I overlaid the actual logged password with in the messages
below.
Maybe proxy should contruct a printable URL for use in debug messages,
where the optional password has been replaced with ? or some other
character?
[Wed Jul 10 09:14:31 2002] [debug] proxy_ftp.c(193): proxy: FTP:
A little bird told me that exports.c is not automatically regenerated
if you remove a header file. You have to manually remove exports.c or
run make extraclean.
The normal user would probably think that make clean would clean up
any such issues. Does anybody care? If so, it should be
In apache 1.3 we had this little trick:
if [ x`$aux/getuid.sh` != x0 -a x$port = x ]; then
conf_port=8080
fi
to make the port 8080 when the user is not root - thus to reduce the
number of 'apache wont start' newby errors and be generally convenient for
the masses (and
Any one seen this error, on a pristine MacOS X 10.1.2 machine with a
freshly cut 2.0.39:
cd httpd-2.0.39
./configure --prefix=/foo
make make install
cd ../test
apxs -c mod_foo.c
and then just before then end one gets:
On Wed, 10 Jul 2002 [EMAIL PROTECTED] wrote:
In apache 1.3 we had this little trick:
if [ x`$aux/getuid.sh` != x0 -a x$port = x ]; then
conf_port=8080
fi
to make the port 8080 when the user is not root - thus to reduce the
number of 'apache wont start' newby errors and be
Hi.
Consider the following scenario.
In directory PRODIR ( short for protected directory ), I have certain
files which contain sensitive information ( say, database passwords,
embedded in some PHP scripts ). Let's consider passwords.inc
The PRODIR is protected with the .htaccess file, so no
On Wed, Jul 10, 2002 at 07:49:25AM -0700, Joshua Slive wrote:
On Wed, 10 Jul 2002 [EMAIL PROTECTED] wrote:
In apache 1.3 we had this little trick:
if [ x`$aux/getuid.sh` != x0 -a x$port = x ]; then
conf_port=8080
fi
to make the port 8080 when the user is not root -
On Wed, 2002-07-10 at 04:16, Jeff Trawick wrote:
Brian Pane [EMAIL PROTECTED] writes:
This patch increases the maximum number of open files
at httpd startup. Before I commit, does anyone have a
scenario in which it won't be safe to do this?
devil's advocate comments:
1) why write
From: Brian Pane [mailto:[EMAIL PROTECTED]]
Sent: 10 July 2002 17:00
On Wed, 2002-07-10 at 04:16, Jeff Trawick wrote:
Brian Pane [EMAIL PROTECTED] writes:
[...]
What do you think about about setting the ulimit in apachectl
(and not in the httpd) by default?
That would provide the
Brian Pane [EMAIL PROTECTED] writes:
2) shouldn't the user be able to control how many file descriptors
can be used by Apache? in general, they should be able to mitigate
the resource growth caused by an Apache or module bug by playing
with soft limits
a) this makes it
Sander Striker [EMAIL PROTECTED] writes:
From: Brian Pane [mailto:[EMAIL PROTECTED]]
Sent: 10 July 2002 17:00
On Wed, 2002-07-10 at 04:16, Jeff Trawick wrote:
Brian Pane [EMAIL PROTECTED] writes:
[...]
What do you think about about setting the ulimit in apachectl
(and not in the
According to Ravindra Jaju:
How about an extra echo:
if [ x`$aux/getuid.sh` != x0 -a x$port = x ]; then
conf_port=8080
echo Non-root process. Server will run on port $conf_port
fi
+1
ciao...
--
Lars Eilebrecht
[EMAIL PROTECTED]
From: Lars Eilebrecht [mailto:[EMAIL PROTECTED]]
According to Ravindra Jaju:
How about an extra echo:
if [ x`$aux/getuid.sh` != x0 -a x$port = x ]; then
conf_port=8080
echo Non-root process. Server will run on port $conf_port
fi
+1
The problem with this, is that it
On Wed, 10 Jul 2002, Lars Eilebrecht wrote:
According to Ravindra Jaju:
How about an extra echo:
if [ x`$aux/getuid.sh` != x0 -a x$port = x ]; then
conf_port=8080
echo Non-root process. Server will run on port $conf_port
fi
+1
I don't see how that helps. Newbie users
* Ravindra Jaju ([EMAIL PROTECTED]) wrote :
On Wed, Jul 10, 2002 at 07:49:25AM -0700, Joshua Slive wrote:
On Wed, 10 Jul 2002 [EMAIL PROTECTED] wrote:
In apache 1.3 we had this little trick:
if [ x`$aux/getuid.sh` != x0 -a x$port = x ]; then
conf_port=8080
fi
[EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Any one seen this error, on a pristine MacOS X 10.1.2 machine with a
freshly cut 2.0.39:
cd httpd-2.0.39
./configure --prefix=/foo
make make install
cd ../test
apxs -c mod_foo.c
and then just before then end one gets:
Thom May wrote:
How about an extra echo:
if [ x`$aux/getuid.sh` != x0 -a x$port = x ]; then
conf_port=8080
echo Non-root process. Server will run on port $conf_port
fi
I think the best solution is to educate the user, rather than to do
something unexpected.
if [
From: Ryan Bloom [mailto:[EMAIL PROTECTED]]
Sent: 10 July 2002 17:20
From: Lars Eilebrecht [mailto:[EMAIL PROTECTED]]
According to Ravindra Jaju:
How about an extra echo:
if [ x`$aux/getuid.sh` != x0 -a x$port = x ]; then
conf_port=8080
echo Non-root process. Server will run
Right now there are zillions of 1.3 auth modules around which have a
check_auth() stage which essentially does:
for each require line
do
if require valid-user
return OK
if require user
then
HI,
I am probably not speaking for most of the modules. I have been doing
patching of Apache forever, since otherwise certain
information/functionality
from Apache cannot be done in an SNMP managed way by MOD-SNMP.
Harrie
--On Wednesday, July 10, 2002 12:26 PM +0200 [EMAIL PROTECTED] wrote:
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
On Wed, 10 Jul 2002, Ryan Bloom wrote:
user foo checks. 'require group' can stay in mod_auth or
go into a mod_auth_group.
Didn't we decide to take this approach like a year ago?
Hmm - been asleep as usual - if so - I'd
From: Ryan Bloom [mailto:[EMAIL PROTECTED]]
Sent: 10 July 2002 18:15
To: [EMAIL PROTECTED]
Subject: RE: Auth checker - long term goal..
snipped greatly for brevity
- Or alternatively mod_auth is split into a mod_auth and a
a mod_require. The first does the File based username
At 07:29 AM 7/10/2002, you wrote:
This defines macros similar to the AP_ counterparts in ap_config.h. I
was playing with a new proxy hook and optionally implementing the hook
in a non-proxy module when I encountered the need to use APR_ hook
macros to make it work.
It would seem to be
At 11:22 AM 7/10/2002, Ryan Bloom wrote:
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
On Wed, 10 Jul 2002, Ryan Bloom wrote:
user foo checks. 'require group' can stay in mod_auth or
go into a mod_auth_group.
Didn't we decide to take this approach like a year ago?
At 12:07 PM 7/10/2002, Aaron Bannert wrote:
On Wed, Jul 10, 2002 at 09:39:29AM -0700, Ryan Bloom wrote:
I'm sorry, but that is completely bogus. If the API needs to change to
make things better, then change the API. Stop trying to open a new dev
branch when the current one is still moving
I still believe that everything that is currently in ROADMAP can and
should be implemented in 2.0.
Ryan
--
Ryan Bloom [EMAIL PROTECTED]
645 Howard St. [EMAIL PROTECTED]
San Francisco, CA
-Original Message-
What Theo is after with Monolithic is just the current fad-du-jour;
separation of priv's like recently done in SSH.
Our MPM's are a very cool starting point.
Dw
--
Dirk-Willem van Gulik
That's the responsibility of Windows. By forcing admin privileges to
call
apache -k * isn't creating any kind of security. Anybody could create a
simple
five like program or open up services from the control panel to control
apache
if their account has the rights to do so. Just because
HI,
I am probably not speaking for most of the modules. I have been doing
patching of Apache forever, since otherwise certain
information/functionality
from Apache cannot be done in an SNMP managed way by MOD-SNMP.
Harrie
--On Wednesday, July 10, 2002 12:26 PM +0200 [EMAIL PROTECTED] wrote:
On Wed, Jul 10, 2002 at 10:44:46AM -0700, Ryan Bloom wrote:
I still believe that everything that is currently in ROADMAP can and
should be implemented in 2.0.
And my point is we won't know until there is a patch that solves
one of the roadmap problems. Only then will we be able to decide.
At 12:54 PM 7/10/2002, you wrote:
That's the responsibility of Windows. By forcing admin privileges to call
apache -k * isn't creating any kind of security. Anybody could create a
simple
five like program or open up services from the control panel to control apache
if their account has the
At 12:56 PM 7/10/2002, Aaron Bannert wrote:
On Wed, Jul 10, 2002 at 10:44:46AM -0700, Ryan Bloom wrote:
I still believe that everything that is currently in ROADMAP can and
should be implemented in 2.0.
And my point is we won't know until there is a patch that solves
one of the roadmap
Aaron Bannert wrote:
On Wed, Jul 10, 2002 at 10:44:46AM -0700, Ryan Bloom wrote:
I still believe that everything that is currently in ROADMAP can and
should be implemented in 2.0.
I agree.
And my point is we won't know until there is a patch that solves
one of the roadmap problems. Only
While doing this patch (and ending up with 3 very small modules); I found
the following legacy behaviour. Any feels as to if we shall kill these
surprizing behaviourisms in 2.0 or stay as close to 1.3 as possibe ?:
- if there are no requires - but there is Auth happening
we
On Wed, Jul 10, 2002 at 11:19:31AM -0700, Brian Pane wrote:
From my perspective, the event that should cause us to branch for
a 2.1 or 3.0 release isn't this code change is too drastic for 2.0
but rather: this new feature that's useful to customers is impossible
to build or maintain on top of
What Theo is after with Monolithic is just the current fad-du-jour;
separation of priv's like recently done in SSH.
Our MPM's are a very cool starting point.
Dw
--
Dirk-Willem van Gulik
I had to laugh at the 'fad-du-jour' comment. This is very old hat with the
IBM OS/390 crowd.
The patches look acceptable, except for the below... Why the change?
'-depth' not supported in LynxOS's find?
At 1:51 PM +0200 7/10/02, Fulvio Bille` wrote:
Hi,
this patch enable to run configure and compile on LynxOS-3.0.1
Any source file is modified.
Only Configure, GuessOS, mkshadow.sh and
From: Thom May [mailto:[EMAIL PROTECTED]]
Sent: 10 July 2002 18:04
* Jim Jagielski ([EMAIL PROTECTED]) wrote :
Thom May wrote:
Please don't do this. We should_not_ be second guessing the user.
I'd prefer education but also that they get a configuration that they
can test right after
On Wed, 10 Jul 2002, Bill Stoddard wrote:
What Theo is after with Monolithic is just the current fad-du-jour;
...
I had to laugh at the 'fad-du-jour' comment. This is very old hat with the
IBM OS/390 crowd. They've been doing that since the time the birds and trees
L'Histoire se repete :-)
Have there been any complaints about how 1.3 has been doing it for
ages? A 'make install; foo/bin/apachectl start' no matter who does
the building has always resulted in at least a somewhat functional
server. I don't see the reason for stopping a traditional behavior
(and a possible expectation
On Wed, Jul 10, 2002 at 03:12:07PM -0400, Jim Jagielski wrote:
Have there been any complaints about how 1.3 has been doing it for
ages? A 'make install; foo/bin/apachectl start' no matter who does
the building has always resulted in at least a somewhat functional
server. I don't see the
Jeff Trawick wrote:
Maybe proxy should contruct a printable URL for use in debug messages,
where the optional password has been replaced with ? or some other
character?
I think proxy did at one stage, I recall seeing a function in there to
strip passwords out. Will take a look in the next
On Wed, 10 Jul 2002, Jim Jagielski wrote:
Have there been any complaints about how 1.3 has been doing it for
None seen here.
ages? A 'make install; foo/bin/apachectl start' no matter who does
the building has always resulted in at least a somewhat functional
server. I don't see the reason
From: Justin Erenkrantz [mailto:[EMAIL PROTECTED]]
On Wed, Jul 10, 2002 at 03:12:07PM -0400, Jim Jagielski wrote:
Have there been any complaints about how 1.3 has been doing it for
ages? A 'make install; foo/bin/apachectl start' no matter who does
the building has always resulted in at
Ryan Bloom wrote:
We have fixed our installation step to preserve existing config files,
so if you compile as a non-root user, and install over the top of an
existing installation, your port won't change.
This only has to do with how the server is configured the FIRST time the
server is
We still seem to be pretending we have a Port directive in Apache 2.0.
There's a superfluous -e 's#@@Port@@#$(PORT)#g' handling of the config
files, if I'm reading Makefile.in right.
--
===
Jim Jagielski [|] [EMAIL
On Wed, 10 Jul 2002, Jim Jagielski wrote:
Have there been any complaints about how 1.3 has been doing it for
ages?
Yes. I've seen many confused people posting to
comp.infosystems.www.servers.unix who where caught by exactly this issue.
It usually starts with a basic query like I installed
On Wed, 10 Jul 2002, Joshua Slive wrote:
Yes. I've seen many confused people posting to
comp.infosystems.www.servers.unix who where caught by exactly this
issue. It usually starts with a basic query like I installed apache and
it says that it started successfully, but I can't access it.
On Wed, Jul 10, 2002 at 12:30:35PM -0700, Joshua Slive wrote:
As I've said, this cute feature is confusing for newbies and irritating
for some legitimate users. The only people it helps are people who
install apache often for testing, and these people should know to use
--port on the
Have there been any complaints about how 1.3 has been doing it for
ages?
Yes. I've seen many confused people posting to
comp.infosystems.www.servers.unix who where caught by exactly this issue.
It usually starts with a basic query like I installed apache and it says
that it started
Should we also allow blank Content-Length headers in 2.0?
Even if not, it seems to me that in the normal case, we're subjecting
each char in the C-L: value field to at least one check before we
go ahead and determine the real value. It appears more efficient to me
to go ahead and simply use
From: Ryan Bloom [mailto:[EMAIL PROTECTED]]
Sent: 10 July 2002 21:24
From: Justin Erenkrantz [mailto:[EMAIL PROTECTED]]
On Wed, Jul 10, 2002 at 03:12:07PM -0400, Jim Jagielski wrote:
Have there been any complaints about how 1.3 has been doing it for
ages? A 'make install; foo/bin/apachectl
On Wed, Jul 10, 2002 at 12:30:35PM -0700, Joshua Slive wrote:
... The only people it helps are people who
install apache often for testing, and these people should know to use
--port on the configure command line.
Oh don't get me started on that again... ;)
-aaron
Who woudda thunk that such a minor thing would cause such a big
discussion :) I love open source collaboration.
--
===
Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/
A society that will
This is with Ryan's poll patch and some of my patches to mod_cache and
mod_mem_cache (which I will publish later on). Unfortuanetely the results
are difficult to compare with earlier results because my test tree was just
too polluted with patches for Ryan's patch to cleanly apply. Still, the
I'm sort of dubious on the whole 'retain blank headers' bit. If we put
them into the request_headers list, many modules might barf when
they encounter them.
Is it possible, by the protocol, to consider blank headers a noop,
and simply not store them in the request headers array?
E.g. no value
From: Bill Stoddard [mailto:[EMAIL PROTECTED]]
This is with Ryan's poll patch and some of my patches to mod_cache and
mod_mem_cache (which I will publish later on). Unfortuanetely the
results
are difficult to compare with earlier results because my test tree was
just
too polluted with
Dirk, since you're working on a patch for Auth, would it be possible to have
the groups list somewhere in the request structure? It would be great with
web applications, where we can match groups with roles (therefore allowing
authentication to be processed by apache entirely)...
Pier
Ryan Bloom [EMAIL PROTECTED] wrote:
I'm sorry, but that is completely bogus. If the API needs to change to
make things better, then change the API. Stop trying to open a new dev
branch when the current one is still moving forward quickly. We have
this discussion every few weeks now, and
Bill Stoddard wrote:
Subroutine Name Source File Visit Enter % Ticks
=== === = = =
.ap_rgetline_coreprotocol.c 366 1.5 709
Darn, all that optimization work and it's
* Jim Jagielski ([EMAIL PROTECTED]) wrote :
Ryan Bloom wrote:
We have fixed our installation step to preserve existing config files,
so if you compile as a non-root user, and install over the top of an
existing installation, your port won't change.
This only has to do with how the
On Wed, 10 Jul 2002, Pier Fumagalli wrote:
Dirk, since you're working on a patch for Auth, would it be possible to have
the groups list somewhere in the request structure? It would be great with
web applications, where we can match groups with roles (therefore allowing
authentication to be
[EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
On Wed, 10 Jul 2002, Pier Fumagalli wrote:
Dirk, since you're working on a patch for Auth, would it be possible to have
the groups list somewhere in the request structure? It would be great with
web applications, where we can match groups with
Is httpd-ldap being maintained? Is this the appropriate list to ask
about it?
With the worker MPM, it seems to work - ldap_status doesn't ever show
anything being cached, but mod_auth_ldap authenticates correctly.
With the prefork MPM (I had unrelated problems with worker), it's going
Looks like your last commit to apr_tables.c was 4 days ago. This run was
using code I pulled from CVS this afternoon.
Bill
Bill Stoddard wrote:
Subroutine Name Source File Visit
Enter % Ticks
=== === =
=
APACHE 1.3 STATUS: -*-text-*-
Last modified at [$Date: 2002/06/27 20:57:21 $]
Release:
1.3.27-dev: In development
1.3.26: Tagged June 18, 2002.
1.3.25: Tagged June 17, 2002. Not released.
1.3.24: Tagged Mar 21, 2002. Announced Mar 22,
APACHE 2.0 STATUS: -*-text-*-
Last modified at [$Date: 2002/06/28 20:16:26 $]
Release:
2.0.40 : in development.
2.0.39 : rolled June 17, 2002.
2.0.38 : rolled June 16, 2002. not released.
2.0.37 : rolled June 11, 2002. not
At 02:21 AM 7/1/2002, you wrote:
Quick patch to bring some old docs up-to-date.
Do we even care to freshen these? Seems like it's about time to
kill this bird.
Bill
--
James Cox :: [EMAIL PROTECTED] :: Landonize It! http://landonize.it/
Was I helpful?
Well,
we have two (maybe 3) options. We can either kill it all, or keep it
up-to-date, or just ignore them, and label them so but having links that
end up as 404's probably don't help, imho.
-- james
At 02:21 AM 7/1/2002, you wrote:
Quick patch to bring some old docs up-to-date.
Do
69 matches
Mail list logo