Re: IIS6 application pools feature in Apache..
On Wed, Apr 30, 2008 at 5:06 PM, Graham Leggett <[EMAIL PROTECTED]> wrote: > > The easiest way to do this would be to run a dedicated httpd process for > each application (forming your "pool"), and then combine them into one > website using a standard reverse proxy configuration. http://wiki.apache.org/httpd/DifferentUserIDsUsingReverseProxy Joshua.
Re: IIS6 application pools feature in Apache..
Ahab Abouzour wrote: IIS6 has a very useful feature called "application pools", where you can > dedicate resources/worker processes per "application". Apache, until today, does not have such feature. Is there any plans to > implement this feature in future Apache releases. The easiest way to do this would be to run a dedicated httpd process for each application (forming your "pool"), and then combine them into one website using a standard reverse proxy configuration. There wouldn't be much need for any custom code to do this. The advantage of this technique is that your "application pool" can be any kind of server you like - Apache, IIS, JBoss, whatever. Regards, Graham -- smime.p7s Description: S/MIME Cryptographic Signature
Re: IIS6 application pools feature in Apache..
Sun Web Server also provides a feature in which a dedicated thread pool could be created and certain part of application can be executed by this thread pool. One application of such a feature is that if some application is thread unsafe then users can create a thread pool of 1 thread and run that application in that pool. This will result in synchronizing all calls to that application. AFAIK there is no equivalent feature in apache today. Regards, Basant. On Wed, Apr 30, 2008 at 11:36:58AM -0700, Ahab Abouzour wrote: > > Hello, > > IIS6 has a very useful feature called "application pools", where you can > dedicate resources/worker processes per "application". > > Apache, until today, does not have such feature. Is there any plans to > implement this feature in future Apache releases. > > Thanks! > > > > > Be a better friend, newshound, and > know-it-all with Yahoo! Mobile. Try it now. > http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Re: Solaris sed based apache filtering module (mod_sed)
Fixed the following 2 bugs :
1. ycomp may use uninitialized memory (This might have result in apache
crash when used with y// sed commands).
2. Fixed windows compilation issue (Thanks to Steffen <[EMAIL PROTECTED]> for
providing
the patch).
List of affected files :
regexp.c mod_sed.c sed0.c
Code has been updated and can be obtained by mercurial as :
$ hg clone ssh://[EMAIL PROTECTED]/hg/webstack/mod_sed
It should soon be visible at :
http://src.opensolaris.org/source/xref/webstack/mod_sed/
Diff is attached.
Regards,
Basant.
--
diff -r 1a157e46cd86 mod_sed.c
--- a/mod_sed.c Thu Apr 24 17:26:08 2008 -0700
+++ b/mod_sed.c Wed Apr 30 11:50:54 2008 -0700
@@ -79,6 +79,7 @@ static void flush_output_buffer(sed_filt
{
int size = ctx->curoutbuf - ctx->outbuf;
char *out;
+apr_bucket *b;
if (size + sz <= 0)
return;
out = apr_palloc(ctx->r->pool, size + sz);
@@ -90,8 +91,8 @@ static void flush_output_buffer(sed_filt
}
/* Reset the output buffer position */
ctx->curoutbuf = ctx->outbuf;
-apr_bucket *b = apr_bucket_pool_create(out, size + sz, ctx->r->pool,
- ctx->r->connection->bucket_alloc);
+b = apr_bucket_pool_create(out, size + sz, ctx->r->pool,
+ ctx->r->connection->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(ctx->bb, b);
}
diff -r 1a157e46cd86 regexp.c
--- a/regexp.c Thu Apr 24 17:26:08 2008 -0700
+++ b/regexp.c Wed Apr 30 11:50:54 2008 -0700
@@ -307,7 +307,7 @@ char *sed_compile(sed_commands_t *comman
if (cflg++)
SEDCOMPILE_ERROR(44);
if ((c = GETC()) == '\\')
-*ep++ = 255;
+*ep++ = (char) 255;
else {
UNGETC(c);
goto nlim;
diff -r 1a157e46cd86 sed0.c
--- a/sed0.cThu Apr 24 17:26:08 2008 -0700
+++ b/sed0.cWed Apr 30 11:50:54 2008 -0700
@@ -68,7 +68,7 @@ apr_status_t sed_init_commands(sed_comma
commands->lab = commands->labtab + 1;
commands->pool = p;
-commands->respace = apr_palloc(p, RESIZE);
+commands->respace = apr_pcalloc(p, RESIZE);
if (commands->respace == NULL) {
command_errf(commands, SEDERR_OOMMES);
return APR_EGENERAL;
@@ -945,6 +945,7 @@ static char *ycomp(sed_commands_t *comma
}
}
tsp++;
+memset(ep, 0, 0400);
while((c = *sp++) != commands->sseof) {
c &= 0377;
Re: 2.2.9
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jim Jagielski wrote: | With the SVN issues, I don't think a release the end of April | is going to happen *grin* | | I'd like to shoot for, say, May 7th for a release... questions? | concerns? +1 - -- - Philip M. Gollucci ([EMAIL PROTECTED]) o:703.549.2050x206 Senior System Admin - Riderway, Inc. http://riderway.com / http://ridecharge.com 1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70 3F8C 75B8 8FFB DB9B 8C1C Work like you don't need the money, love like you'll never get hurt, and dance like nobody's watching. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.8 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIGL+FdbiP+9ubjBwRAgmhAJ0aqMkxz8ISXhu2NcJYaVqzaB2sJACdGzZA c9Lt/N+taBEujjfmLpyfrBM= =LOs2 -END PGP SIGNATURE-
IIS6 application pools feature in Apache..
Hello, IIS6 has a very useful feature called "application pools", where you can dedicate resources/worker processes per "application". Apache, until today, does not have such feature. Is there any plans to implement this feature in future Apache releases. Thanks! Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
2.2.9
With the SVN issues, I don't think a release the end of April is going to happen *grin* I'd like to shoot for, say, May 7th for a release... questions? concerns?
Re: On future mod_wombat improvements
On 4/29/08 3:52 PM, "Maxime Petazzoni" <[EMAIL PROTECTED]> wrote: > So, feel free to jump in and write down some > ideas! Some "short term" ideas: -Interface/API to allow other modules to run Lua code: wombat_init(/some/lua/file), wombat_run(some_lua "handle) or something similar. Mod_wombat could/should (?) use this interface internally. -Allow some lua code for this hook in config. -Do Lua binding in another module(s) (mod_headers, mod_expires, and mod_mime look like they may be fairly easy). -More Lua "glue" with httpd/apr as well as apreq. -Other modules can hook into "initialization" hooks. Ie, wombat_loadlibs and push_request become hooks. There was a version I did that did this. Some longer term ideas: -Lua bindings to most core modules where it makes sense. -Ability to write "full" modules in Lua. -mod_lsp (don't laugh, we are contemplating working on this...) I have several itches that must be scratched in Lua/httpd. I am willing to help as my time permits. I have a real project coming up that will "require" some Lua integration, so I may as well base that on mod_wombat. -- Brian Akins Chief Operations Engineer Turner Digital Media Technologies
Assuring Security by testing
Hi devs, I've been investigating Apache HTTPd within my Bachelor's thesis "Application of security test tools in open source" at the Free University of Berlin (FU Berlin) [1]. Basically, I am looking for security measures which have been taken to prevent security leaks/vulnerabilities especially with security test tools Apache HTTPd is the #1 web server. The nature of the application offers to compromise the web apps and reveal sensitive data. I found some vague on the dev mailing list about security audit [2]. That's it unfortunately. You do have designated testing component [3] which are not (necessarily) for security testing. I am sure that you do anything you can to assure security. Security advisories are taken up by a security team [4]. Does this team or any other group/person take any measures to assure security with testing tools, with a special test plan or functional requirements? Thanks in advance, Michael [1] https://www.inf.fu-berlin.de/w/SE/ThesisFOSSSecurityTools [2] http://www.mail-archive.com/dev@httpd.apache.org/msg15681.html [3] http://httpd.apache.org/test/ [4] http://httpd.apache.org/security_report.html -- OOXML - Say NO To Microsoft Office broken standard http://www.noooxml.org
Re: "Better" mod_unique_id
Hi Ian,
Shame I wasn't aware of UUIDs. It looks like a very credible solution.
RFC 4122 even defines a URN namespace for it. And it is provided on
many platforms straight away. I think I'll stick to it until I find
someone who convinces me it is not good for some reason.
Thanks a lot for the hint.
Konstantin.
On 29 Apr 2008, at 10:53, Ian Holsman wrote:
Hi Konstantin.
I'm about to look at the same issue for my employer.
for my version I was planning on using apr_uuid_get that uses
uuid_create / uuid_generate function to generate a unique value.
have you looked at this function?
regards
Ian
Konstantin Chuguev wrote:
Hi,
I'm developing a solution generating unique IDs for the requests to
websites that are not only clustered but also geographically
dispersed. This implies the following:
- the website's virtual host section on each Apache server has the
same ServerName which is mapped by DNS to different IP addresses
using various methods, geo-proximity, round-robin, etc.
- the virtual host's IP address is normally but not necessarily *;
- the actual IP address the Apache listens to for this virtual host
is normally, but not necessarily, an intranet address (behind a
load balancer).
After analysing the format of the ID generated by mod_unique_id,
and reading the module's source code, I have a feeling that this
module has serious flaws if used in my situation.
No offence to the authors, I'm sure the module serves its purpose
just right for the majority of its users. But as it seems that it
doesn't do this in my case, I thought I'd better ask if someone
knows why.
I understand that the module is relatively old and likely has been
ported from a pre-2.0 version, when no APR library existed, and
this might explain its design. I'd be glad if someone could either
confirm this or
explain why it has been done like that.
Now to the point of my question. The unique_id_rec structure that
contains the binary representation of the unique ID consists of the
following fields:
unsigned int stamp;
unsigned int in_addr;
unsigned int pid;
unsigned short counter;
unsigned int thread_index;
1. Why use unsigned int timestamp when there exists apr_time_t
which is 64 bit and seems to be at least 1 microsecond accurate?
Surely there is unsigned short counter which helps if there is more
than one request coming to the same IP address / PID / thread per
second, but still I can hardly see this as a better design.
2. Why use unsigned id pid plus unsigned int thread_index if there
exists long r->connection->id? thread_index is in fact produced by
doing htonl((unsigned int)r->connection->id), but MPMs seem to
ensure the child_id is included there already! While it is just 4
bytes long compared to the 8-byte pid/thread_index combination,
still it is guaranteed to be unique among all worker threads of the
Apache server in the system. And I don't think this particular
field needs converting to the network byte order.
3. Using unsigned int in_addr with the server-side IPv4 address
works well in the single cluster in the IPv4 network only. What if
only IPv6 is being used in the intranet? What if multiple dispersed
clusters with exactly the same intranet IP addressing schemes serve
the same website? Please correct me if I'm wrong but I think the
following structure would represent the unique website more
correctly:
- union {struct in_addr, struct in6_addr} local_ip_addr: the IP
address of the local side of the HTTP connection;
- union {struct in_addr, struct in6_addr} dns_ip_addr: one (any?)
of the IP addresses that are mapped to the website's domain name in
DNS. The latter can be omitted if the former IP address is public.
Does anyone see any flaws in the design where the following
structure is used?
apr_time_t stamp;// 8 bytes, converted to network byte order
long connection_id;// size depends on architecture: normally
4 or 8 bytes, doesn't need htonl
union {struct in_addr, struct in6_addr} local_ip_addr;// 4
to 16 bytes
[union {struct in_addr, struct in6_addr} dns_ip_addr;]// 0
to 16 bytes
Comments and suggestions are appreciated.
Konstantin Chuguev
Software Developer
Clickstream Technologies PLC, 58 Davies Street, London, W1K 5JF,
Registered in England No. 3774129
Konstantin Chuguev
Software Developer
Clickstream Technologies PLC, 58 Davies Street, London, W1K 5JF,
Registered in England No. 3774129
