Virtual Hosts & SSL

Similar Messages

• NEED TO REFERENCE 2 DIFFERENT SSL CERTIFICATES  BASED ON VIRTUAL HOST NAMES

  Hi,
  If you have a managed server in a cluster that has two virtual hosts running
  on it how can you intsall the ssl certificates for both virtual hosts, in
  the admin console.
  any help would be great!

  I think that you can only have one server certificate per server currently
  since the certificate establishes the server's identity and there isn't
  support for a server to have two identities at the same time.
  "RAGUTAM BOMMAREDDY" <[email protected]> wrote in message
  news:[email protected]..
  Hello,
  Can I reference 2 different SSL certificates in the same
  weblogic.properties
  file?
  Reason is we have 2 groups of users for a web application: one will use
  a
  French-language DNS to access
  the application, and the other will use English DNS. Both DNS will point
  to
  the same application on the same
  server.
  Example of what we require:
  weblogic.security.certificate.server=mycert1.pem
  weblogic.security.key.server=mykey1.der
  weblogic.security.certificate.authority=rootCertificate1.pem
  ----and---
  weblogic.security.certificate.server=mycert2.der
  weblogic.security.key.server=mykey2.der
  weblogic.security.certificate.authority=rootCertificate2.pem
  mycert1 will correspond to DNS1, and mcert2 will correspond to DNS2, and
  both
  DNS1 and DNS2 point to the same application on the same box.
  Thanks,
  Ragu

• SSL with virtual hosting in Weblogic Server 5.1(WLS5.1)

  Hello,
  I am tasked with implementing a virtual hosting situation that must
  use SSL. It goes like this: https://www.aaa.com, https://www.bbb.com
  and https://www.ccc.com all having separate IPs. These URLs must
  forward the request to the same WebLogic Server instance. The problem
  is each URL must have its own certificate while WLS 5.1 only uses one
  certificate per instance.
  I was thinking about using a proxy server such that all three Web
  servers that would host the URLs would be sent to a proxy server which
  would redirect to the WLS 5.1 instance.
  My questions are, would this be feasible using WLS 5.1 as the Web
  Server and again WLS as the App Server? How secure is this
  arrangement? Is it preferable to use another vendor's software as the
  WebServer(IPlanet, Apache)

  Hi Andy,
  I think a good approach for you would be to use a proxy server --
  browser -> proxy that supports virtual hosting -> WebLogic
  Use a proxy which supports virtual hosting, and which can have a separate
  certificate bound to each virtual host.
  That way you can do SSL between the browser and the proxy, and you can
  have the proxy do cleartext to WebLogic.
  This situation gets around WebLogic's limitation of allowing only one
  certificate per instance of the server.
  You could also use 5.1 as the proxy in the following manner:
  Run 3 instances of Weblogic, each as a proxy server, each bound to a
  different IP address and DNS name, having its own certificate --
  one instance for aaa.com, another for bbb.com, and a third for ccc.com
  Then have each of these three instances of WebLogic proxy to your "app
  server" instance of WebLogic on the backend.
  Hope this makes sense.
  Joe Jerry
  Andy Walker wrote:
  Hello,
  I am tasked with implementing a virtual hosting situation that must
  use SSL. It goes like this: https://www.aaa.com, https://www.bbb.com
  and https://www.ccc.com all having separate IPs. These URLs must
  forward the request to the same WebLogic Server instance. The problem
  is each URL must have its own certificate while WLS 5.1 only uses one
  certificate per instance.
  I was thinking about using a proxy server such that all three Web
  servers that would host the URLs would be sent to a proxy server which
  would redirect to the WLS 5.1 instance.
  My questions are, would this be feasible using WLS 5.1 as the Web
  Server and again WLS as the App Server? How secure is this
  arrangement? Is it preferable to use another vendor's software as the
  WebServer(IPlanet, Apache)

• SSL virtual host with external hardware accelerator/LBR

  Hi all,
  We have an existing non-ssl site configured - http://abc.company1.com
  We wish to add a new https site - https://xyz.company2.com - and terminate SSL at our hardware load balancer. But obviously keep our existing http site available.
  However, we can't seem to get this to work. We added a new site to the Web Cache, registered it with sso, updated httpd.conf and iasconfig.xml with the new virtual host and ran ptlconfig.
  Has anyone successfuly implemented a similar configuration?
  Is it possible to have a mixture of http and https virtual hosts with SSL termination at the LBR?
  Thanks in advance,
  Andy

  Yeah, in the app server admin guide for SSL configuration:
  17.3.5 Enabling SSL in Virtual Hosts
  You can use virtual hosts to deploy multiple Web sites on a single Oracle HTTP Server (for example, to make an application available over the HTTP protocol and the HTTPS protocol).
  The Oracle Application Server Single Sign-On Administrator's Guide, section titled "Configuring mod_osso with Virtual Hosts" contains instructions on configuring an SSL virtual host to be protected by mod_osso. You cannot use name-based virtual hosting. You must use IP-based or port-based virtual hosting.
  //This may be your problem - granted no symptoms were provided.

• Using SSL with Apache Virtual Hosts

  I am configuring Apache to use 3 virtual Host(Named base virtual Host).
  I would like to run SSL on two of the 3 virtual host.
  Do I need to gen a certificate for each virtual host or can I just use 1?

  William,
  I thought I'd give my 2 cents on this...
  Is there any particular reason as to why you are using named based virtual hosts?
  Apache recommends using IP based virtual hosts over name based virtual hosts.
  Go to http://httpd.apache.org/docs/dns-caveats.html and read the discussion on IP based virtual hosts and name based virtual hosts. The document describes the drawbacks to using the name-based approach.
  Hope this helps!
  -Manjeet

• IP Virtual Host w/SSL serving on port 80 and 443

  We have an OS 10.3.8 system and we've configured several virtual hosts using the system admin panel. One IP has several hosts on it. We have a seperate IP with one virtual host on it since it is running SSL. I have it configured for port 443 and I have all the security certificates installed OK. The site operates correctly over HTTPs. If I try to access it with standard HTTP I get a service not available error (which makes sense since server admin sets the config files to port 443 ... not 80).
  The only way I can get it to work is to add another virual host in server admin running on that IP at port 80. Unfortunately, that means it will be logged seperately (which I don't really want it to do). What do I need to change to get a single virtual host on a specific IP to respond correctly to both 443 and 80 using the file layout generated by server admin (I can modify them manually)?
  Thanks in advance ...
  Tom

  >The only way I can get it to work is to add another virual host in server admin running on that IP at port 80.
  That's correct. That's how you run a site as both HTTP and HTTPS - they're two sites.
  > Unfortunately, that means it will be logged seperately
  Why? You can set both sites to use the same log file and their hits will be combined in a single file.
  > What do I need to change to get a single virtual host on a specific IP to respond correctly to both 443 and 80 using the file layout generated by server admin (I can modify them manually)?
  You can't, but if your issue is the logging, my answer above should take care of that.

• Installing 2 ssl certificate on one machine with two virtual hosts

  Hi,
  If you have a managed server in a cluster that has two virtual hosts running
  on it how can you intsall the ssl certificates for both virtual hosts, in
  the admin console.
  any help would be great!

  OK....I figured it out.
  I was able to set the IPV4 properties on the ones needing filtering to use the IP or OpenDNS as the primary DNS and my server address as the secondary and that works.
  I removed OpenDNS forwarder from the server, flushed dns on all machines and so far it's working perfectly.  The machines that are not going to be filtered just go through the server for DNS.
  Hopefully, after a while it doesn't break down!

• How can I connect to multiple WLS instances from a single Apache virtual host

  Configuration : WebLogic 5.1 SP8 & Apache
  I need to be able to have a configuration that looks something like this.
  www.company.com/x -> WL cluster01
  www.company.com/y -> WL cluster02
  In all the examples that I have been able to find they alway defines the the WL
  connection for the entire virtual host, but I need to be able to do it on a location
  basis is that possible?
  Thanks
  Jens Schutt

  httpd.conf:
  <VirtualHost 172.17.9.24:443>
  DocumentRoot "/www/X"
  ServerName qawebivesta.qa.livecapital.com
  ErrorLog /usr/local/apache/logs/qaweb1.error_log
  TransferLog /usr/local/apache/logs/qaweb1.access_log
  SSLEngine on
  SSLCipherSuite
  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
  SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
  SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
  <Files ~ "\.(cgi|shtml|phtml|php3?)$">
  SSLOptions +StdEnvVars
  </Files>
  <Directory "/usr/local/apache/cgi-bin">
  SSLOptions +StdEnvVars
  </Directory>
  SetEnvIf User-Agent ".*MSIE.*" \
  nokeepalive ssl-unclean-shutdown \
  downgrade-1.0 force-response-1.0
  Debug ON
  DebugConfigInfo ON
  <Location /ivesta/>
  SetHandler weblogic-handler
  WebLogicHost qawlgc1
  WebLogicPort 7001
  </Location>
  <Location /TMPPhase2>
  SetHandler weblogic-handler
  WebLogicHost qawlgc1
  WebLogicPort 11001
  </Location>
  </VirtualHost>
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  /TMPPhase2 works fine, but when I try to access /ivesta I get a 404 from WebLogic
  "https://qawebtmp.qa.livecapital.com/ivesta/index.jsp?__WebLogicBridgeConfig
  Weblogic Apache Bridge Configuration parameters:
       WebLogic Cluster List:
            General Server List:
                 Host: 'qawlgc1' Port: 11001
            DefaultFileName: ''
            PathTrim: ''
            PathPrepend: ''
            ConnectTimeoutSecs: '10'
            ConnectRetrySecs: '2'
            HungServerRecoverSecs: '300'
            MaxPostSize: '-1'
            DynamicServerList: ON
            StatPath: false
            CookieName: WebLogicSession
            Idempotent: ON
            FileCaching: ON
            DisableCookie2Server: OFF
            QueryFromRequest: OFF
            Build date/time: Jun 25 2001 15:09:34
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  This should have been connecting to my 7001 instance not the 11001.
  Thanks
  Jens
  "Eric Gross" <[email protected]> wrote:
  What do you mean the wrong port? Post the complete output from
  WebLogicBridgeConfig as well as the URL you used.
  Also, paste the weblogic relative portions from your httpd.conf
  Thanks,
  Eric
  "jens" <[email protected]> wrote in message
  news:[email protected]...
  I also used ?__WebLogicBridgeConfig to verify that it did pick up thewrong port.
  Here is my build date for mod_wl.so in SP10
  Build date/time: Jun 25 2001 15:09:34
  Thanks
  Jens
  "Eric Gross" <[email protected]> wrote:
  Make sure you are using the latest plugin. As well, add parameter:
  DebugConfigInfo=ON and make a request with a query paramater of
  ?__WebLogicBridgeConfig and you should then see the build date/time.
  We can
  then see if you are indeed using the latest plugin.
  It is not a possibility to get the source.
  Regards,
  Eric
  "jens" <[email protected]> wrote in message
  news:[email protected]...
  And the solution where you put the WebLogic parm under location
  the
  last
  location
  over rule the previous.
  I have also tried to upgrade my plug-in from SP8 to SP10 but that
  didn't
  make
  any difference either.
  Is it possible to get the source code for the plug-in, I'm afraid
  that
  it
  don't
  follow put's all it's parm's a the vhost level no matter where in
  the
  conf
  file
  they are placed.
  HELP
  Jens
  "Eric Gross" <[email protected]> wrote:
  Yu is correct.
  Here is another way to do it as well:
  MatchExpression /x
  WebLogicCluster=server1:port,server2:port|PathTrim=/x
  MatchExpression /yWebLogicCluster=server3:port,server4:port|PathTrim=/y
  The general syntax for this would be:
  MatchExpression exp name=value|name=value
  Where exp=Mime type(*.jsp) or exp=/x(path)
  The next argument in the list is a pipe(|) delimited list ofname=value
  pairs (ie: WebLogicHost, WebLogicPort, WebLogicCluster, PathTrim,
  PathPrepend, etc..).
  Hope this helps.
  Regards,
  Eric
  "Yu Tian" <[email protected]> wrote in message
  news:[email protected]...
  Hi Jens,
  I think you can proxy by ppath.
  <Location /x>
  SetHandler weblogic-handler
  WebLogicCluster cluster1
  </Location>
  <Location /y>
  SetHandler weblogic-handler
  WebLogicCluster cluster2
  </Location>
  thanks
  Yu
  "Jens" <[email protected]> wrote in message
  news:[email protected]...
  Configuration : WebLogic 5.1 SP8 & Apache
  I need to be able to have a configuration that looks something
  like
  this.
  www.company.com/x -> WL cluster01
  www.company.com/y -> WL cluster02
  In all the examples that I have been able to find they alway
  defines
  the
  the WL
  connection for the entire virtual host, but I need to be able
  to
  do it
  on
  a location
  basis is that possible?
  Thanks
  Jens Schutt

• How to configure virtual hosts and separate tiers

  The configuration we require with WLS must:
  1) provide virtual hosts that can operate under their own SSL environments (some one way, some two way, with different certs)
  2) perform all XML parsing of received message objects in the web layer in order to (a) offload CPU from ejb layer to web layer and (b) prevent any malformed message from penetrating to the ejb layer - reject in the web layer
  3) the web tier must be physically separate from the ejb tier - an integrated WLS server is not acceptable for security reasons
  4) the ejb layer must be clusterable
  5) DNS round robin is sufficient protection for web layer failover
  I do not see clearly how to accomplish this configuration using the WLS suite. Would appreciate guidance on this prior to plunking down big dollars for licenses.
  Thanks

  The configuration we require with WLS must:
  1) provide virtual hosts that can operate under their own SSL environments (some one way, some two way, with different certs)
  2) perform all XML parsing of received message objects in the web layer in order to (a) offload CPU from ejb layer to web layer and (b) prevent any malformed message from penetrating to the ejb layer - reject in the web layer
  3) the web tier must be physically separate from the ejb tier - an integrated WLS server is not acceptable for security reasons
  4) the ejb layer must be clusterable
  5) DNS round robin is sufficient protection for web layer failover
  I do not see clearly how to accomplish this configuration using the WLS suite. Would appreciate guidance on this prior to plunking down big dollars for licenses.
  Thanks

• Virtual Host on WebLogic Server 5.1

  I need to configure my weblogic server 5.1 on windows 2000 server to make a virtual
  host address.
  How I can do it ????
  Thanks a lot for any help.
  Bye

  Hi Andy,
  I think a good approach for you would be to use a proxy server --
  browser -> proxy that supports virtual hosting -> WebLogic
  Use a proxy which supports virtual hosting, and which can have a separate
  certificate bound to each virtual host.
  That way you can do SSL between the browser and the proxy, and you can
  have the proxy do cleartext to WebLogic.
  This situation gets around WebLogic's limitation of allowing only one
  certificate per instance of the server.
  You could also use 5.1 as the proxy in the following manner:
  Run 3 instances of Weblogic, each as a proxy server, each bound to a
  different IP address and DNS name, having its own certificate --
  one instance for aaa.com, another for bbb.com, and a third for ccc.com
  Then have each of these three instances of WebLogic proxy to your "app
  server" instance of WebLogic on the backend.
  Hope this makes sense.
  Joe Jerry
  Andy Walker wrote:
  Hello,
  I am tasked with implementing a virtual hosting situation that must
  use SSL. It goes like this: https://www.aaa.com, https://www.bbb.com
  and https://www.ccc.com all having separate IPs. These URLs must
  forward the request to the same WebLogic Server instance. The problem
  is each URL must have its own certificate while WLS 5.1 only uses one
  certificate per instance.
  I was thinking about using a proxy server such that all three Web
  servers that would host the URLs would be sent to a proxy server which
  would redirect to the WLS 5.1 instance.
  My questions are, would this be feasible using WLS 5.1 as the Web
  Server and again WLS as the App Server? How secure is this
  arrangement? Is it preferable to use another vendor's software as the
  WebServer(IPlanet, Apache)

• Virtual Host (localhost) + Wamp 2.1

  Hello
  I'm trying to test a local URL like xxxxx.localhost or loclahost / xxxxxxx
  This does not work.
  I read this post related to this topic:
  http://blogs.adobe.com/edgeinspect/2012/06/19/shadow-xip-io-virtual-hosts-workflow-simplif ied/
  But I do not know what to do.
  Thank you for your help.

  No change.
  Changes in the file are in bold and italics.
  # This is the main Apache HTTP server configuration file.  It contains the
  # configuration directives that give the server its instructions.
  # See <URL:http://httpd.apache.org/docs/2.2> for detailed information.
  # In particular, see
  # <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
  # for a discussion of each configuration directive.
  # Do NOT simply read the instructions in here without understanding
  # what they do.  They're here only as hints or reminders.  If you are unsure
  # consult the online docs. You have been warned. 
  # Configuration and logfile names: If the filenames you specify for many
  # of the server's control files begin with "/" (or "drive:/" for Win32), the
  # server will use that explicit path.  If the filenames do *not* begin
  # with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
  # with ServerRoot set to "C:/Program Files/Apache Software Foundation/Apache2.2" will be interpreted by the
  # server as "C:/Program Files/Apache Software Foundation/Apache2.2/logs/foo.log".
  # NOTE: Where filenames are specified, you must use forward slashes
  # instead of backslashes (e.g., "c:/apache" instead of "c:\apache").
  # If a drive letter is omitted, the drive on which Apache.exe is located
  # will be used by default.  It is recommended that you always supply
  # an explicit drive letter in absolute paths to avoid confusion.
  # ServerRoot: The top of the directory tree under which the server's
  # configuration, error, and log files are kept.
  # Do not add a slash at the end of the directory path.  If you point
  # ServerRoot at a non-local disk, be sure to point the LockFile directive
  # at a local disk.  If you wish to share the same ServerRoot for multiple
  # httpd daemons, you will need to change at least LockFile and PidFile.
  ServerRoot "c:/wamp/bin/apache/apache2.2.17"
  # Listen: Allows you to bind Apache to specific IP addresses and/or
  # ports, instead of the default. See also the <VirtualHost>
  # directive.
  # Change this to Listen on specific IP addresses as shown below to
  # prevent Apache from glomming onto all bound IP addresses.
  #Listen 12.34.56.78:80
  #Listen 80
  Listen  0.0.0.0:80
  # Dynamic Shared Object (DSO) Support
  # To be able to use the functionality of a module which was built as a DSO you
  # have to place corresponding `LoadModule' lines at this location so the
  # directives contained in it are actually available _before_ they are used.
  # Statically compiled modules (those listed by `httpd -l') do not need
  # to be loaded here.
  # Example:
  # LoadModule foo_module modules/mod_foo.so
  LoadModule actions_module modules/mod_actions.so
  LoadModule alias_module modules/mod_alias.so
  LoadModule asis_module modules/mod_asis.so
  LoadModule auth_basic_module modules/mod_auth_basic.so
  #LoadModule auth_digest_module modules/mod_auth_digest.so
  #LoadModule authn_alias_module modules/mod_authn_alias.so
  #LoadModule authn_anon_module modules/mod_authn_anon.so
  #LoadModule authn_dbd_module modules/mod_authn_dbd.so
  #LoadModule authn_dbm_module modules/mod_authn_dbm.so
  LoadModule authn_default_module modules/mod_authn_default.so
  LoadModule authn_file_module modules/mod_authn_file.so
  #LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
  #LoadModule authz_dbm_module modules/mod_authz_dbm.so
  LoadModule authz_default_module modules/mod_authz_default.so
  LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
  LoadModule authz_host_module modules/mod_authz_host.so
  #LoadModule authz_owner_module modules/mod_authz_owner.so
  LoadModule authz_user_module modules/mod_authz_user.so
  LoadModule autoindex_module modules/mod_autoindex.so
  #LoadModule cache_module modules/mod_cache.so
  #LoadModule cern_meta_module modules/mod_cern_meta.so
  LoadModule cgi_module modules/mod_cgi.so
  #LoadModule charset_lite_module modules/mod_charset_lite.so
  #LoadModule dav_module modules/mod_dav.so
  #LoadModule dav_fs_module modules/mod_dav_fs.so
  #LoadModule dav_lock_module modules/mod_dav_lock.so
  #LoadModule dbd_module modules/mod_dbd.so
  #LoadModule deflate_module modules/mod_deflate.so
  LoadModule dir_module modules/mod_dir.so
  #LoadModule disk_cache_module modules/mod_disk_cache.so
  #LoadModule dumpio_module modules/mod_dumpio.so
  LoadModule env_module modules/mod_env.so
  #LoadModule expires_module modules/mod_expires.so
  #LoadModule ext_filter_module modules/mod_ext_filter.so
  #LoadModule file_cache_module modules/mod_file_cache.so
  #LoadModule filter_module modules/mod_filter.so
  #LoadModule headers_module modules/mod_headers.so
  #LoadModule ident_module modules/mod_ident.so
  #LoadModule imagemap_module modules/mod_imagemap.so
  LoadModule include_module modules/mod_include.so
  #LoadModule info_module modules/mod_info.so
  LoadModule isapi_module modules/mod_isapi.so
  #LoadModule ldap_module modules/mod_ldap.so
  #LoadModule logio_module modules/mod_logio.so
  LoadModule log_config_module modules/mod_log_config.so
  #LoadModule log_forensic_module modules/mod_log_forensic.so
  #LoadModule mem_cache_module modules/mod_mem_cache.so
  LoadModule mime_module modules/mod_mime.so
  #LoadModule mime_magic_module modules/mod_mime_magic.so
  LoadModule negotiation_module modules/mod_negotiation.so
  #LoadModule proxy_module modules/mod_proxy.so
  #LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
  #LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
  #LoadModule proxy_connect_module modules/mod_proxy_connect.so
  #LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
  #LoadModule proxy_http_module modules/mod_proxy_http.so
  LoadModule rewrite_module modules/mod_rewrite.so
  LoadModule setenvif_module modules/mod_setenvif.so
  #LoadModule speling_module modules/mod_speling.so
  #LoadModule ssl_module modules/mod_ssl.so
  #LoadModule status_module modules/mod_status.so
  #LoadModule substitute_module modules/mod_substitute.so
  #LoadModule unique_id_module modules/mod_unique_id.so
  #LoadModule userdir_module modules/mod_userdir.so
  #LoadModule usertrack_module modules/mod_usertrack.so
  #LoadModule version_module modules/mod_version.so
  LoadModule vhost_alias_module modules/mod_vhost_alias.so
  LoadModule php5_module "c:/wamp/bin/php/php5.3.5/php5apache2_2.dll"
  <IfModule !mpm_netware_module>
  <IfModule !mpm_winnt_module>
  # If you wish httpd to run as a different user or group, you must run
  # httpd as root initially and it will switch. 
  # User/Group: The name (or #number) of the user/group to run httpd as.
  # It is usually good practice to create a dedicated user and group for
  # running httpd, as with most system services.
  User daemon
  Group daemon
  </IfModule>
  </IfModule>
  # 'Main' server configuration
  # The directives in this section set up the values used by the 'main'
  # server, which responds to any requests that aren't handled by a
  # <VirtualHost> definition.  These values also provide defaults for
  # any <VirtualHost> containers you may define later in the file.
  # All of these directives may appear inside <VirtualHost> containers,
  # in which case these default settings will be overridden for the
  # virtual host being defined.
  # ServerAdmin: Your address, where problems with the server should be
  # e-mailed.  This address appears on some server-generated pages, such
  # as error documents.  e.g. [email protected]
  ServerAdmin admin@localhost
  # ServerName gives the name and port that the server uses to identify itself.
  # This can often be determined automatically, but we recommend you specify
  # it explicitly to prevent problems during startup.
  # If your host doesn't have a registered DNS name, enter its IP address here.
  ServerName localhost:80
  # DocumentRoot: The directory out of which you will serve your
  # documents. By default, all requests are taken from this directory, but
  # symbolic links and aliases may be used to point to other locations.
  DocumentRoot "c:/wamp/www/"
  # Each directory to which Apache has access can be configured with respect
  # to which services and features are allowed and/or disabled in that
  # directory (and its subdirectories).
  # First, we configure the "default" to be a very restrictive set of
  # features. 
  <Directory />
      Options FollowSymLinks
      AllowOverride None
      Order deny,allow
      Deny from all
  </Directory>
  # Note that from this point forward you must specifically allow
  # particular features to be enabled - so if something's not working as
  # you might expect, make sure that you have specifically enabled it
  # below.
  # This should be changed to whatever you set DocumentRoot to.
  <Directory "c:/wamp/www/">
      # Possible values for the Options directive are "None", "All",
      # or any combination of:
      #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
      # Note that "MultiViews" must be named *explicitly* --- "Options All"
      # doesn't give it to you.
      # The Options directive is both complicated and important.  Please see
      # http://httpd.apache.org/docs/2.2/mod/core.html#options
      # for more information.
      Options Indexes FollowSymLinks
      # AllowOverride controls what directives may be placed in .htaccess files.
      # It can be "All", "None", or any combination of the keywords:
      #   Options FileInfo AuthConfig Limit
      AllowOverride all
      # Controls who can get stuff from this server.
  #   onlineoffline tag - don't remove
      Order Deny,Allow
  #   Deny from all
      Allow from all
  </Directory>
  # DirectoryIndex: sets the file that Apache will serve if a directory
  # is requested.
  <IfModule dir_module>
      DirectoryIndex index.php index.php3 index.html index.htm
  </IfModule>
  # The following lines prevent .htaccess and .htpasswd files from being
  # viewed by Web clients.
  <FilesMatch "^\.ht">
      Order allow,deny
      Deny from all
      Satisfy All
  </FilesMatch>
  # ErrorLog: The location of the error log file.
  # If you do not specify an ErrorLog directive within a <VirtualHost>
  # container, error messages relating to that virtual host will be
  # logged here.  If you *do* define an error logfile for a <VirtualHost>
  # container, that host's errors will be logged there and not here.
  ErrorLog "c:/wamp/logs/apache_error.log"
  # LogLevel: Control the number of messages logged to the error_log.
  # Possible values include: debug, info, notice, warn, error, crit,
  # alert, emerg.
  LogLevel debug
  <IfModule log_config_module>
      # The following directives define some format nicknames for use with
      # a CustomLog directive (see below).
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
      LogFormat "%h %l %u %t \"%r\" %>s %b" common
      <IfModule logio_module>
        # You need to enable mod_logio.c to use %I and %O
        LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
      </IfModule>
      # The location and format of the access logfile (Common Logfile Format).
      # If you do not define any access logfiles within a <VirtualHost>
      # container, they will be logged here.  Contrariwise, if you *do*
      # define per-<VirtualHost> access logfiles, transactions will be
      # logged therein and *not* in this file.
      CustomLog "c:/wamp/logs/access.log" common
      # If you prefer a logfile with access, agent, and referer information
      # (Combined Logfile Format) you can use the following directive.
      #CustomLog "logs/access.log" combined
  </IfModule>
  <IfModule alias_module>
      # Redirect: Allows you to tell clients about documents that used to
      # exist in your server's namespace, but do not anymore. The client
      # will make a new request for the document at its new location.
      # Example:
      # Redirect permanent /foo http://localhost/bar
      # Alias: Maps web paths into filesystem paths and is used to
      # access content that does not live under the DocumentRoot.
      # Example:
      # Alias /webpath /full/filesystem/path
      # If you include a trailing / on /webpath then the server will
      # require it to be present in the URL.  You will also likely
      # need to provide a <Directory> section to allow access to
      # the filesystem path.
      # ScriptAlias: This controls which directories contain server scripts.
      # ScriptAliases are essentially the same as Aliases, except that
      # documents in the target directory are treated as applications and
      # run by the server when requested rather than as documents sent to the
      # client.  The same rules about trailing "/" apply to ScriptAlias
      # directives as to Alias.
      ScriptAlias /cgi-bin/ "cgi-bin/"
  </IfModule>
  <IfModule cgid_module>
      # ScriptSock: On threaded servers, designate the path to the UNIX
      # socket used to communicate with the CGI daemon of mod_cgid.
      #Scriptsock logs/cgisock
  </IfModule>
  # "C:/Program Files/Apache Software Foundation/Apache2.2/cgi-bin" should be changed to whatever your ScriptAliased
  # CGI directory exists, if you have that configured.
  <Directory "cgi-bin">
      AllowOverride None
      Options None
      Order allow,deny
      Allow from all
  </Directory>
  # DefaultType: the default MIME type the server will use for a document
  # if it cannot otherwise determine one, such as from filename extensions.
  # If your server contains mostly text or HTML documents, "text/plain" is
  # a good value.  If most of your content is binary, such as applications
  # or images, you may want to use "application/octet-stream" instead to
  # keep browsers from trying to display binary files as though they are
  # text.
  DefaultType text/plain
  <IfModule mime_module>
      # TypesConfig points to the file containing the list of mappings from
      # filename extension to MIME-type.
      TypesConfig conf/mime.types
      # AddType allows you to add to or override the MIME configuration
      # file specified in TypesConfig for specific file types.
      #AddType application/x-gzip .tgz
      # AddEncoding allows you to have certain browsers uncompress
      # information on the fly. Note: Not all browsers support this.
      #AddEncoding x-compress .Z
      #AddEncoding x-gzip .gz .tgz
      # If the AddEncoding directives above are commented-out, then you
      # probably should define those extensions to indicate media types:
      AddType application/x-compress .Z
      AddType application/x-gzip .gz .tgz
      AddType application/x-httpd-php .php
      AddType application/x-httpd-php .php3
      # AddHandler allows you to map certain file extensions to "handlers":
      # actions unrelated to filetype. These can be either built into the server
      # or added with the Action directive (see below)
      # To use CGI scripts outside of ScriptAliased directories:
      # (You will also need to add "ExecCGI" to the "Options" directive.)
      #AddHandler cgi-script .cgi
      # For type maps (negotiated resources):
      #AddHandler type-map var
      # Filters allow you to process content before it is sent to the client.
      # To parse .shtml files for server-side includes (SSI):
      # (You will also need to add "Includes" to the "Options" directive.)
      #AddType text/html .shtml
      #AddOutputFilter INCLUDES .shtml
  </IfModule>
  # The mod_mime_magic module allows the server to use various hints from the
  # contents of the file itself to determine its type.  The MIMEMagicFile
  # directive tells the module where the hint definitions are located.
  #MIMEMagicFile conf/magic
  # Customizable error responses come in three flavors:
  # 1) plain text 2) local redirects 3) external redirects
  # Some examples:
  #ErrorDocument 500 "The server made a boo boo."
  #ErrorDocument 404 /missing.html
  #ErrorDocument 404 "/cgi-bin/missing_handler.pl"
  #ErrorDocument 402 http://localhost/subscription_info.html
  # EnableMMAP and EnableSendfile: On systems that support it,
  # memory-mapping or the sendfile syscall is used to deliver
  # files.  This usually improves server performance, but must
  # be turned off when serving from networked-mounted
  # filesystems or if support for these functions is otherwise
  # broken on your system.
  #EnableMMAP off
  #EnableSendfile off
  # Supplemental configuration
  # The configuration files in the conf/extra/ directory can be
  # included to add extra features or to modify the default configuration of
  # the server, or you may simply copy their contents here and change as
  # necessary.
  # Server-pool management (MPM specific)
  #Include conf/extra/httpd-mpm.conf
  # Multi-language error messages
  #Include conf/extra/httpd-multilang-errordoc.conf
  # Fancy directory listings
  #Include conf/extra/httpd-autoindex.conf
  # Language settings
  #Include conf/extra/httpd-languages.conf
  # User home directories
  #Include conf/extra/httpd-userdir.conf
  # Real-time info on requests and configuration
  #Include conf/extra/httpd-info.conf
  # Virtual hosts (STE)
  #Include conf/extra/httpd-vhosts.conf
  # Local access to the Apache HTTP Server Manual
  #Include conf/extra/httpd-manual.conf
  # Distributed authoring and versioning (WebDAV)
  #Include conf/extra/httpd-dav.conf
  # Various default settings
  #Include conf/extra/httpd-default.conf
  # Secure (SSL/TLS) connections
  #Include conf/extra/httpd-ssl.conf
  # Note: The following must must be present to support
  #       starting without SSL on platforms with no /dev/random equivalent
  #       but a statically compiled-in mod_ssl.
  <IfModule ssl_module>
  SSLRandomSeed startup builtin
  SSLRandomSeed connect builtin
  </IfModule>
  #NameVirtualHost 127.0.0.1
  #<VirtualHost 127.0.0.1>
  #        ServerName localhost
  #        DocumentRoot "C:\wamp\www"
  #</VirtualHost>
  NameVirtualHost 192.168.1.98
  <VirtualHost 192.168.1.98>
          ServerName 192.168.1.98
          DocumentRoot "C:\wamp\www"
  </VirtualHost>
  Include "c:/wamp/alias/*"

• Configurations, instances, nodes, virtual hosts, clusters ... oh my!

  Perhaps I am being dense, but I am having some trouble wrapping my head around the different "objects" of a SJS web server 7 installation. It is not clear to me how they relate/map to each other and to real processes on the server (logical architecture, mapped to physical architecture).
  I had the same difficulty with WebSphere App Server 6 terminology until, with one fell swipe of the Sword of Fundamental Truthiness, a very brilliant instructor cleared it up for me when he said (using WAS6 parlance) "a 'profile' is the on-disk configuration, files etc, of a node. 1 profile = 1 node. The node is the run-time object describe by the profile." Bingo. Everything (nodes, servers, cells, profiles) made sense after that.
  I've been through the docs, but it is still not clear to me. Any lucid descriptions would be appreciated. There's configurations, nodes, instances, virtual hosts, listeners, clusters.
  Is a cluster a collection of nodes? Or instances? Virtual server vs. instance? A "configuration" is the on-disk configuration/files etc describing a ???" Maybe there is a nice diagram out there someplace that maps all these bits together?
  Thanks,
  Mark

  Thanks all. Like I said, I've read the docs. They are not terribly clear, at least not to me, but maybe I am just being dense. Some detailed diagrams would be useful.
  [In the text below, I use leading CAPS to differentiate between generic use of a term and Web Server's use of a term ... instance vs. Instance for example.]
  To say "an Instance is a Configuration deployed to a Node" doesn't make any sense to me, since an "Instance" is a configuration item within the Configuration. Maybe it is technically correct
  I think I have the following correct:
  * A Configuration defines/describes an HTTP service that you wish to provide. It ties together all the elements required to define that service: ports to listen on, SSL or no SSL, document roots, access control and so on.
  * You deploy Configurations to Nodes. You define which Nodes to deploy the Configuration to using the Instances tab within the Configuration. The Instance is the run-time representation within a Node of the Configuration (as the Node is the run-time representation within a Cell of the on-disk Profile in WebSphere). You may only have one Instance of a Configuration per available Node. If you have multiple Configurations, you can deploy one Instance of each Configuration to a single Node. An important point here is that Instances really have nothing to do with Virtual Hosts or HTTP Listeners. They are related to Configurations. Configurations have a one-to-(potentially)-many relationship with Instances. Instances within a single Configuration have a one-to-one relationship with Nodes.
  * A Listener listens for incoming HTTP requests on a single port. You may have multiple Listeners per Configuration. A Listener forwards incoming HTTP requests to the "appropriate" Virtual Host.
  * You can map a single Listener (therefore a single port) onto multiple Virtual Hosts, (Why would you do this?) and of course, multiple Listeners onto a single Virtual Host. Listeners and Virtual Hosts have a many-to-many relationship.
  * A virtual host is really the definition of the "real HTTP service", by which I mean it defines the doc root, access controls etc.
  I think I have it straight. I apologize if this is amateur. I am hoping to replace all my Apache servers with SJSWS and need to have all my ducks lined up to make the argument for doing so.
  Thanks again,
  Mark

• Virtual hosts/HTTPS

  Using WL 6.0, we're setting up multiple virtual hosts, hosted off a
  single
  WL cluster.
  We want HTTPS access to these sites, so I assume each virtual host needs
  to be configured with its own Certificate, right ?
  Can I setup one of these virtual hosts to request client side
  Certificates
  (2-way authentication) as well ?
  Also, can I set a list of trusted CAs, not just one ?
  thanks
  -john

  Because of the nature of HTTPS/SSL, you can't do name-based HTTPS virtual hosting - all the SSL connection work is done before Apache can tell what site the user was aiming for. Therefore, any connection on port 443 is going to go to the same virtual server, regardless of the hostname entered by the user.
  Your best solution is to use different IP addresses on the server, binding www.example1.com ports 80 and 443 to one IP address and binding www.example2.com to the other IP address. Whether this is practical for you depends on your network setup (if you only have one public IP address, for example, then it's not going to work for you either.
  Failing that you can add a check to the port 443 site to ensure that the user requested the domain you expect. This wouldn't prevent a user from opening a connection to https://www.example2.com and getting a SSL certificate error, but at least you could redirect them back to the non-https site.
  Adding something like this towards the end of the .conf file for the https site should help:
  RewriteCond %{HTTP_HOST} !^www.example1.com$ \[NC\]
  RewriteRule ^.*$ http://%{HTTPHOST}%{REQUESTURI} [R]
  This somewhat cryptic setup first checks whether the request is for www.example1.com. If it is not (thanks to the !) then it rewrites the URL using http rather than https and sends the user a redirect.

• Apache, virtual hosts & cgi-bin

  Hello all,
  I have an AL server running apache, qmail, vpopmail (&mysql), bincimap, squirrelmail.
  I've setup apache to have 2 virtual hosts :
  www.mydomain.com (with docroot /home/httpd/html/www.mydomain.com) as http & mail.mydomain.com (with docroot /home/httpd/html/mail.mydomain.com) as https.
  Everything is working fine so far, except when I ask for http://mail.mydomain.com (not https) it shows the contents of www.mydomain.com. Minor annoyance, but I'd like to fix it some time. Any suggestions ?
  My main problem is that I want to install qmailadmin in mail.mydomain.com, so I can access it via ssl, so I installed it as /home/httpd/cgi-bin/qmailadmin & made a symlink to /home/httpd/html/mail.mydomain.com/cgi-bin.
  When I try to access it (https://mail.mydomain.com/cgi-bin/qmailadmin), I get "500 Internal server error" & in error_log:
  [error] [client MY_IP] Premature end of script headers: qmailadmin
  and in ssl_request_log :
  [14/Jan/2004:17:00:45 +0200] MY_IP TLSv1 RC4-MD5 "GET /cgi-bin/qmailadmin HTTP/1.1" 674
  I've never setup cgi-bin in virtual hosts before & it's driving me nuts, any suggestions ?
  btw, qmailadmin works fine on my home server without any virtual hosts in apache...

  This isn't perfect, but it's probably pretty close to what you're looking for.  You may need to play around with some <Directory/> tags for your cgi-bin directory, or (as the example illustrates below), just put your cgi scripts in the document root for mail.mydomain.com.
  <Directory "/home/httpd/html/www.mydomain.com">
  AllowOverride All
  Order allow,deny
  Allow from all
  </Directory>
  <Directory "/home/httpd/html/mail.mydomain.com">
  AllowOverride All
  Options ExecCGI
  Order allow,deny
  Allow from all
  </Directory>
  NameVirtualHost 192.168.1.114:80
  NameVirtualHost 192.168.1.114:443
  <VirtualHost www.mydomain.com:80>
  SSLDisable
  Servername www.mydomain.com
  ServerAdmin [email protected]
  DocumentRoot /home/httpd/html/www.mydomain.com
  DirectoryIndex index.html index.htm index.cgi
  ErrorLog logs/www.mydomain.com_error.log
  CustomLog logs/www.mydomain.com_access.log combined
  </Virtualhost>
  # redirect 80 to 443
  <VirtualHost mail.mydomain.com:80>
  SSLDisable
  Servername mail.mydomain.com
  Redirect / https://mail.mydomain.com
  </Virtualhost>
  <VirtualHost mail.mydomain.com:443>
  SSLEnable
  SSLCertificateFile /home/httpd/conf/mail.mydomain.com.pem
  ServerName mail.mydomain.com
  ServerAdmin [email protected]
  DocumentRoot /home/httpd/html/mail.mydomain.com
  ErrorLog logs/mail.mydomain.com_error.log
  CustomLog logs/mail.mydomain.com_access.log combined
  </Virtualhost>
  hth,
  farphel

• Http deny and virtual hosts

  solaris 8 ips sp4 gw and server on 1 host
  got 5 domains en added these to the platform.conf
  and using ssl cert to access these domains.
  everything works fine but when i add the url the user
  can access only in the domain policy url list and deny the rest i get a 502 gateway error ! log gateway says
  sessionid not allowed ! what's wrong ?
  adding http://domain.sub.com in allow list doesn't help

  Hi,
  Is there a "*" in the deny URL list. Looks like portal gateway checks deny list and denys all the URL's
  without even the virtual host. Please try removeing "*" from the deny list.
  Hope this helps.
  Regards,
  Raj_indts
  Developer Technical Support
  Sun Microsystems http://www.sun.com/developers/support