Re: Authentication

[Jerry Baker]

Greg Stein says:
 On Tue, Oct 01, 2002 at 11:13:55PM -0600, Jerry Baker wrote:
 Jerry Baker says:
  Jerry Baker says:
Yet, when I access that directory, I am just given an empty directory
listing. No prompt for a username or pass.
  
  Nevermind. It's just something else that DAV broke. Turning off DAV
  fixed the problem.
 
 Please accept my apologies for the spam. The problem is not with DAV, 
 but with LimitExcept GET HEAD POST. When I remove the LimitExcept 
 directive, basic authentication works again. Makes no difference whether 
 Dav On or Dav Off.
 
 Right. You were saying require authentication *except* for those methods,
 so (of course) a GET request would not demand a user/pass.

Except for that directory is configured to require authentication. See 
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13218

-- 
Jerry Baker

Re: Authentication

[Jerry Baker]

André Malo says:
 * Jerry Baker wrote:
 
 Except for that directory is configured to require authentication. See
 http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13218
 
 Location sections override Directory, see
 http://httpd.apache.org/docs-2.0/sections.html#mergin
 
 Sorry, I can't believe, that it worked ever before the way you
 described. Are you sure, that you've changed nothing else?

Absolutely. My config file backups show that before yesterday, I hadn't 
changed anything in that file for 5 months.

-- 
Jerry Baker

Re: Authentication

[Jerry Baker]

André Malo says:
 Sorry, I can't believe, that it worked ever before the way you
 described. Are you sure, that you've changed nothing else?

So Location matches are even more important than .htaccess matches? That 
doesn't make sense. I would think that a directive in .htaccess is 
always more specific than one in the config files.

-- 
Jerry Baker

Re: Authentication

[Jerry Baker]

André Malo says:
 Sorry, I can't believe, that it worked ever before the way you
 described. Are you sure, that you've changed nothing else?

If there's no way to have a LimitExcept *and* separate directories 
requiring authentication for everything, how in the world could you have 
a DAV enabled server while still being able to restrict directories with 
authentication requirements?

-- 
Jerry Baker

Re: Authentication

[Jerry Baker]

Joshua Slive says:
 This has the effect of leaving GET unrestricted, according to the bug
 report.  Is this correct behavior?  It seems like, since the other methods
 are not change by the limitexcept, the require should still apply to
 them.

That's what I thought at first, but there are two ways of looking at it. 
At first I looked at LimitExcept as a negative declaration. Negative in 
the sense that it meant ignore GET HEAD POST for the following 
directives. Instead, Apache is treating it as a positive declaration 
that is saying, do not limit GET HEAD POST. It's a fine distinction, 
but one that may cause confusion.

-- 
Jerry Baker

Re: Authentication

[Jerry Baker]

Joshua Slive says:
 This has the effect of leaving GET unrestricted, according to the bug
 report.  Is this correct behavior?  It seems like, since the other methods
 are not change by the limitexcept, the require should still apply to
 them.

I agree. The LimitExcept directive implies that the limit will apply to 
everything with the exception of what follows (POST, HEAD, GET, etc.). 
Except is negative in nature - meaning exclusion. It implies that 
nothing will be done to those requests since the directive says they are 
to be excluded. Since Apache uses the LimitExcept directive to apply 
some sort of context to the HTTP requests in that directive, it's not 
really excluding those requests from the directive. It's semantics, but 
important ones.

Users get clues about how config directives work by the meaning of the 
words used. In this case, except is misleading. It should be changed 
to DontLimit GET HEAD POST. There is a difference.

-- 
Jerry Baker

Authentication

[Jerry Baker]

Currently, authentication is broken with the standard Windows config 
file and current HEAD. Where is the documentation on the complete 
mess-up of the auth modules and how to get it working again?

Thanks.

-- 
Jerry Baker

Re: Authentication

[Jerry Baker]

Jerry Baker says:
  Yet, when I access that directory, I am just given an empty directory
  listing. No prompt for a username or pass.

Nevermind. It's just something else that DAV broke. Turning off DAV
fixed the problem.

-- 
Jerry Baker

Re: Authentication

[Jerry Baker]

Jerry Baker says:
 Jerry Baker says:
   Yet, when I access that directory, I am just given an empty directory
   listing. No prompt for a username or pass.
 
 Nevermind. It's just something else that DAV broke. Turning off DAV
 fixed the problem.

Please accept my apologies for the spam. The problem is not with DAV, 
but with LimitExcept GET HEAD POST. When I remove the LimitExcept 
directive, basic authentication works again. Makes no difference whether 
Dav On or Dav Off.

-- 
Jerry Baker

Re: Authentication

[Jerry Baker]

Jerry Baker says:
 Currently, authentication is broken with the standard Windows config 
 file and current HEAD. Where is the documentation on the complete 
 mess-up of the auth modules and how to get it working again?

Perhaps I should be more clear. I have a directory containing an 
.htaccess file. The config for this directory includes AllowOverride 
All. The contents of the .htaccess are:

AuthUserFile D:/Web Sites/www/users.pwd
AuthName Protected Area
AuthType Basic
Require valid-user

I have the following modules loaded in the httpd.conf:

mod_authn_anon.so
mod_authn_dbm.so
mod_authn_default.so
mod_authn_file.so
mod_authz_dbm.so
mod_authz_default.so
mod_authz_groupfile.so
mod_authz_host.so
mod_authz_user.so
mod_auth_basic.so
mod_auth_digest.so

Yet, when I access that directory, I am just given an empty directory 
listing. No prompt for a username or pass.

-- 
Jerry Baker

POST

[Jerry Baker]

For some reason POST doesn't work with the latest HEAD. I can't say when 
it stopped working, but I can tell you that GET works. If I have a form 
and set the action to GET, the script runs flawlessly. If I set the same 
form's action to POST, Apache returns the source of the Perl script as 
if it were text/plain. I was surprised that Apache was giving out the 
source code to my scripts, and now I'm afraid to imagine for how long it 
has been doing this.

-- 
Jerry Baker

Re: POST

[Jerry Baker]

Justin Erenkrantz says:
 I could not reproduce your problem in my tests.  Do you have a clear
 reproduction case?  (POSTing to a DAV resource for me yields a 404.)

Here's the relevant parts of my conf:

ScriptAlias /cgi-bin/ C:/www/cgi-bin/
Location /
Dav On
AuthUserFile
AuthName
AuthType Basic
   LimitExcept GET HEAD POST
   require valid-user
   /LimitExcept
/Location

-- 
Jerry Baker

Re: [Win32] Compiling error missing apr-iconv.h

[Jerry Baker]

Juergen Heckel says:
 Hi,
 since 6 days I can't compile the latest snapshots:-(
 I get the following error:
 
 
 apr_uri.c
 xlate.c
 F:\Projects\MSVC\httpd-2.0\srclib\apr-util\xlate\xlate.c(83) : fatal
 error C1083: Cannot open include file: 'apr_iconv.h': No such file or
 directory
 apr_xml.c
 Generating Code...
 Error executing cl.exe.
 
 Apache.exe - 1 error(s), 5 warning(s)
 
 Juergen

There is now an additional module you have to checkout from CVS. In 
addition to http-2.0, apr, and apr-util, you need to check out 
apr-iconv. I use the following:

cvs -z3 co httpd-2.0
cd httpd-2.0\srclib
cvs -z3 checkout apr
cvs -z3 checkout apr-util
cvs -z3 checkout apr-iconv

Re: HTTP 403 served as text/plain

[Jerry Baker]

Greg Ames says:

Jerry Baker wrote:
 
 Using the current CVS, Apache 2.0.40-dev is sending HTTP 403 messages as
 text/plain.
 
 When I set up a deny from [my ip], I get a plain text message that looks
 like this:
 
 !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN
 htmlhead
 title403 Forbidden/title

yeah, we have hacks on top of hacks in ap_send_error_response and functions it
calls, resulting in content-type being set in the wrong request_req sometimes
when we put out canned error messages.  I tried cleaning up some of the hacks a
while back, but it was more complex than I thought.  I suppose we could just
focus on getting the content-type and other related fields set in the correct
request_req and make it look prettier at the browser.

Greg

  

Incidentally, it was fixed at some point after this email, and before 07-16.

HTTP 403 served as text/plain

[Jerry Baker]

Using the current CVS, Apache 2.0.40-dev is sending HTTP 403 messages as 
text/plain.

When I set up a deny from [my ip], I get a plain text message that looks 
like this:

!DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN
htmlhead
title403 Forbidden/title
/headbody
h1Forbidden/h1
pYou don't have permission to access /mozilla/voting/Berkjg;ljfg
on this server./p
pAdditionally, a 403 Forbidden
error was encountered while trying to use an ErrorDocument to handle the request./p
hr /
addressApache/2.0.40-dev Server at jerbaker.dhs.org Port 80/address
/body/html

Re: Christopher Williamson: URGENT: Bug/compatability issue in Apache 1.3.26

[Jerry Baker]

Aaron Bannert wrote:
 
 On Wed, Jul 03, 2002 at 03:15:51PM -0400, Rodent of Unusual Size wrote:
  I can feel their pain..
 
 Same here, I'm sympathetic. I think that it might be beneficial to
 introduce an Enable old behavior for backward-compatibility mode, for
 just these occasions where we have altered the behaviour of the server
 to be more strict on protocol parsing.
 
 -aaron

Can't they offer a patch for their existing user base? I'm not
unsympathetic, but introducing these kind of hacks seems like it would
make the code grow more complicated with each change in server behavior.

-- 
Jerry Baker

Re: Christopher Williamson: URGENT: Bug/compatability issue in Apache 1.3.26

[Jerry Baker]

Aaron Bannert wrote:
 
  Can't they offer a patch for their existing user base? I'm not
  unsympathetic, but introducing these kind of hacks seems like it would
  make the code grow more complicated with each change in server behavior.
 
 That might work in some cases, but if they are under a controlled/hosting
 environment, it is unlikely that their hosts will allow unchecked patches
 to be applied to the server. It just seems to me like one of those times
 where we inadvertently broke the principle of least surprise.
 
 -aaron

I meant a patch to their product, not Apache.

-- 
Jerry Baker

Re: URL parsing changed between 1.3.23 and 1.3.26?

[Jerry Baker]

Garey Mills wrote:
 
 NOTE: The URL will not work as it stands because it points to a
 web application and needs to have a session established. But I guarantee
 that it does work in 1.3.23 and not in 1.3.26, both having mod_ssl and
 a special module called 'mod_webz' enabled.

The URL has spaces in it. That is a big no no for one. URL's with spaces
only work in IE even though the HTTP specification prohibits them.

-- 
Jerry Baker

Re: [PATCH] Start Making Documentation Valid XHTML

[Jerry Baker]

Jerry Baker wrote:
 
 This patch covers the root of ../docs/manual only. It does not cover any
 subdirectories.
 
 This patch fixes numerous errors that caused the documents to fail XHTML
 validation.
 
 --
 Jerry Baker
 
   
Name: docs-manual.patch.gz
docs-manual.patch.gzType: application/x-gzip
Encoding: base64

Is there some other way that I should be submitting doc patches?

-- 
Jerry Baker

Bug 8730 - RotateLogs Doesn't

[Jerry Baker]

This is marked as fixed, but it still doesn't work here with HEAD. ?

-- 
Jerry Baker

Re: SSLRequireSSL Doesn't Work?

[Jerry Baker]

Cliff Woolley wrote:
 
 On Tue, 25 Jun 2002, Jerry Baker wrote:
 
directive in a Directory container in the SSL virtual host container
and I was also able to gain access via HTTP. WTH?
  
   I don't suppose you have Satisfy Any in effect, do you?
 
  No sir.
 
 Hmph.  Well, maybe it's just busted.  :)  I'll try to take a peek tomorrow
 if I have time.
 
 --Cliff

I see what it is. AllowOverride must be set in each and every virtual
host. It does not carry over from the default server config. This was
causing my .htaccess not to be read.


-- 
Jerry Baker

Virtual Hosts Docs Bug?

[Jerry Baker]

The doc at http://httpd.apache.org/docs-2.0/vhosts/name-based.html has a
misleading statement.

Configuration directives set in the main server context
(outside any VirtualHost container) will be used only
if they are not overriden by the virtual host settings.

This led me to the erroneous conclusion that any directive set in the
main server config would be applied to all virtual hosts unless
explicitly overridden in a particular virtual host config. This is not
the case. There are a few directives that are not carried over from the
default config at all. The options that I have noticed do not carry over
are Options, Alias, and AllowOverride. I'm sure there are more.

-- 
Jerry Baker

Re: Virtual Hosts Docs Bug?

[Jerry Baker]

Joshua Slive wrote:
 
 Jerry Baker wrote:
  The doc at http://httpd.apache.org/docs-2.0/vhosts/name-based.html has a
  misleading statement.
 
Configuration directives set in the main server context
(outside any VirtualHost container) will be used only
if they are not overriden by the virtual host settings.
 
  This led me to the erroneous conclusion that any directive set in the
  main server config would be applied to all virtual hosts unless
  explicitly overridden in a particular virtual host config. This is not
  the case. There are a few directives that are not carried over from the
  default config at all. The options that I have noticed do not carry over
  are Options, Alias, and AllowOverride. I'm sure there are more.
 
 No.  The docs above are correct in genearl.  The only exception I can
 think of is mod_rewrite when the inherit rewriteoption is not set.
 
 Most likely, you have a configuration problem.  Otherwise, you have
 found a bug in the code, not the documentation.
 
 Joshua.

I am open to providing my config files over private email to anyone
willing to take a look at this. I don't think there are any errors in
the configs, but I may easily be mistaken.

-- 
Jerry Baker

SSLRequireSSL Doesn't Work?

[Jerry Baker]

I placed an .htaccess file in a directory with this directive in it and
I was able to access it through HTTP anyway. I then tried putting the
directive in a Directory container in the SSL virtual host container
and I was also able to gain access via HTTP. WTH?

-- 
Jerry Baker

Re: SSLRequireSSL Doesn't Work?

[Jerry Baker]

Cliff Woolley wrote:
 
 On Mon, 24 Jun 2002, Jerry Baker wrote:
 
  I placed an .htaccess file in a directory with this directive in it and
  I was able to access it through HTTP anyway. I then tried putting the
  directive in a Directory container in the SSL virtual host container
  and I was also able to gain access via HTTP. WTH?
 
 I don't suppose you have Satisfy Any in effect, do you?
 
 --Cliff

No sir.

-- 
Jerry Baker

[PATCH] Start Making Documentation Valid XHTML

[Jerry Baker]

This patch covers the root of ../docs/manual only. It does not cover any
subdirectories.

This patch fixes numerous errors that caused the documents to fail XHTML
validation.

-- 
Jerry Baker


docs-manual.patch.gz
Description: GNU Zip compressed data

HEAD Executes CGI on HEAD

[Jerry Baker]

Is it correct for Apache to be executing includes when a HEAD request is
issued for a document that contains includes?

-- 
Jerry Baker

Re: SSL Error in Head

[Jerry Baker]

William A. Rowe, Jr. wrote:
 
 Just a thought... make sure you are using the very same *.dll's for ssleay32
 and libeay32 ... perhaps they are different.  Also make sure you use the very
 same build flags (NO_WHATEVER) for mod_ssl.dsp that you use when you
 build openssl.  See httpd.apache.org/docs-2.0/platform/win_compiling.html
 for my comments.

No different dll's or flags.

 unexpected error makes me ask if things just aren't out of sync, before
 even digging in.  I'll check mozilla RC1 again and bump to RC3.  BTW - there
 is no unpatched XP box in the mix, is there?

Yes. I thought the XP thing was an error with chunking. Anyways, IE6
works fine and it does HTTP 1.1 also.

 
 At 02:27 AM 6/1/2002, Jerry Baker wrote:
 I'm getting SSL errors with Mozilla 1.0RC3. Netscape 4.79 and IE6 appear
 to work ok.
 
 SSL Library Error: 336151538 error:140943F2:SSL
 routines:SSL3_READ_BYTES:sslv3 alert unexpected message
 
 Any ideas?
 


-- 
Jerry Baker

Re: SSL Error in Head

[Jerry Baker]

Jerry Baker wrote:
 
 William A. Rowe, Jr. wrote:
 
  Just a thought... make sure you are using the very same *.dll's for ssleay32
  and libeay32 ... perhaps they are different.  Also make sure you use the very
  same build flags (NO_WHATEVER) for mod_ssl.dsp that you use when you
  build openssl.  See httpd.apache.org/docs-2.0/platform/win_compiling.html
  for my comments.
 
 No different dll's or flags.
 
  unexpected error makes me ask if things just aren't out of sync, before
  even digging in.  I'll check mozilla RC1 again and bump to RC3.  BTW - there
  is no unpatched XP box in the mix, is there?
 
 Yes. I thought the XP thing was an error with chunking. Anyways, IE6
 works fine and it does HTTP 1.1 also.

Let me rephrase that. IE6 works most of the time, but the errors I do
see in IE6 do not prompt error messages to pop up in the browser, nor do
they cause entries in the error log. The IE6 errors are see under SSL
are things like images only loading halfway and the access log shows a
206 for those images.

The Mozilla error caused a pop-up alert from Mozilla itself that said
the server sent an unexpected value. The error log contained what I sent
here.

-- 
Jerry Baker

Re: libhttpd.dsp use of xcopy /y breaks compile on NT 4.0

[Jerry Baker]

Bill Stoddard wrote:
 
 Heads-up. I am backing out this patch to get compiles on NT 4.0 working again.

Is there some reason why xcopy is preferred over copy on Win32? If so,
you can set COPYCMD=/Y. Windows NT should ignore this, but xcopy on
platforms that support the /Y switch will pick it up.

-- 
Jerry Baker

Re: [PATCH] Re: libhttpd.dsp use of xcopy /y breaks compile on NT 4.0

[Jerry Baker]

Bill Stoddard wrote:
 
 This patch seems to work ok on both NT 4.0 and 2K. I don't know what's going on with 
the
 USERDEP change though... (from USERDEP__WIN32 to USERDEP_GEN_T).

Does MSVC really spawn a new shell for every command? I wouldn't be
surprised, but if not, the env CMDCOPY should only need to be set once.

-- 
Jerry Baker

Re: cvs commit: httpd-dist README.html

[Jerry Baker]

Aaron Bannert wrote:
 
 On Thu, May 23, 2002 at 06:45:03PM -, [EMAIL PROTECTED] wrote:
  slive   02/05/23 11:45:02
 ...
+pDo not download from www.apache.org.  Please use a mirror site
+   to help use save apache.org bandwidth.
+   a href=http://www.apache.org/dyn/closer.cgi/httpd/;Go
here to find your nearest mirror./a/p
 
 May I suggest that we put this notice in HEADER.html? Otherwise
 it shows up underneath the links that allow downloads from apache.org
 directly, which means that many people won't even see the message.
 
 -aaron

I think another thing to address is that the mirrors are not true
mirrors of the Apache dist site. The have different directory trees
which may confuse people into just getting it from apache.org.

-- 
Jerry Baker

Win32 Build Failure

[Jerry Baker]

Configuration: ApacheMonitor - Win32 Release
Linking...
ApacheMonitor.obj : error LNK2001: unresolved external symbol __imp__CoUninitialize@0
ApacheMonitor.obj : error LNK2001: unresolved external symbol __imp__CoInitialize@4
Release/ApacheMonitor.exe : fatal error LNK1120: 2 unresolved externals
Error executing link.exe.

Apache.exe - 3 error(s), 0 warning(s)

-- 
Jerry Baker

Re: 2.0.36

[Jerry Baker]

William A. Rowe, Jr. wrote:
 
 Not acked.  Would anyone care to reread the notes at /dist/httpd/ and
 /dist/httpd/binaries/win32/ and see if they can figure out how someone
 fails to get from 'here' to 'there'?  As I just revised 'em, apparently my
 reasoning was incomplete. Another set of eyes would be great.

Well, http://www.apache.org/dist/httpd/binaries/win32/ says:

The two -no_src versions, both the .exe and .msi installers DO NOT
contain the source code. There is no other difference, and if you do not
know the C language, or have no C compiler installed, these versions are
faster to download. There is no other difference between these packages
and the -src .msi version.

There is no -no_src version there that I can see. Just
apache_2.0.36-win32-x86-no_ssl.msi.

-- 
Jerry Baker

Re: 2.0.36

[Jerry Baker]

Jerry Baker wrote:
 
 There is no -no_src version there that I can see. Just
 apache_2.0.36-win32-x86-no_ssl.msi.
 
 --
 Jerry Baker

It took me reading that a few times to realize that it was only
applicable to the 1.3.X releases. I'm not sure how to make it more clear
though.

-- 
Jerry Baker

Re: FW: suggestion

[Jerry Baker]

 From: Professor of Information Technologies [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Subject: suggestion
 Date: Wed, 31 May 2000 00:23:40 -0400
 
 How about a default distribution of robots.txt that
 blocks email siphon programs like
 
 www.extractorpro.com and any others you can
 find?
 
 I think they're a menace, and I suspect most
 users of your server software would agree...
 
 a

Couldn't hurt, but does anybody think that people unscrupulous enough to
strip-mine the Web for potential spam victims will develop some
principles wrt robots.txt? I doubt it.

-- 
Jerry Baker

Apache.dsw Lost mod_deflate

[Jerry Baker]

mod_deflate moved from ../modules/experimental to ../modules/filters.
The apache.dsw file still thinks it should be in /experimental.

-- 
Jerry Baker

[PATCH] Re: Apache.dsw Lost mod_deflate (and makefile.win)

[Jerry Baker]

The following appears to work fine here.

Index: Apache.dsw
===
RCS file: /home/cvspublic/httpd-2.0/Apache.dsw,v
retrieving revision 1.79
diff -u -r1.79 Apache.dsw
--- Apache.dsw  1 May 2002 15:23:13 -   1.79
+++ Apache.dsw  7 May 2002 07:35:14 -
 -750,7 +750,7 
 
 ###
 
-Project: mod_deflate=.\modules\experimental\mod_deflate.dsp - Package Owner=4
+Project: mod_deflate=.\modules\filters\mod_deflate.dsp - Package Owner=4
 
 Package=5
 {{{

Index: Makefile.win
===
RCS file: /home/cvspublic/httpd-2.0/Makefile.win,v
retrieving revision 1.98
diff -u -r1.98 Makefile.win
--- Makefile.win29 Apr 2002 19:53:55 -  1.98
+++ Makefile.win7 May 2002 07:40:11 -
 -81,8 +81,8 
 !IF EXIST(srclib\zlib)
 
 _tryzlib:
-!IF EXIST(modules\experimental\mod_deflate.mak)
-   cd modules\experimental
+!IF EXIST(modules\filters\mod_deflate.mak)
+   cd modules\filters
$(MAKE) $(MAKEOPT) -f mod_deflate.mak CFG=mod_deflate - Win32 $(LONG) 
RECURSE=0 .\$(LONG)\mod_deflate.so
cd ..\..
 !ELSE
 -208,11 +208,11 
 $(MAKE) $(MAKEOPT) -f mod_mem_cache.mak   CFG=mod_mem_cache - Win32 $(LONG) 
RECURSE=0 $(CTARGET)
 $(MAKE) $(MAKEOPT) -f mod_disk_cache.mak  CFG=mod_disk_cache - Win32 
$(LONG) RECURSE=0 $(CTARGET)
 $(MAKE) $(MAKEOPT) -f mod_ext_filter.mak  CFG=mod_ext_filter - Win32 
$(LONG) RECURSE=0 $(CTARGET)
+   cd ..\..
+   cd modules\filters
 !IF EXIST(srclib\zlib)
 $(MAKE) $(MAKEOPT) -f mod_deflate.mak CFG=mod_deflate - Win32 $(LONG) 
RECURSE=0 $(CTARGET)
 !ENDIF
-   cd ..\..
-   cd modules\filters
 $(MAKE) $(MAKEOPT) -f mod_include.mak CFG=mod_include - Win32 $(LONG) 
RECURSE=0 $(CTARGET)
cd ..\..
cd modules\generators
 -459,7 +459,7 
}
 }
 
-   copy modules\experimental\$(LONG)\mod_deflate.so $(INSTDIR)\modules .y
+   copy modules\filters\$(LONG)\mod_deflate.so $(INSTDIR)\modules .y
 !ENDIF
copy support\$(LONG)\htdbm.exe $(INSTDIR)\bin .y
copy support\$(LONG)\htdigest.exe $(INSTDIR)\bin .y

-- 
Jerry Baker

Win32 Build Failure (mod_rewrite.c)

[Jerry Baker]

Anyone aware of this?

-
Compiling...
mod_rewrite.c
D:\Apache\httpd-2.0\modules\mappers\mod_rewrite.c(967) : warning C4013: 
'unixd_set_global_mutex_perms' undefined; assuming extern returning int
Linking...
   Creating library Release/mod_rewrite.lib and object Release/mod_rewrite.exp
mod_rewrite.obj : error LNK2001: unresolved external symbol 
_unixd_set_global_mutex_perms
Release/mod_rewrite.so : fatal error LNK1120: 1 unresolved externals
Error executing link.exe.

Apache.exe - 2 error(s), 1 warning(s)
-

-- 
Jerry Baker

InstallBin Error

[Jerry Baker]

 copy modules\experimental\Release\mod_ext_filter.so \Apache2\modules
.y
The system cannot find the file specified.
NMAKE : fatal error U1077: 'copy' : return code '0x1'
Stop.
Error executing NMAKE.

Apache.exe - 1 error(s), 4 warning(s)

All I did was run InstallBin - Build Apache.exe.

-- 
Jerry Baker

Re: Final bump and roll of 2.0.36

[Jerry Baker]

Sander Striker wrote:
 
 Hi,
 
 I've done the final bump. Files marked with a [T] have made it to the
 roll.  Files marked with [-] haven't.  I have included the logs of the
 changes for your convenience. Lines marked RM: are lines with my commentary.
 
 Tarballs are available at:
   httpd.apache.org/dev/dist/
 
 I haven't had the time to create zipfiles yet, sorry.
 
 Please test and vote accordingly ;)
 
 Sander

I assume that pulling the APACHE_2_0_36 tag gets me the same things
as the aforementioned tarballs? If so, built and ran on Windows XP ok.

PS - There is some trouble with a couple of the awk actions on
Windows XP at least. The following lines from makefile.win
result in a crash:

awk -f script.awk  srclib\openssl\LICENSE  $(INSTDIR)\LICENSE.txt
awk -f script.awk docs\conf\httpd-win.conf $(INSTDIR)\conf\httpd.default.conf 
$(INSTDIR)
awk -f script.awk support\dbmmanage.in $(INSTDIR)\bin\dbmmanage.pl

Each one of these lines causes the following error:

The NTVDM CPU has encountered an illegal instruction. CS:0596 IP:001d
OP: ff ff ff ff ff Chose 'Close' to terminate the application.

Don't worry too much. This has been going on for quite some time.

-- 
Jerry Baker

Re: Final bump and roll of 2.0.36

[Jerry Baker]

Jerry Baker wrote:
 
 Don't worry too much. This has been going on for quite some time.
 

Nevermind. Sorry. It was a problem with the Cygwin awk.exe. It isn't
really an executable, but a symlink to gawk.exe. Problem is that Windows
doesn't have symlinks. Renaming gawk.exe to awk.exe fixed it. :::stupid
redhat:::


-- 
Jerry Baker

Re: Final bump and roll of 2.0.36

[Jerry Baker]

William A. Rowe, Jr. wrote:
 
 Ok... now I see your second post - tack on this discrepancy and retitle
 the bug Some versions of awk disagree with Win32 builds.

Cygwin Awk Incompatible With Apache Build
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8726

-- 
Jerry Baker

Re: Apache 1.3: avoid virus attack logging

[Jerry Baker]

Günter Knauf wrote:
 
 Hi all,
 I (and many others) use the following for getting virus attacks into attack_log 
instead of access_log:
 
 # configuration to direct logging of virus attacks to separate log
 # make sure you comment out your old CustomLog directive!
 # for more information refer to /manual/mod/mod_setenvif.html
 
 SetEnvIfNoCase Request_URI default\.ida?|root\.|cmd\.exe is_attack
 
 CustomLog logs/access_log common env=!is_attack
 CustomLog logs/attack_log common env=is_attack
 
 this works fine when I test from browser, but when the virus tries to access 
default.ida it is still logged in the access_log. The only difference you can see in 
the log is that the virus access is with HTTP/1.0 while my access from browser is 
with HTTP/1.1;
 now my question:
 is it possible that this the reason why the above config doesnt work as I expect??
 
 Guenter.

Escape the question mark. That might help.

-- 
Jerry Baker

Re: Apache 2.0.* and SSL

[Jerry Baker]

Eli Marmor wrote:
 
 Contrary to past versions, this one is a dramatic change in the
 integration of SSL. No more patches, no more re-compilations with
 -DEAPI, no more 3rd party modules which cause Apache to crash because
 these modules were not compiled using this flag, no more specific
 versions of mod_ssl per each version of Apache, no more repeating
 merges of the patches of mod_ssl.

Except that SSL stopped working for me in 2.0-something. I had it set up
back around 2.0.16 or so, but somewhere along the line it just stopped
working. Any attempt to load an https URL from my server in my browser
would yield Document contained no data and the ErrorLog would read
Invalid method in request €I
.

-- 
Jerry Baker

Re: 2.0.34 up-to-date wrt cvs HEAD

[Jerry Baker]

William A. Rowe, Jr. wrote:
 
 The 2.0.34 tag is now refreshed to cvs HEAD, please test and report
 before we go ahead a roll in a day or so.
 
 Bill

Can't build from CVS at 10:08 -0700. Here is the error:

Compiling...
apr_brigade.c
D:\Apache\httpd-2.0\srclib\apr-util\buckets\apr_brigade.c(434) : error C2152: 
'function' : pointers to functions with different attributes
D:\Apache\httpd-2.0\srclib\apr-util\buckets\apr_brigade.c(434) : warning C4024: 
'apr_bucket_heap_create' : different types for formal and actual parameter 3
apr_buckets.c
apr_buckets_eos.c
D:\Apache\httpd-2.0\srclib\apr-util\buckets\apr_buckets_eos.c(80) : error C2152: '=' : 
pointers to functions with different attributes
apr_buckets_file.c
D:\Apache\httpd-2.0\srclib\apr-util\buckets\apr_buckets_file.c(168) : error C2152: 
'function' : pointers to functions with different attributes
D:\Apache\httpd-2.0\srclib\apr-util\buckets\apr_buckets_file.c(168) : warning C4024: 
'apr_bucket_heap_make' : different types for formal and actual parameter 4
D:\Apache\httpd-2.0\srclib\apr-util\buckets\apr_buckets_file.c(179) : error C2152: '=' 
: pointers to functions with different attributes
D:\Apache\httpd-2.0\srclib\apr-util\buckets\apr_buckets_file.c(214) : error C2152: '=' 
: pointers to functions with different attributes
apr_buckets_flush.c
D:\Apache\httpd-2.0\srclib\apr-util\buckets\apr_buckets_flush.c(80) : error C2152: '=' 
: pointers to functions with different attributes
apr_buckets_heap.c
D:\Apache\httpd-2.0\srclib\apr-util\buckets\apr_buckets_heap.c(96) : error C2152: '=' 
: pointers to functions with different attributes
D:\Apache\httpd-2.0\srclib\apr-util\buckets\apr_buckets_heap.c(122) : error C2152: '=' 
: pointers to functions with different attributes
apr_buckets_mmap.c
D:\Apache\httpd-2.0\srclib\apr-util\buckets\apr_buckets_mmap.c(114) : error C2152: '=' 
: pointers to functions with different attributes
apr_buckets_pipe.c
D:\Apache\httpd-2.0\srclib\apr-util\buckets\apr_buckets_pipe.c(99) : error C2152: 
'function' : pointers to functions with different attributes
D:\Apache\httpd-2.0\srclib\apr-util\buckets\apr_buckets_pipe.c(99) : warning C4024: 
'apr_bucket_heap_make' : different types for formal and actual parameter 4
D:\Apache\httpd-2.0\srclib\apr-util\buckets\apr_buckets_pipe.c(145) : error C2152: '=' 
: pointers to functions with different attributes
apr_buckets_pool.c
D:\Apache\httpd-2.0\srclib\apr-util\buckets\apr_buckets_pool.c(153) : error C2152: '=' 
: pointers to functions with different attributes
D:\Apache\httpd-2.0\srclib\apr-util\buckets\apr_buckets_pool.c(168) : error C2152: '=' 
: pointers to functions with different attributes
apr_buckets_refcount.c
apr_buckets_simple.c
D:\Apache\httpd-2.0\srclib\apr-util\buckets\apr_buckets_simple.c(112) : error C2152: 
'=' : pointers to functions with different attributes
D:\Apache\httpd-2.0\srclib\apr-util\buckets\apr_buckets_simple.c(152) : error C2152: 
'=' : pointers to functions with different attributes
apr_buckets_socket.c
D:\Apache\httpd-2.0\srclib\apr-util\buckets\apr_buckets_socket.c(102) : error C2152: 
'function' : pointers to functions with different attributes
D:\Apache\httpd-2.0\srclib\apr-util\buckets\apr_buckets_socket.c(102) : warning C4024: 
'apr_bucket_heap_make' : different types for formal and actual parameter 4
D:\Apache\httpd-2.0\srclib\apr-util\buckets\apr_buckets_socket.c(140) : error C2152: 
'=' : pointers to functions with different attributes
apr_sha1.c
apr_dbm.c
apr_dbm_berkeleydb.c
apr_dbm_gdbm.c
apr_dbm_sdbm.c
apr_base64.c
apr_hooks.c
apr_date.c
Generating Code...
Compiling...
apr_rmm.c
sdbm.c
sdbm_hash.c
sdbm_lock.c
sdbm_pair.c
apr_uri.c
apr_xml.c
Generating Code...
Error executing cl.exe.

Apache.exe - 17 error(s), 4 warning(s)

-- 
Jerry Baker

Re: 2.0.34 up-to-date wrt cvs HEAD

[Jerry Baker]

Cliff Woolley wrote:
 
 On Sun, 31 Mar 2002, Jerry Baker wrote:
 
  D:\Apache\httpd-2.0\srclib\apr-util\buckets\apr_brigade.c(434) : error C2152: 
'function' : pointers to functions with different attributes
  D:\Apache\httpd-2.0\srclib\apr-util\buckets\apr_brigade.c(434) : warning C4024: 
'apr_bucket_heap_create' : different types for formal and actual parameter 3
  apr_buckets.c
  apr_buckets_eos.c
 
 Are you sure you have the most up-to-date version of apr_buckets.h?
 
 --Cliff
 
 --
Cliff Woolley
[EMAIL PROTECTED]
Charlottesville, VA

All I did was this:

cvs -z6 co httpd-2.0
cd httpd-2.0\srclib
cvs -z6 checkout apr
cvs -z6 checkout apr-util

and then built it.

It was a fresh pull so everything was as up-to-date as CVS is.

-- 
Jerry Baker

Re: 2.0.34 up-to-date wrt cvs HEAD

[Jerry Baker]

Cliff Woolley wrote:
 
 On Sun, 31 Mar 2002, Jerry Baker wrote:
 
  cvs -z6 co httpd-2.0
  cd httpd-2.0\srclib
  cvs -z6 checkout apr
  cvs -z6 checkout apr-util
 
 Odd do this for me.
 
 cd httpd-2.0\srclib\apr
 type include\CVS\Entries
 type buckets\CVS\Entries
 
 and send me the result.  I just have to be sure we're looking at the same
 things.  :)
 
 Thanks,
 Cliff
 
 --
Cliff Woolley
[EMAIL PROTECTED]
Charlottesville, VA

/.cvsignore/1.4/Sat Feb 10 11:59:58 2001//
/.indent.pro/1.1/Tue Aug 24 05:50:42 1999//
/ap_compat.h/1.4/Wed May 23 13:56:34 2001//
/ap_config.h/1.67/Wed Mar 13 20:47:42 2002//
/ap_listen.h/1.30/Wed Mar 13 20:47:42 2002//
/ap_mmn.h/1.41/Fri Mar 29 08:17:19 2002//
/ap_mpm.h/1.33/Wed Mar 13 20:47:42 2002//
/ap_release.h/1.57/Tue Mar 26 20:41:11 2002//
/http_config.h/1.96/Wed Mar 27 22:42:16 2002//
/http_connection.h/1.54/Fri Mar 29 08:17:19 2002//
/http_core.h/1.64/Wed Mar 20 02:05:42 2002//
/http_log.h/1.33/Wed Mar 13 20:47:42 2002//
/http_main.h/1.22/Wed Mar 13 20:47:42 2002//
/http_protocol.h/1.75/Fri Mar 29 08:17:19 2002//
/http_request.h/1.39/Wed Mar 13 20:47:42 2002//
/http_vhost.h/1.14/Wed Mar 13 22:34:45 2002//
/httpd.h/1.182/Fri Mar 29 08:17:19 2002//
/mpm_common.h/1.36/Fri Mar 29 16:21:48 2002//
/pcreposix.h/1.3/Sun Mar 11 14:54:13 2001//
/rfc1413.h/1.8/Wed Mar 13 20:47:42 2002//
/scoreboard.h/1.46/Fri Mar 29 16:21:48 2002//
/util_cfgtree.h/1.8/Wed Mar 13 20:47:42 2002//
/util_charset.h/1.9/Wed Mar 13 20:47:42 2002//
/util_ebcdic.h/1.13/Wed Mar 13 20:47:42 2002//
/util_filter.h/1.71/Wed Mar 13 20:47:42 2002//
/util_ldap.h/1.5/Wed Mar 13 20:47:42 2002//
/util_md5.h/1.19/Wed Mar 13 20:47:42 2002//
/util_script.h/1.17/Sat Mar 23 23:19:40 2002//
/util_time.h/1.5/Thu Mar 21 10:10:40 2002//
/util_xml.h/1.9/Wed Mar 13 20:47:42 2002//

There are multiple buckets directories so I am not sure which one you
want. I'll include srclib/apr-util/buckets:

/.cvsignore/1.1/Sat Dec  2 16:13:48 2000//
/Makefile.in/1.16/Fri Mar 29 08:12:08 2002//
/apr_brigade.c/1.37/Fri Mar 29 08:12:08 2002//
/apr_buckets.c/1.55/Wed Mar 13 20:40:46 2002//
/apr_buckets_alloc.c/1.4/Sat Mar 30 12:43:07 2002//
/apr_buckets_eos.c/1.33/Fri Mar 29 08:12:08 2002//
/apr_buckets_file.c/1.66/Fri Mar 29 22:29:19 2002//
/apr_buckets_flush.c/1.25/Fri Mar 29 08:12:08 2002//
/apr_buckets_heap.c/1.42/Fri Mar 29 22:19:03 2002//
/apr_buckets_mmap.c/1.48/Fri Mar 29 08:12:08 2002//
/apr_buckets_pipe.c/1.46/Fri Mar 29 22:29:19 2002//
/apr_buckets_pool.c/1.28/Fri Mar 29 22:19:02 2002//
/apr_buckets_refcount.c/1.19/Wed Mar 13 20:40:46 2002//
/apr_buckets_simple.c/1.38/Fri Mar 29 08:12:08 2002//
/apr_buckets_socket.c/1.36/Fri Mar 29 08:12:08 2002//

-- 
Jerry Baker

Re: 2.0.34 up-to-date wrt cvs HEAD

[Jerry Baker]

Cliff Woolley wrote:
 
 On Sun, 31 Mar 2002, Jerry Baker wrote:
 
  cvs -z6 co httpd-2.0
  cd httpd-2.0\srclib
  cvs -z6 checkout apr
  cvs -z6 checkout apr-util
 
 Odd do this for me.
 
 cd httpd-2.0\srclib\apr
 type include\CVS\Entries
 type buckets\CVS\Entries
 
 and send me the result.  I just have to be sure we're looking at the same
 things.  :)
 
 Thanks,
 Cliff
 
 --
Cliff Woolley
[EMAIL PROTECTED]
Charlottesville, VA

Oh...and apr_buckets.h:

/apr_buckets.h/1.133/Fri Mar 29 08:12:08 2002//

-- 
Jerry Baker

Re: 2.0.34 up-to-date wrt cvs HEAD

[Jerry Baker]

Cliff Woolley wrote:
 
 On Sun, 31 Mar 2002, Jerry Baker wrote:
 
   cd httpd-2.0\srclib\apr
 I meant to say apr-util...
 
  There are multiple buckets directories so I am not sure which one you
  want. I'll include srclib/apr-util/buckets:
 
 But anyway this was what I wanted.  I'm just more confused than ever now.
 The versions you list should all be perfectly fine... I don't know.  I'll
 look closer when I get back in a few hours.  scratches head..
 
 --Cliff
 
 --
Cliff Woolley
[EMAIL PROTECTED]
Charlottesville, VA

The entire build log is available for viewing:

http://jerbaker.dhs.org/InstallBin.html

-- 
Jerry Baker

Re: 2.0.34 up-to-date wrt cvs HEAD

[Jerry Baker]

William A. Rowe, Jr. wrote:
 
 The 2.0.34 tag is now refreshed to cvs HEAD, please test and report
 before we go ahead a roll in a day or so.
 
 Bill

Pulled and built the APACHE_2_0_34 tag successfully. Still has the .var
file content-type bug, but other than that it appears ok.

-- 
Jerry Baker

HTTP 404 Served As text/plain UPDATE

[Jerry Baker]

I just noticed something about this problem. If you request
/nonexistentfile.html then the error response is sent back with
text/html, but if you request /nonexistentfile then it still comes back
as text/plain.

-- 
Jerry Baker

Re: 2.0.34 tag planned for 1200 PST 03-26-02

[Jerry Baker]

William A. Rowe, Jr. wrote:
 
 With no objections ... I'll grab a tag at the appointed time and we can
 spend a day differing over what patches should be rolled in/rolled out
 of that tag for a real candidate.
 
 Bill

I know I have no meaningful say in the matter, but shouldn't a beta be
able to serve an ErrorDocument with the correct content-type? The bug
still exists.

-- 
Jerry Baker

Re: HTTP 404 Served As text/plain UPDATE

[Jerry Baker]

Jerry Baker wrote:
 
 I just noticed something about this problem. If you request
 /nonexistentfile.html then the error response is sent back with
 text/html, but if you request /nonexistentfile then it still comes back
 as text/plain.
 
 --
 Jerry Baker

Not only that. If you request /nonexistentfile.exe, it gets sent back as
application/octet-stream. The ErrorDocument is being returned with
whatever content-type matches the file extension of the requested
document. I doubt many people want to download the ErrorDocument in the
case that they request a non-existent application/octet-stream URI.

-- 
Jerry Baker

Re: server-status

[Jerry Baker]

Daniel Abad wrote:
 
 Hi all!
 
 I´m having a little problem with server-status that it´s returning me
 forbidden every time i try it. Below you can see my configuration in
 httpd.conf, and the error returned in the logs.
 
 Location /server-status
 SetHandler server-status
 Order deny,allow
 Deny from all
 Allow from localhost
 /Location
 
 [Sun Mar 17 18:24:59 2002] [error] [client 127.0.0.1] client denied by
 server configuration: /home/vhosts/l
 
 As you can see i´m using mod_vhosts compiled into apache, and also mod_info
 and mod_status. The strange thing is when i open the permition to Allow all
 and coment the deny line, it works fine, but for security reasons it can´t
 happens.
 
 Anyone can help me?
 
 Thaks in advanced.
 
 Dan.

Try changing localhost to 127.0.0.1. I imagine that Apache never
sees that your machine is called localhost since it is probably not
set up to resolve IP addresses accessing it.

-- 
Jerry Baker

Re: Apache 2.0.34-dev Sends Wrong Content-Type

[Jerry Baker]

William A. Rowe, Jr. wrote:
 
 Jerry Baker wrote:
  Apache 2.0.33-dev (from CVS today) crashes if I request a non-existent
  file.
 
 Filtering just changed significantly... fixed as of this morning [late
 last evening, actually.
 
 Please try cvs up and if you can repeat, email [EMAIL PROTECTED]
 
 Thanks Jerry!

Apache 2.0.34-dev pulled from CVS today is sending text/plain as the
content-type on 404 responses. See example below:

HTTP/1.1 404 Not Found
Date: Thu, 07 Mar 2002 21:23:10 GMT
Server: Apache/2.0.34-dev (Win32)
Vary: accept-language
Content-Length: 794
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

This, or course, makes the 404 response appear as a screen full of HTML
code instead of how it should.

-- 
Jerry Baker

Re: [PATCH] Re: Apache 2.0.34-dev Sends Wrong Content-Type on 404

[Jerry Baker]

[EMAIL PROTECTED] wrote:
 
 I think this is a general problem with get_canned_error_string - something
 like the following should fix that

This patch does not appear to remedy the problem here on Win32.

-- 
Jerry Baker

Re: [PATCH] Re: Apache 2.0.34-dev Sends Wrong Content-Type on 404

[Jerry Baker]

[EMAIL PROTECTED] wrote:
 
 I think this is a general problem with get_canned_error_string - something
 like the following should fix that

Do you think that Apache is not reading the HTTP_NOT_FOUND.html.var file
correctly which explicitly states that it should be text/html?

-- 
Jerry Baker

Re: [PATCH] Re: Apache 2.0.34-dev Sends Wrong Content-Type on 404

[Jerry Baker]

[EMAIL PROTECTED] wrote:
 
 On Thu, 7 Mar 2002, Jerry Baker wrote:
 
  Do you think that Apache is not reading the HTTP_NOT_FOUND.html.var file
  correctly which explicitly states that it should be text/html?
 
 is it showing the content from that var file?  what is the content you are
 seeing (the plain html).
 
 sterling

Straight out of the var file (from the en section).

-- 
Jerry Baker

2.0.25 Problem with SSI

[Jerry Baker]

I have a script that does this on Windows 2000:

foreach (`tracert -h 20 $ip`) {
chomp $_;
print $_ . br;

}

If I include this in an SSI with include virtual Apache inserts the
HTTP headers into the SSI document as well.

Re: [PATCH] Add mod_gz to httpd-2.0

[Jerry Baker]

Ryan Bloom wrote:
 
 You know what's really funny?  Every time this has been brought up before,
 the Apache core has always said, if you want to have gzip'ed data, then
 gzip it when you create the site.  That way, your computer doesn't have to
 waste cycles while it is trying hard to serve requests.  I personally stand by
 that statement.  If you want to use gzip, then zip your data before putting it
 on-line.  That doesn't help generated pages, but perl can already do gzip, as
 can PHP.

Gzip'ing html into files is a hopeless waste of disk space and clutter.
That means for every file you have to have a gzipped and non-gzipped
version for browsers that cannot handle it. Then you have to configure
Apache to check for and serve the proper file to the proper browser. It
makes Web page maintenance a severe PITA as you have to re-gzip a doc
everytime it is modified and upload both files.

-- 
Jerry Baker

PGP Key: http://www.jerrybaker.org/pgp.html

LAME MP3 Encoder Binaries: http://www.jerrybaker.org/lame/
Apache 2.0 Web server Installer: http://www.jerrybaker.org/apache/

Re: 2.0.25 on FreeBSD 4.2-R -- 404 returns text/plain error page

[Jerry Baker]

William A. Rowe, Jr. wrote:
 
 I'll try reproducing on Win32.
 
 [Dang me for testing with IE!  Mozilla from now on, promise!!!  Whatever
 happened to that little 'show http headers' feature from Mozilla .91???]

I dunno, but I have a tiny little VB utility to get HTTP headers without
having to do the whole telnet thing. Lemme know if you want it.

-- 
Jerry Baker

PGP Key: http://www.jerrybaker.org/pgp.html

LAME MP3 Encoder Binaries: http://www.jerrybaker.org/lame/
Apache 2.0 Web server Installer: http://www.jerrybaker.org/apache/

Re: Fw: HTTP response problem on 2.0.24

[Jerry Baker]

William A. Rowe, Jr. wrote:
 
  This is the reason that the huge number of folks offering their 'binaries' irks
  me.

Here's the problem: On *nix machines you can get a compiler for free and
figure out how to use it. If you can figure out how to use it, then
you're probably smart enough to know what you're getting into by
building an alpha quality product. With the Windows platform the
compiler costs a minimum of $100+. That is out of the range for many
qualified persons to afford (I couldn't even afford it now). It is also
out of the range of persons who primarily run *nix but do some testing
on Windows. That is the reason for my binaries. It is not to let anyone
and everyone download Apache. If I knew of a way to stop unqualified
individuals from downloading it I would do it. Do you know any way?

PS - Sorry for the OT spam, but I could not find these posts on my NNTP
server.

-- 
Jerry Baker

PGP Key: http://www.jerrybaker.org/pgp.html

LAME MP3 Encoder Binaries: http://www.jerrybaker.org/lame/
Apache 2.0 Web server Installer: http://www.jerrybaker.org/apache/