native kerberos authn
Greetings all, I would like to ask if there are any plans to natively integrate kerberos 5 authentication into the httpd aaa modules tree. There seems to be quite a lot of interest on that, along with a large user base (mostly large Windows AD installations, but pure KRB5 sites too). Apologies if this has been brought up before, but I have been unable to locate any previous discussion on this, on the list archives. I am actually very interested in contributing time and code toward this effort, and my current plans are to bring mod_auth_kerb up to date and properly integrate it with the current apache httpd tree. Any thoughts? ./AB
some advice re: custom WebDav (mod_dav)
Hi all, I'm building a Web service that must accept small (1-50k) files pushed to it via the WebDAV protocol. I would like the Web server's DAV service to process the files immediately (stuffing the contents into a MySQL table). I also want to prevent any users from reading any files present (return an empty directory), while still allowing writing clients to read back what they wrote for a short time, say, a few minutes from the same IP, so that their DAV writes don't fail. I would like to check the filenames of the incoming writes and reject any that don't match an active user's ID (my form of auth). Otherwise, access to the drop directory would be completely open (no auth). To accomplish all this, I thought I'd create a modified version of mod_dav for Apache and run this non-standard config on a dedicated box. Anybody WebDAV experts out there with an opinion on my thinking here? Am I nuts to try this?
Re: Misleading example in Apache 2 doc (fix)
* Jose Kahan wrote:
[adding d...@]
> I didn't do my homework completely. According to
> RFC 2910, Cookie tokens may be separated by
> white space. The correct regular expression is:
>
> [[
> SetEnvIf Cookie "language\s*=\s*([a-z|A-Z][a-z|A-Z|-]+)"
> prefer-language=$1 ]]
Also, why are you allowing pipe characters within the language spec? ;-)
How about simply:
language\s*=\s*([a-zA-Z-]+)
?
Maybe
language\s*=\s*([^;,\s]+)
is even better (more flexible). dunno.
nd
--
my @japh = (sub{q~Just~},sub{q~Another~},sub{q~Perl~},sub{q~Hacker~});
my $japh = q[sub japh { }]; print join #
[ $japh =~ /{(.)}/] -> [0] => map $_ -> () #André Malo #
=> @japh;# http://pub.perlig.de/ #
Re: mod_substitute & back-references
On 03/12/2009 06:13 PM, Nick Gearls wrote: >>> >>> Anyway, a real problem: >>> Substitute s|(toreplace)|*replaced[$1]*|qi >>> translates "toreplace" into >>> "*replaced[*replaced[*replaced[toreplace]*]*]*" Hm. I cannot reproduce this. Mind to attach the file to which you applied this? Regards Rüdiger
Re: mod_substitute & back-references
It's not replaceAll vs. replaceFirst, it's replace recursively or not. For me, it should not be recursive (independently of the q flag, I agree with you Jim). Actually, if it is recursive, it should be a never-ending replacement in this case, which would be a (not voluntary) denial of service. I do not expect this. Nick Jim Jagielski wrote: On Mar 11, 2009, at 5:03 AM, Nick Gearls wrote: Oops, stupid ! Anyway, a real problem: Substitute s|(toreplace)|*replaced[$1]*|qi translates "toreplace" into "*replaced[*replaced[*replaced[toreplace]*]*]*" Don't we expect the q flag to stop any replacement after the first one? Not necessarily, no... it's not a replaceAll vs. replaceFirst flag.
Misleading example in Apache 2 doc (fix)
I didn't do my homework completely. According to RFC 2910, Cookie tokens may be separated by white space. The correct regular expression is: [[ SetEnvIf Cookie "language\s*=\s*([a-z|A-Z][a-z|A-Z|-]+)" prefer-language=$1 ]] Thanks! -jose
Re: [PATCH] mod_dbd with more than one pool
Nick Kew wrote: Kevac Marko wrote: Ok, here is sql init statement only patch against trunk: https://issues.apache.org/bugzilla/show_bug.cgi?id=46827 Thanks for the patch! Can I throw an alternative suggestion into the ring. [ ... ] Thoughts? A further thought. I had in mind PR#45407 - mysql losing prepared statements on reconnect - and possible similar problems, when I suggested a hook there. Then the driver just needs to return an error status that says "you may need to run this hook now", and mod_dbd can do so. I see you're one of the people who contributed to the discussion on that bug. Did you bear it in mind in your new stuff? -- Nick Kew
Misleading example in Apache 2 doc
! I'm not sure if I should mail this here or open a new bugzilla report. Please advice. The Content Negotiation doc is using a misleading example in this section: http://httpd.apache.org/docs/2.2/content-negotiation.html#better [[ Example SetEnvIf Cookie "language=(.+)" prefer-language=$1 Header append Vary cookie ]] That regular expression won't work if the cookie has other attributes in addition to the language one. One of our users got caught by it. A quick search on the web shows that many people have had this problem too. Here's a correct regular expression that will return the language attribute value, regardless of the contents of the cookie: [[ SetEnvIf Cookie "language=([a-z|A-Z][a-z|A-Z|-]+)" prefer-language=$1 ]] The expression looks bigger because it takes into account not only strings like "en", but also "zh-hans". I added upper and lower case as cookies are case insensitive and I'm not sure if Apache converts cookies to lower-case at some point. If it's always lower case, we can simplify the regular expression to: [[ SetEnvIf Cookie "language=([a-z][a-z|-]+)" prefer-language=$1 ]] Could you update the example in the doc accordingly? Thanks! -jose
Re: mod_substitute & back-references
On Mar 11, 2009, at 5:03 AM, Nick Gearls wrote: Oops, stupid ! Anyway, a real problem: Substitute s|(toreplace)|*replaced[$1]*|qi translates "toreplace" into "*replaced[*replaced[*replaced[toreplace]*]*]*" Don't we expect the q flag to stop any replacement after the first one? Not necessarily, no... it's not a replaceAll vs. replaceFirst flag.
Idea to (probably) GSoC 2009 about Apache HTTPD 2.0
Hello, I would like to apply Google Summer Of Code this year as a student and have an idea that probably would be useful. Hence, this could be added to "ideas list" if the Apache will be accepted by GSoC this year. The idea, at all, has no concrete applications, and in theory I thought of adding some AI cases to web-server, to make this more "alive" and "magic". The AI module would help a server to balance loading based on current server state and detected parameters, and to correct the server's next step or decision "how to act in the concrete time moment". This will make server "feel" its evironment(working with certain clients and resources) and configure itself based on the task it used for. Also, it will allow the server to learn on its own lifeline and so on. Any other ideas about this and discussions are welcome Chekmarev Alex -- View this message in context: http://www.nabble.com/Idea-to-%28probably%29-GSoC-2009-about-Apache-HTTPD-2.0-tp22477710p22477710.html Sent from the Apache HTTP Server - Dev mailing list archive at Nabble.com.
Apache 2.2.10 with IPV6 on windows
Hi All, There was a similar mail from someone else in the past but I did not find any resolution to the matter. I am facing the same problem (given below) and would much appreciate any help on this. I have apache 2.2.10 with APR_HAVE_IPV6 set to 1 and I am trying to run this build on a windows box which is IPV6-enabled. I see the following error in the error_log and apache fails to start. [Thu Mar 12 02:08:48 2009] [crit] (OS 109)The pipe has been ended. : setup_inherited_listeners: Unable to read socket data from parent [Thu Mar 12 02:08:48 2009] [crit] Parent: child process exited with status 3 -- Aborting. Is there a way to fix this? It works fine with APR_HAVE_IPV6 set to 0 (i.e apache with only IPV4 support) but this is not an option for me. Any help with this will be much appreciated. Also, if this ought to go into a different mailing list then please let me know which one. Thanks, Rashmi
