PythonEnablePdb option.

[Graham Dumpleton]

The documentation for the Python debugger support in mod_python states:

  Because pdb is an interactive tool, start httpd from the command line
  with the -DONE_PROCESS option when using this directive. As soon as  
your
  handler code is entered, you will see a Pdb prompt allowing you to  
step

  through the code and examine variables.

If you enable PythonEnablePdb but try to use Apache in its normal mode,
ie., not as a single foreground process, you will get an error:

  Mod_python error: PythonHandler mptest

  Traceback (most recent call last):

File  
/System/Library/Frameworks/Python.framework/Versions/2.3/lib/ 
python2.3/site-packages/mod_python/apache.py, line 301, in  
HandlerDispatch

  assert (type(result) == type(int())), \

  AssertionError: Handler 'mptest' returned invalid return code.

This occurs because the pdb module internally generates an error when
it somehow realises that it isn't being run in interactive mode. Rather
than this exception being propagated, it simply returns None which
causes the above error.

Even if running pdb in single process mode, if quit is entered into
pdb as a command, you will get a similar error.

With the thought of mod_python perhaps ignoring the PythonEnabledPdb
option when not run in single process mode, is there a way using the
apache.mpm_query() function or some other function of determining that
Apache is running in single process mode?

This will not solve the quit problem, for that rather than calling
pdb.runcall(), mod_python perhaps could implement an alternate variant  
of

the Bdb.runcall() which is ultimately called which raises an appropriate
Apache error more appropriate in context of mod_python when the BdbQuit
exception is raised.

Anyone have any thoughts? Anyone use the pdb support?

Graham

Re: PythonEnablePdb option.

[Gregory (Grisha) Trubetskoy]

On Thu, 3 Nov 2005, Graham Dumpleton wrote:


With the thought of mod_python perhaps ignoring the PythonEnabledPdb
option when not run in single process mode, is there a way using the
apache.mpm_query() function or some other function of determining that
Apache is running in single process mode?


I wonder if simply examining sys.argv would work?

Grisha

Re: PythonEnablePdb option.

[Graham Dumpleton]

Graham Dumpleton wrote ..
 Grisha wrote ..
  
  On Thu, 3 Nov 2005, Graham Dumpleton wrote:
  
   With the thought of mod_python perhaps ignoring the PythonEnabledPdb
   option when not run in single process mode, is there a way using the
   apache.mpm_query() function or some other function of determining that
   Apache is running in single process mode?
  
  I wonder if simply examining sys.argv would work?
 
 Can't be done this way as sys.argv doesn't even exist in mod_python.

 ...
 
 Also need to sort out how -DONE_PROCESS and -X options are
 different, as pdb support also works if -X option is used. This is
 probably dangerous though to use as you still potentially get
 child processes and thus fire off more than one request and they
 will fight over standard input.

To determine if -DONE_PROCESS was used on the command line,
noting that -X is equivalent to -DONE_PROCESS and -DNO_DETATCH,
one can use in the Apache configuration file:

  IfDefine ONE_PROCESS
  PythonEnablePdb On
  /IfDefine

As far as I can tell, the IfDefine directive uses the Apache C function:

  ap_exists_config_define()

Ie., the defined symbol is the argument:

  ap_exists_config_define(ONE_PROCESS)

Unless I am missing something, there is no equivalent to being able
to do IfDefine from within Python code executing inside of mod_python.
It sounds though that in this case with pdb that it might be a potentially
useful feature.

Thus, what do people think about a new function:

  apache.exists_config_define(arg)

Graham

[jira] Commented: (MODPYTHON-77) The multiple interpreter concept of mod_python is broken for Python extension modules since Python 2.3

[Graham Dumpleton (JIRA)]

[ 
http://issues.apache.org/jira/browse/MODPYTHON-77?page=comments#action_12356739 
] 

Graham Dumpleton commented on MODPYTHON-77:
---

There are now so many different suggestions on this that it is all too 
confusing.

In respect of latest suggested change to release_interpreter(), this code 
wasn't based on latest code from 3.2 betas and therefore doesn't include fix 
for where Python doesn't support threading at all. Ie., the base code on which 
it should have been made was:

static void release_interpreter(void)
{
PyThreadState *tstate = PyThreadState_Get();
#ifdef WITH_THREAD
PyEval_ReleaseThread(tstate);
#else
PyThreadState_Swap(NULL);
#endif
PyThreadState_Delete(tstate);
}

Ie., new call to PyThreadState_Swap() not factored in.

I will refrain from posting what it perhaps should be so as not to make things 
worse.

In terms of the comment smallest required change, I am currently taking this 
to mean that the most minimal change is still to install first interpreter as 
main_interpreter and then to change release_interpreter() as suggested in 
previous post.

Before anyone else posts any code, let me independently work out some changes 
from scratch and thus verify the fixes or not. :-(


 The multiple interpreter concept of mod_python is broken for Python extension 
 modules since Python 2.3
 --

  Key: MODPYTHON-77
  URL: http://issues.apache.org/jira/browse/MODPYTHON-77
  Project: mod_python
 Type: Bug
   Components: core
 Versions: 3.1.4
  Environment: Python = 2.3
 Reporter: Boyan Boyadjiev
  Attachments: diff.txt, diff2.txt, diff3.txt, gil_test.c, gilstate.tar.gz, 
 mod_python.c, mod_python.c.diff, mod_python.h.diff, src.zip

 The multiple interpreter concept of mod_python is broken for Python extension 
 modules since Python 2.3 because of the PEP 311 (Simplified Global 
 Interpreter Lock Acquisition for Extensions):
 ...
 Limitations and Exclusions
 This proposal identifies a solution for extension authors with
 complex multi-threaded requirements, but that only require a
 single PyInterpreterState.  There is no attempt to cater for
 extensions that require multiple interpreter states.  At the time
 of writing, no extension has been identified that requires
 multiple PyInterpreterStates, and indeed it is not clear if that
 facility works correctly in Python itself.
 ...
 For mod_python this means, that complex Python extensions won't work any more 
 with Python = 2.3, because they are supposed to work only with the first 
 interpreter state initialized for the current process (a problem we 
 experienced). The first interpreter state is not used by mod_python after the 
 python_init is called. 
 One solution, which works fine for me, is to save the first interpreter state 
 into the interpreters dictionary in the function python_init 
 (MAIN_INTERPRETER is used as a key):
 static int python_init(apr_pool_t *p, apr_pool_t *ptemp,
apr_pool_t *plog, server_rec *s)
 {
 ...
 /* initialize global Python interpreter if necessary */
 if (! Py_IsInitialized())
 {
 /* initialze the interpreter */
 Py_Initialize();
 #ifdef WITH_THREAD
 /* create and acquire the interpreter lock */
 PyEval_InitThreads();
 #endif
 /* create the obCallBack dictionary */
 interpreters = PyDict_New();
 if (! interpreters) {
 ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, s,
  python_init: PyDict_New() failed! No more memory?);
 exit(1);
 }
 {   
 /*
 Workaround PEP 311 - Simplified Global Interpreter Lock 
 Acquisition for Extensions
 BEGIN
 */
 PyObject *p = 0;
 interpreterdata * idata = (interpreterdata 
 *)malloc(sizeof(interpreterdata));
 PyThreadState* currentThreadState = PyThreadState_Get();
 PyInterpreterState *istate = currentThreadState-interp;
 idata-istate = istate;
 /* obcallback will be created on first use */
 idata-obcallback = NULL;
 p = PyCObject_FromVoidPtr((void ) idata, NULL); /*p-refcout = 1*/
 PyDict_SetItemString(interpreters, MAIN_INTERPRETER, p); 
 /*p-refcout = 2*/
 Py_DECREF(p); /*p-refcout = 1*/
 /*
 END
 Workaround PEP 311 - Simplified Global Interpreter Lock 
 Acquisition for Extensions
 */
 }
 /* Release the thread state because we will never use
  * the main interpreter, only sub interpreters created later. */
 PyThreadState_Swap(NULL);
 #ifdef WITH_THREAD
 /* release the lock; now other threads can run */
 PyEval_ReleaseLock();
 #endif
 }
 

cache trouble (Re: [vote] 2.1.9 as beta)

[Nick Kew]

On Wednesday 02 November 2005 20:26, William A. Rowe, Jr. wrote:
 Colm MacCarthaigh wrote:
  I think the text Deny from all is a particularly dangerous thing to
  have not work as advertised! No matter how well documented :/

Nasty.  Is it necessarily a showstopper?

 The question though, is where can Deny from all be expected to work?

 Certainly not in Directory /foo - the cached entity no longer lives
 there.

I disagree.  If it came from there originally, then that's where it lives.
The principle we want here is that retrieving from cache should have
the same rules from a client PoV as retrieving an original unless a
sysop explicitly says otherwise.  Breaking that principle shouldn't
hit the sysop as a standard or default behaviour.

 Perhaps in Location /foo - but running the full handlers, dealing with
 all the regex'es all over again defeats the purpose of running a fast
 cache.

I'm not convinced by that either.  In fact, I dislike the whole run it in a
quick handler principle - it runs a supertanker through the KISS principle,
and has consequently left us with a cache that never really worked.
Even if we fix this, it's sure to have a high bugrate for the forseeable
future precisely because it violates KISS.

The main purpose of caching is to relieve the pressure on a big, slow backend.
In real life, most of that bigness and slowness is pretty much always going to 
live in a handler or a backend, so what we save by running quick_handler is
inherently of secondary importance.  And there are several things we can
do about that if we make cache a normal handler:
  * provide quick versions of early hooks.  For example, an authn that looks 
up cached headers and thus bypasses any potential trip to DBD or LDAP.
Similarly we may be able to bypass rewriterules, content negotiation,
or any trip to htaccess based on cache lookup matching; maybe your
CachedLocation proposal.
In a sense, that's modularising the quick handler concept!
  * Write a caching performance doc that discusses the issue, and makes
 clear the effect of anything complex in a hook that can't be bypassed.

 Certainly in VirtualHost www.cachedhost.example.com ... although authnz
 doesn't work correctly there in the first place ;-)

I take it that just refers to standard per-dir-config behaviour?  A directive
that's not even syntactically valid outside a directory-context can be
forgiven for not working there!


 And certainly globally, if I ran a large mass vhost, yet knew full well
 that a list of proxies would corrupt my content, I might

Deny from 10.123.55.0/24

 but again, authn/authz doesn't work globally.

Making it do so is a feature-enhancement, not a bugfix.  And we'd need to
have a proposal for implementation without undue complexity to consider
such an enhancement.

 We can discuss 'enabling' the map to storage for Location  and running
 the authz stack, but we would have to ensure we bypass the filesystem
 dir/files entities.  The deepest relevant level is Location .

In the present architecture that makes some sense.  But having chopped out
the hooks, adding them back in piecemeal seems reminiscent of Heath Robinson.

 And maybe, have you considered a CachedLocation  / CachedLocationMatch 
 container for mod_cache?  This would have the benefit that very long lists
 of directives would be ignored/not merged, in favor of a much shorter and
 very specific list that benefits the cache by keeping it fast, while giving
 the user the option to tweak the behavior of content, once cached.

You mean as a tool for sysops to accept/decline serving from cache?
That could potentially have merit, and would work best in a quick-translation
hook to bypass any more complex/expensive rules.
The danger is if it grows some nightmarishly confusing relationship
to normal Location semantics: the existing Location vs Directory
is bad enough for non-expert users!

-- 
Nick Kew

mod_mbox: unviewable message

[Joe Orton]

Hi, I just found a message which mod_mbox can't seem to render:

http://mail-archives.apache.org/mod_mbox/apr-dev/200509.mbox/[EMAIL PROTECTED]

can that be fixed?  The View raw message link is useful anyway ;)

joe

mod_deflate Vary header

[Florian Zumbiehl]

Hi,

While configuring and testing my new and shiny Apache 2, I noticed that
mod_deflate sends a Vary: Content-Encoding header whenever a resource
could potentially be compressed, no matter whether it actually is
compressed in that particular response. That certainly should
work, but in situations where the server's bandwidth is the bottleneck,
wouldn't it be a good idea to omit that Vary: header when no compression
actually takes place? After all, any user agent should be able to cope
with uncompressed content - and when that is what is already behind
the bottleneck, like in some local proxy cache, a Vary: Content-Encoding
header on it would cause a request from a user agent supporting
compression to cause a reload of the compressed version from the slow
server rather than delivering the already locally-available uncompressed
version.

When the bottleneck is at the client's end, it's completely different,
of course--which is why I'd consider a config option a good idea that
would allow the sending of a Vary: Content-Encoding in case of
uncompressed content to be disabled.

Cya, Florian

Re: mod_deflate Vary header

[André Malo]

* Florian Zumbiehl [EMAIL PROTECTED] wrote:

 While configuring and testing my new and shiny Apache 2, I noticed that
 mod_deflate sends a Vary: Content-Encoding header whenever a resource
 could potentially be compressed, no matter whether it actually is
 compressed in that particular response. That certainly should
 work, but in situations where the server's bandwidth is the bottleneck,
 wouldn't it be a good idea to omit that Vary: header when no compression
 actually takes place? After all, any user agent should be able to cope
 with uncompressed content - and when that is what is already behind
 the bottleneck, like in some local proxy cache, a Vary: Content-Encoding
 header on it would cause a request from a user agent supporting
 compression to cause a reload of the compressed version from the slow
 server rather than delivering the already locally-available uncompressed
 version.

Yes, that is the point. The Vary header describes which header(s) was used
to decide, which content actually would be delivered. That's what HTTP
specifies.

 When the bottleneck is at the client's end, it's completely different,
 of course--which is why I'd consider a config option a good idea that
 would allow the sending of a Vary: Content-Encoding in case of
 uncompressed content to be disabled.

For your scenario it would be more useful to adjust the local cache,
I think. (e.g. always request compressed content, decompress it and
deliver it to all the clients uncompressed).

Maybe I'm pessimistic, but I think, omitting the Vary header for
uncompressed ressources will lead to poisoned caches, which statistically
nearly always will request the uncompressed variant and so actually
*add* load to your server's bandwidth.

nd

Re: SSL enabled - nokeepalive in MSIE for non-SSL connections

[Olaf van der Spek]

Joe Orton wrote:
 All versions need unclean shutdown at least, not sure about keepalive.  If you
 have new data to provide on this front that's great and very welcome, please
 send it to [EMAIL PROTECTED]  bugzilla is not a discussion or support forum, 
 however.

I've been running without
SetEnvIf User-Agent .*MSIE.* \
 nokeepalive ssl-unclean-shutdown \
 downgrade-1.0 force-response-1.0
for a few months now and I haven't encountered any issues with IE.
So I think it's safe to drop this work around.

Re: [vote] 2.1.9 as beta

[Joe Orton]

On Wed, Nov 02, 2005 at 03:08:47PM -0500, Joshua Slive wrote:
 
 Colm MacCarthaigh wrote:
 I think the text Deny from all is a particularly dangerous thing to
 have not work as advertised! No matter how well documented :/
 
 Sure, but in truth, apache configuration is really complex and deny 
 from all doesn't always really mean what it says.
...
 All that to say, I'm fine with the document that mod_cache ignores 
 mod_access solution to this problem.

Agreed, and I don't see why this is a showstopper either if this has 
been the behaviour of mod_cache forever anyway.  showstopper === 
regression

joe

Re: [vote] 2.1.9 as beta

[Colm MacCarthaigh]

On Thu, Nov 03, 2005 at 03:27:43PM +, Joe Orton wrote:
 Agreed, and I don't see why this is a showstopper either if this has
 been the behaviour of mod_cache forever anyway.  showstopper ===
 regression

I've taken this out of the show-stopper section, I'll just live with
documentation as a fix for now, and maybe fill that out a bit more.

-- 
Colm MacCárthaighPublic Key: [EMAIL PROTECTED]

mod_access vs mod_authz_host

[Nick Kew]

Is there really a rationale for that name change?

This module is *not* an authz module in the sense of anything from
the used-to-be-auth modules are.
  * It lives on a different request processing hook.
  * Its semantics, and even HTTP failure code, are different.
  * it uses TCP information rather than HTTP information. 
  * It has a clear but *distinct* relationship with the real authz,
expressed in the Satisfy Any|All directive.

Reverting the name to mod_access will make it immediately more
accessible to users (a name they know), and reduce the scope
for future confusion.  How about it?


-- 
Nick Kew

Re: mod_access vs mod_authz_host

[Brad Nicholes]

   But it does handle access control which kind of puts in the category
of authz vs. anywhere else.

Brad

 On 11/3/2005 at 9:26:57 am, in message
[EMAIL PROTECTED],
[EMAIL PROTECTED] wrote:
 Is there really a rationale for that name change?
 
 This module is *not* an authz module in the sense of anything from
 the used-to-be-auth modules are.
   * It lives on a different request processing hook.
   * Its semantics, and even HTTP failure code, are different.
   * it uses TCP information rather than HTTP information. 
   * It has a clear but *distinct* relationship with the real authz,
 expressed in the Satisfy Any|All directive.
 
 Reverting the name to mod_access will make it immediately more
 accessible to users (a name they know), and reduce the scope
 for future confusion.  How about it?
 

just how bad an idea is it to specify the path to suexec binary in httpd.conf?

[Jeff Trawick]

ErrorLog /etc/some-important-database
LoadModule hidden_module /usr/local/viewcvs-0.9.3/pipeopen.py
SuexecWrapper /www/abc.example.com/bin/suexec

If random user can edit main conf file, things are pretty bad, at
least when root starts Apache.

Perhaps there are more current limitations on possible harm when
non-root starts Apache.

Any thoughts on avoiding hard-coded path to suexec?

Re: mod_mbox: unviewable message

[Maxime Petazzoni]

Hi,

* Joe Orton [EMAIL PROTECTED] [2005-11-03 11:26:14]:

 Hi, I just found a message which mod_mbox can't seem to render:
 
 http://mail-archives.apache.org/mod_mbox/apr-dev/200509.mbox/[EMAIL PROTECTED]
 
 can that be fixed?  The View raw message link is useful anyway ;)

This message is not a valid MIME message. The first part does not
contains headers, so mod_mbox passes this part of the message. I don't
know enough about MIME constructions to decide how should mod_mbox
behave.

Any ideas or comments ?

- Sam

-- 
Maxime Petazzoni (http://www.bulix.org)
 -- gone crazy, back soon. leave message.


signature.asc
Description: Digital signature

Re: mod_mbox: unviewable message

[Nick Kew]

On Thursday 03 November 2005 16:41, Maxime Petazzoni wrote:

 This message is not a valid MIME message. The first part does not
 contains headers, so mod_mbox passes this part of the message. I don't
 know enough about MIME constructions to decide how should mod_mbox
 behave.

 Any ideas or comments ?

Erm, treat (default) that first (real) part as having a text/plain 
content-type header?

-- 
Nick Kew

Re: mod_access vs mod_authz_host

[Nick Kew]

On Thursday 03 November 2005 16:37, Brad Nicholes wrote:
But it does handle access control which kind of puts in the category
 of authz vs. anywhere else.

So can mod_rewrite and others, but that doesn't make it mod_authz_url!
Perhaps mod_load_average should be called mod_authz_busy ?

In terms of its role, mod_access is not an authz module, for the
reasons mentioned in my previous post.  Unless you can suggest
some much stronger reason it should be?

-- 
Nick Kew

Omission in the documentation

[Bengt-Arne Fjellner]

The documentation for APR::Request ought to mention that atleast jar and params
returns undef if there is no cookie/param

-- 
Bengt-Arne Fjellner

Re: mod_access vs mod_authz_host

[Geoffrey Young]

Nick Kew wrote:
 On Thursday 03 November 2005 16:37, Brad Nicholes wrote:
 
   But it does handle access control which kind of puts in the category
of authz vs. anywhere else.
 
 
 So can mod_rewrite and others, but that doesn't make it mod_authz_url!
 Perhaps mod_load_average should be called mod_authz_busy ?
 
 In terms of its role, mod_access is not an authz module, for the
 reasons mentioned in my previous post.  Unless you can suggest
 some much stronger reason it should be?

what about mod_access_host?  that would give us mod_access_*, mod_authn_*,
and mod_authz_* modules corresponding to the different aaa hooks...

--Geoff

Re: mod_access vs mod_authz_host

[Nick Kew]

On Thursday 03 November 2005 16:50, Nick Kew wrote:
 On Thursday 03 November 2005 16:37, Brad Nicholes wrote:
 But it does handle access control which kind of puts in the category
  of authz vs. anywhere else.

 So can mod_rewrite and others, but that doesn't make it mod_authz_url!
 Perhaps mod_load_average should be called mod_authz_busy ?

 In terms of its role, mod_access is not an authz module, for the
 reasons mentioned in my previous post.  Unless you can suggest
 some much stronger reason it should be?

Just to elaborate on that, it's the name I'm not happy about.
I'm perfectly happy with the /modules/aaa/ classification.

-- 
Nick Kew

Re: mod_access vs mod_authz_host

[Nick Kew]

On Thursday 03 November 2005 16:52, Geoffrey Young wrote:

 what about mod_access_host?  that would give us mod_access_*, mod_authn_*,
 and mod_authz_* modules corresponding to the different aaa hooks...

Sounds good to me.

-- 
Nick Kew

Re: mod_mbox: unviewable message

[Paul Querna]

Nick Kew wrote:
 On Thursday 03 November 2005 16:41, Maxime Petazzoni wrote:
 
 This message is not a valid MIME message. The first part does not
 contains headers, so mod_mbox passes this part of the message. I don't
 know enough about MIME constructions to decide how should mod_mbox
 behave.

 Any ideas or comments ?
 
 Erm, treat (default) that first (real) part as having a text/plain 
 content-type header?
 

+1, I think this is a reasonable behavior, if there isn't a content-type
specified.

-Paul

Re: SSL enabled - nokeepalive in MSIE for non-SSL connections

[Anish Mistry]

On Thursday 03 November 2005 09:37 am, Olaf van der Spek wrote:
 Joe Orton wrote:
  All versions need unclean shutdown at least, not sure about
  keepalive.  If you have new data to provide on this front that's
  great and very welcome, please send it to [EMAIL PROTECTED]  bugzilla is not
  a discussion or support forum, however.

 I've been running without
 SetEnvIf User-Agent .*MSIE.* \
  nokeepalive ssl-unclean-shutdown \
  downgrade-1.0 force-response-1.0
 for a few months now and I haven't encountered any issues with IE.
 So I think it's safe to drop this work around.
Same here.  This was also causing some funky behavior for my web 
application when running over SSL with IE6 clients downloading files.  
Removing this fixed the problem.

-- 
Anish Mistry
[EMAIL PROTECTED]
AM Productions http://am-productions.biz/


pgpLRnK3yFAqn.pgp
Description: PGP signature

[jira] Commented: (MODPYTHON-77) The multiple interpreter concept of mod_python is broken for Python extension modules since Python 2.3

[Boyan Boyadjiev (JIRA)]

[ 
http://issues.apache.org/jira/browse/MODPYTHON-77?page=comments#action_12356706 
] 

Boyan Boyadjiev commented on MODPYTHON-77:
--

The smalest  required change for a correct pythreadstate handling is the 
following (which is the same as in mod_python.c.diff but without the GIL stuff):

static void release_interpreter(void)
{
PyThreadState *tstate = PyThreadState_Get();
#ifdef WITH_THREAD
PyThreadState_Clear(tstate);
/*
  PyThreadState_DeleteCurrent will clear also the TLS,
  which will allow re-using the current thread with another
  Python interpreter !!!
*/
PyThreadState_DeleteCurrent();
#else /*WITH_THREAD*/
PyThreadState_Delete(tstate);
#endif /*WITH_THREAD*/
}


 The multiple interpreter concept of mod_python is broken for Python extension 
 modules since Python 2.3
 --

  Key: MODPYTHON-77
  URL: http://issues.apache.org/jira/browse/MODPYTHON-77
  Project: mod_python
 Type: Bug
   Components: core
 Versions: 3.1.4
  Environment: Python = 2.3
 Reporter: Boyan Boyadjiev
  Attachments: diff.txt, diff2.txt, diff3.txt, gil_test.c, gilstate.tar.gz, 
 mod_python.c, mod_python.c.diff, mod_python.h.diff, src.zip

 The multiple interpreter concept of mod_python is broken for Python extension 
 modules since Python 2.3 because of the PEP 311 (Simplified Global 
 Interpreter Lock Acquisition for Extensions):
 ...
 Limitations and Exclusions
 This proposal identifies a solution for extension authors with
 complex multi-threaded requirements, but that only require a
 single PyInterpreterState.  There is no attempt to cater for
 extensions that require multiple interpreter states.  At the time
 of writing, no extension has been identified that requires
 multiple PyInterpreterStates, and indeed it is not clear if that
 facility works correctly in Python itself.
 ...
 For mod_python this means, that complex Python extensions won't work any more 
 with Python = 2.3, because they are supposed to work only with the first 
 interpreter state initialized for the current process (a problem we 
 experienced). The first interpreter state is not used by mod_python after the 
 python_init is called. 
 One solution, which works fine for me, is to save the first interpreter state 
 into the interpreters dictionary in the function python_init 
 (MAIN_INTERPRETER is used as a key):
 static int python_init(apr_pool_t *p, apr_pool_t *ptemp,
apr_pool_t *plog, server_rec *s)
 {
 ...
 /* initialize global Python interpreter if necessary */
 if (! Py_IsInitialized())
 {
 /* initialze the interpreter */
 Py_Initialize();
 #ifdef WITH_THREAD
 /* create and acquire the interpreter lock */
 PyEval_InitThreads();
 #endif
 /* create the obCallBack dictionary */
 interpreters = PyDict_New();
 if (! interpreters) {
 ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, s,
  python_init: PyDict_New() failed! No more memory?);
 exit(1);
 }
 {   
 /*
 Workaround PEP 311 - Simplified Global Interpreter Lock 
 Acquisition for Extensions
 BEGIN
 */
 PyObject *p = 0;
 interpreterdata * idata = (interpreterdata 
 *)malloc(sizeof(interpreterdata));
 PyThreadState* currentThreadState = PyThreadState_Get();
 PyInterpreterState *istate = currentThreadState-interp;
 idata-istate = istate;
 /* obcallback will be created on first use */
 idata-obcallback = NULL;
 p = PyCObject_FromVoidPtr((void ) idata, NULL); /*p-refcout = 1*/
 PyDict_SetItemString(interpreters, MAIN_INTERPRETER, p); 
 /*p-refcout = 2*/
 Py_DECREF(p); /*p-refcout = 1*/
 /*
 END
 Workaround PEP 311 - Simplified Global Interpreter Lock 
 Acquisition for Extensions
 */
 }
 /* Release the thread state because we will never use
  * the main interpreter, only sub interpreters created later. */
 PyThreadState_Swap(NULL);
 #ifdef WITH_THREAD
 /* release the lock; now other threads can run */
 PyEval_ReleaseLock();
 #endif
 }
 return OK;
 }
 Another change I've made in the attached file is to Py_DECREF(p) in 
 get_interpreter, which will remove leaky reference to the PyCObject with the 
 interpreter data. This was not a real problem, but now I see fewer leaks in 
 BoundsChecker :-).

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   

Re: cache trouble (Re: [vote] 2.1.9 as beta)

[Ruediger Pluem]

On 11/03/2005 11:01 AM, Nick Kew wrote:
 On Wednesday 02 November 2005 20:26, William A. Rowe, Jr. wrote:
 
Colm MacCarthaigh wrote:


[..cut..]


Certainly not in Directory /foo - the cached entity no longer lives
there.
 
 
 I disagree.  If it came from there originally, then that's where it lives.
 The principle we want here is that retrieving from cache should have
 the same rules from a client PoV as retrieving an original unless a
 sysop explicitly says otherwise.  Breaking that principle shouldn't
 hit the sysop as a standard or default behaviour.
 

I agree with Nick on this as this creates the potential for confusion
on user side. It also make the behaviour inconsistent for already cached data
and data that gets cached the first time. From developer perspective I 
understand
the performance penalties of doing so.


 
 I'm not convinced by that either.  In fact, I dislike the whole run it in a
 quick handler principle - it runs a supertanker through the KISS principle,
 and has consequently left us with a cache that never really worked.
 Even if we fix this, it's sure to have a high bugrate for the forseeable
 future precisely because it violates KISS.
 
 The main purpose of caching is to relieve the pressure on a big, slow backend.
 In real life, most of that bigness and slowness is pretty much always going 
 to 
 live in a handler or a backend, so what we save by running quick_handler is
 inherently of secondary importance.  And there are several things we can

In the cases you describe here (and for what I use it personally) I agree, but 
for other
cases, e.g. the one Colm uses it (storing cached data on faster disks, than
the uncached data) I think running in handler is a pain.
I think in principle, it would be fine to choose via a configuration directive 
where to
run mod_cache as Paul's patch suggested. What is currently bothering me about 
this idea
is that this is a nice thing for people with inside view, but it is not really
transparent to users. So what this configuration option actually does from the 
users
perspective must be expressed more clearly by doing this configuration.
Maybe a good name for this directive can be enough.


[..cut..]

 
And maybe, have you considered a CachedLocation  / CachedLocationMatch 
container for mod_cache?  This would have the benefit that very long lists
of directives would be ignored/not merged, in favor of a much shorter and
very specific list that benefits the cache by keeping it fast, while giving
the user the option to tweak the behavior of content, once cached.
 
 
 You mean as a tool for sysops to accept/decline serving from cache?
 That could potentially have merit, and would work best in a quick-translation
 hook to bypass any more complex/expensive rules.
 The danger is if it grows some nightmarishly confusing relationship
 to normal Location semantics: the existing Location vs Directory
 is bad enough for non-expert users!
 

I also agree with this. While I understand the performance benefits from the
developer perspective, I fear the confusion from the user and administrators 
perspective.
Having a clear configuration is not only about having non-expert
users getting it work but also to ease the job of expert administrators to 
understand
what they configured a year or so after they did :-).

Regards

Rüdiger

Re: SSL enabled - nokeepalive in MSIE for non-SSL connections

[Olaf van der Spek]

On 11/3/05, Anish Mistry [EMAIL PROTECTED] wrote:
 On Thursday 03 November 2005 09:37 am, Olaf van der Spek wrote:
  Joe Orton wrote:
   All versions need unclean shutdown at least, not sure about
   keepalive.  If you have new data to provide on this front that's
   great and very welcome, please send it to [EMAIL PROTECTED]  bugzilla is 
   not
   a discussion or support forum, however.
 
  I've been running without
  SetEnvIf User-Agent .*MSIE.* \
   nokeepalive ssl-unclean-shutdown \
   downgrade-1.0 force-response-1.0
  for a few months now and I haven't encountered any issues with IE.
  So I think it's safe to drop this work around.
 Same here.  This was also causing some funky behavior for my web
 application when running over SSL with IE6 clients downloading files.
 Removing this fixed the problem.

Just wondering, what kind of funky behaviour?

Re: cache trouble (Re: [vote] 2.1.9 as beta)

[Justin Erenkrantz]

--On November 3, 2005 8:44:02 PM +0100 Ruediger Pluem [EMAIL PROTECTED] 
wrote:



I also agree with this. While I understand the performance benefits from
the developer perspective, I fear the confusion from the user and
administrators perspective. Having a clear configuration is not only
about having non-expert
users getting it work but also to ease the job of expert administrators
to understand what they configured a year or so after they did :-).


In my performance analyses that I did when redoing mod_cache last year, a 
substantial part of the time in httpd was spent in all of the hooks prior 
to the handler.  Things like BrowserMatch (which do regex's) are 
ridiculously expensive.


So, moving the cache to a regular handler is not a minor performance 
penalty - it's a major one.  And, probably to the point where there's *no* 
performance increase for even having a cache - unless you are combining it 
with a backend proxy.  -- justin

Re: SSL enabled - nokeepalive in MSIE for non-SSL connections

[Anish Mistry]

On Thursday 03 November 2005 05:18 pm, Olaf van der Spek wrote:
 On 11/3/05, Anish Mistry [EMAIL PROTECTED] wrote:
  On Thursday 03 November 2005 09:37 am, Olaf van der Spek wrote:
   Joe Orton wrote:
All versions need unclean shutdown at least, not sure about
keepalive.  If you have new data to provide on this front
that's great and very welcome, please send it to [EMAIL PROTECTED] 
bugzilla is not a discussion or support forum, however.
  
   I've been running without
   SetEnvIf User-Agent .*MSIE.* \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
   for a few months now and I haven't encountered any issues with
   IE. So I think it's safe to drop this work around.
 
  Same here.  This was also causing some funky behavior for my web
  application when running over SSL with IE6 clients downloading
  files. Removing this fixed the problem.

 Just wondering, what kind of funky behaviour?
I can't remember exactly, but it would try to start download and them 
IE would display and error box (The one with the red X) saying 
something that it cannot download the file.

-- 
Anish Mistry
[EMAIL PROTECTED]
AM Productions http://am-productions.biz/


pgpgXCZAboHwG.pgp
Description: PGP signature

Problem with mod_proxy and ProxyPassReverse

[Eric B.]

Hi,

I'm struggling to get Apache to work properly as a Proxy to an internal
server.  I have two copies of the same application running on this internal
server (both ASP applications running on IIS) that I need to access via
different URLs.  I have managed to configure on and got it working without
problems, but it is the second one that is causing me the problem.

Here is my config file
VirtualHost *:80
   ServerName www.domain.com
   DocumentRoot /var/www/html/www.domain.com

# Production Server
Location /ASPTest/
ProxyPassReverse /
/Location
ProxyPass   /ASPTest/ http://192.168.100.1/

# Development  Test Server
Location /dev/ASPTest/
ProxyPassReverse /
/Location
ProxyPass   /dev/ASPTest/ http://192.168.100.1:8080/
/VirtualHost



The ASP application's default.aspx page has a button that redirects the user
to intro.aspx
( Response.Redirect(intro.aspx) )



Now, accessing the server as www.domain.com/ASPTest/ works without problems.
I see the application running on 192.168.100.1 properly.  When I click the
submit button on the default.aspx page, I get redirected to
http://www.domain.com/ASPTest/intro.aspx.  And so on.  This applications
works perfectly well.


However, when I try to access http://www.domain.com/dev/ASPTest/, I run into
problems.  The default page loads fine and shows me default.aspx from port
8080.  However, when I click the submit button on it, I get redirected to
the same page as the non-development one -
http://www.domain.com/ASPTest/intro.aspx.  So from that point on, I am no
longer working with the development code and back to the live production
one.


I tried to use ProxyPassReverse without the Location headers, but it
doesn't work at all as soon as it receives the Response.Redirect() code.



Can anyone point me in the right direction here?  Why is my redirect from
/dev/ASPTest/ getting redirected to /ASPTest/ instead?


Thanks!

Eric

Re: cache trouble (Re: [vote] 2.1.9 as beta)

[Paul Querna]

Justin Erenkrantz wrote:
 --On November 3, 2005 8:44:02 PM +0100 Ruediger Pluem
 [EMAIL PROTECTED] wrote:
 
 I also agree with this. While I understand the performance benefits from
 the developer perspective, I fear the confusion from the user and
 administrators perspective. Having a clear configuration is not only
 about having non-expert
 users getting it work but also to ease the job of expert administrators
 to understand what they configured a year or so after they did :-).
 
 In my performance analyses that I did when redoing mod_cache last year,
 a substantial part of the time in httpd was spent in all of the hooks
 prior to the handler.  Things like BrowserMatch (which do regex's) are
 ridiculously expensive.
 
 So, moving the cache to a regular handler is not a minor performance
 penalty - it's a major one.  And, probably to the point where there's
 *no* performance increase for even having a cache - unless you are
 combining it with a backend proxy.  -- justin

Or any other Dynamic source, like CGIs, PHP, etc.  This can still be a
major win, it just depends on your environment.  This is why it should
be configurable.  To get the best out of caching, you need local knowledge.

-Paul

Re: cache trouble (Re: [vote] 2.1.9 as beta)

[Joshua Slive]

Justin Erenkrantz wrote:

In my performance analyses that I did when redoing mod_cache last year, 
a substantial part of the time in httpd was spent in all of the hooks 
prior to the handler.  Things like BrowserMatch (which do regex's) are 
ridiculously expensive.


Interesting to think, however, about what the purpose of all those 
regexes was (they are no longer in the 2.1 config).  They were meant to 
fix protocol problems.  Given that mod_cache doesn't run those hooks, 
it seems there is no way to work around client protocol problems.  (Just 
sending Vary: User-Agent wouldn't fix the problem, because when the user 
agent matched a cached variant, the protocol adjustments still wouldn't 
be applied.)


Important?  I don't know.  But if it is easy to make mod_cache 
configurable with regards to running all these hooks, I am sure that it 
would find uses.


Joshua.

authn, authz and access. oh my.

[Brandon Fosdick]

As if the old system wasn't hard enough to wrap one's head around. Just when I 
had it figured out enough to go and write mod_auth_userdir you guys go and 
change things on me.

BTW, when did this change? I've been lurking on this list since July and have 
only recently heard about this. Was it a secret or did I miss it?

Noobie question...what's the difference between authentication, authorization 
and access? At least in terms of the module interface. Or in other words, how 
much rewriting do I need to do?

I'm looking at my config file for a DAV only server, and the only reason to 
include the old mod_access (now mod_authz_host?) was for the default deny all 
applied to the root directory. Do I really need that? Does the server really 
allow access to everything if not explicitly told otherwise? I'm going for a 
minimal config so I'd like to take out any unnecessary modules.

I couldn't come up with a better name for mod_auth_userdir. Its supposed to 
authenticate against the database for mod_dav_userdir, but mod_auth_dav_userdir 
seemed too cumbersome. What should I call it now, given this new framework?

Also...I was originally toying with the idea of folding auth[n|z|?] stuff into 
mod_dav_userdir, just to have it all taken care of in one place. Any thoughts 
on that idea? Feasible? Bad news?

Re: mod_deflate Vary header

[Florian Zumbiehl]

Hi,

 Yes, that is the point. The Vary header describes which header(s) was used
 to decide, which content actually would be delivered. That's what HTTP
 specifies.

To be exact, I'd say that HTTP specifies that it's about representation and
not about content - which might even be the point here: The content
stays the same, just the representation could change, but only in so far
as the client certainly will be able to understand it.

  When the bottleneck is at the client's end, it's completely different,
  of course--which is why I'd consider a config option a good idea that
  would allow the sending of a Vary: Content-Encoding in case of
  uncompressed content to be disabled.
 
 For your scenario it would be more useful to adjust the local cache,
 I think. (e.g. always request compressed content, decompress it and
 deliver it to all the clients uncompressed).

Sure - just that you usually don't have any admin access to the vast
majority of the caches that might be accessing the web page you are
publishing =:-)

 Maybe I'm pessimistic, but I think, omitting the Vary header for
 uncompressed ressources will lead to poisoned caches, which statistically
 nearly always will request the uncompressed variant and so actually
 *add* load to your server's bandwidth.

Hu? Erm, could it be that you are thinking of load-reducing caches put
directly in front of the web server? In that case, I wonder how the web
server's bandwidth could be the bottleneck?!

To put this straight: I was thinking about web servers behind
V.90/ISDN/ADSL lines where _that_ line  usually will be the bottleneck
on any connections to the outside world and about caching proxies
in that outside world ...

Cya, Florian

Re: cache trouble (Re: [vote] 2.1.9 as beta)

[Justin Erenkrantz]

On Thu, Nov 03, 2005 at 08:03:56PM -0500, Joshua Slive wrote:
 it seems there is no way to work around client protocol problems.  (Just 
 sending Vary: User-Agent wouldn't fix the problem, because when the user 
 agent matched a cached variant, the protocol adjustments still wouldn't 
 be applied.)

Why wouldn't it?  -- justin