Ever have one of those days where after staring at the configuration for hours you don’t see what you are doing wrong?
I am having that kind of day. I browse to the URLs https://evumail8prd01.ci.northwestern.edu/activate and https://evumail8prd01.ci.northwestern.edu/manage and all I get is a 404 error. Nothing usable in the logs. I know I am missing something simple but the issue is escaping me. The configuration is stolen from the existing RHEL 6 & Apache 2.2 instance combined with the Mozilla template from https://ssl-config.mozilla.org/#server=apache&version=2.4.41&config=modern&openssl=1.1.1k&ocsp=false&guideline=5.7 now on RHEL 8 & Apache 2.4
Please help!
My configuration:
# generated 2023-06-08, Mozilla Guideline v5.7, Apache 2.4.41, OpenSSL 1.1.1k, modern configuration
# modern configuration
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.2
SSLHonorCipherOrder off
SSLSessionTickets off
SSLUseStapling Off
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
# this configuration requires mod_ssl, mod_socache_shmcb, mod_rewrite, and mod_headers
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>
<VirtualHost *:443>
ServerName evumail8prd01.ci.northwestern.edu
ServerName evumail.northwestern.edu
ServerName umail.northwestern.edu
DocumentRoot /var/www/html
ScriptAlias /cgi-bin /var/www/cgi-bi
RewriteEngine on
# RewriteRule ^/activate /umail3/netid.php?r=a [R]
# RewriteRule ^/manage /umail3/netid.php?r=m [R]
LogLevel alert rewrite:trace6
RedirectMatch permanent ^/activate$ "https://evumail8prd01.ci.northwestern.edu/umail3/netid.php?r=a"
RedirectMatch permanent ^/manage$ "https://evumail8prd01.ci.northwestern.edu/umail3/netid.php?r=m"
<Directory /var/www/html>
Options -Indexes
</Directory>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
Options -Indexes
</Directory>
DirectorySlash On
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
# Qualys
Header always append X-Frame-Options SAMEORIGIN
# Tenable
Header always edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
# enable HTTP/2, if available
Protocols h2 http/1.1
# HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
Header always set Strict-Transport-Security "max-age=63072000"
ErrorLog logs/ssl_error_log
#LogLevel debug
CustomLog logs/ssl_agent_log agent
CustomLog logs/ssl_referer_log referer
TransferLog logs/ssl_access_log
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
SSLEngine on
SSLCertificateFile /etc/httpd/certs/evumail8prd01_ci_northwestern_edu_cert.cer
SSLCertificateKeyFile /etc/httpd/certs/evumail8prd01_ci_northwestern_edu.key
</VirtualHost>
<VirtualHost *:80>
ServerName u.northwestern.edu
ServerAlias www.u.northwestern.edu
Redirect / https://mail.google.com/a/u.northwestern.edu/
</VirtualHost>
<VirtualHost *:443>
ServerName u.northwestern.edu
ServerAlias www.u.northwestern.edu
Redirect / https://mail.google.com/a/u.northwestern.edu/
</VirtualHost>
Darryl Baker, GSEC, GCLD (he/him/his)
Sr. System Administratorhttps://evumail8prd01.ci.northwestern.edu/activate
Distributed Application Platform Services
Northwestern University
4th Floor
2020 Ridge Avenue
Evanston, IL 60208-0801
|