[OT] Need some Apache Help

A zany geek soap opera full of bizarre characters, a sentient slime mold or two, and more jokes than you can shake a 10Base-T networking card at.

Moderators: stjen, Lady_Phoenix, jtdarlington, MaxJenius, kmd

[OT] Need some Apache Help

Postby jtdarlington on Sat Dec 10, 2005 8:58 am

I have no idea if anyone out there can help with this, but since it's really starting to annoy me, I thought I'd at least give it a try. As I'll be mentioning in Monday's news post, the GPF Store has been down for months because I had some problems with the storefront software I purchased. Since then, I've fixed that problem, but now I've got another one.

You see the server the store is on is essentially my personal Linux box, Demeter. The server has a rather complex Apache configuration file, because I'm using a number of virtual hosts. The same physical machine hosts the gpf-comics.net domain (on which the store is located) as well as the jeffdarlington.com domain (my blog) and a few others that currently only redirect to the main GPF site. From what I can tell, the virtual hosting is working just fine, so I'm pretty sure that's not the problem.

The funky part is that I'm using mod_rewrite to do some manipulation on the incoming URLs. While there are a few other rewrite rules that I use, I've eliminated them as part of the problem. Here's the code in question:
Code: Select all
# Force anyone who comes to the store in regular mode (not SSL)
# to go to SSL.  The conditions are:
#   1. HTTPS is off
#   2. The relative URL starts with /store/
#   3. And we're not in the local LAN (i.e. we're on the Web)
RewriteEngine on
RewriteCond %{HTTPS}       ^off$
RewriteCond %{REQUEST_URI} ^/store/.*
RewriteCond %{HTTP_HOST}   !^demeter$
RewriteRule ^/store/(.*)   https://gpf-comics.net/store/$1  [R,L]

The comments explain the code pretty well. The idea is that I can only use SSL encryption when I use the domain without any prefixes (i.e. gpf-comics.net). I want to force any unencrypted requests to the GPF Store to automatically become encrypted, but preserve any subsequent parts of the URL so it appears transparent. Requests to the site outside the /store path should be unaffected. I used this exact configuration for a while and it worked beautifully with no errors.

Later, when I discovered the problem with the storefront, I changed this configuration. I commented out the RewriteRule above and added the following:
Code: Select all
# While the store is temporarily out of service, redirect all
# external (non-LAN) requests to the closed notice:
RewriteCond %{REQUEST_URI} !^/store/closed.html$
RewriteCond %{REQUEST_URI} !^/store/images/sunshop.jpg$
RewriteRule ^/store/.*   http://www.gpf-comics.net/store/closed.html  [R,L]

What this did was redirect all requests to any URL under the store to the file closed.html, which contained a message indicating that the store was down. I did this because the default setting for closing the store in the storefront software is to just display the main page of the store, but when you click on things it doesn't go anywhere. This seemed to be confusing some folks, so I put up this message to make it more obvious. This also seemed to work fine for the purpose I intended.

Here's where things get weird. Once I fixed the problem with the storefront, I went to change the code back. The code now matches the first block above, what was originally in httpd.conf. However, any requests in the store still redirect to closed.html. I can't explain why. I have restarted Apache numberous times, rebooted the machine, cleared and disabled my browser's cached, tried from multiple ISPs... nothing seems to work. I searched the file system to make sure there were no other copies of httpd.conf that the server could be reading instead. Everything seems to be clean. I've also searched the entire httpd.conf file, and the text "closed.html" no longer appears anywhere in the file, even in comments.

The only thing I can possibily think of is that my ISP may be caching the page and sending the cached page instead of the live one. However, this theory falls apart when I completely comment out this code and turn off rewriting; the changes take place instantly. Something must be wrong with the RewriteRule line, but I can't see what. I'm 99.999% sure the regular expressions are right. I'm completely befuddled.

I know it's a long shot, but I thought I'd throw this out anyway. If anyone has any thoughts, I'd like to hear them.
Jeff Darlington
General Protection Fault
http://www.gpf-comics.com/
User avatar
jtdarlington
Extra-Dimensional Entity
 
Posts: 3995
Joined: Fri Mar 31, 2000 12:00 am
Location: The Thirteenth Dimension of the Infinite Rotunda of Eternity

Postby sharpestmarble on Sat Dec 10, 2005 7:23 pm

Is it possible to choose an interface when establishing a network connection? Choose loopback and see what happens, then choose your ISP and see what happens then.

<pre>grep -r "closed.html" /*</pre>

"The great thing about mod_rewrite is it gives you all the configurability and flexibility of Sendmail. The downside to mod_rewrite is that it gives you all the configurability and flexibility of Sendmail."
-- Apache mod_rewrite documentation, via a friend's facebook.
User avatar
sharpestmarble
Grand Poobah Keenspotter
 
Posts: 938
Joined: Wed Oct 06, 2004 8:27 am
Location: Either at home or school, I don't have Internet access at work

Postby jtdarlington on Sun Dec 11, 2005 5:29 am

M70X wrote:<pre>grep -r "closed.html" /*</pre>


I. Am such. An Idiot. (Dan, do we need a forehead-smacking smilie?)

I thought I had searched the configuration directories thoroughly, but undoubtedly not thoroughly enough. It turns out httpd.conf is under /etc/httpd/conf, but I forgot all about the included files under /etc/httpd/conf.d (and searching under /etc/httpd/conf isn't exactly going to find those files, now is it?). And I forgot I also had to tweak /etc/httpd/conf.d/ssl.conf, because I had to add similar RewriteRules to "close" the store under HTTPS. Sure enough, there they were. I commented out those rules, restarted Apache, and everything worked. :oops:

Thanks, M70X, and to the Faultie who individually e-mailed the same suggestion. All's well that ends well. Now I just have to rewrite that section of the news update before it goes live. :D
Jeff Darlington
General Protection Fault
http://www.gpf-comics.com/
User avatar
jtdarlington
Extra-Dimensional Entity
 
Posts: 3995
Joined: Fri Mar 31, 2000 12:00 am
Location: The Thirteenth Dimension of the Infinite Rotunda of Eternity

Postby stjen on Sun Dec 11, 2005 6:02 am

jtdarlington wrote:I. Am such. An Idiot. (Dan, do we need a forehead-smacking smilie?)


It's called "D'oh!", and yeah, we possibly could.
. -- Scott
User avatar
stjen
Keenspot Despot
 
Posts: 1516
Joined: Fri Mar 24, 2000 12:00 am
Location: West Haven, CT, USA

Postby Lady_Phoenix on Sun Dec 11, 2005 7:11 am

Something like this...

Image

or this...

Image

??
Take care,
Theresa

Rising from the ashes of her past...

Avatar supplied courtesy and permission of http://rydia.net/tangerine
User avatar
Lady_Phoenix
Keenspotter Supreme
 
Posts: 218
Joined: Fri Nov 16, 2001 12:00 am
Location: Clarksville, IN

Postby Rombobj on Sun Dec 11, 2005 8:14 am

Lady_Phoenix wrote:Image

That one looks like it's scratching its head.

Lady_Phoenix wrote:Image

And that one is about to stick its thumb in its mouth.

There are limits to what you can do in such a small space.
TANSTAAFQ
User avatar
Rombobj
Keenspot Despot
 
Posts: 1129
Joined: Sat Sep 14, 2002 8:30 am
Location: Lagom country

Postby fossil on Sun Dec 11, 2005 10:49 am

Yes, there are limits to what you can do in such a small space. However, I happen to think that either or both of the "D'oh" emoticons that Lady Phoenix proposed are just fine.

Did you create those, Lady Phoenix? Both of them are very expressive, given the space limitations. I vote we add them, unless someone has something better available. All in favor, say Wombat! ;-)

P.S.: Jeff, megathanks for your candid postmortem. Although I've been a nominal webmeister for the last few years, I've done nothing with the department website, and now I'm just learning Apache. Your clues may save me grief some day.

[ Edited to add postscript. ]
User avatar
fossil
Grand Poobah Keenspotter
 
Posts: 969
Joined: Sat Aug 17, 2002 10:55 pm
Location: a deep, dark cave somewhere in the Mesozoic...

Postby jtdarlington on Sun Dec 11, 2005 1:57 pm

[quote="Rombobj
Jeff Darlington
General Protection Fault
http://www.gpf-comics.com/
User avatar
jtdarlington
Extra-Dimensional Entity
 
Posts: 3995
Joined: Fri Mar 31, 2000 12:00 am
Location: The Thirteenth Dimension of the Infinite Rotunda of Eternity

Postby sharpestmarble on Sun Dec 11, 2005 8:03 pm

No prob. Glad I could help.
User avatar
sharpestmarble
Grand Poobah Keenspotter
 
Posts: 938
Joined: Wed Oct 06, 2004 8:27 am
Location: Either at home or school, I don't have Internet access at work

 

Return to General Protection Fault

Who is online

Users browsing this forum: No registered users and 0 guests