#foswiki 2016-12-14,Wed

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)

WhoWhatWhen
***jesuisse has left [00:15]
................................................................................... (idle for 6h50mn)
ChanServ sets mode: +o MichaelDaum [07:05]
................................................................................ (idle for 6h38mn)
ChanServ sets mode: +o gac410 [13:43]
................... (idle for 1h30mn)
ChanServ sets mode: +o Lynnwood [15:13]
ChanServ sets mode: +o Lynnwood__ [15:20]
................... (idle for 1h34mn)
ChanServ sets mode: +o Lynnwood [16:54]
........ (idle for 38mn)
foswiki_irc2hello I need some assistance with foswiki 2.0.3 through a reverse proxy
I am getting "Error accessing Foswiki.org: Can't connect to 192.168.1.166:443 (certificate verify failed) " when i try to access All extensions when trying to browse through extensions in bin/configure
[17:32]
gac410foswiki_irc2: I don't know much about reverse proxies, but this doesn't sound right. It's probably considered a spoofed site because your 192.168... address is not the owner of foswiki.org
You might try changing the Repositories settings from https:// to http:// and see if you can get through without SSL.
[17:38]
foswiki_irc2Well the whole set up is through a restricted port through 443
all others through the proxy are set up to not allow 80 or 8080
also when I try to log in it redirects me back to the login again , the only way i can get back in is to click on "forgot password"
[17:40]
gac410login to where ... your site, or foswiki.org? [17:44]
foswiki_irc2to my site [17:45]
gac410okay that's a setting - we do IP matching by default to prevent certain spoofing attacks, but you can turn it off. [17:45]
foswiki_irc2ah ok yeah because the site is going through 2 different proxies
where is the setting for the spoofing?
[17:46]
gac410bin/configure Security and Authentication, Sessions tab, Turn on "Expert" settings, and de-select the Use IP Address matching setting. [17:46]
foswiki_irc2ah great I will give it a shot!
oh it was already de-selected
[17:47]
gac410For extensions installing, Extensions tab, Install-Update-Remove tab, {ExtensionsRepositories} field, change the https: in two places to http: [17:48]
foswiki_irc2ok ill try that also
Foswiki.org=(http://foswiki.org/Extensions/,http://foswiki.org/pub/Extensions/) was what it was already default to
[17:48]
gac410strange. We should not be redirecting to https. Ah, you are using https to the proxy?
What release of foswiki are you running?
[17:50]
foswiki_irc2yeah its under 443
This site is running Foswiki version v2.1.2
sorry not 2.0.3 , please disregard. the correct is 2.1.2
[17:51]
gac410LWP - the perl library we use for connections, is going to always verify cert hostnames by default. There is an ENV variable that can disable SSL hostname verification, but I've never tried it. [17:52]
foswiki_irc2oh i see, this might solve my other issue with the importexport excel plugin
you are talking about the foswiki perl library for client usage right not foswiki.org?
repo*
[17:52]
gac410right. under the covers, foswiki Net module which does the fetching of external resources uses LWP [17:54]
foswiki_irc2ah interesting... [17:55]
gac410The ENV variable is PERL_LWP_SSL_VERIFY_HOSTNAME .... set it to 0 to disable verification. There may also be a setting in configure ... checking
the configure setting is related to using SSL certs when sending email, and it defaults to false, so the ENV variable may be the best bet.
[17:55]
foswiki_irc2Sorry but where is this setting located inside the LWP.pm/
?
[17:59]
gac410no, it's an ENV variable. Need to set it somehow in the web server ENV ... Depends upon the web server and other stuff. [18:00]
foswiki_irc2im using apache 2.2 , so maybe an explicit statement for this?
i found .../LWP/Protocol/https.pm , inside has SSL_verify_mode and it is set to 1
[18:01]
gac410https://httpd.apache.org/docs/2.2/mod/mod_env.html#setenv [18:02]
foswiki_irc2ah thanks I will check it out [18:02]
gac410y, LWP a few years ago changed all their defaults to force certificate and hostname validations by default. Painful, but spoofing is a serious issue. [18:03]
..... (idle for 22mn)
***ChanServ sets mode: +o Lynnwood__ [18:25]
foswiki_irc2ok Mr.Clark , i found out i was missing half my apache2.2 conf
someone did something without telling me so login works better now i am going to test the extension repo
[18:27]
gac410thats good. I was trying to think of other things that would break login. Only other thing I could come up with was possibly cookie domains getting lost in your chain of proxies. [18:28]
foswiki_irc2haha yeah I lost a bunch of settings , human error always op [18:28]
............ (idle for 58mn)
ok Mr. Clark i found out the issue
setting proxy hosts to an explicit IP address , gave that error i mentioned
i deselected it so that it reverts back to default
and extensions are populating from the foswiki.org repo
[19:26]
gac410Note that if you use gac410 and not Mr. Clark ... I get a signal when my handle is mentioned. So I know to go look :)
So you don't need a proxy for outbound access?
[19:28]
foswiki_irc2heh sorry gac410 , i guess not . we'll see what else i can break ... stay tuned ...haha
@gac410 , I have another inquery. is there an option to not show the validation key upon login?
[19:29]
gac410you mean in the URL? not that I know of. [19:33]
foswiki_irc2ah ok [19:33]
gac410It's not particularly sensitive. [19:34]
foswiki_irc2ah good to know
I do have a question for Lynnwood about the importexportexcel plugin
[19:34]
gac410ping Lynnwood__ ... you around? [19:35]
foswiki_irc2oh thanks sorry [19:35]
gac410The underscore after a name often indicates that the user is offline - but client is lurking [19:35]
Lynnwood__gac410 here i is
i'm in and out
[19:35]
gac410Ah... foswiki_irc2 had an excelimportexport question [19:36]
Lynnwood__Lynnwood__ reading back [19:36]
gac410He didn't ask yet
:D
[19:36]
foswiki_irc2oh sorry lol [19:36]
Lynnwood__in that case /me waits patiently [19:36]
foswiki_irc2[Wed Dec 14 11:33:39 2016] [error] [client 192.168.X.XXX] Premature end of script headers: table2excel, referer: https:// excel file location omitted
browser error 500 in google chrome when trying to export a foswiki table into excel
foswiki 2.1.2 , apache 2.2 , behind a reverse proxy structure
port 443
[19:37]
Lynnwood__foswiki_irc2 - not sure i'll be able to help you there as i use the plugin almost entirely for importing records, not exporting. [19:38]
gac410Didn't you just remove the proxy and now extensions installer is working - might also fix this issue. [19:39]
foswiki_irc2heh that was the first thing i tried and got giddy about but no its still error 500 [19:39]
Lynnwood__in the distant past i tried it and was not happy with the results. If memory serves, it didn't do well witht he headers. [19:39]
gac410the "file location omitted" error does not seem to be in the plugin code itself, maybe from the external tools. I've never used that plugin myself. [19:40]
foswiki_irc2i have RequestHeader set X-Forwarded-Proto "https"
should i relax those params?
[19:40]
Lynnwood__For exporting tables to excel, i've found better tools.
not requiring server side processing.
[19:40]
foswiki_irc2oh i typed the file location omitted sorry
if you do have another method to export excel and import excel do tell!
[19:40]
gac410foswiki_irc2: I've used a plugin to format a table as a csv, and then import it that way. [19:41]
foswiki_irc2oh ok! csv , have not tried that
i will try it
[19:41]
Lynnwood__Recently i've used a jquery plugin that will export tables in a number of formats, including xlsx, sql, csv, pdf, png [19:42]
gac410I used the FilterPlugin EXTRACT macro to pull out the table cells as CSV [19:43]
Lynnwood__yes, i've used that approach also [19:43]
foswiki_irc8sorry browser crashed [19:44]
gac410https://foswiki.org/Extensions/FilterPlugin#Examples [19:44]
foswiki_irc8oh awesome i will check that out [19:44]
Lynnwood__https://github.com/kayalshri/tableExport.jquery.plugin
this is the plugin i've used. I create it as it's own application topic which I can then just INCLUDE it into any topic containing a table where I want to provide the feature. I set it up so that I can provide parameters for the name of the output file, etc.
[19:44]
gac410That seems like it would be a nice one to bundle up into a Plugin Lynnwood__ ;) [19:48]
foswiki_irc8that would be awesome to use the same macros as the previous plugin [19:49]
Lynnwood__indeed... it might be a good one for me to learn how define & process plugin-related macro. [19:49]
foswiki_irc8i will try the text to excel method until there is a Lynnwood designed excel plugin [19:51]
Lynnwood__here's info on the jquery plugin since i see the github page doesn't have a link to demo: http://w3lessons.info/2015/07/13/export-html-table-to-excel-csv-json-pdf-png-using-jquery/ [19:51]
foswiki_irc8oh awesome thanks i will give it a whirl [19:51]
Lynnwood__not as neat as a plugin but pretty close...
as yo can see from the demo, it does a lot more than just excel export. JSON, XML, PNG, TXT, CSV, SQL, MS-WORD, MS-EXCEL, MS-Powerpoint & PDF
ah. here's the author's demo page: http://ngiriraj.com/pages/htmltable_export/demo.php
[19:53]
gac410Lynnwood__: Have you ever worked with the WikiDrawPlugin? It isn't working very well any more :( [19:57]
Lynnwood__i only looked at it again recently because a potential client inquired. But they didn't follow up so i didn't look further. I kind of assumed it was not going to work well.
i thought perhaps there would be a better, more modern solution out there but don't think i found one.
[19:58]
gac410The bundled javascript is really old, and it seems to play with the zones to provide an old version of jquery 1.4.x iirc
On 2.1 I only get a blank canvas, no buttons, icons, etc. On 1.1.9 it works, but the x.y positioning of mouse is way off, and it won't save.
I suppose I'll continue to fiddle with it. Probably toss out all the zone overrides and try to use it with the current jquery we ship.
[19:59]
Lynnwood__that would make sense.
The underlying plugin svg-edit doesn't look very active.
last updates where in 2014
[20:01]
gac410It's on github now https://github.com/SVG-Edit/svgedit seems to be active [20:03]
Lynnwood__well that's good... [20:04]
gac410Not *real* active, but there is some ongoing development. [20:04]
foswiki_irc8I have another question. I am trying to also put a bugzilla + SVN query function for foswiki 2.1.2, does the bugzilla + SVN databases have to be on the same server? [20:06]
gac410no idea.
How are you trying to access bugzilla?
[20:06]
foswiki_irc8eh just query bugs from another server
like a search function and check out the status of it through foswiki
Target Milestone: Component: Status: Retrieve Bugzillas
<input type="submit" class="foswikiSubmit" value="Retrieve Bugzillas">
[20:07]
gac410There was a very old Bugzilla plugin on TWiki that was never ported to Foswiki. It would need a lot of work to port it I suspect
https://github.com/foswiki/BugzillaLinkPlugin
[20:09]
foswiki_irc8hm ok i will try it out [20:10]
gac410never mind
All it does is link to an external bugzilla, no searching, etc. And as I said, it was not ported, so nothing availabe to install.
Probably nobody thought it was usefull enough to port.
Ah... and there was also https://github.com/foswiki/BugzillaQueryPlugin that one can query a remote server. Also never ported or kept up to date with the twiki version.
[20:10]
Lynnwood__Doing a look around, SVG-Edit still appears to be the most capable drawing package available.
In particular, the ability to create shapes and then link them which is useful for creating various diagrams
[20:17]
gac410I wonder if it would serve as a replacement for jhotdraw that Lavr was so concerned about.
Upset about java being deprecated as a browser side client.
[20:18]
...... (idle for 25mn)
foswiki_irc8ah ok
@gac410 thank you!
[20:43]
gac410If you are interesting in porting the BugzillaQueryPlugin, you could "fork" it on github and have a go at it. [20:45]
.................... (idle for 1h37mn)
foswiki_irc8yeah I tried it and I will have to map everything to it and see how to do it across servers ill get back to you on that
@gac410 i have a question about Unsafe redirect to https://192.168.2.0, 192.168.2.0/wiki/bin/manage/foswiki_redirect_cache/4e3e71617246f9759db5d7000a14e435 is denied. The requested host does not match https://192.168.2.0, and is not in {PermittedRedirectHostUrls}.
i get this when i try to bulk register
bulk password reset for 1 user
https://192.168.2.0/wiki/bin/oops/System/BulkResetPassword?template=oopsredirectdenied;def=redirect_denied;param1=https://192.168.2.0%2c%20192.168.2.0/wiki/bin/manage/foswiki_redirect_cache/4e3e71617246f9759db5d7000a14e435;param2=https://192.168.2.0
i think its redirecting or rewriting it wrong or something
[22:22]
gac410Is https://192.168.2.0 listed in either the DefaultUrlHost or the list of alternate hostnames?
bin/configure General Settings Show expert, PermittedRedirectHostUrls
[22:23]
foswiki_irc8yeah https://192.168.2.0 is under defaulturlhost
and under PermittedRedirectedHostUrls
[22:26]
gac410strange. Not sure why you would get that error then. [22:27]
foswiki_irc8is this dependent on any webserver security settings? [22:27]
gac410I don't think so, but I have never used a proxy, or even seen one used, so no idea. [22:27]
foswiki_irc8ah ok i will mess with it a bit more
thanks
[22:28]
gac410unless somehow the wrong host is being written into the redirect_cache file.
Are you accessing foswiki locally, or from behind the proxy?
[22:28]
foswiki_irc8accessing foswiki through reverse proxy
param1=https://192.168.2.0%2c%20192.168.2.0/wiki/bin/manage/foswiki_redirect_cache/4e3e71617246f9759db5d7000a14e435;param2=https://192.168.2.0 this part
writing it in duplicate
%2c% is the security header plugin scrubbing it
[22:29]
gac410not familiar with that plugin. If something is altering the urls that might cause trouble. [22:30]
foswiki_irc8its showing the same behaviors as when i didnt have direct hosts
hm ok i will see if i can turn it off and try it again
[22:30]
gac410Does the browser actually use https://192.168.2.0 or is that the IP that foswiki sees behind the proxy [22:31]
foswiki_irc8yeah i don't have dns yet in my developer environment
https://192.168.2.0 is my proxy
[22:32]
gac410I just don't have the facilities here to build a network with proxies to test. IIRC there is a path where foswiki can use it's "real IP" instead of the proxy IP when generating the redirect cache. But it's a difficult fix. [22:35]
foswiki_irc8hm its ok I will figure something out i think. is there a way an admin can force a user to reset their password through email
other than bulk password?
[22:36]
gac410Force a reset, no. That would be nice to have for sure - change on next login for eg.
I think bulk reset should have worked, not sure though.
[22:37]
foswiki_irc8yeah i will have to play around with the settings a bit more but i am closer than before , thanks [22:38]
gac410ie the redirect happens at the very end, so it may have still been processed. just ugly,. [22:38]
foswiki_irc8ah i will check with my test subject to see if the user received anything [22:38]
gac410I remember vaguely the issue with the redirect cache. .. .unfortunately it looks like a task was not opened. I think that the issue is when we generate the cache, we encode the entire url, instead of the pieces, where we would honor the ForceDefaultUrlHost override.
But the fix is a bit of a rewrite ... and then some.
[22:43]
foswiki_irc8I think it will help the proxying a bit better with all the rewrite statements in the webserver
but i will keep messing with it , and start fresh again tomorrow, thank you for your help and support @gac410
i really appreciate it
[22:45]
gac410yw ... I'll try to recall what the cache issue was and will open a task. We ran into it testing an early alpha version of Foswiki 3.0 with PSGI/Plack behind a proxy that served static files. So nothing mainline at all. [22:48]
foswiki_irc8alright thank you
!
[22:51]
......... (idle for 44mn)
gac410foswiki_irc8: I'm not seeing where BulkReset actually does a redirect. I does a POST to the bin/manage script. [23:35]
..... (idle for 20mn)
Maybe something specific to the proxy config. Or by any chance are you getting a "Validation" redirect -where you have to click ok to proceed with the reset? maybe the problem is there.
Anyway, I'm not seeing the issue.
There is a trace in lib/Foswiki/Request/Cache.pm that you could enable to trace redirecting. But note that it could possibly reveal sensitive info into your logs.
use constant TRACE_CACHE => 1;
to enable tracing the redirect cache.
[23:55]

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)