I'm trying to use auth_mellon mod to add SAML authentication to a website.
Followed the tutorial here : https://jdennis.fedorapeople.org/doc/mellon-install/mellon-install-guide.html
I'm not the one who generated the XML file on the IDP side (business with multiple services and another branch is administrating the Microsoft AD) but I get an error with the file :
[Tue Jan 31 15:17:58.713662 2023] [auth_mellon:error] [pid 9005] [client 192.168.1.34:45544] Error adding metadata "/etc/httpd/saml2/idp_metadata.xml" to lasso server objects. Lasso error: [-205] Parsed XML is invalid.
I don't find this error in the official lasso documentation, and even when I try switching to other random XML files for mellon I find online, it gives me the same error.
I'm unable to even access the URL fqdn.com/mellon/metadata as it tries to load the file and fails.
If someone has any hint ?
Thanks by advance
Related
I'm trying to serve a yesod application as a CGI (or FastCGI) program but Apache shows me a 500 error:
[Mon Sep 21 17:35:41.425565 2020] [http:error] [pid 2758] [client 10.0.2.2:43872] AH02429: Response header name '21/Sep/2020' contains invalid characters, aborting request
Starting with a new template with stack new project yesodweb/sqlite, I've tried to convert it to a CGI program by changing src/Application.hs.
I've imported the Wai CGI library with
import Network.Wai.Handler.CGI (run)
and changed the last line of appMain to run app:
-- | The #main# function for an executable running this site.
appMain :: IO ()
appMain = do
-- Get the settings from all relevant sources
settings <- loadYamlSettingsArgs
-- fall back to compile-time values, set to [] to require values at runtime
[configSettingsYmlValue]
-- allow environment variables to override
useEnv
-- Generate the foundation from the settings
foundation <- makeFoundation settings
-- Generate a WAI Application from the foundation
app <- makeApplication foundation
-- Run the application with Warp
--runSettings (warpSettings foundation) app
run app
I thought this was the minimal change to serve it as a CGI program but apparently is not working.
I've already looked into yesod's book chapter on deploying your Webapp which has been handy to write the apropriate Apache configuration so the server could ran the app. It says nothing about the nedded changes to the app code which I presume is where the problem is.
I've also checked this stackoverflow question but it's from almost 8 years ago so it's outdated now.
The problem is that the default makeFoundation logs to standard output, which is also where the CGI program is supposed to send its response, so you're getting intermingling of response headers with log output, and Apache tries to parse log lines as HTTP headers, etc.
If you replace newStdoutLoggerSet with newStderrLoggerSet, it should work, and the log output will end up in Apache's "error.log" or equivalent.
Since few days I've got the following error message in my Server error log :
www.xxx.com [client XXX.XXX.XXX.XXX] rdbmmap (21): rdbm_fetch failed (1)
Although the site is loading right. I would like to know about this error. Can't find anything around. Does anybody know about this?
Server configuration :
Server-Info: Apache/2.2.31 (Unix)
PHP-Version: 7.1.8
WordPress: 4.8.1
MySQL-Version: 5.6.37
Thanks in advance.
Please have a look at this: Map Reduce & RDBMS
RDBMS - stands for Remote database management system,
Client- is the browser,oder crawler bot ,that send the Request.
Fetch Failed- means, the system could fetch the request to the database.
My centos server is running web applications in LAMP stack. A couple of days back, the server was not responding for about 10 mins and I got http response failure alert from my monitoring tool. When I checked the httpd error log I found a huge log entry (~12000 lines) related to sendmail.
14585 sendmail: fatal: open /etc/postfix/main.cf: Permission denied
The server ran out of memory and not responding.
14534 [Fri Aug 19 22:14:52.597047 2016] [mpm_prefork:error] [pid 26641] (12)Cannot allocate memory: AH00159: fork: Unable to fork new process
14586 /usr/sbin/sendmail: error while loading shared libraries: /lib64/librt.so.1: cannot allocate version reference table: Cannot allocate memory
We are not using sendmail in any of our application. How can I stop this attack in future?
Thank you in advance!
Sorry I have no comment facilities; it looks like one of your website pages is vulnarable for code injection, finding out where and what page may be a huge job. Focus on input (forms) variables. Always sanitize input variables before using them! P.s. php uses "sendmail", even if you use Postfix, it will use a sendmail binary to send mail and the sendmail binary will redirect it to Postfix. If your forms work well and the 12k error log lines come out of the blue, then I would think someone is trying to inject code through your website (happens all the time by the way).
Request entity too large
The requested resource
/some/url/path/on/server
does not allow request data with GET requests, or the amount of data provided in the request exceeds the capacity limit.
I get a corresponding error in my mod_jk.log file which is below.
[Mon Oct 10 20:36:11 2011] [9834:0] [error] ajp_marshal_into_msgb::jk_ajp_common
.c (415): failed appending the header value
I have a web farm running tomcat5, fronted by apache1.3 using the mod_jk connector. I started getting this error today on all the servers although no code changes were made today. The error seems to popup randomly. The same request doesn't always generate the error.
Can anyone explain the cause and why it would be random? I have seen recommendations to increase max_packet_size in server.xml. I want to understand the problem and the impact of the change before making it.
May be it's too easy for you to answer.
My problem is about cgi and apache web server.
Make it simple, I have a html "form.html" containing a form in it. To access it, typing "127.0.0.1/form.html" in browser.
After clicking "submit" in this html file, it is supposed to adress to "127.0.0.1\cgi-bin\cginame.cgi", the content of "cginame.cgi" is as below:
#!/bin/bash
if [ $REQUEST_METHOD="GET" ]
then
data=$QUERY_STRING
else
data='cat'
fi
java mortcal $data
"mortcal" is a java program calculating and return a HTML page containing results to user.
I'm using apache 2.2 and ubuntu 10.04.
The problem is when I click the "submit" button in "form.html", I got these in error log:
[Sat Sep 24 15:00:20 2011] [error] (2)No such file or directory: exec of '/usr/lib/cgi-bin/mortcgi.cgi' failed
[Sat Sep 24 15:00:20 2011] [error] [client 127.0.0.1] Premature end of script headers: mortcgi.cgi
I know it's because apache can not find "/bin/bash" to execute the cgi file. But I do have "/bin/bash".
It's so weird. Please help me out. Thank you in advance.
To execute CGI scripts, you need to configure Apache to allow this, and your script has to follow the HTTP protocol by sending back data in the right format, and right permissions, and on and on and on.
Here's a great tutorial with an example: http://httpd.apache.org/docs/2.2/howto/cgi.html
... however, I need to say: running a java program from within a shell script via Apache is a bad idea, in general. Each request loads the java runtime engine (JRE), runs the program, then unloads it. There are issues with environment, file ownership and so on -- all of this is why there are application servers like tomcat for java. So if you're just trying something, that's fine. If you're thinking this is a good way to get something done in a professional production environment, I would reconsider.
As noted, this seems like a poor way to do things, but:
Do the script file permissions allow execution for the web server user?
Are you using any security framework such as selinux which would apply additional restrictions?
I checked my configuration files. They are ok. So I kept searching on the web and finally I saw this:
"If you've copied over the script from a Windows machine, you may be being tripped up by ^M at end of line. You can use cat -v /usr/lib/cgi-bin/printenv.pl | head -1 to verify that there isn't a ^M at the end of the line. "
I did copy my cgi file from windows! I forgot to mention it because I did not think it's a big deal.
Now I have removed the ^M by typing this" :%s/^V^M//g in vi. This problem is resolved. Thanks very much for your answer, Mr.Harrison and Dark Falcon, Thank you all.