Another alternative would be to have the nonce also possibly set at config-time and, if unset, then use the uuid. That way it could also be used as a sort of shared-secret ;)
ProxySet nonce="applepie!" Longer term, I think that's a more "strategic" solution. On Aug 31, 2012, at 2:14 PM, Stefan Fritsch <s...@sfritsch.de> wrote: > On Friday 31 August 2012, Eric Covener wrote: >> I'm fighting a problem on new releases of AIX where in some >> environments, /dev/random seems to run out of entropy way too >> quick. >> >> I'd like a way to suppress the apr_uuid_get-> >> apr_generate_random_bytes() in mod_proxy_balancer used for the >> balancer-manager nonce in affected environments. >> >> I was thinking a global "BalancerManager off" could be used for >> this and would also have the upside of fixing the SetHandler >> htaccess problem. >> >> Alternatives would be to find a weaker source for the nonce, or >> allow tto opt out / use a hard-coded one. >> >> Any suggestions? > > For 2.4, you could use ap_random_insecure_bytes(). It should be good > enough for a nonce. > > If you add a "BalancerManager off", it should be per directory, or at > least per vhost. Otherwise it would not help that much with the > SetHandler htaccess problem. >