<snip>
Thanks for your response.
>> A curious architectural choice to say the least that I must
>> not understand the reasoning behind.
>
> It is the standard choice for Apache to abort the startup on configuration
> errors and IMNSHO the right way to do it. If there is a problem in your
> httpd.conf, then it should be fixed immediately instead of spending time
> on startup, when you will still have to bring down the server again to fix
> the problem anyway. If for some reason you don't care enough about
> availability
> to test your configurations thoroughly outside of your production system, then
> you're asking for trouble and probably deserve the downtime.
See earlier post, other borgware products don't do this, so are we now
positioning this as a "feature" of Apache? All that would be left then is
to create a web page with borg-like phrases on it "This behavior is by
design."
Honestly, why make this an open sore?
:)
>
>> If BIND/DNS did this half of the
>> domains on the web wouldn't come up on any given day :)O
>>
>> That last part *is* whining. mod_ssl should not be allowed to hang the
>> process on startup, it should complain about oddities and continue
>> processing.
>
> No. Sure it would be preferable if it didn't hang, but it should _never_
> just continue processing - see the reasons stated above and add the security
> concern that a misconfigured server could allow intruders access to content
> that weren't supposed to be accessible ...
I fail to see how a site that is misconfigured, and has been sensed as such,
and is just aborted and we skip to the next one, presents any sort of
security issue. After all, the site is already down. Hard to exploit that
from the outside.
> ex1: if you misspell deny from all in an access control directive, should it
> then be ignored just allowing everybody access as if there was no directive
> at all?
It should barf for any sites affected and fail to start them, but start any
others that are no encumbered by the error.
> ex2: if there is no certificate defined on a HTTPS vhost, should it just
> serve plain HTTP instead?
No, crap/dump and log error, then proceed to next site. This is the
high-availability way.
Are we saying a single corrupted cert should bring down thousands of sites
while some poor human tries to figure out why? Bring the other 1999 up and
page that po boy.
> ex3: apache with 2000 vhost takes a while to start so would you want to
> go through that twice because you made a minor mistake with one vhost? or
> would you rather fix it right away and save the extra downtime?
> (and yes, these are more or less rethorical questions ;-)
Yes, do what you can to get it up, never say die, never surrender. In legal
terms "to the extent that all or part of this agreement in unenforcable,
such provision shall be severed and all other applicable portions of this
agreement will stay in effect."
Joint and Several Liability, et al. IANAL and could not play one on TV
because I am ugly :)
Chris
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
