Re: IIS6 application pools feature in Apache..
On Wed, Apr 30, 2008 at 5:06 PM, Graham Leggett <[EMAIL PROTECTED]> wrote: > > The easiest way to do this would be to run a dedicated httpd process for > each application (forming your "pool"), and then combine them into one > website using a standard reverse proxy configuration. http://wiki.apache.org/httpd/DifferentUserIDsUsingReverseProxy Joshua.
Re: IIS6 application pools feature in Apache..
Ahab Abouzour wrote: IIS6 has a very useful feature called "application pools", where you can > dedicate resources/worker processes per "application". Apache, until today, does not have such feature. Is there any plans to > implement this feature in future Apache releases. The easiest way to do this would be to run a dedicated httpd process for each application (forming your "pool"), and then combine them into one website using a standard reverse proxy configuration. There wouldn't be much need for any custom code to do this. The advantage of this technique is that your "application pool" can be any kind of server you like - Apache, IIS, JBoss, whatever. Regards, Graham -- smime.p7s Description: S/MIME Cryptographic Signature
Re: IIS6 application pools feature in Apache..
Sun Web Server also provides a feature in which a dedicated thread pool could be created and certain part of application can be executed by this thread pool. One application of such a feature is that if some application is thread unsafe then users can create a thread pool of 1 thread and run that application in that pool. This will result in synchronizing all calls to that application. AFAIK there is no equivalent feature in apache today. Regards, Basant. On Wed, Apr 30, 2008 at 11:36:58AM -0700, Ahab Abouzour wrote: > > Hello, > > IIS6 has a very useful feature called "application pools", where you can > dedicate resources/worker processes per "application". > > Apache, until today, does not have such feature. Is there any plans to > implement this feature in future Apache releases. > > Thanks! > > > > > Be a better friend, newshound, and > know-it-all with Yahoo! Mobile. Try it now. > http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Re: Solaris sed based apache filtering module (mod_sed)
Fixed the following 2 bugs : 1. ycomp may use uninitialized memory (This might have result in apache crash when used with y// sed commands). 2. Fixed windows compilation issue (Thanks to Steffen <[EMAIL PROTECTED]> for providing the patch). List of affected files : regexp.c mod_sed.c sed0.c Code has been updated and can be obtained by mercurial as : $ hg clone ssh://[EMAIL PROTECTED]/hg/webstack/mod_sed It should soon be visible at : http://src.opensolaris.org/source/xref/webstack/mod_sed/ Diff is attached. Regards, Basant. -- diff -r 1a157e46cd86 mod_sed.c --- a/mod_sed.c Thu Apr 24 17:26:08 2008 -0700 +++ b/mod_sed.c Wed Apr 30 11:50:54 2008 -0700 @@ -79,6 +79,7 @@ static void flush_output_buffer(sed_filt { int size = ctx->curoutbuf - ctx->outbuf; char *out; +apr_bucket *b; if (size + sz <= 0) return; out = apr_palloc(ctx->r->pool, size + sz); @@ -90,8 +91,8 @@ static void flush_output_buffer(sed_filt } /* Reset the output buffer position */ ctx->curoutbuf = ctx->outbuf; -apr_bucket *b = apr_bucket_pool_create(out, size + sz, ctx->r->pool, - ctx->r->connection->bucket_alloc); +b = apr_bucket_pool_create(out, size + sz, ctx->r->pool, + ctx->r->connection->bucket_alloc); APR_BRIGADE_INSERT_TAIL(ctx->bb, b); } diff -r 1a157e46cd86 regexp.c --- a/regexp.c Thu Apr 24 17:26:08 2008 -0700 +++ b/regexp.c Wed Apr 30 11:50:54 2008 -0700 @@ -307,7 +307,7 @@ char *sed_compile(sed_commands_t *comman if (cflg++) SEDCOMPILE_ERROR(44); if ((c = GETC()) == '\\') -*ep++ = 255; +*ep++ = (char) 255; else { UNGETC(c); goto nlim; diff -r 1a157e46cd86 sed0.c --- a/sed0.cThu Apr 24 17:26:08 2008 -0700 +++ b/sed0.cWed Apr 30 11:50:54 2008 -0700 @@ -68,7 +68,7 @@ apr_status_t sed_init_commands(sed_comma commands->lab = commands->labtab + 1; commands->pool = p; -commands->respace = apr_palloc(p, RESIZE); +commands->respace = apr_pcalloc(p, RESIZE); if (commands->respace == NULL) { command_errf(commands, SEDERR_OOMMES); return APR_EGENERAL; @@ -945,6 +945,7 @@ static char *ycomp(sed_commands_t *comma } } tsp++; +memset(ep, 0, 0400); while((c = *sp++) != commands->sseof) { c &= 0377;
Re: 2.2.9
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jim Jagielski wrote: | With the SVN issues, I don't think a release the end of April | is going to happen *grin* | | I'd like to shoot for, say, May 7th for a release... questions? | concerns? +1 - -- - Philip M. Gollucci ([EMAIL PROTECTED]) o:703.549.2050x206 Senior System Admin - Riderway, Inc. http://riderway.com / http://ridecharge.com 1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70 3F8C 75B8 8FFB DB9B 8C1C Work like you don't need the money, love like you'll never get hurt, and dance like nobody's watching. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.8 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIGL+FdbiP+9ubjBwRAgmhAJ0aqMkxz8ISXhu2NcJYaVqzaB2sJACdGzZA c9Lt/N+taBEujjfmLpyfrBM= =LOs2 -END PGP SIGNATURE-
IIS6 application pools feature in Apache..
Hello, IIS6 has a very useful feature called "application pools", where you can dedicate resources/worker processes per "application". Apache, until today, does not have such feature. Is there any plans to implement this feature in future Apache releases. Thanks! Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
2.2.9
With the SVN issues, I don't think a release the end of April is going to happen *grin* I'd like to shoot for, say, May 7th for a release... questions? concerns?
Re: On future mod_wombat improvements
On 4/29/08 3:52 PM, "Maxime Petazzoni" <[EMAIL PROTECTED]> wrote: > So, feel free to jump in and write down some > ideas! Some "short term" ideas: -Interface/API to allow other modules to run Lua code: wombat_init(/some/lua/file), wombat_run(some_lua "handle) or something similar. Mod_wombat could/should (?) use this interface internally. -Allow some lua code for this hook in config. -Do Lua binding in another module(s) (mod_headers, mod_expires, and mod_mime look like they may be fairly easy). -More Lua "glue" with httpd/apr as well as apreq. -Other modules can hook into "initialization" hooks. Ie, wombat_loadlibs and push_request become hooks. There was a version I did that did this. Some longer term ideas: -Lua bindings to most core modules where it makes sense. -Ability to write "full" modules in Lua. -mod_lsp (don't laugh, we are contemplating working on this...) I have several itches that must be scratched in Lua/httpd. I am willing to help as my time permits. I have a real project coming up that will "require" some Lua integration, so I may as well base that on mod_wombat. -- Brian Akins Chief Operations Engineer Turner Digital Media Technologies
Assuring Security by testing
Hi devs, I've been investigating Apache HTTPd within my Bachelor's thesis "Application of security test tools in open source" at the Free University of Berlin (FU Berlin) [1]. Basically, I am looking for security measures which have been taken to prevent security leaks/vulnerabilities especially with security test tools Apache HTTPd is the #1 web server. The nature of the application offers to compromise the web apps and reveal sensitive data. I found some vague on the dev mailing list about security audit [2]. That's it unfortunately. You do have designated testing component [3] which are not (necessarily) for security testing. I am sure that you do anything you can to assure security. Security advisories are taken up by a security team [4]. Does this team or any other group/person take any measures to assure security with testing tools, with a special test plan or functional requirements? Thanks in advance, Michael [1] https://www.inf.fu-berlin.de/w/SE/ThesisFOSSSecurityTools [2] http://www.mail-archive.com/dev@httpd.apache.org/msg15681.html [3] http://httpd.apache.org/test/ [4] http://httpd.apache.org/security_report.html -- OOXML - Say NO To Microsoft Office broken standard http://www.noooxml.org
Re: "Better" mod_unique_id
Hi Ian, Shame I wasn't aware of UUIDs. It looks like a very credible solution. RFC 4122 even defines a URN namespace for it. And it is provided on many platforms straight away. I think I'll stick to it until I find someone who convinces me it is not good for some reason. Thanks a lot for the hint. Konstantin. On 29 Apr 2008, at 10:53, Ian Holsman wrote: Hi Konstantin. I'm about to look at the same issue for my employer. for my version I was planning on using apr_uuid_get that uses uuid_create / uuid_generate function to generate a unique value. have you looked at this function? regards Ian Konstantin Chuguev wrote: Hi, I'm developing a solution generating unique IDs for the requests to websites that are not only clustered but also geographically dispersed. This implies the following: - the website's virtual host section on each Apache server has the same ServerName which is mapped by DNS to different IP addresses using various methods, geo-proximity, round-robin, etc. - the virtual host's IP address is normally but not necessarily *; - the actual IP address the Apache listens to for this virtual host is normally, but not necessarily, an intranet address (behind a load balancer). After analysing the format of the ID generated by mod_unique_id, and reading the module's source code, I have a feeling that this module has serious flaws if used in my situation. No offence to the authors, I'm sure the module serves its purpose just right for the majority of its users. But as it seems that it doesn't do this in my case, I thought I'd better ask if someone knows why. I understand that the module is relatively old and likely has been ported from a pre-2.0 version, when no APR library existed, and this might explain its design. I'd be glad if someone could either confirm this or explain why it has been done like that. Now to the point of my question. The unique_id_rec structure that contains the binary representation of the unique ID consists of the following fields: unsigned int stamp; unsigned int in_addr; unsigned int pid; unsigned short counter; unsigned int thread_index; 1. Why use unsigned int timestamp when there exists apr_time_t which is 64 bit and seems to be at least 1 microsecond accurate? Surely there is unsigned short counter which helps if there is more than one request coming to the same IP address / PID / thread per second, but still I can hardly see this as a better design. 2. Why use unsigned id pid plus unsigned int thread_index if there exists long r->connection->id? thread_index is in fact produced by doing htonl((unsigned int)r->connection->id), but MPMs seem to ensure the child_id is included there already! While it is just 4 bytes long compared to the 8-byte pid/thread_index combination, still it is guaranteed to be unique among all worker threads of the Apache server in the system. And I don't think this particular field needs converting to the network byte order. 3. Using unsigned int in_addr with the server-side IPv4 address works well in the single cluster in the IPv4 network only. What if only IPv6 is being used in the intranet? What if multiple dispersed clusters with exactly the same intranet IP addressing schemes serve the same website? Please correct me if I'm wrong but I think the following structure would represent the unique website more correctly: - union {struct in_addr, struct in6_addr} local_ip_addr: the IP address of the local side of the HTTP connection; - union {struct in_addr, struct in6_addr} dns_ip_addr: one (any?) of the IP addresses that are mapped to the website's domain name in DNS. The latter can be omitted if the former IP address is public. Does anyone see any flaws in the design where the following structure is used? apr_time_t stamp;// 8 bytes, converted to network byte order long connection_id;// size depends on architecture: normally 4 or 8 bytes, doesn't need htonl union {struct in_addr, struct in6_addr} local_ip_addr;// 4 to 16 bytes [union {struct in_addr, struct in6_addr} dns_ip_addr;]// 0 to 16 bytes Comments and suggestions are appreciated. Konstantin Chuguev Software Developer Clickstream Technologies PLC, 58 Davies Street, London, W1K 5JF, Registered in England No. 3774129 Konstantin Chuguev Software Developer Clickstream Technologies PLC, 58 Davies Street, London, W1K 5JF, Registered in England No. 3774129