Re: [AOLSERVER] More on caching content...
Check the format of the Expires header. It must be in RFC 1123 date format, which, if I understand the documentation, looks like the line below. Expires: Thu, 01 Dec 1994 16:00:00 GMT Also, make sure you know how to clear the cache on Apache. I think "rm -rf /var/www/cache/*" will work. Clearing the cache as you troubleshoot will help you avoid having something cached blocking the caching of your new request. Also, try also sending a Last-Modified header or setting "CacheIgnoreNoLastMod On" Janine Sisk wrote: > Trying again... anyone??? Bueller? :) > > > I'm getting closer... CacheIgnoreCacheControl helped. > > There was actually one place in OpenACS that might have been adding > the cache-control header (in acs-tcl/tcl/request-processor-procs.tcl) > but I commented that out a long time ago and it didn't make any > difference. > > Now, with the CacheIngoreCacheControl directive, the home page gets > cached properly. This is progress!! However, dynamic URLs are still > not being cached. For example, both of these URLs work: > > translator.com/gate/gb/traditional-site.com/public/index > translator.com/gate/gb?url=traditional-site.com/public/index > > The former gets cached, the latter does not. > > The reason for this is that mod_cache doesn't cache URLs with query > variables unless either they contain an Expires directive or you turn > on CacheIgnoreQueryString. But the latter is rather destructive as it > returns the same content for all pages - not what one wants. > > I went into the OpenACS request processor and added the expires > header; you can see it if you telnet to the page, so I know it > worked, but it's somehow not making it back to Apache (it's not in the > cached headers, and dynamic URLs are still not being cached). > > Any ideas how a header could get "lost" between AOLserver and Apache? > > Oh, and before anyone suggests this I did try adding an expiration via > mod_expires in Apache, but that had no effect either. I didn't really > expect it to, since that's not the request being cached, but it was > worth a try. > > Thanks for everyone's patience with this mostly-OT topic! > > janine > > PS Here's the relevant part of my httpd.conf file: > > # mod_cache/mod_mem_cache > LoadModule cache_module modules/mod_cache.so > LoadModule disk_cache_module modules/mod_disk_cache.so > > CacheEnable disk / > # seconds (86400 = 1 day) > CacheDefaultExpire 86400 > CacheIgnoreNoLastMod On > CacheIgnoreCacheControl On > # seconds (2678400 = 31 days) > CacheMaxExpire 2678400 > > # KB > #MCacheSize 524288 > MCacheSize 262144 > MCacheMaxObjectCount 1000 > # bytes > MCacheMinObjectSize 1 > # bytes > MCacheMaxObjectSize 524288 > > > CacheRoot /var/www/cache > CacheDirLevels 1 > CacheDirLength 4 > CacheMaxFileSize 524288 > CacheMinFileSize 1 > > > > #LoadModule headers_module modules/mod_headers.so > #Header set Cache-Control "max-age=999" > > #LoadModule expires_module modules/mod_expires.so > #ExpiresActive On > #ExpiresDefault M86400 > > LoadModule proxy_module modules/mod_proxy.so > LoadModule proxy_http_module modules/mod_proxy_http.so > ProxyRequests Off > > Order deny,allow > Allow from all > > > #ProxyPassMatch /(.+) http://staging-big5.hrichina.org/$1 > ProxyPassMatch /(.+) http://209.162.194.27:8081/$1 > > > On Apr 13, 2009, at 12:47 PM, David Walker wrote: > >> To aid your troubleshooting, I would recommend a grep or other >> full-text search of the code running on AOLServer to determine if >> there are any circumstances where it would generate a cache-control >> header. >> >> Your telnet test may not give you all of the data you desire without >> a full set of headers on the request side. The "Tamper Data" add-on >> for Firefox will allow you to observe the interaction (headers and >> all) between your browser and the web server. >> >> The CacheIgnoreCacheControl directive may allow you to force Apache >> to cache regardless of whether there is a cache-control directive. >> >> http://httpd.apache.org/docs/2.0/mod/mod_cache.html >> >> Janine Sisk wrote: >>> This is only peripherally related to AOLserver, but there are so >>> many helpful and knowledgeable people on this list, I'm hoping >>> someone will recognize this. >>> >>> I'm still working on that Apache/Tomcat caching thing I wrote about >>> a few days ago. The client is insisting on Apache and nothing but
Re: [AOLSERVER] More on caching content...
To aid your troubleshooting, I would recommend a grep or other full-text search of the code running on AOLServer to determine if there are any circumstances where it would generate a cache-control header. Your telnet test may not give you all of the data you desire without a full set of headers on the request side. The "Tamper Data" add-on for Firefox will allow you to observe the interaction (headers and all) between your browser and the web server. The CacheIgnoreCacheControl directive may allow you to force Apache to cache regardless of whether there is a cache-control directive. http://httpd.apache.org/docs/2.0/mod/mod_cache.html Janine Sisk wrote: > This is only peripherally related to AOLserver, but there are so many > helpful and knowledgeable people on this list, I'm hoping someone will > recognize this. > > I'm still working on that Apache/Tomcat caching thing I wrote about a > few days ago. The client is insisting on Apache and nothing but > Apache, so I haven't investigated Squid, Varnish or anything else so far. > > I figured out how to use mod_cache to get Apache to cache the content, > but it's kind of useless because there's a "Cache-Control: max-age=0" > header that causes it to request a new copy every time. The problem > is, I can't figure out where it's coming from. > > I've eliminated Tomcat from the loop entirely, so the fault lies > somewhere between AOLserver and Apache: > > - telnet to AOLserver directly - no cache-control at all > > GET /public/index HTTP/1.0 > > HTTP/1.0 200 OK > Set-Cookie: > ad_session_id=82810106%2c0%2c0+%7b514+1239579021+56A366FC5E92AF28DB87E48214C6C4CE8C0581BB%7d; > Path=/; Max-Age=1200 > MIME-Version: 1.0 > Date: Sun, 12 Apr 2009 23:10:21 GMT > Server: AOLserver/4.0.10 > Content-Type: text/html; charset=utf-8 > Content-Length: 127358 > Connection: close > > - have Apache send request to AOLserver via mod_proxy (ProxyPassMatch) > - has Cache-Control with max-age=0 > > Last-Modified: Mon, 30 Mar 2009 11:26:14 GMT > MIME-Version: 1.0 > Date: Sun, 12 Apr 2009 23:03:02 GMT > Server: AOLserver/4.0.10 > Content-Type: image/gif > Content-Length: 395 > > User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; en-us) > AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1 > Referer: http://pug.furfly.com:8080/public/index > *Cache-Control: max-age=0* > Accept: */* > Accept-Language: en-us > Accept-Encoding: gzip, deflate > > - use mod_headers to add a Cache-Control header - now we have two: > > Last-Modified: Mon, 30 Mar 2009 11:26:14 GMT > MIME-Version: 1.0 > Date: Sun, 12 Apr 2009 23:15:04 GMT > Server: AOLserver/4.0.10 > Content-Type: image/gif > Content-Length: 395 > *Cache-Control: max-age=999* > > User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; en-us) > AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1 > Referer: http://pug.furfly.com:8080/public/index > *Cache-Control: max-age=0* > Accept: */* > Accept-Language: en-us > Accept-Encoding: gzip, deflate > > > It appears that Apache is adding the rogue header, but I don't know > how to tell it to stop! > > Any suggestions? > > janine > > --- > Janine Sisk > President/CEO of furfly, LLC > 503-693-6407 > > > > > -- AOLserver - http://www.aolserver.com/ > > To Remove yourself from this list, simply send an email to > with the body of "SIGNOFF AOLSERVER" in > the email message. You can leave the Subject: field of your email blank. > -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
Re: [AOLSERVER] Generating Dynamic PDF's from AOLs
We use html2pdf (create an html file, convert using html2pdf, offer the outputted pdf for download) On Tuesday 09 December 2003 05:49 am, Steve Manning wrote: > Hi People > > I want to create a PDF version of a database report for downloading. > Does anyone know of a way to dynamically generate PDF's within > AOLserver? > > Thanks > > Steve > > -- > Steve Manning <[EMAIL PROTECTED]> > > > -- > AOLserver - http://www.aolserver.com/ > > To Remove yourself from this list, simply send an email to > <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the > email message. You can leave the Subject: field of your email blank. -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
[AOLSERVER] nscgi idea
I've been thinking of this idea for a while but never found time to implement it. When last I looked nscgi created the environment for the cgi program using ns_sets. I've been wanting to manipulate those ns_sets to communicate from tcl to the cgi program and to manipulate the cgi program. (change the query string, supply auth info, etc) I am interested in a couple of new commands. Any thoughts? ns_cgi_prep Prepare the cgi environment ns_set and return setId Syntax ns_cgi_prep url Description ns_cgi_prep sets up the cgi environment for url and returns setId for the ns_set containing the environment. ns_cgi_exec Execute a cgi with environment from setId for url Syntax ns_cgi_exec url setId Description ns_cgi_exec executes a cgi program referred to by url with environment in setId and returns the output. -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list: http://www.aolserver.com/listserv.html List information and options: http://listserv.aol.com/
Re: [AOLSERVER] ADP: are if's possible?
The legal liability doesn't relate to ifs. It relates to the fact that the adp, if it hits an error (any error), does not error out but instead silently logs the error and displays the rest of the page. Now the visitor will see a web page with a section missing which may alter the meaning of the page. Any page which contains a legal statement could then display an altered legal statement. Generally I think it is better to design pages with no errors, "catch" errors you expect, and monitor the error logs and fix errors you didn't expect while alerting the visitor to the page that the page is not functioning as expected. On Saturday 15 March 2003 02:36 pm, Jeremy Cowgar wrote: > I'm certian that if you could have the ability to execute HTML inside of a > if statement that you would also have the ability to do it the old way as > well. > > Jeremy > > On Saturday 15 March 2003 05:43 pm, David Walker wrote: > > This is a legal liability for me as my web page may display without > > important information in the case of a coding error. In my case it is > > much better to display an error than to display what appears to be a > > complete page. > > -- > AOLserver - http://www.aolserver.com/ > To Remove yourself from this list: http://www.aolserver.com/listserv.html > List information and options: http://listserv.aol.com/ -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list: http://www.aolserver.com/listserv.html List information and options: http://listserv.aol.com/
Re: [AOLSERVER] ADP: are if's possible?
This is a legal liability for me as my web page may display without important information in the case of a coding error. In my case it is much better to display an error than to display what appears to be a complete page. On Saturday 15 March 2003 02:15 pm, Rob Mayoff wrote: > +-- On Mar 15, Kevin Lawver said: > > Is there some super-good reason why this very nice feature hasn't been > > included in the default fancy parser? > > The idea was to have standalone code segments, so that if a code segment > has an error, the remainder of the page can still be rendered. > > I suggested an implementation strategy a while ago for allowing the > code style in your example, with the error-tolerance of the current ADP > system. Jim Davidson seemed to agree that it was a good idea, so perhaps > it will be implemented in a future release. > > > > I. To remove yourself from this list: > > Send a message to "[EMAIL PROTECTED]" with the following text in > the BODY of your message: > > signoff aolserver > > II. For a complete list of listserv options please visit: > > http://listserv.aol.com/ > > III. For more AOLserver information please visit: > > http://www.aolserver.com/ -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list: http://www.aolserver.com/listserv.html List information and options: http://listserv.aol.com/
Re: [AOLSERVER] Any way to time connections?
Last time I looked (aolserver 3.3 or 3.4) the logs were being written after the filters ran so it would be theoretically possible to log the output of some proc if that proc retrieved information set in your filters (like openacs does with authentication) On Thursday 27 February 2003 08:49 am, alfred wrote: > That's EXACTLY what I'm looking for :) It appears the hooks are there - > I'm not sure if you saw my second post - I found a page at > http://sdm.openacs.org/wp/display/140/141.wimpy that at least shows how to > establish timing from within a page. The trick is (I think) that nslog > writes early in the process. > > FWIW, I had an exchange a while back with Scott G about wanting to store > the openacs standard user ID (cookie based) in the user and group field in > the logs (general idea being - a setting in nsd.tcl that has a cookie name > and a proc name - if the cookie by that name exists, call the proc to get > username) but from what I can tell logs are written too early / > asynchronously for that to be practical. I'm just generally trying to get > a slightly more 'standard' set of data into the logs :) > > On Thu, 27 Feb 2003, Nathan Folkman wrote: > > Not currently, but I'm looking at what it would take to add this > > functionality - similar to what's available in Apache. Apache logs the > > time it takes the server to serve the page, from the request to when > > the last byte is served, into the access log. Would this be useful for > > you? > > > > - Nathan > > > > On Wednesday, February 26, 2003, at 10:41 PM, alfred wrote: > > > I've been doing some reading up on 'datamining weblogs' and time to > > > serve > > > pages always seems to come up as a factor. Is there a way to log this > > > without writing into every page? :) > > > > > > TIA, > > > Alfred Werner > > I. To remove yourself from this list: Send a message to "[EMAIL PROTECTED]" with the following text in the BODY of your message: signoff aolserver II. For a complete list of listserv options please visit: http://listserv.aol.com/ III. For more AOLserver information please visit: http://www.aolserver.com/
Re: [AOLSERVER] [MLIST] [AOLSERVER] ns_register_filter problem
You want "filter_return" instead of "filter_break"
filter_break just stops running filters and continues with the connection
On Monday 17 February 2003 02:41 pm, Ross Simpson wrote:
> Hello,
>
> I'm trying to use ns_register_filter, and am running into difficulties.
>
> I have the following code in an init.tcl:
>
> ns_register_filter postauth GET /*/bob mqa.processHostedRequest
> ns_register_filter postauth POST /*/bob mqa.processHostedRequest
>
> mqa.processHostedRequest looks like this:
>
> proc mqa.processHostedRequest {trash} {
> if [catch {
> ns_return 200 text/html [ns_adp_parse -file /path/to/common.adp]
> } err] {
> mqa.logError "mqa.processHostedRequest: '$err'"
> }
> return filter_break
> }
>
>
> I would like common.adp to be parsed and returned, and then for the
> connection to be closed -- no attempt should be made to actually load
> 'bob', since it doesn't exist.
>
> This is only half-working. The parsing is happing and I'm seeing the
> output, but afterward, I get a second set of headers:
>
> HTTP/1.0 404 Not Found
> MIME-Version: 1.0
> Date: Fri, 14 Feb 2003 21:31:46 GMT
> Server: AOLserver/3.5.5
> Content-Type: text/html
> Content-Length: 21499
> Connection: close
> Content-Type: text/html
> Content-Length: 547
>
> Notice the two sets of Content-Type and Content-Length headers.. strange.
>
> Does anyone have any idea what's going on here?
> I could see getting a 404 if aolserver was trying to load the requested
> page, since it doesn't exist. From the docs (ns_register_filter, postauth
> section:
>
> * TCL_BREAK (using: return "filter_break"): The server will not
> process any more post-authorization filters for this connection,
> and it will run the function registered to handle this request.
>
> Thoughts? Ideas?
>
> thanks
> Ross
>
>
> --
> Ross Simpson
> Associate Software Engineer | MapQuest.com
> [EMAIL PROTECTED] | 303.312.0187
Re: [AOLSERVER] mailman and aolserver
http://ccm.redhat.com/bboard-archive/webdb/000Z6o.html The ArsDigita post is reproduced in the bug report. On Sunday 02 February 2003 10:09 am, Peter M. Jansson wrote: > I think bug 230479 is the SCRIPT_NAME bug, although the aD Q&A entry it > cites is no longer visible, as it appears these archives were not moved to > RedHat. The bug is currently assigned to kriston; I don't know how to > attach the bug to the beta group, but perhaps you can do it? > > On Sunday, February 2, 2003, at 10:36 AM, Nathan Folkman wrote: > > In a message dated 2/2/03 10:34:08 AM, [EMAIL PROTECTED] writes: > > > > > > > > I have read on the Wikit Wiki that nscgi sets the SCRIPT_NAME variable > > incorrectly, but the report did not include an instance of what it should > > have been vs what it was, and no bug was filed on the AOLserver > > SourceForge tracker, as far as I know. I don't think anyone has a patch > > for this. > > > > > > > > If someone could please file a bug under the aolserver_v4_r0_beta_1 group > > and we'll take a look. > > > > - Nathan
Re: [AOLSERVER] Is Aolserver vulnerable?
How do you register this filter?
I have a list of methods I check for but I would prefer to watch for all that
are not get/post/head
On Wednesday 22 January 2003 04:53 pm, Jerry Asher wrote:
> Scott Goodwin wrote:
> > have the source code.
> >
> > We use AOLserver for EMIS, which is not vulnerable. I've added extra
> > checking to the EMIS request processor 5 minutes ago to log any attempts
> > to use HTTP methods that we don't accept so we can identify attempts to
> > use TRACE. Here's the piece of code I added to do that:
> >
> > if {! [regexp -nocase {get|post|head} $http_method]} {
> >ns_log warning "BAD HTTP METHOD: $http_method from $peer_addr: HTTP
> > REQ=$request"
> >ns_return 403 text/html [ns_adp_parse -file
> > /emis/pages/errors/errorframe.adp 403]
> >return filter_return
> > } else {
> >ns_log notice "$http_method request for $request from $peer_addr"
> > }
>
> This is a good idea.
>
> You may wish to change this to return a TRACE specific error message
> that mentions this exploit. That way the user will be alerted to
> dubious activity on his machine.
>
> Jerry
Re: [AOLSERVER] adp parsers and aolserver 4.0
Also, for large handling large blocks of html from tcl you might try
set myvar "Some Value"
ns_write [subst {
This is a page that has $myvar in it
- Original Message -
> From: Jim Davidson
> To: [EMAIL PROTECTED]
> Sent: Monday, January 20, 2003 11:10 AM
> Subject: Re: [AOLSERVER] adp parsers and aolserver 4.0
> differently than the normal ADP parser in that it supported the
> following coding style:
> ... more html ...
> <%
> }
>
> ...
>
> %>
>
> Does AOLServer 4's ADP parser allow you to break in and out of ADP code
> blocks within control structures like this?
> No, it doesn't. Each "chunk" of ADP must be a valid Tcl script as
> they're all executed independently. A parser which could handle the above
> would basically convert the whole page into a single script. Downside with
> that solution is an error anywhere in the page would generally result in no
> output which is why it's not done that way. Perhaps it could be a config
> option, maybe mapped to specfic files when the single-script approach would
> be useful?
>
> -Jim
>
> I would love to have it as an option, since my foray into PHP under
> aolserver I have found that to be a very nice extension.. that way I don't
> have to craft large chunks of html, convert all the quotes to backslash
> quotes and then ns_puts it all out.. so I can then change that HTML with
> dreamweaver instead of having to to the create/convert/ns_puts route over
> and over.. it increases my productivity quite a bit...
>
> also, such an option would make it easier to do an aolserver/tcl extension
> for Dreamweaver than is currently possible..
Re: [AOLSERVER] adp parsers and aolserver 4.0
I like the option as well. I ocassionally have to translate .asp to .adp and that would make it simpler. It also makes if'ing large blocks of adp possible which I find handy. Also, in my case having a partial display is less desirable than a 500 error for many of my pages. On Monday 20 January 2003 12:40 pm, Patrick Spence wrote: > - Original Message - > From: Jim Davidson > To: [EMAIL PROTECTED] > Sent: Monday, January 20, 2003 11:10 AM > Subject: Re: [AOLSERVER] adp parsers and aolserver 4.0 > differently than the normal ADP parser in that it supported the > following coding style: > ... more html ... > <% > } > > ... > > %> > > Does AOLServer 4's ADP parser allow you to break in and out of ADP code > blocks within control structures like this? > No, it doesn't. Each "chunk" of ADP must be a valid Tcl script as > they're all executed independently. A parser which could handle the above > would basically convert the whole page into a single script. Downside with > that solution is an error anywhere in the page would generally result in no > output which is why it's not done that way. Perhaps it could be a config > option, maybe mapped to specfic files when the single-script approach would > be useful? > > -Jim > > I would love to have it as an option, since my foray into PHP under > aolserver I have found that to be a very nice extension.. that way I don't > have to craft large chunks of html, convert all the quotes to backslash > quotes and then ns_puts it all out.. so I can then change that HTML with > dreamweaver instead of having to to the create/convert/ns_puts route over > and over.. it increases my productivity quite a bit... > > also, such an option would make it easier to do an aolserver/tcl extension > for Dreamweaver than is currently possible..
Re: [AOLSERVER] OTish: Data abstraction facilities in Tcl
Right or wrong I normally leave that kind of work up to the database rather
than caching it in memory.
I wonder how it would work to write a sql-based database in memory for cache
handling.
Something like:
ns_db cache $postgres "select * from postgresql" to $ram
ns_db select $ram "select * from ram_cache_table where x=1"
ns_db dml $ram "update ram_cache_table set order='sent'"
ns_db flush_cache $ram $db
or something.
Anyhow, here's the caching scheme I came up with tonight.
It uses parallel lists for columns so that you can use lsearch to locate a
specific row.
# procedure
proc vt_cache_query {db sql args} {
set selection [ns_db select $db $sql]
set varprefix {dbcache}
if {[llength $args] > 0} {
set varprefix [lindex $args 0]
}
uplevel "set ${varprefix}_field_names \[list \]"
set first_run 0
while {[ns_db getrow $db $selection]} {
set col_counter_i 0
set col_limit [ns_set size $selection]
while {$col_counter_i < $col_limit} {
uplevel "lappend ${varprefix}_[ns_set key $selection
$col_counter_i] \{[ns_set value $selection $col_counter_i]\}"
if {$first_run == 0} {
uplevel "lappend \"${varprefix}_field_names\"
\{[ns_set key $selection $col_counter_i]\}"
}
incr col_counter_i
}
incr first_run
}
}
# sample code
set db [ns_db gethandle]
vt_cache_query $db "select * from users" users
set current_row [lsearch $users_user_id 3]
foreach item ${users_field_names} {
ns_write "$item = [lindex [set users_${item}] $current_row ]"
}
ns_write "[lindex $users_first_names $current_row] [lindex $users_last_name
$current_row]"
On Friday 17 January 2003 09:19 pm, Peter M. Jansson wrote:
> I got this...
>
> On Fri, 17 Jan 2003, Dossy wrote:
> > Generally, when I find myself needing things like, say, a list of
> > arrays, in Tcl, they tend to be design smells. It's the "I can write
> > Perl in any language!" syndrome.
>
> and this:
>
> On Fri, 17 Jan 2003, Brett Schwarz wrote:
> > I am just curious, can you give an example of something that is giving
> > you a hard time?
>
> OK. When I'm building a substantial app, there's a lot of data floating
> around. When I'm pulling data out of the database, I often will have
> something where I have a brand that has customers that have orders that
> have line items, and I want to store those. I think managing complexity
> by abstracting the data is good programming practice. When I've done this
> in the 7.x-era Tcl, I've done it by using an array with specially-crafted
> indices, and using wrapper functions so I can do things like "set orders
> [customers orders $customer_id]" and get a list of order IDs. But I find
> my array implementations to be kludgy (more a defect of the class of
> solutions, rather than the particular implementation), so I'm always
> looking for something better. Also, I want to do a lot of the persistence
> work only once, so I want routines that pull records from the database
> based on criteria I specify, and carry them in a cache, and then notice
> when I modify the records so I can then do a "cache commit" to do all the
> updates. And I want to write those routines to be generic, so I don't
> have to rewrite them again for each database table. (I really did this for
> one project, and it mostly worked, but it was fragile.) Recently, I've
> gotten to do some work in WebObjects, which has a lot of this done, but in
> Java, and I still find value in the Tcl/AOLserver approach, so I'm looking
> to apply some of these ideas in Tcl, but the data structures as I knew
> them felt too constraining. I think the 8.4 list implementation is a step
> in the right direction; I don't know if it's really what I'm looking for,
> but I think it will be cleaner (and probably faster, given the
> implementation differences between arrays and lists) than the array
> implementation I've done.
>
> Pete.
Re: [AOLSERVER] Uploading binary file!
My co-worker tells me he did have trouble with file upload in 3.5.0 I didn't look into the problem and he is running 3.4.2 instead now. On Friday 17 January 2003 03:52 pm, Durga wrote: > Problem is: it's NOT transferring correct binary file to server (for > example Word doc's). I don't have problem in displaying TEXT files. I tried > to transfer regular TEXT file (.txt extension), and it work's perfect. > > -Original Message- > From: AOLserver Discussion [mailto:[EMAIL PROTECTED]]On Behalf > Of David Walker > Sent: Friday, January 17, 2003 2:31 PM > To: [EMAIL PROTECTED] > Subject: Re: [AOLSERVER] Uploading binary file! > > > Are you displaying back to the web page using ns_returnfile (should work)? > or > one of ns_write, ns_return (probably won't work since your content is > binary. > may work in 4.0) > > On Friday 17 January 2003 03:22 pm, Durga wrote: > > Hey Dossy/Pete, > > > > Has anyone had issues with uploading binary file using > > multipart/form-data on AOLserver 3.5.0?..I am having troble uploading > > binary files. Please let me know if anyone knows fix for this problem. > > > > Thanks in advance for any inputs! > > > > -Durga
Re: [AOLSERVER] Uploading binary file!
Are you displaying back to the web page using ns_returnfile (should work)? or one of ns_write, ns_return (probably won't work since your content is binary. may work in 4.0) On Friday 17 January 2003 03:22 pm, Durga wrote: > Hey Dossy/Pete, > > Has anyone had issues with uploading binary file using multipart/form-data > on AOLserver 3.5.0?..I am having troble uploading binary files. Please let > me know if anyone knows fix for this problem. > > Thanks in advance for any inputs! > > -Durga > > > > -Original Message- > From: AOLserver Discussion [mailto:[EMAIL PROTECTED]]On Behalf > Of Durga > Sent: Tuesday, January 14, 2003 4:14 PM > To: [EMAIL PROTECTED] > Subject: [AOLSERVER] Uploading file - problem! > > > I am trying to upload the file onto aolserver( v3.5.0, SunOS 5.7 ). I have > successfully uploaded the file to destination directory, but NOT able to > display back onto web page when the same file is Word doc. However, I don't > have problem with regular *.txt file, I am able to view/display back on the > web. > > Here is the code I have: > > set localfile[ns_queryget localfile] > set fileloc [ns_queryget localfile.tmpfile] > . > . > exec /usr/bin/cp [ns_queryget localfile.tmpfile] $dirpath$upname > > > Any ideas? > > -Durga
Re: [AOLSERVER] path to nsd binary from nsd.tcl?
[ns_info nsd] will give you the path to the binary you used to start nsd. Is that enough? On Sunday 05 January 2003 04:51 pm, Andrew Piskorski wrote: > Is there any Tcl command which to tell me the the command used to > start nsd, which I can use WHILE sourcing the nsd.tcl config file? > > For example, if I start nsd with /web/aol3/bin/nsd, [ns_library > shared] will return "/web/aol3/modules/tcl", which would work for > this, EXCEPT that the ns_library command doesn't work at all during > AOLserver startup, while sourcing the nsd.tcl config file. > > So far, the only thing I can think of that would work is to set an > environment variable before running nsd, and then get at that variable > via the Tcl global env array from inside nsd. Which is kind of ugly. > Instead, is there any way to let me access the command line used to > start nsd directly? > > I would like to do that, in order to set other things in nsd.tcl based > on where the nsd binary is. E.g., with "/web/aol3/bin/nsd", I want to > all logs to go into "/web/aol3/log".
Re: [AOLSERVER] ns_socklistencallback
I like the ns_tcp and ns_udp ideas.
I have the idea that since most protocols are about the same that I should be
able to do about anything from aolserver/tcl
Here's my test so you can look it over.
proc handle_socklistencallback {rfd wfd} {
set headers {}
puts $wfd {welcome}
flush $wfd
gets $rfd cmdline
close $rfd
close $wfd
}
ns_socklistencallback * 8443 handle_socklistencallback
"telnet machinename 8443" from 2 different machines.
The first one gets "welcome"
The second one accepts the connection but doesn't get "wecome" until the first
connection ends.
On Wednesday 27 November 2002 05:59 pm, (Via wrote:
> David Walker wrote:
> >I want to support a reasonable number of concurrent connections. I am
> > running a tcl based SMTP filter/server based on the smtpd in tcllib. I
> > am converting it to run within AOLServer.
> >
> >Can ns_socklistencallback push the conn to another thread or will I have
> > to use ns_socklisten, ns_sockaccept, and ns_thread?
>
> I thought that ns_socklistencallback provided a separate thread for each
> connection, maybe that isn't true, but it should still be able to handle
> multiple connections at the same time. Did you do testing that indicated
> otherwise?
> If you really need separate processing threads, I have used two
> threadpools, using Rob Mayoff's dqd_threadpool module. One pool is for
> worker threads, and one (with one thread) serialized access to a single
> fd. You have multiple fds, so you probably don't need the second pool.
> I hope, someday, we will have a module that generalizes the ns_conn
> module: allowing optional url support, but not specific to the http
> protocol. For lack of a better name I'm using ns_tcp and ns_udp. So the
> day someone invents the next great protocol, AOLserver will be the
> programming environment of choice.
>
> --Tom Jackson
Re: [AOLSERVER] ns_socklistencallback
I want to support a reasonable number of concurrent connections. I am running
a tcl based SMTP filter/server based on the smtpd in tcllib. I am converting
it to run within AOLServer.
Can ns_socklistencallback push the conn to another thread or will I have to
use ns_socklisten, ns_sockaccept, and ns_thread?
On Wednesday 27 November 2002 02:47 pm, (Via wrote:
> Yes, but you should be able to code it to push any conns into another
> thread and let the listener go back to listening. Tell us what your reqt is
> and we'll see if we can come up with a way to make it work.
>
> /s.
>
> ---
> Scott S. Goodwin
> e: [EMAIL PROTECTED] | u: http://scottg.net
> aim: scottgnet
>
> ----- Original Message -
> From: "David Walker" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, November 27, 2002 2:15 PM
> Subject: Re: [AOLSERVER] ns_socklistencallback
>
> > Thanks Scott.
> >
> > Guess I expected too much from this command. Apparently it can only
>
> accept
>
> > one connection at a time.
> >
> > On Sunday 24 November 2002 01:50 pm, Scott S. Goodwin wrote:
> > > Here's a piece of test code I've used in the past:
> > >
> > > # This proc is run when a connection occurs
> > >
> > > proc handle_socklistencallback {rfd wfd} {
> > > ns_log notice "A client has connected to the socket"
> > > while {[set line [string trim [gets $rfd]]] != ""} {
> > > lappend headers $line
> > > }
> > > ns_log notice "CLIENT HTTP HEADERS:"
> > > ns_log notice "$headers"
> > >
> > > set content_htm \
> > > "
> > >
> > > non-ssl test
> > >
> > >
> > > Great! We were able to do a listen-callback on a socket,
> > > read the client HTTP header and send back this HTML page. Hit the back
> > > button to return to the test page.
> > > Here ar the HTTP client headers you sent me:
> > > $headers
> > >
> > > "
> > >
> > > set myheader \
> > > "HTTP/1.0 200 Document follows
> > > MIME-Version: 1.0
> > > Content-Type: text/html
> > > Content-Length: [string length $content_htm]"
> > >
> > > puts $wfd \
> > > "$myheader
> > >
> > >
> > > $content_htm"
> > >
> > > flush $wfd
> > > close $rfd
> > > close $wfd
> > > }
> > >
> > > # This starts the listener on an address and port, and tells it
> > > # what proc to run when a connection comes in
> > >
> > > ns_socklistencallback 192.168.0.2 8443 handle_socklistencallback
> > >
> > >
> > > /s.
> > >
> > > ---
> > > Scott S. Goodwin
> > > e: [EMAIL PROTECTED] | u: http://scottg.net
> > > aim: scottgnet
> > >
> > >
> > > - Original Message -
> > > From: "David Walker" <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>
> > > Sent: Sunday, November 24, 2002 10:23 AM
> > > Subject: [AOLSERVER] ns_socklistencallback
> > >
> > > > does anyone have any ns_socklistencallback sample code?
Re: [AOLSERVER] ns_socklistencallback
Thanks Scott.
Guess I expected too much from this command. Apparently it can only accept
one connection at a time.
On Sunday 24 November 2002 01:50 pm, Scott S. Goodwin wrote:
> Here's a piece of test code I've used in the past:
>
> # This proc is run when a connection occurs
>
> proc handle_socklistencallback {rfd wfd} {
> ns_log notice "A client has connected to the socket"
> while {[set line [string trim [gets $rfd]]] != ""} {
> lappend headers $line
> }
> ns_log notice "CLIENT HTTP HEADERS:"
> ns_log notice "$headers"
>
> set content_htm \
> "
>
> non-ssl test
>
>
> Great! We were able to do a listen-callback on a socket,
> read the client HTTP header and send back this HTML page. Hit the back
> button to return to the test page.
> Here ar the HTTP client headers you sent me:
> $headers
>
> "
>
> set myheader \
> "HTTP/1.0 200 Document follows
> MIME-Version: 1.0
> Content-Type: text/html
> Content-Length: [string length $content_htm]"
>
> puts $wfd \
> "$myheader
>
>
> $content_htm"
>
> flush $wfd
> close $rfd
> close $wfd
> }
>
> # This starts the listener on an address and port, and tells it
> # what proc to run when a connection comes in
>
> ns_socklistencallback 192.168.0.2 8443 handle_socklistencallback
>
>
> /s.
>
> ---
> Scott S. Goodwin
> e: [EMAIL PROTECTED] | u: http://scottg.net
> aim: scottgnet
>
>
> - Original Message -
> From: "David Walker" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Sunday, November 24, 2002 10:23 AM
> Subject: [AOLSERVER] ns_socklistencallback
>
> > does anyone have any ns_socklistencallback sample code?
[AOLSERVER] ns_socklistencallback
does anyone have any ns_socklistencallback sample code?
[AOLSERVER] crashes related to insufficient stack space
is there any way to catch crashes related to insufficient stack space and add a relevant entry in the server log to remove the guesswork from troubleshooting these?
Re: [AOLSERVER] ns_sendmail
This should be fixed. While it is convenient to know that your mail came from aolserver I believe having a space in the HELO line is not compliant with the RFC. I've had to change this on my servers that send mail through my client's mail server. On Friday 01 November 2002 11:38 am, You wrote: > Well, I went back to testing and was getting the invalid domain again. > This is the trick that seems to work. I had tried both suggestions I > thought it was the other suggestion of putting the ns_params in, but > this is what finally seem to fix the problem. > > thanks, > > wes > > On Fri, 2002-11-01 at 09:49, Jamie Rasmussen wrote: > > Wes, > >On line of 166 of your sendmail.tcl there is a line with "Helo > > AOLserver [ns_info hostname]". > > Could you try changing this to "Helo [ns_info hostname]" ? > > Thanks,
Re: [AOLSERVER] nsopenssl issue you need to be aware of
If nsopenssl is the only SSL on that box you should be able to use 0.0.0.0 and bind to all addresses. On Friday 25 October 2002 03:52 pm, (Via wrote: > Scott S. Goodwin wrote: > > The nsopenssl module should *not* be loaded more than one time in a > > server. I have received reports of corrupted data being received when > > the receiving SSL server has more than one copy of nsopenssl loaded, > > while using the ns_httpspost command. Other nsopenssl Tcl and C API > > commands are probably affected. > > Could you add a feature to bind to every address parameter? I load > nsopenssl twice to bind to two addresses.
Re: [AOLSERVER] Responding to SourceForge-generated mail
I'm OK with the 2 list format also. The subjects of the tracker messages are not significantly different from the subjects of the list messages. Too much separation and the sourceforge interface will grow stagnant and important information or questions posted there by people not on the list or new to aolserver or whatever will just be ignored. On Tuesday 22 October 2002 04:18 pm, (Via wrote: > On 2002.10.22, David Walker <[EMAIL PROTECTED]> wrote: > > I liked everything the way it was. > > You liked having the SourceForge tracker messages going to > the same mailing list that the rest of the discussion was > going to? > > I personally don't mind it either: my MUA (Mutt) is studly, > and through mutt filtering and procmail filtering kung-fu, I > process about 3000 emails a month (that I read -- I receive > about 7000 a month, 4000 of which I mostly file away and > eventually delete). Without this extraordinary setup, I don't > think I could possibly manage the volume ... > > However, in consideration for other people who are far less > masterful in their mail kungfu, I'm perfectly happy splitting > the SF tracker messages to their own dedicated mailing lists. > I'll route them to the same places they go now, so it's > transparent to me, anyway ... > > However, I'm curious to hear your reasons for liking things > the way they currently are. > > -- Dossy
Re: [AOLSERVER] Responding to SourceForge-generated mail
I liked everything the way it was. On Tuesday 22 October 2002 04:03 pm, (Via wrote: > On 2002.10.22, Nathan Folkman <[EMAIL PROTECTED]> wrote: > > Don't worry, I'm not going to shut down anything. Just trying to better > > understand what changes can be made to help better serve the community. > > I'd be more then happy to set up additional lists. > > My gripe with using the AOL-managed LISTSERV for community-focused > things is the lack of community control of the assets. If we use SF > mailing lists, then the community can help manage those assets. > > This of course raises the question of "then why leave the discussion on > the AOL-managed LISTSERV" ... my only answer is, "because for > discussion, SF mailing lists aren't as nice." > > I'd be interested in moving the discussion list to a Yahoo! Group, as > their features are quite nice -- the web interface is really good, being > able to post files and set up polls, etc. > > > Reading all the posts this morning makes me think that we need some > > better ways for everyone to communicate. Would be pretty easy for us to > > set up some simple polls where everyone could vote on different > > options. Think this might make it easier to come to a consensus. What > > does everyone else think? > > I think an Ousterhoutian poll is sufficient here. Looks like there's > enough "yay" votes (compared to the "nay" votes) to justify moving the > SourceForge tracker mail OFF the general discussion list. The question > is where to move it to, and I definitely vote for a series of SF mailing > lists. > > -- Dossy
Re: [AOLSERVER] Is there a better way of getting the content of a post?
I believe "ns_conn content" will return in AOLServer 4.0 Meanwhile I have a module I've written called vt_conn_content that creates a tcl command that does the same thing. See http://www.vorteon.com/download/ If anyone wishes to rewrite this into a patch to add "ns_conn content" into aolserver 3.x they can feel free to do so. On Sunday 13 October 2002 08:32 am, (Via wrote: > I would like to access the content associated with a POST, and so far, > the only method I can see to do this is something like the following: > > > > set filename [ns_mktemp /tmp/fooXX] > set fh [open $filename w] > ns_writecontent $fh > close $fh > set fh [open $filename r] > set content [read $fh] > close $fh > ns_unlink -nocomplain $filename > > > I would like to be able to do this without having to use a file as an > intermediary. Something like the following: > > set content [ns_conn content] > > Looking in conn.c, I've noticed that ns_conn seems to have had a content > sub-command in the past, but it's no longer implemented. > > Regards, > > Dan
Re: [AOLSERVER] AOLserver 3.5.0 - multipart/form-data
Yes. We had an issue. We did not have time to troubleshoot it as it is a soon to be production machine and we just went with a lower version of aolserver. On Friday 11 October 2002 12:14 pm, (Via wrote: > Has anybody had any issues with AOLserver 3.5.0 and multipart/form-data? > > We are having an issue when we upload binary files. It appears that with > 3.5 we need to actually fconfigure the file handle to binary in the > ns_getform proc. If we don't then the resulting file ends up containing > multipart boundaries at the end of it. This problem doesn't occur using > the same code in 3.4.2. > > Any ideas? > > Jeremy
Re: [AOLSERVER] AOLserver and IP Multicast....
I think you would have to write or locate a multicast/unicast hybrid protocol. All data gets sent out multicast initially and clients can unicast request any data they were unable to receive. Possibly you could send out 2 initial multicast streams and have intelligent clients fill in missing data from one stream with data from the other. The problem with that is that if the entire signal was blocked then you would get unicast requests from all your clients and probably DOS yourself. On Friday 11 October 2002 04:43 am, (Via wrote: > First of all, I know nothing about IP Multicast. (But I am reading > Stevens...) > > I have a system with several hundred machines on it and I need to keep each > system updated with various pieces of information including various > heartbeats, pieces of state information. The machines are all behind our > firewall, but there are so many they do live on different segments of our > net (i.e. there are many routers.) > > I believe there are too many systems to use typical tcp/ip unicast > connections, and it strikes me that this may be a good use if broadcast or > ip multicast. > > My understanding so far of multicast is that it's not a protocol in and of > itself, it's a technique that we can layer a protocol on top of. > > So using my favorite Swiss Army knife, I am thinking of creating an > AOLserver module that can perform http gets or posts using either a > broadcast or ip multicast, and making changes to nssock (or creating a new > module) that enables AOLserver to listen for http requests over broadcast > or ip multicast. > > Am I just an ignorant ass or would this be interesting, useful, and > implementable? (or all of the above?) > > Before going to AOLserver, are there any tools already out there that can > be used to make for an efficient information bus using broadcast or ip > multicast? > > If I do choose to build such a module and create some form of bus on top of > it, what are the pitfalls I should be aware of? > > And since I believe that broadcast and ip multicast are UDP and inherently > unreliable, what are the common techniques used to make for a reliable > multicast? In fact, googling on reliable multicast leads me to a few > commercial products and a CISCO specification of PGM, pragmatic multicast. > Is there a standard reliable multicast protocol that I should look to? > > Thanks! > > Jerry
[AOLSERVER] nsopenssl
If nsopenssl is using openssl version 0.9.6g, is there a command that will display the version in that format?
Re: [AOLSERVER] 2.3 nsssl
You might also consider running an Apache or stunnel proxy. On Thursday 13 June 2002 02:39 pm, Ray Davis wrote: > Would anybody by chance have an old nsssl.so for aolserver 2.x > under Solaris x86? Or the source? > > Yes - it's too much work to move some of the old server code > to a new aolserver. ;/ > > Thanks, > Ray
Re: [AOLSERVER] Xpath in ns_xml
I'm open to either option. If the separate nsxslt module was still dependent upon libxml2 then I'd say we might as well leave them in a single module. If we got to the point of having a configure script (--with-xslt --without-xslt) it should be pretty simple for new people to compile. I did find that if I used straight html in my xslt template it crashed aolserver. I assume this has something to do with a lot of tags being opened and never being closed but I haven't looked into it any further than that. If few enough opened and not closed tags are used it generates a proper error and doesn't crash. On Saturday 01 June 2002 12:48 pm, Scott Goodwin wrote: > I've updated the nsxml module in AOLserver's SF CVS area with Jeremy > Collin's patch; this brings it up-to-date with Yon Derek's nsxml module > and adds XPath support. I've now removed the acs-misc version of nsxml. > > It compiles, and the server can load the module, but I haven't done any > real testing. > > I'd like comments as to whether the XSLT portion that was added by Yon > Derek should be pulled out and put into a new, separate nsxslt module, > or if it should stay inside of nsxml. > > > /s.
Re: [AOLSERVER] AOLServer corrupting Form data
The version of ns_write/ns_return that I wrote as a TclObj command returns binary data without altering it. I don't know if or how this relates as I haven't had any cause to work with any non-US/English stuff. The module is at http://www.vorteon.com/download/ and the patch against aolserver 4 is at http://sourceforge.net/tracker/?atid=303152&group_id=3152&func=browse in case you are interested in looking at it. On Thursday 09 May 2002 05:23 pm, Rob Mayoff wrote: > +-- On May 9, atfrost said: > > Tedious stuff, eh? But I'm not convinced that this isn't a bug. > > Oh, I'm sure it's a bug. I'm just saying that it's probably not > something easily solved, or something that can be solved simply by > implementing published standards. > > > As far as I can tell, the current (5.0+) versions of IE and Netscape > > submit form data using whatever encoding is being used to view the form > > submit page. At least, this has been my emperical experience - I'm not > > too sure what happens when you do something like submit Japanese > > characters from an iso-8859-1 encoded page... > > But then you have to ask whether you can rely on users having those > versions of the browsers. When I worked on this stuff some two years > ago, I suggested just doing everything in UTF-8. But Henry Minsky (in > the ArsDigita Japan office) said browsers that support UTF-8 had only > 50% penetration in Japan at the time, so we couldn't just do that. > Maybe by now the fraction is close enough to one that transmitting and > receiving only in UTF-8 is feasible. > > > Does AOLServer perform any implicit silent conversion on received form > > data? > > Through version 3.3, standard AOLserver doesn't do any "silent > conversion". However, Tcl does, in some circumstances. It depends on > what you do with the data. > > I never looked much at AOLserver 3.4, but I think they might have added > a little bit of I18N support in that version. I'm pretty sure it wasn't > as complete as what I did for ArsDigita, though. You might want to try > switching to that version. > > > It seems that there must be a way to correct the modification > > that's happening to the data, since AOLServer undoes whatever it's > > doing when it ships the data back out to the client. > > The problem is that Tcl may perform uninvertable transformations on > strings that are not in normalized UTF-8 format.
Re: [AOLSERVER] lappend_unique in C ?
Switch to ns_set and just ignore the value side of things.
ns_set update will add a key if it does not exist or replace a key if it does.
Presumably replacing with exactly what was there before is the same as
"append a value to a list, but only if the value isn't already on the list"
Or hack something new out of the ns_set update code.
On Friday 03 May 2002 07:44 pm, Andrew Piskorski wrote:
> I sometimes need to assemble a list of unique values, while preserving
> the order of the list. So when creating the list, I append a value to
> a list, but only if the value isn't already on the list. In Tcl,
> usually I do this with the bb_lappend_uniq procedure below. It uses a
> helper Tcl array to maintain the state info of what values are already
> on the list - presumably this is faster than calling lsearch every
> time.
>
> But does anyone have something to generate the same unique Tcl list,
> but implemented in C? Or something else similar?
>
> Reason I care, is I have lots of key/value pairs, and each key is made
> up several strings concatenated together. For discussion, we'll
> assume each key has the structure "ABCD". And what I need, is a list
> of all the unique SUB-keys "AB". Right now, I do that in Tcl. But
> that extra pass of grubbing through all my keys is dominating my
> execution time - and it's too slow. (There's regexp involved, etc.)
>
> But, I'm generating all those keys and sub-keys myself in my C code,
> so rather than tuning my Tcl, the obvious thing to do is to assemble
> my unique list of subkeys right there in C, and thus avoid having to
> iterate through all my data an extra time in Tcl.
>
> Note I still want to end up with a Tcl list of unique sub-keys, I just
> want the implementation done in C. It would be extra nice if I could
> pass in a Tcl array or NSV name from Tcl to maintain the state of
> what's already on the list, because then I could pre-populate it if I
> wanted to, in order to append to an already existing list, etc. But
> that's frosting really, it'd be ok if the C code always starts with an
> empty list and the state array/nav isn't accessible to anything
> outside my C function.
>
> Well, I've probably rambled on too long about something so simple, but
> before I start implementing my simple solution (using Tcl_AppendResult
> and a TclHashTable to maintain list state, I think), I figured I'd ask
> if anyone else has already done it...
>
> And of course, maybe somebody will point out some entirely different
> and better way to do this, instead. :)
>
>
> ad_proc bb_lappend_uniq {{
>-key_prefix {}
> } list_name item_name luniq_state_arr_name} {
>
>Appends an item to a list only if that item is not already
>on the list. In order to avoid doing an lsearch of the whole list
>for every single lappend, takes a helper state array which is
>must alrady have an array variable defined for each item
>already on the list, if the list is not empty.
>
> } {
>upvar 1 $list_name L
>upvar 1 $item_name item
>upvar 1 $luniq_state_arr_name arr
>
>if { [info exists arr("${key_prefix}${item}")] } {
> # Do nothing, this left_key is already on the list.
>} else {
> lappend L $item
> set arr("${key_prefix}${item}") 1
>}
> }
>
> ad_proc bb_luniq {L} {
>Returns a list with all duplicates removed, and keeping the
>original order.
>
>Code taken from the
>http://mini.net/tcl/526.html";>Tcl'ers Wiki
> } {
>set t {}
>foreach i $L {if {[lsearch -exact $t $i]==-1} {lappend t $i}}
>return $t
> }
Re: [AOLSERVER] Re: nsopenssl + MacOS + IE 5.x
Doesn't eNull refer to Null ciphers and make it possible to make an
unencrypted SSL connection?
On Friday 03 May 2002 12:12 pm, Chad S. Lauritsen wrote:
> Pete:
>
> Thanks a million for the suggestion. That seems to have done the trick!
>
> Chad
>
> Peter M. Jansson wrote:
> |To make Mac IE (and some older Windows IEs) work, you need to turn on
> |session caching and turn off some ciphers. Here's an example config:
> |
> |ns_section "ns/server/${servername}/module/nsopenssl"
> |ns_param ServerPort $httpsport
> |ns_param ServerHostname $hostname
> |ns_param ServerAddress $address
> |ns_param ServerCertFile certfile.pem
> |ns_param ServerKeyFile keyfile.pem
> |ns_param ServerProtocols All
> |ns_param ServerCipherSuite
>
> "ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+E
>
> |XP:+eNULL"
> |ns_param ServerSessionCache true
> |ns_param ServerSessionCacheID1
> |ns_param ServerSessionCacheSize 512
> |ns_param ServerSessionCacheTimeout 300
> |ns_param ServerPeerVerifyfalse
> |ns_param ServerPeerVerifyDepth 3
> |ns_param ServerCADir ca
> |ns_param ServerCAFileca.pem
> |ns_param ServerTrace false
> |ns_param RandomFile /dev/urandom
> |ns_param SeedBytes 1024
> |
> |Pete.
> |
> |On Fri, 3 May 2002, Chad S. Lauritsen wrote:
Re: [AOLSERVER] Looking for help with tiny AOLserver module
If you don't mind altering you cgi scripts (assuming they are scripts and not
compiled programs) you can do this.
ns_register_filter postauth GET /cgi-bin/* remote_user_set
proc remote_user_set {conn args why} {
# put code to pull logged in ACS user here
# set acs_user_name [somehow_get_acs_user_name]
# this puts HTTP_AUTH_USER in your cgi's environment
ns_set put [ns_conn headers] "AUTH_USER" $acs_user_name
return filter_ok
}
which will put a variable called "HTTP_AUTH_USER" into the cgi environment.
Then issue the following command to replace AUTH_USER with HTTP_AUTH_USER in
your wiki script.
>From your wiki directory type
perl -p -i -e 's/AUTH_USER/HTTP_AUTH_USER/g' $(find . -type f)
On Friday 03 May 2002 11:19 am, Carl Coryell-Martin wrote:
> I now working with a small non-profit building media tools for the
> environmental movement on the ACS platform. We just installed a
> wiki-wiki-web that uses http "basic authentication."
>
> Since we authenticate users with filters in the ACS, I would like a
> tiny module that gives me a tcl commend like ns_set_authuser that
> would set the REMOTE_USER environment variable that gets passed to the
> cgi.
>
> This would allow us to identify users in the wiki and not force users
> to log in twice.
>
> I have spent some time poking around in here myself, but I would just
> as soon not have to brush off my C and feet wet in AOLserver if I can
> help it (other fish to fry).
>
> Please email me if you would be willing to consult with us about this.
>
> Thank you,
>
> Carl Coryell-Martin
Re: [AOLSERVER] Reminder: AOLserver weekly chat tomorrow
There's been some changes going on with it. I replied to a message that had TWLSERV.AOL.COM instead of the usual LISTSERV.AOL.COM and got the following message. <[EMAIL PROTECTED]>: Name service error for twlserv.aol.com: Host not found On Friday 03 May 2002 10:14 am, Rob Mayoff wrote: > Has the listserv been down? I don't know why else this would have taken > two days to be sent. > > +-- On May 1, [EMAIL PROTECTED] said: > > The AOLserver weekly chat takes place tomorrow, 2002-05-02, and > > every Thursday. Common topics include AOLserver, Tcl, SQL, ACS, > > and general web-related questions.
Re: [AOLSERVER] Problems with nsd 2.3.3 on RH 7.2
Not sure but normally on my servers the connections come and go quickly enough to not have more than a couple showing connected in netstat. (With the exception of a couple of slow pages) I'm wondering if the 24 connected is related to the 25 MaxBusy. On Wednesday 10 April 2002 02:16 pm, you wrote: > Wait, I take that back. Right now there are 42 nsd processes running but > only 24 showing up as connected in netstat. So what does that mean? > > janine > > On 4/10/02 3:15 PM, "David Walker" <[EMAIL PROTECTED]> wrote: > > Does "netstat -np" still show their tcpip connection as open? > > > > On Wednesday 10 April 2002 01:52 pm, you wrote: > >> Of course, it's not going to be *that* simple... > >> > >> There seem to be two different symptoms here. One is that the server > >> just stops responding, even though it does not have a huge number of > >> thread going and nothing is visibly wrong. That seems to have gone away > >> with Rob's LD_ASSUME_KERNEL idea. > >> > >> The other is that the number of threads rises to the max, which is 100, > >> and then people start queueing up and getting the "site busy" message. > >> This seems to happen "all of a sudden". The site's not *that* busy; > >> there are only 59,307 lines in the access log for today so far, so it > >> seems unlikely to me that all 100 threads are actually in use at once. > >> This one is still happening. > >> > >> So, any other ideas would be welcome! > >> > >> janine > >> > >> On 4/10/02 2:08 PM, "Janine Sisk" <[EMAIL PROTECTED]> wrote: > >>> You know, I really think Rob is on to something here. Not only is the > >>> number of threads not increasing so fast, I just saw it go *down* by > >>> one for the first time. And the site has not hiccuped since I made > >>> this change, though it is still being restarted every 30 minutes so > >>> that's not quite the accomplishment it sounds like. > >>> > >>> I will report back again after I've given this a good trial. > >>> > >>> janine > >>> > >>> On 4/10/02 1:00 PM, "Rob Mayoff" <[EMAIL PROTECTED]> wrote: > >>>> +-- On Apr 10, Lamar Owen said: > >>>>> 7.2's glibc is so much newer than 6.2's that the linkage may be > >>>>> broken. Binaries linked/compiled under 6.2 usually do _not_ work > >>>>> properly on 7.2. Even with the compat libraries installed. The > >>>>> reason seems to be kernel 2.4. > >>>> > >>>> To use some JVMs on 2.4, you have to set LD_ASSUME_KERNEL=2.2.5. > >>>> Maybe setting it will help with AOLserver 2.3.3. > >>> > >>> -- > >>> Janine Sisk > >>> President/CEO > >>> furfly.net, LLC > >>> Mont Vernon, NH > >>> Phone: 603-672-1122
Re: [AOLSERVER] Problems with nsd 2.3.3 on RH 7.2
Does "netstat -np" still show their tcpip connection as open? On Wednesday 10 April 2002 01:52 pm, you wrote: > Of course, it's not going to be *that* simple... > > There seem to be two different symptoms here. One is that the server just > stops responding, even though it does not have a huge number of thread > going and nothing is visibly wrong. That seems to have gone away with > Rob's LD_ASSUME_KERNEL idea. > > The other is that the number of threads rises to the max, which is 100, and > then people start queueing up and getting the "site busy" message. This > seems to happen "all of a sudden". The site's not *that* busy; there are > only 59,307 lines in the access log for today so far, so it seems unlikely > to me that all 100 threads are actually in use at once. This one is still > happening. > > So, any other ideas would be welcome! > > janine > > On 4/10/02 2:08 PM, "Janine Sisk" <[EMAIL PROTECTED]> wrote: > > You know, I really think Rob is on to something here. Not only is the > > number of threads not increasing so fast, I just saw it go *down* by one > > for the first time. And the site has not hiccuped since I made this > > change, though it is still being restarted every 30 minutes so that's not > > quite the accomplishment it sounds like. > > > > I will report back again after I've given this a good trial. > > > > janine > > > > On 4/10/02 1:00 PM, "Rob Mayoff" <[EMAIL PROTECTED]> wrote: > >> +-- On Apr 10, Lamar Owen said: > >>> 7.2's glibc is so much newer than 6.2's that the linkage may be broken. > >>> Binaries linked/compiled under 6.2 usually do _not_ work properly on > >>> 7.2. Even with the compat libraries installed. The reason seems to be > >>> kernel 2.4. > >> > >> To use some JVMs on 2.4, you have to set LD_ASSUME_KERNEL=2.2.5. Maybe > >> setting it will help with AOLserver 2.3.3. > > > > -- > > Janine Sisk > > President/CEO > > furfly.net, LLC > > Mont Vernon, NH > > Phone: 603-672-1122
Re: [AOLSERVER] Digest authorization / WebDAV
I need the DAV protocol for more than just editing filesystem files in the
real web tree.
My version (Dave's Advanced Vaporware or DAV) will have multiple handlers
(the first version will just have the filesystem handler) and the files will
be at
/dav/${handler}${url} i.e. /dav/davfile/users/grax/index.htm or
/dav/davcontentmanagement/articles/whats_a_meadow_for.html
This way the GET command returns editable source and not the modified final
version the web site visitors will see. If I can figure out the "source"
feature of the DAV spec, and if clients actually implement it, then I think
this method might even work practically invisibly.
On Tuesday 09 April 2002 01:42 pm, you wrote:
> +-- On Apr 9, Zoran Vasiljevic said:
> > If I'm not mistaken (correct me if I'm wrong, please),
> > but, if I do not load the ns_perm module then:
> >
> > - I do not get the "allowuser" functionality (or is it "ns_perm
> > allowuser"?) - I lose all other user's hostname (ip/domain) checking
> > - Ns_AuthorizeRequest always grants access if I do not register
> > my own authorization callback function
> >
> > If above holds true, then this can be used as a starting point
> > when developing DAV, indeed.
>
> Yes, it holds true.
>
> Personally, I'd not be inclined to use a single server for both DAV and
> normal web serving. By separating the services into different processes,
> you can run the normal web server as a uid that only has read access to
> the files, and the DAV server as a uid that has write access. Then you
> can restrict the DAV server to only allow SSL connections (and not even
> load nssock), and use different firewall rules for the two servers.
>
> In fact, this is how I set up some sites I host: I use nsd as the web
> server with read-only access to the files, and Apache/mod_dav to allow a
> select few to update the content. I don't even allow direct connections
> to the DAV server over the Internet - I require the remote users to
> connect through an SSH tunnel.
>
> > But, I'm afraid that people would really need both (basic and digest
> > and/or some other scheme in the future) at the same time when it comes
> > to deployment. That's why a hook in the Ns_AuthorizeRequest allowing
> > other schemes would be a good thing. Hopefully this thread will serve
> > as a kick for somebody to consider doing a proper integration work in
> > the core server.
>
> It as already possible to use both at the same time (for different
> URLs), as I described. Just make nsperm allow "" to access any URL that
> is handled by the Digest filter.
>
> I agree that the authorization hooks could be improved. However, it's
> possible to use Digest authorization today, without writing or changing
> any C code. You just have to write a Tcl filter.
Re: [AOLSERVER] Digest authorization / WebDAV
I like this idea as well. Perhaps ns_perm could be slightly rewritten to just be another auth filter when loaded. On Tuesday 09 April 2002 06:18 pm, you wrote: > +-- On Apr 9, Zoran Vasiljevic said: > > So what should I do ? > > It seems to me that you would be best served by a module, in either Tcl > or C, that runs as a preauth or postauth filter and implements Basic and > Digest authentication and IP/hostname checking. I don't see much point > in trying to work with nsperm as is, though its code would perhaps be a > useful starting point. > > I don't see a point in modifying the core to also parse Authentication: > Digest headers. I think Ns_SetRequestAuthorizeProc should be ripped > out and replaced with a new filter type, "auth". Auth filters should > simply be run after preauth filters and before postauth filters. I don't > see any advantage in the current, completely separate mechanism for > authorization.
Re: [AOLSERVER] Digest authorization / WebDAV
Well I think I'll have tcl based webDAV done within a month or two. If someone will take care of Digest authorization we just might have it. On Monday 08 April 2002 11:24 am, you wrote: > Doing our Annual Tour, are we?? > > Ian A. Harding > Programmer/Analyst II > Tacoma-Pierce County Health Department > (253) 798-3549 > mailto: [EMAIL PROTECTED] > > >>> [EMAIL PROTECTED] 04/07/02 12:19PM >>>
Re: [AOLSERVER] ns_conn contentlength, URL length?
The thing is that if the length is equal to maxline than it was truncated. 99.997% chance that is true. You don't have to worry about people who just happened to get a url of that length. It won't happen. If you are afraid it will happen then increase $maxline by one. On Friday 05 April 2002 06:23 pm, you wrote: > On Fri, Apr 05, 2002 at 06:29:49PM -0600, David Walker wrote: > > Return an error if the length is equal to $maxline > > There is only the tiniest possibility that a url will come to exactly > > that length and even then it is pretty long. > > Ah, I meant, return and error to the user if the URL he gave AOLserver > is LONGER than $maxline. Which is quite possible if, say, you have a > some other script is hitting your Tcl page with a big huge list of URL > parameters. > > Are you saying that there is no way to get the original length of the > GET request, that it is truncated to $maxline before that length ever > gets checked? Is there any flag anywhere to say, "FYI, the GET > request was truncated"? > > > On Friday 05 April 2002 06:00 pm, you wrote: > > > On Fri, Apr 05, 2002 at 05:42:33PM -0600, Rusty Brooks wrote: > > > > I believe it's the content length of the posted content. I'm > > > > assuming that you've already tried [ns_conn request] and that's > > > > truncated? > > > > > > Hm, so ns_conn contentlength is only for POSTs? Right, I tried it and > > > [ns_conn request] is truncated if the GET request is longer than > > > $maxline.
Re: [AOLSERVER] ns_conn contentlength, URL length?
Return an error if the length is equal to $maxline There is only the tiniest possibility that a url will come to exactly that length and even then it is pretty long. On Friday 05 April 2002 06:00 pm, you wrote: > On Fri, Apr 05, 2002 at 05:42:33PM -0600, Rusty Brooks wrote: > > I believe it's the content length of the posted content. I'm assuming > > that you've already tried [ns_conn request] and that's truncated? > > Hm, so ns_conn contentlength is only for POSTs? Right, I tried it and > [ns_conn request] is truncated if the GET request is longer than > $maxline.
Re: [AOLSERVER] Digest authorization / WebDAV
No worries. I spent longer than 3 hours on mine and it doesn't even work. It's a little prettier though. Not much. If I get mine working I'll share. On Wednesday 03 April 2002 03:30 pm, you wrote: > On 2002.04.03, David Walker <[EMAIL PROTECTED]> wrote: > > Can I see it? > > It's embarassing, but sure. :-) > > Please, do NOT laugh too hard when reading the code. It > was whipped together in the span of 3 hours, using tcpdump > to sniff existing WebDAV tools (because I was too lazy to > read the spec. and implement from there). > > http://panoptic.com/webdav-20010103.tcl > > (Yes, I was bored after New Years 2001 ...) > > -- Dossy > > > On Wednesday 03 April 2002 01:14 pm, you wrote: > > > To throw more fuel on the fire, I've got a Tcl-based implementation > > > of WebDAV that's incomplete (but semi-usable), and I'm only using > > > nsperm for authentication. > > > > > > -- Dossy
Re: [AOLSERVER] Digest authorization / WebDAV
Can I see it? On Wednesday 03 April 2002 01:14 pm, you wrote: > To throw more fuel on the fire, I've got a Tcl-based implementation > of WebDAV that's incomplete (but semi-usable), and I'm only using > nsperm for authentication. > > -- Dossy > > On 2002.04.03, David Walker <[EMAIL PROTECTED]> wrote: > > I started working on a tcl implementation of WebDAV. I haven't looked at > > security at all. > > > > I was thinking that SSL with Basic could be adequate security but that > > solution will not work for everyone. > > > > On Wednesday 03 April 2002 11:08 am, you wrote: > > > Zoran, > > > > > > I just starting thinking about webDAV support in AOLserver, but hadn't > > > gotten to thinking about all the requirements. So, I don't know about > > > digest authorization. > > > > > > Feel free to email me to dicuss this. > > > > > > Dave > > > > > > On Wed, Apr 03, 2002 at 11:25:55AM -0500, Zoran Vasiljevic wrote: > > > > I'm thinking about implementing WebDAV support for AOLserver. > > > > Anybody already doing some work on that ? > > > > > > > > I'll have to start with Digest authorization support since > > > > it's a must for DAV. The authorization support in 3.4 > > > > is designed to cover the Basic method only. Other methods > > > > can't easily be plugged into. > > > > Is this going to change with 4+ version(s) ? > > > > > > > > Many thanks. > > > > Zoran Vasiljevic
Re: [AOLSERVER] Digest authorization / WebDAV
I started working on a tcl implementation of WebDAV. I haven't looked at security at all. I was thinking that SSL with Basic could be adequate security but that solution will not work for everyone. On Wednesday 03 April 2002 11:08 am, you wrote: > Zoran, > > I just starting thinking about webDAV support in AOLserver, but hadn't > gotten to thinking about all the requirements. So, I don't know about > digest authorization. > > Feel free to email me to dicuss this. > > Dave > > On Wed, Apr 03, 2002 at 11:25:55AM -0500, Zoran Vasiljevic wrote: > > I'm thinking about implementing WebDAV support for AOLserver. > > Anybody already doing some work on that ? > > > > I'll have to start with Digest authorization support since > > it's a must for DAV. The authorization support in 3.4 > > is designed to cover the Basic method only. Other methods > > can't easily be plugged into. > > Is this going to change with 4+ version(s) ? > > > > Many thanks. > > Zoran Vasiljevic
Re: [AOLSERVER] somebody has defaced the AOLserver wiki front page...
http://www.google.com/search?q=cache:OsYyyvjkHDoC:panoptic.com/wiki/aolserver+&hl=en On Thursday 07 March 2002 10:48 am, you wrote: > somebody has defaced the AOLserver wiki front page... > Does anyone have a copy of the contents so that it can be > restored?
[AOLSERVER] Fwd: Re: [AOLSERVER] closed mailing lists, old can of worms?
Well that was interesting. My post below and one by Scott Goodwin is in the listserv.aol.com archive but I never received them and they don't show up on mail-archive.com I'm curious about whether they disappeared somewhere or got stuck in a really long queue or something. -- Forwarded Message -- From: David Walker <[EMAIL PROTECTED]> Organization: Vorteon, LLC To: AOLserver Discussion <[EMAIL PROTECTED]> Subject: Re: [AOLSERVER] closed mailing lists, old can of worms? Date: Mon, 4 Mar 2002 17:23:27 -0600 http://www.mail-archive.com/aolserver@listserv.aol.com/ On Monday 04 March 2002 03:03 pm, you wrote: > Hello everybody, > > Please excuse me if this particular horse has been beaten before. > > I was wondering if it might not be productive to have the mailing lists > be publicly readable / searchable without requiring a user to register > and activate a username? > > I think that people might find the software a little more friendly and > accessible if it were made a little easier to access information > pertaining to it. > > Perhaps we could have a fast, HTTP accessible mirror of the mailing > list that didn't require all of L-SERV's overhead (including the > username registration bit)? > > Just a thought! > thomas > > > __ > Do You Yahoo!? > Yahoo! Sports - sign up for Fantasy Baseball > http://sports.yahoo.com ---
Re: [AOLSERVER] ImageMagick
OpenACS (http://openacs.org ) accesses ImageMagick using the exec command. On Thursday 31 January 2002 09:42 am, you wrote: > > Any other method of easily implementing this task > > will be greatly appreciated. > > This works for me. > > djpeg camera.jpg|pnmscale -xysize 100 75|cjpeg>thumbnail.jpg > > Daniel P. Stasinski > Software Engineer > Mayor Pharmaceutical Laboratories > [EMAIL PROTECTED]
Re: [AOLSERVER] Bugs in ns_dbquotevalue
I've also noticed this problem. It can be exploited to execute functions in
your database in certain circumstances where you're quoting submitted data.
I think this function may need different behavior for Oracle or Postgres.
On Monday 28 January 2002 11:46 am, you wrote:
> Hello.
>
> Here is what caused problems for me with both mySQL and PostgreSQL:
>
> ns_dblist $h "SELECT lower([ns_dbquotevalue {ABC'DEF\'}])"
>
> Basically it quoted the string into 'ABC''DEF\'', which is not correct.
>
> Also, it does not work correctly for UTF-escapable characters.
>
> proc ns_dbquotevalue {val} {
> set val [string map [list "'" "''" "\\" ""] $val]
> return "'$val'"
> }
>
> Here's the code I used - it does not handle datatypes, but I never used
> them anyway :)
>
> Any comments on this one?
Re: [AOLSERVER] Segmentation fault
My test machine crashes on level 34 in my test.
The code below prevents the crash. No error is shown because of the catch
statement.
proc x {} {
if {[info level] > 30} {
error "recursion level > 30 in [info level [info level]]"
}
ns_write [info level]
catch {
x
}
}
On Wednesday 16 January 2002 10:11 am, you wrote:
> Don't do that! You have an infinite recursion here. You need to include
> some condition in the code which will stop the recursive calls to "x" at
> some point (preferably before 50 levels of recursion).
>
> On 1/16/02 12:08 PM, "Chiriac Petrica Clement" <[EMAIL PROTECTED]> wrote:
> > This code produce "Segmentation fault"
> >
> > proc x {} {
> > puts [info level]
> > catch {
> > x
> > }
> > }
Re: [AOLSERVER] script timeout
Is there a way to determine what the thread is doing? I'm trying to troubleshoot some long running scripts here. On Thursday 10 January 2002 03:15 pm, you wrote: > The problem is that even if you close the conn, the Tcl interp will go > on doing whatever it is doing... > > Can a thread be forcibly removed by pthread? :) If so, some thread could > do that via filters - a queue of what to remove from the system. The > problem would be the Tcl interp associated with a thread. > > I suppose it's nearly impossible to do on a thread-based platform. > > David Walker wrote: > > What about using Ns_ConnClose in a scheduled proc that runs every x > > minutes (or x/2 minutes) and closes conns that have exceeded their time > > limit? > > > > On Thursday 10 January 2002 12:51 pm, you wrote: > >>On Thursday, January 10, 2002, at 12:04 PM, Jim Wilcoxson wrote: > >>>It would be really cool if there were a way to set a CPU and/or real > >>>time limit for scripts from inside the script, and invoke a proc > >>>with args or something, like a signal handler. > >> > >>For hosting, I really wanted to be able to use the rlimit facilities to > >>limit CPU use, but the problem is that rlimit sets per-process limits, > >> and AOLserver is thread-based. What I usually want is to limit the CPU > >> time allowed per-response, but there's no OS-enforceable way to do this > >> without involving all the threads. Back when virtual hosting was part > >> of AOLserver, that would have been unacceptable. > >> > >>If using rlimit is acceptable for you, the "limit" command in some shells > >>can set a per-process CPU time limit, or you can write a wrapper for > >>AOLserver that calls rlimit before exec-ing AOLserver. > >> > >>In fact, rlimit will deliver a signal to the process when you exceed the > >>soft CPU limit, but it seems to me that you can only contract your CPU > >>limit, you can't expand it, so you couldn't set a recurring limit for > >>requests. > >> > >>Next operating system I write will have per-thread resource controls!
Re: [AOLSERVER] script timeout
What about using Ns_ConnClose in a scheduled proc that runs every x minutes (or x/2 minutes) and closes conns that have exceeded their time limit? On Thursday 10 January 2002 12:51 pm, you wrote: > On Thursday, January 10, 2002, at 12:04 PM, Jim Wilcoxson wrote: > > It would be really cool if there were a way to set a CPU and/or real > > time limit for scripts from inside the script, and invoke a proc > > with args or something, like a signal handler. > > For hosting, I really wanted to be able to use the rlimit facilities to > limit CPU use, but the problem is that rlimit sets per-process limits, and > AOLserver is thread-based. What I usually want is to limit the CPU time > allowed per-response, but there's no OS-enforceable way to do this without > involving all the threads. Back when virtual hosting was part of > AOLserver, that would have been unacceptable. > > If using rlimit is acceptable for you, the "limit" command in some shells > can set a per-process CPU time limit, or you can write a wrapper for > AOLserver that calls rlimit before exec-ing AOLserver. > > In fact, rlimit will deliver a signal to the process when you exceed the > soft CPU limit, but it seems to me that you can only contract your CPU > limit, you can't expand it, so you couldn't set a recurring limit for > requests. > > Next operating system I write will have per-thread resource controls!
[AOLSERVER] script timeout
What controls are there to limit the time a page may take to return? What controls are there to kill a page that is running?
Re: [AOLSERVER] And if you thought nsvhr was an inefficient virtual hosting mechanism...
as a chroot alternative it should very good. I'm not aware of any way to access the parent machine from the virtual machine. as a virtual server it might perform well if you give each vmware machine a dedicated partition and load up on memory (if you assign 128mb or whatever to a virtual machine it will always have that memory in use) it certainly is inefficient but it does provide a great way of segmenting services while still using a single piece of hardware. and you could run different OSs if you so desire. and with hardware getting cheaper and faster this idea becomes more and more viable. On Monday 07 January 2002 11:57 am, you wrote: > VMware is a wonderful product. I am also amazed that these days a company > with such a technically hard product, not hardware, to make or support > could get funded. > > That said, I was surprised by their newsletter suggestion this morning: > >TECH TIP OF THE MONTH: > >HOSTING SERVICES ON VIRTUAL MACHINES BEHIND VMWARE NAT > >Our users and staff often discover hints and shortcuts that can > >help you get the most from VMware products. This month, our tech > >tip explains how to configure VMware NAT so that your virtual > >machines can provide network services (such as Web and FTP) on > >your public network. NAT enables guest operating systems to share > >the host operating system IP address(es). ... > >Read more about hosting services on > >virtual machines behind VMware NAT at: > >http://vmware1.m0.net/m/s.asp?HB5170575598X1186076X89440X > > This is not the solution I would choose if I was concerned about > performance. I do wonder how well it might work as a chroot alternative. > > Jerry > > Jerry Asher [EMAIL PROTECTED] > 1678 Shattuck Avenue Suite 161 Tel: (510) 549-2980 > Berkeley, CA 94709 Fax: (877) 311-8688
Re: [AOLSERVER] Critical filter failed
hmm. Under Linux I issued a ns_write command from a procedure called by ns_atclose and the output was appended to the previous ns_write output and displayed in my browser. The docs don't actually specify whether it should take place before or after the connection close. On Monday 07 January 2002 11:34 am, you wrote: > On 2002.01.07, David Walker <[EMAIL PROTECTED]> wrote: > > Perhaps ns_atclose might fulfill some of your needs. > > Build a preauth filter with a "ns_atclose myproc" statement in it and > > myproc will be executed after everything else just before connection > > close. > > Registering a script with ns_atclose won't work. ns_atclose's > timing is similar to a trace filter - after the connection is > closed. ns_atclose doesn't require a connection, though -- > it seems like it gets called when the thread it's registered > in gets cleaned up or something. > > I'm not 100% sure, but I did experiment with this. The timing > was too late. > > -- Dossy
Re: [AOLSERVER] Critical filter failed
Perhaps ns_atclose might fulfill some of your needs. Build a preauth filter with a "ns_atclose myproc" statement in it and myproc will be executed after everything else just before connection close. On Monday 07 January 2002 11:14 am, you wrote: > On 2002.01.07, Jim Wilcoxson <[EMAIL PROTECTED]> wrote: > > Maybe there needs to be a flag in ns_write and friends to indicate > > that something has been written to the connection. If not, send > > out a 500 before closing the connection. > > Strangely, while I was implementing some stuff dealing with > filters, I was really wishing for another kind of filter. > > Currently, there's a preauth, postauth, and trace filters. > I was hoping for a preclose filter, something that gets > executed after postauth, but before the trace filter -- > basically, something that got executed after all of the > preauth and postauth filters executed, and the HTML page > (or ADP page, or whatever) got parsed and served, but > before the connection was closed (and before the trace > filters get executed). > > This way, if after all the preauth and postauth filters > and the HTML/ADP pages get served, you'd have the chance > to append some stuff to the output stream before the > connection gets closed. Perhaps this could ALSO be > used to send an error if nothing had been written to > the connection up to that point, as well. > > I'm not sure how useful, or how difficult, this would > be to implement, so I haven't bothered looking into it > yet ... > > -- Dossy
Re: [AOLSERVER] Critical filter failed
What would be even better is to just write the code right in the first place so that no error ever happens. (I tried that. I came close.) Yes. I am arguing that the server should always return a 500 if it reaches the end of a connection with no other results. I don't know the technical feasibility of this but it does not seem like correct behavior to return nothing to the user. I'm confused by the "O/ACS is replacing the http protocol with the filter" reference. The O/ACS is just using the documented ns_register_filter command for it's intended purpose. On Sunday 06 January 2002 10:52 pm, you wrote: > David Walker wrote: > > When the error below appears wouldn't the proper response be a 500 server > > error? The 3.4 way of handling this is to return nothing. > > > > Error: tclop: invalid return code from filter proc 'Critical filter > > sec_read_security_info failed.': must be filter_ok, filter_return, or > > filter_break > > This is an uncaught error in a filter. Since the O/ACS is replacing the > http protocol with the filter, you could argue that it should return > 500. What would be better would be for the application to log an error > that would let the developer determine if it was a bug or some other > error. For instance url hacking could also give this error, or many > other database errors as well. > > --Tom Jackson
[AOLSERVER] Critical filter failed
When the error below appears wouldn't the proper response be a 500 server error? The 3.4 way of handling this is to return nothing. Error: tclop: invalid return code from filter proc 'Critical filter sec_read_security_info failed.': must be filter_ok, filter_return, or filter_break
Re: [AOLSERVER] Possible Dot Bug
Are you saying that if you add a "." to the end of the url that it returns a file it shouldn't? I haven't checked it out but if it is a problem you can create a filter that matches "*." and returns a not found message. On Saturday 05 January 2002 02:38 pm, you wrote: > I found possible bug, just get url http://host/nstelemetry.adp. > then download password protected file. > > I have test Windows version AOLServer 3.4.2 > > Tamer Sahin > http://www.securityoffice.net > PGP Key ID: 0x2B5EDCB0 Fingerprint: > B96A 5DFC E0D9 D615 8D28 7A1B BB8B A453 2B5E DCB0
Re: [AOLSERVER] We've made a code change, would like opinions as to is this a good or bad idea...
> What I would be concerned with is the fact that Greg's solution
> hardcodes the protocol in ("http://";) which would break if the
> server was running HTTPS, but then you wouldn't be doing
> software virtual-hosting anyway, so maybe it's a moot point.
There is a possibility of a server running https using a different host name
than the specified server name. In that case wouldn't a request for
https://productA.bna.com/ redirect to
https://xyz.bna.com// (different domain name) under the current scheme and
http://productA.bna.com// (not ssl) with Greg's solution? Neither of
which are desirable outcomes.
(My tcl version of this is running on a secure server that uses 5 domain
names for http and 1 domain name for https.)
Granted, since only one secure server domain name is possible per instance
(for now anyhow) one could just set the server name to that name.
I don't see the host header being any greater a security risk than the
requested url. (With multiple dns names attached to a single IP it
practically is part of the requested url). If you treat it with the same
kind of caution it should be usable for this purpose.
On Friday 07 December 2001 06:59 pm, you wrote:
> On 2001.12.07, Peter M. Jansson <[EMAIL PROTECTED]> wrote:
> > The only concern I have is a security concern
>
> I looked at security as a possibility as well and since his solution
> uses DStrings (which are growable, right?) then you don't have to
> necessarily worry about buffer overflow.
>
> However, resource starvation/denial of service is a serious
> potential problem. Fire up a couple hundred connections where
> you feed a very large Host: string ...
>
> What I would be concerned with is the fact that Greg's solution
> hardcodes the protocol in ("http://";) which would break if the
> server was running HTTPS, but then you wouldn't be doing
> software virtual-hosting anyway, so maybe it's a moot point.
>
> -- Dossy
Re: [AOLSERVER] We've made a code change, would like opinions as to is this a good or bad idea...
I don't know the code well enough to comment on that aspect of it but on the
idea of using the user-supplied host name in redirect I like the idea. I use
a piece of tcl code that does the same thing and it's worked great for me.
On Friday 07 December 2001 02:42 pm, you wrote:
> At BNA we have a problem with use of AOLserver in terms of
> how it handles the Location parameter value. The Location
> is a fixed value that is a "global constant" for the
> AOLserver process.
>
> In our virtual hosting environment on our production
> machines this a problem. The problem is as follows:
>
> The machine host name is >>> xyz.bna.com
> One of many virtual host names is >>> productA.bna.com
> User requests >>> http://productA.bna.com/
> (notice that there is no / at the end of the user request)
>
> According to spec AOLserver should redirect to the complete
> url.
> Wanted behavior is a redirect to >>>
> http://productA.bna.com//
>
> actual behavior is a redirect to >>>
> http://xyz.bna.com//
>
> Our location is the machine name because we can only set
> one. But one location is not sufficient for our needs. I
> am aware of the many different Virtual Hosting solutions
> that are proposed for AOLserver. But we found a way to fix
> our problem without actually needing to use any of the
> currently specified Virtual Hosting approaches. I would
> like to get your opinion on our approach to solving our
> problem.
>
> In nsd/return.c we have modified the function
> Ns_ConnReturnRedirect. Please note the additional block of
> code marked with a "ZZZ BNA" comment. What this does is
> return the user specified host name in preference to the
> Location value. This solves our particular problem. It is
> not a Virtual Hosting solution per se, but it does solve our
> problem.
>
> My question is: Do any of you who know the code better than
> we do think this is a dangerous thing to do? If so where
> should I look in the code to see the danger? Our testing
> has shown no problems with this change, at least not so far!
>
> Here is the modified source code:
>
> Ns_ConnReturnRedirect(Ns_Conn *conn, char *url)
> {
> Ns_DString ds, msg;
> intresult;
> char* host;
>
> Ns_DStringInit(&ds);
> Ns_DStringInit(&msg);
> if (url != NULL) {
> if (*url == '/') {
>
> /* ZZZ BNA - we look for a host entry before
> defaulting
>to the location value.
> */
> host = Ns_SetGet(conn->headers, "Host");
> if (host) {
> Ns_DStringAppend(&ds, "http://";);
> Ns_DStringAppend(&ds, host);
> } else {
> Ns_DStringAppend(&ds,
> Ns_ConnLocation(conn));
> }
> }
> Ns_DStringAppend(&ds, url);
> Ns_HeadersPut(conn, "Location", ds.string);
> Ns_DStringVarAppend(&msg, ""\">The requested URL has moved
> here.", NULL);
> result = Ns_ReturnNotice(conn, 302, "Redirection",
> msg.string);
> } else {
> result = Ns_ReturnNotice(conn, 204, "No Content",
> msg.string);
> }
> Ns_DStringFree(&msg);
> Ns_DStringFree(&ds);
> return result;
> }
>
> Thanks for the help!
>
> /pgw
> Greg Wolff
> [EMAIL PROTECTED]
[AOLSERVER] ns_returnbinary
I wrote a module that creates the commands for ns_returnbinary and ns_writebinary for returning binary data to the user. It is called nsbinarysupport and is available for download at http://www.vorteon.com/download/. I'd like to see it included in AOLServer itself (rather than as a module) but before I created a patch I wanted to find out if there is a plan for how to create 2 versions of some commands, TclObjCmds for Tcl 8.x and TclCmds for Tcl 7.x. (There's nothing special about these commands. They are simply ns_write and ns_return translated to use TclObjCmds). I understand AOLServer 4 will have better support for TclObjCmds and remove Tcl 7.x. I assume then that returning binary to the user will be much easier then (a simple ns_write or ns_return). (Tip: Don't use listserv.aol.com in your email address. The server makes all your messages disappear. I've been a member of the list for about a month but only figured this out today so all my previous posts have failed.)
