SSL Timeout
I am having a problem logging on using SSL, the server displays the
following message
Thu Dec 21 11:31:11 GMT+00:00 2000:<W> <SSLListenThread> Connection
rejected: 'L ogin timed out after: '100000' ms on socket:
'Socket[addr=localhost/127.0.0.1,port=3017,localport=7002}''
And the browser window shows the standard "The page cannot be displayed"
message.
The natural assumption is that there is a timeout after 100 seconds of
trying to logon, fair enough, but this seems strange as, although our logon
process is fairly hefty, without SSL there is never any problem logging on
within the default 5 seconds (I know HTTPS is slower than HTTP, but over 20
times slower seems excessive), does anyone have any idea what could be
slowing things down so much? Or of some other problem which could spuriously
give this error message (unlikely I know).
Set-up windows NT, weblogic 5.1 sp5, using the SSL certificates given with
SP7 (I haven't installed SP7 yet, because I heard that it breaks SSL), the
server is held on the same PC as the client (so IE is calling localhost)
the relevant part of my weblogic.properties is
weblogic.login.readTimeoutMillis=5000
weblogic.login.readTimeoutMillisSSL=600000
weblogic.system.SSLListenPort=7002
weblogic.security.ssl.enable=true
weblogic.security.key.server=demokey.pem
weblogic.security.certificate.server=democert.pem
weblogic.security.certificate.authority=ca.pem
I have similar problem.
Although I am able to hit the page using browser
I'm not able to do so using an applet (I get the same error as you do).
Cheers,
Antoan
"Terry" <[email protected]> wrote:
I am having a problem logging on using SSL, the server displays the
following message
Thu Dec 21 11:31:11 GMT+00:00 2000:<W> <SSLListenThread> Connection
rejected: 'L ogin timed out after: '100000' ms on socket:
'Socket[addr=localhost/127.0.0.1,port=3017,localport=7002}''
And the browser window shows the standard "The page cannot be displayed"
message.
The natural assumption is that there is a timeout after 100 seconds of
trying to logon, fair enough, but this seems strange as, although our logon
process is fairly hefty, without SSL there is never any problem logging on
within the default 5 seconds (I know HTTPS is slower than HTTP, but over 20
times slower seems excessive), does anyone have any idea what could be
slowing things down so much? Or of some other problem which could spuriously
give this error message (unlikely I know).
Set-up windows NT, weblogic 5.1 sp5, using the SSL certificates given with
SP7 (I haven't installed SP7 yet, because I heard that it breaks SSL), the
server is held on the same PC as the client (so IE is calling localhost)
the relevant part of my weblogic.properties is
weblogic.login.readTimeoutMillis=5000
weblogic.login.readTimeoutMillisSSL=600000
weblogic.system.SSLListenPort=7002
weblogic.security.ssl.enable=true
weblogic.security.key.server=demokey.pem
weblogic.security.certificate.server=democert.pem
weblogic.security.certificate.authority=ca.pem
Similar Messages
-
SSL timeout with HttpURLConnection
I'm using an HttpURLConnection to connect to a URL (in my case, an https URL). The readtimeout on the HttpURLConnection has not been set, so it's the default of no timeout. The HttpURLConnection is able to connect immediately, but getting a response back can take some time (the URL points to a servlet that does some work that can take a little while). When it's less than 10 minutes, this works fine. When it takes more than 10 minutes, HttpURLConnection.getContentType() throws a SocketException:
java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:168)
at com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:284)
at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:319)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:720)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:677)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:218)
at java.io.BufferedInputStream.read1(BufferedInputStream.java:256)
at java.io.BufferedInputStream.read(BufferedInputStream.java:313)
at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:606)
at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:554)
at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:571)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:928)
at sun.net.www.protocol.http.HttpURLConnection.getHeaderField(HttpURLConnection.java:1850)
at java.net.URLConnection.getContentType(URLConnection.java:479)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getContentType(HttpsURLConnectionImpl.java:382)
It appears that there is some sort of underlying SSL-related timeout that, in this case, is set to 10 minutes. Does anyone know what might be causing this and how I can change it programmatically?
Thanks,
vlb514The server is resetting the connection.
-
Hello. I am having a problem with timeouts when using ssl load balancing. The ssl termination point is on the webserver. I am hitting the VIP on port 443 and then balancing between 2 servers at the backend. The problem is that the users' sessions are timing out at random intervals. When one of the servers is powered down this issue does not happen. Could this be something to do with the content switch and flow timeouts?? I have added the line "sticky-inact-timeout 45" thinking that it might be that but it has not made a difference.
My config is as follows
service ugwprd01-ssl-2443
ip address 10.48.7.3
protocol tcp
port 2443
keepalive type ssl
redundant-index 210
active
service ugwprd02-ssl-2443
ip address 10.48.7.6
protocol tcp
port 2443
keepalive type ssl
redundant-index 220
active
owner x
content x
vip address 10.48.1.6
port 443
protocol tcp
application ssl
add service ugwprd01-ssl-2443
add service ugwprd02-ssl-2443
redundant-index 1210
advanced-balance ssl
sticky-inact-timeout 45
active
THANKS!You may be running into an IE issue whereby the SSL session id is changed every 2 minutes. This becomes a problem when using advanced-balance ssl and application ssl as this is l5 stickyness based on session id. After 2 minutes, this changes. With only one server you will not see this occur as you are on the same server to begin with.
The only solution here is to use some type of SSL temrination device that we offer such as an SCA. You may also want to back off the VIP to layer 4 and not use application ssl and advanced-balance ssl and have the content rule look like this:
content x
vip address 10.48.1.6
port 443
protocol tcp
add service ugwprd01-ssl-2443
add service ugwprd02-ssl-2443
redundant-index 1210
active
See if changing to L4 makes things work better.
Regards
Pete Knoops
Cisco Systems -
Hi,
I try to connect my laptop to RV320 by VPN SSL connection.
Every 8-15 minuets i get session expired, even when I am working. I tried to increase "Login Time" field to 9999 but without success
The problem also occurs on other computers.
Any ideas?
Thanks.Thus you are modifying correct value. According related Cisco KB article the "Session Idle Time" value means "enter the time, in minutes, before the existing session terminates after the connection becomes idle".
> i get session expired, even when I am working
Isn't your public IP address changed during your work? Changed client IP address (from VPN Router point of view) is considered as good reason for breaking VPN connection.
Have you tried to use different browser and try to reproduce with same results? -
Customers have been reporting "Page cannot be displayed" in IE and sending screenshots of partially loaded pages. I'm assuming we have a timeout issue.
We have a proxy (HttpClusterServlet) handling the SSL, and load balancing on a few managed servers over non-SSL protocol on the same machine.
Server2008 64bit [ Client ---> HTTPS ---> Proxy ---> HTTP ---> Managed Servers ]
Where would a timeout issue likely been occuring?
In admin console, under the Proxy server -> Tuning, I'm noticing the HTTP timeout is 5sec and SSL timeout is 25sec (Defaults). Would increasing the SSL timeout on the proxy and the HTTP timeouts on the managed server help this situation?
Side note: In the managed servers' output logs I am also notice "View cannot be restored" errors, which I'm assuming is a user trying to request an expired session, probably due to reloading a page that has already expired. This may be a seperate issue, as I have set all no-cache, revalidates headers in my filter.
Any feedback appreciated.The document tells me I should install OWA. I assume it's Oracle Web Agent, since the document doesn't ever tell me what OWA is, and not the more common Outlook Web App (nor anything else on the wikipedia page for OWA). I do not see anything on the download page about a Web Agent. I downloaded Oracle Fusion Middleware 11g Web Tier Utilities, which the asktom site suggested, but it's over a gigabyte of stuff (compressed), won't let me chose components, and requires the WebLogic Server, which I'm not paying for.
I looked at the linked mod_plsql, and it's from Total Knowledge Software, not Oracle. Also, the official website for that release says the next version will support Apache 2, which is hardly current. Since the current version is 4.5 years old, I assume the project is dead and there will be no next version. Even if development is alive, I need something now. There is another open-source version of mod_plsql, but they specifically state that it does not have full support for application express. -
Hi,
I am a newbee. I am migrating from CSS to CSM. I have attached conversion config. Can some one please verify that I am doing the right conversion?
Thanksactually there is a mistake.
Here is what it should look like
real XX1
address x.x.x.x
inservice
real XX2
address x.x.x.x
inservice
serverfarm YYY
nat server
no nat client
real name XX1
inservice
real name XX2
inservice
probe tcp
sticky 1 ssl timeout 60
vserver YYY
virtual xx.xx.xx.03 tcp http
serverfarm YYY
inservice
vserver YYY1
virtual xx.xx.xx.03 tcp https
serverfarm YYY
sticky 60 group 1
inservice
Gilles. -
SSL. Error: Timeout occurred whilst retrieving page meta data
Hi!
I am configuring oracle 9iAS 1.0.2.2a Portal to enable SSL and I did
everything that was said at http://igloo.its.unimelb.edu.au/Webmail/tips/msg00569.html
zone.properties
servlet.page.initArgs=useScheme=http
servlet.page.initArgs=usePort=7778
servlet.page.initArgs=httpsports=4443
wdbsvr.app
[DAD_portal30]
cgi_env_list = REQUEST_PROTOCOL=HTTPS,SERVER_PORT=4443
[DAD_portal30_sso]
cgi_env_list = REQUEST_PROTOCOL=HTTPS,SERVER_PORT=4443
This was my ssodatan
ssodatan -w https://me.me.me:4443/pls/portal30/ -l
https://me.me.me:4443/pls/portal30_sso/ -s portal30 -o portal30_sso
But when I access https://me.me.me:4443/pls/portal30/ I get
Error: Timeout occurred whilst retrieving page meta data
However, https://me.me.me:4443/pls/portal30_sso/ is working fine!
One more thing. I can access my login server at
http://me.me.me:7778/pls/portal30/ and when it prompts for username and password
it uses https.
https://me.me.me:4443/pls/pors/portal30_sso.wwsso_app_admin.ls_login
Help would be greatly appreciated!jserv.log (these lines appear many times)
[28/06/2002 17:07:03:987 GMT+03:00] page/JNI: Exception when trying to connect in 0.
[28/06/2002 17:07:03:987 GMT+03:00] page/Timeout occurred, label=page url=https://me.me.me:4443/pls/portal30/!PORTAL30.wwpob_page.show?_pageid=51
[28/06/2002 17:07:03:987 GMT+03:00] page/ContentFetcher Unexpected Exception, name=content-fetcher3
javax.net.ssl.SSLException: SSL handshake failed: X509CertChainIncompleteErr
at oracle.security.ssl.OracleSSLSocketImpl.startHandshake(Native Method)
at oracle.security.ssl.OracleSSLSocketImpl.startHandshake(Unknown Source)
at HTTPClient.HTTPConnection.getSSLSocket(HTTPConnection.java, Compiled Code)
at HTTPClient.HTTPConnection.sendRequest(HTTPConnection.java, Compiled Code)
at HTTPClient.HTTPConnection.handleRequest(HTTPConnection.java, Compiled Code)
at HTTPClient.HTTPConnection.setupRequest(HTTPConnection.java:3545)
at HTTPClient.HTTPConnection.Post(HTTPConnection.java:2478)
at HTTPClient.HTTPConnection.Post(HTTPConnection.java:2605)
at oracle.webdb.cache.CacheHTTPConnection.getHTTPResponse(CacheHTTPConnection.java:129)
at oracle.webdb.cache.CacheHTTPResponse.process(CacheHTTPResponse.java, Compiled Code)
at oracle.webdb.cache.CacheHTTPConnection.common(CacheHTTPConnection.java:114)
at oracle.webdb.cache.CacheHTTPConnection.Post(CacheHTTPConnection.java:210)
at oracle.webdb.page.ContentFetcher.run(ContentFetcher.java, Compiled Code)
Changes to httpd.conf
<IfDefine SSL>
Port 4443
Listen 4443
</IfDefine>
<VirtualHost default:80>
</VirtualHost>
<VirtualHost default:4443>
DocumentRoot "/oas/Apache/Apache/htdocs"
ServerName me.me.me
ServerAdmin [email protected]
ErrorLog /oas/Apache/Apache/logs/error_log
TransferLog /oas/Apache/Apache/logs/access_log
SSLCertificateFile /oas/Apache/Apache/conf/ssl.crt/mycert.crt
SSLCertificateKeyFile /oas/Apache/Apache/conf/ssl.key/mycert.key
</VirtualHost> -
I am invoking a ssl connection to a servlet from a shell script. Is there a way to set a timeout so that if I do not get a response from the servlet I need to go ahead in the script and set an exit code.
My command line looks like
java -DURL=" " -Dbea.home=" " .... -Daction= " " SSLJobs
How do I set the time out in command line ??
ThanksYou better check with your company IT department on permissions.
‡Thank you for hitting the Blue/Green Star button‡
N8-00 RM 596 V:111.030.0609; E71-1(05) RM 346 V: 500.21.009 -
Wlan ssl upload failure with connection timeouts
I have WLAN-upload problems with my MacBook running OS X 10.9.4 on my ftp server.
The server is configured in passive mode and the ports are activated within iptables and SSL mode (explicit tls).
From my it is not possible to upload files without problems. On my colleagues older mac it is not possible whether using wlan or lan connection (not the same network!)
I am able to upload 1-5 files and then the client will loose the connection with an timeout, reconnects and tries to upload the same file again (means it's already on the server).
On the other hand I am able to upload out of the following virtual machines running on my mac using parallels: Ubuntu, Debian, OS X Yosemite DP7!
Furthermore I am able to upload files using my windows laptop (same WLAN) and my windows desktop computer. So I assume it is not the routers fault.
In my opinion and after reading about 20 guides from different websites, the ftp is correctly configured and there is no "NO MAC"-Option.
What I have tried already without results:
- Restored my MacBook to a clean OS X 10.9.4
- Compared the MTU of the clean install with my old install
- Compared the MTU with the virtual machines
- Tried FileZilla, Yummy FTP and Cyberduck
- Opened the ports in my router (though not neccessary)
What I have tried with results:
- Upload using a clean OS X Yosemite Parallels VM (on my MacBook!)
- Upload using a Ubuntu/Debian Parallels VM (on my MacBook!)
- Upload using a Windows notebook and Windows desktop computer
- Upload using a iPhone Hotspot on my MacBook (weird it was working)
Do you have any ideas what the problem could be? I don't think it is only my routers fault because it is possible to reproduce the problem on another macbook on another network. Additionally I am able to upload using virtual machines on my Macbook (super weird).
Is there a problem with the network adapter? Why is it working out of VMs but not the operation system itself?
best regards
SeferI have WLAN-upload problems with my MacBook running OS X 10.9.4 on my ftp server.
The server is configured in passive mode and the ports are activated within iptables and SSL mode (explicit tls).
From my it is not possible to upload files without problems. On my colleagues older mac it is not possible whether using wlan or lan connection (not the same network!)
I am able to upload 1-5 files and then the client will loose the connection with an timeout, reconnects and tries to upload the same file again (means it's already on the server).
On the other hand I am able to upload out of the following virtual machines running on my mac using parallels: Ubuntu, Debian, OS X Yosemite DP7!
Furthermore I am able to upload files using my windows laptop (same WLAN) and my windows desktop computer. So I assume it is not the routers fault.
In my opinion and after reading about 20 guides from different websites, the ftp is correctly configured and there is no "NO MAC"-Option.
What I have tried already without results:
- Restored my MacBook to a clean OS X 10.9.4
- Compared the MTU of the clean install with my old install
- Compared the MTU with the virtual machines
- Tried FileZilla, Yummy FTP and Cyberduck
- Opened the ports in my router (though not neccessary)
What I have tried with results:
- Upload using a clean OS X Yosemite Parallels VM (on my MacBook!)
- Upload using a Ubuntu/Debian Parallels VM (on my MacBook!)
- Upload using a Windows notebook and Windows desktop computer
- Upload using a iPhone Hotspot on my MacBook (weird it was working)
Do you have any ideas what the problem could be? I don't think it is only my routers fault because it is possible to reproduce the problem on another macbook on another network. Additionally I am able to upload using virtual machines on my Macbook (super weird).
Is there a problem with the network adapter? Why is it working out of VMs but not the operation system itself?
best regards
Sefer -
Asmx Web Service Random Timeout on SSL Handshake
We have an asmx web service that is deployed on a server farm with two servers (both Virtual Machines with Windows 2008). The asmx web service, when invoked from a .net client application randomly returns this error:
"The underlying connection was closed: An unexpected error occurred on a receive."
On a retry, the operation works fine. But the problem recurs after a few tries.
When I tried to trap this message in Fiddler, this was the error:
HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 17:23:35.494
Connection: close
fiddler.network.https> HTTPS handshake to <removed the site name> failed. System.IO.IOException Unable to read data from the transport connection: An existing connection
was forcibly closed by the remote host. < An existing connection was forcibly closed by the remote host.
One thing that is noticeable is that all "random" errors occur only if when the client "tunnels" to site as per Fiddler. Sometimes the "tunnel" succeeds and sometimes it fails.
This server farm is behind an F5 load balancer.
I also have a replacement for this asmx web service which is a WCF service. That service is also deployed on the same server farm. This WCF service also gets the same random error though it does not seem to be that frequent. I have tried to trace the error
message on the client and the server and nothing seems to work so far.
I am working with a Microsoft support person and a network expert on this issue.
I am posting this question to the community to see if anybody else ran into a similar issue and if yes, what were their findings?
Thanks in advance for your help.This issue turned out to the related to the virtual network interface card on one of the two servers that were part of the load balanced pool. Once we created a new NIC and reassigned the website IP addressed to it, the problem went away.
I'd like to document what I learnt from the troubleshooting exercise. This is probably already documented on various forums but just thought I'll share this information.
1. Troubleshooting Steps on the server:
a. Make sure the URL of the WCF service shows up fine on a web browser on the client and the server. In many cases, the issue with the WCF service shows up in the browser window itself.
b. Take a look at SSL certificates and make sure those are installed correctly. Drop a test html file with hello world message in the web root folder of the server and see if your client browser can access it with SSL without any warnings or errors. Refresh
the page multiple types to see if you get a random error.
c. Enable WCF tracing on both the client and the server.
https://msdn.microsoft.com/en-us/library/ms733025(v=vs.110).aspx
d. If the traces do not provide any useful info, install Netmon on the client and the server and look at Netmon traces.
http://www.microsoft.com/en-us/download/details.aspx?id=4865
Apparently, there is a newer tool called 'Microsoft Message Analyzer' (http://www.microsoft.com/en-us/download/details.aspx?id=44226) but I did not use this tool.
e. Install Fiddler or Wireshark on the client and the server and monitor network traffic.
2. We learnt from the Netmon traces that the load balancer was dropping packets randomly when connecting to one of the two servers. So we removed the server that was working fine from the load balanced pool and tested just with the 'erroring' server. We
placed a test.html file on the web root of the server and continued our testing. We noticed that the random errors were evident also in non-SSL communication. So this eliminated the theory that the WCF service or the SSL certificates that anything to do with
the random error. We noticed that the server would respond for a few minutes and then started dropping TCP packets. Once we added the virtual NIC, the problem went away.
3. Our third option would be to remove the load balancer from the picture but that was not needed once we figured out the issue in step 2.
Hope this information helps someone else who is facing or will face a similar problem. -
SSL VPN, "Login failed" and "WebVPN: error creating WebVPN session!"
Hi,
Just ran the wizard for Anyconnect SSL VPN, created a tunnel group, a vpn pool and added user to it. When trying to logon on the SSL service, it simply says "login failed". I suspect that the user might not be in correct groups or so?
some relevant config
webvpn
enable wan
svc image disk0:/anyconnect-win-2.4.1012-k9.pkg 1
svc enable
group-policy vpnpolicy1 internal
group-policy vpnpolicy1 attributes
vpn-tunnel-protocol svc
tunnel-group admins type remote-access
tunnel-group admins general-attributes
address-pool sslpool2
default-group-policy vpnpolicy1
username myuser password 1234567890 encrypted privilege 15
username myuser attributes
vpn-group-policy vpnpolicy1
Debug:
asa01# debug webvpn 255
INFO: debug webvpn enabled at level 255.
asa01# webvpn_allocate_auth_struct: net_handle = CD5734D0
webvpn_portal.c:ewaFormSubmit_webvpn_login[3203]
webvpn_portal.c:webvpn_login_validate_net_handle[2234]
webvpn_portal.c:webvpn_login_allocate_auth_struct[2254]
webvpn_portal.c:webvpn_login_assign_app_next[2272]
webvpn_portal.c:webvpn_login_cookie_check[2289]
webvpn_portal.c:webvpn_login_set_tg_buffer_from_form[2325]
webvpn_portal.c:webvpn_login_transcend_cert_auth_cookie[2359]
webvpn_login_transcend_cert_auth_cookie: tg_cookie = NULL, tg_name =
webvpn_portal.c:webvpn_login_set_tg_cookie_form[2421]
webvpn_portal.c:webvpn_login_set_tg_cookie_querry_string[2473]
webvpn_portal.c:webvpn_login_resolve_tunnel_group[2546]
webvpn_login_resolve_tunnel_group: tgCookie = NULL
webvpn_login_resolve_tunnel_group: tunnel group name from default
webvpn_login_resolve_tunnel_group: TG_BUFFER = DefaultWEBVPNGroup
webvpn_portal.c:webvpn_login_negotiate_client_cert[2636]
webvpn_portal.c:webvpn_login_check_cert_status[2733]
webvpn_portal.c:webvpn_login_cert_only[2774]
webvpn_portal.c:webvpn_login_primary_username[2796]
webvpn_portal.c:webvpn_login_primary_password[2878]
webvpn_portal.c:webvpn_login_secondary_username[2910]
webvpn_portal.c:webvpn_login_secondary_password[2988]
webvpn_portal.c:webvpn_login_extra_password[3021]
webvpn_portal.c:webvpn_login_set_cookie_flag[3040]
webvpn_portal.c:webvpn_login_set_auth_group_type[3063]
webvpn_login_set_auth_group_type: WEBVPN_AUTH_GROUP_TYPE = 4
webvpn_portal.c:webvpn_login_aaa_not_resuming[3137]
webvpn_portal.c:http_webvpn_kill_cookie[790]
webvpn_auth.c:http_webvpn_pre_authentication[2321]
WebVPN: calling AAA with ewsContext (-867034168) and nh (-849922864)!
webvpn_add_auth_handle: auth_handle = 17
WebVPN: started user authentication...
webvpn_auth.c:webvpn_aaa_callback[5138]
WebVPN: AAA status = (ACCEPT)
webvpn_portal.c:ewaFormSubmit_webvpn_login[3203]
webvpn_portal.c:webvpn_login_validate_net_handle[2234]
webvpn_portal.c:webvpn_login_allocate_auth_struct[2254]
webvpn_portal.c:webvpn_login_assign_app_next[2272]
webvpn_portal.c:webvpn_login_cookie_check[2289]
webvpn_portal.c:webvpn_login_set_tg_buffer_from_form[2325]
webvpn_portal.c:webvpn_login_transcend_cert_auth_cookie[2359]
webvpn_login_transcend_cert_auth_cookie: tg_cookie = NULL, tg_name =
webvpn_portal.c:webvpn_login_set_tg_cookie_form[2421]
webvpn_portal.c:webvpn_login_set_tg_cookie_querry_string[2473]
webvpn_portal.c:webvpn_login_resolve_tunnel_group[2546]
webvpn_portal.c:webvpn_login_negotiate_client_cert[2636]
webvpn_portal.c:webvpn_login_check_cert_status[2733]
webvpn_portal.c:webvpn_login_cert_only[2774]
webvpn_portal.c:webvpn_login_primary_username[2796]
webvpn_portal.c:webvpn_login_primary_password[2878]
webvpn_portal.c:webvpn_login_secondary_username[2910]
webvpn_portal.c:webvpn_login_secondary_password[2988]
webvpn_portal.c:webvpn_login_extra_password[3021]
webvpn_portal.c:webvpn_login_set_cookie_flag[3040]
webvpn_portal.c:webvpn_login_set_auth_group_type[3063]
webvpn_login_set_auth_group_type: WEBVPN_AUTH_GROUP_TYPE = 4
webvpn_portal.c:webvpn_login_aaa_resuming[3093]
webvpn_auth.c:http_webvpn_post_authentication[1485]
WebVPN: user: (myuser) authenticated.
webvpn_auth.c:http_webvpn_auth_accept[2938]
webvpn_session.c:http_webvpn_create_session[184]
WebVPN: error creating WebVPN session!
webvpn_remove_auth_handle: auth_handle = 17
webvpn_free_auth_struct: net_handle = CD5734D0
webvpn_allocate_auth_struct: net_handle = CD5734D0
webvpn_free_auth_struct: net_handle = CD5734D0AnyConnect says:
"The secure gateway has rejected the agents VPN connect or reconnect request. A new connection requires re-authentication and must be started manually. Please contact your network administrator if this problem persists.
The following message was received from the secure gateway: Host or network is 0"
Other resources indicate that it's either the tunnel group, or the address pool.. The address pool is:
ip local pool sslpool2 172.16.20.0-172.16.20.254 mask 255.255.255.0
asa01# debug webvpn 255
INFO: debug webvpn enabled at level 255.
asa01# debug http 255
debug http enabled at level 255.
asa01# webvpn_allocate_auth_struct: net_handle = CE9C3208
webvpn_portal.c:ewaFormSubmit_webvpn_login[3203]
webvpn_portal.c:webvpn_login_validate_net_handle[2234]
webvpn_portal.c:webvpn_login_allocate_auth_struct[2254]
webvpn_portal.c:webvpn_login_assign_app_next[2272]
webvpn_portal.c:webvpn_login_cookie_check[2289]
webvpn_portal.c:webvpn_login_set_tg_buffer_from_form[2325]
webvpn_portal.c:webvpn_login_transcend_cert_auth_cookie[2359]
webvpn_login_transcend_cert_auth_cookie: tg_cookie = NULL, tg_name =
webvpn_portal.c:webvpn_login_set_tg_cookie_form[2421]
webvpn_portal.c:webvpn_login_set_tg_cookie_querry_string[2473]
webvpn_portal.c:webvpn_login_resolve_tunnel_group[2546]
webvpn_login_resolve_tunnel_group: tgCookie = NULL
webvpn_login_resolve_tunnel_group: tunnel group name from default
webvpn_login_resolve_tunnel_group: TG_BUFFER = DefaultWEBVPNGroup
webvpn_portal.c:webvpn_login_negotiate_client_cert[2636]
webvpn_portal.c:webvpn_login_check_cert_status[2733]
webvpn_portal.c:webvpn_login_cert_only[2774]
webvpn_portal.c:webvpn_login_primary_username[2796]
webvpn_portal.c:webvpn_login_primary_password[2878]
webvpn_portal.c:webvpn_login_secondary_username[2910]
webvpn_portal.c:webvpn_login_secondary_password[2988]
webvpn_portal.c:webvpn_login_extra_password[3021]
webvpn_portal.c:webvpn_login_set_cookie_flag[3040]
webvpn_portal.c:webvpn_login_set_auth_group_type[3063]
webvpn_login_set_auth_group_type: WEBVPN_AUTH_GROUP_TYPE = 4
webvpn_portal.c:webvpn_login_aaa_not_resuming[3137]
webvpn_portal.c:http_webvpn_kill_cookie[790]
webvpn_auth.c:http_webvpn_pre_authentication[2321]
WebVPN: calling AAA with ewsContext (-845538720) and nh (-828624376)!
webvpn_add_auth_handle: auth_handle = 22
WebVPN: started user authentication...
webvpn_auth.c:webvpn_aaa_callback[5138]
WebVPN: AAA status = (ACCEPT)
webvpn_portal.c:ewaFormSubmit_webvpn_login[3203]
webvpn_portal.c:webvpn_login_validate_net_handle[2234]
webvpn_portal.c:webvpn_login_allocate_auth_struct[2254]
webvpn_portal.c:webvpn_login_assign_app_next[2272]
webvpn_portal.c:webvpn_login_cookie_check[2289]
webvpn_portal.c:webvpn_login_set_tg_buffer_from_form[2325]
webvpn_portal.c:webvpn_login_transcend_cert_auth_cookie[2359]
webvpn_login_transcend_cert_auth_cookie: tg_cookie = NULL, tg_name =
webvpn_portal.c:webvpn_login_set_tg_cookie_form[2421]
webvpn_portal.c:webvpn_login_set_tg_cookie_querry_string[2473]
webvpn_portal.c:webvpn_login_resolve_tunnel_group[2546]
webvpn_portal.c:webvpn_login_negotiate_client_cert[2636]
webvpn_portal.c:webvpn_login_check_cert_status[2733]
webvpn_portal.c:webvpn_login_cert_only[2774]
webvpn_portal.c:webvpn_login_primary_username[2796]
webvpn_portal.c:webvpn_login_primary_password[2878]
webvpn_portal.c:webvpn_login_secondary_username[2910]
webvpn_portal.c:webvpn_login_secondary_password[2988]
webvpn_portal.c:webvpn_login_extra_password[3021]
webvpn_portal.c:webvpn_login_set_cookie_flag[3040]
webvpn_portal.c:webvpn_login_set_auth_group_type[3063]
webvpn_login_set_auth_group_type: WEBVPN_AUTH_GROUP_TYPE = 4
webvpn_portal.c:webvpn_login_aaa_resuming[3093]
webvpn_auth.c:http_webvpn_post_authentication[1485]
WebVPN: user: (myuser) authenticated.
webvpn_auth.c:http_webvpn_auth_accept[2938]
HTTP: net_handle->standalone_client [0]
webvpn_session.c:http_webvpn_create_session[184]
webvpn_session.c:http_webvpn_find_session[159]
WebVPN session created!
webvpn_session.c:http_webvpn_find_session[159]
webvpn_remove_auth_handle: auth_handle = 22
webvpn_portal.c:ewaFormServe_webvpn_cookie[1805]
webvpn_free_auth_struct: net_handle = CE9C3208
webvpn_allocate_auth_struct: net_handle = CE9C3208
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C3208
webvpn_allocate_auth_struct: net_handle = CE9C3208
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE9C3208
webvpn_allocate_auth_struct: net_handle = CE9C3208
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C3208
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_allocate_auth_struct: net_handle = CE9C3208
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE9C3208
webvpn_allocate_auth_struct: net_handle = CE9C3208
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C3208
webvpn_allocate_auth_struct: net_handle = CE863DE8
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE863DE8
webvpn_allocate_auth_struct: net_handle = CE863DE8
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE863DE8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE863DE8
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE863DE8
webvpn_allocate_auth_struct: net_handle = CE863DE8
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE863DE8
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C32C8
HTTP: Periodic admin session check (idle-timeout = 1200, session-timeout = 0)
webvpn_allocate_auth_struct: net_handle = CE9C32C8
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_allocate_auth_struct: net_handle = CE9C32C8
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_allocate_auth_struct: net_handle = CC894AA8
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
Close 1043041832
webvpn_free_auth_struct: net_handle = CC894AA8 -
I'm getting "Init: SSL call to NZ function nzos_OpenWallet failed with error 29248" error in log file HTTP_Server~1 while starting OHS (using opmnctl startall).
I created a Wallet with auto login option checked. I was able to create certificate Request and got a certificate from verisign (14 days Validity). I imported Root certificate and intermediate certificate from verisign into the wallet and then successfully imported the trial certificate. After saving the wallet in default location I got 2 files (cwallet.sso and ewallet.p12) there.
Configuration in opmn.xml is :
<ias-component id="HTTP_Server">
<process-type id="HTTP_Server" module-id="OHS">
<environment>
<variable id="PERL5LIB" value="D:\product\10.1.3\OracleAS_1\Apache\Apache\mod_perl\site\5.8.3\lib\MSWin32-x86-multi-thread;$ORACLE_HOME\perl\5.8.3\lib;$ORACLE_HOME\perl\site\5.8.3\lib"/>
<variable id="PHPRC" value="D:\product\10.1.3\OracleAS_1\Apache\Apache\conf"/>
<variable id="PATH"
value="$ORACLE_HOME\Perl\5.8.3\bin\MSWin32-x86-multi-thread" append="true"/>
</environment>
<module-data>
<category id="start-parameters">
<data id="start-mode" value="ssl-enabled"/>
</category>
</module-data>
<process-set id="HTTP_Server" numprocs="1"/>
</process-type>
</ias-component>
my httpd.conf file is as follows:
## httpd.conf -- Apache HTTP server configuration file
# Based upon the NCSA server configuration files originally by Rob McCool.
# This is the main Apache server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:http://www.apache.org/docs/> for detailed information about
# the directives.
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
# After this file is processed, the server will look for and process
# D:\product\10.1.3\OracleAS_1\Apache\Apache/conf/srm.conf and then D:\product\10.1.3\OracleAS_1\Apache\Apache/conf/access.conf
# unless you have overridden these with ResourceConfig and/or
# AccessConfig directives here.
# The configuration directives are grouped into three basic sections:
# 1. Directives that control the operation of the Apache server process as a
# whole (the 'global environment').
# 2. Directives that define the parameters of the 'main' or 'default' server,
# which responds to requests that aren't handled by a virtual host.
# These directives also provide default values for the settings
# of all virtual hosts.
# 3. Settings for virtual hosts, which allow Web requests to be sent to
# different IP addresses or hostnames and have them handled by the
# same Apache server process.
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do not begin
# with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
# with ServerRoot set to "D:\product\10.1.3\OracleAS_1\Apache\Apache" will be interpreted by the
# server as "D:\product\10.1.3\OracleAS_1\Apache\Apache/logs/foo.log".
# NOTE: Where filenames are specified, you must use forward slashes
# instead of backslashes (e.g., "c:/apache" instead of "c:\apache").
# If a drive letter is omitted, the drive on which Apache.exe is located
# will be used by default. It is recommended that you always supply
# an explicit drive letter in absolute paths, however, to avoid
# confusion.
### Section 1: Global Environment
# The directives in this section affect the overall operation of Apache,
# such as the number of concurrent requests it can handle or where it
# can find its configuration files.
# ServerType is either inetd, or standalone. Inetd mode is only supported on
# Unix platforms.
ServerType standalone
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
# Do NOT add a slash at the end of the directory path.
ServerRoot "D:\product\10.1.3\OracleAS_1\Apache\Apache"
# PidFile: The file in which the server should record its process
# identification number when it starts.
PidFile logs/httpd.pid
# ScoreBoardFile: File used to store internal server process information.
# Not all architectures require this. But if yours does (you'll know because
# this file will be created when you run Apache) then you must ensure that
# no two invocations of Apache share the same scoreboard file.
ScoreBoardFile logs/httpd.scoreboard
# In the standard configuration, the server will process httpd.conf (this
# file, specified by the -f command line option), srm.conf, and access.conf
# in that order. The latter two files are now distributed empty, as it is
# recommended that all directives be kept in a single file for simplicity.
# The commented-out values below are the built-in defaults. You can have the
# server ignore these files altogether by using "/dev/null" (for Unix) or
# "nul" (for Win32) for the arguments to the directives.
#ResourceConfig conf/srm.conf
#AccessConfig conf/access.conf
# Timeout: The number of seconds before receives and sends time out.
Timeout 300
# SendBufferSize: controls setsockopt() call made to set send buffer size on
# all sockets. Default OS value on most Windows platforms is too small.
# Larger values can help if the average page size served by OHS is
# large (~64 k)
SendBufferSize 16384
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
KeepAlive On
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
MaxKeepAliveRequests 100
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
KeepAliveTimeout 15
# Apache on Win32 always creates one child process to handle requests. If it
# dies, another child process is created automatically. Within the child
# process multiple threads handle incoming requests. The next two
# directives control the behaviour of the threads and processes.
# MaxRequestsPerChild: the number of requests each child process is
# allowed to process before the child dies. The child will exit so
# as to avoid problems after prolonged use when Apache (and maybe the
# libraries it uses) leak memory or other resources. On most systems, this
# isn't really needed, but a few (such as Solaris) do have notable leaks
# in the libraries. For Win32, set this value to zero (unlimited)
# unless advised otherwise.
# NOTE: This value does not include keepalive requests after the initial
# request per connection. For example, if a child process handles
# an initial request and 10 subsequent "keptalive" requests, it
# would only count as 1 request towards this limit.
MaxRequestsPerChild 0
# Number of concurrent threads (i.e., requests) the server will allow.
# Set this value according to the responsiveness of the server (more
# requests active at once means they're all handled more slowly) and
# the amount of system resources you'll allow the server to consume.
ThreadsPerChild 50
# Server-pool size regulation. Rather than making you guess how many
# server processes you need, Apache dynamically adapts to the load it
# sees --- that is, it tries to maintain enough server processes to
# handle the current load, plus a few spare servers to handle transient
# load spikes (e.g., multiple simultaneous requests from a single
# Netscape browser).
# It does this by periodically checking how many servers are waiting
# for a request. If there are fewer than MinSpareServers, it creates
# a new spare. If there are more than MaxSpareServers, some of the
# spares die off. The default values are probably OK for most sites.
#MinSpareServers 5
#MaxSpareServers 20
# Limit on total number of servers running, i.e., limit on the number
# of clients who can simultaneously connect --- if this limit is ever
# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.
# It is intended mainly as a brake to keep a runaway server from taking
# the system with it as it spirals down...
#MaxClients 150
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, in addition to the default. See also the <VirtualHost>
# directive.
#Listen 3000
#Listen 12.34.56.78:80
# BindAddress: You can support virtual hosts with this option. This directive
# is used to tell the server which IP address to listen to. It can either
# contain "*", an IP address, or a fully qualified Internet domain name.
# See also the <VirtualHost> and Listen directives.
#BindAddress *
# Dynamic Shared Object (DSO) Support
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available before they are used.
# Please read the file README.DSO in the Apache 1.3 distribution for more
# details about the DSO mechanism and run `apache -l' for the list of already
# built-in (statically linked and thus always available) modules in your Apache
# binary.
# Note: The order in which modules are loaded is important. Don't change
# the order below without expert advice.
# Example:
# LoadModule foo_module libexec/mod_foo.dll
LoadModule mime_magic_module modules/ApacheModuleMimeMagic.dll
LoadModule mime_module modules/ApacheModuleMime.dll
LoadModule dbm_auth_module modules/ApacheModuleAuthDBM.dll
LoadModule digest_auth_module modules/ApacheModuleAuthDigest.dll
LoadModule anon_auth_module modules/ApacheModuleAuthAnon.dll
LoadModule cern_meta_module modules/ApacheModuleCERNMeta.dll
LoadModule digest_module modules/ApacheModuleDigest.dll
LoadModule expires_module modules/ApacheModuleExpires.dll
LoadModule headers_module modules/ApacheModuleHeaders.dll
LoadModule proxy_module modules/ApacheModuleProxy.dll
LoadModule speling_module modules/ApacheModuleSpeling.dll
LoadModule status_module modules/ApacheModuleStatus.dll
LoadModule info_module modules/ApacheModuleInfo.dll
LoadModule usertrack_module modules/ApacheModuleUserTrack.dll
LoadModule vhost_alias_module modules/ApacheModuleVhostAlias.dll
LoadModule agent_log_module modules/ApacheModuleLogAgent.dll
LoadModule referer_log_module modules/ApacheModuleLogReferer.dll
LoadModule perl_module modules/ApacheModulePerl.DLL
LoadModule fastcgi_module modules/ApacheModuleFastCGI.dll
LoadModule php4_module modules/ApacheModulePHP4.dll
LoadModule onsint_module modules/ApacheModuleOnsint.dll
LoadModule wchandshake_module modules/ApacheModuleWchandshake.dll
ClearModuleList
AddModule mod_so.c
AddModule mod_onsint.c
AddModule mod_mime_magic.c
AddModule mod_mime.c
AddModule mod_access.c
AddModule mod_auth.c
AddModule mod_negotiation.c
AddModule mod_include.c
AddModule mod_autoindex.c
AddModule mod_dir.c
AddModule mod_cgi.c
#AddModule mod_userdir.c
AddModule mod_alias.c
AddModule mod_env.c
AddModule mod_log_config.c
AddModule mod_asis.c
AddModule mod_imap.c
AddModule mod_actions.c
AddModule mod_setenvif.c
AddModule mod_isapi.c
AddModule mod_vhost_alias.c
AddModule mod_log_referer.c
AddModule mod_log_agent.c
AddModule mod_auth_anon.c
AddModule mod_auth_dbm.c
AddModule mod_auth_digest.c
AddModule mod_cern_meta.c
AddModule mod_digest.c
AddModule mod_expires.c
AddModule mod_headers.c
AddModule mod_proxy.c
AddModule mod_speling.c
AddModule mod_info.c
AddModule mod_status.c
AddModule mod_usertrack.c
AddModule mod_perl.c
AddModule mod_fastcgi.c
AddModule mod_php4.c
AddModule mod_wchandshake.c
<IfDefine SSL>
LoadModule ossl_module modules/ApacheModuleOSSL.DLL
</IfDefine>
# ExtendedStatus controls whether Apache will generate "full" status
# information (ExtendedStatus On) or just basic information (ExtendedStatus
# Off) when the "server-status" handler is called. The default is Off.
ExtendedStatus On
### Section 2: 'Main' server configuration
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
# Port: The port to which the standalone server listens. Certain firewall
# products must be configured before Apache can listen to a specific port.
# Other running httpd servers will also interfere with this port. Disable
# all firewall, security, and other services if you encounter problems.
# To help diagnose problems use the Windows NT command NETSTAT -a
Port 7777
Listen 7777
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents.
ServerAdmin [email protected]
# ServerName allows you to set a host name which is sent back to clients for
# your server if it's different than the one the program would get (i.e., use
# "www" instead of the host's real name).
# Note: You cannot just invent host names and hope they work. The name you
# define here must be a valid DNS name for your host. If you don't understand
# this, ask your network administrator.
# If your host doesn't have a registered DNS name, enter its IP address here.
# You will have to access it by its address (e.g., http://123.45.67.89/)
# anyway, and this will make redirections work in a sensible way.
# 127.0.0.1 is the TCP/IP local loop-back address, often named localhost. Your
# machine always knows itself by this address. If you use Apache strictly for
# local testing and development, you may use 127.0.0.1 as the server name.
ServerName IFLMUD5DLHY4G.i-flex.com
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
DocumentRoot "D:\product\10.1.3\OracleAS_1\Apache\Apache\htdocs"
# Each directory to which Apache has access, can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
# First, we configure the "default" to be a very restrictive set of
# permissions.
<Directory />
Options FollowSymLinks MultiViews
AllowOverride None
</Directory>
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
# This should be changed to whatever you set DocumentRoot to.
<Directory "D:\product\10.1.3\OracleAS_1\Apache\Apache\htdocs">
# This may also be "None", "All", or any combination of "Indexes",
# "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews".
# Note that "MultiViews" must be named explicitly --- "Options All"
# doesn't give it to you.
Options FollowSymLinks MultiViews
# This controls which options the .htaccess files in directories can
# override. Can also be "All", or any combination of "Options", "FileInfo",
# "AuthConfig", and "Limit"
AllowOverride None
# Controls who can get stuff from this server.
Order allow,deny
Allow from all
</Directory>
# UserDir: The name of the directory which is appended onto a user's home
# directory if a ~user request is received.
# Under Win32, we do not currently try to determine the home directory of
# a Windows login, so a format such as that below needs to be used. See
# the UserDir documentation for details.
<IfModule mod_userdir.c>
UserDir "D:\product\10.1.3\OracleAS_1\Apache\Apache\users\"
</IfModule>
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#<Directory /home/*/public_html>
# AllowOverride FileInfo AuthConfig Limit
# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
# <Limit GET POST OPTIONS PROPFIND>
# Order allow,deny
# Allow from all
# </Limit>
# <LimitExcept GET POST OPTIONS PROPFIND>
# Order deny,allow
# Deny from all
# </LimitExcept>
#</Directory>
# DirectoryIndex: Name of the file or files to use as a pre-written HTML
# directory index. Separate multiple entries with spaces.
<IfModule mod_dir.c>
DirectoryIndex index.html
</IfModule>
# AccessFileName: The name of the file to look for in each directory
# for access control information.
AccessFileName .htaccess
# The following lines prevent .htaccess files from being viewed by
# Web clients. Since .htaccess files often contain authorization
# information, access is disallowed for security reasons. Comment
# these lines out if you want Web visitors to see the contents of
# .htaccess files. If you change the AccessFileName directive above,
# be sure to make the corresponding changes here.
# Also, folks tend to use names such as .htpasswd for password
# files, so this will protect those as well.
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
# CacheNegotiatedDocs: By default, Apache sends "Pragma: no-cache" with each
# document that was negotiated on the basis of content. This asks proxy
# servers not to cache the document. Uncommenting the following line disables
# this behavior, and proxies will be allowed to cache the documents.
#CacheNegotiatedDocs
# UseCanonicalName: (new for 1.3) With this setting turned on, whenever
# Apache needs to construct a self-referencing URL (a URL that refers back
# to the server the response is coming from) it will use ServerName and
# Port to form a "canonical" name. With this setting off, Apache will
# use the hostname:port that the client supplied, when possible. This
# also affects SERVER_NAME and SERVER_PORT in CGI scripts.
UseCanonicalName On
# TypesConfig describes where the mime.types file (or equivalent) is
# to be found.
<IfModule mod_mime.c>
TypesConfig conf/mime.types
</IfModule>
# DefaultType is the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value. If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
DefaultType text/plain
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
# mod_mime_magic is not part of the default server (you have to add
# it yourself with a LoadModule [see the DSO paragraph in the 'Global
# Environment' section], or recompile the server and include mod_mime_magic
# as part of the configuration), so it's enclosed in an <IfModule> container.
# This means that the MIMEMagicFile directive will only be processed if the
# module is part of the server.
<IfModule mod_mime_magic.c>
MIMEMagicFile conf/magic
</IfModule>
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
HostnameLookups Off
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you do define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
ErrorLog "|D:\product\10.1.3\OracleAS_1\Apache\Apache\bin\rotatelogs logs/error_log 43200"
# LogLevel: Control the number of messages logged to the error.log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
# Alternate "common" format to use when fronted by webcache:
# LogFormat "%{ClientIP}i %l %u %t \"%r\" %>s %b %h" common_webcache
# When webcache is forwarding requests to OHS, %h becomes the IP of
# the originating webcache server and the real client IP is stored
# in the ClientIP header. The common_webcache format can be used
# in place of the common format when using webcache but with one
# important caveat: if clients are capable of bypassing webcache
# then it is possible to spoof the client IP by manually setting
# the ClientIP header so the %h field should be monitored in such
# an environment. Another alternative to specifying the ClientIP
# header directly in a LogFormat is to use the "UseWebCacheIp"
# directive:
# UseWebCacheIp On
# When this is specified, %h is derived internally from the ClientIP
# header and the access log format does not need to be modified.
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you do
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and not in this file.
CustomLog "|D:\product\10.1.3\OracleAS_1\Apache\Apache\bin\rotatelogs logs/access_log 43200" common
# If you would like to have agent and referer logfiles, uncomment the
# following directives.
#CustomLog logs/referer.log referer
#CustomLog logs/agent.log agent
# If you prefer a single logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#CustomLog logs/access.log combined
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (error documents, FTP directory listings,
# mod_status and mod_info output etc., but not CGI generated documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
ServerSignature On
# Apache parses all CGI scripts for the shebang line by default.
# This comment line, the first line of the script, consists of the symbols
# pound (#) and exclamation (!) followed by the path of the program that
# can execute this specific script. For a perl script, with perl.exe in
# the C:\Program Files\Perl directory, the shebang line should be:
#!c:/program files/perl/perl
# Note you mustnot_ indent the actual shebang line, and it must be the
# first line of the file. Of course, CGI processing must be enabled by
# the appropriate ScriptAlias or Options ExecCGI directives for the files
# or directory in question.
# However, Apache on Windows allows either the Unix behavior above, or can
# use the Registry to match files by extention. The command to execute
# a file of this type is retrieved from the registry by the same method as
# the Windows Explorer would use to handle double-clicking on a file.
# These script actions can be configured from the Windows Explorer View menu,
# 'Folder Options', and reviewing the 'File Types' tab. Clicking the Edit
# button allows you to modify the Actions, of which Apache 1.3 attempts to
# perform the 'Open' Action, and failing that it will try the shebang line.
# This behavior is subject to change in Apache release 2.0.
# Each mechanism has it's own specific security weaknesses, from the means
# to run a program you didn't intend the website owner to invoke, and the
# best method is a matter of great debate.
# To enable the this Windows specific behavior (and therefore -disable- the
# equivilant Unix behavior), uncomment the following directive:
#ScriptInterpreterSource registry
# The directive above can be placed in individual <Directory> blocks or the
# .htaccess file, with either the 'registry' (Windows behavior) or 'script'
# (Unix behavior) option, and will override this server default option.
# Aliases: Add here as many aliases as you need (with no limit). The format is
# Alias fakename realname
<IfModule mod_alias.c>
# Note that if you include a trailing / on fakename then the server will
# require it to be present in the URL. So "/icons" isn't aliased in this
# example, only "/icons/"..
Alias /icons/ "D:\product\10.1.3\OracleAS_1\Apache\Apache\icons/"
Alias /javacachedocs/ "D:\product\10.1.3\OracleAS_1\javacache\javadoc/"
<IfModule mod_perl.c>
Alias /perl/ "D:\product\10.1.3\OracleAS_1\Apache\Apache/cgi-bin/"
</IfModule>
<Directory "icons">
Options MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the realname directory are treated as applications and
# run by the server when requested rather than as documents sent to the client.
# The same rules about trailing "/" apply to ScriptAlias directives as to
# Alias.
ScriptAlias /cgi-bin/ "D:\product\10.1.3\OracleAS_1\Apache\Apache\cgi-bin/"
# "D:\product\10.1.3\OracleAS_1\Apache\Apache/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
<Directory "D:\product\10.1.3\OracleAS_1\Apache\Apache\cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
</IfModule>
# End of aliases.
# Redirect allows you to tell clients about documents which used to exist in
# your server's namespace, but do not anymore. This allows you to tell the
# clients where to look for the relocated document.
# Format: Redirect old-URI new-URL
# Directives controlling the display of server-generated directory listings.
<IfModule mod_autoindex.c>
# FancyIndexing is whether you want fancy directory indexing or standard
# Note, add the option TrackModified to the IndexOptions default list only
# if all indexed directories reside on NTFS volumes. The TrackModified flag
# will report the Last-Modified date to assist caches and proxies to properly
# track directory changes, but it does not work on FAT volumes.
IndexOptions FancyIndexing
# AddIcon* directives tell the server which icon to show for different
# files or filename extensions. These are only displayed for
# FancyIndexed directories.
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
# DefaultIcon is which icon to show for files which do not have an icon
# explicitly set.
DefaultIcon /icons/unknown.gif
# AddDescription allows you to place a short description after a file in
# server-generated indexes. These are only displayed for FancyIndexed
# directories.
# Format: AddDescription "description" filename
#AddDescription "GZIP compressed document" .gz
#AddDescription "tar archive" .tar
#AddDescription "GZIP compressed tar archive" .tgz
# ReadmeName is the name of the README file the server will look for by
# default, and append to directory listings.
# HeaderName is the name of a file which should be prepended to
# directory indexes.
# If MultiViews are amongst the Options in effect, the server will
# first look for name.html and include it if found. If name.html
# doesn't exist, the server will then look for name.txt and include
# it as plaintext if found.
ReadmeName README
HeaderName HEADER
# IndexIgnore is a set of filenames which directory indexing should ignore
# and not include in the listing. Shell-style wildcarding is permitted.
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
</IfModule>
# End of indexing directives.
# Document types.
<IfModule mod_mime.c>
# AddEncoding allows you to have certain browsers (Mosaic/X 2.1+) uncompress
# information on the fly. Note: Not all browsers support this.
# Despite the name similarity, the following Add* directives have nothing
# to do with the FancyIndexing customization directives above.
AddEncoding x-compress Z
AddEncoding x-gzip gz tgz
# AddLanguage allows you to specify the language of a document. You can
# then use content negotiation to give a browser a file in a language
# it can understand.
# Note 1: The suffix does not have to be the same as the language
# keyword --- those with documents in Polish (whose net-standard
# language code is pl) may wish to use "AddLanguage pl .po" to
# avoid the ambiguity with the common suffix for perl scripts.
# Note 2: The example entries below illustrate that in quite
# some cases the two character 'Language' abbriviation is not
# identical to the two character 'Country' code for its country,
# E.g. 'Danmark/dk' versus 'Danish/da'.
# Note 3: In the case of 'ltz' we violate the RFC by using a three char
# specifier. But there is 'work in progress' to fix this and get
# the reference data for rfc1766 cleaned up.
# Danish (da) - Dutch (nl) - English (en) - Estonian (ee)
# French (fr) - German (de) - Greek-Modern (el)
# Italian (it) - Korean (kr) - Norwegian (no)
# Portugese (pt) - Luxembourgeois* (ltz)
# Spanish (es) - Swedish (sv) - Catalan (ca) - Czech(cz)
# Polish (pl) - Brazilian Portuguese (pt-br) - Japanese (ja)
# Russian (ru)
AddLanguage ar .ar
AddLanguage da .dk .da
AddLanguage nl .nl
AddLanguage en .en
AddLanguage et .ee
AddLanguage fi .fi
AddLanguage fr .fr
AddLanguage de .de
AddLanguage el .el
AddLanguage es .es_ES .es
AddLanguage he .he .iw
AddLanguage hu .hu
AddCharset ISO-8859-8 .iso8859-8
AddLanguage it .it
AddLanguage ja .ja
AddCharset ISO-2022-JP .jis
AddLanguage ko .ko
AddLanguage kr .kr
AddCharset ISO-2022-KR .iso-kr
AddLanguage nn .nn
AddLanguage no .no
AddLanguage pl .po
AddCharset ISO-8859-2 .iso-pl
AddLanguage pt .pt
AddLanguage pt-br .pt_BR .pt-br
AddLanguage ltz .lu
AddLanguage ca .ca
AddLanguage sk .sk
AddLanguage sv .sv
AddLanguage th .th
AddLanguage tr .tr
AddLanguage cz .cz .cs
AddLanguage ro .ro
AddLanguage ru .ru
AddLanguage zh-cn .zh_CN
AddLanguage zh-tw .zh_TW
AddCharset Big5 .Big5 .big5
AddCharset WINDOWS-1251 .cp-1251
AddCharset CP866 .cp866
AddCharset ISO-8859-5 .iso-ru
AddCharset KOI8-R .koi8-r
AddCharset UCS-2 .ucs2
AddCharset UCS-4 .ucs4
AddCharset UTF-8 .utf8
# LanguagePriority allows you to give precedence to some languages
# in case of a tie during content negotiation.
# Just list the languages in decreasing order of preference. We have
# more or less alphabetized them here. You probably want to change this.
<IfModule mod_negotiation.c>
LanguagePriority ar en da nl et fi fr de el it ja ko kr no pl pt pt-br ro ru ltz ca es sk sv th tr zh-cn zh-tw zh-cn
</IfModule>
# AddType allows you to tweak mime.types without actually editing it, or to
# make certain files to be certain types.
# For example, the PHP 3.x module (not part of the Apache distribution - see
# http://www.php.net) will typically use:
#AddType application/x-httpd-php3 .php3
#AddType application/x-httpd-php3-source .phps
# And for PHP 4.x, use:
AddType application/x-httpd-php .php .phtml
AddType application/x-httpd-php-source .phps
AddType application/x-tar .tgz
# AddHandler allows you to map certain file extensions to "handlers",
# actions unrelated to filetype. These can be either built into the server
# or added with the Action command (see below)
# If you want to use server side includes, or CGI outside
# ScriptAliased directories, uncomment the following lines.
# To use CGI scripts:
#AddHandler cgi-script .cgi
# To use server-parsed HTML files
#AddType text/html .shtml
#AddHandler server-parsed .shtml
# Uncomment the following line to enable Apache's send-asis HTTP file
# feature
#AddHandler send-as-is asis
# If you wish to use server-parsed imagemap files, use
#AddHandler imap-file map
# To enable type maps, you might want to use
#AddHandler type-map var
</IfModule>
# End of document types.
# Action lets you define media types that will execute a script whenever
# a matching file is called. This eliminates the need for repeated URL
# pathnames for oft-used CGI file processors.
# Format: Action media/type /cgi-script/location
# Format: Action handler-name /cgi-script/location
# MetaDir: specifies the name of the directory in which Apache can find
# meta information files. These files contain additional HTTP headers
# to include when sending the document
#MetaDir .web
# MetaSuffix: specifies the file name suffix for the file containing the
# meta information.
#MetaSuffix .meta
# Customizable error response (Apache style)
# these come in three flavors
# 1) plain text
#ErrorDocument 500 "The server made a boo boo.
# n.b. the single leading (") marks it as text, it does not get output
# 2) local redirects
#ErrorDocument 404 /missing.html
# to redirect to local URL /missing.html
#ErrorDocument 404 /cgi-bin/missing_handler.pl
# N.B.: You can redirect to a script or a document using server-side-includes.
# 3) external redirects
#ErrorDocument 402 http://some.other_server.com/subscription_info.html
# N.B.: Many of the environment variables associated with the original
# request will not be available to such a script.
# Customize behaviour based on the browser
<IfModule mod_setenvif.c>
# The following directives modify normal HTTP response behavior.
# The first directive disables keepalive for Netscape 2.x and browsers that
# spoof it. There are known problems with these browser implementations.
# The second directive is for Microsoft Internet Explorer 4.0b2
# which has a broken HTTP/1.1 implementation and does not properly
# support keepalive when it is used on 301 or 302 (redirect) responses.
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
# The following directive disables HTTP/1.1 responses to browsers which
# are in violation of the HTTP/1.0 spec by not being able to grok a
# basic 1.1 response.
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
</IfModule>
# End of browser customization directives
# Allow server status reports, with the URL of http://servername/server-status
# Change the ".your_domain.com" to match your domain to enable.
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from localhost IFLMUD5DLHY4G.i-flex.com IFLMUD5DLHY4G
</Location>
# Allow remote server configuration reports, with the URL of
# http://servername/server-info (requires that mod_info.c be loaded).
# Change the ".your_domain.com" to match your domain to enable.
#<Location /server-info>
# SetHandler server-info
# Order deny,allow
# Deny from all
# Allow from .your_domain.com
#</Location>
# There have been reports of people trying to abuse an old bug from pre-1.1
# days. This bug involved a CGI script distributed as a part of Apache.
# By uncommenting these lines you can redirect these attacks to a logging
# script on phf.apache.org. Or, you can record them yourself, using the script
# support/phf_abuse_log.cgi.
#<Location /cgi-bin/phf*>
# Deny from all
# ErrorDocument 403 http://phf.apache.org/phf_abuse_log.cgi
#</Location>
# Proxy Server directives. Uncomment the following lines to
# enable the proxy server:
#<IfModule mod_proxy.c>
# ProxyRequests On
# <Directory proxy:*>
# Order deny,allow
# Deny from all
# Allow from .your_domain.com
# </Directory>
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
# ProxyVia On
# To enable the cache as well, edit and uncomment the following lines:
# (no cacheing without CacheRoot)
# CacheRoot "D:\product\10.1.3\OracleAS_1\Apache\Apache\proxy"
# CacheSize 5
# CacheGcInterval 4
# CacheMaxExpire 24
# CacheLastModifiedFactor 0.1
# CacheDefaultExpire 1
# NoCache a_domain.com another_domain.edu joes.garage_sale.com
#</IfModule>
# End of proxy directives.
### Section 3: Virtual Hosts
# VirtualHost: If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
# Please see the documentation at <URL:http://www.apache.org/docs/vhosts/>
# for further details before you try to setup virtual hosts.
# You may use the command line option '-S' to verify your virtual host
# configuration.
# Use name-based virtual hosting.
#NameVirtualHost *
#NameVirtualHost 12.34.56.78:80
#NameVirtualHost 12.34.56.78
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.
#<VirtualHost *>
# ServerAdmin [email protected]
# DocumentRoot /www/docs/dummy-host.example.com
# ServerName dummy-host.example.com
# ErrorLog logs/dummy-host.example.com-error_log
# CustomLog logs/dummy-host.example.com-access_log common
#</VirtualHost>
#<VirtualHost default:*>
#</VirtualHost>
# Required for cgi perl scripts that are run from /cgi-bin/.
SetEnv PERL5LIB "D:\product\10.1.3\OracleAS_1\perl\5.8.3\lib;D:\product\10.1.3\OracleAS_1\perl\site\5.8.3\lib"
<IfModule mod_perl.c>
# Perl Directives
# PerlWarn On
# PerlFreshRestart On
# PerlSetEnv PERL5OPT Tw
# PerlSetEnv PERL5LIB "D:\product\10.1.3\OracleAS_1\perl\5.8.3\lib;D:\product\10.1.3\OracleAS_1\perl\site\5.8.3\lib"
PerlModule Apache
# PerlModule Apache::Status
PerlModule Apache::Registry
# PerlModule Apache::CGI
# PerlModule Apache::DBI
# PerlRequire
<Location /perl>
SetHandler perl-script
PerlHandler Apache::Registry
AddHandler perl-script .pl
Options +ExecCGI
PerlSendHeader On
</Location>
# <Location /perl-status>
# SetHandler perl-script
# PerlHandler Apache::Status
# order deny,allow
# deny from all
# allow from localhost
# </Location>
</IfModule>
#Protect WEB-INF directory
<DirectoryMatch /WEB-INF/>
Order deny,allow
Deny from all
</DirectoryMatch>
# Setup of FastCGI module
<IfModule mod_fastcgi.c>
Alias /fastcgi/ "D:\product\10.1.3\OracleAS_1\Apache\Apache\fastcgi/"
ScriptAlias /fcgi-bin/ "D:\product\10.1.3\OracleAS_1\Apache\Apache\fcgi-bin/"
<Directory "D:\product\10.1.3\OracleAS_1\Apache\Apache\fcgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
SetHandler fastcgi-script
<IfModule mod_ossl.c>
SSLOptions +StdEnvVars
</IfModule>
</Directory>
</IfModule>
# Include the mod_oc4j configuration file
include "D:\product\10.1.3\OracleAS_1\Apache\Apache\conf\mod_oc4j.conf"
# Include the mod_dms configuration file
include "D:\product\10.1.3\OracleAS_1\Apache\Apache\conf\dms.conf"
# Loading rewrite_module here so it loads before mod_oc4j
LoadModule rewrite_module modules/ApacheModuleRewrite.dll
# Include the SSL definitions and Virtual Host container
include "D:\product\10.1.3\OracleAS_1\Apache\Apache\conf\ssl.conf"
# Include the mod_osso configuration file
#include "D:\product\10.1.3\OracleAS_1\Apache\Apache\conf\mod_osso.conf"
# Include the Oracle configuration file for custom settings
include "D:\product\10.1.3\OracleAS_1\Apache\Apache\conf\oracle_apache.conf"
my ssl.conf is as follows:
<IfDefine SSL>
## SSL Global Context
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog builtin
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First either `none'
# or `dbm:/path/to/file' for the mechanism to use and
# second the expiring timeout (in seconds).
#SSLSessionCache none
#SSLSessionCache dbm:logs\ssl_scache
#SSLSessionCache shmht:logs\ssl_scache(512000)
SSLSessionCache shmcb:logs\ssl_scache(512000)
# SessionCache Timeout:
# This directive sets the timeout in seconds for the information stored
# in the global/inter-process SSL Session Cache. It can be set as low as
# 15 for testing, but should be set to higher values like 300 in real life.
SSLSessionCacheTimeout 300
# Semaphore:
# Configure the path to the mutual explusion semaphore the
# SSL engine uses internally for inter-process synchronization.
SSLMutex sem
# Logging:
# The home of the dedicated SSL protocol logfile. Errors are
# additionally duplicated in the general error log file. Put
# this somewhere where it cannot be used for symlink attacks on
# a real server (i.e. somewhere where only root can write).
# Log levels are (ascending order: higher ones include lower ones):
# none, error, warn, info, trace, debug.
SSLLog logs\ssl_engine_log
SSLLogLevel warn
## SSL Virtual Host Context
# NOTE: this value should match the SSL Listen directive set previously in this
# file otherwise your virtual host will not respond to SSL requests.
# Some MIME-types for downloading Certificates and CRLs
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
## SSL Support
## When we also provide SSL we have to listen to the
## standard HTTP port (see above) and to the HTTPS port
# NOTE: if virtual hosts are used and you change a port value below
# from the original value, be sure to update the default port used
# for your virtual hosts as well.
Listen 443
<VirtualHost IFLMUD5DLHY4G.i-flex.com:443>
# General setup for the virtual host
DocumentRoot "D:\product\10.1.3\OracleAS_1\Apache\Apache\htdocs"
ServerName IFLMUD5DLHY4G.i-flex.com
#ServerAdmin [email protected]
ErrorLog "|D:\product\10.1.3\OracleAS_1\Apache\Apache\bin\rotatelogs logs/error_log 43200"
TransferLog "|D:\product\10.1.3\OracleAS_1\Apache\Apache\bin\rotatelogs logs/access_log 43200"
Port 443
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
SSLCipherSuite ALL:!ADH:!EXPORT56:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
# Server Wallet:
# The server wallet contains the server's certificate, private key
# and trusted certificates. Set SSLWallet at the wallet directory
# using the syntax: file:<path-to-wallet-directory>
SSLWallet D:\product\10.1.3\OracleAS_1\Apache\Apache\conf\ssl.wlt\default\ewallet.p12
#SSLWalletPassword iflex2007
# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded)
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCARevocationPath conf\ssl.crl
#SSLCARevocationFile conf\ssl.crl\ca-bundle.crl
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional and require
SSLVerifyClient optional
# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o CompatEnvVars:
# This exports obsolete environment variables for backward compatibility
# to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. Use this
# to provide compatibility to existing CGI scripts.
# o StrictRequire:
# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
# under a "Satisfy any" situation, i.e. when it applies access is denied
# and no other module can change it.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions FakeBasicAuth ExportCertData CompatEnvVars StrictRequire
<Files ~ "\.(cgi|shtml)$">
SSLOptions +StdEnvVars
</Files>
<Directory "D:\product\10.1.3\OracleAS_1\Apache\Apache\cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent "MSIE" nokeepalive ssl-unclean-shutdown
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog "|D:\product\10.1.3\OracleAS_1\Apache\Apache\bin\rotatelogs logs/ssl_request_log 43200" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
</IfDefine>
Please help me rectifying this error.
Thanks a lot in advance.Hi,
Found a note explaining the significance of these errors.
It says:
"NZE-28862: SSL connection failed
Cause: This error occurred because the peer closed the connection.
Action: Enable Oracle Net tracing on both sides and examine the trace output. Contact Oracle Customer support with the trace output."
For further details you may refer the Note: 244527.1 - Explanation of "SSL call to NZ function nzos_Handshake failed" error codes
Thanks & Regards,
Sindhiya V. -
ASA5520 AnyConnect SSL VPN Connected but unable to ping my inside LAN
Hi there, please forgive if I have missed any forum protocols as this is my first post.
I am trying to configure Anyconnect SSL VPN. I am able to connect to the VPN on a laptop, witch is able to download the anyconnect client from the ASA. I am unable to ping any of my IP's that are on the inside of my ASA. Before posting here I have spent many hours on forums and watching videos on anyconnect SSL VPN creation and I am following it to the T but still no ping. Any help would be very much appreciated.
Inside 192.168.1.254/24
Outside dhcp
VPN Pool 192.168.250.1-50/24
Inside LAN 192.168.1.0/24
: Saved
ASA Version 8.4(4)1
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address dhcp setroute
interface GigabitEthernet0/1
nameif inside
security-level 99
ip address 192.168.1.254 255.255.255.0
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 99
ip address 192.168.100.1 255.255.255.0
ftp mode passive
dns server-group DefaultDNS
domain-name dock.local
same-security-traffic permit inter-interface
object network inside-network-object
subnet 192.168.1.0 255.255.255.0
object network management-network-object
subnet 192.168.100.0 255.255.255.0
object network NETWORK_OBJ_192.168.250.0_25
subnet 192.168.250.0 255.255.255.128
object-group network AllInside-networks
network-object object inside-network-object
network-object object management-network-object
access-list inside_access_in extended permit ip any any
access-list outside_access_in extended permit icmp any any echo-reply
access-list split_tunnel standard permit 192.168.1.0 255.255.255.0
access-list split_tunnel standard permit 192.168.100.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool vpn_pool 192.168.250.1-192.168.250.100 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-647.bin
no asdm history enable
arp timeout 14400
nat (inside,outside) source dynamic AllInside-networks interface
nat (inside,any) source static any any destination static NETWORK_OBJ_192.168.250.0_25 NETWORK_OBJ_192.168.250.0_25 no-proxy-arp route-lookup
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable 4433
http 192.168.100.0 255.255.255.0 management
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh 192.168.100.0 255.255.255.0 management
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-3.1.03103-k9.pkg 1
anyconnect enable
tunnel-group-list enable
group-policy GroupPolicy_anyconnect internal
group-policy GroupPolicy_anyconnect attributes
wins-server none
dns-server value 8.8.8.8
vpn-tunnel-protocol ssl-client ssl-clientless
split-tunnel-policy tunnelall
split-tunnel-network-list value split_tunnel
default-domain value dock.local
username test password JAasdf434ey521ZCT encrypted privilege 15
tunnel-group anyconnect type remote-access
tunnel-group anyconnect general-attributes
address-pool vpn_pool
default-group-policy GroupPolicy_anyconnect
tunnel-group anyconnect webvpn-attributes
group-alias anyconnect enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http
https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email
[email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:24bcba3c4124ab371297d52260135924
: end :: Saved
ASA Version 8.4(4)1
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address dhcp setroute
interface GigabitEthernet0/1
nameif inside
security-level 99
ip address 192.168.1.254 255.255.255.0
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 99
ip address 192.168.100.1 255.255.255.0
ftp mode passive
dns server-group DefaultDNS
domain-name dock.local
same-security-traffic permit inter-interface
object network inside-network-object
subnet 192.168.1.0 255.255.255.0
object network management-network-object
subnet 192.168.100.0 255.255.255.0
object network NETWORK_OBJ_192.168.250.0_25
subnet 192.168.250.0 255.255.255.0
object-group network AllInside-networks
network-object object inside-network-object
network-object object management-network-object
access-list inside_access_in extended permit ip any any
access-list outside_access_in extended permit icmp any any echo-reply
access-list split_tunnel standard permit 192.168.1.0 255.255.255.0
access-list split_tunnel standard permit 192.168.100.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool Anyconnect-pool 192.168.250.1-192.168.250.100 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-647.bin
no asdm history enable
arp timeout 14400
nat (inside,outside) source dynamic AllInside-networks interface
nat (inside,outside) source static inside-network-object inside-network-object destination static NETWORK_OBJ_192.168.250.0_25 NETWORK_OBJ_192.168.250.0_25
nat (inside,outside) source static management-network-object management-network-object destination static NETWORK_OBJ_192.168.250.0_25 NETWORK_OBJ_192.168.250.0_25
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 192.168.100.2 255.255.255.255 management
http 192.168.100.0 255.255.255.0 management
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh 192.168.100.0 255.255.255.0 management
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
management-access inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-3.1.03103-k9.pkg 1
anyconnect enable
tunnel-group-list enable
group-policy GroupPolicy_Anyconnect_VPN internal
group-policy GroupPolicy_Anyconnect_VPN attributes
wins-server none
dns-server value 8.8.8.8
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelall
split-tunnel-network-list value split_tunnel
default-domain value dock.local
username sander password f/J.5nLef/EqyPfy encrypted
username aveha password JA8X3IiqPvFFsZCT encrypted privilege 15
tunnel-group Anyconnect_VPN type remote-access
tunnel-group Anyconnect_VPN general-attributes
address-pool Anyconnect-pool
default-group-policy GroupPolicy_Anyconnect_VPN
tunnel-group Anyconnect_VPN webvpn-attributes
group-alias Anyconnect_VPN enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http
https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email
[email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:4636fa566ffc11b0f7858b760d974dee
: end: -
Java Web Start Error in through codebase url with SSL
I have created one Java web-start plugin application in swing which is launched from PHP site at browser plugin.
All things were working fine, but when we implemented SSL in our site it stopped working. And when we try to start the application from browser it thorws error like:
Unable to launch Application.
In Java console it puts following log:
JNLP Ref (...): NULL !
#### Java Web Start Error:
#### null
Following is my JNLP file:
<jnlp spec="1.0+" codebase="https://<<server_domain>>/MyPlugin/">
<information>
<title>Test Plugin</title>
<vendor>The Java(tm) Tutorial</vendor>
<homepage href="null"/>
<description>Test Plugin</description>
<description kind="short">Test Plugin</description>
<offline-allowed/>
</information>
<security>
<all-permissions/>
</security>
<update check="timeout" policy="always"/>
<resources>
<java version="1.7+"/>
<jar href="http://<<server_domain>>/MyPluginJar.jar" download="eager" main="false"/>
</resources>
<application-desc>
<argument>test</argument>
<argument>test</argument>
<argument>test</argument>
<argument>test</argument>
<argument>test</argument>
</application-desc>
</jnlp>
The issue started only after implementation of SSL in our site. Please provide any solution for this. Many thanks in advance.
P.S. My Jar file is signed by third party authorized certificate.Have you tried using Rosetta?
-
How do you clear an SSL State in a Firefox version 20 web browser?
When browsing PKI-enabled websites, the session will timeout so ofter. To re-enable your session in Internet Explorer your Clear SSL state by going to Tools>Internet Options>Content(tab)>Clear SSL State. When this option is used, I use my Common Access Card to re-access the site.
It used to be you could do "tools | start private browsing" then stop it and reload the page and Firefox would clear the SSL state.
In version 21 and above this appears to be missing? Is there any way to do this?You are using a''' Very''' old version of Firefox.
Can you go to '''Mozilla.org''' to update the program?
Maybe you are looking for
-
I have an account with the iTunes store but can no longer access the store because I get a message in iTunes store window telling me to update to an iTunes version that will only run on Mac OS 10.5. I am on Mac OSX 10.4.1 and do not plan on upgradin
-
Why my work doesn't work? i cant' understnd....
hi guys i've made a software that is a protocol to comunicate between pc and a bord with automotive cpu by datasocket it constains 2 modules called "shm" (sharm) & "cmt" (comunicator). Shm is the user side while cmt is serial port side and this talks
-
Best Practise for connecting to Ethernet based device
Hi, I have inherited a system where we have a cDAQ-9181 controlling an vehicle access barrier, with a LabView application on a PC talking to it via Ethernet. (The application is very simple - press a button > send a value to the 9181 unit > opens th
-
WHATS THE FLOW OF MATERIAL MANAGMENT IF YOU MAKE A PURACHASE ORDER ?
WHATS THE FLOW OF MATERIAL MANAGMENT IF YOU MAKE A PURACHASE ORDER ? PLEASE EXPLAIN IN DETAIL. BEST REGARDS, RYAN
-
Itunes won't display on my iphone 4s, can anyone help?
Can anyone help with this?