[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-developers] ssl fix for httpd.conf in RIPE-land

Subject: Re: [cobalt-developers] ssl fix for httpd.conf in RIPE-land
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Date: Sun Dec 1 16:46:01 2002
Organization: nobaloney.net
List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>

In general, this is NOT the place to notify Cobalt, but I'm taking the
trouble to send a bcc of this post to someone who may be able to help
the code into a future upgrade (hence the complete copy).

Jeff

Frans ter Borg wrote:
> 
> hiya,
> 
> A client of ours recently pointed out that they had problems enabling SSL
> for sites hosted on their server. Generating a self-signed certificate and
> enabling ssl for a specific site on that server did indeed not work. Also
> the mgmt interface became unavailable at http://server/admin but could
> only be accessed via the http://server/.cobalt/sysManage pages.
> 
> It took a while to find out what was going on.
> 
> there is some dynamics in the /etc/httpd/conf/httpd.conf in which it
> parses itsself and verifies the existence of a file relating to ssl for a
> certain site. If so, it will generate a VirtualHost section for that site.
> These dynamics are between <PERL></PERL> tags.
> 
> The code will work for most people out there, but for this client it did
> not. The code mentioned the following:
> 
>         s/80/443/go if (/^Rewrite/);
> 
> Sounds like a plan, but if you have an IP address which includes the
> number 80, it will become mangled - ex. RIPE has recently started
> allocating from 80.0.0.0/8 so addresses from that range will be changed
> into 443.0.0.0/8 addresses (which obviously don't exist)
> 
> Changing the above line by
> 
>         s/\:80/\:443/go if (/^Rewrite/);
> 
> Will solve the problem, as only the port section of the address lines need
> to be changed.
> 
> I suppose it would be good for SUN to patch this as more and more new
> servers in Europe will be deployed in the 80.0.0.0/8 IP range and more
> people will run into this issue. I'm too new to this forum to know how to
> make this known to SUN's people though, so I hope they'll read it here...
> 
> Regards,
> 
> Frans
> 
> --
> Quanza Engineering B.V.              Elandsstraat 44
> Frans ter Borg                       1016 SG Amsterdam
> E: frans@xxxxxxxxxx                  www.quanza.net
> 
> _______________________________________________
> cobalt-developers mailing list
> cobalt-developers@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-developers

-- 
Jeff Lasman, nobaloney.net, P. O. Box 52672, Riverside, CA  92517 US
Internet & Unix/Linux/Sun/Cobalt Consulting +1 909 778-9980
Our jblists address used on lists is for list email only
To contact us offlist: "http://www.nobaloney.net/contactus.html";

References:
- [cobalt-developers] ssl fix for httpd.conf in RIPE-land
  - From: Frans ter Borg

Prev by Date: [cobalt-developers] ssl fix for httpd.conf in RIPE-land
Next by Date: RE: [cobalt-developers] Restoring from the CMD Line
Previous by thread: [cobalt-developers] ssl fix for httpd.conf in RIPE-land
Next by thread: [cobalt-developers] Perl 5.x.x on Qube 2

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index