Error wsgi in server installed in MAC Yosemite - apache
I have problems wsgi module and do not understand why.
I installed Apache, remove MAMP because it gave me too many problems.
I have configured the port and my page loads fine.
Install MYSQL load my script and all is well.
Install the Python-MySQL connector and make the connection and actually connects.
but when I access the site and I want to register strip mistake, nose if it reaches the database or not.
Someone help me understand what happens.
Attached codes.
httpd.conf
ServerRoot "/usr/local/apache2"
Listen 8080
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule filter_module modules/mod_filter.so
LoadModule mime_module modules/mod_mime.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule headers_module modules/mod_headers.so
#LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule unixd_module modules/mod_unixd.so
#LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule alias_module modules/mod_alias.so
LoadModule wsgi_module modules/mod_wsgi.so
<IfModule unixd_module>
User daemon
Group daemon
</IfModule>
ServerAdmin usuario#usuario.com
ServerName localhost:8080
<Directory />
AllowOverride none
Require all denied
</Directory>
DocumentRoot "/Users/usuario/Sites/usuariocloud/client"
<Directory "/Users/usuario/Sites/usuariocloud/client">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
<Files ".ht*">
Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access_log" common
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/Users/usuario/Sites/usuariocloud/server/"
</IfModule>
<IfModule cgid_module>
</IfModule>
Alias /cgi-bin /Users/usuario/Sites/usuariocloud/server/
<Location /cgi-bin>
SetHandler wsgi-script
Options +ExecCGI
</Location>
#WSGIScriptAlias /cgi-bin /Users/usuario/Sites/usuariocloud/server/
<Directory "/Users/usuario/Sites/usuariocloud/server/">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule mime_module>
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
</IfModule>
<IfModule proxy_html_module>
Include conf/extra/proxy-html.conf
</IfModule>
Include conf/extra/httpd-ssl.conf
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
controller.wsgi
# Library Imports
import json, cgi, sys, os
path = os.path.dirname(__file__)
if path not in sys.path:
sys.path.append(path)
# Own Libraries
from petition_solver.solver import Solver
def application(env, resp):
response = { "response": "fail",
"error" : """Expecting ?Json=
{
"function":"functionName",
"entity":"entityName",
"params":
{
"param1":"value1",
"param2":"value2",
"paramn":"value n"
}
}""".replace('\r', ' ').replace('\n', ' ').replace('\t', '')
}
# Read Params
form = cgi.FieldStorage(fp=env['wsgi.input'], environ=env)
if form:
userAgent = env["HTTP_USER_AGENT"] if "HTTP_USER_AGENT" in env else ""
param_json = form['json'].value
petition = json.loads(param_json)
if('file' in form and "params" in petition):
param_file = form['file']
if(isinstance(param_file, list)):
petition['params']['files'] = []
for f in param_file:
filename = unicode(f.filename, 'utf-8')
petition['params']['files'].append({"originalName" : filename, "file" : f.file.read()})
else:
petition['params']['file'] = param_file.file.read()
filename = unicode(param_file.filename, 'utf-8')
petition['params']['originalName'] = filename
solver = Solver()
response = solver.solvePetition(petition, userAgent=userAgent)
if (response and "download" in response and response["download"]):
detail = response["file"]["storage"]
mime = detail["mime"].decode('utf-8')
name = detail["originalName"].encode("ascii", 'replace')
data = detail["file"]
resp('200 OK',[('Content-type', '{0}'.format(mime)),('Content-disposition', 'attachment; filename*=UTF-8''{0}; filename={0}'.format(name))])
yield data
else:
resp('200 OK',[('Content-type', 'text/html;charset=utf-8')])
yield json.dumps(response)
solver.py
#solver module
#class Solver
from log import Log
from error import NotValidPetitionError
class Solver:
userId = -1
def solvePetition(self, petition, petitionId=0, userAgent=None):
lg = Log.Instance()
if("function" not in petition or "entity" not in petition):
response = {"response":"fail", "error" : "{0}".format(NotValidPetitionError())}
lg.logError("Not a valid petition found", lg.SOLVER_LEVEL)
return response
innerPetition = self._getCopy(petition)
function = innerPetition["function"]
entityName = innerPetition["entity"]
params = innerPetition["params"] if "params" in innerPetition else {}
key = innerPetition["key"] if "key" in innerPetition else ""
#petitionId = petitionId if petitionId else self._getPetitionId()
#lg.logDebug("Received petition {0} ".format(self._getJsonRepr(petition)), lg.SOLVER_LEVEL, petitionId)
entity = None
entityType = None
if(entityName == "user"):
from entities.user import User
entityType = User
params["userAgent"] = userAgent
elif(entityName == "group"):
from entities.group import Group
entityType = Group
elif(entityName == "tag"):
from entities.tag import Tag
entityType = Tag
elif(entityName == "attribute"):
from entities.attribute import Attribute
entityType = Attribute
elif(entityName == "template"):
from entities.template import Template
entityType = Template
elif(entityName == "directory"):
from entities.directory import Directory
entityType = Directory
elif(entityName == "staticCatalog"):
from entities.staticCatalog import StaticCatalog
entityType = StaticCatalog
elif(entityName == "dynamicCatalog"):
from entities.dynamicCatalog import DynamicCatalog
entityType = DynamicCatalog
elif(entityName == "document"):
from entities.document import Document
entityType = Document
elif(entityName == "file"):
from entities.file import File
entityType = File
elif(entityName == "inbox"):
from entities.inbox import Inbox
entityType = Inbox
elif(entityName == "storageFile"):
from entities.storageFile import StorageFile
entityType = StorageFile
elif(entityName == "structure"):
from entities.structure import Structure
entityType = Structure
elif(entityName == "dictionaryCatalog"):
from entities.dictionaryCatalog import DictionaryCatalog
entityType = DictionaryCatalog
elif(entityName == "patternTemplate"):
from entities.patternTemplate import PatternTemplate
entityType = PatternTemplate
if petitionId:
petitionId = petitionId
valueReturned = self._operationsManager(params, petitionId, key, entityType, entityName, function, False, petition)
else:
petitionId = self._getPetitionId()
valueReturned = self._operationsManager(params, petitionId, key, entityType, entityName, function, True, petition)
lg.logDebug("Received petition {0} ".format(self._getJsonRepr(petition)), lg.SOLVER_LEVEL, petitionId)
try:
entity = entityType(params, key, petitionId)
response = entity.process(function)
pet_id = self._getPetition(entity, petitionId)
queryUpdate = self._getDBTemplate("UPDATE_OPERATION_STATUS").format(pet_id)
newId = entity._resolveUpdate(queryUpdate, audit=False)
if newId > 0:
lg.logDebug("UPDATE_PETITION_ID: {0} ".format(pet_id), lg.SOLVER_LEVEL, petitionId)
except Exception as e:
response = self._manageError(e, petition, petitionId)
finally:
del (entity)
del (innerPetition)
lg.logDebug("Response to petition is {0}".format(self._getJsonRepr(response)), lg.SOLVER_LEVEL, petitionId)
response["petition"] = self._getJsonWOFile(petition)
return response
def _getJsonRepr(self, json):
j = self._getJsonWOFile(json["file"]) if "file" in json else self._getJsonWOFile(json)
return "{0}".format(j)
def _getJsonWOFile(self, json):
needsCopy = json and "file" in json or (
"params" in json and json["params"] and (
"file" in json["params"] or "files" in json["params"]
)
) or "storage" in json
if needsCopy:
copy = self._getCopy(json)
if ("file" in copy):
copy["file"] = "FILE DATA OMITTED" if copy["file"] else "EMPTY FILE"
if ("storage" in copy):
if ("file" in copy["storage"]):
copy["storage"]["file"] = "FILE DATA OMITTED" if copy["storage"]["file"] else "EMPTY FILE"
if("params" in copy):
if("files" in copy["params"]):
for f in copy['params']["files"]:
f["file"] = "FILE DATA OMITTED" if f["file"] else "EMPTY FILE"
if("file" in copy["params"]):
copy["params"]["file"] = "FILE DATA OMITTED" if copy["params"]["file"] else "EMPTY FILE"
return copy
else:
return json
def _getCopy(self, json):
import copy
copy = copy.deepcopy(json)
return copy
def _manageError(self, err, petition, petitionId):
from error import usuarioError
innerError = err if isinstance(err, usuarioError) else usuarioError()
lg = Log.Instance()
lgMethod = lg.logWarning if innerError.code < 400 else lg.logError
lgMethod("{0} found while resolving petition {1}".format( str(innerError) , petitionId), lg.SOLVER_LEVEL, petitionId)
response = {
"response":"fail",
"error" : {
"code" : "{0}".format(innerError.code),
"message" : str(innerError)
}
}
return response
def _getPetitionId(self):
import uuid
uuidObj = uuid.uuid4()
return uuidObj.hex
def _getDBTemplate(self, templateName):
dbTemplateProvider = None
if not dbTemplateProvider:
from db_template_provider import DBTemplateProvider
dbTemplateProvider = DBTemplateProvider.Instance()
return dbTemplateProvider.getDBTemplate(templateName)
def _findFunction(self, functionName, entityType):
queryFunction = self._getDBTemplate("FIND_FUNCTION_ID").format(functionName)
rows = entityType._resolveQuery(queryFunction, function=functionName, audit=False)
if rows:
functionId = rows[0]
fcId = functionId[0]
return fcId
return 0
def _findEntity(self, entityName, entityType):
queryEntity = self._getDBTemplate("FIND_ENTITY_ID").format(entityName)
rows = entityType._resolveQuery(queryEntity, audit=False)
if rows:
entityId = rows[0]
entId = entityId[0]
return entId
return 0
def _addOperation(self, function, entityName, entity, newId, typeOper, petitionId):
lg = Log.Instance()
functionId = self._findFunction(function, entity)
entityId = self._findEntity(entityName, entity)
queryOperation = ""
if typeOper:
queryOperation = self._getDBTemplate("CREATE_OPERATIONS").format(newId, functionId, entityId, 0, 2)
else:
queryOperation = self._getDBTemplate("CREATE_OPERATIONS").format(newId, functionId, entityId, 0, 1)
entity._resolveUpdate(queryOperation, False)
lg.logDebug("Operation Added: {0}".format(newId), lg.SOLVER_LEVEL, petitionId)
def _getPetition(self, entityType, petitionId):
queryPetition = self._getDBTemplate("FIND_PETITION_ID").format(petitionId)
required = []
rows = entityType._resolveQuery(queryPetition, audit=False)
if rows:
petId = rows[0]
petId_ = petId[0]
return petId_
return 0
def _operationsManager(self, params, petitionId, key, entityType, entityName, function, typeOper, petition):
entity = None
newId = 0
lg = Log.Instance()
try:
entity = entityType(params, key, petitionId)
if typeOper:
jsonStr = self._getJsonRepr(petition).replace("\'", "\\\'")
userName = self._findUserName(entity, key)
if self.userId != -1:
queryRegistry = self._getDBTemplate("CREATE_REGISTRY_PETITIONS").format(petitionId, jsonStr, "final", 0, self.userId, userName, 5)
lg.logDebug("REGISTRY QUERY: {0}".format(jsonStr), lg.SOLVER_LEVEL, petitionId)
newId = entity._resolveUpdate(queryRegistry, audit=False)
if newId > 0:
lg.logDebug("Petition Added: {0}".format(jsonStr), lg.SOLVER_LEVEL, petitionId)
self._addOperation(function, entityName, entity, newId, True, petitionId)
else:
return False
return True
else:
return False
else:
newId = self._getPetition(entity, petitionId)
self._addOperation(function, entityName, entity, newId, False, petitionId)
except Exception as e:
lg.logError(self._manageError(e, petition, petitionId), lg.SOLVER_LEVEL, petitionId)
return False
def _findUserName(self, entity, key):
userTemplate = self._getDBTemplate("QUERY_USER_BY_KEY").format(key)
rowsId = entity._resolveQuery(userTemplate)
if rowsId:
self.userId = rowsId[0][0]
nameTemplate = self._getDBTemplate("QUERY_USERNAME").format(self.userId)
rowsUsr = entity._resolveQuery(nameTemplate)
if rowsUsr:
userName = rowsUsr[0][0]
return userName
return None
and the error is
and the logs are the nexts
[Thu Jun 18 12:04:37.413641 2015] [wsgi:error] [pid 2048:tid 4367495168] [client ::1:49302] mod_wsgi (pid=2048): Exception occurred processing WSGI script '/Users/usuario/Sites/usuariocloud/server/controller.wsgi'., referer: http://localhost:8080/\
[Thu Jun 18 12:04:37.413692 2015] [wsgi:error] [pid 2048:tid 4367495168] [client ::1:49302] Traceback (most recent call last):, referer: http://localhost:8080/\
[Thu Jun 18 12:04:37.413719 2015] [wsgi:error] [pid 2048:tid 4367495168] [client ::1:49302] File "/Users/usuario/Sites/usuariocloud/server/controller.wsgi", line 53, in application, referer: http://localhost:8080/\
[Thu Jun 18 12:04:37.413759 2015] [wsgi:error] [pid 2048:tid 4367495168] [client ::1:49302] response = solver.solvePetition(petition, userAgent=userAgent), referer: http://localhost:8080/\
[Thu Jun 18 12:04:37.413775 2015] [wsgi:error] [pid 2048:tid 4367495168] [client ::1:49302] File "/Users/usuario/Sites/usuariocloud/server/petition_solver/solver.py", line 13, in solvePetition, referer: http://localhost:8080/\
[Thu Jun 18 12:04:37.413795 2015] [wsgi:error] [pid 2048:tid 4367495168] [client ::1:49302] lg = Log.Instance(), referer: http://localhost:8080/\
[Thu Jun 18 12:04:37.413805 2015] [wsgi:error] [pid 2048:tid 4367495168] [client ::1:49302] File "/Users/usuario/Sites/usuariocloud/server/petition_solver/singleton.py", line 34, in Instance, referer: http://localhost:8080/\
[Thu Jun 18 12:04:37.413823 2015] [wsgi:error] [pid 2048:tid 4367495168] [client ::1:49302] self._instance = self._decorated(), referer: http://localhost:8080/\
[Thu Jun 18 12:04:37.413833 2015] [wsgi:error] [pid 2048:tid 4367495168] [client ::1:49302] File "/Users/usuario/Sites/usuariocloud/server/petition_solver/log.py", line 24, in __init__, referer: http://localhost:8080/\
[Thu Jun 18 12:04:37.413849 2015] [wsgi:error] [pid 2048:tid 4367495168] [client ::1:49302] os.makedirs(directory), referer: http://localhost:8080/\
[Thu Jun 18 12:04:37.413859 2015] [wsgi:error] [pid 2048:tid 4367495168] [client ::1:49302] File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/os.py", line 157, in makedirs, referer: http://localhost:8080/\
[Thu Jun 18 12:04:37.413878 2015] [wsgi:error] [pid 2048:tid 4367495168] [client ::1:49302] mkdir(name, mode), referer: http://localhost:8080/\
[Thu Jun 18 12:04:37.413897 2015] [wsgi:error] [pid 2048:tid 4367495168] [client ::1:49302] OSError: [Errno 13] Permission denied: '//logs', referer: http://localhost:8080/\
[Thu Jun 18 12:54:13.192665 2015] [mpm_worker:notice] [pid 2046:tid 140735125234432] AH00295: caught SIGTERM, shutting down\
Your code is trying to write to a log file using a relative path. You cannot do that as the current working directory of the process will be '/' and not where your code is. See:
http://code.google.com/p/modwsgi/wiki/ApplicationIssues#Application_Working_Directory
Use an absolute path explicitly, or calculate it relative to the code location by using os.path.dirname(__file__) as a base.
Related
Trying to set up Secure WebSocket on Apache 2.4.29 and Ubuntu 18.04
I have been trying for weeks to get a websocket working on my SSL secure Apache 2.4.29 server running on Ubuntu 18.04.
Here is the code I am using to set up a secure wss:// protocol websocket:
// Minimal amount of secure websocket server
var fs = require('fs');
// read ssl certificate
var privateKey = fs.readFileSync('/path/to/privkey.pem', 'utf8');
var certificate = fs.readFileSync('/path/to/fullchain.pem', 'utf8');
var credentials = {
key: privateKey,
cert: certificate
};
var https = require('https');
//pass in your credentials to create an https server
var httpsServer = https.createServer(credentials);
httpsServer.listen(8080);
var WebSocketServer = require('ws').Server;
var wss = new WebSocketServer({
server: httpsServer
});
httpsServer.on('upgrade', wss.handleUpgrade);
wss.on('connection', function connection(ws) {
wss.on('message', function incoming(message) {
console.log('received: %s', message);
wss.send('reply from server : ' + message)
});
wss.send('something');
});
Here is some of my ssl <VirtualHost *:443> where I am trying to do a ProxyPass:
> LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
> LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
> LoadModule proxy_ajp_module /usr/lib/apache2/modules/mod_proxy_ajp.so
> LoadModule proxy_connect_module /usr/lib/apache2/modules/mod_proxy_connect.so
> LoadModule proxy_express_module /usr/lib/apache2/modules/mod_proxy_express.so
> LoadModule proxy_fcgi_module /usr/lib/apache2/modules/mod_proxy_fcgi.so
> LoadModule proxy_ftp_module /usr/lib/apache2/modules/mod_proxy_ftp.so
> LoadModule proxy_html_module /usr/lib/apache2/modules/mod_proxy_html.so
> LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
> LoadModule proxy_scgi_module /usr/lib/apache2/modules/mod_proxy_scgi.so
> LoadModule proxy_wstunnel_module /usr/lib/apache2/modules/mod_proxy_wstunnel.so
> LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so
>
> LoadModule log_forensic_module /usr/lib/apache2/modules/mod_log_forensic.so
> <IfModule log_forensic_module>
> ForensicLog /var/log/apache2/forensic_log
> </IfModule>
>
> SSLEngine on
> SSLCertificateFile /etc/letsencrypt/live/taskhandle.io/fullchain.pem
> SSLCertificateKeyFile /etc/letsencrypt/live/taskhandle.io/privkey.pem
>
> AllowEncodedSlashes NoDecode
>
> #SSL Connect
> SSLProxyVerify none
> SSLProxyCheckPeerCN off
> SSLProxyCheckPeerName off
> SSLProxyCheckPeerExpire off
>
> SSLProxyEngine on
> RewriteEngine on
> ProxyRequests off
> ProxyPreserveHost On
> RewriteCond %{HTTP:Upgrade} websocket [NC]
> RewriteCond %{HTTP:Connection} upgrade [NC]
> RewriteRule /(.*) "wss:/localhost:8080/$1" [P,L]
>
> # the WebSocket Proxying
> ProxyPass "/app/ws" "ws://localhost:8090/app/ws"
> # the common app proxying
> ProxyPass "/app" "http://localhost:8090/app"
> ProxyPassReverse "/app" "http://localhost:8088/app"
>
> ProxyPass "/wss2" "wss://localhost:8080/"
> ProxyPassReverse "/wss2" "wss://localhost:8080/"
>
> ProxyPass "/wss" "ws://localhost:8080/"
> ProxyPassReverse "/wss" "ws://localhost:8080/"
>
> ServerName taskhandle.io
> SSLCertificateFile /etc/letsencrypt/live/taskhandle.io/fullchain.pem
> SSLCertificateKeyFile /etc/letsencrypt/live/taskhandle.io/privkey.pem
> Include /etc/letsencrypt/options-ssl-apache.conf
> </VirtualHost>
> </IfModule>
But when I run the websocket using 'nodejs index.js' from the command line, then try to access the websocket from a client browser using
var conn = new WebSocket('wss://mywebsite.io:8080');
conn.onopen = function(e) {
console.log("Connection established!");
};
I get a 500 response code on the client side, and in the apache error log it says:
> "[Sun Jun 21 21:10:20.487029 2020] [proxy:warn] [pid 30076] [client
> 208.87.239.180:34995] AH01144: No protocol handler was valid for the URL /wss2 (scheme 'wss'). If you are using a DSO version of mod_proxy,
> make sure the proxy submodules are included in the configuration using
> LoadModule."
which is strange because I am pretty sure I have all the submodules enabled and loaded. I wonder if it might be an issue with the headers not being proxied. Here are the headers being received in my access log when I try to establish the websocket connection:
**GET /wss2 HTTP/1.1|Host:taskhandle.io|Pragma:no-cache|Cache-Control:no-cache|User-Agent:Mozilla/5.0
(Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/81.0.4044.138
Safari/537.36|Origin:https%3a//stackoverflow.com|Sec-WebSocket-Version:13|Accept-Encoding:gzip,
deflate|Accept-Language:en-US,en;q=0.9|Cookie:_ga=GA1.2.1978077118.1589209571;
_gid=GA1.2.1472919475.1592682267|Sec-WebSocket-Key:WyjiHAZ3HPj0lcvvVGzq9Q==|Sec-WebSocket-Extensions:permessage-deflate;
client_max_window_bits|Via:1.1 hosted.websense
02o|X-Forwarded-For:68.12.180.212|Client-IP:68.12.180.212
-30076:5eefccbc:1**
If you notice there is not a Connection: Upgrade or Upgrade: websocket header present in the request header being received in my access log...
Please help I have been struggling for weeks to get this websocket working. I have also tried setting up the websocket using Ratchet in PHP but still having the same issue whether I use node or ratchet.
Apache reverse proxy with cross origin (CORS): CentOS 7 / implement SSO (single sign on)
I am using Apache(2.4.23) reserve proxy(192.168.1.208) in CentOS 7.2 to do crossing origin so that I could send cookies from one domain to the other.
Our application (location in 192.168.1.210, using splunk Java sdk to sent request (http://192.168.0.208/splunk) to apache server (192.168.0.208). And apache reserver proxy will send request in turn to splunk server which listens to port 8000 in the same server. The purpose is to send cookies also to splunk server (192.168.0.208:8000) in order to make SSO. But I failed to send cookie to splunk server.
Our httpd.conf configuration is as follows:
ServerRoot "/usr/local/apache"
Listen 80
# Example:
# LoadModule foo_module modules/mod_foo.so
#
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule filter_module modules/mod_filter.so
LoadModule mime_module modules/mod_mime.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule headers_module modules/mod_headers.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule dir_module modules/mod_dir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
<IfModule unixd_module>
User apache
Group apache
</IfModule>
ServerAdmin you#example.com
ServerName 192.168.1.208:80
<Directory />
AllowOverride All
Require all denied
</Directory>
DocumentRoot "/usr/local/apache/htdocs"
<Directory "/usr/local/apache/htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
<Files ".ht*">
Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel debug
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access_log" common
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/"
</IfModule>
<IfModule cgid_module>
</IfModule>
<Directory "/usr/local/apache/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule mime_module>
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
</IfModule>
# Virtual hosts
Include conf/extra/httpd-vhosts.conf
<IfModule proxy_html_module>
Include conf/extra/proxy-html.conf
</IfModule>
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
<location /api/move >
Order deny,allow
Allow from all
</location>
httpd-vhost.conf
<VirtualHost *:80>
ProxyRequests Off
ProxyPreserveHost On
<Location "/splunk">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
Header set Access-Control-Allow-Origin *
Header set Access-Control-Allow-Methods "GET, POST, OPTIONS"
Header set Access-Control-Allow-Headers "Content-Type"
Order deny,allow
Allow from all
RewriteEngine on
RewriteCond %{HTTP_COOKIE} ssouser=([^;]+) [NC]
RewriteRule .* - [E=RU:%1]
RequestHeader set REMOTE-USER %{RU}e
ProxyPass http://192.168.1.208:8000/splunk
ProxyPassReverse http://192.168.1.208:8000/splunk
</location>
</VirtualHost>
In Splunk, I have server.conf and web.conf two configuation files in /opt/splunk/etc/system/local/ folder.
server.conf
[general]
trustedIP = 192.168.1.208
serverName = Splunk_Core_02
pass4SymmKey = $7$RRvdYDdIlj4P2geQdtHluTRb7OfvZhTFTZGJ7z5JiZAkJ6Q1at6j0Q==
sessionTimeout = 30s
[sslConfig]
sslPassword = $7$m6pB5a0PWFg64VlNZGgunhGElO3qLiAc6NrhfLO+tpX2jR7WC7qm1Q==
[lmpool:auto_generated_pool_download-trial]
description = auto_generated_pool_download-trial
quota = MAX
slaves = *
stack_id = download-trial
[lmpool:auto_generated_pool_forwarder]
description = auto_generated_pool_forwarder
quota = MAX
slaves = *
stack_id = forwarder
[lmpool:auto_generated_pool_free]
description = auto_generated_pool_free
quota = MAX
slaves = *
stack_id = free
[license]
active_group = Enterprise
[diskUsage]
minFreeSpace = 1024
[lmpool:test_splunk]
quota = MAX
slaves = *
stack_id = enterprise
web.conf
# Version 7.2.4
[default]
[settings]
#SSO
SSOMode = permissive
trustedIP = 192.168.1.208
remoteUser = REMOTE-USER
tools.proxy.on = False
root_endpoint = /splunk
enableSplunkWebSSL = 0
httpport = 8000
mgmtHostPort = 127.0.0.1:8089
appServerPorts = 8065
splunkdConnectionTimeout = 30
enableSplunkWebClientNetloc = False
privKeyPath = $SPLUNK_HOME/etc/auth/splunkweb/privkey.pem
serverCert = $SPLUNK_HOME/etc/auth/splunkweb/cert.pem
sslVersions = tls1.2
cipherSuite = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
ecdhCurves = prime256v1, secp384r1, secp521r1
# external UI URIs
userRegistrationURL = https://www.splunk.com/page/sign_up
updateCheckerBaseURL = https://quickdraw.splunk.com/js/
docsCheckerBaseURL = https://quickdraw.splunk.com/help
showProductMenu = False
productMenuLabel = My Splunk
showUserMenuProfile = False
productMenuUriPrefix = https://splunkcommunities.force.com
x_frame_options_sameorigin = True
remoteUserMatchExact = 0
remoteGroupsMatchExact = 0
remoteGroupsQuoted = True
allowSsoWithoutChangingServerConf = 0
static_endpoint = /static
static_dir = share/splunk/search_mrsparkle/exposed
testing_endpoint = /testing
testing_dir = share/splunk/testing
rss_endpoint = /rss
embed_uri =
embed_footer = splunk>
template_dir = share/splunk/search_mrsparkle/templates
module_dir = share/splunk/search_mrsparkle/modules
enable_gzip = True
use_future_expires = True
flash_major_version = 9
flash_minor_version = 0
flash_revision_version = 124
enable_proxy_write = True
js_logger_mode = None
js_logger_mode_server_end_point = util/log/js
js_logger_mode_server_poll_buffer = 1000
js_logger_mode_server_max_buffer = 100
ui_inactivity_timeout = 60
enable_insecure_login = True
simple_error_page = False
cacheBytesLimit = 4194304
cacheEntriesLimit = 16384
staticCompressionLevel = 9
enable_autocomplete_login = False
verifyCookiesWorkDuringLogin = True
login_content =
enabled_decomposers = plot
minify_js = True
minify_css = True
trap_module_exceptions = True
enable_pivot_adhoc_acceleration = True
pivot_adhoc_acceleration_mode = Elastic
jschart_test_mode = False
jschart_truncation_limit.chrome = 50000
jschart_truncation_limit.firefox = 50000
jschart_truncation_limit.safari = 50000
jschart_truncation_limit.ie11 = 50000
jschart_series_limit = 100
jschart_results_limit = 10000
choropleth_shape_limit = 10000
dashboard_html_allow_inline_styles = true
dashboard_html_allow_iframes = true
max_view_cache_size = 1000
pdfgen_is_available = 1
listenOnIPv6 = no
log.access_file = web_access.log
log.access_maxsize = 25000000
log.access_maxfiles = 5
log.error_maxsize = 25000000
log.error_maxfiles = 5
log.screen = True
request.show_tracebacks = True
engine.autoreload_on = False
tools.sessions.on = True
tools.sessions.timeout = 1
tools.sessions.restart_persist = True
tools.sessions.httponly = True
tools.sessions.secure = True
tools.sessions.forceSecure = False
response.timeout = 7200
tools.sessions.storage_type = file
tools.sessions.storage_path = var/run/splunk
tools.decode.on = True
tools.encode.on = True
tools.encode.encoding = utf-8
override_JSON_MIME_type_with_text_plain = True
job_min_polling_interval = 100
job_max_polling_interval = 1000
acceptFrom = *
maxThreads = 0
maxSockets = 0
dedicatedIoThreads = 0
keepAliveIdleTimeout = 7200
busyKeepAliveIdleTimeout = 12
forceHttp10 = auto
# Controls CORS headers sent with responses. This only takes effect when appServerPorts is set to a non-zero value.
crossOriginSharingPolicy =
allowSslCompression = false
allowSslRenegotiation = true
sendStrictTransportSecurityHeader = false
enableWebDebug = true
allowableTemplatePaths =
enable_risky_command_check = true
loginCustomLogo =
customFavicon =
loginBackgroundImageOption = default
loginCustomBackgroundImage =
loginFooterOption = default
loginFooterText =
loginDocumentTitleOption = default
loginDocumentTitleText =
loginPasswordHint =
appNavReportsLimit = 500
When I click the link in our application (192.1.168.210), it invokes splunk java sdk and send request (http://192.168.1.208/splunk) to (http://192.168.1.208/splunk/en-GB/account/login?return_to=%2Fsplunk%2Fen-GB%2F). I could not find cookie. I even could not enable SSO. How could it be?
I have SSO debug page shown below:
fail2ban: apache-auth isn't banning failed login attempts
Trying to implement fail2ban on a Linux Mint 17.1 and cant seem to get it to ban me after multiple login attempts against apache-auth.
I followed this guide to get started.
I think its a problem with the apache-auth regex but cant get it right.
jail.local
[apache]
enabled = true
port = 80,443
filter = apache-auth
logpath = /var/log/apache2/*error.log
maxretry = 3
bantime = 600
##ignoreip = 192.168.3.70
##To block the remote host that is trying to request suspicious URLs, use the below jail.
[apache-overflows]
enabled = true
port = http,https
filter = apache-overflows
logpath = /var/log/apache2/*error.log
maxretry = 3
bantime = 600
ignoreip = 192.168.3.70
##To block the remote host that is trying to search for scripts on the website to execute, use the below jail.
[apache-noscript]
enabled = true
port = http,https
filter = apache-noscript
logpath = /var/log/apache2/*error.log
maxretry = 3
bantime = 600
ignoreip = 192.168.3.70
##To block the remote host that is trying to request malicious bot, use below jail.
[apache-badbots]
enabled = true
port = http,https
filter = apache-badbots
logpath = /var/log/apache2/*error.log
maxretry = 3
bantime = 600
ignoreip = 192.168.3.70
##To stop DOS attack from remote host.
[http-get-dos]
enabled = true
port = http,https
filter = http-get-dos
logpath = /var/log/apache*/access.log
maxretry = 400
findtime = 400
bantime = 200
##ignoreip = 192.168.3.70
action = iptables[name=HTTP, port=http, protocol=tcp]
apache-auth.conf
[INCLUDES]
before = apache-common.conf
[Definition]
failregex = ^%(_apache_error_client)s (AH01797: )?client denied by server configuration: (uri )?\S*(, referer: \S+)?\s*$
^%(_apache_error_client)s (AH01617: )?user .*? authentication failure for "\S*": Password Mismatch(, referer: \S+)?$
^%(_apache_error_client)s (AH01618: )?user .*? not found(: )?\S*(, referer: \S+)?\s*$
^%(_apache_error_client)s (AH01614: )?client used wrong authentication scheme: \S*(, referer: \S+)?\s*$
^%(_apache_error_client)s (AH\d+: )?Authorization of user \S+ to access \S* failed, reason: .*$
^%(_apache_error_client)s (AH0179[24]: )?(Digest: )?user .*?: password mismatch: \S*(, referer: \S+)?\s*$
^%(_apache_error_client)s (AH0179[01]: |Digest: )user `.*?' in realm `.+' (not found|denied by provider): \S*(, referer: \S+)?\s*$
^%(_apache_error_client)s (AH01631: )?user .*?: authorization failure for "\S*":(, referer: \S+)?\s*$
^%(_apache_error_client)s (AH01775: )?(Digest: )?invalid nonce .* received - length is not \S+(, referer: \S+)?\s*$
^%(_apache_error_client)s (AH01788: )?(Digest: )?realm mismatch - got `.*?' but expected `.+'(, referer: \S+)?\s*$
^%(_apache_error_client)s (AH01789: )?(Digest: )?unknown algorithm `.*?' received: \S*(, referer: \S+)?\s*$
^%(_apache_error_client)s (AH01793: )?invalid qop `.*?' received: \S*(, referer: \S+)?\s*$
^%(_apache_error_client)s (AH01777: )?(Digest: )?invalid nonce .*? received - user attempted time travel(, referer: \S+)?\s*$
apache-common.conf
_apache_error_client = \[[^]]*\] \[(error|\S+:\S+)\]( \[pid \d+:\S+\d+\])? \[client <HOST>(:\d{1,5})?\]
/var/log/apache2/error.log
[Thu Aug 02 23:03:42.143209 2018] [auth_basic:error] [pid 8025] [client 192.168.3.60:54788] AH01618: user aaa not found: /SEC/test.php
[Thu Aug 02 23:03:43.216097 2018] [auth_basic:error] [pid 8025] [client 192.168.3.60:54788] AH01618: user aaa not found: /SEC/test.php
[Thu Aug 02 23:03:44.124570 2018] [auth_basic:error] [pid 8025][client 192.168.3.60:54788] AH01618: user aaa not found: /SEC/test.php
[Thu Aug 02 23:03:45.104747 2018] [auth_basic:error] [pid 8025][client 192.168.3.60:54788] AH01618: user aaa not found: /SEC/test.php
[Thu Aug 02 23:03:46.001161 2018] [auth_basic:error] [pid 8025][client 192.168.3.60:54788] AH01618: user aaa not found: /SEC/test.php
[Thu Aug 02 23:03:46.871802 2018] [auth_basic:error] [pid 8025][client 192.168.3.60:54788] AH01618: user aaa not found: /SEC/test.php
[Thu Aug 02 23:03:47.843740 2018] [auth_basic:error] [pid 8025][client 192.168.3.60:54788] AH01618: user aaa not found: /SEC/test.php
As I said I think the problem is in the regex, since the http-get-dos jail worked fine. The regex for apache-common.conf doesn't look right since my log files seem to follow a different standard, BUT I'm not sure if that's true or how to properly format the regex.
ANy help is appreciated.
Found my problem
I had to change the line in apache-common.conf to the following;
_apache_error_client = \[[^]]*\] \[(error|\S+:\S+)\]( \[pid \d+\])? \[client <HOST>(:\d{1,5})?\]
The difference being in the PID section. I used Regex101 to work the expression until it matched.
Using custom functions in Volt force apache process to die
I worked with Phalcon and Volt under WAMP. Recently we moved to another dev environment (CentOS) and there I have PHP 5.5.17 with latest Phalcon build (I compiled and tested 2 versions lower as well).
Now, when Volt tries to compile template with custom function, it crashes (PHP process). The same is
about custom filters.
Error log of Apache
[Tue Sep 30 06:06:24.809476 2014] [proxy_fcgi:error] [pid 31199:tid 140596014397184] (104)Connection reset by peer: [client 10.0.2.2:53931] AH01075: Error dispatching request to :3080:
[Tue Sep 30 06:06:27.216226 2014] [proxy_fcgi:error] [pid 31200:tid 140596161255168] [client 10.0.2.2:53941] AH01067: Failed to read FastCGI header
[Tue Sep 30 06:06:27.216249 2014] [proxy_fcgi:error] [pid 31200:tid 140596161255168] (104)Connection reset by peer: [client 10.0.2.2:53941] AH01075: Error dispatching request to :3080:
PHP error log
[30-Sep-2014 06:06:27] WARNING: [pool www] child 32519 exited on signal 11 (SIGSEGV - core dumped) after 204.725812 seconds from start
[30-Sep-2014 06:06:27] NOTICE: [pool www] child 32529 started
PHP code looks like
$di->set('view', function () use ($config) {
$view = new View();
$view->setViewsDir($config->application->viewsDir);
$view->registerEngines(array(
'.volt' => function ($view, $di) use ($config) {
$volt = new VoltEngine($view, $di);
$volt->setOptions(array(
'compiledPath' => $config->application->cacheDir,
'compiledSeparator' => '_',
'compileAlways' => $config->application->debug
));
$compiler = $volt->getCompiler();
$compiler->addFunction(
'last',
function ($resolvedArgs) use ($compiler) {
return 'array_pop('. $resolvedArgs .')';
}
);
return $volt;
}
));
return $view;
}, true);
And in Volt for example
{{ last(['1', '2', '3']) }}
And I really stuck on this problem, because I have pretty a lot of custom functions and I do need them. Tried to debug it, but, as soon as volt tried to parse line with custom function, process die.
Phalcon bug submitted. Solution: totally disable xdebug for current build. More here: https://github.com/xdebug/xdebug/pull/120
Several error_log() messages on same line in error log
I have this PHP code :
error_log('my message 1');
....
error_log('my message 2');
...
error_log('my message 3');
This produces in apache error_log one line with all messages :
[Wed Nov 13 17:24:55.880399 2013] [proxy_fcgi:error] [pid xx] [client xxx] AH01071: Got error 'PHP message: my message 1\n'PHP message: my message 2\n'PHP message: my message 3
My config :
Apache 2.4
PHP : 5.4
PHP-FPM with proxypassmatch directive.
My question : Why messages are on the same line, and how to do to have one line per message ?
Thanks for yours answers.
EDIT
One line per message should look like :
[Wed Nov 13 17:24:55.880399 2013] [proxy_fcgi:error] [pid xx] [client xxx] AH01071: Got error 'PHP message: my message 1'
[Wed Nov 13 17:24:55.880399 2013] [proxy_fcgi:error] [pid xx] [client xxx] AH01071: Got error 'PHP message: my message 2'
[Wed Nov 13 17:24:55.880399 2013] [proxy_fcgi:error] [pid xx] [client xxx] AH01071: Got error 'PHP message: my message 3'
error_log("error message \r\n");
PHP disregards special ASCII characters within single quotes(it renders it as separate chars), you need to use double quotes.
In addition:
You should open your php.ini file, the one in the /etc/php5/apache2/ folder, and chnage the error_log directive to point to a file.
It is important that Apache will have sufficient privileges to write into this file.
so
chown www-data:www-data /var/www/somefile.log
should do it
If it's currently undefined, the logs will go through syslog, and there new lines are not allowed.
Additional edit:
To penetrate output buffering you need to raise an exception.
example:
try{
ob_start();
doSomething($userInput);
ob_end_flush();
}
catch(Exception $e){
error_log($e->getMessage());
}
function doSomething($data = null){
if($data === null){
throw new Exception("Data is required");
}
else{
//do something
}
}
User \r\n
error_log("my message 1\r\n");
....
error_log("my message 2\r\n");
...
error_log("my message 3\r\n");