1 |
On 3/3/06, Stelian Ionescu <stelian.ionescu-zeus@×××××.it> wrote: |
2 |
> On Fri, Mar 03, 2006 at 04:31:44PM -0500, Andy Dustman wrote: |
3 |
> >On 3/3/06, Edward Muller <edwardam@××××××××.com> wrote: |
4 |
> >> One of our clients has the following setup: |
5 |
> >> httpd 2.0.55 (Gentoo package 2.0.55-r1) |
6 |
> >> Zope 2.6.1 |
7 |
> >> |
8 |
> >> Apache proxies zope for a http and https host via mod_rewrite/proxy |
9 |
> >> |
10 |
> >> POSTs going to httpd=>zope via http are fine, posts going to httpd=>zope via |
11 |
> >> https are not. |
12 |
> > |
13 |
> >Yup: |
14 |
> > |
15 |
> >https://bugs.gentoo.org/show_bug.cgi?id=121402 |
16 |
> >http://issues.apache.org/bugzilla/show_bug.cgi?id=37145 |
17 |
> > |
18 |
> >Unfortunately for you and me, despite having the patch available from |
19 |
> >upstream, the developer closed the bug with the comment "2.0.56 should |
20 |
> >be out real soon now, which addresses this problem." That was a month |
21 |
> >ago. |
22 |
> 1) download this patch: |
23 |
> http://svn.apache.org/viewcvs.cgi/httpd/httpd/branches/2.0.x/modules/proxy/proxy_http.c?p2=%2Fhttpd%2Fhttpd%2Fbranches%2F2.0.x%2Fmodules%2Fproxy%2Fproxy_http.c&p1=httpd%2Fhttpd%2Fbranches%2F2.0.x%2Fmodules%2Fproxy%2Fproxy_http.c&r1=372046&r2=372045&rev=372046&view=diff&makepatch=1&diff_format=u |
24 |
> to /usr/portage/net-www/apache/files/plone.patch |
25 |
> 2) add this lines to the src_unpack in apache-2.0.55-r1.ebuild right |
26 |
> after "epatch ${GENTOO_PATCHDIR}...": |
27 |
> |
28 |
> epatch ${FILESDIR}/plone.patch |
29 |
> |
30 |
> 3) execute: ebuild /usr/portage/net-www/apache/apache-2.0.55-r1.ebuild digest |
31 |
> 4) remerge apache-2.0.55-r1 |
32 |
> |
33 |
> (I'm ssuming that you're using an ~arch apache and that your portage |
34 |
> tree is in /usr/portage; alternativerly you might copy the ebuild to an |
35 |
> overlay and add the patch there) |
36 |
|
37 |
Actually, I just found a workaround. I saw something about |
38 |
mod_security, and thought that by adding that as an intermediate |
39 |
processing layer, it might fix the problem, and it does. |
40 |
|
41 |
1) emerge mod_security |
42 |
|
43 |
2) edit /etc/apache2/modules.d/99_mod_security.conf to suit, and in |
44 |
particular, you must comment out this rule: |
45 |
|
46 |
# Forbid file upload |
47 |
#SecFilterSelective "HTTP_CONTENT_TYPE" multipart/form-data |
48 |
|
49 |
Otherwise, you can't submit POST form data. |
50 |
|
51 |
3) add -D SECURITY to the args in /etc/conf.d/apache2 |
52 |
|
53 |
4) /etc/init.d/apache2 restart |
54 |
|
55 |
BTW, it's not a Plone- or Zope-specific problem. It can happen anytime |
56 |
you are using mod_ssl to mod_proxy and have multi-part form data. |
57 |
-- |
58 |
The Pythonic Principle: Python works the way it does |
59 |
because if it didn't, it wouldn't be Python. |
60 |
|
61 |
-- |
62 |
gentoo-server@g.o mailing list |