date:20121008

Re: svn commit: r1395417 - in /httpd/httpd/trunk/docs/manual: mpm.html.en mpm.xml

2012-10-08 Thread Jeff Trawick

On Sun, Oct 7, 2012 at 6:59 PM,  rbo...@apache.org wrote:
 Author: rbowen
 Date: Sun Oct  7 22:59:14 2012
 New Revision: 1395417

 URL: http://svn.apache.org/viewvc?rev=1395417view=rev
 Log:
 Adds some clarification to the statement that the default MPM is
 selected based on platform capabilities.

 Modified:
 httpd/httpd/trunk/docs/manual/mpm.html.en
 httpd/httpd/trunk/docs/manual/mpm.xml

 Modified: httpd/httpd/trunk/docs/manual/mpm.html.en
 URL: 
 http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mpm.html.en?rev=1395417r1=1395416r2=1395417view=diff
 ==
 --- httpd/httpd/trunk/docs/manual/mpm.html.en (original)
 +++ httpd/httpd/trunk/docs/manual/mpm.html.en Sun Oct  7 22:59:14 2012
 @@ -99,6 +99,28 @@ choice at compile-time./p
  code class=modulea href=./mod/event.htmlevent/a/code, 
 depending on platform capabilities/td/tr
  tr class=oddtdWindows/tdtdcode class=modulea 
 href=./mod/mpm_winnt.htmlmpm_winnt/a/code/td/tr
  /table
 +
 +div class=notepHere, 'Unix' is used to mean Unix-like operating 
 systems, such as
 +Linux, BSD, Solaris, Mac OS X, etc./p/div
 +
 +pIn the case of Unix, the decision as to which MPM is installed is
 +based on two questions:/p
 +p1. Does the system support a 
 href=http://en.wikipedia.org/wiki/Threads_(computer_science)threads/a?/p
 +p2. Does the system support a 
 href=http://en.wikipedia.org/wiki/Polling_(computer_science)polling/a?/p
 +
 +pIf the answer to both questions is 'yes', the default MPM is
 +code class=modulea href=./mod/event.htmlevent/a/code./p

It isn't that simple.

APR_POLLSET_THREADSAFE has to be supported, and that is more than the
well-known capabilities of threads and polling.

APR_POLLSET_THREADSAFE means that the platform has an advanced polling
mechanism which allows pollsets to be manipulated in a certain way,
and that APR has an implementation that uses that mechanism.

Linux, Solaris, and FreeBSD/Mac OS X are platforms that satisify both
characteristics.  z/OS is a platform that has an advanced polling
mechanism but without an APR implementation in the stable branches.
Neither AIX nor HP-UX have APR implementations, though I'd guess that
the OS has the feature and nobody has gotten around to exploiting it
in APR.

 +
 +pIf The answer to #1 is 'yes', but the answer to #2 is 'no', the
 +default will be code class=modulea 
 href=./mod/worker.htmlworker/a/code./p
 +
 +pIf the answer to both questions is 'no', then the default MPM will be
 +code class=modulea href=./mod/prefork.htmlprefork/a/code./p
 +
 +pIn practical terms, this means that the default will almost always be
 +code class=modulea href=./mod/event.htmlevent/a/code, as all 
 modern operating systems support these
 +two features./p
 +
  /divdiv class=topa href=#page-headerimg alt=top 
 src=./images/up.gif //a/div
  div class=section
  h2a name=static id=staticBuilding an MPM as a static module/a/h2

 Modified: httpd/httpd/trunk/docs/manual/mpm.xml
 URL: 
 http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mpm.xml?rev=1395417r1=1395416r2=1395417view=diff
 ==
 --- httpd/httpd/trunk/docs/manual/mpm.xml (original)
 +++ httpd/httpd/trunk/docs/manual/mpm.xml Sun Oct  7 22:59:14 2012
 @@ -89,6 +89,30 @@ choice at compile-time./p
  moduleevent/module, depending on platform capabilities/td/tr
  trtdWindows/tdtdmodulempm_winnt/module/td/tr
  /table
 +
 +notepHere, 'Unix' is used to mean Unix-like operating systems, such as
 +Linux, BSD, Solaris, Mac OS X, etc./p/note
 +
 +pIn the case of Unix, the decision as to which MPM is installed is
 +based on two questions:/p
 +p1. Does the system support a
 +href=http://en.wikipedia.org/wiki/Threads_(computer_science)threads/a?/p
 +p2. Does the system support a
 +href=http://en.wikipedia.org/wiki/Polling_(computer_science)polling/a?/p
 +
 +pIf the answer to both questions is 'yes', the default MPM is
 +moduleevent/module./p
 +
 +pIf The answer to #1 is 'yes', but the answer to #2 is 'no', the
 +default will be moduleworker/module./p
 +
 +pIf the answer to both questions is 'no', then the default MPM will be
 +moduleprefork/module./p
 +
 +pIn practical terms, this means that the default will almost always be
 +moduleevent/module, as all modern operating systems support these
 +two features./p
 +
  /section

  section id=statictitleBuilding an MPM as a static module/title





-- 
Born in Roswell... married an alien...
http://emptyhammock.com/

Re: [Bug 53219] mod_ssl should allow to disable ssl compression

2012-10-08 Thread Stefan Fritsch

On Monday 08 October 2012, Roy T. Fielding wrote:
 On Oct 7, 2012, at 6:05 PM, Eric Covener wrote:
  Any opinions on the default change?  AIUI current maintenance of
  browsers have disabled TLS compression already, because they can
  be driven to generate arbitrary traffic that eventually reveals
  httpOnly session cookies.
 
 Just disable it completely -- adaptive compression of headers is
 inherently incompatible with the goals of TLS.

Is it? I think the main problem is the broken security model of web 
browsers. There are many scenarios where compression does not hurt, 
e.g. with non-browser clients that do not allow chosen plaintext 
attacks, or if authentication is done by client certificate and not by 
header.

Therefore, I would prefer leaving the option available. But defaulting 
to off makes sense.

Cheers,
Stefan

Re: svn commit: r1395555 - /httpd/httpd/trunk/docs/manual/mpm.xml

2012-10-08 Thread Jeff Trawick

On Mon, Oct 8, 2012 at 9:35 AM,  rbo...@apache.org wrote:
 Author: rbowen
 Date: Mon Oct  8 13:35:52 2012
 New Revision: 139

 URL: http://svn.apache.org/viewvc?rev=139view=rev
 Log:
 Thanks to Daniel, further enhance the explanation of the decision of the 
 default MPM.

 Modified:
 httpd/httpd/trunk/docs/manual/mpm.xml

 Modified: httpd/httpd/trunk/docs/manual/mpm.xml
 URL: 
 http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mpm.xml?rev=139r1=1395554r2=139view=diff
 ==
 --- httpd/httpd/trunk/docs/manual/mpm.xml (original)
 +++ httpd/httpd/trunk/docs/manual/mpm.xml Mon Oct  8 13:35:52 2012
 @@ -95,10 +95,9 @@ Linux, BSD, Solaris, Mac OS X, etc./p

  pIn the case of Unix, the decision as to which MPM is installed is
  based on two questions:/p
 -p1. Does the system support a
 -href=http://en.wikipedia.org/wiki/Threads_(computer_science)threads/a?/p
 -p2. Does the system support a
 -href=http://en.wikipedia.org/wiki/Polling_(computer_science)polling/a?/p
 +p1. Does the system support threads?/p
 +p2. Does the system support thread-safe polling (Specifically, the
 +kqueue and epoll functions)?/p

And event ports.

Big picture IMO:

1. in absence of --with-mpm=FOO, the default MPM is selected based on
some really geeky gorp
2. The recommended solution is

a. specify

--enable-mpms-shared=all

so that you have available anything known to work on your platform

b. If you specifically want to use prefork or worker, ALSO add

--with-mpm=prefork or --with-mpm=worker

c. If you change your mind about the MPM later, change the LoadModule directive


  pIf the answer to both questions is 'yes', the default MPM is
  moduleevent/module./p





-- 
Born in Roswell... married an alien...
http://emptyhammock.com/

mod_lua authen/authz

2012-10-08 Thread Karl Pflästerer

Hi,
I'm not sure if this is the right list; if not just tell me where to ask
my question.

I wanted to use mod_lua to replace a custom authen/authz handler (at the
moment written with mod_perl) with a lua handler (since mod_perl and
httpd2.4 do not work at the moment).

I used the examples here
http://httpd.apache.org/docs/trunk/developer/lua.html and
here http://httpd.apache.org/docs/trunk/mod/mod_lua.html but had no luck
with the authen part.

The authz part works
  LuaAuthzProvider foo authz.lua authz_check_foo
The function authz_check_foo gets called.

But how do I write the config so that for the authentication also a lua
function gets called?
  LuaHookAuthChecker foo.lua  check_auth early
does nothing.

Basically I want the same as with this configuration (for mod_perl):

LocationMatch /admin/
  AuthName Admin-XXX
  AuthType Basic
  Require Group1 Group2
  PerlAuthenHandler DFV::Authen
  PerlAuthzHandler  DFV::Authen
/LocationMatch

That handler checks if the user has the right password and is in at
least one of the required groups.

TIA
  KP

Re: svn commit: r1395417 - in /httpd/httpd/trunk/docs/manual: mpm.html.en mpm.xml

Re: [Bug 53219] mod_ssl should allow to disable ssl compression

Re: svn commit: r1395555 - /httpd/httpd/trunk/docs/manual/mpm.xml

mod_lua authen/authz

4 matches

Site Navigation

Mail list logo

Footer information