archive-de.com » DE » K » KW-BERLIN.DE

Total: 256

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • Glossar - Apache HTTP Server

    (No additional info available in detailed archive for this subpage)
    Original URL path: /manual/de/glossary.html (2016-02-16)



  • Glosario - Servidor HTTP Apache

    (No additional info available in detailed archive for this subpage)
    Original URL path: /manual/es/glossary.html (2016-02-16)


  • 용어 - Apache HTTP Server
    EAR 를 준수하기위해 암호 와 보안 의 강도를 낮춤 수출용 암호화 소프트웨어는 키 크기가 작게 제한되어 암호문 Ciphertext 을 무식한 방법 brute force 으로 풀 수 있다 참고 SSL TLS 암호화 SSL TLS Encryption 필터 Filter 서버가 보내거나 받는 자료를 처리하는 과정 입력필터는 클라이언트가 서버로 보내는 자료를 처리하고 출력필터는 서버가 클라이언트에게 보낼 문서를 처리한다 예를 들어 INCLUDES 출력필터는 문서의 Server Side Includes 를 처리한다 참고 필터 완전한 도메인명 Fully Qualified Domain Name FQDN IP 주소에 대응하는 호스트명과 도메인명으로 구성된 네트웍 실체의 유일한 이름 예를 들어 www 가 호스트명이고 example com 이 도메인명일때 www example com 은 완전한 도메인명이다 핸들러 Handler 파일을 요청할때 수행하는 작업에 대한 아파치 내부 표현 일반적으로 파일은 파일 종류에 따라 암묵적인 핸들러를 가진다 보통 모든 파일은 서버가 간단히 서비스하지만 어떤 파일 종류는 따로 처리된다 handled 예를 들어 cgi script 핸들러는 CGI 로 처리할 파일을 지정한다 참고 아파치에서 핸들러 사용 헤더 Header HTTP 요청과 응답에서 실제 내용 이전에 보내는 부분으로 내용을 설명하는 정보가 있다 htaccess 웹문서들 안에 있는 설정파일 configuration file 로 설정 지시어 directive 를 자신이 위치한 디렉토리와 모든 하위디렉토리에 적용한다 이름과 달리 이 파일에서는 단순한 접근제어 지시어외에 거의 모든 종류의 지시어를 사용할 수 있다 참고 설정파일 httpd conf 아파치 주 설정파일 configuration file 기본적인 위치는 usr local apache2 conf httpd conf 이지만 실행할때 혹은 컴파일때 설정으로 변경할 수 있다 참고 설정파일 HyperText Transfer Protocol HTTP 월드와이드웹에서 사용하는 표준 전송 프로토콜 아파치는 RFC 2616 에서 정의한 HTTP 1 1이라는 프로토콜의 1 1 버전을 구현한다 HTTPS 월드화이드웹의 표준 암호통신 방법 HyperText Transfer Protocol Secure 사실 밑단에 SSL 을 사용한 HTTP이다 참고 SSL TLS 암호화 메써드 Method 클라이언트가 보내는 HTTP 요청줄이 자원에 수행하도록 지시한 행동 HTTP 메써드에는 GET POST PUT 등이 있다 메시지 요약 Message Digest 메시지 내용이 전송중 변경되지 않았음을 증명하기위한 메시지의 해쉬 참고 SSL TLS 암호화 MIME type 전송할 문서의 종류를 설명하는 방식 Multipurpose Internet Mail Extensions 형식을 빌려왔기때문에 이렇게 이름을 지었다 슬래쉬를 사이에 둔 major type과 minor type으로 이루어진다 예를 들면 text html image gif application octet stream 등이다 MIME type은 HTTP의 Content Type 헤더 header 로 전송한다 참고 mod mime 모듈 Module 프로그램의 독립된 부분 많은 아파치 기능은 당신이 포함여부를 선택할 수 있는 모듈에 들어있다 아파치 httpd 실행파일과 같이 컴파일한 모듈을 정적 모듈 이라고 하며 따로 분리되어 실행시 선택적으로 읽어들일 수 있는 모듈을 동적 모듈 혹은 DSO 라고 한다 기본적으로 포함하는 모듈을 base 모듈 이라고 한다 아파치 웹서버 타볼 tarball 과 같이 배포되지는 않지만 아파치에는 많은 모듈들이 있다 이들을 제삼자가 만든 third party 모듈 이라고 한다 참고 모듈 목록 모듈 마법수 Module Magic Number MMN 모듈 마법수는 아파치 소스코드가 정의한 상수로 모듈의 이진호환성과 관련이 있다 모듈 마법수는 이진호환성을 더 이상 보장할 수 없도록 아파치 내부 구조나 함수 호출 다른 API 일부가 변경된 경우에 바뀐다 MMN이 변하면 제삼자가 만든 모듈은 모두 최소한 다시 컴파일되야 한다 새 아파치 버전에 맞도록 조금 수정해야할 경우도 있다 OpenSSL SSL TLS를 위한 오픈소스 도구 참고 http www openssl org Pass Phrase 개인키 파일을 보호하는 문구 인증하지않은 사용자가 이 개인키 파일을 사용하여 암호화하지 못하도록 한다 보통 암호기 Ciphers 가 사용하는 비밀스런 암호 해독 키이다 참고 SSL TLS 암호화 평문 Plaintext 암호화하지 않은

    Original URL path: http://xserve.kw-berlin.de/manual/ko/glossary.html (2016-02-16)
    Open archived version from archive

  • apxs - APache eXtenSion tool - Apache HTTP Server
    generation option Use this to explicitly specify the module name For option g this is required for option i the apxs tool tries to determine the name from the source or as a fallback at least by guessing it from the filename Query Options q Performs a query for apxs s knowledge about certain settings The query parameters can be one or more of the following strings CC CFLAGS CFLAGS SHLIB INCLUDEDIR LD SHLIB LDFLAGS SHLIB LIBEXECDIR LIBS SHLIB SBINDIR SYSCONFDIR TARGET Use this for manually determining settings For instance use INC I apxs q INCLUDEDIR inside your own Makefiles if you need manual access to Apache s C header files Configuration Options S name value This option changes the apxs settings described above Template Generation Options g This generates a subdirectory name see option n and there two files A sample module source file named mod name c which can be used as a template for creating your own modules or as a quick start for playing with the apxs mechanism And a corresponding Makefile for even easier build and installing of this module DSO Compilation Options c This indicates the compilation operation It first compiles the C source files c of files into corresponding object files o and then builds a dynamically shared object in dsofile by linking these object files plus the remaining object files o and a of files If no o option is specified the output file is guessed from the first filename in files and thus usually defaults to mod name so o dsofile Explicitly specifies the filename of the created dynamically shared object If not specified and the name cannot be guessed from the files list the fallback name mod unknown so is used D name value This option is directly passed through to the compilation command s Use this to add your own defines to the build process I incdir This option is directly passed through to the compilation command s Use this to add your own include directories to search to the build process L libdir This option is directly passed through to the linker command Use this to add your own library directories to search to the build process l libname This option is directly passed through to the linker command Use this to add your own libraries to search to the build process Wc compiler flags This option passes compiler flags as additional flags to the libtool mode compile command Use this to add local compiler specific options Wl linker flags This option passes linker flags as additional flags to the libtool mode link command Use this to add local linker specific options DSO Installation and Configuration Options i This indicates the installation operation and installs one or more dynamically shared objects into the server s modules directory a This activates the module by automatically adding a corresponding LoadModule line to Apache s httpd conf configuration file or by enabling it if it already exists A Same as option

    Original URL path: http://xserve.kw-berlin.de/manual/programs/apxs.html (2016-02-16)
    Open archived version from archive

  • httpd - Apache Hypertext Transfer Protocol Server - Apache HTTP Server
    This can be overridden by the ServerRoot directive in the configuration file The default is usr local apache2 f config Uses the directives in the file config on startup If config does not begin with a then it is taken to be a path relative to the ServerRoot The default is conf httpd conf k start restart graceful stop graceful stop Signals httpd to start restart or stop See Stopping Apache for more information C directive Process the configuration directive before reading config files c directive Process the configuration directive after reading config files D parameter Sets a configuration parameter which can be used with IfDefine sections in the configuration files to conditionally skip or process commands at server startup and restart Also can be used to set certain less common startup parameters including DNO DETACH prevent the parent from forking and DFOREGROUND prevent the parent from calling setsid et al e level Sets the LogLevel to level during server startup This is useful for temporarily increasing the verbosity of the error messages to find problems during startup E file Send error messages during server startup to file R directory When the server is compiled using the SHARED CORE rule this specifies the directory for the shared object files h Output a short summary of available command line options l Output a list of modules compiled into the server This will not list dynamically loaded modules included using the LoadModule directive L Output a list of directives together with expected arguments and places where the directive is valid M Dump a list of loaded Static and Shared Modules S Show the settings as parsed from the config file currently only shows the virtualhost settings T Available in 2 2 17 and later Skip document root check at startup restart t

    Original URL path: http://xserve.kw-berlin.de/manual/programs/httpd.html (2016-02-16)
    Open archived version from archive

  • SSL/TLS Strong Encryption: FAQ - Apache HTTP Server
    up which asks you to enter the pass phrase Having to manually enter the passphrase when starting the server can be problematic for example when starting the server from the system boot scripts In this case you can follow the steps below to remove the passphrase from your private key Bear in mind that doing so brings additional security risks proceed with caution How do I create a self signed SSL Certificate for testing purposes Make sure OpenSSL is installed and in your PATH Run the following command to create server key and server crt files openssl req new x509 nodes out server crt keyout server key These can be used as follows in your httpd conf file SSLCertificateFile path to this server crt SSLCertificateKeyFile path to this server key It is important that you are aware that this server key does not have any passphrase To add a passphrase to the key you should run the following command and enter verify the passphrase as requested openssl rsa des3 in server key out server key new mv server key new server key Please backup the server key file and the passphrase you entered in a secure location How do I create a real SSL Certificate Here is a step by step description Make sure OpenSSL is installed and in your PATH Create a RSA private key for your Apache server will be Triple DES encrypted and PEM formatted openssl genrsa des3 out server key 1024 Please backup this server key file and the pass phrase you entered in a secure location You can see the details of this RSA private key by using the command openssl rsa noout text in server key If necessary you can also create a decrypted PEM version not recommended of this RSA private key with openssl rsa in server key out server key unsecure Create a Certificate Signing Request CSR with the server RSA private key output will be PEM formatted openssl req new key server key out server csr Make sure you enter the FQDN Fully Qualified Domain Name of the server when OpenSSL prompts you for the CommonName i e when you generate a CSR for a website which will be later accessed via https www foo dom enter www foo dom here You can see the details of this CSR by using openssl req noout text in server csr You now have to send this Certificate Signing Request CSR to a Certifying Authority CA to be signed Once the CSR has been signed you will have a real Certificate which can be used by Apache You can have a CSR signed by a commercial CA or you can create your own CA to sign it Commercial CAs usually ask you to post the CSR into a web form pay for the signing and then send a signed Certificate which you can store in a server crt file For more information about commercial CAs see the following locations Verisign http digitalid verisign com server apacheNotice htm Thawte http www thawte com CertiSign Certificadora Digital Ltda http www certisign com br IKS GmbH http www iks jena de leistungen ca Uptime Commerce Ltd http www uptimecommerce com BelSign NV SA http www belsign be For details on how to create your own CA and use this to sign a CSR see below Once your CSR has been signed you can see the details of the Certificate as follows openssl x509 noout text in server crt You should now have two files server key and server crt These can be used as follows in your httpd conf file SSLCertificateFile path to this server crt SSLCertificateKeyFile path to this server key The server csr file is no longer needed How do I create and use my own Certificate Authority CA The short answer is to use the CA sh or CA pl script provided by OpenSSL Unless you have a good reason not to you should use these for preference If you cannot you can create a self signed Certificate as follows Create a RSA private key for your server will be Triple DES encrypted and PEM formatted openssl genrsa des3 out server key 1024 Please backup this host key file and the pass phrase you entered in a secure location You can see the details of this RSA private key by using the command openssl rsa noout text in server key If necessary you can also create a decrypted PEM version not recommended of this RSA private key with openssl rsa in server key out server key unsecure Create a self signed Certificate X509 structure with the RSA key you just created output will be PEM formatted openssl req new x509 nodes sha1 days 365 key server key out server crt This signs the server CSR and results in a server crt file You can see the details of this Certificate using openssl x509 noout text in server crt How can I change the pass phrase on my private key file You simply have to read it with the old pass phrase and write it again specifying the new pass phrase You can accomplish this with the following commands openssl rsa des3 in server key out server key new mv server key new server key The first time you re asked for a PEM pass phrase you should enter the old pass phrase After that you ll be asked again to enter a pass phrase this time use the new pass phrase If you are asked to verify the pass phrase you ll need to enter the new pass phrase a second time How can I get rid of the pass phrase dialog at Apache startup time The reason this dialog pops up at startup and every re start is that the RSA private key inside your server key file is stored in encrypted format for security reasons The pass phrase is needed to decrypt this file so it can be read and parsed Removing the pass phrase removes a layer of security from your server proceed with caution Remove the encryption from the RSA private key while keeping a backup copy of the original file cp server key server key org openssl rsa in server key org out server key Make sure the server key file is only readable by root chmod 400 server key Now server key contains an unencrypted copy of the key If you point your server at this file it will not prompt you for a pass phrase HOWEVER if anyone gets this key they will be able to impersonate you on the net PLEASE make sure that the permissions on this file are such that only root or the web server user can read it preferably get your web server to start as root but run as another user and have the key readable only by root As an alternative approach you can use the SSLPassPhraseDialog exec path to program facility Bear in mind that this is neither more nor less secure of course How do I verify that a private key matches its Certificate A private key contains a series of numbers Two of these numbers form the public key the others are part of the private key The public key bits are included when you generate a CSR and subsequently form part of the associated Certificate To check that the public key in your Certificate matches the public portion of your private key you simply need to compare these numbers To view the Certificate and the key run the commands openssl x509 noout text in server crt openssl rsa noout text in server key The modulus and the public exponent portions in the key and the Certificate must match As the public exponent is usually 65537 and it s difficult to visually check that the long modulus numbers are the same you can use the following approach openssl x509 noout modulus in server crt openssl md5 openssl rsa noout modulus in server key openssl md5 This leaves you with two rather shorter numbers to compare It is in theory possible that these numbers may be the same without the modulus numbers being the same but the chances of this are overwhelmingly remote Should you wish to check to which key or certificate a particular CSR belongs you can perform the same calculation on the CSR as follows openssl req noout modulus in server csr openssl md5 Why do connections fail with an alert bad certificate error Errors such as OpenSSL error 14094412 SSL routines SSL3 READ BYTES sslv3 alert bad certificate in the SSL logfile are usually caused by a browser which is unable to handle the server certificate private key For example Netscape Navigator 3 x is unable to handle RSA key lengths not equal to 1024 bits Why does my 2048 bit private key not work The private key sizes for SSL must be either 512 or 1024 bits for compatibility with certain web browsers A keysize of 1024 bits is recommended because keys larger than 1024 bits are incompatible with some versions of Netscape Navigator and Microsoft Internet Explorer and with other browsers that use RSA s BSAFE cryptography toolkit Why is client authentication broken after upgrading from SSLeay version 0 8 to 0 9 The CA certificates under the path you configured with SSLCACertificatePath are found by SSLeay through hash symlinks These hash values are generated by the openssl x509 noout hash command However the algorithm used to calculate the hash for a certificate changed between SSLeay 0 8 and 0 9 You will need to remove all old hash symlinks and create new ones after upgrading Use the Makefile provided by mod ssl How can I convert a certificate from PEM to DER format The default certificate format for SSLeay OpenSSL is PEM which is simply Base64 encoded DER with header and footer lines For some applications e g Microsoft Internet Explorer you need the certificate in plain DER format You can convert a PEM file cert pem into the corresponding DER file cert der using the following command openssl x509 in cert pem out cert der outform DER Why can t I find the getca or getverisign programs mentioned by Verisign for installing my Verisign certificate Verisign has never provided specific instructions for Apache mod ssl The instructions provided are for C2Net s Stronghold a commercial Apache based server with SSL support To install your certificate all you need to do is to save the certificate to a file and give the name of that file to the SSLCertificateFile directive You will also need to give it the key file For more information see the SSLCertificateKeyFile directive Can I use the Server Gated Cryptography SGC facility aka Verisign Global ID with mod ssl Yes mod ssl has included support for the SGC facility since version 2 1 No special configuration is required just use the Global ID as your server certificate The step up of the clients is then automatically handled by mod ssl at run time Why do browsers complain that they cannot verify my Verisign Global ID server certificate Verisign uses an intermediate CA certificate between the root CA certificate which is installed in the browsers and the server certificate which you installed on the server You should have received this additional CA certificate from Verisign If not complain to them Then configure this certificate with the SSLCertificateChainFile directive This ensures that the intermediate CA certificate is sent to the browser filling the gap in the certificate chain The SSL Protocol Why do I get lots of random SSL protocol errors under heavy server load Why does my webserver have a higher load now that it serves SSL encrypted traffic Why do HTTPS connections to my server sometimes take up to 30 seconds to establish a connection What SSL Ciphers are supported by mod ssl Why do I get no shared cipher errors when trying to use Anonymous Diffie Hellman ADH ciphers Why do I get a no shared ciphers error when connecting to my newly installed server Why can t I use SSL with name based non IP based virtual hosts Is it possible to use Name Based Virtual Hosting to identify different SSL virtual hosts How do I get SSL compression working When I use Basic Authentication over HTTPS the lock icon in Netscape browsers stays unlocked when the dialog pops up Does this mean the username password is being sent unencrypted Why do I get I O errors when connecting via HTTPS to an Apache mod ssl server with Microsoft Internet Explorer MSIE Why do I get I O errors or the message Netscape has encountered bad data from the server when connecting via HTTPS to an Apache mod ssl server with Netscape Navigator Why do I get lots of random SSL protocol errors under heavy server load There can be a number of reasons for this but the main one is problems with the SSL session Cache specified by the SSLSessionCache directive The DBM session cache is the most likely source of the problem so using the SHM session cache or no cache at all may help Why does my webserver have a higher load now that it serves SSL encrypted traffic SSL uses strong cryptographic encryption which necessitates a lot of number crunching When you request a webpage via HTTPS everything even the images is encrypted before it is transferred So increased HTTPS traffic leads to load increases Why do HTTPS connections to my server sometimes take up to 30 seconds to establish a connection This is usually caused by a dev random device for SSLRandomSeed which blocks the read 2 call until enough entropy is available to service the request More information is available in the reference manual for the SSLRandomSeed directive What SSL Ciphers are supported by mod ssl Usually any SSL ciphers supported by the version of OpenSSL in use are also supported by mod ssl Which ciphers are available can depend on the way you built OpenSSL Typically at least the following ciphers are supported RC4 with MD5 RC4 with MD5 export version restricted to 40 bit key RC2 with MD5 RC2 with MD5 export version restricted to 40 bit key IDEA with MD5 DES with MD5 Triple DES with MD5 To determine the actual list of ciphers available you should run the following openssl ciphers v Why do I get no shared cipher errors when trying to use Anonymous Diffie Hellman ADH ciphers By default OpenSSL does not allow ADH ciphers for security reasons Please be sure you are aware of the potential side effects if you choose to enable these ciphers In order to use Anonymous Diffie Hellman ADH ciphers you must build OpenSSL with DSSL ALLOW ADH and then add ADH into your SSLCipherSuite Why do I get a no shared ciphers error when connecting to my newly installed server Either you have made a mistake with your SSLCipherSuite directive compare it with the pre configured example in httpd conf dist or you chose to use DSA DH algorithms instead of RSA when you generated your private key and ignored or overlooked the warnings If you have chosen DSA DH then your server cannot communicate using RSA based SSL ciphers at least until you configure an additional RSA based certificate key pair Modern browsers like NS or IE can only communicate over SSL using RSA ciphers The result is the no shared ciphers error To fix this regenerate your server certificate key pair using the RSA algorithm Why can t I use SSL with name based non IP based virtual hosts The reason is very technical and a somewhat chicken and egg problem The SSL protocol layer stays below the HTTP protocol layer and encapsulates HTTP When an SSL connection HTTPS is established Apache mod ssl has to negotiate the SSL protocol parameters with the client For this mod ssl has to consult the configuration of the virtual server for instance it has to look for the cipher suite the server certificate etc But in order to go to the correct virtual server Apache has to know the Host HTTP header field To do this the HTTP request header has to be read This cannot be done before the SSL handshake is finished but the information is needed in order to complete the SSL handshake phase Bingo Why is it not possible to use Name Based Virtual Hosting to identify different SSL virtual hosts Name Based Virtual Hosting is a very popular method of identifying different virtual hosts It allows you to use the same IP address and the same port number for many different sites When people move on to SSL it seems natural to assume that the same method can be used to have lots of different SSL virtual hosts on the same server It is possible but only if using a 2 2 12 or later web server built with 0 9 8j or later OpenSSL This is because it requires a feature that only the most recent revisions of the SSL specification added called Server Name Indication SNI The reason is that the SSL protocol is a separate layer which encapsulates the HTTP protocol So the SSL session is a separate transaction that takes place before the HTTP session has begun The server receives an SSL request on IP address X and port Y usually 443 Since the SSL request did not contain any Host field the server had no way to decide which SSL virtual host to use Usually it just used the first one it found which matched the port and IP address specified If you are using a version of the web server and OpenSSL that support SNI though and the client s browser also supports SNI then the hostname is included in the original SSL request and the web server can select the correct SSL virtual host You can

    Original URL path: http://xserve.kw-berlin.de/manual/ssl/ssl_faq.html (2016-02-16)
    Open archived version from archive

  • Seitenindex - Apache HTTP Server

    (No additional info available in detailed archive for this subpage)
    Original URL path: /manual/de/sitemap.html (2016-02-16)


  • Mapa de este sitio web - Servidor HTTP Apache

    (No additional info available in detailed archive for this subpage)
    Original URL path: /manual/es/sitemap.html (2016-02-16)