| 1 |
Well, my 'work around' was a little bit more extreme.... |
| 2 |
|
| 3 |
I upgraded to 2.2.0, which I know it hard masked. So I may be in for a world |
| 4 |
of pain by doing so. ATM though everything appears to be working. |
| 5 |
|
| 6 |
Thanks for the input though. When a 2.0.56 ebuild becomes available I will |
| 7 |
probably downgrade to that. |
| 8 |
|
| 9 |
|
| 10 |
On Friday 03 March 2006 04:00 pm, Andy Dustman wrote: |
| 11 |
> On 3/3/06, Stelian Ionescu <stelian.ionescu-zeus@×××××.it> wrote: |
| 12 |
> > On Fri, Mar 03, 2006 at 04:31:44PM -0500, Andy Dustman wrote: |
| 13 |
> > >On 3/3/06, Edward Muller <edwardam@××××××××.com> wrote: |
| 14 |
> > >> One of our clients has the following setup: |
| 15 |
> > >> httpd 2.0.55 (Gentoo package 2.0.55-r1) |
| 16 |
> > >> Zope 2.6.1 |
| 17 |
> > >> |
| 18 |
> > >> Apache proxies zope for a http and https host via mod_rewrite/proxy |
| 19 |
> > >> |
| 20 |
> > >> POSTs going to httpd=>zope via http are fine, posts going to |
| 21 |
> > >> httpd=>zope via https are not. |
| 22 |
> > > |
| 23 |
> > >Yup: |
| 24 |
> > > |
| 25 |
> > >https://bugs.gentoo.org/show_bug.cgi?id=121402 |
| 26 |
> > >http://issues.apache.org/bugzilla/show_bug.cgi?id=37145 |
| 27 |
> > > |
| 28 |
> > >Unfortunately for you and me, despite having the patch available from |
| 29 |
> > >upstream, the developer closed the bug with the comment "2.0.56 should |
| 30 |
> > >be out real soon now, which addresses this problem." That was a month |
| 31 |
> > >ago. |
| 32 |
> > |
| 33 |
> > 1) download this patch: |
| 34 |
> > http://svn.apache.org/viewcvs.cgi/httpd/httpd/branches/2.0.x/modules/prox |
| 35 |
> >y/proxy_http.c?p2=%2Fhttpd%2Fhttpd%2Fbranches%2F2.0.x%2Fmodules%2Fproxy%2F |
| 36 |
> >proxy_http.c&p1=httpd%2Fhttpd%2Fbranches%2F2.0.x%2Fmodules%2Fproxy%2Fproxy |
| 37 |
> >_http.c&r1=372046&r2=372045&rev=372046&view=diff&makepatch=1&diff_format=u |
| 38 |
> > to /usr/portage/net-www/apache/files/plone.patch |
| 39 |
> > 2) add this lines to the src_unpack in apache-2.0.55-r1.ebuild right |
| 40 |
> > after "epatch ${GENTOO_PATCHDIR}...": |
| 41 |
> > |
| 42 |
> > epatch ${FILESDIR}/plone.patch |
| 43 |
> > |
| 44 |
> > 3) execute: ebuild /usr/portage/net-www/apache/apache-2.0.55-r1.ebuild |
| 45 |
> > digest 4) remerge apache-2.0.55-r1 |
| 46 |
> > |
| 47 |
> > (I'm ssuming that you're using an ~arch apache and that your portage |
| 48 |
> > tree is in /usr/portage; alternativerly you might copy the ebuild to an |
| 49 |
> > overlay and add the patch there) |
| 50 |
> |
| 51 |
> Actually, I just found a workaround. I saw something about |
| 52 |
> mod_security, and thought that by adding that as an intermediate |
| 53 |
> processing layer, it might fix the problem, and it does. |
| 54 |
> |
| 55 |
> 1) emerge mod_security |
| 56 |
> |
| 57 |
> 2) edit /etc/apache2/modules.d/99_mod_security.conf to suit, and in |
| 58 |
> particular, you must comment out this rule: |
| 59 |
> |
| 60 |
> # Forbid file upload |
| 61 |
> #SecFilterSelective "HTTP_CONTENT_TYPE" multipart/form-data |
| 62 |
> |
| 63 |
> Otherwise, you can't submit POST form data. |
| 64 |
> |
| 65 |
> 3) add -D SECURITY to the args in /etc/conf.d/apache2 |
| 66 |
> |
| 67 |
> 4) /etc/init.d/apache2 restart |
| 68 |
> |
| 69 |
> BTW, it's not a Plone- or Zope-specific problem. It can happen anytime |
| 70 |
> you are using mod_ssl to mod_proxy and have multi-part form data. |
| 71 |
> -- |
| 72 |
> The Pythonic Principle: Python works the way it does |
| 73 |
> because if it didn't, it wouldn't be Python. |
| 74 |
|
| 75 |
-- |
| 76 |
Edward Muller - Interlix |
| 77 |
edwardam@××××××××.com |
| 78 |
417-862-0573 |
| 79 |
PGP Key: http://interlix.com/Members/edwardam/pgpkeys |
Archives