Per-module loglevel configuration

[Stefan Fritsch]

Hi,

here is the second version of my patch to allow per-module loglevel 
configuration. It's available at:

http://people.apache.org/~sf/per-module-loglevel-v2/

As it's rather big, I have split it into separate logical patches. I 
hope this makes it easier to review:

0001 Add macro wrappers for ap_log_*error
0002 Introduce log levels trace1/.../trace8
0003 Introduce SSLLOG_MARK, in preparation to redefine APLOG_MARK
0004 move find module logic into separate function
0005 Introduce per module log levels
0006 Adjust mod_ssl logging to make it compile again
0007 define APLOG_MODULE_INDEX in module files
0008 define APLOG_MODULE_INDEX in core files and remove default 
definition of APLOG_MODULE_INDEX
0009 Replace LogLevelDebugDump with TRACE log levels
0010 Replace DumpIOLogLevel with trace log level
0011 Replace RewriteLog/RewriteLogLevel with trace log levels

As I wrote in the mail to Graham, I didn't have time to work on the 
per-directory loglevel configuration. But even without it, this patch 
is quite an improvement, IMHO.

Cheers,
Stefan

Re: svn commit: r923712 - in /httpd/httpd/trunk/docs/manual: ./ mod/

[Roy T. Fielding]

On Mar 16, 2010, at 12:24 PM, Noirin Shirley wrote:

> On Tue, Mar 16, 2010 at 8:05 PM, William A. Rowe Jr.
>  wrote:
>> On 3/16/2010 12:37 PM, Noirin Shirley wrote:
>>> 
>>> In some places, we use httpd, but that leads to some horrible
>>> confusion between the product and the command.
>> 
>> I guess I'm not seeing the disconnect.  If a reader cannot parse httpd
>> as shorthand "the Apache HTTP Server program", then we have more serious
>> issues in helping them become a web server administrator.
> 
> The problem is that httpd is used as shorthand for "the Apache HTTP
> Server" *and* as a reference to a specific binary/process/command, and
> we assume that people can work out the difference, because, y'know,
> Bill knows the difference, and Roy does, so obviously, all the rest of
> us should too.

No, they can work out the difference (assuming they ever need to)
by looking at the context.

> If the command were, say, "apache2", then just using "Apache HTTP
> Server (httpd)" for the first mention, and "httpd" thereafter would be
> fine. Heck, even if we absolutely always used "apachectl", and never
> referred to the binary directly, we might be able to get something
> that worked, although there'd be a lot more rewriting of docs
> required. But when it's not always clear to people who've been working
> on the project for years whether a given instance of "httpd" refers to
> a single binary or a set of binaries, and config files, and sometimes
> other bits and pieces, how on earth do we expect users to be able to
> grok what we're talking about?
> 
> And as for clueless lawyers, unless we've given one commit access,
> they're not the only ones using HTTPd either - cf
> http://httpd.apache.org/docs/2.2/install.html

Yes, both Joshua Slive and Ken Coar would (very rarely) capitalize
the HTTP for no apparent reason, as would various denizens of other
projects (NCSA HTTPd post-1.5, kHTTPd, OmniHTTPd, etc.).  That doesn't
make it our product name.  A patch to make everything consistently
wrong is not an improvement over being inconsistently wrong in our docs.

Roy

Re: svn commit: r923712 - in /httpd/httpd/trunk/docs/manual: ./ mod/

[Mladen Turk]

On 03/16/2010 09:37 PM, William A. Rowe Jr. wrote:


I thought the only people who ever capitalize HTTP in httpd are
clueless lawyers.


apache_1.2.4.tar.gz/ABOUT_APACHE

The Apache HTTP Server Project
   http://www.apache.org/
  June 1997

Seems the HTTPD is used for a long time


I'm sorry, I'm looking at your snip and I don't see a captial D.



Choose one. D or d :)

IMHO Apache HTTPD is no better then Apache httpd.
It should be Apache Httpd thought.



Regards
--
^TM

Re: svn commit: r923712 - in /httpd/httpd/trunk/docs/manual: ./ mod/

[William A. Rowe Jr.]

On 3/16/2010 2:58 PM, Mladen Turk wrote:
> On 03/16/2010 06:24 PM, Roy T. Fielding wrote:
>>
>> I thought the only people who ever capitalize HTTP in httpd are
>> clueless lawyers.
> 
> apache_1.2.4.tar.gz/ABOUT_APACHE
> 
> The Apache HTTP Server Project
>   http://www.apache.org/
>  June 1997
> 
> Seems the HTTPD is used for a long time

I'm sorry, I'm looking at your snip and I don't see a captial D.

Re: svn commit: r923712 - in /httpd/httpd/trunk/docs/manual: ./ mod/

[Mladen Turk]

On 03/16/2010 06:24 PM, Roy T. Fielding wrote:


I thought the only people who ever capitalize HTTP in httpd are
clueless lawyers.


apache_1.2.4.tar.gz/ABOUT_APACHE

The Apache HTTP Server Project
  http://www.apache.org/
 June 1997

Seems the HTTPD is used for a long time

Regards
--
^TM

Re: svn commit: r923429 - /httpd/httpd/trunk/modules/filters/mod_reqtimeout.c

[Stefan Fritsch]

On Tue, 16 Mar 2010, Ruediger Pluem wrote:


On 15.03.2010 21:46, s...@apache.org wrote:

Author: sf
Date: Mon Mar 15 20:46:26 2010
New Revision: 923429

URL: http://svn.apache.org/viewvc?rev=923429&view=rev
Log:
get the socket with ap_get_module_config instead of walking the filter chain

Modified:
httpd/httpd/trunk/modules/filters/mod_reqtimeout.c

Modified: httpd/httpd/trunk/modules/filters/mod_reqtimeout.c
URL: 
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/filters/mod_reqtimeout.c?rev=923429&r1=923428&r2=923429&view=diff
==
--- httpd/httpd/trunk/modules/filters/mod_reqtimeout.c (original)
+++ httpd/httpd/trunk/modules/filters/mod_reqtimeout.c Mon Mar 15 20:46:26 2010
@@ -151,21 +151,7 @@ static apr_status_t reqtimeout_filter(ap
 }

 if (!ccfg->socket) {
-core_net_rec *net_rec;
-ap_filter_t *core_in = f->next;
-
-while (core_in && core_in->frec != ap_core_input_filter_handle)
-core_in = core_in->next;
-
-if (!core_in) {
-ap_log_cerror(APLOG_MARK, APLOG_WARNING, 0, f->c,
-  "mod_reqtimeout: Can't get socket "
-  "handle from core_input_filter");
-ap_remove_input_filter(f);
-return ap_get_brigade(f->next, bb, mode, block, readbytes);
-}
-net_rec = core_in->ctx;
-ccfg->socket = net_rec->client_socket;
+ccfg->socket = ap_get_module_config(f->c->conn_config, &core_module);


Not quite sure if this data structure is part of the API. If not the core could
change it anytime and the above assignment could fail then.


Other modules do the same, so mod_reqtimeout does not create an additional 
problem IMHO:


$ grep -rl ap_get_module_config.*conn_config.*core_module modules
modules/proxy/mod_proxy_connect.c
modules/proxy/mod_proxy_fdpass.c
modules/filters/mod_reqtimeout.c
modules/http/http_core.c
modules/echo/mod_echo.c
modules/experimental/mod_noloris.c

Re: ProxyPreserveHost per dir??

[Stefan Fritsch]

On Tuesday 16 March 2010, Akins, Brian wrote:
> Is there a particular reason why ProxyPreserveHost  is per server
>  and not per dir?  We have some "unusual" configs and I'm wondering
>  what secret internals I may be breaking by changing that?  The
>  code didn't show anything obvious.

It's per dir since 2.3.3. The change breaks module binary 
compatibility and therefore cannot be backported to 2.2.x.

Re: svn commit: r923712 - in /httpd/httpd/trunk/docs/manual: ./ mod/

[Noirin Shirley]

On Tue, Mar 16, 2010 at 8:30 PM, William A. Rowe Jr.
 wrote:
> On 3/16/2010 2:24 PM, Noirin Shirley wrote:
>> On Tue, Mar 16, 2010 at 8:05 PM, William A. Rowe Jr.
>>  wrote:
>>> On 3/16/2010 12:37 PM, Noirin Shirley wrote:

 In some places, we use httpd, but that leads to some horrible
 confusion between the product and the command.
>>>
>>> I guess I'm not seeing the disconnect.  If a reader cannot parse httpd
>>> as shorthand "the Apache HTTP Server program", then we have more serious
>>> issues in helping them become a web server administrator.
>>
>> The problem is that httpd is used as shorthand for "the Apache HTTP
>> Server" *and* as a reference to a specific binary/process/command, and
>> we assume that people can work out the difference, because, y'know,
>> Bill knows the difference, and Roy does, so obviously, all the rest of
>> us should too.
>
> Actually;
>
> the command is usually apachectl ;-)

Unfortunately "usually" isn't the same as "always", and that only adds
to the confusion.

I know that you know what you're talking about when you say httpd, in
any context. But a user coming to our docs sees the same word used as
a process name, and as a product name, and then as a command, and then
they're told they shouldn't use that command, ...

Not everyone can be VP of the project. The docs are meant to make it
easier for the people who *aren't* VP to use our software.

Noirin

Re: svn commit: r923712 - in /httpd/httpd/trunk/docs/manual: ./ mod/

[William A. Rowe Jr.]

On 3/16/2010 2:24 PM, Noirin Shirley wrote:
> On Tue, Mar 16, 2010 at 8:05 PM, William A. Rowe Jr.
>  wrote:
>> On 3/16/2010 12:37 PM, Noirin Shirley wrote:
>>>
>>> In some places, we use httpd, but that leads to some horrible
>>> confusion between the product and the command.
>>
>> I guess I'm not seeing the disconnect.  If a reader cannot parse httpd
>> as shorthand "the Apache HTTP Server program", then we have more serious
>> issues in helping them become a web server administrator.
> 
> The problem is that httpd is used as shorthand for "the Apache HTTP
> Server" *and* as a reference to a specific binary/process/command, and
> we assume that people can work out the difference, because, y'know,
> Bill knows the difference, and Roy does, so obviously, all the rest of
> us should too.

Actually;

the command is usually apachectl ;-)

ProxyPreserveHost per dir??

[Akins, Brian]

Is there a particular reason why ProxyPreserveHost  is per server and not
per dir?  We have some "unusual" configs and I'm wondering what secret
internals I may be breaking by changing that?  The code didn't show anything
obvious.


-- 
Brian Akins

Re: svn commit: r923712 - in /httpd/httpd/trunk/docs/manual: ./ mod/

[Noirin Shirley]

On Tue, Mar 16, 2010 at 8:05 PM, William A. Rowe Jr.
 wrote:
> On 3/16/2010 12:37 PM, Noirin Shirley wrote:
>>
>> In some places, we use httpd, but that leads to some horrible
>> confusion between the product and the command.
>
> I guess I'm not seeing the disconnect.  If a reader cannot parse httpd
> as shorthand "the Apache HTTP Server program", then we have more serious
> issues in helping them become a web server administrator.

The problem is that httpd is used as shorthand for "the Apache HTTP
Server" *and* as a reference to a specific binary/process/command, and
we assume that people can work out the difference, because, y'know,
Bill knows the difference, and Roy does, so obviously, all the rest of
us should too.

If the command were, say, "apache2", then just using "Apache HTTP
Server (httpd)" for the first mention, and "httpd" thereafter would be
fine. Heck, even if we absolutely always used "apachectl", and never
referred to the binary directly, we might be able to get something
that worked, although there'd be a lot more rewriting of docs
required. But when it's not always clear to people who've been working
on the project for years whether a given instance of "httpd" refers to
a single binary or a set of binaries, and config files, and sometimes
other bits and pieces, how on earth do we expect users to be able to
grok what we're talking about?

And as for clueless lawyers, unless we've given one commit access,
they're not the only ones using HTTPd either - cf
http://httpd.apache.org/docs/2.2/install.html

Noirin

Re: svn commit: r923712 - in /httpd/httpd/trunk/docs/manual: ./ mod/

[William A. Rowe Jr.]

On 3/16/2010 12:37 PM, Noirin Shirley wrote:
> 
> In some places, we use httpd, but that leads to some horrible
> confusion between the product and the command.

I guess I'm not seeing the disconnect.  If a reader cannot parse httpd
as shorthand "the Apache HTTP Server program", then we have more serious
issues in helping them become a web server administrator.

I was a bit confused in this commit message w.r.t. "concensus".  Noirin and
yourself clearly take one view, Roy and I have expounded a very contrary view,
and I haven't see the rest of this dialog (following dev@, docs@, users@ etc).

Re: svn commit: r923712 - in /httpd/httpd/trunk/docs/manual: ./ mod/

[Noirin Shirley]

On Tue, Mar 16, 2010 at 6:24 PM, Roy T. Fielding  wrote:
> On Mar 16, 2010, at 5:48 AM, rbo...@apache.org wrote:
>
>> Author: rbowen
>> Date: Tue Mar 16 12:48:31 2010
>> New Revision: 923712
>>
>> URL: http://svn.apache.org/viewvc?rev=923712&view=rev
>> Log:
>> In as much as we can be said to have consensus on anything at all, we
>> appear to have consensus that we will refer to the product (in the
>> documentation) as Apache HTTPD, or HTTPD for short, and to the server
>> binary executable as httpd. Here's a few changes to that
>> effect.
>
> I thought the only people who ever capitalize HTTP in httpd are
> clueless lawyers.  httpd is the product name.

We've never been even remotely consistent about the name of the product.

In some places, we use httpd, but that leads to some horrible
confusion between the product and the command.

In other places, we use Apache HTTP Server, but then when we switch to
httpd because it's less wordy or fits the sentence better, it's not at
all clear that httpd and Apache HTTP Server mean the same thing.

In a few places, we use Apache Web Server, just for variety (and, I've
heard it argued, because it can serve over more than just HTTP).

> It is not, and never
> has been, HTTPD, HTTPd, or any other misspelling of d.  It's that
> bloody thing we put in the package name, like

I don't really see how the package name proves anything - Tomcat
packages have names like apache-tomcat-5.5.28.tar.gz, but I've never
been called clueless (or a lawyer) for capitalising the project name
differently to the package name.

Sure, httpd makes sense as an all-small command. But I see no reason
that it's stupid to distinguish between the command and the product,
and nothing you've said convinces me that HTTPD or HTTPD or Httpd or
any other product name that removes the ambiguity is any worse than
calling the product "Web Server".

Noirin

Re: svn commit: r923712 - in /httpd/httpd/trunk/docs/manual: ./ mod/

[Roy T. Fielding]

On Mar 16, 2010, at 5:48 AM, rbo...@apache.org wrote:

> Author: rbowen
> Date: Tue Mar 16 12:48:31 2010
> New Revision: 923712
> 
> URL: http://svn.apache.org/viewvc?rev=923712&view=rev
> Log:
> In as much as we can be said to have consensus on anything at all, we
> appear to have consensus that we will refer to the product (in the
> documentation) as Apache HTTPD, or HTTPD for short, and to the server
> binary executable as httpd. Here's a few changes to that
> effect.

WTF?  -1

I thought the only people who ever capitalize HTTP in httpd are
clueless lawyers.  httpd is the product name.  It is not, and never
has been, HTTPD, HTTPd, or any other misspelling of d.  It's that
bloody thing we put in the package name, like

   httpd-2.2.15.tar.gz

which should really be

   apache-httpd-2.2.15.tar.gz

but that's another discussion.

Roy

Re: Client authentication and authorization using client certificates

[lambam80]

Johannes great news,  mod_auth_certificate works !

I reckon you need => httpd-2.2.14 in order to use the UID. 

See BUG https://issues.apache.org/bugzilla/show_bug.cgi?id=45107 

Initially I decided to wait for Fedora 13 with httpd-2.2.14 
where they say the above BUG is fixed in HTTPD.

In the end I tested with an unofficial version of httpd-2.2.14 on Fedora 12.

Good work, Dave
---

Johannes Müller wrote:
> 
> Eric Covener wrote:
>> On Tue, Jun 16, 2009 at 5:40 PM, Johannes Müller wrote:
>>   
>>> Yes should be no problem. Relicensing means I'll also have to remove
>>> current
>>> the current
>>> version and SVN revisions so there is no problem if someone already
>>> downloaded the
>>> GPLed release?
>>> 
>>
>> IANAL: I don't see why, they're free to use it under those terms, and
>> you're free to change the terms of any subsequent release (or prior
>> release to other parties!)
>>
>>   
> 
> 
> Released version 0.2 of mod_auth_certificate under Apache License 2.0
> Download at https://sourceforge.net/projects/modauthcertific/
> 
> Any comments?
> 
> Greetings,
> Johannes
> 
> 

-- 
View this message in context: 
http://old.nabble.com/Client-authentication-and-authorization-using-client-certificates-tp24058416p27919447.html
Sent from the Apache HTTP Server - Dev mailing list archive at Nabble.com.

Re: svn commit: r923429 - /httpd/httpd/trunk/modules/filters/mod_reqtimeout.c

[Ruediger Pluem]

On 15.03.2010 21:46, s...@apache.org wrote:
> Author: sf
> Date: Mon Mar 15 20:46:26 2010
> New Revision: 923429
> 
> URL: http://svn.apache.org/viewvc?rev=923429&view=rev
> Log:
> get the socket with ap_get_module_config instead of walking the filter chain
> 
> Modified:
> httpd/httpd/trunk/modules/filters/mod_reqtimeout.c
> 
> Modified: httpd/httpd/trunk/modules/filters/mod_reqtimeout.c
> URL: 
> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/filters/mod_reqtimeout.c?rev=923429&r1=923428&r2=923429&view=diff
> ==
> --- httpd/httpd/trunk/modules/filters/mod_reqtimeout.c (original)
> +++ httpd/httpd/trunk/modules/filters/mod_reqtimeout.c Mon Mar 15 20:46:26 
> 2010
> @@ -151,21 +151,7 @@ static apr_status_t reqtimeout_filter(ap
>  }
>  
>  if (!ccfg->socket) {
> -core_net_rec *net_rec;
> -ap_filter_t *core_in = f->next;
> -
> -while (core_in && core_in->frec != ap_core_input_filter_handle)
> -core_in = core_in->next;
> -
> -if (!core_in) {
> -ap_log_cerror(APLOG_MARK, APLOG_WARNING, 0, f->c,
> -  "mod_reqtimeout: Can't get socket "
> -  "handle from core_input_filter");
> -ap_remove_input_filter(f);
> -return ap_get_brigade(f->next, bb, mode, block, readbytes);
> -}
> -net_rec = core_in->ctx;
> -ccfg->socket = net_rec->client_socket;
> +ccfg->socket = ap_get_module_config(f->c->conn_config, &core_module);

Not quite sure if this data structure is part of the API. If not the core could
change it anytime and the above assignment could fail then.

Regards

Rüdiger