top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

FreebSD jailed Apache 2.4 rewrite/proxy module errors

+1 vote
542 views

Just set up a FreeBSD jail to run httpd in it and all works good except these two, rewrite/proxy modules.

These are error logs excerpts:

MOD_REWRITE error: 
[rewrite:crit] [pid 43447] (13)Permission denied: AH00666: mod_rewrite: could not init rewrite_mapr_lock_acquire in child 
MOD_PROXYÂ error: 
[proxy:crit] [pid 43447] (13)Permission denied: AH02479: could not init proxy_mutex in child 

Not sure permissions of what are being denied as html in document root is being served just fine when these modules are disabled.

I tried googling but found nothing but rubbish. Please help?

posted Aug 13, 2014 by anonymous

Looking for an answer?  Promote on:
Facebook Share Button Twitter Share Button LinkedIn Share Button

Similar Questions
+1 vote

In our setup, we need to do conditional-redirects. Till now, we were able to accomplish them, by using a smart combination of "RewriteCond", "RewriteRule" and "QSA".

However, we now face a situation, wherein we need to do re-directs, only if the original-URL does not contain POST-variables/parameters (although they may contain any number of GET-variables). Going through the "mod_rewrite" documentation, I could not find any way to do conditional-redirect, for URLs containing POST-variables/parameters.

Is it even possible to accomplish via HTTPD?

0 votes

Running Apache 2.4.7 and current configuration limiting access to a directory to only clients that can provide a trusted client certificate. Server is SSL host. Would like to modify configuration to allow "local" clients (127.0.0.1, etc. as defined by Require local auth provider) to access the directory without authenticating with a client certificate. So the local host may access the directory without SSL client auth, but all others must authenticate with a client certificate or access is forbidden. What is the best/proper way to do this?

I would like to use modern directives (avoiding Allow, Deny, Order etc. from mod_access_compat) but I am not clear how to combine Require related directives with mod_ssl options like SSLVerifyClient.

Thanks in advance?

0 votes

I have two handlers to be accessed. My motive is to use the second handler if the first handler returns DECLINED.

I have tried various combinations of SetHandler, AddHandler and AddType but none has worked as overriding takes place in all of these combinations.

Is there any method in Apache to use more than one handler without overriding?

0 votes

I am a bit confused about the mod_rewrite documentation. It shows this rule to block hotlinking:

RewriteCond "%{HTTP_REFERER}" "!^$"
RewriteCond "%{HTTP_REFERER}" "!www.example.com" [NC]
RewriteRule ".(gif|jpg|png)$" "-" [F,NC]

however, I'd think a better rule would be:

RewriteCond "%{HTTP_REFERER}" "^$" [OR]
RewriteCond "%{HTTP_REFERER}" "!(www.)?example.com/.*$" [OR,NC]
RewriteRule ".(gif|jpg|png)$" "-" [F,NC]

if I want to block anyone manually typing in a link (no referer) + hotlinking (probably has a referer). Do i need the [OR] on the 1st
RewriteCond and not the 2nd one? It seems to work with OR on both conditions.

0 votes

I want to allow a directory " /var/www/html/ldap" to two users according to IPs (192.168.1.2 192.168.1.7):

 Order allow,deny
 Allow from 192.168.1.2 192.168.1.7
 Satisfy any
 AuthName "LDAP Authentication"
 AuthType Basic

 AuthBasicProvider ldap
 AuthzLDAPauthoritative off
 AuthLDAPURL ldap://192.168.1.3/dc=example,dc=com?uid?sub?(objectClass=*)
 Require valid-user

but I don't want to allow a sub directory to 192.168.1.7 (I want it to be allowed only to 192.168.1.2):

I have tried to add:

 Order allow,deny
 Allow from 192.168.1.2
 Satisfy any
 AuthName "LDAP Authentication"
 AuthType Basic

 AuthBasicProvider ldap
 AuthzLDAPauthoritative off
 AuthLDAPURL ldap://192.168.1.3/dc=example,dc=com?uid?sub?(objectClass=*)
 Require valid-user

but it seems that 192.168.1.7 can reach to manager directory because it is a part of ldap directory, how can I forbid this?

...