Share data between servers
Hi, Is there a way to share data (in my case a apr_array_header_t) between all the httpd process ? I have to use it to provide single sign-on functionality with the proxy module. I have to store some informations about old requests from all httpd process (true and virtual). Thank you and best regards. seß - sinad PS: Congratulations at all the Apache Team for his work -- GPG uid: 0xCB92591D ICQ: 60143970 LINUX - because life is too short to reboot ! -- Fortune: Your object is to save the world, while still leading a pleasant life. msg11412/pgp0.pgp Description: PGP signature
Re: HTTP headers on 'trailing slash' redirects?
Monday, August 12, 2002, 9:09:01 AM, you wrote: Phil Stoneman says: Now, my problem is this: Apache(1.3.26) is sending 301 (HTTP_MOVED_PERMANENTLY) when it does the 'trailing slash' redirects to contruct a valid URI for a directory. This is technically not against the RFC from what I can see. It is a bit annoying, though, since when tinkering with UseCanonicalName in the config file, the browser cached the redirect and made me think apache wasn't getting its own hostname correctly. I've tested IIS 5.0, and this does seem to send 302 (HTTP_MOVED_TEMPORARILY), which is what I'd imagine should be done. Also, I've found a reference on google groups to apache 1.2b8 where this behaviour was changed as I'm looking for: http://groups.google.com/groups?selm=334AF61F.26A5%40DECUS.Orgoutput=gplain (The bit in question was written by Markus Gyger, and is about halfway down) Seems to me that a URL pointing to a directory always has to end with a slash, and therefor it is permanent. Why would it be temporary? Hmm... I'm not entirely sure, to be honest. I wouldn't really consider myself experienced in any way with the inner workings of web servers. However. It does strike me that the object could concievably change between being a directory and being a file, for example, meaning that a cached redirect (Which is what seems to happen with a permanent redirect) is an annoyance. Also, it appears that IIS (at least 5.0, which I've tested for this) and Apache 1.2b8 (from that changelog I found) do respond with a 302 (temporary redirect). I'm wondering why the current Apache's behaviour is different, that's all. Also, is there any way to persuade apache to do this right with mod_rewrite? Thanks Phil -- Phil Stonemanmailto:[EMAIL PROTECTED]
user field of conn-rec in change from apache 13 to 20
HI, Can someone point me to the equivalent in the Apache 2.0.x versions of the user field that was in the Apache 1.3.x in hte conn_rec?? thanks by advance, Harrie
server push CGI problem
Hi, I've got an update problem regarding apache 1.3.24/2.0.39 and a home-grown server-push webcam CGI. The CGI continuously reads images from the cam, compresses them into JPEGs and puts them together into a multipart/x-mixed-replace stream to produce a poor-man's video with netscape-browsers. With apache-1.3.x the CGI detected that the connection to the browser was closed by getting an error back when writing to standard output because apache automatically closed down the pipe to the CGI as well. Now after upgrading to apache-2.0.39 the cgi never gets the error and therefore never stops delivering pictures to nowhere. My guess is that apache tries to discard all remaining script output by reading until EOF before closing the pipe which in my case results in the script carrying on forever. I've tried to install the script as nph- but that resulted in the browser showing the data literally because it somehow got the MIME type wrong/not at all. Now my questions are: Is my guess regarding the discard of remaining output right? Can it be switched off? How can I get the nph- approach get to work properly? Thanks in advance for your help. -- bye, Micha
Re: Share data between servers
Graham Leggett wrote: GL Sébastien Bonnegent wrote: GL GL Is there a way to share data (in my case a apr_array_header_t) GL between all the httpd process ? GL GL I have to use it to provide single sign-on functionality with GL the proxy module. I have to store some informations about old GL requests from all httpd process (true and virtual). GL GL Simply configuring an authentication module in Apache should provide GL single sign on for you using basic authentication without any code GL modification. Oh ! I think that I have missed something. Could you give me an example of this configuration please ? GL What exactly are you trying to achieve? I want to make a transparent proxy where the client only have to give an authentification the first time for a domain and after the proxy gives the authentification for the others domains. In this system, the auth system must recognize the Basic and the Digest mecanisms. For example: -- --- - | a client |--| SSO-proxy |--| Server1 | for the domain: www.example1.com -- --- \ - \| Server2 | for the domain: www.example2.com \ - \ ... A client connect to www.example1.com, and provide an authentification. Later, the same client connect to www.example2.com without give again an authentification. In my opinion, I though to provide the auth header instead of the client in the proxy module. The differents servers (Server1, Server2, ...) could be of any type (Apache, IIS, ...). Do you see what I mean ? Best regards, seß - sinad -- GPG uid: 0xCB92591D ICQ: 60143970 LINUX - because life is too short to reboot ! -- Fortune: For a light heart lives long. -- Shakespeare, Love's Labour's Lost msg11417/pgp0.pgp Description: PGP signature
Re: user field of conn-rec in change from apache 13 to 20
Harrie Hazewinkel [EMAIL PROTECTED] writes: Can someone point me to the equivalent in the Apache 2.0.x versions of the user field that was in the Apache 1.3.x in hte conn_rec?? They were moved to the request_rec. -- Jeff Trawick | [EMAIL PROTECTED] Born in Roswell... married an alien...
Re: Share data between servers
Sébastien Bonnegent wrote: I want to make a transparent proxy where the client only have to give an authentification the first time for a domain and after the proxy gives the authentification for the others domains. In this system, the auth system must recognize the Basic and the Digest mecanisms. Hmmm... you're going to battle doing this, basically because you need to get the browsers to cooperate. The Apache side is pretty easy, just configure one of the authentication modules and your browser will be forced to authenticate first. But - your browser is going to ask for a username and password on each attempt to connect to a different website name (unless the browser bases it's decision to ask for a password based on the realm string, in which case it might work). This is easy to try without any actual coding - set it up and see if it works... Regards, Graham -- - [EMAIL PROTECTED] There's a moon over Bourbon Street tonight...
Re: Share data between servers
Graham Leggett wrote: GL Sébastien Bonnegent wrote: GL I want to make a transparent proxy where the client only GL have to give an authentification the first time for a domain GL and after the proxy gives the authentification for the others GL domains. In this system, the auth system must recognize the Basic GL and the Digest mecanisms. GL GL Hmmm... you're going to battle doing this, basically because you need to GL get the browsers to cooperate. Not necessarily, because I can detect in the proxy module when the server responds with a 401 (need authentification) and in this case, I re-send a request with a authentification field if the user is already authentified on the proxy. And this, without any browser's cooperation. This is why I need to share some data between different servers. But, in another hand, this means more work for Apache and certainly taller response time. GL But - your browser is going to ask for a username and password on each GL attempt to connect to a different website name Yes, I know. It is why I want to provide the authentification information instead of the user. (because there is the same login/password for all my websites) GL (unless the browser bases GL it's decision to ask for a password based on the realm string, in which GL case it might work). GL This is easy to try without any actual coding - set it up and see if it GL works... I have already tested it with Netscape, Galeon, Mozilla, lynx, ... and it seems that it isn't a standard ! Regards, seß - sinad -- GPG uid: 0xCB92591D ICQ: 60143970 LINUX - because life is too short to reboot ! -- Fortune: You'd like to do it instantaneously, but that's too slow. msg11420/pgp0.pgp Description: PGP signature
[PATCH] handling ErrorDocument failures
There have been a number of glitches with our canned error message support (ap_send_error_response) which are caused by us trying to use two different request_recs to send them, believe it or not. We get into this situation when an ErrorDocument specifies an internal redirect to a bad URI. Current external symptoms include the wrong Content-Type if the ErrorDocument URI points to a bad CGI, and garbled canned error text on ebcdic boxes due to ascii data being sent thru a charset-lite filter which expects ebcdic input. When ap_die detects a recursive error caused by an internal redirect to an ErrorDocument, it saves and processes the recursive error status code, backs up to the request_rec for the first error, and passes that to ap_send_error_response. We then initialize this request_rec as appropriate for a canned error message. But just before we start emitting the text of the message, we switch to the newest request_rec by chasing r-next, which gets us out of sync. It looks like this code was added to be compatible with similar code in ap_finalize_request_protocol. I can't tell from the commit logs why the code to chase r-next was added to ap_finalize_request_protocol (rev 1.207 of modules/http/http_protocol.c). It takes away the caller's ability to back out to an earlier request_rec after an internal redirect failure. Is that important? Dunno, but we support in 1.3 and I see no reason to remove that support. It's probably why the r-prev and r-next pointers exist. We need to send the canned error text on the same request_rec that we initialize for that purpose in order to fix the glitches. This patch chooses to consistantly use the request_rec passed into ap_send_error_message to be compatible with 1.3. In order for that to work properly, the filter chains must be updated to point to the earlier request_rec, backing out the changes done by internal_internal_redirect. Comments? Thanks, Greg Index: modules/http/http_protocol.c === RCS file: /home/cvs/httpd-2.0/modules/http/http_protocol.c,v retrieving revision 1.453 diff -u -d -b -r1.453 http_protocol.c --- modules/http/http_protocol.c8 Aug 2002 20:39:15 - 1.453 +++ modules/http/http_protocol.c12 Aug 2002 13:41:07 - -2301,16 +2301,6 const char *title = status_lines[idx]; const char *h1; -/* XXX This is a major hack that should be fixed cleanly. The - * problem is that we have the information we need in a previous - * request, but the text of the page must be sent down the last - * request_rec's filter stack. rbb - */ -request_rec *rlast = r; -while (rlast-next) { -rlast = rlast-next; -} - /* Accept a status_line set by a module, but only if it begins * with the 3 digit status code */ -2331,24 +2321,24 * so do ebcdic-ascii translation explicitly (if needed) */ -ap_rvputs_proto_in_ascii(rlast, +ap_rvputs_proto_in_ascii(r, DOCTYPE_HTML_2_0 htmlhead\ntitle, title, /title\n/headbody\nh1, h1, /h1\n, NULL); -ap_rvputs_proto_in_ascii(rlast, +ap_rvputs_proto_in_ascii(r, get_canned_error_string(status, r, location), NULL); if (recursive_error) { -ap_rvputs_proto_in_ascii(rlast, pAdditionally, a , +ap_rvputs_proto_in_ascii(r, pAdditionally, a , status_lines[ap_index_of_response(recursive_error)], \nerror was encountered while trying to use an ErrorDocument to handle the request./p\n, NULL); } -ap_rvputs_proto_in_ascii(rlast, ap_psignature(hr /\n, r), NULL); -ap_rvputs_proto_in_ascii(rlast, /body/html\n, NULL); +ap_rvputs_proto_in_ascii(r, ap_psignature(hr /\n, r), NULL); +ap_rvputs_proto_in_ascii(r, /body/html\n, NULL); } ap_finalize_request_protocol(r); } Index: modules/http/http_request.c === RCS file: /home/cvs/httpd-2.0/modules/http/http_request.c,v retrieving revision 1.151 diff -u -d -b -r1.151 http_request.c --- modules/http/http_request.c 27 Jun 2002 04:40:47 - 1.151 +++ modules/http/http_request.c 12 Aug 2002 13:41:07 - -96,6 +96,23 * Mainline request processing... */ +/* XXX A cleaner and faster way to do this might be to pass the request_rec + * down the filter chain as a parameter. It would need to change for + * subrequest vs. main request filters; perhaps the subrequest filter could + * make the switch. + */ +static void update_r_in_filters(ap_filter_t *f, +request_rec *from, +request_rec *to) +{ +while
Re: Share data between servers
On Mon, 12 Aug 2002, Sbastien Bonnegent wrote: A client connect to www.example1.com, and provide an authentification. Later, the same client connect to www.example2.com without give again an authentification. How is that not a security problem? Let's say we then have www.example3.attacker.com who provides the same Realm to the proxy. The proxy hands over the user's password to the attacker without the client even knowing anything happened. --Cliff
Re: Share data between servers
Cliff Woolley wrote: CW On Mon, 12 Aug 2002, Sbastien Bonnegent wrote: CW CW A client connect to www.example1.com, and provide an authentification. CW Later, the same client connect to www.example2.com without give again CW an authentification. CW CW How is that not a security problem? CW CW Let's say we then have www.example3.attacker.com who provides the same CW Realm to the proxy. The proxy hands over the user's password to the CW attacker without the client even knowing anything happened. In fact, my first schema was incomplete, whereis a firewall between the client and the proxy. In addition, the proxy only serves a delimited number of websites which are known in advance. It is the proxy that check if the user is already known or not. Obviously, hijacking and ip-spoofing must have special attention in this system (maybe with a special nonce or something like that). Regards, seß - sinad -- GPG uid: 0xCB92591D ICQ: 60143970 LINUX - because life is too short to reboot ! -- Fortune: There will be big changes for you but you will be happy. msg11423/pgp0.pgp Description: PGP signature
2.0.40 Win32 binary packages borked
The .msi and .exe installers for 2.0.40 are borked... lots of default stuff (license, etc), and the registry keys created are apparently for 2.0.39 instead of 2.0.40 (or so says one of the several PR's on the matter). How soon can these be rebuilt? Should I pull the broken installers in the meanwhile? --Cliff
RE: 2.0.40 Win32 binary packages borked
The .msi and .exe installers for 2.0.40 are borked... lots of default stuff (license, etc), and the registry keys created are apparently for 2.0.39 instead of 2.0.40 (or so says one of the several PR's on the matter). How soon can these be rebuilt? Should I pull the broken installers in the meanwhile? --Cliff Pull the broken Windows install. Bill Rowe generally does the Windows binary builds. I have no idea how to do it nor the time to investigate now. If no one else can do the builds, we will be w/o Windows builds for a while. Bill
RE: [PATCH] Workaround for bogobrowsers
+1 Some browsers have an unusual breakage: when they receive a redirect, and the redirect response's content-type includes a charset, they remember the charset and apply it to the target of the redirection -- overriding any charset the target's response specifies. This gets tickled when the redirect is coming out of any internal Apache mechanism, since we explicitly set the charset on those. If the redirect is to a page in Greek, for instance, the browser is going to try to render it in iso-8859-1. This is a client bug to be sure, but in a widely-deployed browser: Netscape 4. The following patch allows this to be worked around using our standard BrowserMatch envariable mechanism. It's against 1.3, since that's the version with the most penetration at the moment and where the problem is most visible. Index: src/main/http_protocol.c === RCS file: /home/cvs/apache-1.3/src/main/http_protocol.c,v retrieving revision 1.325 diff -u -r1.325 http_protocol.c --- src/main/http_protocol.c9 Jul 2002 15:26:26 - 1.325 +++ src/main/http_protocol.c12 Aug 2002 16:24:39 - -2834,7 +2834,13 r-content_languages = NULL; r-content_encoding = NULL; r-clength = 0; -r-content_type = text/html; charset=iso-8859-1; +if (ap_table_get(r-subprocess_env, + suppress-error-charset) != NULL) { +r-content_type = text/html; +} +else { +r-content_type = text/html; charset=iso-8859-1; +} if ((status == METHOD_NOT_ALLOWED) || (status == NOT_IMPLEMENTED)) ap_table_setn(r-headers_out, Allow, make_allow(r)); -- #ken P-)} Ken Coar, Sanagendamgagwedweinini http://Golux.Com/coar/ Author, developer, opinionist http://Apache-Server.Com/ Millennium hand and shrimp!
Re: [PATCH] Workaround for bogobrowsers
Jim Jagielski wrote: By the by, do we have a canonical list of such env-vars currently is use? Last I checked, the doccos were somewhat dated and sparse. The canonical list is here: http://httpd.apache.org/docs/env.html#special (and similarly for 2.0) But I believe that some of the recent additions have not made it into the right place. Joshua.
Re: [PATCH] Workaround for bogobrowsers
Joshua Slive wrote: Jim Jagielski wrote: By the by, do we have a canonical list of such env-vars currently is use? Last I checked, the doccos were somewhat dated and sparse. The canonical list is here: http://httpd.apache.org/docs/env.html#special (and similarly for 2.0) But I believe that some of the recent additions have not made it into the right place. Yeah, it looks like the page hasn't changed since last I peeked at it. Wasn't sure if there was someplace else they were being maintained, but it doesn't look like it :/ -- === Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/ A society that will trade a little liberty for a little order will lose both and deserve neither - T.Jefferson
Re: user field of conn-rec in change from apache 13 to 20
The user field is in the request_rec now, because users are a request-based entity in HTTP. Ryan On Mon, 12 Aug 2002, Harrie Hazewinkel wrote: HI, Can someone point me to the equivalent in the Apache 2.0.x versions of the user field that was in the Apache 1.3.x in hte conn_rec?? thanks by advance, Harrie -- ___ Ryan Bloom [EMAIL PROTECTED] 550 Jean St Oakland CA 94610 ---
different module building semantics
In order to build the non-standard modules, configure requires a command line option of the form --enable-module-name. The problem with this (other than being unable to use the --enable-module=) syntax, is that you can't choose to build as a shared library. This causes much work in order add a non-standard module, because you have to rebuild the entire server just to get one more module enabled. --- Aryeh Katz VASCO www.vasco.com
Re: different module building semantics
Aryeh Katz wrote: In order to build the non-standard modules, configure requires a command line option of the form --enable-module-name. The problem with this (other than being unable to use the --enable-module=) syntax, is that you can't choose to build as a shared library. This causes much work in order add a non-standard module, because you have to rebuild the entire server just to get one more module enabled. --- Aryeh Katz VASCO www.vasco.com Hi Aryeh. have a look at apxs. this might be a better approach for your development, as all you require are the header files and the libraries to create a module.
Re: different module building semantics
Aryeh Katz wrote: In order to build the non-standard modules, configure requires a command line option of the form --enable-module-name. The problem with this (other than being unable to use the --enable-module=) syntax, is that you can't choose to build as a shared library. This causes much work in order add a non-standard module, because you have to rebuild the entire server just to get one more module enabled. --- Aryeh Katz VASCOwww.vasco.com Hi Aryeh. have a look at apxs. this might be a better approach for your development, as all you require are the header files and the libraries to create a module. I was referring to modules that are in the experimental directory... --- Aryeh Katz VASCO www.vasco.com
Re: different module building semantics
Aryeh Katz wrote: Aryeh Katz wrote: In order to build the non-standard modules, configure requires a command line option of the form --enable-module-name. The problem with this (other than being unable to use the --enable-module=) syntax, is that you can't choose to build as a shared library. This causes much work in order add a non-standard module, because you have to rebuild the entire server just to get one more module enabled. --- Aryeh Katz VASCO www.vasco.com Hi Aryeh. have a look at apxs. this might be a better approach for your development, as all you require are the header files and the libraries to create a module. I was referring to modules that are in the experimental directory... you mean something like --enable-cache=shared doesn't work for you? --- Aryeh Katz VASCO www.vasco.com
Why can't ap_send_error_response() count on charset?
Hi all. In modules/http/http_protocol.c the comment say ap_send_error_response is used for any response that can be generated by the server from the request record. This includes all [snip] messages that have not been redirected to another handler via the ErrorDocument feature. On line 2331 I read: /* can't count on a charset filter being in place here, * so do ebcdic-ascii translation explicitly (if needed) */ It's trivial to add on line 2336 to ap_rvputs_proto_in_ascii() a string like meta http-equiv=Content-Type content=text/html; charset=utf-8 or so... but the comment about say can't count on a charset. Anyway... with the actual code, the html generated by ap_send_error_response can't pass the W3C Validator test (with the missing meta line it would be ok). I'd like to see the html generated by ap_send_error_response to pass the W3C Validator test in the default configuration (say without using external html files for 404 and so on). The patch is trivial but I don't understand why (we) can't count on a charset filter being in place here. Thank you. -- Carlo Perassi - http://www.linux.it/~carlo/ Do only what only you can do (Edsger Wybe Dijkstra: 1930-2002)
Re: different module building semantics
I was referring to modules that are in the experimental directory... you mean something like --enable-cache=shared doesn't work for you? I used --enable-shared=all to force shared libraries. That's what I meant in my original post about different module building semantics. Once I set it to =shared, then it was in fact a shared module. I would just prefer the ability to do --enable-module=... and --enable-shared once, whether it is a supported module or not. Does it make sense to have duplicate logic that doesn't work across the board? 1) enable-my-module 2) enable-module=my_module If I'm not mistaken, I can write --enable-shared=all, and case 2 will make it shared. --- Aryeh Katz VASCO www.vasco.com
RE: [PATCH] Workaround for bogobrowsers
yes please ! +1 redirect, and the redirect response's content-type includes a charset, they remember the charset and apply it to the target of the redirection -- overriding any charset the target's response specifies. This gets tickled when the redirect is coming out of any internal Apache mechanism, since we explicitly set the charset on those. If the redirect is to a page in Greek, for instance, the browser is going to try to render it in iso-8859-1. This is a client bug to be sure, but in a widely-deployed browser: Netscape 4. The following patch allows this to be worked around using our standard BrowserMatch envariable mechanism. It's against 1.3, since that's the version with the most penetration at the moment and where the problem is most visible. Index: src/main/http_protocol.c === RCS file: /home/cvs/apache-1.3/src/main/http_protocol.c,v retrieving revision 1.325 diff -u -r1.325 http_protocol.c --- src/main/http_protocol.c9 Jul 2002 15:26:26 - 1.325 +++ src/main/http_protocol.c12 Aug 2002 16:24:39 - -2834,7 +2834,13 r-content_languages = NULL; r-content_encoding = NULL; r-clength = 0; -r-content_type = text/html; charset=iso-8859-1; +if (ap_table_get(r-subprocess_env, + suppress-error-charset) != NULL) { +r-content_type = text/html; +} +else { +r-content_type = text/html; charset=iso-8859-1; +} if ((status == METHOD_NOT_ALLOWED) || (status == NOT_IMPLEMENTED)) ap_table_setn(r-headers_out, Allow, make_allow(r)); -- #kenP-)} Ken Coar, Sanagendamgagwedweinini http://Golux.Com/coar/ Author, developer, opinionist http://Apache-Server.Com/ Millennium hand and shrimp!
Re: QNX 6.1a mod/peer review
Anyone? ping! Or should i resumbit once a week as Justin suggested once ;) - Original Message - From: Igor Kovalenko [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 07, 2002 2:24 PM Subject: Re: QNX 6.1a mod/peer review Was that applied or not? Does not seem to be in 2.0.39... As for the content of patch, it appears to do 2 things: replace mmmap() of /dev/zero with mmap() of a regular file (which is not the best idea) and handle retuns of pthread_xxx() funcs differently (they return errno value rather than set errno on QNX6). This all applies to USE_PROC_PTHREAD_SERIALIZE code. However, USE_PROC_PTHREAD_SERIALIZE is not defined on QNX6. The USE_PTHREAD_SERIALIZE is defined, but useless since apache has no code for it beyond handling -V option. USE_POSIXSEM_SERIALIZE is defined too and SINGLE_LISTEN_UNSERIALIZED_ACCEPT is also defined. Which means (as far as i can tell) USE_POSIXSEM_SERIALIZE will be used if more than one Listen is present. That code looks somewhat strange to me too. Is there a reason why named POSIX semaphores are used? Named ones add lot of unnecessary trouble (there are even comments inline about joy of using them) and on QNX they are also whole lot slower. Why not put unnamed ones into anon shared memory? Is this code used by any other platform which does have named POSIX sems but does not have anon shared memory? The time_sem.c does not have code to test POSIXSEM_SERIALIZE performance. I did test FLOCK/FCNTL and PTHREAD though and PTHREAD is 5-6 times faster on QNX6 (single CPU, 50 children, 1 iterations). So here is what needs to be done I think: 1. define USE_PROC_PTHREAD_SERIALIZE for QNX6 2. patch USE_PROC_PTHREAD_SERIALIZE to use mmap(MAP_ANON) is available and fallback to mmap(/dev/zero) otherwise; also patch it to use QNX6 equivalent of pthread_mutex_setconsistent_np(). 3. patch for handling of pthread_xxx() returns. 4. handle scoreboard code to use mmap() in similar way to (2) 5. remove QNX6 from list of systems which don't have initgroups(). Are there upfront objections to such patch before I bother doing it? There were objections when I tried to do (2) for apache1.3 - it was said to be non-QNX-specific. My arguments (that it actually should be non-QNX-specific) were never answered and patch was summarily ignored. Regards, -- igor - Original Message - From: Davide Berti [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, May 23, 2002 12:28 PM Subject: QNX 6.1a mod/peer review Hello all httpd-2.0.36, QNX 6.1 RTOS I have made a modification to apache to get it to run on qnx. It kept hanging. I traced it down and made some changes to get it to run. I wanted to proof these changes with the apache community and get some feedback as to the longterm consequences/ side effects of these changes. I am attaching a diff of the changes that I made. I also noticed that SSL doesn't seem to work unless the -X flag is passed to httpd, any ideas. Thanks /Davide --- httpd-2.0.36/srclib/apr/locks/unix/proc_mutex.c Mon Apr 8 23:56:56 2002 +++ ../httpd-2.0.36/srclib/apr/locks/unix/proc_mutex.c Wed May 8 16:04:51 2002 @@ -318,7 +318,9 @@ if (munmap((caddr_t)mutex-pthread_interproc, sizeof(pthread_mutex_t))){ return errno; } -} +if(shm_unlink(/datapoints)) // DB +return errno; + } return APR_SUCCESS; } @@ -329,11 +331,15 @@ int fd; pthread_mutexattr_t mattr; -fd = open(/dev/zero, O_RDWR); -if (fd 0) { -return errno; -} +fd=shm_open(/datapoints,O_RDWR|O_CREAT,0777); file://DB + if (fd 0) + return errno; + if(ftruncate(fd,sizeof(pthread_mutex_t))==-1) file://DB + return errno; + + + new_mutex-pthread_interproc = (pthread_mutex_t *)mmap( (caddr_t) 0, sizeof(pthread_mutex_t), @@ -363,10 +369,11 @@ PTHREAD_MUTEX_ROBUST_NP))) { #ifdef PTHREAD_SETS_ERRNO rv = errno; -#endif +#endif // DB proc_mutex_proc_pthread_cleanup(new_mutex); return rv; } +#endif if ((rv = pthread_mutexattr_setprotocol(mattr, PTHREAD_PRIO_INHERIT))) { #ifdef PTHREAD_SETS_ERRNO rv = errno; @@ -374,9 +381,15 @@ proc_mutex_proc_pthread_cleanup(new_mutex); return rv; } +if ((rv = pthread_mutex_destroy(new_mutex-pthread_interproc))) { // DB +#ifdef PTHREAD_SETS_ERRNO +rv = errno; #endif +proc_mutex_proc_pthread_cleanup(new_mutex); +return rv; +} -if ((rv = pthread_mutex_init(new_mutex-pthread_interproc, mattr))) { + if ((rv = pthread_mutex_init(new_mutex-pthread_interproc, mattr))) { #ifdef PTHREAD_SETS_ERRNO rv = errno; #endif __ Do You Yahoo!?