AW: AW: AW: Problem with Apache in Jail
Scheithauer, Lars (FH)
Lars.Scheithauer at fh-heidelberg.de
Fri Nov 20 09:07:33 UTC 2009
Hi Ian,
> So are you sure that (from outside your environment) the vhost
hostname
> resolves to its IP address ok? Does it have a unique public IP
address?
> If so, does reverse resolution of that address point to that hostname?
Yes:
# host campus2.fh-heidelberg.de
campus2.fh-heidelberg.de is an alias for www2.fh-heidelberg.de.
www2.fh-heidelberg.de has address 193.197.74.48
# host 193.197.74.48
48.74.197.193.in-addr.arpa domain name pointer www2.fh-heidelberg.de.
> From (right) outside your net, does that IP address respond to pings?
> By IP address as well as by hostname?
Yes.
> Does your apache config specify name-based and/or IP-based virtual
> hosts? There can lurk some dragons ..
I did try name-based, but it's currently just a catch-all (see below).
> If this is a jail issue I've no idea at all, but if the DNS results
> obtained from inside and outside your network perimeter differ, that
may
> explain some of what you're seeing. I guess an outside DNS query
> followed by an attemped HTTP connect tracked on tcpdump, perhaps in
> verbose packet-display mode (eg -nXs0) should provide more solid
clues?
Ooooookay, now this really makes sense.
Sending packets to the URL don't even reach the jailhost (I can't
directly dump the jail's packages), but sending to its IP do... And I
can see packets leaving my client... This is persistent across different
browsers. Any ideas how that is possible?
> Make sure that you're logging both the vhost concerned and the
'default'
> config used if no vhost entry is satisfied, perhaps you'll see
something
> there? I specify error.log to catch any of these during vhost setup.
I do, see below.
> You may need to share more of your apache configuration in the hope
that
> someone may spot something, once you confirm there are no DNS issues.
---------->>> /usr/local/etc/apache22/httpd.conf <<<----------
ServerRoot "/usr/local"
Listen 80
## modules
# [...]
## MAIN CONFIG
ServerAdmin support at fh-heidelberg.de
ServerName www2.fh-heidelberg.de:80
DocumentRoot "/usr/local/www/apache22/data"
## disable all access, then allow specific services
<Directory />
AllowOverride None
Order deny,allow
Deny from all
</Directory>
## main site, currently just with a testpage
<Directory "/usr/local/www/apache22/data">
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
## prevent htaccess to be read
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
## LOGGING
ErrorLog "/var/log/httpd-error.log"
logLevel debug
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "/var/log/httpd-access.log" combined
</IfModule>
## aliases and redirects
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/usr/local/www/apache22/cgi-bin/"
</IfModule>
## cgi-bin
<Directory "/usr/local/www/apache22/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
DefaultType text/plain
<IfModule mime_module>
TypesConfig etc/apache22/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
#AddHandler cgi-script .cgi
#AddHandler type-map var
</IfModule>
## Virtual hosts
#Include etc/apache22/extra/httpd-vhosts.conf
Include etc/apache22/vhosts/*
Include etc/apache22/Includes/*.conf
----->>> /usr/local/etc/apache22/vhosts/campus2.fh-heidelberg.de
<<<-----
## catch all
NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin support at fh-heidelberg.de
DocumentRoot "/usr/local/www/apache22/campus2.fh-heidelberg.de"
ServerName campus2.fh-heidelberg.de
ErrorLog
"/var/log/apache2/campus2.fh-heidelberg.de_error.log"
CustomLog
"/var/log/apache2/campus2.fh-heidelberg.de_access.log" common
</VirtualHost>
Best Regards,
Lars
More information about the freebsd-jail
mailing list