Hi.Probably nothing to do with your problem, and I am not quite sure it really matters because I have not analysed your configuration in detail, but in principle ...
This line DocumentRoot /d01/tomcat/webapps/zeABCmeans that you are allowing Apache to serve the files that are below that directory, including what is below WEB-INF in that directory, for example the web.xml of your application.
Pete Beebe wrote:
Thank you, Tony, HTTPD was installed form the 2.2.6 source against a RHES4.0 OS. The end-user that reported the issue simply stated "web site down" whereas when I navigated to the default pages I was looking at the contents of the http-ssl.conf file with no error message. The only recent changes to the Apache install was an update to the ssl.conf file's certificate names and adjusting the proxy_pass/rewrite commands in order to properly pass traffic from Apache to Tomcat's webapp. I thought that perhaps the proxy_pass/rewrite bit might have been the issue but figured if it was configured wrong a more persistent error would be evident. Config params for the source compile were: "./configure" \ "-prefix=/d01/apache" \ "--enable-ssl" \ "--enable-proxy" \ "--enable-dav" \ "--enable-dav-fs" \ "--enable-dav-lock" \ "--enable-vhost-alias" \ "--enable-rewrite" \ "--enable-so" \ "--with-include-apr" \ "--with-ssl=/usr/include/openssl" \ "--with-mpm=worker" \ The Apache server listens on two NICs for two sites which both run on a Tomcat back-end. ----------- HTTPD.CONF: ----------- ServerRoot "/d01/apache" Listen 80 <IfModule !mpm_netware_module> User daemon Group daemon </IfModule> ServerAdmin jondoe.admin@xxxxxxxxxx DocumentRoot "/d01/apache/htdocs" <Directory /> Options FollowSymLinks AllowOverride None Order deny,allow Deny from all </Directory> <Directory "/d01/apache/htdocs"> Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> <IfModule dir_module> DirectoryIndex index.html </IfModule> <FilesMatch "^\.ht"> Order allow,deny Deny from all Satisfy All </FilesMatch> ErrorLog logs/error_log LogLevel warn LoadModule jk_module modules/mod_jk.so Include "/d01/apache/conf/mod_jk.conf" <IfModule log_config_module> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common <IfModule logio_module> # You need to enable mod_logio.c to use %I and %O LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio </IfModule> CustomLog logs/access_log common </IfModule> <IfModule alias_module> ScriptAlias /cgi-bin/ "/d01/apache/cgi-bin/" </IfModule> <IfModule cgid_module> </IfModule> <Directory "/d01/apache/cgi-bin"> AllowOverride None Options None Order allow,deny Allow from all </Directory> DefaultType text/plain <IfModule mime_module> TypesConfig conf/mime.types AddType application/x-compress .Z AddType application/x-gzip .gz .tgz </IfModule> Include conf/extra/httpd-mpm.conf Include conf/extra/httpd-ssl.conf <IfModule ssl_module> SSLRandomSeed startup builtin SSLRandomSeed connect builtin </IfModule> Alias /abc /d01/tomcat/webapps/zeABC <Directory /d01/tomcat/webapps/zeABC> Options FollowSymLinks Includes DirectoryIndex index.html AddHandler server-parsed shtml order allow,deny allow from all </Directory> <VirtualHost 10.0.0.11:80> ServerAdmin jondoe.admin@xxxxxxxxxx DocumentRoot /d01/tomcat/webapps/zeABC ServerName www.zeABC.com ServerAlias zeABC.com ScriptAlias /cgi-bin/ /home/zeABC/cgi-bin/ RewriteEngine on RewriteCond %{SERVER_PORT} !^443$ # RewriteRule ^(.*)$ https://www.zeABC.com/abc/$1 [L,R] RewriteRule ^(.*)$ https://www.zeABC.com/zeABC$1 [L,R] </VirtualHost> <VirtualHost 10.0.0.12:80> ServerAdmin jondoe.admin@xxxxxxxxxx DocumentRoot /d01/tomcat/webapps/zeABC ServerName www.XYZ.com ServerAlias XYZ.com ScriptAlias /cgi-bin/ /home/zeABC/cgi-bin/ RewriteEngine on RewriteRule ^(.*) https://www.XYZ.com/abc </VirtualHost> ServerTokens Minimal -------------- HTTP-SSL.CONF: -------------- Listen 443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin SSLSessionCache "shmcb:/d01/apache/logs/ssl_scache(512000)" SSLSessionCacheTimeout 300 SSLMutex "file:/d01/apache/logs/ssl_mutex" <VirtualHost 10.0.0.11:443> DocumentRoot "/home/ABC_ssl/tmp" ServerName www.ABC.com ServerAdmin jondoe.admin@xxxxxxxxxx ErrorLog logs/ssl_error_log CustomLog logs/ssl_access_log combined <Directory "/home/ABC_ssl/tmp"> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny Allow from all </Directory> ScriptAlias /cgi-bin/ "/home/ABC_ssl/cgi-bin/" <Directory "/home/ABC_ssl/cgi-bin"> AllowOverride None Options None Order allow,deny Allow from all SSLOptions +StdEnvVars </Directory> ProxyPass /ABC/ http://10.0.0.11:9001/ABC/ ProxyPassReverse /ABC/ http://10.0.0.11:9001/ABC/ SSLEngine on SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM SSLCertificateFile /d01/apache/conf/ssl.crt/www_ABC_com.2009.crt SSLCertificateKeyFile /d01/apache/conf/ssl.key/www.ABC.com.key SSLCACertificateFile /d01/apache/conf/ssl.prm/intermediate.crt SSLCertificateChainFile /d01/apache/conf/ssl.crt/www_ABC_com.ca-bundle <Location /> SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 ErrorDocument 403 http://www.ABC.com/error_4035.cfm </Location> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown </VirtualHost> <VirtualHost 10.0.0.12:443> DocumentRoot "/home/xyz" ServerName www.XYZ.com ServerAdmin jondoe.admin@xxxxxxxxxx <Directory "/home/xyz"> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny Allow from all </Directory> ScriptAlias /cgi-bin/ "/home/xyz/cgi-bin/" <Directory "/home/xyz/cgi-bin"> AllowOverride None Options None Order allow,deny Allow from all SSLOptions +StdEnvVars </Directory> RewriteEngine on RewriteRule ^/abc /ABC/XYZOMG/ [R] ProxyPass /ABC/ http://10.0.0.11:9001/ABC/ ProxyPassReverse /ABC/ http://10.0.0.11:9001/ABC/SSLEngine onSSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM SSLCertificateFile /d01/apache/conf/ssl.crt/www_XYZ_com.crt SSLCertificateKeyFile /d01/apache/conf/ssl.key/www.XYZ.com.key SSLCACertificateFile /d01/apache/conf/ssl.prm/intermediate.crtSSLCertificateChainFile /d01/apache/conf/ssl.crt/www_XYZ_com.ca-bundle <Location />SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 ErrorDocument 403 http://www.ABC.com/error_4035.cfm </Location> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown </VirtualHost>From: Tony Stevenson <tony@xxxxxxxxxxx> Subject: Re: HTTP misconfiguration? Pete, I would suggest initially you tell us about your install of of HTTPD, is from source, or from a vendor package? Ca you show us your config? Either an anonomised one, or one that covers the main httpd config, along with your ssl config. Is it possible that you have an overlapping config, that exposes your config files. i.e. a misconfigured docroot, or symlinks? Also, what error were you getting when the "site was down" 40x?, 50x? - Specifics can help us here.--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|