Search Results

Search found 6441 results on 258 pages for 'mod proxy fcgi'.

Page 76/258 | < Previous Page | 72 73 74 75 76 77 78 79 80 81 82 83  | Next Page >

• Apache: set aside specific number of servers for a single "high priority" script

  - by Disco

  I have a bunch of scripts, but some of them are higher priority than others: /var/www/normal-priority/script1.pl /var/www/normal-priority/script2.pl /var/www/normal-priority/script3.pl and /var/www/high-priority/script1.pl /var/www/high-priority/script2.pl /var/www/high-priority/script3.pl All running under mod-perl. They reside in separate directories. From time to time, the normal-priority scripts get very busy, and the httpd servers "swamp out" the less frequently called high priority ones. Is it possible to set aside n httpd servers so that they only listen for the "high priority" scripts?

  Read the article

• Adding fields to a proxied class in Clojure

  - by mikera

  I'm using "proxy" to extend various Swing classes in a Clojure GUI application, generally with code that looks something like: (def ^JPanel mypanel (proxy [JPanel] [] (paintComponent [#^Graphics g] (.drawImage g background-image 0 0 nil)))) This works well but I can't figure out how to add additional fields to the newly extended class, for example making the background-image a field that could be subsequently updated. This would be pretty easy and common practice in Java. Is there a good way to do this in Clojure? Or is there another preferred method to achieve the same effect?

  Read the article

• Making dynamic images have static filenames

  - by michaeltk

  My website currently has various links to a php script that generates the images dynamically. For example, the link may say "img source="/dynamic_images.php?type=pie-chart&color=red" Obviously, this is not great for SEO. I'd like to somehow make the filenames of these links appear to be static, and use a solution (like Mod-Rewrite) to ensure that the images can still be dynamically created. I suppose I could have something like "img src="average-profits-in-scuba-diving-industry.png?type=pie-chart&color=red" (and use Mod-Rewrite to take care of changing the filename prefix to dynamic_images.php), but I'm afraid that the search engines would shy away from the querystring on the end of the image filename. Any solutions? Thanks in advance.

  Read the article

• Can mod_rewrite Conditions/Rules be executed in random order?

  - by Tom

  I have some mod rewrite rules that test for the presence of a file on various NFS mounts and I would like that the tests occur randomly, as a very rudimentary way to distribute load. For example: RewriteEngine on RewriteCond %{REQUEST_URI} ^/(.+)$ RewriteCond /mnt/mount1/%1 -f RewriteRule ^/(.+)$ /mnt/mount1/$1 [L] RewriteCond %{REQUEST_URI} ^/(.+)$ RewriteCond /mnt/mount2/%1 -f RewriteRule ^/(.+)$ /mount2/$1 [L] RewriteCond %{REQUEST_URI} ^/(.+)$ RewriteCond /mnt/mount3/%1 -f RewriteRule ^/(.+)$ /mnt/mount3/$1 [L] RewriteCond %{REQUEST_URI} ^/(.+)$ RewriteCond /mnt/mount4/%1 -f RewriteRule ^/(.+)$ /mnt/mount4/$1 [L] As far as I understand mod_rewrite Apache will look for the file on /mnt/mount1, then mount2, mount3 and so on. Can I randomize this on each request? I understand this is an odd request but I need a creative solution to some unforeseen downtime. On a side note, do I need to redeclare RewriteCond %{REQUEST_URI} ^/(.+)$ each time like I have done? Thanks

  Read the article

• Trouble with mod_rewrite and PHP Extensions - Help Making the Correct .htaccess File

  - by nicorellius

  I'm looking for a set of simple rules and redirects for my site. I've tried so many combinations that I'm starting to get confused. I'm not sure how to set this up. Generally, without mod-rewrite, I would use relative paths to link to files: <a href="link.php">Link</a> if it's in the same directory. Now I'd like to use this: <a href="link">Link</a> And so if you go to this page: localhost/mysite/link it will take you to the correct place, which would be: localhost/mysite/link.php But also, many directory levels deep I would like it to work as well: localhost/mysite/group/link2 would go to: localhost/mysite/group/link2.php and: localhost/mysite/group/section/link3 would go to: localhost/mysite/group/section/link3.php But then in all these cases, if someone were to type in this: localhost/mysite/group/section/link3.php in the URL bar, it would show this: localhost/mysite/group/section/link3 Thanks

  Read the article

• HAProxy: Display a "BADREQ" | BADREQ's by the thousands

  - by GruffTech

  My HAProxy Configuration. #HA-Proxy version 1.3.22 2009/10/14 Copyright 2000-2009 Willy Tarreau <[email protected]> global maxconn 10000 spread-checks 50 user haproxy group haproxy daemon stats socket /tmp/haproxy log localhost local0 log localhost local1 notice defaults mode http maxconn 50000 timeout client 10000 option forwardfor except 127.0.0.1 option httpclose option httplog listen dcaustin 0.0.0.0:80 mode http timeout connect 12000 timeout server 60000 timeout queue 120000 balance roundrobin option httpchk GET /index.html log global option httplog option dontlog-normal server web1 10.10.10.101:80 maxconn 300 check fall 1 server web2 10.10.10.102:80 maxconn 300 check fall 1 server web3 10.10.10.103:80 maxconn 300 check fall 1 server web4 10.10.10.104:80 maxconn 300 check fall 1 listen stats 0.0.0.0:9000 mode http balance log global timeout client 5000 timeout connect 4000 timeout server 30000 stats uri /haproxy HAProxy is running, and the socket is working... adam@dcaustin:/etc/haproxy# echo "show info" | socat stdio /tmp/haproxy Name: HAProxy Version: 1.3.22 Release_date: 2009/10/14 Nbproc: 1 Process_num: 1 Pid: 6320 Uptime: 0d 0h14m58s Uptime_sec: 898 Memmax_MB: 0 Ulimit-n: 20017 Maxsock: 20017 Maxconn: 10000 Maxpipes: 0 CurrConns: 47 PipesUsed: 0 PipesFree: 0 Tasks: 51 Run_queue: 1 node: dcaustin desiption: Errors show nothing from socket... adam@dcaustin:/etc/haproxy# echo "show errors" | socat stdio /tmp/haproxy adam@dcaustin:/etc/haproxy# However... My Error log is exploding with "badrequests" with the Error code cR. cR (according to 1.3 documentation) is The "timeout http-request" stroke before the client sent a full HTTP request. This is sometimes caused by too large TCP MSS values on the client side for PPPoE networks which cannot transport full-sized packets, or by clients sending requests by hand and not typing fast enough, or forgetting to enter the empty line at the end of the request. The HTTP status code is likely a 408 here. Correct on the 408, but we're getting literally thousands of these requests every hour. (This log snippet is an clip for about 10 seconds of time...) Jun 30 11:08:52 localhost haproxy[6320]: 92.22.213.32:26448 [30/Jun/2011:11:08:42.384] dcaustin dcaustin/<NOSRV> -1/-1/-1/-1/10002 408 212 - - cR-- 35/35/18/0/0 0/0 "<BADREQ>" Jun 30 11:08:54 localhost haproxy[6320]: 71.62.130.24:62818 [30/Jun/2011:11:08:44.457] dcaustin dcaustin/<NOSRV> -1/-1/-1/-1/10001 408 212 - - cR-- 39/39/16/0/0 0/0 "<BADREQ>" Jun 30 11:08:55 localhost haproxy[6320]: 84.73.75.236:3589 [30/Jun/2011:11:08:45.021] dcaustin dcaustin/<NOSRV> -1/-1/-1/-1/10008 408 212 - - cR-- 35/35/15/0/0 0/0 "<BADREQ>" Jun 30 11:08:55 localhost haproxy[6320]: 69.39.20.190:49969 [30/Jun/2011:11:08:45.709] dcaustin dcaustin/<NOSRV> -1/-1/-1/-1/10000 408 212 - - cR-- 37/37/16/0/0 0/0 "<BADREQ>" Jun 30 11:08:56 localhost haproxy[6320]: 2.29.0.9:58772 [30/Jun/2011:11:08:46.846] dcaustin dcaustin/<NOSRV> -1/-1/-1/-1/10001 408 212 - - cR-- 43/43/22/0/0 0/0 "<BADREQ>" Jun 30 11:08:57 localhost haproxy[6320]: 212.139.250.242:57537 [30/Jun/2011:11:08:47.568] dcaustin dcaustin/<NOSRV> -1/-1/-1/-1/10000 408 212 - - cR-- 42/42/21/0/0 0/0 "<BADREQ>" Jun 30 11:08:58 localhost haproxy[6320]: 74.79.195.75:55046 [30/Jun/2011:11:08:48.559] dcaustin dcaustin/<NOSRV> -1/-1/-1/-1/10000 408 212 - - cR-- 46/46/24/0/0 0/0 "<BADREQ>" Jun 30 11:08:58 localhost haproxy[6320]: 74.79.195.75:55044 [30/Jun/2011:11:08:48.554] dcaustin dcaustin/<NOSRV> -1/-1/-1/-1/10004 408 212 - - cR-- 45/45/24/0/0 0/0 "<BADREQ>" Jun 30 11:08:58 localhost haproxy[6320]: 74.79.195.75:55045 [30/Jun/2011:11:08:48.554] dcaustin dcaustin/<NOSRV> -1/-1/-1/-1/10005 408 212 - - cR-- 44/44/24/0/0 0/0 "<BADREQ>" Jun 30 11:09:00 localhost haproxy[6320]: 68.197.56.2:52781 [30/Jun/2011:11:08:50.975] dcaustin dcaustin/<NOSRV> -1/-1/-1/-1/10000 408 212 - - cR-- 49/49/28/0/0 0/0 "<BADREQ>" From what I read on google, if i wanted to see what the bad requests are, I can show errors to the socket and it will spit them out. We do run a pretty heavily trafficed website and the percentage of "BADREQS" to normal requests is quite low, but I'd like to be able to get ahold of what that request WAS so I can debug it. stats # pxname,svname,qcur,qmax,scur,smax,slim,stot,bin,bout,dreq,dresp,ereq,econ,eresp,wretr,wredis,status,weight,act,bck,chkfail,chkdown,lastchg,downtime,qlimit,pid,iid,sid,throttle,lbtot,tracked,type,rate,rate_lim,rate_max, dcaustin,FRONTEND,,,64,120,50000,88433,105889100,2553809875,0,0,4641,,,,,OPEN,,,,,,,,,1,1,0,,,,0,45,0,128, dcaustin,web1,0,0,10,28,300,20941,25402112,633143416,,0,,0,3,0,0,UP,1,1,0,0,0,2208,0,,1,1,1,,20941,,2,11,,30, dcaustin,web2,0,0,9,30,300,20941,25026691,641475169,,0,,0,3,0,0,UP,1,1,0,0,0,2208,0,,1,1,2,,20941,,2,11,,30, dcaustin,web3,0,0,10,27,300,20940,30116527,635015040,,0,,0,9,0,0,UP,1,1,0,0,0,2208,0,,1,1,3,,20940,,2,10,,31, dcaustin,web4,0,0,5,28,300,20940,25343770,643209546,,0,,0,8,0,0,UP,1,1,0,0,0,2208,0,,1,1,4,,20940,,2,11,,31, dcaustin,BACKEND,0,0,34,95,50000,83762,105889100,2553809875,0,0,,0,34,0,0,UP,4,4,0,,0,2208,0,,1,1,0,,83762,,1,43,,122, 88500 "Sessions" and 4500 errors. in the last 20 minutes.

  Read the article

• Nginx + Haproxy + Thin + Rails - 503 Service Unavailable -

  - by Luca G. Soave

  I don't know how troubleshoot this. I get "503 Service Unavailable" http error for all "nginx upstreams" proxy passing calls to haproxy fast_thin and slow_thin ( server 127.0.0.1:3100 and server 127.0.0.1:3200 ), which loadbalance on 6 Thin servers ( 127.0.0.1:3000 .. 3005 ). Static files like /blog are currently fine. The falldown is: nginx on port 80 - haproxy on 3100 and 3200 - thin on 3000 .. 3005 and then Rails. Here it is /etc/nginx/nginx.conf : user nginx; worker_processes 2; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; sendfile on; tcp_nopush on; keepalive_timeout 65; tcp_nodelay on; include /etc/nginx/conf.d/*.conf; } then /etc/nginx/conf.d/default.conf upstream fast_thin { server 127.0.0.1:3100; } upstream slow_thin { server 127.0.0.1:3200; } server { listen 80; server_name www.gitwatcher.com; rewrite ^/(.*) http://gitwatcher.com/$1 permanent; } server { listen 80; server_name gitwatcher.com; access_log /var/www/gitwatcher/log/access.log; error_log /var/www/gitwatcher/log/error.log; root /var/www/gitwatcher/public; # index index.html; location /about { proxy_pass http://fast_thin; break; } location /trends { proxy_pass http://slow_thin; break; } location /categories { proxy_pass http://slow_thin; break; } location /signout { proxy_pass http://slow_thin; break; } location /auth/github { proxy_pass http://slow_thin; break; } location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_redirect off; if (-f $request_filename/index.html) { rewrite (.*) $1/index.html break; } if (-f $request_filename.html) { rewrite (.*) $1.html break; } if (!-f $request_filename) { proxy_pass http://slow_thin; break; } } } then haproxy config file /etc/haproxy/haproxy.cfg : global log 127.0.0.1 local0 log 127.0.0.1 local1 notice #log loghost local0 info maxconn 4096 #chroot /usr/share/haproxy user haproxy group haproxy daemon #debug #quiet nbproc 1 # number of processing cores defaults log global retries 3 maxconn 2000 contimeout 5000 mode http clitimeout 60000 # maximum inactivity time on the client side srvtimeout 30000 # maximum inactivity time on the server side timeout connect 4000 # maximum time to wait for a connection attempt to a server to succeed option httplog option dontlognull option redispatch option httpclose # disable keepalive (HAProxy does not yet support the HTTP keep-alive mode) option abortonclose # enable early dropping of aborted requests from pending queue option httpchk # enable HTTP protocol to check on servers health option forwardfor # enable insert of X-Forwarded-For headers balance roundrobin # each server is used in turns, according to assigned weight stats enable # enable web-stats at /haproxy?stats stats auth haproxy:pr0xystats # force HTTP Auth to view stats stats refresh 5s # refresh rate of stats page listen rails_proxy 127.0.0.1:3100 # - equal weights on all servers # - maxconn will queue requests at HAProxy if limit is reached # - minconn dynamically scales the connection concurrency (bound my maxconn) depending on size of HAProxy queue # - check health every 20000 microseconds server web1 127.0.0.1:3000 weight 1 minconn 3 maxconn 6 check inter 20000 server web1 127.0.0.1:3001 weight 1 minconn 3 maxconn 6 check inter 20000 server web1 127.0.0.1:3002 weight 1 minconn 3 maxconn 6 check inter 20000 listen slow_proxy 127.0.0.1:3200 # cluster for slow requests, lower the queues, check less frequently server slow1 127.0.0.1:3003 weight 1 minconn 1 maxconn 3 check inter 40000 server slow2 127.0.0.1:3004 weight 1 minconn 1 maxconn 3 check inter 40000 server slow3 127.0.0.1:3005 weight 1 minconn 1 maxconn 3 check inter 40000 and the Thin config file /etc/thin/gitwatcher.yml : --- chdir: /var/www/gitwatcher environment: production address: 0.0.0.0 port: 3000 timeout: 30 log: log/thin.log pid: tmp/pids/thin.pid max_conns: 1024 max_persistent_conns: 100 require: [] wait: 30 servers: 6 daemonize: true if I look into open listen ports, I got the following : root@fullness:/var/www/gitwatcher# lsof | grep TCP | egrep "nginx|haproxy|thin" nginx 834 root 8u IPv4 921 0t0 TCP *:http (LISTEN) nginx 835 nginx 8u IPv4 921 0t0 TCP *:http (LISTEN) nginx 837 nginx 8u IPv4 921 0t0 TCP *:http (LISTEN) haproxy 1908 haproxy 4u IPv4 11699 0t0 TCP localhost:3100 (LISTEN) haproxy 1908 haproxy 6u IPv4 11701 0t0 TCP localhost:3200 (LISTEN) root@fullness:/var/www/gitwatcher# iptables -L get me the following : Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:22222 ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT all -- anywhere anywhere DROP all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere Any help ?

  Read the article

• OpenSSL Handshake Failure (14094410) - Erroneous Client Certificate Check from Mobile Phone

  - by Clayton Sims

  I'm running a proxy server through Apache with modssl, which we're using to proxy POSTs from mobile devices to another internal server. This works successfully for most clients, but requests from a specific phone model (Nokia 2690) are showing a bizarre handshake failure. It looks as though OpenSSL is either requesting (or attempting to read an unsolicited) client certificate from the phone (which is especially bizarre because j2me's kssl implementation doesn't support client certs). I've disabled client certificates with the SSLVerifyClient none directive in both the virtual host conf and the modssl conf. The trace from error.log on debug level is (details redacted): [client 41.220.207.10] Connection to child 0 established (server www.myserver.org:443) [info] Seeding PRNG with 656 bytes of entropy [debug] ssl_engine_kernel.c(1866): OpenSSL: Handshake: start [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: before/accept initialization [debug] ssl_engine_io.c(1882): OpenSSL: read 11/11 bytes from BIO#7fe3fbaf17a0 [mem: 7fe3fbaf90d0] (BIO dump follows) [debug] ssl_engine_io.c(1815): +-------------------------------------------------------------------------+ [debug] ssl_engine_io.c(1860): +-------------------------------------------------------------------------+ [debug] ssl_engine_io.c(1882): OpenSSL: read 49/49 bytes from BIO#7fe3fbaf17a0 [mem: 7fe3fbaf90db] (BIO dump follows) [debug] ssl_engine_io.c(1815): +-------------------------------------------------------------------------+ [debug] ssl_engine_io.c(1860): +-------------------------------------------------------------------------+ [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 read client hello A [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 write server hello A [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 write certificate A [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 write server done A [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 flush data [debug] ssl_engine_io.c(1882): OpenSSL: read 5/5 bytes from BIO#7fe3fbaf17a0 [mem: 7fe3fbaf90d0] (BIO dump follows) [debug] ssl_engine_io.c(1815): +-------------------------------------------------------------------------+ [debug] ssl_engine_io.c(1860): +-------------------------------------------------------------------------+ [debug] ssl_engine_io.c(1882): OpenSSL: read 2/2 bytes from BIO#7fe3fbaf17a0 [mem: 7fe3fbaf90d5] (BIO dump follows) [debug] ssl_engine_io.c(1815): +-------------------------------------------------------------------------+ [debug] ssl_engine_io.c(1860): +-------------------------------------------------------------------------+ [debug] ssl_engine_kernel.c(1879): OpenSSL: Read: SSLv3 read client certificate A [debug] ssl_engine_kernel.c(1898): OpenSSL: Exit: failed in SSLv3 read client certificate A [client 41.220.207.10] SSL library error 1 in handshake (server www.myserver.org:443) [info] SSL Library Error: 336151568 error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure [client 41.220.207.10] Connection closed to child 0 with abortive shutdown (server www.myserver.org:443) I've tried enabling all ciphers and all protocols temporarily with modssl, neither of which seemed to be the issue. The phone should be using RSA_RC4_128_MD5 and SSLv3, all of which are available. Am I missing something more fundamental about what's failing here? It seemed like the certificate request might have been part of a renegotiation failure. I tried enabling SSLInsecureRenegotiation On on the virtual host, in case it was an issue of the phone's SSL not supporting the new protocol, but to no avail. Currently running: Apache/2.2.16 (Ubuntu) mod_ssl/2.2.16 OpenSSL/0.9.8o Apache proxy_html/3.0.1

  Read the article

• Deploying Django App with Nginx, Apache, mod_wsgi

  - by JCWong

  I have a django app which can run locally using the standard development environment. I want to now move this to EC2 for production. The django documentation suggests running with apache and mod_wsgi, and using nginx for loading static files. I am running Ubuntu 12.04 on an Ec2 box. My Django app, "ddt", contains a subdirectory "apache" with ddt.wsgi import os, sys apache_configuration= os.path.dirname(__file__) project = os.path.dirname(apache_configuration) workspace = os.path.dirname(project) sys.path.append(workspace) sys.path.append('/usr/lib/python2.7/site-packages/django/') sys.path.append('/home/jeffrey/www/ddt/') os.environ['DJANGO_SETTINGS_MODULE'] = 'ddt.settings' import django.core.handlers.wsgi application = django.core.handlers.wsgi.WSGIHandler() I have mod_wsgi installed from apt. My apache/httpd.conf contains NameVirtualHost *:8080 WSGIScriptAlias / /home/jeffrey/www/ddt/apache/ddt.wsgi WSGIPythonPath /home/jeffrey/www/ddt <Directory /home/jeffrey/www/ddt/apache/> <Files ddt.wsgi> Order deny,allow Allow from all </Files> </Directory> Under apache2/sites-enabled <VirtualHost *:8080> ServerName www.mysite.com ServerAlias mysite.com <Directory /home/jeffrey/www/ddt/apache/> Order deny,allow Allow from all </Directory> LogLevel warn ErrorLog /home/jeffrey/www/ddt/logs/apache_error.log CustomLog /home/jeffrey/www/ddt/logs/apache_access.log combined WSGIDaemonProcess datadriventrading.com user=www-data group=www-data threads=25 WSGIProcessGroup datadriventrading.com WSGIScriptAlias / /home/jeffrey/www/ddt/apache/ddt.wsgi </VirtualHost> If I am correct, these 3 files above should correctly allow my django app to run on port 8080. I have the following nginx/proxy.conf file proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 10m; client_body_buffer_size 128k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; Under nginx/sites-enabled server { listen 80; server_name www.mysite.com mysite.com; access_log /home/jeffrey/www/ddt/logs/nginx_access.log; error_log /home/jeffrey/www/ddt/logs/nginx_error.log; location / { proxy_pass http://127.0.0.1:8080; include /etc/nginx/proxy.conf; } location /media/ { root /home/jeffrey/www/ddt/; } } If I am correct these two files should setup nginx to take requests on the HTTP port 80, but then direct requests to apache which is running the django app on port 8080. If i go to mysite.com, all I see is Welcome to Nginx! Any advice for how to debug this?

  Read the article

• Apache certificates for some urls not working

  - by Vegaasen

  We are having a rather strange problem with a Apache-installation. Here is a short summary: Currently I'm setting up Apache with https, and server-certificates. This is fairly easy and works straight out of the box - as expected. This is the configuration for this setup: Listen 443 SSLEngine on SSLCertificateFile "/progs/apache/ssl/example-site.no.pem" SSLCertificateKeyFile "/progs/apache/ssl/example-site.no.key" SSLCACertificateFile "/progs/apache/ssl/ca/example_root.pem" SSLCADNRequestFile "/progs/apache/ssl/ca/example_intermediate.pem" SSLVerifyClient none SSLVerifyDepth 3 SSLOptions +StdEnvVars +ExportCertData RequestHeader set ssl-ClientCert-Subject-CN "%{SSL_CLIENT_S_DN}s" RewriteEngine On ProxyPreserveHost On ProxyRequests On SSLProxyEngine On ... <LocationMatch /secureStuff/$> SSLVerifyClient require Order deny,allow Allow from All </LocationMatch> ... <Proxy balancer://exBalancer> Header add Set-Cookie "EX_ROUTE=EB.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED BalancerMember http://10.0.0.1:7200 route=ee1 retry=300 flushpackets=off keepalive=on BalancerMember http://10.0.0.2:7200 route=ee2 retry=300 flushpackets=off keepalive=on status=+H ProxySet stickysession=EX_ROUTE scolonpathdelim=Off timeout=10 nofailover=off failonstatus=505 maxattempts=1 lbmethod=bybusyness Order deny,allow Allow from all </Proxy> RewriteCond %{REQUEST_URI} !^/index.html [NC] RewriteRule ^/(.*)$ balancer://exBalancer/$1 [P,NC] ProxyPassReverse / balancer://exBalancer/ Header edit Set-Cookie "(.*)" "$1;HttpsOnly" ... So - everything works fine and as expected for all of the pages that are not a part of the LocationMatch-directive. When requesting something that matches the LocationMatch-directive, I'm asked for a certificate (hence the SSLVerifyClient required attribute) - and getting all the correct certificates in my browser that is based on the root/intermediate chain. After choosing a certificate and clicking "OK", this is what pops up in the apache logs: [ssl:info] [pid 9530:tid 25] [client :43357] AH01998: Connection closed to child 86 with abortive shutdown ( [Thu Oct 11 09:27:36.221876 2012] [ssl:debug] [pid 9530:tid 25] ssl_engine_io.c(1171): (70014)End of file found: [client 10.235.128.55:45846] AH02007: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] And this just spams the logs. What is happening here? I can see this configuration working on my local machine, but not on one of our servers. There is no configration differences between the servers, only minor application-wise-changes. I've tried the following: 1) Removing CA-certificate-checking (works) 2) Adding required CA-certificate for the whole site (works) 3) Adding "SSLVerifyClient optional" does not work 4) ++ Server/Application Information Local: -OpenSSL v.1.0.1x -Apache 2.4.3 -Ubuntu -mpm: event -every configuration should be turned on (failing) server: -OpenSSL 0.9.8e -Apache 2.4.2 -SunOS -mpm: worker -every configuration should be turned on Please let me know if more information is needed, I'll provide it instantly. Brief sum-up: -Running apache 2.4 -Server certificates works just fine -Client certificates for some /Locations does not work, fails with errors PS: Could it be related with the OpenSSL version and the "Renegotiation" stuff related to TLS/SSLv3?

  Read the article

• Strange exception when connecting to a WCF service via a proxy server

  - by Slauma

  The exception "This operation is not supported for a relative URI." occurs in the following situation: I have a WCF service: [ServiceContract(ProtectionLevel=ProtectionLevel.None)] public interface IMyService { [OperationContract] [FaultContract(typeof(MyFault))] List<MyDto> MyOperation(int param); // other operations } public class MyService : IMyService { public List<MyDto> MyOperation(int param) { // Do the business stuff and return a list of MyDto } // other implementations } MyFault and MyDto are two very simple classes marked with [DataContract] attribute and each only having three [DataMember] of type string, int and int?. This service is hosted in IIS 7.0 on a Win 2008 Server along with an ASP.NET application. I am using an SVC file MyService.svc which is located directly in the root of the web site. The service configuration in web.config is the following: <system.serviceModel> <services> <service name="MyServiceLib.MyService"> <endpoint address="" binding="wsHttpBinding" bindingConfiguration="wsHttpBindingConfig" contract="MyServiceLib.IMyService" /> </service> </services> <bindings> <wsHttpBinding> <binding name="wsHttpBindingConfig"> <security mode="None"> <transport clientCredentialType="None" /> </security> </binding> </wsHttpBinding> </bindings> <behaviors> <serviceBehaviors> <behavior> <serviceMetadata httpGetEnabled="false"/> <serviceDebug includeExceptionDetailInFaults="false" /> </behavior> </serviceBehaviors> </behaviors> </system.serviceModel> This seems to work so far as I can enter the address http://www.domain.com/MyService.svc in a browser and get the "This is a Windows Communication Foundation Service"-Welcome page. One of the clients consuming the service is a console application: MyServiceClient aChannel = new MyServiceClient("WSHttpBinding_IMyService"); List<MyDto> aMyDtoList = aChannel.MyOperation(1); It has the following configuration: <system.serviceModel> <bindings> <wsHttpBinding> <binding name="WSHttpBinding_IMyService" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="true" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="false" proxyAddress="10.20.30.40:8080" allowCookies="false"> <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /> <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" /> <security mode="None"> <transport clientCredentialType="Windows" proxyCredentialType="None" realm="" /> <message clientCredentialType="Windows" negotiateServiceCredential="true" /> </security> </binding> </wsHttpBinding> </bindings> <client> <endpoint address="http://www.domain.com/MyService.svc" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IMyService" contract="MyService.IMyService" name="WSHttpBinding_IMyService" /> </client> </system.serviceModel> When I run this application at a production server at a customer site calling aChannel.MyOperation(1) throws the following exception: This operation is not supported for a relative URI. When I run this client application on my development PC with exactly the same config, with the exception that I remove proxyAddress="10.20.30.40:8080" from the bindings the operation works without problems. Now I really don't know what specifying a proxy server address might have to do with absolute or relative URIs. The use of the proxy server or not is the only difference I can see when running the client on the production or on the development machine. Does someone have an idea what this exception might mean in this context and how possibly to solve the problem? Thank you in advance for help!

  Read the article

• Passing Certificate to Svcutil to generate proxy for OSB Service

  - by webwires

  We are wanting to implement Two-Way SSL security from WCF to OSB Services. We have successfully deployed the certificates so that when you browse to the service with IE you get the appropriate prompt for certificate and then it takes you immediately to the WSDL. But, when you attempt to generate a proxy using svcutil as defined in steps 8 and 9 in this MSDN article. http://msdn.microsoft.com/en-us/library/cc949005.aspx I get the error: A reply message was received for operation 'Get' with action 'http://schemas.xmlsoap.org/ws/2004/09/transfer/Get'. However, your client code requires action 'http://schemas.xmlsoap.org/ws/2004/09/transfer/GetResponse'. The OSB services are set to use Soap 1.2 and the svcutil.exe.config we use is identicle to the article except for the findValue and x509FindType. Instead we used the FindByThumbprint pointing to the "My" store name and "CurrentUser" store location. The cert is there and is the same cert we select from the IE prompt.

  Read the article

• Redirecting http request to two different weblogic servers using the Weblogic proxy and Apache2

  - by Jhon

  Hello All, I've read previous posts like "Redirecting https requests to two different weblogic servers using the Weblogic proxy and Apache2". But I have a different situation and I don't think I'm understanding this to well. I have an Apache 2 server (server1) that will receive http request for my application. Then I have two more servers (server2 and server3) with Web Logic 9.2 runing on ports 7000 (server1) and 8000 (server2). I want the users to enter appname.domain.com and be redirected between the two web logic servers, always keeping appname.domain.com (this is hidding servername:port from URL). How can I manage to do that? Thanks in advanced! Jhon.

  Read the article

• ANTLR parser hanging at proxy.handshake call

  - by Peter Boughton

  I am attempting to get a basic ECMAScript parser working, and found a complete ANTLR grammar for ECMAScript 3, which appears to compile ok and produces the appropriate Lexer/Parser/Walker Java files. (Running inside ANTLR IDE plugin for Eclipse 3.5) However, when actually trying to use it with some simple test code (following guide on ANTLR wiki), it just hangs when trying to create the parser: CharStream MyChars = new ANTLRFileStream(FileName); // FileName is valid ES3Lexer MyLexer = new ES3Lexer(MyChars); CommonTokenStream MyTokens = new CommonTokenStream(MyLexer); MyTokens.setTokenSource(MyLexer); ES3Parser MyParser = new ES3Parser( MyTokens ); // hangs here ES3Parser.program_return MyReturn = MyParser.program(); I've tracked down the problem to inside the ES3Parser constructor, where it's calling the function proxy.handshake() - before this line I can successfully do System.out.println("text") but after it I get nothing. So, how do I go about finding out why it's hanging, and stopping it - or even just bypassing this section (can/should I disable debugging?) - so long as that lets it work and allows me to get on with doing useful stuff.

  Read the article

• ODBC Proxy for remotely accessing legacy resources?

  - by Winston Fassett

  Our project uses AcuCorp's AcuODBC driver to access a legacy Vision database. The problem is that we only have a 32-bit driver and the installer simply won't run on our 64-bit servers. I need a way to use SSIS to pull data from that system. As far as I can tell, there are 3 options: Set up a whole new SQL Server instance with SSIS and the AcuODBC drivers on a 32-bit VM (costly) Try to hack the 32-bit driver onto our 64-bit server manually (failure prone and unsupported) Set up a 32-bit VM with some sort of "proxy" service that our 64-bit SSIS can use to pull the data. The first option is the least desirable. If you have any suggestions for options 2 or 3, or anything else I haven't thought of, I'd love to hear them.

  Read the article

• Custom Logic and Proxy Classes in ADO.NET Data Services

  - by rasx

  I've just read "Injecting Custom Logic in ADO.NET Data Services" and my next question is, How do you get your [WebGet] method to show up in the client-side proxy classes? Sure, I can call this directly (RESTfully) with, say, WebClient but I thought the strong typing features in ADO.NET Data Services would "hide" this from me auto-magically. So here we have: public class MyService : DataService<MyDataSource> { // This method is called only once to initialize service-wide policies. public static void InitializeService(IDataServiceConfiguration config) { config.SetEntitySetAccessRule("Customers", EntitySetRights.AllRead); config.SetServiceOperationAccessRule("CustomersInCity", ServiceOperationRights.All); } [WebGet] public IQueryable<MyDataSource.Customers> CustomersInCity(string city) { return from c in this.CurrentDataSource.Customers where c.City == city select c; } } How can I get CustomersInCity() to show up in my client-side class defintions?

  Read the article

• Django as S3 proxy

  - by schneck

  Hi there, I extended a ModelAdmin with a custom field "Download file", which is a link to a URL in my Django project, like: http://www.myproject.com/downloads/1 There, I want to serve a file which is stored in a S3-bucket. The files in the bucket are not public readable, and the user may not have direct access to it. Now I want to avoid that the file has to be loaded in the server memory (these are multi-gb-files) avoid to have temp files on the server The ideal solution would be to let django act as a proxy that streams S3-chunks directly to the user. I use boto, but did not find a possibility to stream the chunks. Any ideas? Thanks.

  Read the article

• Zend_Soap_Client doesn't work with proxy

  - by understack

  I'm accessing a SOAP web service like : $wsdl_url = 'http://abslive3.timesgroup.com:8888/clsRSchedule.soap?wsdl' ; $client = new Zend_Soap_Client($wsdl_url, array('proxy_host'=>"http://virtual-browser.25u.com" , 'proxy_port'=>80)); Since my shared server blocks port 8888, I'm using this proxy server. But Zend Soap Client tries to directly connect it. Exception information: Message: SOAP-ERROR: Parsing WSDL: Couldn't load from 'http://abslive3.timesgroup.com:8888/clsRSchedule.soap?wsdl' : failed to load external entity "http://abslive3.timesgroup.com:8888/clsRSchedule.soap?wsdl" Stack trace: #0 /home/..../library/Zend/Soap/Client/Common.php(51): SoapClient->SoapClient('http://abslive3...', Array) #1 /home/..../library/Zend/Soap/Client.php(1024): Zend_Soap_Client_Common->__construct(Array, 'http://abslive3...', Array) #2 /home/..../library/Zend/Soap/Client.php(1180): Zend_Soap_Client->_initSoapClientObject() #3 /home/..../library/Zend/Soap/Client.php(1104): Zend_Soap_Client->getSoapClient() #4 [internal function]: Zend_Soap_Client->__call('ReturnDataSet', Array) What am I doing wrong?

  Read the article

• ASP.NET Request.ServerVariables["SERVER_PORT_SECURE"] and proxy SSL by load balancer

  - by frankadelic

  We have some legacy ASP.NET code that detects if a request is secure, and redirects to the https version of the page if required. This code uses Request.ServerVariables["SERVER_PORT_SECURE"] to detect if SSL is needed. Our operations team has suggested doing proxy SSL at the load balancer (F5 Big-IP) instead of on the web servers (assume for the purposes of this question that this is a requirement). The consequence would be that all requests appear as HTTP to the web server. My question: how can we let the web servers known that the incoming connection was secure before it hit the load balancer? Can we continue to use Request.ServerVariables["SERVER_PORT_SECURE"]? Do you know of a load balancer config that will send headers so that no application code changes are needed?

  Read the article

• NDIS or TDI for packet redirection to a local proxy

  - by Enrico Detoma

  I need to develop a transparent filter to redirect outgoing HTTP packets to a local proxy, to do transparent content filtering. Which is the best technology to do it, TDI or NDIS IM? My main constraint is to avoid conflicts with antivirus software, which also do some kind of packet redirection to inspect HTTP content (I don't know whether antivirus programs use TDI, NDIS IM, or both). Rather than writing the driver myself, actually, I'm also considering two commercial SDKs for packet filtering/modification: one uses a TDI driver while the other uses a NDIS IM driver, so that's the origin of my question (I was only aware of NDIS IM, before looking at the two SDKs).

  Read the article

• NHibernate: uninitialized proxy passed to save() and cascade

  - by jonnii

  Hi, I keep getting an NHibernate.PersistentObjectException when calling session.Save() which is due to an uninitialized proxy passed to save(). If I fiddle with my cascade settings I can make it go away, but then child objects aren't being saved. The only other fix I have found is by adding the following to my DefaultSaveEventListener. protected override bool ReassociateIfUninitializedProxy(object obj, global::NHibernate.Engine.ISessionImplementor source) { if (!NHibernateUtil.IsInitialized(obj)) NHibernateUtil.Initialize(obj); return base.ReassociateIfUninitializedProxy(obj, source); } This is obviously not an ideal solution. Any ideas?

  Read the article

• WCF: Proxy open and close - whaaa?

  - by MikeMalter

  I am maintaing a windows form application using WCF and are using net.tcp internally. The lifecycle of our connections is GET/USE/CLOSE. We are having a problem with the application pool crashing with no trace. In looking at netstat, I can see when I come into the application as we have a login service. However, even though we are creating the proxy in a using statement, the connection in netstat does not go away until I physically close the application. Is this right? Should I be doing something diffent on the client to force the connection to close? So if the connection stays open, does it stay open for the duration of the openTimeout setting and then gets torn down? Thanks.

  Read the article

• Service Contracts with Message causes duplicate proxy classes

  - by jaklucky

  Hi, I have a service contract with Message as shown below. [OperationContract] Message MyMethodWithMessage(Message myMsgParam); Everything works fine. I could host my services. But when I try to create proxies through "Add Service References", I am getting the duplicate proxy classes. If I take out the above OperationContract and re run my services and try to create proxies, then "Add Service References" does not provide duplicate proxies. I am really confused about this!!! Any help is greatly appreciated... Thank you, Suresh

  Read the article

• Do not use IE browser settings when using a proxy with Indy

  - by JD

  Hi At one of our customer sites, we have a Delphi 2007 application that makes a number of HTTPS requests using indy components. All requests are made using the proxy settings the client provides. For this to work, in IE we have to put the URL's in the trusted zones section. After a month due to security settings the trusted zones are cleared. This means we have to re-add the URLs again to make our application work. Is there a way of bypassing IE settings or using a client side HTTP stack so we do not go through the browser to make https requests? JD

  Read the article

• what is the use of creating proxy for an webservice

  - by prince23

  hi, i have an webserivce written where i do an insertion opertion to DB. path :http://localhost:1838/Ajax/WebService.asmx?wsdl.name of the webservice is localhost i have added webservice for the project now on button click event i try to call this webserice like this localhost obj= new localhost(); obj.insert(); now i am able to do the insertion operation fine. but i wanted to create an proxy for the webservice so wat is the use of it doing like tat? when i run this command in my command prompt in vs wsdl /out:myProxyClass.cs http://localhost:1838/Ajax/WebService.asmx?WSDL i get an error unable to connect the remote server. no connection would be made because the target machine actively refused it looking forward for an solution any help would great thank you

  Read the article

< Previous Page | 72 73 74 75 76 77 78 79 80 81 82 83  | Next Page >