[users@httpd] mod_authz_dbd regression in apache 2.4.12?
Hello,
I was tinkering over the weekend with mod_authz_dbd and mysql, and i could not
get a RequireAny/RequireAll to match on multiple Require dbd-group statements.
It would always match only the last result from the query, but once for every
row in the resultset.
Example:
[^/]+)/">
Require user %{env:MATCH_NAME}
Require dbd-group %{env:MATCH_NAME}
Require dbd-group Administrators
After some searching, it appeared to me to be a regression of this:
https://bz.apache.org/bugzilla/show_bug.cgi?id=46421
I’ve attached a patch (slightly modified from the original so that no warnings
are generated during build), would someone be able to verify if I did not
introduce any segfault/memory leak or anything?
httpd-2.4.12.mod_authz_dbd-regression.patch
Description: Binary data
Thanks,
Michel
smime.p7s
Description: S/MIME cryptographic signature
Re: [users@httpd] Fwd: E tag numbers
On 11/05/15 18:26, Yehuda Katz wrote: > I look constantly for new outlets etc. this exercise came about only > last week whilst > checking background info using Statcrops.com. This indicated (after an > afternoons work) > that 5 Domains were using the exact same Apache server ref. as well as > the same Etag > Number. > > I can find out the registrars details of each Domain that,s quite easy. You should also be able to identify if they are running on the same IP address or via the same name server. There is a lot of information that can be gained just from the domain name. > I was hoping to find how E tag numbers are allocated! are they > purchased, where do they > come from etc. if so it should be then possible to identify the actual > user (assuming they > have used proper names, bank details etc etc.. As has been said, the eTag is generated by the uer of the server either manually, or via the software used. Not knowing what content you are looking at it is difficult to offer any advise other than to say that if these sites are creating the same information, it is always possible that they have cloned the software from somewhere resulting in everything looking the same. My own servers are clones of one another so that in theory if one goes down I can switch to another and produce the same data ... identically. That may include the eTag so that users don't download large files simply because the serving hardware has changed. NOTHING provided by eTag is recorded outside the using system, but that may well be a system running on hundreds of machines all producing the same eTag. -- Lester Caine - G8HFL - Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk Rainbow Digital Media - http://rainbowdigitalmedia.co.uk - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Fwd: E tag numbers
There is no such thing as "directly with Apache!" The Apache Software Foundation (ASF) provides a home for multiple open-source projects, including the HTTPD server. There is no one at ASF who can help you other than to direct you to the project support webpage: http://httpd.apache.org/support.html That page lists all the available support options for HTTPD. You are currently on option 2, "The Apache HTTP Server Users List". Good luck with whatever other options you plan to pursue. - Y On Mon, May 11, 2015 at 1:48 PM, steve owen wrote: > Yehuda, > > > > I do sincerely apologies for my lack of known protocol. I'm no computer > expert by any > > means. > > > > I shall post additional matters tomorrow to see what may become of this. > > > > In the mean time I understand your stated position. It would appear that I > may need to > > address the matter direct with Apache! > > > > Many many thanks for your time. > > > > Kindest regards > > > > Steve > > > > On Mon May 11 17:26 , Yehuda Katz sent: > > > > >1. It is considered rude to reply to an individual instead of to the > entire mailing list > > when you have follow-up questions. Many people on the HTTPD list - > including me - charge > > for consulting services, but answer questions in a public forum to help > everyone learn > > more. > > >2. As I already said, the ETag header are generated by the server based > on information > > about the file being served. This information can include the last > modification date, the > > size, the inode number and possibly other pieces of metadata. The purpose > of the ETag > > header is to allow caches to know whether the response has changed since > the last time they > > saw it. ETag headers being the same could indicate that the file being > served from multiple > > domains is the same file or just happens to be the same size as another > file. > > >ETags are NOT a thing to be allocated or purchased. ETag headers are > generated by each > > server individually based on the content being served. > > >ETag headers are a part of the HTTP specification and have no meaning > other than to allow > > caches to detect changes to content.(Some websites have been found to use > ETag headers > > instead of cookies to identify unique users, but that is not the intended > purpose of the > > header.) > > >- Y > > >On Mon, May 11, 2015 at 1:02 PM, steve owen > wrote: > > >Yehuda, > > > > > > > > > > > > > > > > > > > > > > > >Thanks for the reply. I'm in contact with law enforcement but it's like > watching paint > > dry. > > > > > > > > > > > > > > > > > > > > > > > >Basically I've tracked these low lifes for the best part of 3 years. I've > managed to find > > > > > > > > > > > >some amazing facts as well as trace some unknown people which are now > held on police > > > > > > > > > > > >files. > > > > > > > > > > > > > > > > > > > > > > > >I look constantly for new outlets etc. this exercise came about only last > week whilst > > > > > > > > > > > >checking background info using Statcrops.com. This indicated (after an > afternoons work) > > > > > > > > > > > >that 5 Domains were using the exact same Apache server ref. as well as > the same Etag > > > > > > > > > > > >Number. > > > > > > > > > > > >I can find out the registrars details of each Domain that,s quite easy. > > > > > > > > > > > > > > > > > > > > > > > >I was hoping to find how E tag numbers are allocated! are they purchased, > where do they > > > > > > > > > > > >come from etc. if so it should be then possible to identify the actual > user (assuming they > > > > > > > > > > > >have used proper names, bank details etc etc.. > > > > > > > > > > > > > > > > > > > > > > > >Can you share any light on the E tag info that I seek?,many thanks. > > > > > > > > > > > > > > > > > > > > > > > >Kind regards > > > > > > > > > > > > > > > > > > > > > > > >Steve > > > > > > > > > > > > > > > > > > > > > > > >On Mon May 11 16:34 , Yehuda Katz sent: > > > > > > > > > > > > > > > > > > > > > > > >>E-tags are generated based on information about the file being > served. You can see the > > > > > > > > > > > >documentation here: > http://httpd.apache.org/docs/current/mod/core.html#fileetag > > > > > > > > > > > >>As you noted, Apache HTTPD is used by a significant number of people all > over the > > > > > > > > > > > >world.There is no central registry of who owns a particular server.If > criminal activity is > > > > > > > > > > > >occurring, contact your local law enforcement agency and try to have them > investigate.This > > > > > > > > > > > >varies by country, but in the United States, they can ask a court to > force an Internet > > > > > > > > > > > >Service Provider to reveal who owns a particular IP address. > > > > > > > > > > > >>- Y > > > > > > > > > > > >>On Mon, May 11, 2015 at 12:16 PM, steve owen < > ste...@talktalkbusiness.net> wrote: > > > > > > > > > > > >> > > > > > > > > > > > >> > > > > > > > > > > > >> > > > > > > > > > > > >> > > > > > > > > > > > >>Sirs,
Re: [users@httpd] Fwd: E tag numbers
1. It is considered rude to reply to an individual instead of to the entire mailing list when you have follow-up questions. Many people on the HTTPD list - including me - charge for consulting services, but answer questions in a public forum to help everyone learn more. 2. As I already said, the ETag header are generated by the server based on information about the file being served. This information can include the last modification date, the size, the inode number and possibly other pieces of metadata. The purpose of the ETag header is to allow caches to know whether the response has changed since the last time they saw it. ETag headers being the same could indicate that the file being served from multiple domains is the same file or just happens to be the same size as another file. *ETags are NOT a thing to be allocated or purchased. ETag headers are generated by each server individually based on the content being served.* ETag headers are a part of the HTTP specification and have no meaning other than to allow caches to detect changes to content. (Some websites have been found to use ETag headers instead of cookies to identify unique users, but that is not the intended purpose of the header.) - Y On Mon, May 11, 2015 at 1:02 PM, steve owen wrote: > Yehuda, > > > > Thanks for the reply. I'm in contact with law enforcement but it's like > watching paint dry. > > > > Basically I've tracked these low lifes for the best part of 3 years. I've > managed to find > > some amazing facts as well as trace some unknown people which are now > held on police > > files. > > > > I look constantly for new outlets etc. this exercise came about only last > week whilst > > checking background info using Statcrops.com. This indicated (after an > afternoons work) > > that 5 Domains were using the exact same Apache server ref. as well as the > same Etag > > Number. > > I can find out the registrars details of each Domain that,s quite easy. > > > > I was hoping to find how E tag numbers are allocated! are they purchased, > where do they > > come from etc. if so it should be then possible to identify the actual > user (assuming they > > have used proper names, bank details etc etc.. > > > > Can you share any light on the E tag info that I seek?,many thanks. > > > > Kind regards > > > > Steve > > > > On Mon May 11 16:34 , Yehuda Katz sent: > > > > >E-tags are generated based on information about the file being > served. You can see the > > documentation here: > http://httpd.apache.org/docs/current/mod/core.html#fileetag > > >As you noted, Apache HTTPD is used by a significant number of people all > over the > > world.There is no central registry of who owns a particular server.If > criminal activity is > > occurring, contact your local law enforcement agency and try to have them > investigate.This > > varies by country, but in the United States, they can ask a court to force > an Internet > > Service Provider to reveal who owns a particular IP address. > > >- Y > > >On Mon, May 11, 2015 at 12:16 PM, steve owen > wrote: > > > > > > > > > > > > > > >Sirs, > > > > > > > > > > > > > > > > > > > > > > > >Don't know if I'm following the correct protocol! This is the enquiry I > sent Eric he > > > > > > > > > > > >informed that I should join this format. > > > > > > > > > > > > > > > > > > > > > > > >I would like an answer to the questions below if possible. > > > > > > > > > > > > > > > > > > > > > > > >regards Steve > > > > > > > > > > > > > > > > > > > > > > > >- Original Message - > > > > > > > > > > > >From: steve owen > > > > > > > > > > > >To: webmas...@apache.org > > > > > > > > > > > >Sent: Mon May 11 9:46 > > > > > > > > > > > >Subject: Fwd: E tag numbers > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >Dear Sirs, > > > > > > > > > > > > > > > > > > > > > > > >Wonder if you could assist:- > > > > > > > > > > > > > > > > > > > > > > > >I know that the majority of web sites/domains use Apache servers. > > > > > > > > > > > > > > > > > > > > > > > >I'm currently tracking a number of Domains that are consistently using > the Internet for > > > > > > > > > > > >fraudulent purposes. > > > > > > > > > > > > > > > > > > > > > > > >If a Domain uses Apache for it's server and a given E tag number, who > provides the E tag ? > > > > > > > > > > > >Is it allocated or purchased? > > > > > > > > > > > > > > > > > > > > > > > >It would appear from my investigations that at least 5 Domains appear to > be using the > > > > > > > > > > > >identical E tag number, is this possible? They also use the exact same > Apache server > > > > > > > > > > > >reference. > > > > > > > > > > > > > > > > > > > > > > > >I can provide the details should you require for assistance. I do trust > you can assist, > > > > > > > > > > > >this is an extremely important matter, many thanks. > > > > > > > > > > > > > > > > > > > > > > > >Kind regards > > > > > > > > > > > > > > > > > > > > > > > >Steve Owen > > > > > > > > > >
Re: [users@httpd] Fwd: E tag numbers
E-tags are generated based on information about the file being served. You can see the documentation here: http://httpd.apache.org/docs/current/mod/core.html#fileetag As you noted, Apache HTTPD is used by a significant number of people all over the world. There is no central registry of who owns a particular server. If criminal activity is occurring, contact your local law enforcement agency and try to have them investigate. This varies by country, but in the United States, they can ask a court to force an Internet Service Provider to reveal who owns a particular IP address. - Y On Mon, May 11, 2015 at 12:16 PM, steve owen wrote: > > > Sirs, > > > > Don't know if I'm following the correct protocol! This is the enquiry I > sent Eric he > > informed that I should join this format. > > > > I would like an answer to the questions below if possible. > > > > regards Steve > > > > - Original Message - > > From: steve owen > > To: webmas...@apache.org > > Sent: Mon May 11 9:46 > > Subject: Fwd: E tag numbers > > > > > > Dear Sirs, > > > > Wonder if you could assist:- > > > > I know that the majority of web sites/domains use Apache servers. > > > > I'm currently tracking a number of Domains that are consistently using the > Internet for > > fraudulent purposes. > > > > If a Domain uses Apache for it's server and a given E tag number, who > provides the E tag ? > > Is it allocated or purchased? > > > > It would appear from my investigations that at least 5 Domains appear to > be using the > > identical E tag number, is this possible? They also use the exact same > Apache server > > reference. > > > > I can provide the details should you require for assistance. I do trust > you can assist, > > this is an extremely important matter, many thanks. > > > > Kind regards > > > > Steve Owen > > > > > > > > > > > > > > > > > > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
Re: [users@httpd] Fwd: E tag numbers
Hi Steve, ETag numbers are - roughly - checksums of the files being requested which can be used in caching mechanisms. The only directive in the configuration of an Apache HTTP server directly related to the ETag validator is 'FileETag': http://httpd.apache.org/docs/current/mod/core.html#fileetag Please take a look at these pages for a more thorough explanation: http://en.wikipedia.org/wiki/HTTP_ETag http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html (Section 14.19) Best Regards, Mathijs Schmittmann steve owen schreef op 5/11/2015 om 6:16 PM: > > > Sirs, > > > > Don't know if I'm following the correct protocol! This is the enquiry I sent > Eric he > > informed that I should join this format. > > > > I would like an answer to the questions below if possible. > > > > regards Steve > > > > - Original Message - > > From: steve owen > > To: webmas...@apache.org > > Sent: Mon May 11 9:46 > > Subject: Fwd: E tag numbers > > > > > > Dear Sirs, > > > > Wonder if you could assist:- > > > > I know that the majority of web sites/domains use Apache servers. > > > > I'm currently tracking a number of Domains that are consistently using the > Internet for > > fraudulent purposes. > > > > If a Domain uses Apache for it's server and a given E tag number, who > provides the E tag ? > > Is it allocated or purchased? > > > > It would appear from my investigations that at least 5 Domains appear to be > using the > > identical E tag number, is this possible? They also use the exact same > Apache server > > reference. > > > > I can provide the details should you require for assistance. I do trust you > can assist, > > this is an extremely important matter, many thanks. > > > > Kind regards > > > > Steve Owen > > > > > > > > > > > > > > > > > > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Fwd: E tag numbers
Sirs, Don't know if I'm following the correct protocol! This is the enquiry I sent Eric he informed that I should join this format. I would like an answer to the questions below if possible. regards Steve - Original Message - From: steve owen To: webmas...@apache.org Sent: Mon May 11 9:46 Subject: Fwd: E tag numbers Dear Sirs, Wonder if you could assist:- I know that the majority of web sites/domains use Apache servers. I'm currently tracking a number of Domains that are consistently using the Internet for fraudulent purposes. If a Domain uses Apache for it's server and a given E tag number, who provides the E tag ? Is it allocated or purchased? It would appear from my investigations that at least 5 Domains appear to be using the identical E tag number, is this possible? They also use the exact same Apache server reference. I can provide the details should you require for assistance. I do trust you can assist, this is an extremely important matter, many thanks. Kind regards Steve Owen - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Weirdo intepretation of SSLprotocol order
On Mon, May 11, 2015 at 11:30 AM, wrote: > > Do you mean - building 2.2.29 from apache.org sources ? Yes, at least for testing purpose. This would help backporting the change from 2.4.x to 2.2.x. Regards, Yann. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Weirdo intepretation of SSLprotocol order
Hello, Well - a patched version... what do you mean -i've build apache22-2.2.29_2 from ports... so its already up to date. However openssl runtime is openssl-1.0.1_16, where i see there is a openssl-1.0.2_1 available from ports. I prefer to build from ports, in order to host a standardized environment for the web.. I have been looking into migration to apache httpd 2.4, but from my understanding the config interpretor is not backwards compatible, so i have to renew all configs. I run around 50 domains and 450 sites, and about 15 instances of apache httpd.. so there will be a bunch of config redoing.. Do you mean - building 2.2.29 from apache.org sources ? br congo On 2015-05-07 11:13, Yann Ylavic wrote: Hello, you may hit an issue fixed in [1] (for upcoming 2.4.13). Can you manage to build a patched httpd-2.2.29 from sources? Regards, Yann. [1] http://svn.us.apache.org/r1663258 On Wed, May 6, 2015 at 2:54 PM, wrote: hello, So i have an apache 2.2.29 running Prefork on FreeBSD 64bit. I have a number of vhosts included - one vhost per domain name. In any of these vhost containers the SSLProtocol directive seems to be ignored, but only the default vhost is dictating the SSLProtocol for all other (this is ofcourse the first HTTPS enabled vhost container, which might be relevant). Though documentation argues that its applicable per vhost, and not only in server config. For testing purpose, i use add the following to my sub-vhost: SSLProtocol -ALL +TLSv1.2 But when the default vhost is configured as such: SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2 - that final example is the only, thats used throughout the webserver. I read in http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslprotocol, that it should be applicable per virtual host. The goal is to host some sites via TLS 1.2 only, and some other ones only in TLS 1.1 for instance. Does anyone else meet the same challenge or know how to resolve this ? br congo - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
