<Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/applicationcenter/*"/>
<Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/IBMJMXConnectorREST/*"/>
</UriGroup>
<Route ServerCluster="defaultServer_default_node_Cluster" UriGroup="default_host_defaultServer_default_node_Cluster_URIs" VirtualHostGroup="default_host"/>
</Config>
Following is the trace log of IIS:
[Tue Sep 29 09:40:46 2015] 00000f10 00001430 - DEBUG: ws_common: websphereHandleSessionAffinity: Checking for session affinity
[Tue Sep 29 09:40:46 2015] 00000f10 00001430 - DEBUG: ws_common: websphereHandleSessionAffinity: Checking the SSL cookie affinity: SSLJSESSION
[Tue Sep 29 09:40:46 2015] 00000f10 00001430 - DEBUG: lib_htrequest: htrequestGetCookieValue: Looking for cookie: 'SSLJSESSION'
[Tue Sep 29 09:40:46 2015] 00000f10 00001430 - DEBUG: lib_htrequest: htrequestGetCookieValue: No cookie found for: 'SSLJSESSION'
[Tue Sep 29 09:40:46 2015] 00000f10 00001430 - DEBUG: ws_common: websphereHandleSessionAffinity: Checking the cookie affinity: JSESSIONID
[Tue Sep 29 09:40:46 2015] 00000f10 00001430 - DEBUG: lib_htrequest: htrequestGetCookieValue: Looking for cookie: 'JSESSIONID'
[Tue Sep 29 09:40:46 2015] 00000f10 00001430 - DEBUG: lib_htrequest: htrequestGetCookieValue: No cookie found for: 'JSESSIONID'
[Tue Sep 29 09:40:46 2015] 00000f10 00001430 - DEBUG: ws_common: websphereHandleSessionAffinity: Checking the url rewrite affinity: jsessionid
[Tue Sep 29 09:40:46 2015] 00000f10 00001430 - DEBUG: ws_common: websphereParseSessionID: Parsing session id from '/worklightconsole/login.html'
[Tue Sep 29 09:40:46 2015] 00000f10 00001430 - DEBUG: ws_common: websphereParseSessionID: No session found for jsessionid
[Tue Sep 29 09:40:46 2015] 00000f10 00001430 - DEBUG: ws_common: websphereHandleSessionAffinity: Bypassing check for partitionID cookie affinity. No stored partition table.
Any help would be highly appreciated.
Related
I have an application running on httpd server under Centos 8. The Apache server requires user to show vaild certificate and than the ssl variables like DN, CN and SERIAL are passed to the Flask application (than the access verification is run).
The app when not vaild cert is given e.g. user's cert is not in database, should show error page under url "/site/public/failed" with proper info.
Problem is that only my cert is passed by Apache and than page loads correctly (My cert is in db), but when my collages (same company, same CA) try to reach it they are flashed with ERR_BAD_SSL_CLIENT_AUTH_CERT and blank page. I assume that even if they will be in db, the Apache wouldn't let them to access app on it.
When I check the logs after them try to connect, it looks different than when I am connecting. One thing that I have spotted is their cert is checked only with depth 0 when my goes to depth 2.
config:
Listen ip:443
##SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
SSLSessionCache shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout 300
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
##SSLCipherSuite PROFILE=SYSTEM
##SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
##SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.3
SSLHonorCipherOrder on
SSLCompression off
WSGIPythonHome /home/path/to/venv
WSGIRestrictStdin Off
WSGIRestrictStdout Off
<VirtualHost ip:443>
ServerName app.com
ErrorLog /etc/httpd/logs/sshproxy-secure.error_log
CustomLog /etc/httpd/logs/sshproxy-secure.access_log ssl_combined
SSLEngine on
SSLCertificateFile /home/path/to/crt.crt
SSLCertificateKeyFile /home/path/to/some_key.key
SSLCACertificateFile /etc/pki/tls/main_ca.crt
SSLCACertificateFile /path/to/more/ca.crt
WSGIDaemonProcess sshproxy threads=20 processes=2 python-path=/home/path/to/venv/lib/python3.10/site-packages
#user=user1 group=group1 threads=5
#WSGIPythonPath /opt/sshproxy/lib/python2.7/site-packages
WSGIScriptAlias / /home/path/to/wsgi-script/sshproxy-webserver-wsgi.py
WSGIScriptReloading On
<Directory /home/path/to/app>
WSGIProcessGroup sshproxy
WSGIApplicationGroup %{GLOBAL}
Require all granted
</Directory>
#<Location />
# SSLRequireSSL
#Require ip 126.16.13.20 126.16.18.
#</Location>
SSLVerifyClient optional
SSLVerifyDepth 5
SSLOptions +StdEnvVars
</VirtualHost>
Error logs when I connect (I deleted some sensitive data, but I believe its not important part of logs):
[Mon Aug 29 08:36:54.406586 2022] [ssl:debug] [pid 17586:tid 140176105887488] ssl_engine_kernel.c(2330): [client 126.189.244.168:60496] AH02043: SSL virtual host for servername app.com found
[Mon Aug 29 08:36:54.406615 2022] [ssl:debug] [pid 17586:tid 140176105887488] ssl_engine_kernel.c(2330): [client 126.189.244.168:60496] AH02043: SSL virtual host for servername app.com found
[Mon Aug 29 08:36:54.406629 2022] [core:debug] [pid 17586:tid 140176105887488] protocol.c(2314): [client 126.189.244.168:60496] AH03155: select protocol from , choices=h2,http/1.1 for server app.com
[Mon Aug 29 08:36:59.631867 2022] [ssl:debug] [pid 17586:tid 140176105887488] ssl_engine_kernel.c(1751): [client 126.189.244.168:60496] AH02275: Certificate Verification, depth 2, CRL checking mode: none (0) [subject:
[Mon Aug 29 08:36:59.632161 2022] [ssl:debug] [pid 17586:tid 140176105887488] ssl_engine_kernel.c(1751): [client 126.189.244.168:60496] AH02275: Certificate Verification, depth 1, CRL checking mode: none (0) [subject:
[Mon Aug 29 08:36:59.632380 2022] [ssl:debug] [pid 17586:tid 140176105887488] ssl_engine_kernel.c(1751): [client 126.189.244.168:60496] AH02275: Certificate Verification, depth 0, CRL checking mode: none (0) [subject:
[Mon Aug 29 08:36:59.632679 2022] [ssl:debug] [pid 17586:tid 140176105887488] ssl_engine_kernel.c(2246): [client 126.189.244.168:60496] AH02041: Protocol: TLSv1.3, Cipher: TLS_AES_128_GCM_SHA256 (128/128 bits)
[Mon Aug 29 08:36:59.633566 2022] [ssl:debug] [pid 17586:tid 140176105887488] ssl_engine_kernel.c(383): [client 126.189.244.168:60496] AH02034: Initial (No.1) HTTPS request received for child 204 (server domain:443)
[Mon Aug 29 08:36:59.633893 2022] [authz_core:debug] [pid 17586:tid 140176105887488] mod_authz_core.c(820): [client 126.189.244.168:60496] AH01626: authorization result of Require all granted: granted
[Mon Aug 29 08:36:59.633925 2022] [authz_core:debug] [pid 17586:tid 140176105887488] mod_authz_core.c(820): [client 126.189.244.168:60496] AH01626: authorization result of <RequireAny>: granted
Error logs when they connect:
[Tue Aug 30 11:01:41.293387 2022] [ssl:debug] [pid 24609:tid 140421665646336] ssl_engine_kernel.c(2330): [client 126.189.44.235:57122] AH02043: SSL virtual host for app.com
[Tue Aug 30 11:01:41.293496 2022] [ssl:debug] [pid 24609:tid 140421665646336] ssl_engine_kernel.c(2330): [client 126.189.44.235:57122] AH02043: SSL virtual host for app.com
[Tue Aug 30 11:01:41.293519 2022] [core:debug] [pid 24609:tid 140421665646336] protocol.c(2314): [client 126.189.44.235:57122] AH03155: select protocol from , choices=h2,http/1.1 for server
[Tue Aug 30 11:01:41.476727 2022] [ssl:debug] [pid 24609:tid 140421665646336] ssl_engine_kernel.c(1751): [client 126.189.44.235:57122] AH02275: Certificate Verification, depth 0, CRL checking m
[Tue Aug 30 11:01:41.476860 2022] [ssl:info] [pid 24609:tid 140421665646336] [client 126.189.44.235:57122] AH02276: Certificate Verification: Error (66): EE certificate key too weak [subject: e
[Tue Aug 30 11:01:41.476988 2022] [ssl:info] [pid 24609:tid 140421665646336] [client 126.189.44.235:57122] AH02008: SSL library error 1 in handshake (server domain:443)
[Tue Aug 30 11:01:41.477100 2022] [ssl:info] [pid 24609:tid 140421665646336] SSL Library Error: error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed
[Tue Aug 30 11:01:41.477120 2022] [ssl:info] [pid 24609:tid 140421665646336] [client 126.189.44.235:57122] AH01998: Connection closed to child 194 with abortive shutdown (server napupp19.corpne
[Tue Aug 30 11:01:44.545107 2022] [ssl:info] [pid 24609:tid 140421573326592] [client 126.189.44.235:57125] AH01964: Connection to child 205 established (server domain:443)
[Tue Aug 30 11:01:44.545572 2022] [socache_shmcb:debug] [pid 24609:tid 140421573326592] mod_socache_shmcb.c(532): AH00835: socache_shmcb_retrieve (0xea -> subcache 10)
[Tue Aug 30 11:01:44.545621 2022] [socache_shmcb:debug] [pid 24609:tid 140421573326592] mod_socache_shmcb.c(917): AH00851: shmcb_subcache_retrieve found no match
[Tue Aug 30 11:01:44.545634 2022] [socache_shmcb:debug] [pid 24609:tid 140421573326592] mod_socache_shmcb.c(542): AH00836: leaving socache_shmcb_retrieve successfully
I don't know what's the reason why their cert is checked starting at depth 0, while mine is from depth 2?
Changing cipher string = default#seclevel=2 to cipher string = default#seclevel=1 in openssl.cnf file has resolved problem. Nonetheless I don't know why my cert was passed while others didn't. We all have standardized token with cert, so they all should have similar sec level.
I am trying to migrate from Apache 2.2 on Debian 7 to Apache 2.4 on CentOS 7.
There is a file named "envvars" on Debian 7 as below which has to exist on CentOS 7 as far as I know.
# envvars - default environment variables for apache2ctl
# this won't be correct after changing uid
unset HOME
# for supporting multiple apache2 instances
if [ "${APACHE_CONFDIR##/etc/apache2-}" != "${APACHE_CONFDIR}" ] ; then
SUFFIX="-${APACHE_CONFDIR##/etc/apache2-}"
else
SUFFIX=
fi
# Since there is no sane way to get the parsed apache2 config in scripts, some
# settings are defined via environment variables and then used in apache2ctl,
# /etc/init.d/apache2, /etc/logrotate.d/apache2, etc.
export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data
export APACHE_PID_FILE=/var/run/apache2$SUFFIX.pid
export APACHE_RUN_DIR=/var/run/apache2$SUFFIX
export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX
# Only /var/log/apache2 is handled by /etc/logrotate.d/apache2.
export APACHE_LOG_DIR=/var/log/apache2$SUFFIX
I created the same file under conf where httpd.conf located but it did not work and also add the contents to /etc/sysconfig/httpd but an error stops running the apache server as below.
Jun 17 17:48:35 ww-test httpd[5707]: [Wed Jun 17 17:48:35.473658 2020] [core:warn] [pid 5707] AH00111: Config variable ${APACHE_PID_FILE} is not defined
Jun 17 17:48:35 ww-test httpd[5707]: [Wed Jun 17 17:48:35.473857 2020] [core:warn] [pid 5707] AH00111: Config variable ${APACHE_RUN_USER} is not defined
Jun 17 17:48:35 ww-test httpd[5707]: [Wed Jun 17 17:48:35.473864 2020] [core:warn] [pid 5707] AH00111: Config variable ${APACHE_RUN_GROUP} is not defined
Jun 17 17:48:35 ww-test httpd[5707]: [Wed Jun 17 17:48:35.473885 2020] [core:warn] [pid 5707] AH00111: Config variable ${APACHE_LOG_DIR} is not defined
Jun 17 17:48:35 ww-test httpd[5707]: [Wed Jun 17 17:48:35.495541 2020] [core:warn] [pid 5707] AH00111: Config variable ${APACHE_LOG_DIR} is not defined
Jun 17 17:48:35 ww-test httpd[5707]: AH00543: httpd: bad user name ${APACHE_RUN_USER}
Jun 17 17:48:35 ww-test systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Jun 17 17:48:35 ww-test systemd[1]: Ignoring invalid environment assignment 'export APACHE_RUN_USER=apache': /etc/sysconfig/httpd
Jun 17 17:48:35 ww-test systemd[1]: Ignoring invalid environment assignment 'export APACHE_RUN_GROUP=apache': /etc/sysconfig/httpd
Jun 17 17:48:35 ww-test systemd[1]: Ignoring invalid environment assignment 'export APACHE_PID_FILE=/var/run/httpd$SUFFIX.pid': /etc/sysconfig/httpd
Jun 17 17:48:35 ww-test systemd[1]: Ignoring invalid environment assignment 'export APACHE_RUN_DIR=/var/run/httpd$SUFFIX': /etc/sysconfig/httpd
Jun 17 17:48:35 ww-test systemd[1]: Ignoring invalid environment assignment 'export APACHE_LOCK_DIR=/var/lock/httpd$SUFFIX': /etc/sysconfig/httpd
Jun 17 17:48:35 ww-test systemd[1]: Ignoring invalid environment assignment 'export APACHE_LOG_DIR=/var/log/httpd$SUFFIX': /etc/sysconfig/httpd
Jun 17 17:48:35 ww-test kill[5708]: kill: cannot find process ""
Jun 17 17:48:35 ww-test systemd[1]: httpd.service: control process exited, code=exited status=1
Jun 17 17:48:35 ww-test systemd[1]: Failed to start The Apache HTTP Server.
I tried source envvars to test if the environemts work but it did not.
Is there any way that I can add the environment variables so that it applies to whenever I start Apache?
Thanks!
Within httpd.conf, declare your variable(s) with: Define (Preferably at the very first line)
Define APACHE_RUN_USER Apache
You can later use this variable like so:
User ${APACHE_RUN_USER}
Refer link for more information.
I have created a web application and configured the tomcat container to authenticate users using tomcat memory realms . But its not working. Below are my configuration files
Web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>MyFirst</web-resource-name>
<description> accessible by authenticated users of the tomcat role</description>
<url-pattern>/eMedicalBookingServer/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<description>These roles are allowed access</description>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>MyFirst Protected Area</realm-name>
<!--
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/autherr.html</form-error-page>
</form-login-config>
-->
</login-config>
<security-role>
<description>Only 'tomcat' role is allowed to access this web application</description>
<role-name>admin</role-name>
</security-role>
server.xml
<Realm className="org.apache.catalina.realm.MemoryRealm" />
tomcat-users.xml
<tomcat-users>
<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="admin"/>
<role rolename="superuser"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="role1" password="tomcat" roles="role1"/>
<user username="ars" password="pass" roles="superuser"/>
<user username="ad1" password="pass" roles="admin"/>
</tomcat-users>
The below is the console output after starting the tomcat
Jul 21, 2014 6:20:53 PM org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path:
.:/Library/Java/Extensions:/System/Library/Java/Extensions:/usr/lib/java
Jul 21, 2014 6:20:53 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
WARNING: [SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting property 'source' to 'org.eclipse.jst.jee.server:eMedicalBookingServer' did not find a matching property.
Jul 21, 2014 6:20:54 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-8080"]
Jul 21, 2014 6:20:54 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-nio-8443"]
Jul 21, 2014 6:20:54 PM org.apache.tomcat.util.net.NioSelectorPool getSharedSelector
INFO: Using a shared selector for servlet write/read
Jul 21, 2014 6:20:54 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 2095 ms
Jul 21, 2014 6:20:54 PM org.apache.catalina.core.StandardService startInternal
INFO: Starting service Catalina
Jul 21, 2014 6:20:54 PM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.54
Jul 21, 2014 6:20:55 PM org.apache.tomcat.websocket.server.WsSci onStartup
INFO: JSR 356 WebSocket (Java WebSocket 1.0) support is not available when running on Java 6. To suppress this message, run Tomcat on Java 7, remove the WebSocket JARs from $CATALINA_HOME/lib or add the WebSocket JARs to the tomcat.util.scan.DefaultJarScanner.jarsToSkip property in $CATALINA_BASE/conf/catalina.properties. Note that the deprecated Tomcat 7 WebSocket API will be available.
Jul 21, 2014 6:20:57 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8080"]
Jul 21, 2014 6:20:57 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-nio-8443"]
Jul 21, 2014 6:20:57 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 2513 ms
Please could you check whats wrong in this configuration. When I open the below link
http://localhost:8080/eMedicalBookingServer/index.html
its not prompting for the user credentials.
I red a lot of tuttorials, but all lead me to the same error - Error 500 - Either the server is overloaded or there was an error in a CGI script.
I'm using xampp on Windows and cofigured httpd.conf like this
<Directory />
Options FollowSymLinks
AllowOverride All
Order deny,allow
Allow from all
</Directory>
changed in yii main.php
'urlManager'=>array(
'urlFormat'=>'path',
'showScriptName'=>false,
'caseSensitive'=>false,
'rules'=>array(
'' => 'site/index',
'<controller:\w+>/<id:\d+>'=>'<controller>/view',
'<controller:\w+>/<action:\w+>/<id:\d+>'=>'<controller>/<action>',
'<controller:\w+>/<action:\w+>'=>'<controller>/<action>',
),
),
and added .htaccess in root folder (the same level where protected folder)
Options +FollowSymLinks
IndexIgnore */*
RewriteEngine on
RewriteBase /tests/
# if a directory or a file exists, use it directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# otherwise forward it to index.php
RewriteRule . index.php
But no matter what I write in .htaccess, I get this error. When I commented all out, links from yii are generated ok (without index.php), but then I have 404 error, because of wrong server configuration.
EDIT:
And error.log last few records:
[Wed Nov 27 11:32:31.100063 2013] [core:alert] [pid 9520:tid 1572] [client ::1:58620] C:/Users/kristineg/xamps/htdocs/xampp/tests/.htaccess: Options not allowed here
[Wed Nov 27 11:32:31.372163 2013] [core:alert] [pid 9520:tid 1572] [client ::1:58621] C:/Users/kristineg/xamps/htdocs/xampp/tests/.htaccess: Options not allowed here
[Wed Nov 27 11:32:34.674379 2013] [core:alert] [pid 9520:tid 1572] [client ::1:58622] C:/Users/kristineg/xamps/htdocs/xampp/tests/.htaccess: Options not allowed here
[Wed Nov 27 11:32:36.587084 2013] [core:alert] [pid 9520:tid 1572] [client ::1:58623] C:/Users/kristineg/xamps/htdocs/xampp/tests/.htaccess: Options not allowed here
[Wed Nov 27 11:32:54.899832 2013] [core:alert] [pid 9520:tid 1572] [client ::1:58624] C:/Users/kristineg/xamps/htdocs/xampp/tests/.htaccess: Options not allowed here
[Wed Nov 27 11:54:14.056192 2013] [core:alert] [pid 9520:tid 1572] [client ::1:59297] C:/Users/kristineg/xamps/htdocs/xampp/tests/.htaccess: Options not allowed here
[Wed Nov 27 11:54:14.687425 2013] [core:alert] [pid 9520:tid 1572] [client ::1:59298] C:/Users/kristineg/xamps/htdocs/xampp/tests/.htaccess: Options not allowed here
[Wed Nov 27 15:53:27.459885 2013] [ssl:warn] [pid 11320:tid 308] AH01909: RSA certificate configured for www.example.com:443 does NOT include an ID which matches the server name
[Wed Nov 27 15:53:27.525911 2013] [core:warn] [pid 11320:tid 308] AH00098: pid file C:/Users/kristineg/xamps/apache/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run?
[Wed Nov 27 15:53:27.588934 2013] [ssl:warn] [pid 11320:tid 308] AH01909: RSA certificate configured for www.example.com:443 does NOT include an ID which matches the server name
[Wed Nov 27 15:53:27.625947 2013] [mpm_winnt:notice] [pid 11320:tid 308] AH00455: Apache/2.4.4 (Win32) OpenSSL/1.0.1e PHP/5.5.1 configured -- resuming normal operations
[Wed Nov 27 15:53:27.625947 2013] [mpm_winnt:notice] [pid 11320:tid 308] AH00456: Server built: Feb 23 2013 12:42:00
[Wed Nov 27 15:53:27.625947 2013] [core:notice] [pid 11320:tid 308] AH00094: Command line: 'c:\users\kristineg\xamps\apache\bin\httpd.exe -d C:/Users/kristineg/xamps/apache'
[Wed Nov 27 15:53:27.627948 2013] [mpm_winnt:notice] [pid 11320:tid 308] AH00418: Parent: Created child process 4472
[Wed Nov 27 15:53:27.998083 2013] [ssl:warn] [pid 4472:tid 336] AH01909: RSA certificate configured for www.example.com:443 does NOT include an ID which matches the server name
[Wed Nov 27 15:53:28.143138 2013] [ssl:warn] [pid 4472:tid 336] AH01909: RSA certificate configured for www.example.com:443 does NOT include an ID which matches the server name
[Wed Nov 27 15:53:28.186154 2013] [mpm_winnt:notice] [pid 4472:tid 336] AH00354: Child: Starting 150 worker threads.
[Wed Nov 27 15:53:38.827074 2013] [core:alert] [pid 4472:tid 1640] [client ::1:61797] C:/Users/kristineg/xamps/htdocs/xampp/tests/.htaccess: Options not allowed here
[Wed Nov 27 15:53:39.614364 2013] [core:alert] [pid 4472:tid 1652] [client ::1:61796] C:/Users/kristineg/xamps/htdocs/xampp/tests/.htaccess: Options not allowed here
[Wed Nov 27 15:53:39.958491 2013] [core:alert] [pid 4472:tid 1640] [client ::1:61798] C:/Users/kristineg/xamps/htdocs/xampp/tests/.htaccess: Options not allowed here
[Wed Nov 27 15:53:40.295616 2013] [core:alert] [pid 4472:tid 1652] [client ::1:61799] C:/Users/kristineg/xamps/htdocs/xampp/tests/.htaccess: Options not allowed here
[Wed Nov 27 16:32:32.894114 2013] [core:alert] [pid 4472:tid 1640] [client ::1:62407] C:/Users/kristineg/xamps/htdocs/xampp/tests/.htaccess: Options not allowed here
I think you don't have the mode_rewrite module loaded in your server's main config. For starters, modify your .htaccess so it looks like this:
IndexIgnore */*
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteBase /tests/
# if a directory or a file exists, use it directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# otherwise forward it to index.php
RewriteRule . index.php
</IfModule>
If things change for the better (i.e. no 500-errors), see your main httpd.conf and look for a line that starts like this:
#LoadModule rewrite_module ...
Uncomment that line by removing the leading # and restart the server process.
As for the "Options not allowed here" error, see this answer.
I want to restrict direct access to a specific directory (and all the files inside) on my local server.
The directory is: C:/Server/www/project/html/
I've tried the following code (.htaccess is placed in www directory - /project/html/ doesn't work too):
<Directory "C:/Server/www/project/html/">
AllowOverride all
Order Deny,Allow
Deny from all
</Directory>
However, it causes 500 Internal Server Error and I can't understand why.
Apache error log:
[Fri Aug 05 16:06:01 2011] [alert] [client 127.0.0.1] C:/Server/www/.htaccess: <Directory not allowed here, referer: http://localhost/project/index.php?id=8
[Fri Aug 05 16:06:01 2011] [alert] [client 127.0.0.1] C:/Server/www/.htaccess: <Directory not allowed here, referer: http://localhost/project/index.php?id=8
[Fri Aug 05 16:06:01 2011] [alert] [client 127.0.0.1] C:/Server/www/.htaccess: <Directory not allowed here, referer: http://localhost/project/index.php?id=8
[Fri Aug 05 16:06:01 2011] [alert] [client 127.0.0.1] C:/Server/www/.htaccess: <Directory not allowed here, referer: http://localhost/project/index.php?id=8
[Fri Aug 05 16:06:01 2011] [alert] [client 127.0.0.1] C:/Server/www/.htaccess: <Directory not allowed here, referer: http://localhost/project/index.php?id=8
[Fri Aug 05 16:06:02 2011] [alert] [client 127.0.0.1] C:/Server/www/.htaccess: <Directory not allowed here, referer: http://localhost/project/index.php?id=8
[Fri Aug 05 16:54:12 2011] [alert] [client 127.0.0.1] C:/Server/www/.htaccess: <Directory not allowed here, referer: http://localhost/project/index.php?id=8
[Fri Aug 05 16:54:12 2011] [alert] [client 127.0.0.1] C:/Server/www/.htaccess: <Directory not allowed here
[Fri Aug 05 17:05:06 2011] [alert] [client 127.0.0.1] C:/Server/www/.htaccess: <Directory not allowed here, referer: http://localhost/project/index.php?id=8
Check Apache error log for exact error description.
In any case -- the reason for this error is simple: <Directory> directive CANNOT be placed in .htaccess file -- only server config or virtual host.
http://httpd.apache.org/docs/current/mod/core.html#directory
for me it required enable headers module to apache