08 Mar 11 Modify JSESSIONID cookie path with apache and mod_headers

The question is: how can I change the path of the JSESSIONID cookie for a web application deployed in tomcat, jboss, or any other AS, and served by an apache reverse proxy (ProxyPass on mod_proxy, or jkMount on mod_jk) to add a trailing slash?

The answer is in mod_headers module. This module supports perl regular expression that you can use to substitute a string with another on any HTTP header, on the request or on the response.

We may want to add a trailing slash (mypath/) to the JSESSIONID cookie path, for example for security reasons.
This is the correct way (apache >= 2.2.4):
Header edit Set-Cookie "^(JSESSIONID=.*; Path=/YOUR_APP_PATH)(.*)$" "$1/$2"
eg:
Header edit Set-Cookie "^(JSESSIONID=.*; Path=/jsp-examples)(.*)$" "$1/$2"
The first attribute defines the regular expression that matches against the string that must be edited (the SESSIONID header in this case), the second attribute is the expression of the new string (the sessionid with the path modified with a trailing slash). Note that the expression begins with ‘^‘ character (it means: the string must begin with).
This kind of regexp defines that each match pattern is enclosed into brackets, so the first match is anything that begins with “JSESSIONID=”, have some kind of sub string (.*), and then contains “; Path=/jsp-examples”.
The second match is anything on the right of the path (.*).
The second argument implies that the string is composed by the first match, a slash, then the second match. So we have a cookie called JSESSIONID with a trailing slash added in the path.

If you don’t understand perl regular expression well, I advice you to get deeper into it, because it’s very very very useful for any sysadmin. There is very good documentation in internet, try to google “perl regular expression examples”.

Apache httpd is a very good and powerful piece of code, and it’s generally possible to do anything you can thinking of. You have only to know where to search, and the manual is generally the right place.

Ciao, Dino.

Tags: apache, cookie, proxy, server, sysadmin
Filed in Sysadmin pills with 0 Comments

05 Mar 11 Great event, great day

Today was one of the most productive day of the year for me. Codemotion event was great, full of great talks, good new ideas and tech staff demistified.
Great speech on orientdb and nosql by Luca Garulli and very good talk by Alessandro Nadalin: “REST in peace”, the RESTful + ESI correct usage.

Tags: codemotion, event, orientdb, rest, server
Filed in General news, What I'm doing with 0 Comments

02 Mar 11 ajax_proxy cross domain php in bundle with orientdb

I’m very happy that my simple proxy php script is now in bundle with a great product: orientdb.
Now, I’m going to take two beers!! Cheers!!!!

Tags: ajax, orientdb, php, proxy
Filed in General, General news, Open source, What I'm doing, What's hot with 0 Comments

08 Feb 11 NuvolaBase.com, the OrientDB on the Cloud

So this is finally there. NuvolaBase.com (alpha release) has been published yesterday at UIM-GDB in Barcelona by Luca Garulli, the OrientDB author.

I am really excited as TuxWeb cofounder for joining our technical collaboration with him for the alpha realization of this project.

I personally cover all the system administration and low level stuff.

– dAm2K!!

Tags: NuvolaBase, orientdb, server
Filed in Commercial news, General news, Notes, What's hot with 0 Comments

07 Feb 11 Finalmente arrivato a Barcellona

Eccomi finalmente in quel di Barcellona, con un ritardo complessivo di 4 ore e 15 minuti per colpa del volo Vueling.

L’hotel e’ fico e abbiamo anche la connettivita’ internet, molto veloce devo dire. Unica cosa: la porta rj45 era nascosta dietro la scrivania e l’albergatore e’ pazzo.

Domani mi spetta una giornata speciale. W i graphdb!!
http://www.dama.upc.edu/research-2/UIM-GDB

Filed in What I'm doing with 1 Comment

06 Feb 11 In volo per Barcellona…

In questo momento mi trovo all’aeroporto di Fiumicino, cercando di prendere un volo per Barcellona per assistere ad una conferenza internazionale sui GraphDB.

Mi trovo qui all’aeroporto ma il volo della compagia Vueling e’ stato spostato a data da destinarsi.
Quelli della Vueling ci hanno spostato su un altro volo, il problema e’ che ha tardato pure questo e il risultato e’ che siamo qui in attesa di partire… con tanto di bestemmie gratuite e variegate… e nel frattempo lavoriamo col PC e con il telefono.

Iniziamo bene quest’avventura…

Filed in What I'm doing with 0 Comments

07 Set 10 N4g10s monitoring system

Server Room – AD 2034

Sys techie 01A2B: Hey boss, we just had a complete network crash! It seems our main router got down 3 seconds ago, and the main network branch red blinks on our N4g10s monitoring system!!

Network Boss: Uhh… that’s strange, because it’s coupled with a network HA backup. Go upstairs to the router cabinet and check immediately!

Sys techie 01A2B: Ok boss. I’m going… …

Network Boss: what’s up?

Sys techie 01A2B: Hey boss, the two routers have been stolen!! The cables are detached and unlinked, no routers present here!!

Network Boss: mmmhhh… I’m getting there. Wait.

Sys techie 01A2B: .. Hey boss the routers are there now!! That was the cleaning lady! She thought there was time to clean the routers from dust…

Network Boss: ok ok, re create links, please. I’m going to handle angry users now… And get up and running quickly!

[A Angry User]: Hey, I am experimenting a network problem! What’s up?

Network Boss: Which network problem? There is not a network problem. Please retry.

[A Angry User]: mmhh… very strange, it now works! Sorry, that was a false negative. May be a client Winblows problem. Thank you.

Network Boss: Please double check next one. Hi man.

Tags: Linux, nagios, server
Filed in General, Open source with 0 Comments

24 Ago 10 Why do not host sites from your own home

I would not recommend you to host sites that way, you have to be sure that your ISP give you public IP(s) and setup your router to port forward ports 80, 443, 53, and so on.
There are other problems too:
1) if you want to host more than one site with SSL you must have one public IP for each SSL site or use different SSL ports for each site, because name virtualhosting with SSL is not possible;
2) dsl lines are not designed to be stable. The connection can go down and make your site not visible. This is a major problem if you make the mistake to have your own DNS server on it!! The ISP assigned public IP address can change more than one time a day and you have to sync the DNS zone each time.
3) dsl ips are putted into DNS based blacklists zones. You may not be reached from various HTTP proxy servers around the world. For the same reason you cannot send mails, for example originated from your sites.
4) adsl lines are asymmetric (unbalanced for download). You have few kbytes per second in upload, that is just what you need to publish web sites, so this can be a problem when you have just more than 3 users.
5) you probably have problems with High-Availability and Load-Balancing on domestic hardware and you may have blackouts.
6) DNS subsystem may need primary and secondary DNS servers.

The best way (imho) is to use services like slicehost where you have a HA virtual server slice running linux, public IP addresses, free primary and secondary DNS hosting service, large public bandwidth, disk space… and not last your own root password that you can use to have maintenance on your own server for your own.

https://manage.slicehost.com/customers/new?referrer=af57db3020e04bb27352e271753a7a18

Tags: apache, blacklist, dns, Linux, mailserver, server, sysadmin
Filed in Commercial news, Linux OS, Notes, Sysadmin pills with 0 Comments

26 Mar 10 Il tuo server linux personale

Se quello che hai sempre cercato e’ avere il tuo personalissimo server linux up and running 24 ore su 24, SliceHost e’ l’opzione giusta per te.

Questa meravigliosa azienda americana (in Italia purtroppo certe cose ce le sogniamo alla grande!) ha sviluppato un sistema automatico con interfaccia web in grado di fornirti in tempo reale per pochi dollari al mese una tua personalissima macchina virtuale con cui potrai realizzare e gestire il tuo server linux in tutta tranquillita’.
Banda e connettivita’ internazionale a internet non sono un problema e potrai scegliere tra vari tagli di offerte pronte per te.

Se sei interessato, dai un’occhiata al sito https://manage.slicehost.com/customers/new?referrer=af57db3020e04bb27352e271753a7a18 e affiliati anche tu.

Avrai la possibilita’ di scegliere la distribuzione linux che piu’ ti aggrada e il tuo server linux personale sara’ in piedi in pochi secondi.

Noi di TuxWeb lo stiamo utilizzando con successo per gestire i siti internet di alcuni nostri clienti.

Ciao, Dino – http://www.tuxweb.it/

Tags: apache, dns, Linux, mailserver, php, server, sysadmin
Filed in Commercial news, General news, Linux OS, Notes, Sysadmin pills, What's hot with 0 Comments

13 Mar 10 DynaBlast, and your access_log give you something

If you want an apache httpd server access_log scanner written in C that check for you every IP address that exceed a given number of hits in the last given time period, then DynaBlast is a tool that make sense for you.

This tool, released as usual in GPLv2, can be spawned every minute in crontab without the risk of having two instances running: we make use of a lock mechanism.
It has a fast mode that can skip already parsed line from a consecutive scan, so each time it runs, it play very fast.

In stdout you’ll get the scanning result. Ex:

blacklisted:10.248.220.43
blacklisted:23.212.121.165

You can download DynaBlast from here: http://www.tuxweb.it/?section=progetti/dynablast

Ciao, Dino.