DO NOT REPLY [Bug 11782] New: - httpd doesn't link

2002-08-16 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11782

httpd doesn't link

   Summary: httpd doesn't link
   Product: APR
   Version: HEAD
  Platform: HP
OS/Version: HP-UX
Status: NEW
  Severity: Blocker
  Priority: Other
 Component: APR
AssignedTo: bugs@httpd.apache.org
ReportedBy: [EMAIL PROTECTED]


Error:

libtool: link: warning: this platform does not like uninstalled shared libraries
libtool: link: `httpd' will be relinked during installation
gcc -g -O2 -D_XOPEN_SOURCE_EXTENDED -D_REENTRANT -
DAP_HAVE_DESIGNATED_INITIALIZER -D_HPUX_SOURCE -I/database/src/httpd-
2.0.40/srclib/apr/include -I/database/src/httpd-2.0.40/srclib/apr-util/include -
I/usr/local/include -I. -I/database/src/httpd-2.0.40/os/unix -
I/database/src/httpd-2.0.40/server/mpm/prefork -I/database/src/httpd-
2.0.40/modules/http -I/database/src/httpd-2.0.40/modules/filters -
I/database/src/httpd-2.0.40/modules/proxy -I/database/src/httpd-2.0.40/include -
I/database/src/httpd-2.0.40/modules/dav/main -o .libs/httpd modules.o -Wl,-E  -
L/usr/local/lib modules/aaa/.libs/mod_access.al modules/aaa/.libs/mod_auth.al 
modules/filters/.libs/mod_include.al modules/loggers/.libs/mod_log_config.al 
modules/metadata/.libs/mod_env.al modules/metadata/.libs/mod_setenvif.al 
modules/http/.libs/mod_http.al modules/http/.libs/mod_mime.al 
modules/generators/.libs/mod_status.al 
modules/generators/.libs/mod_autoindex.al modules/generators/.libs/mod_asis.al 
modules/generators/.libs/mod_cgi.al modules/mappers/.libs/mod_negotiation.al 
modules/mappers/.libs/mod_dir.al modules/mappers/.libs/mod_imap.al 
modules/mappers/.libs/mod_actions.al modules/mappers/.libs/mod_userdir.al 
modules/mappers/.libs/mod_alias.al modules/mappers/.libs/mod_so.al 
server/mpm/prefork/.libs/libprefork.al server/.libs/libmain.al 
os/unix/.libs/libos.al /database/src/httpd-
2.0.40/srclib/pcre/.libs/libpcre.al /database/src/httpd-2.0.40/srclib/apr-
util/.libs/libaprutil.sl /usr/local/lib/libexpat.a /database/src/httpd-
2.0.40/srclib/apr/.libs/libapr.sl -lm -ldld  -Wl,+b -Wl,/database/src/httpd-
2.0.40/srclib/apr-util/.libs:/database/src/httpd-
2.0.40/srclib/apr/.libs:/usr/local/hiplink/apache/lib:/usr/local/lib
/usr/ccs/bin/ld: Unsatisfied symbols:
   apr_threadkey_private_delete (code)
collect2: ld returned 1 exit status

##

apache was configured with: ./configure --prefix=/usr/local/hiplink/apache

##

uname -a:
HP-UX semm1020 B.10.20 A 9000/816 903388281 two-user license

###

when configure runs, it reports :

apr_threadkey_private_delete :  no



gcc --version :
2.95.3

#

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 11780] New: - maxclients directive documentation is incorrect WRT worker MPM

2002-08-16 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11780

maxclients directive documentation is incorrect WRT worker MPM

   Summary: maxclients directive documentation is incorrect WRT
worker MPM
   Product: Apache httpd-2.0
   Version: 2.0.40
  Platform: All
   URL: http://httpd.apache.org/docs-
2.0/mod/mpm_common.html#maxclients
OS/Version: Other
Status: NEW
  Severity: Normal
  Priority: Other
 Component: Documentation
AssignedTo: bugs@httpd.apache.org
ReportedBy: [EMAIL PROTECTED]


>From the docs:

"The MaxClients directive sets the limit on the number of child processes that
will be created to serve requests." and "When the server is compiled with
threading, then the maximum number of simultaneous requests that can be served
is obtained from the value of this directive multiplied by ThreadsPerChild."

When using the worker MPM on Linux (and presumably anywhere else) the worker MPM
uses MaxClients as a limit for number of threads it will create, not processes.
If MaxClients is set lower than ThreadsPerChild, the MPM reports the following
error:

 WARNING: MaxClients (8) must be at least as large
 large as ThreadsPerChild (50). Automatically
 increasing MaxClients to 50.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 11778] - 2.0.39 to 2.0.40 upgrade fails to load PHP module

2002-08-16 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11778

2.0.39 to 2.0.40 upgrade fails to load PHP module





--- Additional Comments From [EMAIL PROTECTED]  2002-08-16 21:02 ---
I bet this is an PHP issue. You might look in the PHP bug database and report 
the bug there if 
applicable. (btw, same problem on Windows 2000 Pro too)

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 11778] New: - 2.0.39 to 2.0.40 upgrade fails to load PHP module

2002-08-16 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11778

2.0.39 to 2.0.40 upgrade fails to load PHP module

   Summary: 2.0.39 to 2.0.40 upgrade fails to load PHP module
   Product: Apache httpd-2.0
   Version: 2.0.40
  Platform: PC
OS/Version: Windows XP
Status: NEW
  Severity: Normal
  Priority: Other
 Component: Core
AssignedTo: bugs@httpd.apache.org
ReportedBy: [EMAIL PROTECTED]


I just upgraded from Apache/2.0.39 (Win32) PHP/4.2.2  to Apache/2.0.40 (Win32)
so that I could get a htpasswd that works, but now running a test on the config 
file fails on the line:

LoadModule php4_module c:/php/php4apache2.dll

with a complaint about "procedure not found".

I thought it was a path resolution issue, but it isn't.  I now suspect there 
are changed parameter/entry point requirements for external modules in 2.0.40 - 
I'm using the standard binary distributions under Windows XP and don't have a 
compiler so can't delve deeper.

Reverting to 2.0.39 resolves the issue.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 11764] - fatal error C1083: Cannot open include file: 'apr.h': No such file or directory

2002-08-16 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11764

fatal error C1083: Cannot open include file: 'apr.h': No such file or directory

[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution||INVALID



--- Additional Comments From [EMAIL PROTECTED]  2002-08-16 15:22 ---

  Read http://httpd.apache.org/docs-2.0/platform/win_compiling.html

  Apache moves some files about in the top level build steps.  You
  must follow the documented build procedures, and have an available
  awk.exe in your path (also documented above.)

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 11759] - Mention "Options Index" in mod_autoindex doc

2002-08-16 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11759

Mention "Options Index" in mod_autoindex doc





--- Additional Comments From [EMAIL PROTECTED]  2002-08-16 15:14 ---
It's often fine to put private files in a web tree for use by people who know
the unpublished URL's.  Of course that's not as secure as using HTTP Basic
authentication to protect the files, but it's more convenient.  HTTP Basic Auth
is in turn less secure than Basic Auth over SSL, which is in turn less secure
than SSL with client certificates, which is in turn less secure than client
certificates whose secret keys are embedded in tamper resistant hardware tokens.
 There's a continuum of security/convenience levels that the site operator can
legitimately choose among depending on his/her specific requirements. 
Unprotected files with unadvertised URL's is a perfectly legitimate point in
that continuum, and is one of the easiest to use.  

Anyway, empirically in the real world, this method is widely used, regardless of
whether it's objectively smart or not.  And even if that security strategy isn't
chosen on purpose, sometimes private files get left laying around in directories
by accident.  Apache should try to be resilient in the event of such errors, not
try to punish its users for being careless.  

I hope the mod_autoindex docs do get updated to at least describe Options
-Indexes.  If no recommendation is made there, perhaps the issue could be
mentioned in the Security Tips part of the Apache docs.

Regards

Paul

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 11769] New: - 2.0.39 Bindist does not work on all versions of Solaris 8

2002-08-16 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11769

2.0.39 Bindist does not work on all versions of Solaris 8

   Summary: 2.0.39 Bindist does not work on all versions of Solaris
8
   Product: Apache httpd-2.0
   Version: 2.0.39
  Platform: Sun
OS/Version: Solaris
Status: NEW
  Severity: Normal
  Priority: Other
 Component: All
AssignedTo: bugs@httpd.apache.org
ReportedBy: [EMAIL PROTECTED]


Dear Apache,

The README.bindist of the 2.0.39 Binary distribution states that the build will 
work on Solaris 8.

However I believe this is only true of Solaris 8 10/01 and later. Specifically 
it will not run on my Solaris 8 01/00. This is because libsendfile.so.1 library 
was not introduced in the SUNWcsl package until 10/01. If you try to start 
httpd on a 01/00 version of Solaris 8 you get a library not found message.

# more /etc/release
   Solaris 8 s28_38shwp2 SPARC
   Copyright 2000 Sun Microsystems, Inc.  All Rights Reserved.
Assembled 21 January 2000
# grep libsendfile.so.1 /var/sadm/install/contents

Whereas...

# more /etc/release
   Solaris 8 10/01 s28s_u6wos_08a SPARC
   Copyright 2001 Sun Microsystems, Inc.  All Rights Reserved.
   Assembled 12 September 2001
# grep libsendfile.so.1 /var/sadm/install/contents
/usr/lib/abi/abi_libsendfile.so.1 f none 0755 root bin 35176 10702 987601497 
SUNWcstl
/usr/lib/abi/sparcv9/abi_libsendfile.so.1 f none 0755 root bin 36352 19133 
987601498 SUNWcstlx
/usr/lib/libsendfile.so=./libsendfile.so.1 s none SUNWcsl
/usr/lib/libsendfile.so.1 f none 0755 root bin 11608 560 987601493 SUNWcsl
/usr/lib/sparcv9/libsendfile.so=./libsendfile.so.1 s none SUNWcslx
/usr/lib/sparcv9/libsendfile.so.1 f none 0755 root bin 13032 4593 987601495 
SUNWcslx


Regards

Duncan Baillie
Senior Unix SA
Rabobank International

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 11038] - wrong HTTP response code with negotiated ErrorDocuments

2002-08-16 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11038

wrong HTTP response code with negotiated ErrorDocuments

[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution||FIXED



--- Additional Comments From [EMAIL PROTECTED]  2002-08-16 14:36 ---
seems to be fixed in 2.0.40. Thanks guys :-)

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 11759] - Mention "Options Index" in mod_autoindex doc

2002-08-16 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11759

Mention "Options Index" in mod_autoindex doc

[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|REOPENED|RESOLVED
 Resolution||INVALID



--- Additional Comments From [EMAIL PROTECTED]  2002-08-16 14:26 ---
The mod_autoindex docs do say "Automatic index generation is enabled with using
Options +Indexes. See the Options directive for more details." which pretty
much sums up the situation.

I do not believe that recommending "Options -Indexes" for sites with non-public
files is a good idea.  Private files should not be kept in the web tree at all.

It is true that the mod_autoindex docs could use some rewriting.  I'll try to
get to that eventually.

Thanks for using Apache.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 11751] - 200 status code logged when password file unreadable

2002-08-16 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11751

200 status code logged when password file unreadable

[EMAIL PROTECTED] changed:

   What|Removed |Added

   Severity|Major   |Minor
   Priority|High|Low
Summary|Logging 200 on hits that|200 status code logged when
   |shouldn't   |password file unreadable



--- Additional Comments From [EMAIL PROTECTED]  2002-08-16 14:21 ---
You may have uncovered a small bug, but the configuration you are using
is completely wrong.  Where is apache supposed to get usernames/passwords
if you set AuthUserFile to /dev/null?  And you also shouldn't be using the
 and  lines.

Still, I would think apache should be returning 500 or 403 in a situation
where there is a "require valid-user" but the password file can't be read.
But what response is actually going to the client?  Can you replicate
this yourself?

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 11764] - fatal error C1083: Cannot open include file: 'apr.h': No such file or directory

2002-08-16 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11764

fatal error C1083: Cannot open include file: 'apr.h': No such file or directory





--- Additional Comments From [EMAIL PROTECTED]  2002-08-16 14:01 ---
Can you post more information so that we can track down the problem?

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 11751] - Logging 200 on hits that shouldn't

2002-08-16 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11751

Logging 200 on hits that shouldn't

[EMAIL PROTECTED] changed:

   What|Removed |Added

 OS/Version|Other   |Solaris
   Priority|Other   |High

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 11765] New: - .apaci.install.tmp installs in existing httpd.conf directory

2002-08-16 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11765

.apaci.install.tmp installs in existing httpd.conf directory

   Summary: .apaci.install.tmp installs in existing httpd.conf
directory
   Product: Apache httpd-1.3
   Version: 1.3.26
  Platform: Sun
OS/Version: Solaris
Status: NEW
  Severity: Normal
  Priority: Other
 Component: Build
AssignedTo: bugs@httpd.apache.org
ReportedBy: [EMAIL PROTECTED]


New builds and upgrades of apache install the hidden file .apaci.install.tmp in
an existing httpd.conf directory. This may overwrite already new configured
values with the install-defaults resulting in 'hard-to-find' configuration 
mistakes.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 11764] New: - fatal error C1083: Cannot open include file: 'apr.h': No such file or directory

2002-08-16 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11764

fatal error C1083: Cannot open include file: 'apr.h': No such file or directory

   Summary: fatal error C1083: Cannot open include file: 'apr.h': No
such file or directory
   Product: Apache httpd-2.0
   Version: 2.0.40
  Platform: PC
OS/Version: Windows NT/2K
Status: NEW
  Severity: Critical
  Priority: Other
 Component: All
AssignedTo: bugs@httpd.apache.org
ReportedBy: [EMAIL PROTECTED]


Not exist file apr.h in httpd-2.0.40-win32-src.zip.
What it do mean?

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 7513] - Proxy not downgrading responses for HTTP/1.0 clients

2002-08-16 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7513

Proxy not downgrading responses for HTTP/1.0 clients





--- Additional Comments From [EMAIL PROTECTED]  2002-08-16 10:36 ---
any word on this?  Maybe I am smoking crack on this one??

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 11761] New: - Content negotiation doesn't work with PHP

2002-08-16 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11761

Content negotiation doesn't work with PHP

   Summary: Content negotiation doesn't work with PHP
   Product: Apache httpd-2.0
   Version: 2.0.39
  Platform: PC
   URL: http://www.rivinfo.com/svdbeek/tmp.php
OS/Version: Linux
Status: NEW
  Severity: Normal
  Priority: Other
 Component: mod_negotiation
AssignedTo: bugs@httpd.apache.org
ReportedBy: [EMAIL PROTECTED]


Configured content negotiation. Works fine with HTML files.
Did the exact same thing for a PHP file, but it won't serve up the file.
Created tmp.php.var, tmp.php.en and tmp.php.fr. Also tried to use tmp.en.php, 
but same result.
If you select the above URL with tmp.php you will get a 404 (In the correct 
language :-)
However, if you put in tmp.php.var it will serve you the right language page!
But tmp.php.var just contains the URI statements - no code.
Since I set it up exactly as the html, and the html content negotiation works I 
assume it's either an undocumented setup problem or a bug.

PS: No answers from the newsgroups, nor on the web. Fonud one other person with 
the same problem, but no solution.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 11759] - Mention "Options Index" in mod_autoindex doc

2002-08-16 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11759

Mention "Options Index" in mod_autoindex doc

[EMAIL PROTECTED] changed:

   What|Removed |Added

Summary|Allow disabling |Mention "Options Index" in
   |mod_autoindex on a per- |mod_autoindex doc
   |directory basis |



--- Additional Comments From [EMAIL PROTECTED]  2002-08-16 06:51 ---
Bug summary updated to reflect suggestion.  "Options Index" should be
mentioned/described in the "Summary" section of the mod_autoindex doc.
IMO the doc should also advise that "Options -Index" is preferred if the site
contains any non-public files.  Directories wanting indexing should enable it
explicitly in those cases.  With indexing enabled, it's very easy to leave a
directory auto-indexed by accident, with undesired consequences, and many sites
have done that.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 11759] - Allow disabling mod_autoindex on a per-directory basis

2002-08-16 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11759

Allow disabling mod_autoindex on a per-directory basis

[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|RESOLVED|REOPENED
  Component|mod_autoindex   |Documentation
 Resolution|INVALID |



--- Additional Comments From [EMAIL PROTECTED]  2002-08-16 06:37 ---
Reopened as documentation bug.  The doc for mod_autoindex should explain the
way to disable indexing: set "Options -Index" in the appropriate containing 
block.

I was able to figure this out by examining mod_autoindex.c and then finding
the single place where OPT_INDEXES was set, then checking the doc for the
Options command.  That's an unreasonable thing to ask of user.

Before initially opening this bug, I had already asked on the Usenet web
servers group how to turn off indexing, and no one responded, so it shows
how obscure that Options command was.  Apache configuration questions generally
get answered pretty quickly on that group.  So the doc update is definitely
appropriate.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 11759] - Allow disabling mod_autoindex on a per-directory basis

2002-08-16 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11759

Allow disabling mod_autoindex on a per-directory basis

[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution||INVALID



--- Additional Comments From [EMAIL PROTECTED]  2002-08-16 05:54 ---

You are overlooking the flexibility and control of a global 
section.  The bug database is for tracking problems with the code, please
refer to the appropriate users list to discuss how to accomplish what you
are attempting to do.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 11087] - Http Session problem in Tomcat

2002-08-16 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11087

Http Session problem in Tomcat





--- Additional Comments From [EMAIL PROTECTED]  2002-08-16 02:50 ---
Hello, 
We are running into the same problem. We are using tomcat 4.0.4 under redhat 
linux 7.3. It happens with our without Apache 1.3/2.0. Please let me know if 
there is a work around.
Thanks, 
Nag

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 11759] New: - Allow disabling mod_autoindex on a per-directory basis

2002-08-16 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11759

Allow disabling mod_autoindex on a per-directory basis

   Summary: Allow disabling mod_autoindex on a per-directory basis
   Product: Apache httpd-1.3
   Version: 1.3.26
  Platform: Other
OS/Version: Other
Status: NEW
  Severity: Normal
  Priority: Other
 Component: mod_autoindex
AssignedTo: bugs@httpd.apache.org
ReportedBy: [EMAIL PROTECTED]


Forgetting to create an index.html file is a common security lapse, that lets
intruders prowl around the directory using mod_autoindex.

Therefore, there should be a configuration directive to disable mod_autoindex
at either the global level, in a virtual server block, or in a directory block.
Something like "AutoIndex On" to enable auto-indexing, and "AutoIndex Off"
to disable it, would do the job.

A typical way to use it would be to set "AutoIndex Off" in httpd.conf,
disabling auto-indexing by default.  Individual directories could override
the default and enable auto-indexing in their .htaccess file, if AllowOverrides
is set to allow overriding mod_autoindex directives.  Alternatively, 
auto-indexing could be enable for specific directories using AutoIndex
directives in  blocks for those directories.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]