adding HTTP Headers

[Jaime Teng]

Hi,

As I am developing WEB Applications with Apache and modperl, 
it came to my attention that there are some pages that I can
'ALLOW' the browser to cache the pages; I was able to do just
that with modperl by sending out this HTTP Header from within
the perl scripts:

print "Cache-Control: max-age=21600\cM\cJ";
print "Content-Type: text/html\cM\cJ\cM\cJ";

But how do I add something similar to static HTML pages? 
On IIS4/5, there is a "CUSTOM HTTP Header" and "Content Expiration" 
settings.

Is there a similar setting with Apache?

Jaime

Re: Implementing security in CGI

[Roger Espel Llima]

On Sat, Apr 22, 2000 at 02:28:44PM -0600, dreamwvr wrote:
 hi, most likely you will want to shut down cookies and use another
 method as per advisories that currently there is a problem with
 javascript and cookies when both enabled. b.t.w. exploder has simular
 problems so since javascript is nice to have cookies are a problem
 these days. besides most clueful users these days have cookies turned
 off..

OTOH, cookies give you instant-logout, just clear the cookie.  URL
rewriting is nice and works everywhere, but it has its problems too:

. the back button logs ou back in (not nice if someone else can touch
  your computer)  (that's assuming we don't want to do a db check on
  every page)

. e-mail a URL to someone else, and they're logged in as you

. if you tie it to an IP to prevent the above, you break dynamic cache
  setups

IMO a nice way to get this done is to send a cookie with each page, so
by the time the user tries to log in, we know if cookies are on or not.
If they're on, send a cookie; if not, turn on URL rewriting.

As for JavaScript, don't get me started on sites that require it for
navigation

-- 
Roger Espel Llima, [EMAIL PROTECTED]
http://www.iagora.com/~espel/index.html

Re: Implementing security in CGI

[Kee Hinckley]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

At 2:28 PM -0600 4/22/00, dreamwvr wrote:
to have cookies are a problem these days. besides most clueful users 
these days
have cookies turned off..

The percentage of "clueful" users is extremely small.  Furthermore, 
since the vast majority of commercial sites that require login use 
cookies, it has pretty much reached the point where it's impossible 
for people to accomplish real work without cookies on.  So the 
benefits outweigh the risk.  I blow away any cookies that don't match 
the URL of the site I am visiting (primarily ads), but the rest I 
have to keep.  Otherwise I can't get work done.
- -- 

Kee Hinckley - Somewhere Consulting Group - Cyberspace Architects(rm)

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 6.5.2 for non-commercial use http://www.pgp.com

iQA+AwUBOQRCiyZsPfdw+r2CEQLXrACXfKad637QdN7dE5JALy40xUADPQCdGsp7
LQ4oGq1EHNd1A29sm7u4DWk=
=ueqb
-END PGP SIGNATURE-

Re: adding HTTP Headers

[Jeff Beard]

http://www.w3.org/TR/html4/struct/global.html#edef-META

Checkout the subheading on META and HTTP headers.

--Jeff

At 05:18 PM 4/24/00, Jaime Teng wrote:
Hi,

As I am developing WEB Applications with Apache and modperl,
it came to my attention that there are some pages that I can
'ALLOW' the browser to cache the pages; I was able to do just
that with modperl by sending out this HTTP Header from within
the perl scripts:

print "Cache-Control: max-age=21600\cM\cJ";
print "Content-Type: text/html\cM\cJ\cM\cJ";

But how do I add something similar to static HTML pages?
On IIS4/5, there is a "CUSTOM HTTP Header" and "Content Expiration"
settings.

Is there a similar setting with Apache?

Jaime



Jeff Beard
___
Web:www.cyberxape.com
Phone:  303.443.9339
Location:   Boulder, CO, USA

gensym()

[Matt Sergeant]

Is it necessary to use gensym() in a PerlHandler() - it doesn't seem
necessary to me. The book says "Ordinary bareword filehandles are prone to
namespace clashes". Is that the case for a perl module? I don't think
so. When I do:

open(FH, $filename) || die "Open failed: $!";

I get *__PACKAGE__::FH. Which can't ever clash with something else unless
some rogue script trys to create a new package with the same name. But
even then, under the current model those scripts can't be executing at the
same time. And under the mod_perl 2.0 model the script will be executing
in a different parse tree, so they will be different *FH's there too.

So do I have to use gensym(), or not?

-- 
Matt/

Fastnet Software Ltd. High Performance Web Specialists
Providing mod_perl, XML, Sybase and Oracle solutions
Email for training and consultancy availability.
http://sergeant.org http://xml.sergeant.org

Re: gensym()

[Randal L. Schwartz]

 "Matt" == Matt Sergeant [EMAIL PROTECTED] writes:

Matt So do I have to use gensym(), or not?

As long as you are aware of the package in which the symbol ends up, I
can't see how it'd matter.  And nobody uses string indirect
filehandles ($x = 'FH'; print $x 'hello') these days, we'd hope.

-- 
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
[EMAIL PROTECTED] URL:http://www.stonehenge.com/merlyn/
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

Re: gensym()

[Matt Sergeant]

On 24 Apr 2000, (Randal L. Schwartz) wrote:

  "Matt" == Matt Sergeant [EMAIL PROTECTED] writes:
 
 Matt So do I have to use gensym(), or not?
 
 As long as you are aware of the package in which the symbol ends up, I
 can't see how it'd matter.  And nobody uses string indirect
 filehandles ($x = 'FH'; print $x 'hello') these days, we'd hope.

Nope, but often I do use the TomC "my $fh = do { local *FH; };" method,
because I hate those ugly HANDLE capital letters everywhere - they use up
more bytes than lower case ones... ;-)

-- 
Matt/

Fastnet Software Ltd. High Performance Web Specialists
Providing mod_perl, XML, Sybase and Oracle solutions
Email for training and consultancy availability.
http://sergeant.org http://xml.sergeant.org

: tags

[Dennis]

Hey 

Have anybody heard of 
:''some 
perl 
code'' 
 or 

: 
''some perl 
code'' 

tags? 


If so, what module is 
responsible for handling those ? 

I think it looks something like SSI, but SSI has 
different style of tags and SSI didn't work with those. or maybe it's a 
different SSI.
Do you know anything about it ? 

thanks,
Denn

Re: gensym()

[Nathan Torkington]

Matt Sergeant writes:
 Nope, but often I do use the TomC "my $fh = do { local *FH; };" method,
 because I hate those ugly HANDLE capital letters everywhere - they use up
 more bytes than lower case ones... ;-)

When you have 5.6.0, it's even easier:

  my $fh;
  open($fh, " foobar") or die;
  # $fh autovivified to a filehandle

Whee!  You can even use the 3-arg open for maximum delight.

Nat

Re: [OT] Lotus Domino as Web server ?

[Andy Johnson]

Gunther Birznieks wrote:

 Why do you need to settle on one or the other?

 Anyway, the only reason you need Domino IMHO is because you have linked in
 with other Lotus notes applications. However, if this is a public site not
 an intranet, I would strongly urge them not to use this short cut for
 putting apps out there. Lotus Notes apps are badly slapped together front
 ends on top of apps written on another computing paradigm (client
 server)... which don't mix well.


I wholeheartedly agree.  The only reason to even consider using Domino for a
web site is if the company in question already has a lot of Notes applications
and don't want to port them to something else.  If they're only considering
using Domino, tell them "DON'T."


 However, if that argument is not being listened to, you can use the
 engineering tact. Sneak apache in there with mod_proxy and mod_rewrite and
 follow Stas' guide on having backend versus front end servers.

Even if they insist on using Domino, using Apache as the front-end is highly
desirable, because Domino is relatively slow (compared to Apache) and web sites
running from Apache will be *much* easier to deal with in the long run.

After having used Domino in my organization, I must say that if I had to do it
again, I wouldn't.  To get what I needed done, I ended up writing a Java
servlet, and Domino's Java servlet engine is much inferior to, well,
practically everything else.  Unless you're planning to mass migrate
practically *everything* to Notes apps, Domino is just *too much* for your
typical web site.

Unknown Error Message

[yoav]

Hi,

I keep getting the following error in the error_log:

panic: POPSTACK
Callback called exit.

What does this mean? They always come together :)

Thanks,
Yoav

Re: Implementing security in CGI

[Vivek Khera]

 "d" == dreamwvr  [EMAIL PROTECTED] writes:

d to have cookies are a problem these days. besides most clueful
d users these days have cookies turned off..

According to what survey?  I'd like to see some real numbers before
abandoning a very useful technique.

"I heard it on TV so it must be true" =~ s/TV/Internet/;

And what exactly does turning off javascript have to do with using
cookies?  Nothing as far as I know unless you're silly enough to use
javascript to set your cookies.

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Vivek Khera, Ph.D.Khera Communications, Inc.
Internet: [EMAIL PROTECTED]   Rockville, MD   +1-301-545-6996
PGP  MIME spoken herehttp://www.kciLink.com/home/khera/

Re: Installing mod_perl when other things are required, too.

[Vivek Khera]

 "FA" == Forrest Aldrich [EMAIL PROTECTED] writes:

FA simple ./configure --switch to enable them.   I didn't see anything for 
FA mod_perl in the INSTALL, and it seemed there were a lot of manual things to 
FA be done, which made me think I wasn't reading it correctly.

FA What's the magic incantation?

Um, I pretty much do "perl Makefile.PL; gmake install" and then go
over to apache's src directory and type "make install".

If you need anything more complex, then you add options to the "perl
Makefile.PL" step.

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Vivek Khera, Ph.D.Khera Communications, Inc.
Internet: [EMAIL PROTECTED]   Rockville, MD   +1-301-545-6996
PGP  MIME spoken herehttp://www.kciLink.com/home/khera/

Re: Implementing security in CGI

[Matt Sergeant]

On Sat, 22 Apr 2000, dreamwvr wrote:

 hi,
most likely you will want to shut down cookies and use another method as per
 advisories that currently there is a problem with javascript and cookies when 
 both enabled. b.t.w. exploder has simular problems so since javascript is nice 
 to have cookies are a problem these days. besides most clueful users these days
 have cookies turned off..

I don't think that's true. Even supposedly clueful sites like slashdot
have used cookies from day 1 (back when most of its visitors _were_
clueful).

-- 
Matt/

Fastnet Software Ltd. High Performance Web Specialists
Providing mod_perl, XML, Sybase and Oracle solutions
Email for training and consultancy availability.
http://sergeant.org http://xml.sergeant.org

Re: Implementing security in CGI

[dreamwvr]

On Mon, 24 Apr 2000, Vivek Khera wrote:
  "d" == dreamwvr  [EMAIL PROTECTED] writes:
 
 d to have cookies are a problem these days. besides most clueful
 d users these days have cookies turned off..
 
 According to what survey?  I'd like to see some real numbers before
 abandoning a very useful technique.
 
 "I heard it on TV so it must be true" =~ s/TV/Internet/;
 
 And what exactly does turning off javascript have to do with using
 cookies?  Nothing as far as I know unless you're silly enough to use
 javascript to set your cookies.
usally nothing but now everything as per bugtraq advisory.. what this means is
javascript code is inserted into a cookie that is living on a client and
executed there.. they can therefore read your bookmarks and so on..
Regards,
[EMAIL PROTECTED]
-- 
 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Vivek Khera, Ph.D.Khera Communications, Inc.
 Internet: [EMAIL PROTECTED]   Rockville, MD   +1-301-545-6996
 PGP  MIME spoken herehttp://www.kciLink.com/home/khera/
-- 
___

** DREAMWVR.COM - TOTAL INTERNET SERVICES 
TOTAL DESIGN - DEVELOPMENT - INTEGRATION - SECURITY - Click Here..
http://www.dreamwvr.com/services/MAX_SEC.html
DREAMWVR.COM - The Console of Many... 90 Topics Covered
http://www.dreamwvr.com/dynamicduo.html mailto:[EMAIL PROTECTED]
- LINUX-MANDRAKE Solution Provider and North American Distributor -
PRODUCT OF THE YEAR!
http://www.dreamwvr.com/mandrake/mandrake-main.html
"===0 PGP Key Available 
*** "As Unique as the Company You Keep." *
"If anyone speaks from DREAMWVR.COM its certainly not me:-)"

Re: Implementing security in CGI

[Marc Slemko]

On Mon, 24 Apr 2000, Matt Sergeant wrote:

 On Sat, 22 Apr 2000, dreamwvr wrote:
 
  hi,
 most likely you will want to shut down cookies and use another method as per
  advisories that currently there is a problem with javascript and cookies when 
  both enabled. b.t.w. exploder has simular problems so since javascript is nice 
  to have cookies are a problem these days. besides most clueful users these days
  have cookies turned off..
 
 I don't think that's true. Even supposedly clueful sites like slashdot
 have used cookies from day 1 (back when most of its visitors _were_
 clueful).

Don't go holding slashdot up as a great example.  They is a perfect
example of what not to do.  Last I checked, and this is probably still
true, anyone could make a post that, when read, stole the password of the
user reading it if they were logged in at the time.

slashdot does everything wrong.  They allow user posts to be read by
others without properly filtering or encoding HTML.  They use a cookie
that is simply the user's user id and password, very trivially encoded.  
etc.

But, for certain applications, there simply aren't any alternatives that
don't have more significant problems.  You definitely do have to be very
careful when desigining your use of cookies so you understand what the
risks are and properly minimize them, but just because there are a couple
of browser security bugs (and lots have been found in the past, and lots
will be found and/or announced in the future) doesn't mean any huge
percentage of users have cookies disabled or that you shouldn't use
cookies at all.

Re: Implementing security in CGI

[Matt Sergeant]

On Mon, 24 Apr 2000, Marc Slemko wrote:

 Don't go holding slashdot up as a great example.  They is a perfect
 example of what not to do.  Last I checked, and this is probably still
 true, anyone could make a post that, when read, stole the password of the
 user reading it if they were logged in at the time.
 
 slashdot does everything wrong.  They allow user posts to be read by
 others without properly filtering or encoding HTML.  They use a cookie
 that is simply the user's user id and password, very trivially encoded.  
 etc.

Hold yer guns there cowboy! I wasn't saying /. is a great example, just
that a lot of clueful people use that site (or did?), and it has always
used cookies. To say that the majority of clueful users turn off cookies
is just wrong. If anything, clueful users install a junkbuster or
equivalent and let cookies through for sites they want to use them for.

 But, for certain applications, there simply aren't any alternatives that
 don't have more significant problems.  You definitely do have to be very
 careful when desigining your use of cookies so you understand what the
 risks are and properly minimize them, but just because there are a couple
 of browser security bugs (and lots have been found in the past, and lots
 will be found and/or announced in the future) doesn't mean any huge
 percentage of users have cookies disabled or that you shouldn't use
 cookies at all.

I'm not aware of any serious cookie security bugs - maybe I missed
them. All the ones I can recall were Javascript ones. I still leave
Javascript on though - but I don't visit a whole lot of sites that would
be malicous.

-- 
Matt/

Fastnet Software Ltd. High Performance Web Specialists
Providing mod_perl, XML, Sybase and Oracle solutions
Email for training and consultancy availability.
http://sergeant.org http://xml.sergeant.org

Re: Implementing security in CGI

[Matt Sergeant]

On Mon, 24 Apr 2000, dreamwvr wrote:

 usally nothing but now everything as per bugtraq advisory.. what this means is
 javascript code is inserted into a cookie that is living on a client and
 executed there.. they can therefore read your bookmarks and so on..

I shudder at the thought of all those 3l337 4aX0rs visiting slashdot and
CPAN after stealing my bookmarks... scary. ;-)

-- 
Matt/

Fastnet Software Ltd. High Performance Web Specialists
Providing mod_perl, XML, Sybase and Oracle solutions
Email for training and consultancy availability.
http://sergeant.org http://xml.sergeant.org

HTML::Mason and path_info

[Alexei V. Barantsev]

Hello, All!

I have the followin problem: HTML::Mason dhandler could not define
path_info, it tries to select only first part. For example, if my
request is http://server/test/hello/world and dhandler is in /test
it decides that $r-path_info is /hello/.

Looks like the problem appears early - debug file contains the
following information about the request:

'ENV' = {
  'SCRIPT_NAME' = '/test/hello',
  'SCRIPT_FILENAME' = '/localhome/httpd/html/storage/test/hello',
  'REQUEST_URI' = '/test/hello/world/',
  'PATH_INFO' = '/world/',
  'PATH_TRANSLATED' = '/localhome/httpd/html/storage/world/',
},
'the_request' = 'GET /test/hello/world/ HTTP/1.0',
'path_info' = '/world/',

and more more other useful information.

Where is the problem's reason?
Apache? mod_perl? HTML::Mason? My configuration?

-- 
ab
ICQ: 3959207

Re: HTML::Mason and path_info

[Kevin Murphy]

"Alexei V. Barantsev" wrote:
 
 Hello, All!
 
 I have the followin problem: HTML::Mason dhandler could not define
 path_info, it tries to select only first part. For example, if my
 request is http://server/test/hello/world and dhandler is in /test
 it decides that $r-path_info is /hello/.

This is a known bug - check out

http://www.masonhq.com/bugs/#_r_path_info_no_longer_s


-- 
Kevin  | "I don't want the universe broken up just yet," drawled the 
Murphy |  Marquis. "I want to do a lot of beastly things before I die. 
   |  I thought of one yesterday in bed." 
   |   - G.K Chesterton, 'The Man Who Was Thursday'

Re: OT: (sort of) AuthDBMUserFile

[Bill Jones]

PMFFUTMOP:  But ...

I've determined that the AuthDBMUserFile error I had under Perl was my own
scripting cross-eyed fingers and wasn't even related to mod_perl, Apache,
nor reality as we know it :)

Sorry for the noise!  -Sneex-  :]
- FCCJ * 501 W State St * Jacksonville, Fl 32202 * 904/632-3089 -

 From: Bill Jones [EMAIL PROTECTED]
 Date: Mon, 10 Apr 2000 13:13:11 -0400
 To: [EMAIL PROTECTED]
 Subject: OT: (sort of) AuthDBMUserFile
 
 AuthDBMUserFile
 
 Is there a difference between DBM and GDBM?
 I always thought they were the same...
 
 I found sleepcat (DB) and GDBM, but where is DBM?
 
 ???
 - FCCJ * 501 W State St * Jacksonville, Fl 32202 * 904/632-3089 -
 
 

RE: Unknown Error Message

[Ian Mahuron]

I get something similar when I wrap my call to Apache::Session::DBI in an
eval to try to catch it die()ing (ie. session id not found).  IIRC, this is
a known bug in perl.


 panic: POPSTACK
 Callback called exit.

Re: Implementing security in CGI

[dreamwvr]

hi,
  actually in order for this flaw to work one must have both enabled 
on the browser.. was just giving people a heads up since the topic
was cookies.. and no IMHO cookies are not required to obtain good
info..
On Mon, 24 Apr 2000, Matt Sergeant wrote:
 On Mon, 24 Apr 2000, Marc Slemko wrote:
 
  Don't go holding slashdot up as a great example.  They is a perfect
  example of what not to do.  Last I checked, and this is probably still
  true, anyone could make a post that, when read, stole the password of the
  user reading it if they were logged in at the time.
  
  slashdot does everything wrong.  They allow user posts to be read by
  others without properly filtering or encoding HTML.  They use a cookie
  that is simply the user's user id and password, very trivially encoded.  
  etc.
 
 Hold yer guns there cowboy! I wasn't saying /. is a great example, just
 that a lot of clueful people use that site (or did?), and it has always
 used cookies. To say that the majority of clueful users turn off cookies
 is just wrong. If anything, clueful users install a junkbuster or
 equivalent and let cookies through for sites they want to use them for.
 
  But, for certain applications, there simply aren't any alternatives that
  don't have more significant problems.  You definitely do have to be very
  careful when desigining your use of cookies so you understand what the
  risks are and properly minimize them, but just because there are a couple
  of browser security bugs (and lots have been found in the past, and lots
  will be found and/or announced in the future) doesn't mean any huge
  percentage of users have cookies disabled or that you shouldn't use
  cookies at all.
 
 I'm not aware of any serious cookie security bugs - maybe I missed
 them. All the ones I can recall were Javascript ones. I still leave
 Javascript on though - but I don't visit a whole lot of sites that would
 be malicous.
 
 -- 
 Matt/
 
 Fastnet Software Ltd. High Performance Web Specialists
 Providing mod_perl, XML, Sybase and Oracle solutions
 Email for training and consultancy availability.
 http://sergeant.org http://xml.sergeant.org
-- 
___

** DREAMWVR.COM - TOTAL INTERNET SERVICES 
TOTAL DESIGN - DEVELOPMENT - INTEGRATION - SECURITY - Click Here..
http://www.dreamwvr.com/services/MAX_SEC.html
DREAMWVR.COM - The Console of Many... 90 Topics Covered
http://www.dreamwvr.com/dynamicduo.html mailto:[EMAIL PROTECTED]
- LINUX-MANDRAKE Solution Provider and North American Distributor -
PRODUCT OF THE YEAR!
http://www.dreamwvr.com/mandrake/mandrake-main.html
"===0 PGP Key Available 
*** "As Unique as the Company You Keep." *
"If anyone speaks from DREAMWVR.COM its certainly not me:-)"

[ANNOUNCE] The Apache XML Delivery Toolkit

[Matt Sergeant]

The Apache XML Delivery Toolkit (AXDTK) solves several problems for web
developers interested in delivering dynamically transformed XML to
clients:

- It automatically associates XML documents with stylesheets according to
http://www.w3.org/TR/xml-stylesheet
- It enables xml stylesheet processor developers to write generic code
without worrying about developing apache modules.
- It provides hooks for requesting alternate stylesheets based on media
type and style preference.

Included with the toolkit (actually just in the same directory) are
Apache-NotXSLT (a system not dissimilar to XSLT's Literal Result Element
mode), and Apache-XPathScript - a combination of ASP and XPath.

The toolkit really is just Apache::XMLStylesheet, but it's a cool enough
module to require a big name ;-). I have a rather long article about how
it all works together in the works, which I hope to publish somewhere some
time soon.

http://xml.sergeant.org/download/

Have fun.

-- 
Matt/

Fastnet Software Ltd. High Performance Web Specialists
Providing mod_perl, XML, Sybase and Oracle solutions
Email for training and consultancy availability.
http://sergeant.org http://xml.sergeant.org

Re: HTML::Mason and path_info

[Tim Tompkins]

Try using $m-dhandler_arg to get the path (note that the leading
forward-slash is stripped).


Thanks,

Tim Tompkins
--
Programmer / Staff Engineer
http://www.arttoday.com/


- Original Message -
From: Alexei V. Barantsev [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, April 24, 2000 9:06 AM
Subject: HTML::Mason and path_info


 Hello, All!

 I have the followin problem: HTML::Mason dhandler could not define
 path_info, it tries to select only first part. For example, if my
 request is http://server/test/hello/world and dhandler is in /test
 it decides that $r-path_info is /hello/.

 Looks like the problem appears early - debug file contains the
 following information about the request:

 'ENV' = {
   'SCRIPT_NAME' = '/test/hello',
   'SCRIPT_FILENAME' = '/localhome/httpd/html/storage/test/hello',
   'REQUEST_URI' = '/test/hello/world/',
   'PATH_INFO' = '/world/',
   'PATH_TRANSLATED' = '/localhome/httpd/html/storage/world/',
 },
 'the_request' = 'GET /test/hello/world/ HTTP/1.0',
 'path_info' = '/world/',

 and more more other useful information.

 Where is the problem's reason?
 Apache? mod_perl? HTML::Mason? My configuration?

 --
 ab
 ICQ: 3959207

Apache::DBI disconnect?

[John S. Evans]

I've been using the Apache::DBI module, and it works great.  However, I've
noticed that my error_log file has an occasional message that tells me:

Database handle destroyed without explicit disconnect at
/usr/local/lib/perl5/site_perl/5.005/Apache/DBI.pm line 119.

The "offending" line of code is:

delete $Connected{$Idx};

Is this something I should worry about?  I'm assuming that this is happening
because my DB connection has timed out, and we're deleting the old
connection before creating a new one.

Thanks!

-jse

Re: [OT] Proxy Nice Failure

[shane]

  I've been working on the mod_proxy code today, and it appears to me
  that it already has this functionality.  It has an apache array
  (really a null terminated link list I'm pretty sure) of proxies it can
  access.  You just have to make multiple ProxyPassReverse declarations
  and it will go through that list.  The only thing is it *should*
  traverse the list randomnly... right now it traverses it linearly I'm
  pretty sure.  Anyhow I'm adding that stuff Josh asked for.
 
 Yes, I knew it had some way of spreading load, but I don't think
 it has any way to detect dead hosts.

Ah... yes you're right about that.  It will keep trying them.

 
  The link to the guide that explains how to use this features is:
  www.apache.org/docs/misc/rewriteguide.html
 
 Thanks - I've seen this but never quite followed the details of
 rewritemap all the way through.  The balance set configuration
 of mod_jserve seems easier, but it still needs to mesh with
 mod_rewrite anyway so that might not be worth changing.
 
  If I misconstrued what your asking for (likely) could you explain
  further what mod_proxy doesn't have that you need?  Maybe I'll
  implement it after I do the other stuff.
 
 The missing piece is that if a host fails (at least if the
 connection is not accepted) and you have defined alternates
 it should mark the failing host dead and retry the request
 on one of the others.  Mod_jserv has a timed task that checks
 for hosts coming back up and a user interface to display status
 and manually mark hosts down.  This becomes slightly complicated
 by the fact that all of the httpd children need access to the
 status, but maybe you can re-use the jserv code.  I think it
 should work to just have a configurable timeout on the proxy connect
 before you consider a host down and a configurable time before
 it will try that one again (unless they are all dead...) so
 you wouldn't need the scheduled task to check status.

Yes, that makes sense.  Maybe I'll add it.  I'm doing a little work on
that section right now, and I'll think about it.  The problem is the
configuration isn't really conducive to this at the moment.  In fact
it's got two little funny ways of asking for proxy connections.  The
module needs to be re-written... well, a lot of it anyhow.  Redoing
the main handler function is really where a lot of this functionality
could be added.  The code that is underneath is really a bear..., but it
"works right", and theres no need to change it for the stuff we want
to add, so I'm a little reluctant to tear it apart just yet.  Anyhow,
I'm getting too sleepy to finish this off, so tomorrow.  (I have to
admit that this functionality your speaking of is probably the coolest
thing about the JServ engine..., with a little tweaking mod_proxy
could give us that..., but a lot of it's sort of patched up if you
know what I mean at the moment)

Thanks,
Shane.

 
   Les Mikesell
[EMAIL PROTECTED]

cvs commit: modperl-2.0 Makefile.PL

[dougm]

dougm   00/04/24 21:25:42

  Modified:lib/Apache Build.pm
   .Makefile.PL
  Log:
  workaround MakeMaker braindeadness
  
  Revision  ChangesPath
  1.11  +5 -2  modperl-2.0/lib/Apache/Build.pm
  
  Index: Build.pm
  ===
  RCS file: /home/cvs/modperl-2.0/lib/Apache/Build.pm,v
  retrieving revision 1.10
  retrieving revision 1.11
  diff -u -r1.10 -r1.11
  --- Build.pm  2000/04/21 19:43:34 1.10
  +++ Build.pm  2000/04/25 04:25:40 1.11
  @@ -341,16 +341,19 @@
   (my $obj = $self-freeze) =~ s/^//;
   open my $fh, '', $file or die "open $file: $!";
   
  +#work around autosplit braindeadness
  +my $package = 'package Apache::BuildConfig';
  +
   print $fh EOF;
  -package Apache::BuildConfig;
  +$package;
   
   use Apache::Build ();
  +
   sub new {
   $obj;
   }
   
   1;
  -__END__
   EOF
   
   close $fh;
  
  
  
  1.14  +1 -0  modperl-2.0/Makefile.PL
  
  Index: Makefile.PL
  ===
  RCS file: /home/cvs/modperl-2.0/Makefile.PL,v
  retrieving revision 1.13
  retrieving revision 1.14
  diff -u -r1.13 -r1.14
  --- Makefile.PL   2000/04/25 03:47:31 1.13
  +++ Makefile.PL   2000/04/25 04:25:41 1.14
  @@ -26,6 +26,7 @@
   VERSION = $VERSION,
   macro = {
   MODPERL_SRC = $code-path,
  +PERL = $build-perl_config('perl5'),
   },
   clean = {
   FILES = "@{ clean_files() }",
  
  
  

cvs commit: modperl-site/embperl Changes.pod.1.html Changes.pod.2.html Changes.pod.cont.html EmbperlObject.pod.2.html index.html

[richter]

richter 00/04/24 21:26:25

  Modified:embperl  Changes.pod.1.html Changes.pod.2.html
Changes.pod.cont.html EmbperlObject.pod.2.html
index.html
  Log:
  Embperl Webpages - Changes
  
  Revision  ChangesPath
  1.150 +9 -11 modperl-site/embperl/Changes.pod.1.html
  
  Index: Changes.pod.1.html
  ===
  RCS file: /home/cvs/modperl-site/embperl/Changes.pod.1.html,v
  retrieving revision 1.149
  retrieving revision 1.150
  diff -u -r1.149 -r1.150
  --- Changes.pod.1.html2000/04/22 20:18:27 1.149
  +++ Changes.pod.1.html2000/04/25 04:26:22 1.150
  @@ -1,6 +1,6 @@
   HTML
   HEAD
  -TITLE1.3b3_dev -- That's what currently under developement/TITLE
  +TITLE1.3b3  25.04.2000/TITLE
   LINK REV="made" HREF="mailto:[EMAIL PROTECTED]"
   /HEAD
   
  @@ -8,7 +8,7 @@
   blockquote
 blockquote
   H1strong
  -A NAME="1_3b3_dev_That_s_what_current"1.3b3_dev -- That's what currently under 
developement/a/strong/h1
  +A NAME="1_3b3_BETA_25_04_2000"1.3b3 (BETA)  25.04.2000/a/strong/h1
 /blockquote
   /blockquote
   
  @@ -18,14 +18,6 @@
 blockquote
   [a href="index.html"HOME/a]nbsp;nbsp; [a 
href="Changes.pod.cont.html"CONTENT/a]nbsp;nbsp; [a 
href="Changes.pod.cont.html"PREV (Revision History - Content)/a]nbsp;nbsp; [a 
href="Changes.pod.2.html"NEXT (1.3b2 (BETA) 11. Feb 2000)/a]nbsp;nbsp; brhr
   P
  -Last Update: Sat Apr 22 22:18:15 2000 (MET)
  -
  -P
  -NOTE: This version is only available via A HREF="CVS.pod.1.html#INTRO""CVS"/A
  -
  -
  -
  -P
   PRE   - Fixed SIGSEGV which occurs in cleanup with Perl 5.6. Spotted by 
Aaron Johnson.
  - Changed make test so it works correctly with new error messages of
  @@ -57,7 +49,13 @@
  - Added tests for EmbperlObject
  - Fixed a SIGSEGV that occured when Embperl found [*] inside
a page. Spotted by Barrie Slaymaker.
  -  
  +   - Added epchar.c.min which contains translation tables which
  + let's all chars above 128 untouched. This is usefull for
  + processing two byte charsets. Patch from Sangmook Yi.
  +   - The searchpath (EMBPERL_PATH) now uses semikolons (';') instead 
  + of colons (':') to avoid problems with Windows drive letters.
  + Colons still work on Unix.
  +
   /PRE
   p[a href="index.html"HOME/a]nbsp;nbsp; [a 
href="Changes.pod.cont.html"CONTENT/a]nbsp;nbsp; [a 
href="Changes.pod.cont.html"PREV (Revision History - Content)/a]nbsp;nbsp; [a 
href="Changes.pod.2.html"NEXT (1.3b2 (BETA) 11. Feb 2000)/a]nbsp;nbsp; br
   font 
color="#808080"___br
  
  
  
  1.38  +2 -2  modperl-site/embperl/Changes.pod.2.html
  
  Index: Changes.pod.2.html
  ===
  RCS file: /home/cvs/modperl-site/embperl/Changes.pod.2.html,v
  retrieving revision 1.37
  retrieving revision 1.38
  diff -u -r1.37 -r1.38
  --- Changes.pod.2.html2000/04/14 12:28:20 1.37
  +++ Changes.pod.2.html2000/04/25 04:26:22 1.38
  @@ -16,7 +16,7 @@
   BR CLEAR=LEFT
   blockquote
 blockquote
  -[a href="index.html"HOME/a]nbsp;nbsp; [a 
href="Changes.pod.cont.html"CONTENT/a]nbsp;nbsp; [a 
href="Changes.pod.1.html"PREV (1.3b3_dev -- That's what currently under 
developement)/a]nbsp;nbsp; [a href="Changes.pod.3.html"NEXT (1.2.1  5. Jan 
2000)/a]nbsp;nbsp; brhr
  +[a href="index.html"HOME/a]nbsp;nbsp; [a 
href="Changes.pod.cont.html"CONTENT/a]nbsp;nbsp; [a 
href="Changes.pod.1.html"PREV (1.3b3 (BETA)  25.04.2000)/a]nbsp;nbsp; [a 
href="Changes.pod.3.html"NEXT (1.2.1  5. Jan 2000)/a]nbsp;nbsp; brhr
   P
   PRE   - added new mod_perl handler EmbperlObject, which helps to build whole
pages out of small objects, which can be overwritten in quot;derivedquot;
  @@ -35,7 +35,7 @@
to zero. Now if debug is zero, no logfile will be opened. Spotted
by Jason Bodnar and Christian Gilmore.   
   /PRE
  -p[a href="index.html"HOME/a]nbsp;nbsp; [a 
href="Changes.pod.cont.html"CONTENT/a]nbsp;nbsp; [a 
href="Changes.pod.1.html"PREV (1.3b3_dev -- That's what currently under 
developement)/a]nbsp;nbsp; [a href="Changes.pod.3.html"NEXT (1.2.1  5. Jan 
2000)/a]nbsp;nbsp; br
  +p[a href="index.html"HOME/a]nbsp;nbsp; [a 
href="Changes.pod.cont.html"CONTENT/a]nbsp;nbsp; [a 
href="Changes.pod.1.html"PREV (1.3b3 (BETA)  25.04.2000)/a]nbsp;nbsp; [a 
href="Changes.pod.3.html"NEXT (1.2.1  5. Jan 2000)/a]nbsp;nbsp; br
   font 
color="#808080"___br
   HTML::Embperl - Copyright (c) 1997-2000 Gerald Richter / a 
href="http://www.ecos.de/"ecos gmbh/a
   /font/p
  
  
  
  1.38  +3 -3  modperl-site/embperl/Changes.pod.cont.html
  
  Index: Changes.pod.cont.html
  ===