detect disconnect in CGI

2009-10-23 Thread Andrej van der Zee 
Hi,

I am using mod_cgi using Cgicc with C++ on Linux. I need a way to detect
disconnects from the client. I think I have a way to do this, but I wanted
to make sure if there is no easier way.

I am writing a space back to the client every second as part if a custom
HTTP response header. When the connection drops, this results in a sigpipe.
I am using non-parsed-headers to make sure the spaces are really flushed to
the client and not buffered by Apache.

Is there a better way to do this?

Thank you,
Andrej

Question about apache cache data clean

2009-10-23 Thread dreamice 

Dear All,
In the old version of httpd, such as early 2.0 version, there is a
configuration option of CacheGcInterval.
It is used to define the period of time (hour) to delete cache data that is
larger than the max size.
Unfortunately, httpd 2.2 version will not support this configuration. I want
to know why remove this option and is there any modules or configuration for
replacing this option.

Thanks in advance!

-- 
View this message in context: 
http://www.nabble.com/Question-about-apache-cache-data-clean-tp26023068p26023068.html
Sent from the Apache HTTP Server - Dev mailing list archive at Nabble.com.

Re: Question about apache cache data clean

2009-10-23 Thread Graham Leggett 
dreamice wrote:

 In the old version of httpd, such as early 2.0 version, there is a
 configuration option of CacheGcInterval.
 It is used to define the period of time (hour) to delete cache data that is
 larger than the max size.
 Unfortunately, httpd 2.2 version will not support this configuration. I want
 to know why remove this option and is there any modules or configuration for
 replacing this option.

Take a look at the htcacheclean tool, which can also run as a daemon.

Regards,
Graham
--

Re: dumping running config

2009-10-23 Thread Nick Kew 

Mark Watts wrote:

This may have been asked for before so apologies if it has.

In #httpd on FreeNode, we often get people asking if apache httpd can
dump its running config to a file for use on other servers or whatever.

Is this at all possible; mod_info does some of it so I would think yes,
(but I'm not a programmer).


Alternative suggestion: use a static config-analysis scripts.

I don't recollect names, but I do recollect searching CPAN and
finding two likely-looking candidates, of which one did a
good job of what I needed.

--
Nick Kew

Re: Strange error(parse tlsext bug) in mod_ssl since httpd-2.2.12

2009-10-23 Thread Kamesh Jayachandran 



Did you say what version of OpenSSL the failing client was using on
Windows?


   

It happens with openssl-0.9.8j on client openssl-0.9.8k on server

 

Hmm... could be 0.9.8j sending bad data with invalid extension syntax under rare
circumstances.

A packet sniffer or logging the errant extensions received by OpenSSL could help
trace this further.

   



Find the tcpdump while this failure occurs at 
http://www.livecipher.com/tlsext_dump/tlsext.dmp


Thanks

with regards
Kamesh Jayachandran

Using Authentication with flood

2009-10-23 Thread eric.berg 
I'm trying to set up a regression test of sorts for my apache servers to
verify new configs.  I've been looking at Apache Flood, but I need to
authenticate to my web servers and putting the username and password in
to the URL doesn't seem to be working.

How can I authenticate using flood?

Thanks.

Eric
___

This e-mail may contain information that is confidential, privileged or 
otherwise protected from disclosure. If you are not an intended recipient of 
this e-mail, do not duplicate or redistribute it by any means. Please delete it 
and any attachments and notify the sender that you have received it in error. 
Unless specifically indicated, this e-mail is not an offer to buy or sell or a 
solicitation to buy or sell any securities, investment products or other 
financial product or service, an official confirmation of any transaction, or 
an official statement of Barclays. Any views or opinions presented are solely 
those of the author and do not necessarily represent those of Barclays. This 
e-mail is subject to terms available at the following link: 
www.barcap.com/emaildisclaimer. By messaging with Barclays you consent to the 
foregoing.  Barclays Capital is the investment banking division of Barclays 
Bank PLC, a company registered in England (number 1026167) with its registered 
office at 1 Churchill Place, London, E14 5HP.  This email may relate to or be 
sent from other members of the Barclays Group.
___

Re: Strange error(parse tlsext bug) in mod_ssl since httpd-2.2.12

2009-10-23 Thread Kaspar Brand 
Kamesh Jayachandran wrote:
 Find the tcpdump while this failure occurs at 
 http://www.livecipher.com/tlsext_dump/tlsext.dmp

It seems that you used a URI with an IP address (https://10.2.1.97/...),
is that correct? This actually uncovers a - probably unrelated - bug in
the OpenSSL client (SNI extensions should never contain literal IPv4
addresses).

Could you retry the test and make sure that you use an FQDN in the URI
you specify for the client (through an entry in the hosts file or so)?

Kaspar

Re: Authentication Basic default format

2009-10-23 Thread Stefan Fritsch 
On Wednesday 21 October 2009, José Miguel Holguín Aparicio wrote:
 I have a question about htpasswd when creating password hashes for
 Basic Authentication. Why there isn't any warning message
  regarding password truncate to 8 characters?
 
 As you can see at your own documentation
 (http://httpd.apache.org/docs/2.2/misc/password_encryptions.html),
 OpenSSL is already warning us about this issue.
 
 
 In my opinion htpasswd command must show a warning message like
 OpenSSL does. Do you agree?

Yes. Commited to trunk as r829162.

Cheers,
Stefan

RE: Strange error(parse tlsext bug) in mod_ssl since httpd-2.2.12

2009-10-23 Thread Kamesh Jayachandran 

It seems that you used a URI with an IP address (https://10.2.1.97/...),
is that correct?

Yes.


Could you retry the test and make sure that you use an FQDN in the URI
you specify for the client (through an entry in the hosts file or so)?

Yes done, find the dump at http://www.livecipher.com/tlsext_dump/tlsext.dmp.2

Thanks
With regards
Kamesh Jayachandran

Re: svn commit: r829185 - in /httpd/httpd/trunk: CHANGES modules/cache/mod_socache_shmcb.c

2009-10-23 Thread Ruediger Pluem 


On 10/23/2009 09:27 PM, s...@apache.org wrote:
 Author: sf
 Date: Fri Oct 23 19:27:32 2009
 New Revision: 829185
 
 URL: http://svn.apache.org/viewvc?rev=829185view=rev
 Log:
 Only parse cache size in parens at the end of the string. Fixes 
 SSLSessionCache
 directive mis-parsing parens in pathname.
 
 PR: 47945
 
 Modified:
 httpd/httpd/trunk/CHANGES
 httpd/httpd/trunk/modules/cache/mod_socache_shmcb.c
 
 Modified: httpd/httpd/trunk/CHANGES
 URL: 
 http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=829185r1=829184r2=829185view=diff
 ==
 --- httpd/httpd/trunk/CHANGES [utf-8] (original)
 +++ httpd/httpd/trunk/CHANGES [utf-8] Fri Oct 23 19:27:32 2009
 @@ -10,6 +10,10 @@
   mod_proxy_ftp: NULL pointer dereference on error paths.
   [Stefan Fritsch sf fritsch.de, Joe Orton]
  
 +  *) mod_socache_shmcb: Only parse cache size in parens at the end of the
 + string. Fixes SSLSessionCache directive mis-parsing parens in pathname.
 + PR 47945. [Stefan Fritsch]
 +
*) htpasswd: Improve out of disk space handling. PR 30877. [Stefan Fritsch]
  
*) htpasswd: Use MD5 hash by default on all platforms. [Stefan Fritsch]
 
 Modified: httpd/httpd/trunk/modules/cache/mod_socache_shmcb.c
 URL: 
 http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/cache/mod_socache_shmcb.c?rev=829185r1=829184r2=829185view=diff
 ==
 --- httpd/httpd/trunk/modules/cache/mod_socache_shmcb.c (original)
 +++ httpd/httpd/trunk/modules/cache/mod_socache_shmcb.c Fri Oct 23 19:27:32 
 2009
 @@ -278,15 +278,11 @@
  
  ctx-data_file = path = ap_server_root_relative(p, arg);
  
 -cp = strchr(path, '(');
 -if (cp) {
 +cp = strrchr(path, '(');
 +cp2 = path + strlen(path) - 1;
 +if (cp  (*cp2 == ')')) {
  *cp++ = '\0';
 -
 -if (!(cp2 = strchr(cp, ')'))) {
 -return Invalid argument: no closing parenthesis;
 -}

No error message any longer for missing parenthesis?
I doubt that filenames like /somewhere/somefile(something are intended.

 -
 -*cp2 = '\0';
 +*cp2  = '\0';
  
  ctx-shm_size = atoi(cp);
  


Regards

Rüdiger

Re: svn commit: r829162 - /httpd/httpd/trunk/support/htpasswd.c

2009-10-23 Thread William A. Rowe, Jr. 
s...@apache.org wrote:
 Author: sf
 Date: Fri Oct 23 18:13:46 2009
 New Revision: 829162
 
 URL: http://svn.apache.org/viewvc?rev=829162view=rev
 Log:
 Print a warning if a password is truncated by crypt.
 
 Modified:
 httpd/httpd/trunk/support/htpasswd.c
 
 Modified: httpd/httpd/trunk/support/htpasswd.c
 URL: 
 http://svn.apache.org/viewvc/httpd/httpd/trunk/support/htpasswd.c?rev=829162r1=829161r2=829162view=diff
 ==
 --- httpd/httpd/trunk/support/htpasswd.c (original)
 +++ httpd/httpd/trunk/support/htpasswd.c Fri Oct 23 18:13:46 2009
 @@ -186,6 +186,10 @@
  pw = pwin;
  memset(pwv, '\0', sizeof(pwin));
  }
 +if (alg == ALG_CRYPT  strlen(pw)  8) {
 +apr_file_printf(errfile, Warning: Password truncated to 8 
 characters 
 +by CRYPT algorithm. NL);
 +}

Isn't this platform specific?  Seems wrong.  Why not test the pw and the pw+1 
char
to determine if this is, in fact, true.

With all our integration into openssl maybe we should add 3des strong crypt for
all platforms that don't otherwise offer it?  So much easier now that the rules
about crypto munitions in open source have been relaxed.