Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search

[REBOL] Re: Problems with RSP manual installation

From: jvargas:whywire at: 20-Aug-2003 15:46

I had review the permissions, owner and group settings for the rsp.cgi, rspv.cgi and rebol files. They are all now owned by root in the group daemon, with 755 mod. But the problem still persist. I had run the cgi examples found in the site and they worked however RSP doesn't. If I execute rsp.cgi by itself it works but obviously doesn't execute anything. I know it works because I see the following in the rsp.log file: [20-Aug-2003/13:46:03-4:00] [info ] [none] none none -> none [20-Aug-2003/13:46:03-4:00] [fatal] [none] Unsupported method [ none ] ! Here is my rsp.conf file just in case: # cat conf/rsp.conf ; RSP configuration - Must respect REBOL syntax ; Default extension of REBOL scripts rebol-ext: "r" ; Suffix for checksum files check-ext: "chk" ; rebol2html templates tags rebol-start: "<%" rebol-end: "%>" ; log file path or none ; SECURITY WARNING : If not none, writing is allowed to this file. log-path: %/var/www/logs/rsp.log ; allow or not parsing of RSP templates and generation of REBOL scripts ; SECURITY WARNING : If true, writing is enabled in directories listed ; by rsp-dir. allow-rsp-parsing?: false ;true ; List every directories containing RSP templates, REBOL scripts or resources ; read by REBOL scripts. This list is also used as a file path to find files ; not found in current directory. ; SECURITY WARNING : Depending on allow-rsp-parsing?, read or read/write access ; is allowed in these directories. ; Tips: files can also be listed here if you do not want to allow access to ; a whole directory rsp-dir: [ ;TO CUSTOMIZE %/var/www/htdocs/ ] ; Do reparse RSP templates if modified (parsing must be enabled too) reload?: true ; Allow specifying the RSP script path in parameter ; SECURITY WARNING : If allowed, then anybody can read content of all ; directories and files set as readable by set-security (rsp-dir, log file, ; cache directory, session directory). Do not authorized this on a server ; connected to the Internet. allow-rsp-parameter?: false ; Session key length in characters ; SECURITY WARNING: The longest is the safiest (minimum: 20) ; A too long key may not be supported by URL rewriting (a URL can not be ; more than 256 characters long), and/or may not be supported by the server ; file system (if sessions are store on the disk). session-key-length: 30 ; If you want to use sessions, then set the session directory here. A file ; is created in this directory for each session. ; SECURITY WARNING : If not none, read/write access will be authorized in ; this directory. So always set it to none if you do not use sessions ; for better security. ; Tip: use a specific directory for sessions. ; Do not forget trailing / session-dir: %/var/www/htdocs/rsp-tmp/session/ ; Session timeout (default: 30')(must be of type time! not date!) ; Set it to none if you do not want timeout ; SECURITY WARNING: The session will be alive until the browser is closed ! ; PERFORMANCE WARNING: Set it to none if you do not plan to use sessions, ; thus avoiding timeout checking. session-timeout: none ; cache=none if all POST form processing must be done in memory ; SECURITY WARNING: It is recommended to always cache uploaded files both ; for better security and better performances. ; cache=%directory where the uploaded files must be placed. It must be ; a dedicated directory in order to control its size (compared to cache-size ; value). Cached files are automatically removed at the end of the request ; processing except for files explicitly kept with rsp/cache/keep. ; See decode-multipart-form-data for details. ; If you want to copy a file from the cache to another directory, then use ; fcopy function for better performances. ; SECURITY WARNING: Add read/write access to this directory cache: %/var/www/htdocs/rsp-tmp/cache/ ; Maximum cache size in kilobytes. none if no limit. ; SECURITY WARNING: if set to none, then the script is vulnerable to ; disk overload attacks. ; Default: 100000 (for 100Mo) ;TO CUSTOMIZE cache-size: 100000 ; mutlipart/form-data only. Maximum size of an uploaded file in ; kilobytes. none if no limit. ; SECURITY WARNING: if set to none together with cache-size, then the ; script is vulnerable to disk overload attacks. ; Default: 10000 (for 10Mo) ;TO CUSTOMIZE file-size: 10000 ; POST only. Maximum memory load for POST request in kilobytes. none if ; no limit. ; SECURITY WARNING: if set to none, then the script is vulnerable to memory ; overload attacks. ; Default: 100 (for 100Ko) memory-size: 100 ; Net access restrictions ; SECURITY WARNING: set this to true only if it is absolutely required by ; your scripts. It is required if you intend to connect to a database ; server for instance. net-allow?: true ; message sent when RSP detects an error. ; Tip: you can load a page with ; "default-error-message: read %location_of_the_error_page" default-error-message: {<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>Error</title></head><body><h1>Error</ h1>Failed to process the requested URL <% prin either system/options/cgi/path-info [ system/options/cgi/path-info ][ rsp/args/rsp ] %> !<p><hr><address>REBOL Server Pages at <% prin system/options/cgi/server-name %> Port <% prin system/options/cgi/server-port %></address></body></html>} ; mime types ; Usage: rsp/response/header/mime: select rsp/config/mime-list 'html mime-list: [ gif "image/gif" html "text/html" jpeg "image/jpeg" mid "audio/midi" mov "video/quicktime" octet-stream "application/octet-stream" pdf "application/pdf" png "image/png" rtf "application/rtf" text "text/plain" tiff "image/tiff" wav "audio/wav" xml "text/xml" ] And this is my httpd.conf file: # $OpenBSD: httpd.conf,v 1.15 2002/10/06 12:00:21 henning Exp $ # # Based upon the NCSA server configuration files originally by Rob McCool. # # This is the main Apache server configuration file. It contains the # configuration directives that give the server its instructions. # See <URL:> for detailed information about # the directives. # # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. # # After this file is processed, the server will look for and process # /var/www/conf/srm.conf and then /var/www/conf/access.conf # unless you have overridden these with ResourceConfig and/or # AccessConfig directives here. # # The configuration directives are grouped into three basic sections: # 1. Directives that control the operation of the Apache server process as a # whole (the 'global environment'). # 2. Directives that define the parameters of the 'main' or 'default' server, # which responds to requests that aren't handled by a virtual host. # These directives also provide default values for the settings # of all virtual hosts. # 3. Settings for virtual hosts, which allow Web requests to be sent to # different IP addresses or hostnames and have them handled by the # same Apache server process. # # Configuration and logfile names: If the filenames you specify for many # of the server's control files begin with "/" (or "drive:/" for Win32), the # server will use that explicit path. If the filenames do *not* begin # with "/", the value of ServerRoot is prepended -- so "logs/foo.log" # with ServerRoot set to "/usr/local/apache" will be interpreted by the # server as "/usr/local/apache/logs/foo.log". # ### Section 1: Global Environment # # The directives in this section affect the overall operation of Apache, # such as the number of concurrent requests it can handle or where it # can find its configuration files. # # # ServerType is either inetd, or standalone. Inetd mode is only supported on # Unix platforms. # ServerType standalone # # ServerRoot: The top of the directory tree under which the server's # configuration, error, and log files are kept. # # NOTE! If you intend to place this on an NFS (or otherwise network) # mounted filesystem then please read the LockFile documentation # (available at <URL:>); # you will save yourself a lot of trouble. # # Do NOT add a slash at the end of the directory path. # ServerRoot "/var/www" # # The LockFile directive sets the path to the lockfile used when Apache # is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or # USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be left at # its default value. The main reason for changing it is if the logs # directory is NFS mounted, since the lockfile MUST BE STORED ON A LOCAL # DISK. The PID of the main server process is automatically appended to # the filename. # #LockFile logs/accept.lock # # PidFile: The file in which the server should record its process # identification number when it starts. # PidFile logs/ # # ScoreBoardFile: File used to store internal server process information. # Not all architectures require this. But if yours does (you'll know because # this file will be created when you run Apache) then you *must* ensure that # no two invocations of Apache share the same scoreboard file. # ScoreBoardFile logs/apache_runtime_status # # In the standard configuration, the server will process httpd.conf, # srm.conf, and access.conf in that order. The latter two files are # now deprecated and not installed any more, as it is recommended that # all directives be kept in a single file for simplicity. # #ResourceConfig conf/srm.conf #AccessConfig conf/access.conf # # Timeout: The number of seconds before receives and sends time out. # Timeout 300 # # KeepAlive: Whether or not to allow persistent connections (more than # one request per connection). Set to "Off" to deactivate. # KeepAlive On # # MaxKeepAliveRequests: The maximum number of requests to allow # during a persistent connection. Set to 0 to allow an unlimited amount. # We recommend you leave this number high, for maximum performance. # MaxKeepAliveRequests 100 # # KeepAliveTimeout: Number of seconds to wait for the next request from the # same client on the same connection. # KeepAliveTimeout 15 # # Server-pool size regulation. Rather than making you guess how many # server processes you need, Apache dynamically adapts to the load it # sees --- that is, it tries to maintain enough server processes to # handle the current load, plus a few spare servers to handle transient # load spikes (e.g., multiple simultaneous requests from a single # Netscape browser). # # It does this by periodically checking how many servers are waiting # for a request. If there are fewer than MinSpareServers, it creates # a new spare. If there are more than MaxSpareServers, some of the # spares die off. The default values in httpd.conf-dist are probably OK # for most sites. # MinSpareServers 5 MaxSpareServers 10 # # Number of servers to start initially --- should be a reasonable ballpark # figure. # StartServers 5 # # Limit on total number of servers running, i.e., limit on the number # of clients who can simultaneously connect --- if this limit is ever # reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW. # It is intended mainly as a brake to keep a runaway server from taking # the system with it as it spirals down... # MaxClients 150 # # MaxRequestsPerChild: the number of requests each child process is # allowed to process before the child dies. The child will exit so # as to avoid problems after prolonged use when Apache (and maybe the # libraries it uses) leak memory or other resources. On most systems, this # isn't really needed, but a few (such as Solaris) do have notable leaks # in the libraries. # MaxRequestsPerChild 0 # # Listen: Allows you to bind Apache to specific IP addresses and/or # ports, in addition to the default. See also the <VirtualHost> # directive. # #Listen 3000 #Listen # # BindAddress: You can support virtual hosts with this option. This directive # is used to tell the server which IP address to listen to. It can either # contain "*", an IP address, or a fully qualified Internet domain name. # See also the <VirtualHost> and Listen directives. # #BindAddress * # # Dynamic Shared Object (DSO) Support # # To be able to use the functionality of a module which was built as a DSO you # have to place corresponding `LoadModule' lines at this location so the # directives contained in it are actually available _before_ they are used. # Please read the file README.DSO in the Apache 1.3 distribution for more # details about the DSO mechanism and run `httpd -l' for the list of already # built-in (statically linked and thus always available) modules in your httpd # binary. # # Note: The order is which modules are loaded is important. Don't change # the order below without expert advice. # # Example: # LoadModule foo_module libexec/ # # ExtendedStatus controls whether Apache will generate "full" status # information (ExtendedStatus On) or just basic information (ExtendedStatus # Off) when the "server-status" handler is called. The default is Off. # #ExtendedStatus On ### Section 2: 'Main' server configuration # # The directives in this section set up the values used by the 'main' # server, which responds to any requests that aren't handled by a # <VirtualHost> definition. These values also provide defaults for # any <VirtualHost> containers you may define later in the file. # # All of these directives may appear inside <VirtualHost> containers, # in which case these default settings will be overridden for the # virtual host being defined. # # # If your ServerType directive (set earlier in the 'Global Environment' # section) is set to "inetd", the next few directives don't have any # effect since their settings are defined by the inetd configuration. # Skip ahead to the ServerAdmin directive. # # # Port: The port to which the standalone server listens. For # ports < 1023, you will need httpd to be run as root initially. # Port 80 ## ## SSL Support ## ## When we also provide SSL we have to listen to the ## standard HTTP port (see above) and to the HTTPS port ## <IfDefine SSL> Listen 80 Listen 443 </IfDefine> # # If you wish httpd to run as a different user or group, you must run # httpd as root initially and it will switch. # # User/Group: The name (or #number) of the user/group to run httpd as. # . On SCO (ODT 3) use "User nouser" and "Group nogroup". # . On HPUX you may not be able to use shared memory as nobody, and the # suggested workaround is to create a user www and use that user. # NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET) # when the value of (unsigned)Group is above 60000; # don't use Group #-1 on these systems! # On OpenBSD, use user www, group www. # User www Group www # # ServerAdmin: Your address, where problems with the server should be # e-mailed. This address appears on some server-generated pages, such # as error documents. # ServerAdmin [you--your--address] # # ServerName allows you to set a host name which is sent back to clients for # your server if it's different than the one the program would get (i.e., use # "www" instead of the host's real name). # # Note: You cannot just invent host names and hope they work. The name you # define here must be a valid DNS name for your host. If you don't understand # this, ask your network administrator. # If your host doesn't have a registered DNS name, enter its IP address here. # You will have to access it by its address (e.g., # anyway, and this will make redirections work in a sensible way. # #ServerName # # DocumentRoot: The directory out of which you will serve your # documents. By default, all requests are taken from this directory, but # symbolic links and aliases may be used to point to other locations. # DocumentRoot "/var/www/htdocs" # # Each directory to which Apache has access, can be configured with respect # to which services and features are allowed and/or disabled in that # directory (and its subdirectories). # # First, we configure the "d