Re: [1.3] printing unsigned 64-bit integer with ap_log_error()

2004-08-24 Thread Andrew Ho 
Heyas,

AH>Is it possible to print a 64-bit unsigned integer using ap_log_error() or
AH>friends? At least on Apache 1.3, it looks like ap_log_error() just calls
AH>ap_snprintf(), which doesn't understand common platform specific variants
AH>like %lld.

Looks like %qd is what I wanted. :)

Humbly,

Andrew

----------
Andrew Ho   http://www.tellme.com/   [EMAIL PROTECTED]
Engineer1-800-555-TELL  Voice 650-930-9062
Tellme Networks, Inc. Fax 650-930-9101
--

[1.3] printing unsigned 64-bit integer with ap_log_error()

2004-08-23 Thread Andrew Ho 
Hello,

Is it possible to print a 64-bit unsigned integer using ap_log_error() or
friends? At least on Apache 1.3, it looks like ap_log_error() just calls
ap_snprintf(), which doesn't understand common platform specific variants
like %lld.

Humbly,

Andrew

--
Andrew Ho   http://www.tellme.com/   [EMAIL PROTECTED]
Engineer1-800-555-TELL  Voice 650-930-9062
Tellme Networks, Inc. Fax 650-930-9101
--

Re: Graceful stop

2004-01-20 Thread Andrew Ho 
Hello,

CM>Why does graceful restart exist? Wouldn't it be better to have
CM>a graceful stop, and then just start a new instance?
CM>...
CM>  * httpd could be upgraded without dropping clients

I don't see how this would work--a graceful stop followed by a start would
mean clients would drop in between the window when you signal the graceful
stop (and Apache therefore stops accepting new requests) and when the new
instance starts.

Humbly,

Andrew

------
Andrew Ho   http://www.tellme.com/   [EMAIL PROTECTED]
Engineer1-800-555-TELL  Voice 650-930-9062
Tellme Networks, Inc. Fax 650-930-9101
--

Re: HTTP_REFERER in mod_ext_filter

2003-07-11 Thread Andrew Ho 
Hello,

CS>Currently, mod_ext_filter doesn't seem to grab all of the environment
CS>variables. One that's notably missing is HTTP_REFERER. But, I can't
CS>figure out where this env variable is set. I searched thru the source
CS>files (*.c and *.h) and the only reference I found was in
CS>modules/ssl/ssl_engine_vars.c and modules/mappers/mod_rewrite.c.

The various HTTP_* environment variables that CGI scripts see are part of
the CGI specification; they correspond specifically to any HTTP request
headers. These are set by ap_add_common_vars() in server/util_script.c.  

You didn't find HTTP_REFERER specifically, because ap_add_common_vars()
just cycles through all request headers (except Authorization and
Proxy-Authorization, for security reasons) and sets appropriately named
environment variables.

There is another function, ap_add_cgi_vars(), in server/util_script.c
which sets REQUEST_URI, SCRIPT_NAME, and all the other CGI variables we
are accustomed to. It looks like mod_ext_filter calls ap_add_cgi_vars()
but not ap_add_common_vars().

Humbly,

Andrew

------
Andrew Ho   http://www.tellme.com/   [EMAIL PROTECTED]
Engineer1-800-555-TELL  Voice 650-930-9062
Tellme Networks, Inc. Fax 650-930-9101
--

Re: [PATCH] ErrorLogsWithVhost for Apache 1.3.28

2003-06-27 Thread Andrew Ho 
Hello,

Just to add to this discussion--

It would be great to have a configuration directive to separate out stderr
messages from messages generated by Apache modules. It's often desirable
to parse error logs to generate statistics on 404s, etc. and stderr output
makes this more difficult.

This would also help the case where you have 100 VirtualHosts, and you
want to use something like ErrorLogsWithVhost to use a single error_log.
You'd want to redirect stderr to a different place for each VirtualHost
(or else you couldn't see which VirtualHost stderr output came from).

Humbly,

Andrew

------
Andrew Ho   http://www.tellme.com/   [EMAIL PROTECTED]
Engineer1-800-555-TELL  Voice 650-930-9062
Tellme Networks, Inc. Fax 650-930-9101
--

Re: HTTP/1.1 requests get HTTP/1.1 responses even with downgrade-1.0(Was: force-response-1.0 ignored for HTTP/1.1 requests)

2003-03-06 Thread Andrew Ho 
Hello,

JT>I went through the same test this a.m. for a customer with some device
JT>that couldn't handle chunked response. For me, using BrowserMatch to
JT>set downgrade-1.0 eliminated the use of chunking in the response.

Interesting. I confirmed on my setup that this works (answers my HTTP/1.1
query with an HTTP/1.0 request) for all incoming requests:

BrowserMatch ^ downgrade-1.0

So I guess that is my workaround for the time being. But I'm still curious
why this presumed equivalent does not work for any incoming requests:

SetEnv downgrade-1.0 1

I browsed through mod_setenv_if.c and it sure looks to me like the
BrowserMatch command should be functionally equivalent to the SetEnv
command (including using 1 as the true value). Indeed, the documentation
at http://httpd.apache.org/docs/env.html#special states that downgrade-1.0
and friends are "invoked by defining environment variables, typically with
BrowserMatch, though SetEnv and PassEnv could also be used."

In src/main/http_request.c, the check for downgrade-1.on line 1218 just
checks that ap_table_get(r->subprocess_env, "downgrade-1.0") is true,
which it should be in both cases. If I print out the environment in the
test CGI being invoked, in both cases I see downgrade_1_0=1. But, when I
put in some debugging statements, I see that in the BrowserMatch case,
ap_table_get(r->subprocess_env, "downgrade-1.0") == 1, but in the SetEnv
case, that same statement returns NULL.

Humbly,

Andrew

------
Andrew Ho   http://www.tellme.com/   [EMAIL PROTECTED]
Engineer1-800-555-TELL  Voice 650-930-9062
Tellme Networks, Inc. Fax 650-930-9101
--

HTTP/1.1 requests get HTTP/1.1 responses even with downgrade-1.0(Was: force-response-1.0 ignored for HTTP/1.1 requests)

2003-03-05 Thread Andrew Ho 
Hello,

JS>The long answer: using downgrade-1.0 will, in fact, force Apache to treat
JS>the request as if it was HTTP/1.0.  It will therefore use only HTTP/1.0
JS>features in the response.  But it will still respond with HTTP/1.1 in the
JS>response line, since this just declares it as an HTTP/1.1 capable server;
JS>it doesn't mean the response itself uses HTTP/1.1 features.

Agreed on HTTP/1.1 declared in the response line; this is what RFC 2616
says should happen. However, I'm seeing behavior different from what you
just described. That is, with downgrade-1.0, I still see Apache respond
with HTTP/1.1 semantics.

On a freshly built Apache 1.3.27 server with downgrade-1.0 set to 1 via a
SetEnv command, I can issue this request:

GET /test.cgi HTTP/1.1
Host: www.example.com

Where test.cgi is just a CGI that prints out the string "OK":

#!/bin/sh
echo "Content-Type: text/plain"
echo
echo "OK"

Apache responds with chunked Transfer-Encoding and keeps the connection
open, clearly HTTP/1.1 behaviors:

HTTP/1.1 200 OK
Date: Thu, 06 Mar 2003 03:33:42 GMT
Server: Apache/1.3.27 (Unix)
Transfer-Encoding: chunked
Content-Type: text/plain

3
OK

0

JS>[This question seems more appropriate for the users list rather than
JS>the developers list.]

Well, I thought of this list because this seems like either a bug, or a
mismatch between the documentation and the actual behavior. I guess my
original subject line was wrong, though, and I've corrected it.

Humbly,

Andrew

------
Andrew Ho   http://www.tellme.com/   [EMAIL PROTECTED]
Engineer1-800-555-TELL  Voice 650-930-9062
Tellme Networks, Inc. Fax 650-930-9101
--

[Apache 1.3] force-response-1.0 ignored for HTTP/1.1 requests

2003-03-05 Thread Andrew Ho 
Hello,

I am dealing with a broken proxy which understands chunked
Transfer-Encoding on the proxy to server side, but does the wrong thing on
the proxy to client side (it sends the "Transfer-Encoding: chunked" header
from the server to proxy response, but sends the content unchunked).

The easiest fix seems to be to always respond with an HTTP/1.0 response. I
tried adding "SetEnv force-response-1.0 Yes" to the Apache server, but if
Apache gets an HTTP/1.1 request (which it does in this case), it continues
to send an HTTP/1.1 response. Additionally setting downgrade-1.0 didn't
change anything.

Is there a way to force Apache to send an HTTP/1.0 response even in
response to an HTTP/1.1 request?

I can send example transactions or open a bug if this would help.

Humbly,

Andrew

----------
Andrew Ho   http://www.tellme.com/   [EMAIL PROTECTED]
Engineer1-800-555-TELL  Voice 650-930-9062
Tellme Networks, Inc. Fax 650-930-9101
--

Re: Graceful shutdown in 2.0

2003-02-05 Thread Andrew Ho 
Hello,

GL>If your proxy machines were being load balanced by an Alteon switch (or 
GL>whatever) you could probably tell the switch to stop sending new 
GL>connections to the proxy in question, while allowing the old connections 
GL>to finish. Of course this is based on whether the Alteon (or whatever) 
GL>config will let you do this of course.

For the Alteons on our production networks, we do exactly this. It works
pretty well.

GL>On the proxy side, maybe some generic function in Apache that is not 
GL>proxy specific could signal Apache to go into a "disabled" state, where 
GL>new connections get "connection refused", while old connections run 
GL>their course. The load balancer I assume would detect this state and 
GL>pass any new requests on to other machines. You could use ./apachectl 
GL>disable and ./apachectl enable to achieve this.

This is exactly the graceful shutdown case that was suggested, which I am
wholeheartedly supportive of. (Cutting off requests that are in service
is, in my opinion, never good; graceful shutdown seems like a really
useful feature to have.)

On a more load balancer specific note, Alteons (and some other load
balancers) use the concept of a health check URL. Our Alteons are
configured for example to check for a specific URL (for example, the
Alteon might do a "GET alteoncheck.txt HTTP/1.0" every 2 seconds).

I had a plan originally to write a handler that accepts requests for this
heartbeat check... on some signal (a particular request? an OS signal?) it
would start returning an error for the heartbeat check case, but keep
servicing all other requests as normal. Eventually, the Alteon would
decide that that machine was bad, and the number of connections would fall
to zero; it would then be safe to take the server out of rotation.

The benefit of this scenario is that you don't have to touch the load
balancer at all to get individual machines in and out of the load
balancer. Also, this type of scenario is far more automatable (rather than
telnetting into, say, a load balancer console interface and navigating
menus, ugh).

Humbly,

Andrew

----------
Andrew Ho   http://www.tellme.com/   [EMAIL PROTECTED]
Engineer   [EMAIL PROTECTED]  Voice 650-930-9062
Tellme Networks, Inc.   1-800-555-TELLFax 650-930-9101
--

Re: A suggested ROADMAP for working 2.1/2.2 forward?

2002-10-18 Thread Andrew Ho 
Hello,

Am I the only person confused by this?

WR>STABLE RELEASES, 2.{odd}.{revision}
WR>
WR>All even numbered releases will be considered stable revisions.

WR>DEVELOPMENT RELEASES, 2.{even}.{revision}
WR>-
WR>All even numbered releases designate the 'next' possible stable release,
WR>therefore te current development version will always be one greater than
WR>the stable release.

Is the former sentence a typo? Shouldn't that say "All odd numbered
releases" under the "STABLE RELEASES" header?

I personally think maintaining stable/dev branches is a fine idea. I like
the x.0 rationale for keeping even numbered versions development, and it
also fits with Apache 1.3.x... but I also think it could be confusing if
many other open source projects use odd numbered versions for development
and Apache is the exception. And while I'm not by any means a core Apache
developer I agree it seems a little premature to vote on this change right
this instant.

Humbly,

Andrew

----------
Andrew Ho   http://www.tellme.com/   [EMAIL PROTECTED]
Engineer   [EMAIL PROTECTED]  Voice 650-930-9062
Tellme Networks, Inc.   1-800-555-TELLFax 650-930-9101
--

Re: [PATCH] (Apache 2) If-None-Match requests always return 304 with FileETag None directive

2002-08-31 Thread Andrew Ho 

Hello,

Boy, it sure would be helpful if I included the patch, wouldn't it?

Humbly,

Andrew

--
Andrew Ho   http://www.tellme.com/   [EMAIL PROTECTED]
Engineer   [EMAIL PROTECTED]  Voice 650-930-9062
Tellme Networks, Inc.   1-800-555-TELLFax 650-930-9101
--


--- http_protocol.c 13 Aug 2002 14:27:39 -  1.454
+++ http_protocol.c 31 Aug 2002 07:37:22 -
@@ -363,7 +363,7 @@
 if (if_nonematch[0] == '*') {
 return HTTP_NOT_MODIFIED;
 }
-if (etag != NULL) {
+if (etag != NULL && *etag) {
 if (apr_table_get(r->headers_in, "Range")) {
 if (etag[0] != 'W'
 && ap_find_list_item(r->pool, if_nonematch, etag)) {

[PATCH] (Apache 2) If-None-Match requests always return 304 withFileETag None directive

2002-08-31 Thread Andrew Ho 

Hello,

I just reported this same bug, with a very similar patch, for Apache 1.3:

http://groups.yahoo.com/group/new-httpd/message/39186

Bug 12207 (http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12207) tracks
this bug in the Apache 2.0 codebase. The original Apache 1.3 error report
is Bug 12202 (http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12202).

Humbly,

Andrew

--
Andrew Ho   http://www.tellme.com/   [EMAIL PROTECTED]
Engineer   [EMAIL PROTECTED]  Voice 650-930-9062
Tellme Networks, Inc.   1-800-555-TELLFax 650-930-9101
--

[PATCH] If-None-Match requests always return 304 with FileETag Nonedirective

2002-08-30 Thread Andrew Ho 

Hello,

You can find further details on the problem in the report I filed in Bug
12202 (http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12202). The short
summary is that if FileETag is set to None, any HTTP request with an
If-None-Match header will result incorrectly in a 304 Not Modified
response from Apache 1.3.

I have attached a simple patch which fixes this.

Humbly,

Andrew

--
Andrew Ho   http://www.tellme.com/   [EMAIL PROTECTED]
Engineer   [EMAIL PROTECTED]  Voice 650-930-9062
Tellme Networks, Inc.   1-800-555-TELLFax 650-930-9101
--


--- http_protocol.c.origFri Aug 30 22:52:19 2002
+++ http_protocol.c Fri Aug 30 22:48:16 2002
@@ -610,7 +610,7 @@
 if (r->method_number == M_GET) {
 if (if_nonematch[0] == '*')
 return HTTP_NOT_MODIFIED;
-if (etag != NULL) {
+if (etag != NULL && *etag) {/* ETag can be "" */
 if (ap_table_get(r->headers_in, "Range")) {
 if (etag[0] != 'W' &&
 ap_find_list_item(r->pool, if_nonematch, etag)) {

Re: Christopher Williamson: URGENT: Bug/compatability issue in Apache 1.3.26

2002-07-03 Thread Andrew Ho 

Hello,

Is there a patch for earlier versions of Apache that fix the chunked
Transfer-Encoding security hole, but nothing else? I know OpenBSD, for
example, has an Apache 1.3.24 in ports that has the chunked
Transfer-Encoding fixed. That would certainly be a good short term
solution for this guy--it doesn't sound like it's a good idea for him to
wait for 1.3.27!

Humbly,

Andrew

------
Andrew Ho   http://www.tellme.com/   [EMAIL PROTECTED]
Engineer   [EMAIL PROTECTED]  Voice 650-930-9062
Tellme Networks, Inc.   1-800-555-TELLFax 650-930-9101
--

Re: Need a new feature: Listing of CGI-enabled directories.

2002-05-31 Thread Andrew Ho 

Hello,

RG>With regards to this it would be most helpful if I could get Apache,
RG>which already has code to parse and analyze Apache configuration files,
RG>to simply spit out a list of all of the CGI-enabled directories that are
RG>specified in a given http.conf file to, say, stdout.

The reason you can't do this easily is because Apache doesn't work this
way. It doesn't ever build up a big list of every directory that has
permission to do foo or bar capability. In real time, it takes requests,
and then it compares those requests against a set of rules to decide
whether foo or bar capability is called for.

I doubt it is a good idea to include this functionality in Apache.

RL>mod_info will tell you some of this. ie. Look for ScriptAlias lines under
RL>mod_alias.c and AddHandler cgi-script lines under mod_mime.c.

RG>I was hoping to find a volunteer to actually hack on this for me. I am
RG>_not_ well versed in Apache internals myself.

So as Rasmus points out, you can parse configuration information either
manually or automatically to achieve a similar goal.

I recommend parsing httpd.conf instead using a script of your own
devising. There are some Perl scripts written by the mod_perl crowd which
will take you 95% of the way to getting good parsing. Try looking on CPAN
for the Apache::ConfigParser or Apache::Admin::Config modules.

But note that the best that you can do is to spit out a big list of files
and directories, which you then must scan the filesystem for using "find"
or an equivalent anyway. And during that scanning you'll have to worry
about whether to, for example, FollowSymLinks.

RG>In the case of FormMail scripts, if the big web hosting companies can
RG>just scan all of their CGI directories for them every night and then
RG>simply `rm' or `chmod ' anything found by the scans of the previous
RG>night every morning, then that will be about 99.9% sufficent to
RG>eliminate the problem.

I think the question is, if all your VirtualHost DocumentRoots and
ScriptAliases are under one big tree anyway, why not scan the entire tree
and be more confident, rather than scanning a subset of it which may not
be that much bigger?

If it is known that ScriptAliases and directories with ExecCGI enabled are
rare, and always have FollowSymLinks disabled, then I suggest the parsing
approach mentioned above.

Humbly,

Andrew

--
Andrew Ho   http://www.tellme.com/   [EMAIL PROTECTED]
Engineer   [EMAIL PROTECTED]  Voice 650-930-9062
Tellme Networks, Inc.   1-800-555-TELLFax 650-930-9101
--

Re: is httpd a valid way to start Apache?

2002-05-16 Thread Andrew Ho 

Hello,

JM>Due to inheritance (export) of environment variables I usually start
JM>Apache after doing a:
JM># for i in `export | cut -f3 -d' '|cut -f1 -d'='`; do export -n $i; done
JM>Which cleans them all up nicely. One reason for doing this is so that
JM>phpinfo() shows all these nice Enviroment variables which could reveal
JM>one thing or the other of some persons setup. Maybe it's an idea to let
JM>the 'startup' program (may it be httpd or apachectl) to filter these
JM>environment variables too ? "they also take up memory", oooh ah :)

In our production environment we also include such functionality in our
apachectl script. For some variables (LD_LIBRARY_PATH for example) it is
essential to do this to make sure things will work, and for others (say,
PATH) it's just annoying to pick up different values depending on who
su'ed before starting a server.

However, I don't know that this should be in the default Apache
distribution. Often you'd want (or need) LD_LIBRARY_PATH or PATH or even
ORACLE_HOME to be inherited on purpose (hence PassEnv).

By the way, as someone who maintains Apache installations on many
platforms, I definitely like moving the pidfile checking out of apachectl.
I like the httpd -k idea to simplify apachectl.

Humbly,

Andrew

--
Andrew Ho   http://www.tellme.com/   [EMAIL PROTECTED]
Engineer   [EMAIL PROTECTED]  Voice 650-930-9062
Tellme Networks, Inc.   1-800-555-TELLFax 650-930-9101
--

Benchmarks for Apache 1.3.24 versus Apache 2.0.35

2002-04-15 Thread Andrew Ho 

Hello,

I ran some benchmarks on Apache 1.3.24 versus Apache 2.0.35 that you may
find interesting. Particularly, I found the worker MPM suffers performance
issues on our dual-processor Solaris x86 systems. pbinding Apache to a
single processor improves performance at higher concurrency levels, but in
a somewhat unpredictable way.

The benchmarks are naive (so far using only ab to select a small 1k text
file), but probably generally representative.

The benchmarks can be found here:

http://www.zeuscat.com/andrew/work/aprbench/

If benchmarks shouldn't be posted to this list, I apologize in advance;
please reply to me privately and I won't do it again when I rerun some
more refined tests.

Humbly,

Andrew

------
Andrew Ho   http://www.tellme.com/   [EMAIL PROTECTED]
Engineer   [EMAIL PROTECTED]  Voice 650-930-9062
Tellme Networks, Inc.   1-800-555-TELLFax 650-930-9101
--