- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- CGI over SSL
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-29-2009 11:32 PM
06-29-2009 11:32 PM
CGI over SSL
Situation: Page accessed over https contains link leading to CGI-procedure (same server, same port).
Configuration equal on both systems, except for certificatefile and mapping.
On both systems, the page is shown correctly, but on one system, the link shows the right result; on the other system, the link results in "Page not found", but the file does exist and protection should not constitute a problem:
(IDENTIFIER=[AP_HTTPD,APACHE$WWW],ACCESS=READ+WRITE+EXECUTE)
(IDENTIFIER=APPL_USER,ACCESS=READ+EXECUTE)
(The second identifier is granted to APACHE$WWW)
OpenVMS Developer & System Manager
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-30-2009 09:33 PM
06-30-2009 09:33 PM
Re: CGI over SSL
I'm no Apache expert (give me WASD any day) but if the mappings are not identical could that be the problem?
Does VMS log any security audit alarms when you try to access the "missing" page?
Regards,
Jeremy Begg
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-30-2009 10:30 PM
06-30-2009 10:30 PM
Re: CGI over SSL
Source: APPL_SUB_CGI ==> APPL_ROOTY:[SUB.CGI]
Target: APPL_SUB_CGI ==> ANOTHERROOT:[SUB.CGI]
That is: the name used in the URL maps are equal but the mapping is different. But as long as these logicals are referring to the right location (they do) and are defined when APACHE starts (/SYSTEM - they do) this should not be a problem.
And it isn't; static pages are aside the CGI directory (root:[SUB.HTML]) and can be accessed.
Logs (ACC, Audit) show nothing, The apache access log just that the result of the URL of HTML pages is 200, but accessing a CGI procedure (any, in fact) is 404, and that's the problem to solve...
"give me WASD any day": Count me in. If I were in a position to change webserver over here, I would. I wouldn't have this problem anyway - and I wouldn't need ITRC to solve it.
OpenVMS Developer & System Manager
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-30-2009 10:36 PM
06-30-2009 10:36 PM
Re: CGI over SSL
OpenVMS Developer & System Manager
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-02-2009 11:39 PM
07-02-2009 11:39 PM
Re: CGI over SSL
We found that mapping using a logical that contains a "$" seems to be part of the problem:
ScriptAlias /APPL-sub-cgi/ "appl$sub:[cgi]"
results in a " Page not found" error (404).
Now this has been changed to
ScriptAlias /APPL-sub-cgi/ "appl_sub:[cgi]"
after this logical was added to LNM$SYSTEM.
Restarted CSWS, of course.
Next, we get "Internal server error" and ERROR_LOG shows:
File does not exist: /apache$root/htdocs/APPL-sub-cgi
That is correct: that file doesn't exist.
It seems mapping is simply not done!
However, the logical appl$sub_root is used in Documentroot, ErrorLog and Customlog, and that does NOT cause problems.
It seems mapping is simply not done.
OpenVMS Developer & System Manager
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-06-2009 12:51 AM
07-06-2009 12:51 AM
Re: CGI over SSL
Multiple issues in the configuration of this virtual host caused the problems:
* failure finding the files (both CGI-procedure and static page) was cause by the naming of the logicals:
ScriptAlias /appl_sub/ "/appl_sub/cgi"
is fine with, or without SSL, but
ScriptAlias /appl_sub/ "/appl$sub/cgi"
causes "page not found" (code 404) when SSL is enabled.
* An error in the configuration was completely overlooked. The original file contains the right line:
AddHandler cgi-script .cgi .com .exe
but the failing configuration contained:
AddHandler .cgi .com .exe
However, without SSL, the script was executed; with SSL, this error caused start of download - and failre because "CGI" was not found; if the URL contained the full name ("CGI.COM") there would not be a problem.
When we chnaged the logicals of DocumentRoot and the mapping rules and removed "$" - and deassignd the logicals - the server did not start. This was an easy guess: the removed logicals were still used in the definition of the logfiles... But IMHO, SWS should have signalled an error or warning; even more: should run and serve hosts that were properly defined...
OpenVMS Developer & System Manager
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-06-2009 12:55 AM
07-06-2009 12:55 AM
Re: CGI over SSL
OpenVMS Developer & System Manager