Re: [users@httpd] Strange with AllowOverrideList Directive

2016-03-29 Thread Luca Toscano 
[+dev@]

Hi!

2016-03-29 11:06 GMT+02:00 Виталий Фадеев :

> Hello!
>
> I trying to completely disable of .htaccess.
> I have this in httpd.conf:
> 
> Options FollowSymLinks
> AllowOverride None
> Require all denied
> 
>
> Also, i have this in vhost include file:
> 
> Options FollowSymLinks
> AllowOverride None
> AllowOverrideList None
> Require all granted
> CUT...
> 
>
> Directory /var/www/development still contain .htaccess files as i do
> not want to remove them.
>
> Documentation
> https://httpd.apache.org/docs/2.4/mod/core.html#allowoverride
> says:
> "When this directive is set to None and AllowOverrideList is set to
> None .htaccess, files are completely ignored. In this case, the server
> will not even attempt to read .htaccess files in the filesystem."
>
> But when i open my vhost, i get 500:
> [Tue Mar 29 01:27:12.868576 2016] [core:alert] [pid 9361:tid [client
> 192.168.1.1:58722] /var/www/development/.htaccess: ErrorDocument not
> allowed here
> As first line of my .htaccess start with ErrorDocument.
>
> And also, any subdirectories that contains .htaccess is failed with 500.
>
> As i see, this is mismatch in documentation?


I can reproduce on 2.4.16: AllowOverride None alone behaves as expected,
but with AllowOverrideList None I get the same error message (" not
allowed here").

+dev@ to get their opinion! Bug in documentation or small fix required? (or
me missing something?)

Luca

Re: Status for 2.4.20

2016-03-29 Thread William A Rowe Jr 
FULL STOP.

The next person to demand the last word of this thread will be iptables
deleted
from existence at a.o.  Can you all appreciate that ~2000 people have to
read
all of your pissing contests?  This is simply not acceptable.

Be done with it.

Re: Status for 2.4.20

2016-03-29 Thread Noel Butler 


your short memory returns again, thank you, as that terminates any and 
all prior agreements we had about (not) responding to each other and 
your diatribe, the flood gates have now opened.


But as for this post, so it seems I did, I probably stopped reading half 
way, my care factor isnt all that high



On 29/03/2016 18:47, Reindl Harald wrote:


you did



--
If you have the urge to reply to all rather than reply to list, you best
first read  http://members.ausics.net/qwerty/

Re: core.c error

2016-03-29 Thread Jim Jagielski 

> On Mar 29, 2016, at 5:26 PM, Yann Ylavic  wrote:
> 
> On Tue, Mar 29, 2016 at 11:04 PM, Jim Jagielski  wrote:
>> The fix is to add parens as needed to make the intent clear.
> 
> Why parens? strcmp(cmd->path, "/") != 0 looks better than
> !(strcmp(cmd->path, "/") == 0), IMHO.

that's fine as well... :)

Re: core.c error

2016-03-29 Thread Yann Ylavic 
On Tue, Mar 29, 2016 at 11:04 PM, Jim Jagielski  wrote:
> The fix is to add parens as needed to make the intent clear.

Why parens? strcmp(cmd->path, "/") != 0 looks better than
!(strcmp(cmd->path, "/") == 0), IMHO.

Re: core.c error

2016-03-29 Thread Jim Jagielski 
The fix is to add parens as needed to make the intent clear.

> On Mar 29, 2016, at 3:26 PM, Yann Ylavic  wrote:
> 
> On Tue, Mar 29, 2016 at 9:14 PM, Jim Jagielski  wrote:
>> Looks like clang had been updated and a new error warning:
>> 
>> core.c:2410:14: error: logical not is only applied to the left hand side of 
>> this comparison
>>  [-Werror,-Wlogical-not-parentheses]
>>else if (!strcmp(cmd->path, "/") == 0)
>> ^   ~~
>> core.c:2410:14: note: add parentheses after the '!' to evaluate the 
>> comparison first
>>else if (!strcmp(cmd->path, "/") == 0)
>> ^
>>  (  )
>> core.c:2410:14: note: add parentheses around left hand side expression to 
>> silence this warning
>>else if (!strcmp(cmd->path, "/") == 0)
>> ^
>> (  )
> 
> Hmm, this is incidentally the logic we want (actually
> strcmp(cmd->path, "/") != 0), AFAICT...

Re: core.c error

2016-03-29 Thread Yann Ylavic 
On Tue, Mar 29, 2016 at 9:14 PM, Jim Jagielski  wrote:
> Looks like clang had been updated and a new error warning:
>
> core.c:2410:14: error: logical not is only applied to the left hand side of 
> this comparison
>   [-Werror,-Wlogical-not-parentheses]
> else if (!strcmp(cmd->path, "/") == 0)
>  ^   ~~
> core.c:2410:14: note: add parentheses after the '!' to evaluate the 
> comparison first
> else if (!strcmp(cmd->path, "/") == 0)
>  ^
>   (  )
> core.c:2410:14: note: add parentheses around left hand side expression to 
> silence this warning
> else if (!strcmp(cmd->path, "/") == 0)
>  ^
>  (  )

Hmm, this is incidentally the logic we want (actually
strcmp(cmd->path, "/") != 0), AFAICT...

core.c error

2016-03-29 Thread Jim Jagielski 
Looks like clang had been updated and a new error warning:

core.c:2410:14: error: logical not is only applied to the left hand side of 
this comparison
  [-Werror,-Wlogical-not-parentheses]
else if (!strcmp(cmd->path, "/") == 0)
 ^   ~~
core.c:2410:14: note: add parentheses after the '!' to evaluate the comparison 
first
else if (!strcmp(cmd->path, "/") == 0)
 ^
  (  )
core.c:2410:14: note: add parentheses around left hand side expression to 
silence this warning
else if (!strcmp(cmd->path, "/") == 0)
 ^
 (  )

Re: svn commit: r1736510 - /httpd/httpd/branches/2.4.x/STATUS

2016-03-29 Thread Jeff Trawick 
On Tue, Mar 29, 2016 at 12:22 PM, Yann Ylavic  wrote:

> On Thu, Mar 24, 2016 at 10:23 PM,   wrote:
> > Author: trawick
> > Date: Thu Mar 24 21:23:00 2016
> > New Revision: 1736510
> >
> > URL: http://svn.apache.org/viewvc?rev=1736510&view=rev
> > Log:
> > HTTP_BAD_GATEWAY -> MODSSL_ERROR_BAD_GATEWAY
> >
> > Modified:
> > httpd/httpd/branches/2.4.x/STATUS
> >
> > +  *) mod_ssl: Return 502 instead of 500 when SSL peer check or
> > + proxy_post_handshake hook fails.
> > + Trunk patch: r1645529 (works)
> > + 2.4.x patch which adds CHANGES:
> https://emptyhammock.com/media/downloads/r1645529-to-2.4.x.txt
> > + +1: trawick
>
> In 2.4.x (not trunk), ssl_io_filter_error() seems to finally create an
> HTTP_BAD_REQUEST error bucket for the MODSSL_ERROR_BAD_GATEWAY case,
> shouldn't we also backport r1416589?
>

Something is happening in trunk that causes 500 to be returned when an
error is returned in that area of code.  I'll try to debug that soon, as
the answer for further trunk sync depends on which part of trunk is
resulting in 500 :)

-- 
Born in Roswell... married an alien...
http://emptyhammock.com/

Re: svn commit: r1736510 - /httpd/httpd/branches/2.4.x/STATUS

2016-03-29 Thread Yann Ylavic 
On Thu, Mar 24, 2016 at 10:23 PM,   wrote:
> Author: trawick
> Date: Thu Mar 24 21:23:00 2016
> New Revision: 1736510
>
> URL: http://svn.apache.org/viewvc?rev=1736510&view=rev
> Log:
> HTTP_BAD_GATEWAY -> MODSSL_ERROR_BAD_GATEWAY
>
> Modified:
> httpd/httpd/branches/2.4.x/STATUS
>
> +  *) mod_ssl: Return 502 instead of 500 when SSL peer check or
> + proxy_post_handshake hook fails.
> + Trunk patch: r1645529 (works)
> + 2.4.x patch which adds CHANGES: 
> https://emptyhammock.com/media/downloads/r1645529-to-2.4.x.txt
> + +1: trawick

In 2.4.x (not trunk), ssl_io_filter_error() seems to finally create an
HTTP_BAD_REQUEST error bucket for the MODSSL_ERROR_BAD_GATEWAY case,
shouldn't we also backport r1416589?

Re: Status for 2.4.20

2016-03-29 Thread Reindl Harald 


Am 29.03.2016 um 09:37 schrieb Noel Butler:

On 29/03/2016 01:06, William A Rowe Jr wrote:

@Everyone on this thread - keep it civil.
On Fri, Mar 25, 2016 at 10:13 PM, Noel Butler mailto:noel.but...@ausics.net>> wrote:

On 25/03/2016 19:52, Graham Leggett wrote:

On 23 Mar 2016, at 1:58 PM, Noel Butler
mailto:noel.but...@ausics.net>> wrote:

as stated previously, this shit will happen when certain
people push with a release often mentality

AFAIK there is *ZERO* critical exploit bugs to be patched
by any pending release, so lets get house in order  S T A
B L E , then worry about releases, jesus christ, we are
not ubuntu or redhat with set programs to release every 3
or 6 months regardless if shit is ready or not.


It sounds like you're making drama where there is none.

sounds like you only look at this from one perspective, and thats
not of the users, especially, the larger users.


Going by this, I've not seen some posts, Bills reply makes it appear I
said the above, which I didnt


you did

 Weitergeleitete Nachricht 
Betreff: Re: Status for 2.4.20
Datum: Wed, 23 Mar 2016 21:58:18 +1000
Von: Noel Butler 
Antwort an: dev@httpd.apache.org
An: dev@httpd.apache.org

as stated previously, this shit will happen when certain people push
with a release often mentality

AFAIK there is *ZERO* critical exploit bugs to be patched by any pending
release, so lets get house in order S T A B L E , then worry about
releases, jesus christ, we are not ubuntu or redhat with set programs to
release every 3 or 6 months regardless if shit is ready or not.


flame away... IDGAF

 Weitergeleitete Nachricht 
Betreff: Re: Status for 2.4.20
Datum: Sat, 26 Mar 2016 13:13:33 +1000
Von: Noel Butler 
Antwort an: dev@httpd.apache.org
An: dev@httpd.apache.org

On 25/03/2016 19:52, Graham Leggett wrote:
> It sounds like you're making drama where there is none.

sounds like you only look at this from one perspective, and thats not of 
the users, especially, the larger users.




signature.asc
Description: OpenPGP digital signature

Re: Status for 2.4.20

2016-03-29 Thread Noel Butler 
On 29/03/2016 01:06, William A Rowe Jr wrote:

> @Everyone on this thread - keep it civil. 
> 
> On Fri, Mar 25, 2016 at 10:13 PM, Noel Butler  wrote:
> On 25/03/2016 19:52, Graham Leggett wrote:
> On 23 Mar 2016, at 1:58 PM, Noel Butler  wrote:
> 
> as stated previously, this shit will happen when certain people push with a 
> release often mentality
> 
> AFAIK there is *ZERO* critical exploit bugs to be patched by any pending 
> release, so lets get house in order  S T A B L E , then worry about releases, 
> jesus christ, we are not ubuntu or redhat with set programs to release every 
> 3 or 6 months regardless if shit is ready or not. 
> It sounds like you're making drama where there is none.
 sounds like you only look at this from one perspective, and thats not
of the users, especially, the larger users. 

Precisely the point.  If httpd were commercial software, there would
only be 
one perspective, that of the largest users with fairly static
deployments that 
demand very small deltas - those that ensure few if any regressions. 
Smaller  
or more nimble users who need the most recent features are neglected in
that 
scenario. 

Instead httpd does not operate as commercial software, it is open
source. 
When it breaks, you get to keep (and patch) all the pieces.  That's the
origin 
story of this software and our continued model for success.  No amount
of 
pleas that "it shouldn't be that way" are going to change the mindset of
the 
project participants.  Please remember you are a guest on this list. 

When we decided during 1.3.x that things were so shaky (third party
module 
recompilation was frequently necessary during the early 1.3.0-1.3.14
versions) 
that we could do better for user communities. 

Therefore, when we released 2.0 as GA, we declared the ABI stable, and 
proceeded on ABI and API breaking work on a 2.1-dev trunk branch.  We
all 
agreed that 2.1 wouldn't be GA, but we would release 2.2.0 once we
believed 
that branch was ready to be ABI-stable.  That model continues to this
day, 
breaking changes are on 2.5-dev in trunk, and we seek 100% compatibility

on the 2.4.x branch.  There were contentious discussions that led us to
this 
model, but it was driven by competing interests by the developers of
this 
project, who are also users --- as opposed to external "demands". 

We will seek to continue to release early and often, and one of our
current 
faults is that we haven't been releasing 2.5-dev often enough to engage
users 
in the next release series, but pouring most of our energy into wedging
these 
changes back into the 2.4.x branch.  But unlike commercial software and 
many OSS projects, we don't declare 2.4.0 to be "feature complete", and 
we continue to improve it in straightforward ways throughout the 2.4
lifetime. 

If you want to package a stable "product", you can follow the RedHat and

others' model.  Just to take that single example, httpd 2.4.3 is the
released 
flavor by RedHat.  They go to the extra effort to backport fixes-only
and plan 
to support that version for some 10 years or so.  That is why many
larger 
users choose to stick with something like RHEL or CentOS or similar 
distributions which are feature-frozen and much more stable than an
active 
product undergoing constant enhancement. 

Just to wrap up another tl;dr post... others offered you a different
option, 
skip those versions which are too "experimental" for your tastes, and
wait 
for bugs to shake out.  We assert that 2.4.newest is the best available 
version, but in such a large, modular and flexible project, it's
impossible 
to assure that a change set (release) will be an improvement for each
and 
every use case. 

Use the version that is most appropriate to your use case, and seek a  
commercial product if you expect the sort of stasis that your protest 
appears to seek. 

Going by this, I've not seen some posts, Bills reply makes it appear I
said the above, which I didnt, but I'll leave it as I think this thread
has run its course anyway, I've put my comments forward on behalf of
myself and many admins, I accept you only see this as one opinion since
they are not posting here, next time it comes up, I'll put a call on the
other lists for every single one of them to sub to this list and put
their thoughts forward :) 

-- 

If you have the urge to reply to all rather than reply to list, 
you
best first read  http://members.ausics.net/qwerty/