Discussion:
Apache module that enables ActiveX
(too old to reply)
Mauri
2010-04-15 18:08:58 UTC
Permalink
Hi,
I have a proxy with SSL that forward any request to a backend platform.
In this moment I have a problem if I'm trying to execute an activex on the
backend platform.
I'm reading that the mod_proxy blocks any activex request because it don't
trust for the system.
How I can do? I'm reading about mod_security.
I'm finding on internet this website: http://brice.free.fr/
"mod_activex_filter is an Apache module that enables ActiveX filtering for
Apache proxy"
this module was wrote for 2.0.x in the year 2003
I don't know if I can use this or what i can find...
anyone can help me?
thanks.


# uname -a
Linux SRV01 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686
i386 GNU/Linux
# rpm -qa | grep http
httpd-manual-2.2.3-31.el5_4.2
system-config-httpd-1.3.3.3-1.el5
jakarta-commons-httpclient-3.0-7jpp.1
httpd-2.2.3-31.el5_4.2
httpd-devel-2.2.3-31.el5_4.2
# rpm -qa | grep ssl
openssl-devel-0.9.8e-7.el5
mod_ssl-2.2.3-31.el5_4.2
docbook-style-dsssl-1.79-4.1
openssl-0.9.8e-7.el
Mauri
2010-04-16 10:13:44 UTC
Permalink
I'm sorry but someone mayebe help me?

There are apache module that enables ActiveX?

Thanks for any suggest.

Cheers,
Mauri
Post by Mauri
Hi,
I have a proxy with SSL that forward any request to a backend platform.
In this moment I have a problem if I'm trying to execute an activex on the
backend platform.
I'm reading that the mod_proxy blocks any activex request because it don't
trust for the system.
How I can do? I'm reading about mod_security.
I'm finding on internet this website: http://brice.free.fr/
"mod_activex_filter is an Apache module that enables ActiveX filtering for
Apache proxy"
this module was wrote for 2.0.x in the year 2003
I don't know if I can use this or what i can find...
anyone can help me?
thanks.
# uname -a
Linux SRV01 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686
i386 GNU/Linux
# rpm -qa | grep http
httpd-manual-2.2.3-31.el5_4.2
system-config-httpd-1.3.3.3-1.el5
jakarta-commons-httpclient-3.0-7jpp.1
httpd-2.2.3-31.el5_4.2
httpd-devel-2.2.3-31.el5_4.2
# rpm -qa | grep ssl
openssl-devel-0.9.8e-7.el5
mod_ssl-2.2.3-31.el5_4.2
docbook-style-dsssl-1.79-4.1
openssl-0.9.8e-7.el
Tom Evans
2010-04-16 10:25:15 UTC
Permalink
Post by Mauri
I'm sorry but someone mayebe help me?
There are apache module that enables ActiveX?
Thanks for any suggest.
Cheers,
Mauri
Post by Mauri
Hi,
I have a proxy with SSL that forward any request to a backend platform.
In this moment I have a problem if I'm trying to execute an activex on the
backend platform.
I'm reading that the mod_proxy blocks any activex request because it don't
trust for the system.
How I can do? I'm reading about mod_security.
I'm finding on internet this website: http://brice.free.fr/
"mod_activex_filter is an Apache module that enables ActiveX  filtering
for Apache proxy"
this module was wrote for 2.0.x in the year 2003
I don't know if I can use this or what i can find...
anyone can help me?
thanks.
# uname -a
Linux SRV01 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686
i386 GNU/Linux
# rpm -qa | grep http
httpd-manual-2.2.3-31.el5_4.2
system-config-httpd-1.3.3.3-1.el5
jakarta-commons-httpclient-3.0-7jpp.1
httpd-2.2.3-31.el5_4.2
httpd-devel-2.2.3-31.el5_4.2
# rpm -qa | grep ssl
openssl-devel-0.9.8e-7.el5
mod_ssl-2.2.3-31.el5_4.2
docbook-style-dsssl-1.79-4.1
openssl-0.9.8e-7.el
mod_proxy does not alter the HTML presented to the browser, therefore
it does not interfere with ActiveX as far as I can tell. The module
you pointed to actually disables ActiveX controls by rewriting the
html to remove references to the <object> tag, it would not help
'enabling' ActiveX.

Cheers

Tom

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-***@httpd.apache.org
" from the digest: users-digest-***@httpd.apache.org
For additional commands, e-mail: users-***@httpd.apache.org
Mauri
2010-04-16 10:43:47 UTC
Permalink
in this moment I don't use any others modules. I use mod_proxy and mod_ssl,
only.
Then you mean that the apache mod_proxy don't blocks any activex request?
I don't have any problems in this request:
client --> SERVERA mod_proxy (ex.192.168.0.10) over HTTPS --> SERVERB web
server with activex (ex. 192.168.0.11) over HTTP
If I try to connect to SERVERB the browser read the activex, if I try to
connect to SERVERA the browser don't read the activex from the SERVERB.
I'll find the problem on SERVERB?
many thanks for your suggest.
Cheers,
Mauri
Post by Tom Evans
Post by Mauri
I'm sorry but someone mayebe help me?
There are apache module that enables ActiveX?
Thanks for any suggest.
Cheers,
Mauri
Post by Mauri
Hi,
I have a proxy with SSL that forward any request to a backend platform.
In this moment I have a problem if I'm trying to execute an activex on
the
Post by Mauri
Post by Mauri
backend platform.
I'm reading that the mod_proxy blocks any activex request because it
don't
Post by Mauri
Post by Mauri
trust for the system.
How I can do? I'm reading about mod_security.
I'm finding on internet this website: http://brice.free.fr/
"mod_activex_filter is an Apache module that enables ActiveX filtering
for Apache proxy"
this module was wrote for 2.0.x in the year 2003
I don't know if I can use this or what i can find...
anyone can help me?
thanks.
# uname -a
Linux SRV01 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686
i386 GNU/Linux
# rpm -qa | grep http
httpd-manual-2.2.3-31.el5_4.2
system-config-httpd-1.3.3.3-1.el5
jakarta-commons-httpclient-3.0-7jpp.1
httpd-2.2.3-31.el5_4.2
httpd-devel-2.2.3-31.el5_4.2
# rpm -qa | grep ssl
openssl-devel-0.9.8e-7.el5
mod_ssl-2.2.3-31.el5_4.2
docbook-style-dsssl-1.79-4.1
openssl-0.9.8e-7.el
mod_proxy does not alter the HTML presented to the browser, therefore
it does not interfere with ActiveX as far as I can tell. The module
you pointed to actually disables ActiveX controls by rewriting the
html to remove references to the <object> tag, it would not help
'enabling' ActiveX.
Cheers
Tom
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
Tom Evans
2010-04-16 10:57:57 UTC
Permalink
Post by Mauri
in this moment I don't use any others modules. I use mod_proxy and mod_ssl,
only.
Then you mean that the apache mod_proxy don't blocks any activex request?
client --> SERVERA mod_proxy (ex.192.168.0.10) over HTTPS --> SERVERB web
server with activex (ex. 192.168.0.11) over HTTP
If I try to connect to SERVERB the browser read the activex, if I try to
connect to SERVERA the browser don't read the activex from the SERVERB.
I'll find the problem on SERVERB?
many thanks for your suggest.
Cheers,
Mauri
So when you go direct to server b it works, and when you go via server
a it doesn't work? Doesn't sound like anything to do with mod_proxy,
sounds more like the browser refusing to run activex from a different
security context.

Is the HTML the same?
Do either of the servers report any errors in error_log?
Does the browser?
Have you tried different browsers?

Tom

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-***@httpd.apache.org
" from the digest: users-digest-***@httpd.apache.org
For additional commands, e-mail: users-***@httpd.apache.org
Mauri
2010-04-16 11:28:55 UTC
Permalink
I'm checking about security context.
The html request is the same.
I have set LogLevel to debug. In attach the log during the activex request.
There aren't errors.

I use I.E. 7 as browser, only.

If I connect to SERVERB the browser get the file .CAB (activex). The same if
I'm try to connect to SERVERA (proxy).

Thanks Tom.

Cheers,
Mauri
Post by Mauri
Post by Mauri
in this moment I don't use any others modules. I use mod_proxy and
mod_ssl,
Post by Mauri
only.
Then you mean that the apache mod_proxy don't blocks any activex request?
client --> SERVERA mod_proxy (ex.192.168.0.10) over HTTPS --> SERVERB web
server with activex (ex. 192.168.0.11) over HTTP
If I try to connect to SERVERB the browser read the activex, if I try to
connect to SERVERA the browser don't read the activex from the SERVERB.
I'll find the problem on SERVERB?
many thanks for your suggest.
Cheers,
Mauri
So when you go direct to server b it works, and when you go via server
a it doesn't work? Doesn't sound like anything to do with mod_proxy,
sounds more like the browser refusing to run activex from a different
security context.
Is the HTML the same?
Do either of the servers report any errors in error_log?
Does the browser?
Have you tried different browsers?
Tom
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
Eric Covener
2010-04-16 11:47:03 UTC
Permalink
Post by Mauri
I'm checking about security context.
The html request is the same.
I have set LogLevel to debug. In attach the log during the activex request.
There aren't errors.
On this list, you'll have to describe in concrete terms what it means
to "enable activex" and what you want an apache module to do, beyond
"make it work".

Perhaps you'd have better luck on a list more oriented towards activex.
--
Eric Covener
***@gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-***@httpd.apache.org
" from the digest: users-digest-***@httpd.apache.org
For additional commands, e-mail: users-***@httpd.apache.org
Tom Evans
2010-04-16 11:47:58 UTC
Permalink
Post by Mauri
I'm checking about security context.
The html request is the same.
I have set LogLevel to debug. In attach the log during the activex request.
There aren't errors.
I use I.E. 7 as browser, only.
If I connect to SERVERB the browser get the file .CAB (activex). The same if
I'm try to connect to SERVERA (proxy).
Thanks Tom.
Cheers,
Mauri
Is SERVERB under your control, or is it a third party site, like eg,
facebook.com, gmail.com etc.

Are you trying to proxy some site with a signed activex control, which
would indicate the website that the control should be used under, and
hence would fail to work if proxied to a different host.

I still don't think this has anything to do with Apache or mod_proxy -
mod_proxy will not change the HTML, the HTML indicates how the ActiveX
control should be loaded, and the control itself indicates the sites
it will run on. Apache cannot do anything about that..

Cheers

Tom

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-***@httpd.apache.org
" from the digest: users-digest-***@httpd.apache.org
For additional commands, e-mail: users-***@httpd.apache.org
Mauri
2010-04-16 12:39:27 UTC
Permalink
the SERVERB is under my control in my VLAN.

good question "signed activex control"...but in my case the problem exist in
the HTTPS connection, and HTTP, also.

Scenario 1
client --> SERVERA mod_proxy (ex.192.168.0.10) over HTTPS --> SERVERB web
server with activex (ex. 192.168.0.11) over HTTP
Scenario 2
client --> SERVERA mod_proxy (ex.192.168.0.10) over HTTP --> SERVERB web
server with activex (ex. 192.168.0.11) over HTTP

I have the same problem.

Then I don't need to this.

[quote]
mod_proxy will not change the HTML, the HTML indicates how the ActiveX
control should be loaded
[quote]
that is clear.

For Eric: i'm trying to find "towards activex"

Tom: Many thanks for all.

Cheers,
Mauri
Post by Mauri
Post by Mauri
I'm checking about security context.
The html request is the same.
I have set LogLevel to debug. In attach the log during the activex
request.
Post by Mauri
There aren't errors.
I use I.E. 7 as browser, only.
If I connect to SERVERB the browser get the file .CAB (activex). The same
if
Post by Mauri
I'm try to connect to SERVERA (proxy).
Thanks Tom.
Cheers,
Mauri
Is SERVERB under your control, or is it a third party site, like eg,
facebook.com, gmail.com etc.
Are you trying to proxy some site with a signed activex control, which
would indicate the website that the control should be used under, and
hence would fail to work if proxied to a different host.
I still don't think this has anything to do with Apache or mod_proxy -
mod_proxy will not change the HTML, the HTML indicates how the ActiveX
control should be loaded, and the control itself indicates the sites
it will run on. Apache cannot do anything about that..
Cheers
Tom
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
Eric Covener
2010-04-16 13:12:53 UTC
Permalink
For Eric: i'm trying to find  "towards activex"
That's not really any clearer.
--
Eric Covener
***@gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-***@httpd.apache.org
" from the digest: users-digest-***@httpd.apache.org
For additional commands, e-mail: users-***@httpd.apache.org
Mauri
2010-04-20 10:12:15 UTC
Permalink
Hi expert.

I'm sorry for the reply but I'm working for some days with no solution :(

I have this scenario:

SCENARIO 1)
client i.e.7 --> proxy with SSL --> web server in http (I tried https, also)
wireshark output (plain text) in attach: file "with_proxy.txt"

I have apache-2.2.3, mod_proxy and mod_ssl. Below all details.

SCENARIO 2)
client i.e.7 --> web server in http (I tried https, also)
wireshark output (plain text) in attach: file "without_proxy.txt"

In Scenario 2 my browser is running properly the ACTIVEX. In the file in
attach named "GET /reports/TeeFromWeb.asp?teefile=2010420112359_2_teeFile
HTTP/1.1 "
it working fine.
In Scenario 1 the browser don't running properly the activex.
If you see the attach the only difference id correlated to this GET:
"HTTP/1.1 200 OK (GIF89a)" . I suppose that the client interprets the file
as
per an image (GIF).
I don't undestand the reason.

Anyone can help me?

thanks for any suggest.

Cheers,
Mauri

# uname -a
Linux SRV01 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686
i386 GNU/Linux
# rpm -qa | grep http
httpd-manual-2.2.3-31.el5_4.2
system-config-httpd-1.3.3.3-1.el5
jakarta-commons-httpclient-3.0-7jpp.1
httpd-2.2.3-31.el5_4.2
httpd-devel-2.2.3-31.el5_4.2
# rpm -qa | grep ssl
openssl-devel-0.9.8e-7.el5
mod_ssl-2.2.3-31.el5_4.2
docbook-style-dsssl-1.79-4.1
openssl-0.9.8e-7.el
Post by Mauri
Post by Mauri
in this moment I don't use any others modules. I use mod_proxy and
mod_ssl,
Post by Mauri
only.
Then you mean that the apache mod_proxy don't blocks any activex request?
client --> SERVERA mod_proxy (ex.192.168.0.10) over HTTPS --> SERVERB web
server with activex (ex. 192.168.0.11) over HTTP
If I try to connect to SERVERB the browser read the activex, if I try to
connect to SERVERA the browser don't read the activex from the SERVERB.
I'll find the problem on SERVERB?
many thanks for your suggest.
Cheers,
Mauri
So when you go direct to server b it works, and when you go via server
a it doesn't work? Doesn't sound like anything to do with mod_proxy,
sounds more like the browser refusing to run activex from a different
security context.
Is the HTML the same?
Do either of the servers report any errors in error_log?
Does the browser?
Have you tried different browsers?
Tom
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
alin vasile
2010-04-20 11:37:21 UTC
Permalink
what is the activex area in your html?




________________________________
From: Mauri <***@gmail.com>
To: ***@httpd.apache.org
Sent: Tue, April 20, 2010 1:12:15 PM
Subject: Re: [***@httpd] Re: Apache module that enables ActiveX


Hi expert.

I'm sorry for the reply but I'm working for some days with no solution :(

I have this scenario:

SCENARIO 1)
client i.e.7 --> proxy with SSL --> web server in http (I tried https, also)
wireshark output (plain text) in attach: file "with_proxy.txt"

I have apache-2.2.3, mod_proxy and mod_ssl. Below all details.

SCENARIO 2)
client i.e.7 --> web server in http (I tried https, also)
wireshark output (plain text) in attach: file "without_proxy.txt"

In Scenario 2 my browser is running properly the ACTIVEX. In the file in attach named "GET /reports/TeeFromWeb.asp?teefile=2010420112359_2_teeFile HTTP/1.1 "
it working fine.
In Scenario 1 the browser don't running properly the activex.
If you see the attach the only difference id correlated to this GET: "HTTP/1.1 200 OK (GIF89a)" . I suppose that the client interprets the file as
per an image (GIF).
I don't undestand the reason.

Anyone can help me?

thanks for any suggest.

Cheers,
Mauri

# uname -a
Linux SRV01 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686 i386 GNU/Linux
# rpm -qa | grep http
httpd-manual-2.2.3-31.el5_4.2
system-config-httpd-1.3.3.3-1.el5
jakarta-commons-httpclient-3.0-7jpp.1
httpd-2.2.3-31.el5_4.2
httpd-devel-2.2.3-31.el5_4.2
# rpm -qa | grep ssl
openssl-devel-0.9.8e-7.el5
mod_ssl-2.2.3-31.el5_4.2
docbook-style-dsssl-1.79-4.1
openssl-0.9.8e-7.el
Post by Tom Evans
Post by Mauri
in this moment I don't use any others modules. I use mod_proxy and mod_ssl,
Post by Mauri
only.
Then you mean that the apache mod_proxy don't blocks any activex request?
client --> SERVERA mod_proxy (ex.192.168.0.10) over HTTPS --> SERVERB web
server with activex (ex. 192.168.0.11) over HTTP
If I try to connect to SERVERB the browser read the activex, if I try to
connect to SERVERA the browser don't read the activex from the SERVERB.
I'll find the problem on SERVERB?
many thanks for your suggest.
Cheers,
Mauri
So when you go direct to server b it works, and when you go via server
Post by Mauri
a it doesn't work? Doesn't sound like anything to do with mod_proxy,
sounds more like the browser refusing to run activex from a different
security context.
Is the HTML the same?
Do either of the servers report any errors in error_log?
Does the browser?
Have you tried different browsers?
Tom
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-***@httpd.apache.org
" from the digest: users-digest-***@httpd.apache.org
For additional commands, e-mail: users-***@httpd.apache.org
Mauri
2010-04-20 12:18:51 UTC
Permalink
I can't copy the source...in attach the screenshot. I hope it is useful

Many thanks.

Cheers,
Mauri
Post by alin vasile
what is the activex area in your html?
------------------------------
*Sent:* Tue, April 20, 2010 1:12:15 PM
Hi expert.
I'm sorry for the reply but I'm working for some days with no solution :(
SCENARIO 1)
client i.e.7 --> proxy with SSL --> web server in http (I tried https, also)
wireshark output (plain text) in attach: file "with_proxy.txt"
I have apache-2.2.3, mod_proxy and mod_ssl. Below all details.
SCENARIO 2)
client i.e.7 --> web server in http (I tried https, also)
wireshark output (plain text) in attach: file "without_proxy.txt"
In Scenario 2 my browser is running properly the ACTIVEX. In the file in
attach named "GET /reports/TeeFromWeb.asp?teefile=2010420112359_2_teeFile
HTTP/1.1 "
it working fine.
In Scenario 1 the browser don't running properly the activex.
"HTTP/1.1 200 OK (GIF89a)" . I suppose that the client interprets the file
as
per an image (GIF).
I don't undestand the reason.
Anyone can help me?
thanks for any suggest.
Cheers,
Mauri
# uname -a
Linux SRV01 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686 i386 GNU/Linux
# rpm -qa | grep http
httpd-manual-2.2.3-31.el5_4.2
system-config-httpd-1.3.3.3-1.el5
jakarta-commons-httpclient-3.0-7jpp.1
httpd-2.2.3-31.el5_4.2
httpd-devel-2.2.3-31.el5_4.2
# rpm -qa | grep ssl
openssl-devel-0.9.8e-7.el5
mod_ssl-2.2.3-31.el5_4.2
docbook-style-dsssl-1.79-4.1
openssl-0.9.8e-7.el
Post by Mauri
Post by Mauri
in this moment I don't use any others modules. I use mod_proxy and
mod_ssl,
Post by Mauri
only.
Then you mean that the apache mod_proxy don't blocks any activex
request?
Post by Mauri
client --> SERVERA mod_proxy (ex.192.168.0.10) over HTTPS --> SERVERB
web
Post by Mauri
server with activex (ex. 192.168.0.11) over HTTP
If I try to connect to SERVERB the browser read the activex, if I try to
connect to SERVERA the browser don't read the activex from the SERVERB.
I'll find the problem on SERVERB?
many thanks for your suggest.
Cheers,
Mauri
So when you go direct to server b it works, and when you go via server
a it doesn't work? Doesn't sound like anything to do with mod_proxy,
sounds more like the browser refusing to run activex from a different
security context.
Is the HTML the same?
Do either of the servers report any errors in error_log?
Does the browser?
Have you tried different browsers?
Tom
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
Eli Mazin
2010-04-20 12:21:15 UTC
Permalink
Extensive!! Call me on my cell

Eliahu(Elie)  Mazin
Network Engineer Security Information
A+, Network+,Security +,MCSE,MCSA,CCENT  CCNA,CCNP, CISSP 
Imperva , Bluecoat and F5 Expert
781 502 8882 Cell
Office: 781 560 5995
Email: ***@verizon.net


-----Original Message-----
From: alin vasile [mailto:***@yahoo.com]
Sent: Tuesday, April 20, 2010 7:37 AM
To: ***@httpd.apache.org
Subject: Re: [***@httpd] Re: Apache module that enables ActiveX

what is the activex area in your html?


________________________________

From: Mauri <***@gmail.com>
To: ***@httpd.apache.org
Sent: Tue, April 20, 2010 1:12:15 PM
Subject: Re: [***@httpd] Re: Apache module that enables ActiveX


Hi expert.

I'm sorry for the reply but I'm working for some days with no solution :(

I have this scenario:

SCENARIO 1)
client i.e.7 --> proxy with SSL --> web server in http (I tried https, also)
wireshark output (plain text) in attach: file "with_proxy.txt"

I have apache-2.2.3, mod_proxy and mod_ssl. Below all details.

SCENARIO 2)
client i.e.7 --> web server in http (I tried https, also)
wireshark output (plain text) in attach: file "without_proxy.txt"

In Scenario 2 my browser is running properly the ACTIVEX. In the file in
attach named "GET /reports/TeeFromWeb.asp?teefile=2010420112359_2_teeFile
HTTP/1.1 "
it working fine.
In Scenario 1 the browser don't running properly the activex.
If you see the attach the only difference id correlated to this GET:
"HTTP/1.1 200 OK (GIF89a)" . I suppose that the client interprets the file
as
per an image (GIF).
I don't undestand the reason.

Anyone can help me?

thanks for any suggest.

Cheers,
Mauri

# uname -a
Linux SRV01 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686
i386 GNU/Linux
# rpm -qa | grep http
httpd-manual-2.2.3-31.el5_4.2
system-config-httpd-1.3.3.3-1.el5
jakarta-commons-httpclient-3.0-7jpp.1
httpd-2.2.3-31.el5_4.2
httpd-devel-2.2.3-31.el5_4.2
# rpm -qa | grep ssl
openssl-devel-0.9.8e-7.el5
mod_ssl-2.2.3-31.el5_4.2
docbook-style-dsssl-1.79-4.1
openssl-0.9.8e-7.el
Post by Mauri
in this moment I don't use any others modules. I use mod_proxy and mod_ssl,
only.
Then you mean that the apache mod_proxy don't blocks any activex request?
client --> SERVERA mod_proxy (ex.192.168.0.10) over HTTPS -->
SERVERB web
Post by Mauri
server with activex (ex. 192.168.0.11) over HTTP
If I try to connect to SERVERB the browser read the activex, if I try to
connect to SERVERA the browser don't read the activex from the
SERVERB.
Post by Mauri
I'll find the problem on SERVERB?
many thanks for your suggest.
Cheers,
Mauri
So when you go direct to server b it works, and when you go via
server
a it doesn't work? Doesn't sound like anything to do with mod_proxy,
sounds more like the browser refusing to run activex from a
different
security context.

Is the HTML the same?
Do either of the servers report any errors in error_log?
Does the browser?
Have you tried different browsers?


Tom


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-***@httpd.apache.org
" from the digest: users-digest-***@httpd.apache.org
For additional commands, e-mail: users-***@httpd.apache.org





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-***@httpd.apache.org
" from the digest: users-digest-***@httpd.apache.org
For additional commands, e-mail: users-***@httpd.apache.org



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-***@httpd.apache.org
" from the digest: users-digest-***@httpd.apache.org
For additional commands, e-mail: users-***@httpd.apache.org
Eli Mazin
2010-04-20 12:22:54 UTC
Permalink
Vey extensive

Eliahu(Elie)  Mazin
Network Engineer Security Information
A+, Network+,Security +,MCSE,MCSA,CCENT  CCNA,CCNP, CISSP 
Imperva , Bluecoat and F5 Expert
781 502 8882 Cell
Office: 781 560 5995
Email: ***@verizon.net



-----Original Message-----
From: Eli Mazin [mailto:***@verizon.net]
Sent: Tuesday, April 20, 2010 8:21 AM
To: ***@httpd.apache.org
Subject: RE: [***@httpd] Re: Apache module that enables ActiveX

Extensive!! Call me on my cell

Eliahu(Elie)  Mazin
Network Engineer Security Information
A+, Network+,Security +,MCSE,MCSA,CCENT  CCNA,CCNP, CISSP 
Imperva , Bluecoat and F5 Expert
781 502 8882 Cell
Office: 781 560 5995
Email: ***@verizon.net


-----Original Message-----
From: alin vasile [mailto:***@yahoo.com]
Sent: Tuesday, April 20, 2010 7:37 AM
To: ***@httpd.apache.org
Subject: Re: [***@httpd] Re: Apache module that enables ActiveX

what is the activex area in your html?


________________________________

From: Mauri <***@gmail.com>
To: ***@httpd.apache.org
Sent: Tue, April 20, 2010 1:12:15 PM
Subject: Re: [***@httpd] Re: Apache module that enables ActiveX


Hi expert.

I'm sorry for the reply but I'm working for some days with no solution :(

I have this scenario:

SCENARIO 1)
client i.e.7 --> proxy with SSL --> web server in http (I tried https, also)
wireshark output (plain text) in attach: file "with_proxy.txt"

I have apache-2.2.3, mod_proxy and mod_ssl. Below all details.

SCENARIO 2)
client i.e.7 --> web server in http (I tried https, also)
wireshark output (plain text) in attach: file "without_proxy.txt"

In Scenario 2 my browser is running properly the ACTIVEX. In the file in
attach named "GET /reports/TeeFromWeb.asp?teefile=2010420112359_2_teeFile
HTTP/1.1 "
it working fine.
In Scenario 1 the browser don't running properly the activex.
If you see the attach the only difference id correlated to this GET:
"HTTP/1.1 200 OK (GIF89a)" . I suppose that the client interprets the file
as
per an image (GIF).
I don't undestand the reason.

Anyone can help me?

thanks for any suggest.

Cheers,
Mauri

# uname -a
Linux SRV01 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686
i386 GNU/Linux
# rpm -qa | grep http
httpd-manual-2.2.3-31.el5_4.2
system-config-httpd-1.3.3.3-1.el5
jakarta-commons-httpclient-3.0-7jpp.1
httpd-2.2.3-31.el5_4.2
httpd-devel-2.2.3-31.el5_4.2
# rpm -qa | grep ssl
openssl-devel-0.9.8e-7.el5
mod_ssl-2.2.3-31.el5_4.2
docbook-style-dsssl-1.79-4.1
openssl-0.9.8e-7.el
Post by Mauri
in this moment I don't use any others modules. I use mod_proxy and mod_ssl,
only.
Then you mean that the apache mod_proxy don't blocks any activex request?
client --> SERVERA mod_proxy (ex.192.168.0.10) over HTTPS -->
SERVERB web
Post by Mauri
server with activex (ex. 192.168.0.11) over HTTP
If I try to connect to SERVERB the browser read the activex, if I try to
connect to SERVERA the browser don't read the activex from the
SERVERB.
Post by Mauri
I'll find the problem on SERVERB?
many thanks for your suggest.
Cheers,
Mauri
So when you go direct to server b it works, and when you go via
server
a it doesn't work? Doesn't sound like anything to do with mod_proxy,
sounds more like the browser refusing to run activex from a
different
security context.

Is the HTML the same?
Do either of the servers report any errors in error_log?
Does the browser?
Have you tried different browsers?


Tom


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-***@httpd.apache.org
" from the digest: users-digest-***@httpd.apache.org
For additional commands, e-mail: users-***@httpd.apache.org





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-***@httpd.apache.org
" from the digest: users-digest-***@httpd.apache.org
For additional commands, e-mail: users-***@httpd.apache.org



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-***@httpd.apache.org
" from the digest: users-digest-***@httpd.apache.org
For additional commands, e-mail: users-***@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-***@httpd.apache.org
" from the digest: users-digest-***@httpd.apache.org
For additional commands, e-mail: users-***@httpd.apache.org
Mauri
2010-04-20 12:39:46 UTC
Permalink
I can't call u, i'm sorry :(
any idea,however?
Post by Eli Mazin
Extensive!! Call me on my cell
Eliahu(Elie) Mazin
Network Engineer Security Information
A+, Network+,Security +,MCSE,MCSA,CCENT CCNA,CCNP, CISSP
Imperva , Bluecoat and F5 Expert
781 502 8882 Cell
Office: 781 560 5995
-----Original Message-----
Sent: Tuesday, April 20, 2010 7:37 AM
what is the activex area in your html?
________________________________
Sent: Tue, April 20, 2010 1:12:15 PM
Hi expert.
I'm sorry for the reply but I'm working for some days with no solution :(
SCENARIO 1)
client i.e.7 --> proxy with SSL --> web server in http (I tried https, also)
wireshark output (plain text) in attach: file "with_proxy.txt"
I have apache-2.2.3, mod_proxy and mod_ssl. Below all details.
SCENARIO 2)
client i.e.7 --> web server in http (I tried https, also)
wireshark output (plain text) in attach: file "without_proxy.txt"
In Scenario 2 my browser is running properly the ACTIVEX. In the file in
attach named "GET /reports/TeeFromWeb.asp?teefile=2010420112359_2_teeFile
HTTP/1.1 "
it working fine.
In Scenario 1 the browser don't running properly the activex.
"HTTP/1.1 200 OK (GIF89a)" . I suppose that the client interprets the file
as
per an image (GIF).
I don't undestand the reason.
Anyone can help me?
thanks for any suggest.
Cheers,
Mauri
# uname -a
Linux SRV01 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686 i386 GNU/Linux
# rpm -qa | grep http
httpd-manual-2.2.3-31.el5_4.2
system-config-httpd-1.3.3.3-1.el5
jakarta-commons-httpclient-3.0-7jpp.1
httpd-2.2.3-31.el5_4.2
httpd-devel-2.2.3-31.el5_4.2
# rpm -qa | grep ssl
openssl-devel-0.9.8e-7.el5
mod_ssl-2.2.3-31.el5_4.2
docbook-style-dsssl-1.79-4.1
openssl-0.9.8e-7.el
Post by Mauri
in this moment I don't use any others modules. I use mod_proxy and
mod_ssl,
Post by Mauri
only.
Then you mean that the apache mod_proxy don't blocks any activex
request?
Post by Mauri
client --> SERVERA mod_proxy (ex.192.168.0.10) over HTTPS -->
SERVERB web
Post by Mauri
server with activex (ex. 192.168.0.11) over HTTP
If I try to connect to SERVERB the browser read the activex, if I
try to
Post by Mauri
connect to SERVERA the browser don't read the activex from the
SERVERB.
Post by Mauri
I'll find the problem on SERVERB?
many thanks for your suggest.
Cheers,
Mauri
So when you go direct to server b it works, and when you go via server
a it doesn't work? Doesn't sound like anything to do with mod_proxy,
sounds more like the browser refusing to run activex from a different
security context.
Is the HTML the same?
Do either of the servers report any errors in error_log?
Does the browser?
Have you tried different browsers?
Tom
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
Eli Mazin
2010-04-20 12:27:35 UTC
Permalink
ELIAHU (ELI)MAZIN
OFFICE : 781 560 5995 CELL: 781 502 8882 EMAIL: ***@VERIZON.NET
MCSA, MCSE, CCNA, CCNP, CISSP

SUMMARY: Senior Cyber Security /Network Security professional with over
twenty years of extensive experience in security and in designing and
maintaining large scale multi-vendor enterprise using WAN/LAN Networks.

OBJECTIVE: To find a “hands-on” permanent position within a stable company
where my 15 years of Cyber Security experience will be an asset.

STATUS: Green Card

ADDITIONAL QUALIFICATIONS
• 15 years Cyber Security
• 10 years Patch Management experience on Windows, UNIX and Red Hat
Linux
• 10 years experience in IDS, SAN, Cyber Best Practices, Risk
Assessment and Scripting (Perl & DHDL)
• 8 years Cyber Forensics (Encase & FDK)
Programming and Scripting Languages: Cobol, RGP ,PHP, Python and Perl

EDUCATION:

2000 Fairfield University (MOT), Fairfield
Master of Science in Technology Management

1978 Temple University, Philadelphia, PA
Bachelor of Business Administration, Major in Marketing, Minor in
Communication

1994 Law Degree University of Jerusalem Israel

1993 International Export and trading Tel Aviv Israel

1986 System Analyst Justus Liebig University Giessen Germany

Certifications: A+, Network+, Security+, MCSE, MCSA, CCENT, CCNA, CCNP, CCA,
CCEA, CISSP, Oracle, Six Sigma Black Belt. The Juniper (JNCIP) Firewall/VPN
certification
Languages: English, German, Hebrew, Arabic, Farsi, Yiddish, Aramaic,
Russian, and Dutch.
COMMUNITY AND SOCIAL ACTIVITIES:
Member of the Board of Directors: North and South Shore Jewish Federation,
Spanish Chamber Of Commerce Lawrence, and Lowell MA

SKILLS:
Protocols: TCP/IP, IPX, AppleTalk, DECNET
Routing Protocols: BGP, RIP, OSPF, Static Routing
Technical Training: Cisco ICRC & ACRC, Cisco Networkers 96, 97, 98, and
2000.
Foundry (Brocade): ServerIron 450 Load Balancer
Cisco Routers & Switches: 1600, 2500, 3810, 4000, 7000, 7200, 7500, 7600 and
GSR 120012 series routers w/IOS 10.x, 11.x, 12.x. Catalyst 3500, 3550,
3750, 4000, 4500, 5000, 5500 and 6500 series switches w/3.x, 4.x, 5x Code,
IOS and Supervisor I, II and III Cards as well as RSM’s and MSFC’s, Cisco
VPN 3000 Series Concentrators. Local Director 430, Pix Firewalls, and Cisco
Wireless Access Points, Cisco Secure ACS v4.1
Juniper Networks Equipment: Juniper Networks Secure Access 2000 and
Netscreen 50 Firewall.
Virtual Private Network (VPN) Experience: LAN-LAN, Nortel CES4600D VPN
Gateway and Cisco VPN 3000 Series Concentrators. BlueCoat SG 510C and
reporter. Secure Sphere WAF G4 from Imperva.
Management Software & Hardware: Spectrum Enterprise Manager, Spectrum
One-Click and Reporting Gateway, MRTG, Alcatel-Lucent VitalSuite Software
Performance Management. Enterasys switches chasis S N and X series,
stackable A B and C standalone D G and I routers . Enterasys WLAN
Controllers and Access Points with Direct Path Forwarding . Telephone
support .
Datalink/Physical Layer Experience: OC-3, OC-12, T1/T3, Frame Relay, ISDN,
FDDI, Ethernet (10/100/1000)
Datalink/Physical Layer/TEST Equipment: Larscom Access-T, Split-T, Mega-T.
Telco-Systems 828A T3 Multiplexers, Electrodata TTS 3 EZ-Tester II for T1
and T3 Testing, Network General Sniffer and Airmagnet Wireless Analyzer.
Nortel: Meridian Option 81C and 11C PBX, Call Pilot Voice Mail Systems,
Bridge Conferencing, OTM

SAN Administrator:
Systems/SAN/backup/network administrator/engineer with over twelve years of
experience
Install, Configure, Maintain & Admin Storage Environment & provide storage
space based on the business rqmts. Responsible for SAN Mgmt. Work with
Storage products from IBM, EMC, HP & NAS. Troubleshoot & support SAN & NAS
environments to deliver proactive solutions. Plan, design & implement
Virtual Infrastructure WAN & LAN deployment. Work with ECC SAN manager,
Solution enabler CLI, VMware ESX server. SAN, ESX, Linux, Windows, Solaris,
DR systems engineer/administrator for a global B2B processing (supply chain,
order management, electronic data interchange & logics) network. Seamlessly
migrated & implemented a new disaster redundant off-site production
datacenter using DBSi facilities, while upgrading & maintaining an existing
SunGard co-located remote data center. To support goals & initiatives we
migrated corporate headquarters to a new office park to increase space;
support & growth for technology; staff & customers. We utilized these
technologies to make projects & initiatives a reality: VMware
ESX/VCB/VIC/HA/DRS/VMotion on HP Blade Chassis’; Hyperic/nagios/Big Brother;
CommVault Galaxy; Sun Solaris; Red-Hat Enterprise Linux; SUN Solaris;
Microsoft Windows Server; EMC CLARiiON storage arrays; Oracle RAC/DataGuard;
Brocade SAN; Cisco network switches & Lenovo equipment
WORK EXPERIENCE

10/12/09 – Present STARWOOD HOTELS & RESORTS WORLDWIDE, INC Braintree, MA
Network Operations Manager(VOIP Specialist)/Contract
Maintain the data network around the world. Responsibilities include
managing the Network Operations team of 8 network engineers and 5 junior
network engineers. Cisco ASA (5505, 5510, 5520, 5540), MARS (identify and
Mitigate Security Threats). Expert knowledge of TCP/IP protocols and
standards. • Experience with network security tools such as Nessus, HFNet
Check, sniffers, TCP Dump and password cracking software. • Practical
knowledge of data and voice systems.
Skilled in conducting incident response investigations, Experience in
leading projects as a Project Manager.Strong knowledge of Cisco Netranger,
Intrushield, Activeworx Security Desktop, and Snort intrusion detection
event handling, Forensic analysis using manual techniques and with tools
such as Fport, Pstools, LADS, hexedit, strings, strace, InCtrl, and PE
Explorer; not limited to those tools listed, Comprehensive knowledge of the
TCP, UDP, and ICMP protocol packet analysis
Developed report templates to be used with penetration testing assessments
and forensic cases
Passive and Active OS detection tools ettercap, p0f, airodump, and
Ring RTO technique
Discovered and submitted several 0 day Trojans to Symantec for
creation of virus
definitions while conducting a forensics investigation on multiple
machines.
Wireless security assessments using tools such as aircrack, kismet,
airodump, void11, airplay
Network scanning tools: Nmap, Nessus, Webinspect, Appscan, Internet
Security
Scanner, kismet, and the use of hping to conduct IDLE host scanning; along
with other additional tools, Knowledge of methodologies pertaining to
implementing and performing vulnerability assessments, Strong understanding
of HIPPA, PCI, and ISO 27001standards, Proficient with various Linux
distributions Redhat, Ubuntu, Gentoo, and Traditional Unix. Developed
policies, procedures, work instructions, and statement of works
• Responsibilities include managing a global data network which
consists of a Core Backbone between 2 data centers in Braintree
Massachusetts and Houston Texas, Corporate Headquarters in White Plains New
York, Satellite data center in Phoenix Arizona and Starwood Vacation
Ownership in Orlando Florida.
• In addition to the Core Backbone, I am also responsible for managing
and maintaining the WAN connections for the Starwood Hotels properties which
consist of 3 vendors managed MPLS Network from AT&T, Orange, and SingTel and
1 non-managed MPLS WAN from AT&T. In addition to the MPLS WANs, we manage a
global IPSEC WAN with hubs in Braintree MA, Houston TX, London, and
Singapore.
• In addition to the Core and the property WANs, I am also responsible
for overseeing 3rd Party IPSEC Connections into the Starwood network as well
as Client VPN connections not only for 3rd party vendors but for all
corporate users within the Starwood Hotels and Resorts footprint.
• Additional work I am responsible for overseeing with my team,
include Firewall rule requests, Load Balancing configurations, DNS requests,
IP addressing maintenance and implementation of property WAN connections on
to the Starwood Network.
• Managed the relationship between vendors and Network Operations with
HP, IBM, AT&T, Orange Business Services, and SingTel.
• Worked with Starwood helpdesk management and AT&T to streamline and
improve the escalation process for AT&T’s EVPN MPLS Network.
• Responsible for network problem management and timely resolution of
network incidents.

ITIL process modeling, process design and organizational design. The
individual should also demonstrate business effectiveness skills such as
designing roadmaps for deploying processes for maintaining optimal IT
service. This position will vary in the scope of project responsibilities;
however generally this position will focus on designing and delivering
process solutions such as but not limited to all of the key ITIL Service
Management areas. The candidate should have a foundation understanding of
ITIL V3. Duties may include:

• Creation of process flows
• Lead process design sessions
• Develop supporting operational organizations
• Design Human Performance elements of an overall implementation
effort
• Designing and implementing ITIL and Operational processes
• Enablement of Human Performance elements of solutions that deliver
client value
• Assist in the designing of support process architectures for
critical business systems
• Experience in project management and detailed planning
• Some experience in Program and Project Leadership
• Leadership skills in both technical and process oriented initiatives

• Generating detailed documentation



9/08 –10/09 Genzyme, Framingham, MA
Network Security and Operations Manager (Contract)
CISCO LAN Switching, and Wireless. Switching technologies such as VLANs,
VLAN Trunking Protocol (VTP), Rapid Spanning Tree Protocol (RSTP), Per VLAN
Spanning Tree Protocol (PVSTP) and 802.1q. Configure, Verify and
troubleshoot VLANs, trunking on CISCO switches, interVLAN routing, VTP and
RSTP. Asa Fire Wall 5505 5510 Cisco, 5520, 5540, 5550.Cisco 3000 VPN
concentrator, Cisco VPN client. Securing Network with PIX and ASA, Cisco IPS
Specialist, Cisco VPN Specialist, and Cisco VPN/Security Sales Specialist.
• Routing Protocols and Concepts Configure and Certify router
interface, Vector routing protocols using Router information Protocol (RIP),
Configure IP address, Operation of the Enhanced interior Gateway Routing
Protocol (EIGRP), Operation of the Open Shortest Path First Protocol(OSPF)
,Snort, Nessus, nmap, ntop, NA/Sniffer Pro, snoop, tcpdump, ethereal and
other Open Source tools. Experience with BGP, ISIS, EIGRP, Radius, Tacacs+
and SNMP, Juniper Routers, particularly in a fully meshed, fault-tolerant
Gigabit Ethernet environment.Juniper SSL VPN Training• Juniper Firewall and
Advanced VPN, Juniper IDP
• Cisco Hardware 6500,4500,3800,3700,3600,2800,2600,1700,18000, Cisco
Works, Cisco IOS/CATOS
• Routing Protocols MPLS, OSPF, BGP, Spanning Tree, Vlans, 802.1q,
802.11 a, b, g, n.Cisco PIX 515/525 Firewalls,- Cisco ASA 5520/5525
Firewalls- Juniper Netscreen SSG 20 – SSG 520, M320 - Juniper 1/08 – 8/08
Pfizer, Groton CT
Network Engineer (Consultant) JUNIPER Firewall Contract
• Installs, configures supports, optimizes, and administers Juniper
Firewalls, F5 Big-IP LTM-6400 load balancers, and other equipment as
required.
• Maintained, and audits network documentation. Implements network
standards, processes, and security policies as documented.
• Provides support and maintains communication to campuses and
business units for IT related support functionalities .Analyzes production
monitoring statistics to identify optimization opportunities and
utilization/capacity trends.
• Identifies modifications to threshold monitoring triggers to improve
operations support. Communicates with vendor to open incidents and
troubleshoot vendor products, obtain system configurations and best practice
recommendations.
• Resolves help desk tickets as assigned and provides 24-hour on-call
support for problem analysis and resolution to network problems on a
rotational basis as defined by project demands.
• Training and mentoring to develop members of the team and other
technical resources as necessary.
• Responsibility for reliable operation of communications switching
systems and data communications networks, in support of multiple major
systems and a wide range of users and applications.
• Responsibility for reliable operation of communications switching
systems and data communications networks, in support of multiple major
systems and a wide range of users and applications.
•
* Virtualization products SME, sales and technical implementation; Citrix
XenServer, VMware ESX, and Microsoft Hyper V
* Entire Citrix product line SME, certified sales and technical support
resource
* Project management key resource for technical projects, team lead and task
ownership
* Supervisory duties across multiple departmental levels and succession
planning resource, go to person and mentor for technical support and
training and process development
* Knowledgeable about business processes and core operational applications
and risk analysis
*IT Systems administration
* Windows platform servers and workstation systems deployment and
administration
* Experience with various Microsoft products, including but not limited to,
Internet Information Server (IIS), Proxy Server, SQL Server, Systems
Management Server (SMS), all versions of Office product line, all versions
of Exchange mail servers and Outlook mail clients
* LAN/ WAN network administration, including firewalls, routers and
switches, Spam appliances, SSL VPN appliances, Cisco brand and others
* Security systems analysis and implementation
* Blackberry Enterprise Server (BES) administration and support
* Some exposure to telephony systems and design (VOIP, CallPilot, PBX,
Faxing)
* Enterprise Backup systems planning and deployment across disparate and
geographically dispersed business models
* High level of mechanical and technical knowledge. Superior diagnostic,
troubleshooting, and repair methodology and skills
* Server administration across enterprise Windows NT and Windows
2000/2003/2008 Active Directory domain models
* Enterprise cross platform, Windows - AS400 faxing system administration
and product specialist
* Lotus Domino / Notes systems administration, multiple versions across
Windows and AS400 platforms
* Primary contact point for outside vendors, project consultant resources
and manufacturer representation as required
* Experience with AS400 operating system platform
* Data Centre construction, configuration, and administration of Wintel
servers and components racks, power systems, cooling systems
* Anti-virus, intrusion prevention, update / patch management, fax
solutions, network monitoring and maintenance utilities, anti-spam
solutions, VPN client solutions
* Solutions provisioning on a consulting basis, methodology and process
determination and implementation
Professional Development
* Citrix technical certifications, CCEA, multiple CCA designations, and
Sales certifications (CCSP) across the complete Citrix product line (XenApp,
XenServer, XenDesktop, Netscaler, Provisioning Server, Edgesight)
* Virtualization solutions technical and product line training and industry
certifications


1/07- 12/07 JP Morgan Chase, Lowell, MA
Network Engineer Communication Analyst (Contractor)
• Serve as liaison between development team and business end-users
• Identify, assess, and document business requirements and functional
specifications, recommending business priorities, and advising business on
options, risks, and costs versus benefits of various solutions
• Responsible for working with the business to analyze business
requirements, providing technical expertise, and producing specifications
for any new / change in applications.
• Analyze impacts of proposed solutions on technology platforms
• Develop use cases to explain / demonstrate business requirements /
specifications to IT team
• Document test strategies ensuring that requirements documentation
can be easily translated into test scripts, and ensure that the proper
testing plans have been completed
• Develop and execute system integration test scripts and ensure the
testing results correspond to the business expectations. Identify and
communicate risks to delivering solution on time Understand the context in
which data is used within the business and match business requirements to
the sources of data within systems
• Work with analyst and development team to design solutions for
clients
• Define data quality plans to address data quality issues; work with
business partners to build business understanding of data issues .Help
analyze impact of proposed solution across shared services technology
Provide input to the development of formal business cases Responsible for
900 Clients conversion from AS2 to SSL in a Unix Windows Environment.
Extensive support with Customer utilizing JP Morgan polices such as Web
methods Tumbleweed. Payload security certificate setup X509, TPA agreements,
and UNIX directory setups for clients, Lotus notes 6.5. SSH Secure Shell.SNA
Architecture. EC gateway customer setup in Trading Network Environment FTP,
sFTPs and HTTPS, designing and implementing EC Gateway Architecture. Managed
Internet (EC Gateway) Managed Private Network.
Server 2008, -Exchange 2007, VMware, or other virtualization software
expertise. Reassess the effectiveness of network hardware, software, and
communications performance.
. Oversee all hardware, software and communications configuration and
troubleshooting.
. Ensure network equipment and software is meeting company needs as defined
in the distributed processing plan. Modify the distributed processing plan
as required.
. Conduct research and development in network systems and related
technologies.
. Establish procedures, policies, and operations for use of the network
systems including hardware, software, and communications devices. Maintain
up-to-date documentation for these procedures, policies, and operations.
. Work with IT staff to ensure the network environment is consistent with
company objectives and is compatible with existing applications and security
requirements.


2001 – 2006 Emaz Networking LLP, Wenham, MA (Owner)
Network Lead Engineer, Technology
• Cisco ASA devices, Cisco Wireless, including Aironet access point
and Wireless.
• LAN controllers, AirmaGNET.
• Skills: F5 3DNS/GTM appliance, Infoblox Network Service appliances,
Juniper.
• Netscreen products (Firewall and SSL VPN) Cisco CSS.
• Experience with copper and fiber structured cabling and resolving
connectivity issues. Familiarity with troubleshooting tools (Fluke, etc).
• WAN, LAN, and VoIP, structured cabling, OSPF, BGP routing.
• Cisco router and switch troubleshooting.
• Load Balancing with application ADCs. Node Host Server. Distributing
inbound traffic across multiple back-end destinations.
• Voip internet Security Systems (ISS)’ Proventia ® appliances offers
• Monitor the ticket queue for incoming tickets. Update tickets in
accordance to Service Level Agreement requirements and, if necessary,
escalate based on severity levels.
• Troubleshoot and identify sources of problems. Resolve configuration
problems concerned with the service line being supported (server, LAN/WAN,
voice, etc.)
• Companies worked with Checkpoint Israel, Maze Technology, and Nokia
Germany.
• Windows 2000/ 2003/ XP Operating system.
• Ran Cat5 and Cat3 cable and can test, splice and do punch downs.
• Installed and configured; Cat 3 for phone and Cat 5 for satellite
jacks, used in structured cabling and computer networks. HTML: As a Web
Developer for Emaz Networking , my responsibilities ranged from front-end
user interface design, to back-end relational database design and
development. I am an SEO Search Engine Optimization expert, and a Website
Optimization expert. My main development tools consist of: Adobe Photoshop,
Macromedia Dreamweaver 4, Dreamweaver MX, Dreamweaver UltrDev 4, and
UltraEdit consulting, scheduling, project delegation, designing and
developing websites, graphics creation, database programming, server-side
and client-side coding, search engine registration, billing, and determining
price for the project



2000 – 2001 Axent (Symantec Corp) Technologies Inc., Waltham, MA
Network Engineer and Security Analyst
• Windows NT/95/98/ME /2000 Operating system.
• OS support Compaq True 64, HP HP-UX 11.x, Linux, Microsoft Windows
2000, NT 4.0.x, Sun Solaris 6.1, 7.0.
• Raptor Firewall Customer security Support Engineer.
• Raptor Firewall 6.0 and 6.5 and Checkpoint Power 1 and VPN –1 Power.
• Types of firewall: Proxy with filtering.
• Types of application-level filtering: Exec, FTP, Login Shell, SMTP,
SQL, Telnet.
• Types of Authentication supported: Axent defender, Crypto.
• Performed hands-on vulnerability code assessment and managed
vulnerability issues found in Symantec products as a member of the Product
Security team. The team was responsible for the elimination of security
vulnerabilities that would put customers at risk and potentially damage the
company’s reputation as a security vendor.
• Designed and implemented a software program in the Ruby programming
language, to identify products using 3rd party components with newly
discovered vulnerabilities. This resulted in savings of over 5 hours a week
of manually monitoring security list for new vulnerabilities.
Perform the analysis, assessment, and approval of firewall security change
requests.
Ensure that changes imposing additional risk to the network enterprise are
documented and accepted by accountable parties. Perform security risk
assessments on changes to network design
- Perform threat modeling analysis to ensure accepted risks are properly
understood and accepted by accountable parties.
- Provide security consultation with customers for network and application
designs
- Assists enterprise with firewall configuration management documentation
- Contribute to the implementation of policies, procedures, standards, and
safeguards to maintain proper levels of security in network.
- Facilitate compliance with Information Security policy.
- Contributes to networks security architecture planning and standards
development.
- Assesses network and application designs for vulnerabilities and
compliance with architecture.
- Maintains a broad knowledge of state-of-the-art security technology,
equipment, and/or systems through independent research and attending
seminars.


1997 – 2000 TranSwitch Corporation, Shelton, CT
Network Engineer
• Windows NT/95/98/ME /2000 Operating system.
• Network Specialist/ System Administrator NT/Win 2000.
• Hardware maintenance of TranSwitch PC and Sun workstation networks.
• Hardware maintenance of all 5 global design centers PC and SUN
workstations networks.
• Software installation and revision installment of all IC design
software for TranSwitch.
• Daily, weekly, and monthly backups of all design data and software
database.
• Support, maintenance, and management of TranSwitch Local Area
Network.
• Support, maintenance, and management of TranSwitch Wide Area
Network. Security Firewalls (including various algorithms found in advanced
high level languages) and capacity administration of the existing networks.
Maintained strong working knowledge of pre-release products and take
ownership for product improvement in key product areas.
• Mentored front line support organizations.
• Consistently share best practices with team members.
• Configured and administered Servers, Networks, Firewalls, etc.
• Diagnosed problems replicate issues and creatively provide solutions
to customers.
• Networking concepts like TCP/IP transfers, packet captures, etc.
• Knowledge of HTTP and HTTPS protocols.
• Internet security.
• Strong UNIX admin skills plus shell scripting.
• Solaris/Linux workstations and servers, Windows desktops, laptops
and servers, centralized disk storage, and backup/restore systems.
• Solaris/Linux systems all flavors, Windows systems, and shell
scripting. Supported Cadence IC design tools, Synopsys tools, Open source
tools, Novell, and Lotus Notes.


1980 – 1997 Pa Consulting, Wenham, MA
System Administrator and Network Engineer
• Windows NT/95/98 operating systems.
• Consultant for training and supporting, troubleshooting.
• Local and remote area networks users worldwide.
• Managed security, Capacity planning, database support for SQL server
and maintain LAN nationwide office link.
• Administered a heterogeneous network running operating systems such
as Solaris, SunOS, AIX, Linux, Windows NT, Windows 95, and MacOS.


COMMUNITY AND SOCIAL ACTIVITIES:
Member of the Board of Directors: North and South Shore Jewish Federation,
Spanish Chamber Of Commerce Lawrence, and Lowell MA













Eliahu(Elie)  Mazin
Network Engineer Security Information
A+, Network+,Security +,MCSE,MCSA,CCENT  CCNA,CCNP, CISSP 
Imperva , Bluecoat and F5 Expert
781 502 8882 Cell
Office: 781 560 5995
Email: ***@verizon.net



-----Original Message-----
From: alin vasile [mailto:***@yahoo.com]
Sent: Tuesday, April 20, 2010 7:37 AM
To: ***@httpd.apache.org
Subject: Re: [***@httpd] Re: Apache module that enables ActiveX

what is the activex area in your html?


________________________________

From: Mauri <***@gmail.com>
To: ***@httpd.apache.org
Sent: Tue, April 20, 2010 1:12:15 PM
Subject: Re: [***@httpd] Re: Apache module that enables ActiveX


Hi expert.

I'm sorry for the reply but I'm working for some days with no solution :(

I have this scenario:

SCENARIO 1)
client i.e.7 --> proxy with SSL --> web server in http (I tried https, also)
wireshark output (plain text) in attach: file "with_proxy.txt"

I have apache-2.2.3, mod_proxy and mod_ssl. Below all details.

SCENARIO 2)
client i.e.7 --> web server in http (I tried https, also)
wireshark output (plain text) in attach: file "without_proxy.txt"

In Scenario 2 my browser is running properly the ACTIVEX. In the file in
attach named "GET /reports/TeeFromWeb.asp?teefile=2010420112359_2_teeFile
HTTP/1.1 "
it working fine.
In Scenario 1 the browser don't running properly the activex.
If you see the attach the only difference id correlated to this GET:
"HTTP/1.1 200 OK (GIF89a)" . I suppose that the client interprets the file
as
per an image (GIF).
I don't undestand the reason.

Anyone can help me?

thanks for any suggest.

Cheers,
Mauri

# uname -a
Linux SRV01 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686
i386 GNU/Linux
# rpm -qa | grep http
httpd-manual-2.2.3-31.el5_4.2
system-config-httpd-1.3.3.3-1.el5
jakarta-commons-httpclient-3.0-7jpp.1
httpd-2.2.3-31.el5_4.2
httpd-devel-2.2.3-31.el5_4.2
# rpm -qa | grep ssl
openssl-devel-0.9.8e-7.el5
mod_ssl-2.2.3-31.el5_4.2
docbook-style-dsssl-1.79-4.1
openssl-0.9.8e-7.el
Post by Mauri
in this moment I don't use any others modules. I use mod_proxy and mod_ssl,
only.
Then you mean that the apache mod_proxy don't blocks any activex request?
client --> SERVERA mod_proxy (ex.192.168.0.10) over HTTPS -->
SERVERB web
Post by Mauri
server with activex (ex. 192.168.0.11) over HTTP
If I try to connect to SERVERB the browser read the activex, if I try to
connect to SERVERA the browser don't read the activex from the
SERVERB.
Post by Mauri
I'll find the problem on SERVERB?
many thanks for your suggest.
Cheers,
Mauri
So when you go direct to server b it works, and when you go via
server
a it doesn't work? Doesn't sound like anything to do with mod_proxy,
sounds more like the browser refusing to run activex from a
different
security context.

Is the HTML the same?
Do either of the servers report any errors in error_log?
Does the browser?
Have you tried different browsers?


Tom


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-***@httpd.apache.org
" from the digest: users-digest-***@httpd.apache.org
For additional commands, e-mail: users-***@httpd.apache.org





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-***@httpd.apache.org
" from the digest: users-digest-***@httpd.apache.org
For additional commands, e-mail: users-***@httpd.apache.org



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-***@httpd.apache.org
" from the digest: users-digest-***@httpd.apache.org
For additional commands, e-mail: users-***@httpd.apache.org
Eli Mazin
2010-04-20 12:28:32 UTC
Permalink
Html experience see under emaz I am on the road call me if you need
something on my cell

Eliahu(Elie)  Mazin
Network Engineer Security Information
A+, Network+,Security +,MCSE,MCSA,CCENT  CCNA,CCNP, CISSP 
Imperva , Bluecoat and F5 Expert
781 502 8882 Cell
Office: 781 560 5995
Email: ***@verizon.net



-----Original Message-----
From: alin vasile [mailto:***@yahoo.com]
Sent: Tuesday, April 20, 2010 7:37 AM
To: ***@httpd.apache.org
Subject: Re: [***@httpd] Re: Apache module that enables ActiveX

what is the activex area in your html?


________________________________

From: Mauri <***@gmail.com>
To: ***@httpd.apache.org
Sent: Tue, April 20, 2010 1:12:15 PM
Subject: Re: [***@httpd] Re: Apache module that enables ActiveX


Hi expert.

I'm sorry for the reply but I'm working for some days with no solution :(

I have this scenario:

SCENARIO 1)
client i.e.7 --> proxy with SSL --> web server in http (I tried https, also)
wireshark output (plain text) in attach: file "with_proxy.txt"

I have apache-2.2.3, mod_proxy and mod_ssl. Below all details.

SCENARIO 2)
client i.e.7 --> web server in http (I tried https, also)
wireshark output (plain text) in attach: file "without_proxy.txt"

In Scenario 2 my browser is running properly the ACTIVEX. In the file in
attach named "GET /reports/TeeFromWeb.asp?teefile=2010420112359_2_teeFile
HTTP/1.1 "
it working fine.
In Scenario 1 the browser don't running properly the activex.
If you see the attach the only difference id correlated to this GET:
"HTTP/1.1 200 OK (GIF89a)" . I suppose that the client interprets the file
as
per an image (GIF).
I don't undestand the reason.

Anyone can help me?

thanks for any suggest.

Cheers,
Mauri

# uname -a
Linux SRV01 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686
i386 GNU/Linux
# rpm -qa | grep http
httpd-manual-2.2.3-31.el5_4.2
system-config-httpd-1.3.3.3-1.el5
jakarta-commons-httpclient-3.0-7jpp.1
httpd-2.2.3-31.el5_4.2
httpd-devel-2.2.3-31.el5_4.2
# rpm -qa | grep ssl
openssl-devel-0.9.8e-7.el5
mod_ssl-2.2.3-31.el5_4.2
docbook-style-dsssl-1.79-4.1
openssl-0.9.8e-7.el
Post by Mauri
in this moment I don't use any others modules. I use mod_proxy and mod_ssl,
only.
Then you mean that the apache mod_proxy don't blocks any activex request?
client --> SERVERA mod_proxy (ex.192.168.0.10) over HTTPS -->
SERVERB web
Post by Mauri
server with activex (ex. 192.168.0.11) over HTTP
If I try to connect to SERVERB the browser read the activex, if I try to
connect to SERVERA the browser don't read the activex from the
SERVERB.
Post by Mauri
I'll find the problem on SERVERB?
many thanks for your suggest.
Cheers,
Mauri
So when you go direct to server b it works, and when you go via
server
a it doesn't work? Doesn't sound like anything to do with mod_proxy,
sounds more like the browser refusing to run activex from a
different
security context.

Is the HTML the same?
Do either of the servers report any errors in error_log?
Does the browser?
Have you tried different browsers?


Tom


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-***@httpd.apache.org
" from the digest: users-digest-***@httpd.apache.org
For additional commands, e-mail: users-***@httpd.apache.org





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-***@httpd.apache.org
" from the digest: users-digest-***@httpd.apache.org
For additional commands, e-mail: users-***@httpd.apache.org
Eric Covener
2010-04-20 13:06:04 UTC
Permalink
Html   experience  see under emaz   I am on the road   call me if you need
something  on my cel
Don't post this garbage on this mailing list.
--
Eric Covener
***@gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-***@httpd.apache.org
" from the digest: users-digest-***@httpd.apache.org
For additional commands, e-mail: users-***@httpd.apache.org
Jason Nunnelley
2010-04-20 13:16:36 UTC
Permalink
Post by Eric Covener
Post by Eli Mazin
Html experience see under emaz I am on the road call me if you need
something on my cel
Don't post this garbage on this mailing list.
Or, a slightly nicer way to say this - there's a "Reply all" feature in
email. Use it. Delete the list email address from the recipients. We
don't want to read your interpersonal back and forth. It's fine, just
not public or useful to any of the rest of us. Since most of us read
hundreds, if not thousands of messages each and every day, we tend to
tire quickly of personal communications that don't include us.

If it's private, keep it private. If it's about Apache (and can help us
all), post it here.

Cheers,
--
Jason A. Nunnelley
+1 2562971652

http://www.google.com/profiles/imjasonn

[Member Tekany, LLC]


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-***@httpd.apache.org
" from the digest: users-digest-***@httpd.apache.org
For additional commands, e-mail: users-***@httpd.apache.org
Eric Covener
2010-04-20 14:04:59 UTC
Permalink
Post by Jason Nunnelley
Post by Eric Covener
Html   experience  see under emaz   I am on the road   call me if you need
something  on my cel
Don't post this garbage on this mailing list.
Or, a slightly nicer way to say this - there's a "Reply all" feature in
email. Use it. Delete the list email address from the recipients. We don't
want to read your interpersonal back and forth. It's fine, just not public
or useful to any of the rest of us. Since most of us read hundreds, if not
thousands of messages each and every day, we tend to tire quickly of
personal communications that don't include us.
If it's private, keep it private. If it's about Apache (and can help us
all), post it here.
I think this goes a bit beyond just the courtesy of branching off into
private correspondence, since this guy responded to a question on the
user support list with two copies of his Resume instead of a useful
answer.
--
Eric Covener
***@gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-***@httpd.apache.org
" from the digest: users-digest-***@httpd.apache.org
For additional commands, e-mail: users-***@httpd.apache.org
Mauri
2010-04-21 13:28:55 UTC
Permalink
Hi experts,

a question about my previous problem.

Scenario A)

client I.E. -> web server IIS (80)
when I login to web server , i'm reading 2 stable TCP connection in
connection.
All request from my i.e. to web server go troughput this 2 sessions. I don't
see any other connection.


Scenario B)

client I.E. -> apache mod_proxy (80) -> web server IIS (80)
when I login to web server , i'm reading 2 stable TCP connection in
connection.
All the request from my i.e. to web server close one session and generate a
new session.

Can I set the proxy as per Scenario A ?

Many thanks,
Mauri



apache mod_proxy system:
# uname -a
Linux SRV01 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686
i386 GNU/Linux
# rpm -qa | grep http
httpd-manual-2.2.3-31.el5_4.2
system-config-httpd-1.3.3.3-1.
el5
jakarta-commons-httpclient-3.0-7jpp.1
httpd-2.2.3-31.el5_4.2
httpd-devel-2.2.3-31.el5_4.2
# rpm -qa | grep ssl
openssl-devel-0.9.8e-7.el5
mod_ssl-2.2.3-31.el5_4.2
docbook-style-dsssl-1.79-4.1
openssl-0.9.8e-7.el
Eric Covener
2010-04-21 14:38:39 UTC
Permalink
Post by Mauri
when I login to web server , i'm reading 2 stable TCP connection in
connection.
All the request from my i.e. to web server close one session and generate a
new session.
What do you mean by session?
--
Eric Covener
***@gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-***@httpd.apache.org
" from the digest: users-digest-***@httpd.apache.org
For additional commands, e-mail: users-***@httpd.apache.org
Jonas Eckerman
2010-04-22 14:00:04 UTC
Permalink
Post by Mauri
a question about my previous problem.
What previous problem? And what on earth does this have to do with
enabling ActiveX?
Post by Mauri
Scenario A)
All request from my i.e. to web server go troughput this 2 sessions. I
don't see any other connection.
Scenario B)
All the request from my i.e. to web server close one session and
generate a new session.
Can I set the proxy as per Scenario A ?
Do you want the connection between the proxy and the server to be kept
alive rather than closed after each reqest?

If so, chek out the "keepalive" parameter to the "ProxyPass" config verb.

Regards
/Jonas
--
Jonas Eckerman
Fruktträdet & Förbundet Sveriges Dövblinda
http://www.fsdb.org/
http://www.frukt.org/
http://whatever.frukt.org/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-***@httpd.apache.org
" from the digest: users-digest-***@httpd.apache.org
For additional commands, e-mail: users-***@httpd.apache.org
Mauri
2010-04-22 14:56:49 UTC
Permalink
[quote]Do you want the connection between the proxy and the server to be
kept alive rather than closed after each reqest?[quote]
yes.
just this?
KeepAlive Off
in the <VirtualHost *:443>

thanks for the suggest.

cheers,
Mauri
Post by Mauri
a question about my previous problem.
What previous problem? And what on earth does this have to do with enabling
ActiveX?
Scenario A)
Post by Mauri
All request from my i.e. to web server go troughput this 2 sessions. I
don't see any other connection.
Scenario B)
Post by Mauri
All the request from my i.e. to web server close one session and
generate a new session.
Can I set the proxy as per Scenario A ?
Do you want the connection between the proxy and the server to be kept
alive rather than closed after each reqest?
If so, chek out the "keepalive" parameter to the "ProxyPass" config verb.
Regards
/Jonas
--
Jonas Eckerman
Fruktträdet & Förbundet Sveriges Dövblinda
http://www.fsdb.org/
http://www.frukt.org/
http://whatever.frukt.org/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
Jonas Eckerman
2010-04-22 15:12:43 UTC
Permalink
Post by Mauri
[quote]Do you want the connection between the proxy and the server to be
kept alive rather than closed after each reqest?[quote]
yes.
just this?
KeepAlive Off
in the <VirtualHost *:443>
No. That turns off keepalive between the browser and the proxy.

In order to turn on keepalive between the proxy and the server, use the
keepalive parameter to the proxypass command.

In order to allow keepalive between the browser and the proxy, set
KeepAlive On, not Off, for the host.

See Docs at:
<http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass>
<http://httpd.apache.org/docs/2.2/mod/core.html#keepalive>

Regards
/Jonas
--
Jonas Eckerman
Fruktträdet & Förbundet Sveriges Dövblinda
http://www.fsdb.org/
http://www.frukt.org/
http://whatever.frukt.org/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-***@httpd.apache.org
" from the digest: users-digest-***@httpd.apache.org
For additional commands, e-mail: users-***@httpd.apache.org
Mauri
2010-04-23 14:00:03 UTC
Permalink
many thanks jonas for your suggest. This is a part of my conf. Is it
correct?

[...]
KeepAlive On

ProxyRequests off
ProxyPass / http://10.173.90.171/
ProxyHTMLURLMap http://10.173.90.171 /
<Location />
ProxyPassReverse http://10.173.90.171/
ProxyHTMLEnable On
ProxyHTMLURLMap / /
RequestHeader unset Accept-Encoding
SetEnv proxy-nokeepalive 1
</Location>
Post by Mauri
[quote]Do you want the connection between the proxy and the server to be
Post by Mauri
kept alive rather than closed after each reqest?[quote]
yes.
just this?
KeepAlive Off
in the <VirtualHost *:443>
No. That turns off keepalive between the browser and the proxy.
In order to turn on keepalive between the proxy and the server, use the
keepalive parameter to the proxypass command.
In order to allow keepalive between the browser and the proxy, set
KeepAlive On, not Off, for the host.
<http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass>
<http://httpd.apache.org/docs/2.2/mod/core.html#keepalive>
Regards
/Jonas
--
Jonas Eckerman
Fruktträdet & Förbundet Sveriges Dövblinda
http://www.fsdb.org/
http://www.frukt.org/
http://whatever.frukt.org/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
Jonas Eckerman
2010-04-23 16:06:46 UTC
Permalink
Post by Mauri
many thanks jonas for your suggest. This is a part of my conf. Is it
correct?
I'm not clear on exactly what you want, so I'm guessing that you wan't
keepalive *on* both from browser to proxy and from proxy to server. I'm
also suspecting that you might have problems with connections between
proxy and server dropping out.

If this is not what you want, please correct my mistakes.

And I still have no idea why you think this has anything to do with ActiveX.
Post by Mauri
[...]
KeepAlive On
That allows keepalive for the connections from browser to proxy. My
guess is that this is what you want.
Post by Mauri
ProxyPassReverse http://10.173.90.171/
If you have problems with connections between proxy and server dropping
out, you could try using changing this to:

ProxyPassReverse http://10.173.90.171/ keepalive=On
Post by Mauri
SetEnv proxy-nokeepalive 1
That turns of keepalive *off* for conections from proxy to server. My
*guess* is that this is not what you want.

If you have problems with keeping connections alive between proxy and
server and the keepalive parameter to the proxypass directive didn't
help, this might help though.


/Jonas
--
Jonas Eckerman
Fruktträdet & Förbundet Sveriges Dövblinda
http://www.fsdb.org/
http://www.frukt.org/
http://whatever.frukt.org/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-***@httpd.apache.org
" from the digest: users-digest-***@httpd.apache.org
For additional commands, e-mail: users-***@httpd.apache.org
Mauri
2010-04-23 16:30:48 UTC
Permalink
Jonas, many thanks for your efforts to help me. Honestly I did not
understand what's the problem.
The anomaly I noticed is that:
Scenario A: client --> webserver application
The ActiveX (TeeChart) works. Sessions between client and WAS 2 are always
fixed (seeing the program TCPView on Windows)
Scenario B: client --> proxy --> webserver application
ActiveX (TeeChart) does not work. Sessions are many more as explained in
previous mail.

What I want is a test for setting the proxy between the client -> proxy ->
application only persistent sessions.
To do this I made these settings are correct?

ProxyPreserveHost On
MaxKeepAliveRequests 0
KeepAliveTimeout 60
KeepAlive On
ProxyRequests off
ProxyPass / http://10.173.90.171/
ProxyHTMLURLMap http://10.173.90.171 /
ProxyPassReverse http://10.173.90.171/ keepalive=On
ProxyHTMLEnable On
ProxyHTMLURLMap / /
RequestHeader unset Accept-Encoding
Post by Mauri
many thanks jonas for your suggest. This is a part of my conf. Is it
Post by Mauri
correct?
I'm not clear on exactly what you want, so I'm guessing that you wan't
keepalive *on* both from browser to proxy and from proxy to server. I'm also
suspecting that you might have problems with connections between proxy and
server dropping out.
If this is not what you want, please correct my mistakes.
And I still have no idea why you think this has anything to do with ActiveX.
[...]
Post by Mauri
KeepAlive On
That allows keepalive for the connections from browser to proxy. My guess
is that this is what you want.
ProxyPassReverse http://10.173.90.171/
If you have problems with connections between proxy and server dropping
ProxyPassReverse http://10.173.90.171/ keepalive=On
SetEnv proxy-nokeepalive 1
That turns of keepalive *off* for conections from proxy to server. My
*guess* is that this is not what you want.
If you have problems with keeping connections alive between proxy and
server and the keepalive parameter to the proxypass directive didn't help,
this might help though.
/Jonas
--
Jonas Eckerman
Fruktträdet & Förbundet Sveriges Dövblinda
http://www.fsdb.org/
http://www.frukt.org/
http://whatever.frukt.org/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
Jonas Eckerman
2010-04-23 20:16:12 UTC
Permalink
Post by Mauri
Jonas, many thanks for your efforts to help me. Honestly I did not
understand what's the problem.
I think you need to read a tutorial or a book explaining how HTTP works.
You seem to be confusing sessions with connections.
Post by Mauri
Scenario A: client --> webserver application
The ActiveX (TeeChart) works. Sessions between client and WAS 2 are
always fixed (seeing the program TCPView on Windows)
Since HTTP is not a connection oriented protocol (even though it is
normally used on top of TCP), sessions are independent from connections.
Sessions in HTTP are usually handled by cookies, but can also be handled
though query or post parameters.

I have absolutely no idea how your ActiveX thingy handles sessions.
Post by Mauri
Scenario B: client --> proxy --> webserver application
ActiveX (TeeChart) does not work. Sessions are many more as explained in
previous mail.
Sessions and connections are two very different things. One session can
be kept across multiple TCP connections, and it is possible (protocol
wise) to have multple sessions during one TCP connection.
Post by Mauri
What I want is a test for setting the proxy between the client -> proxy
-> application only persistent sessions.
You do not need persistent connections to have persistent sessions.

If your application uses cookies for sessions, you should check what the
cookies looks like. Especially you should check what (if any) host the
cookies are issued for. A host mismatch may make the browser ignore them.
Post by Mauri
To do this I made these settings are correct?
Not entirely. But it's hard to know since I don't know your setup or
your application. How doid it work when you tried it out on your test setup?
Post by Mauri
ProxyPassReverse http://10.173.90.171/ keepalive=On
As written outside of a container, this makes no sense. The
ProxyPassReverse directive needs to know what to change how.

Also, this is the wrong place to add the keepalive option. Sorry about
that. See more below.

Inside a suitable location container and without the keepalive=on, the
statement seems correct.

If your backend puts something else instead of http://10.173.90.171 in
headers handled by ProxyPassReverse, you'd need to add a
ProxyPassReverse for that. Please read the documentation at:
<http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypassreverse>

This does not take care of cookie based sessions though. If your
application issues session cookies with hostnames/domains you need
ProxyPassReverseCookieDomain as well. Please read:
<http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypassreversecookiedomain>
Post by Mauri
MaxKeepAliveRequests 0
KeepAliveTimeout 60
KeepAlive On
These settings configure wether or not to allow a browser to use
persistent TCP connections to your proxy. This does not mean that the
browser actually uses persistent connections, though most modern
browsers are likely to do so.

It does not configure sessions.
Post by Mauri
ProxyPassReverse http://10.173.90.171/ keepalive=On
This is wrong, and I apoligize for that. It was my mistake. (Of course,
if you had actually followed my advice and link and read the
documentation, and had read the rest of my replies, that should have
been clear.)

It should have been:
ProxyPass / http://10.173.90.171/ keepalive=On

Please note that this keepalive option means that the proxy tries keep
persistent connections to the backend from dropping out by regularly
sending a keepalive request. This only makes a difference if the backend
allows persintent connections, the server tries to use them, but for
some reason they are sometimes dropped.

Regards
/Jonas
--
Jonas Eckerman
Fruktträdet & Förbundet Sveriges Dövblinda
http://www.fsdb.org/
http://www.frukt.org/
http://whatever.frukt.org/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-***@httpd.apache.org
" from the digest: users-digest-***@httpd.apache.org
For additional commands, e-mail: users-***@httpd.apache.org
Mauri
2010-04-22 12:13:10 UTC
Permalink
Hi Eric. I mean this.

in the Scenario A I have the TCP connection as per image: persistent.png
in the Scenario B I have the TCP connection as per image:persistent2.png

Thanks Eric.

Cheers,
Mauri
Eric Covener
2010-04-22 12:26:53 UTC
Permalink
Post by Mauri
Hi Eric. I mean this.
in the Scenario A I have the TCP connection as per image: persistent.png
in the Scenario B I have the TCP connection as per image:persistent2.png
Please don't create thread after thread, and don't subject everyone on
the list to your screenshots.
--
Eric Covener
***@gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-***@httpd.apache.org
" from the digest: users-digest-***@httpd.apache.org
For additional commands, e-mail: users-***@httpd.apache.org
Eric Covener
2010-04-22 12:28:39 UTC
Permalink
Post by Mauri
Hi Eric. I mean this.
in the Scenario A I have the TCP connection as per image: persistent.png
in the Scenario B I have the TCP connection as per image:persistent2.png
Still no clue what you're trying to express. I just see 2 connections
in one screenshot and 3 in another.
--
Eric Covener
***@gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-***@httpd.apache.org
" from the digest: users-digest-***@httpd.apache.org
For additional commands, e-mail: users-***@httpd.apache.org
Mauri
2010-04-22 12:41:44 UTC
Permalink
Eric, I'm very sorry for the new thread but I'm no able to reply to original
thread.
As per the previous mail, I have this error, always! (by 2 days):
"Google tried to deliver your message, but it was rejected by the recipient
domain. We recommend contacting the other email provider for further
information about the cause of this error. The error that the other server
returned was: 552 552 spam score (6.1) exceeded threshold (state 18)."

What can i do? :(

About my problem.

Scenario A image: persistent.png

client I.E. -> web server IIS (80)
when I login to web server , I'm reading 2 stable TCP connection in
connection.
All requests from my i.e. to web server go through this 2 sessions. I don't
see any other connection

Scenario B image: persistent2.png

client I.E. -> apache mod_proxy (80) -> web server IIS (80)
when I login to web server , I'm reading 2 stable TCP connection in
connection.
All the request from my i.e. to web server close one session and generate a
new session.

Can I set the proxy as per Scenario A ?

Many thanks for any suggest, and sorry for this thread.

Mauri
Hendrik Schmieder
2010-04-22 12:46:12 UTC
Permalink
Post by Mauri
Eric, I'm very sorry for the new thread but I'm no able to reply to
original thread.
"Google tried to deliver your message, but it was rejected by the
recipient domain. We recommend contacting the other email provider for
further information about the cause of this error. The error that the
other server returned was: 552 552 spam score (6.1) exceeded threshold
(state 18)."
What can i do? :(
About my problem.
Scenario A image: persistent.png
client I.E. -> web server IIS (80)
when I login to web server , I'm reading 2 stable TCP connection in
connection.
All requests from my i.e. to web server go through this 2 sessions. I
don't see any other connection
Scenario B image: persistent2.png
client I.E. -> apache mod_proxy (80) -> web server IIS (80)
when I login to web server , I'm reading 2 stable TCP connection in
connection.
All the request from my i.e. to web server close one session and
generate a new session.
Can I set the proxy as per Scenario A ?
Many thanks for any suggest, and sorry for this thread.
Mauri
I think,

he speaks about keep-alive connections for
apache mod_proxy (80) -> web server IIS (80) ?

Hendrik




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-***@httpd.apache.org
" from the digest: users-digest-***@httpd.apache.org
For additional commands, e-mail: users-***@httpd.apache.org
Continue reading on narkive:
Loading...