This patch fixes the problem I mentioned in my reply to Jeff - namely that
any deny host directive should deny access when a double reverse lookup
fails.
I'm out of town this weekend, so I don't have a lot of time to test this.
Other eyes appreciated. (Feel free to commit.) -- justin
Index:
Em Thu, Oct 03, 2002 at 02:20:15PM -0500, William A. Rowe, Jr. escreveu:
>
> Apache 1.3.27 Released
The subject doesn't seem to agree with the body of the message
(2.0.43 vs 1.3.27)
How to unsubscribe from this list ?
- Original Message -
From: "André Malo" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, October 03, 2002 10:06 PM
Subject: Re: RLimitNPROC behaviour question
* André Malo wrote:
> For example:
>
> RLimitNPROC 1
>
> means in practise: a CG
* André Malo wrote:
> For example:
>
> RLimitNPROC 1
>
> means in practise: a CGI program may send a mail by piping it to
> /usr/lib/sendmail if there's no concurrent process, i.e. it runs
> alone. whether that makes sense or not...dependant on
> system/policies/etc., I think.
> I hope, I don'
-BEGIN PGP SIGNED MESSAGE-
Apache 2.0.43 Released
The Apache Software Foundation and The Apache Server Project are
pleased to announce the sixth public release of the Apache 2.0
HTTP Server. This Announcement notes the significant changes in
2
-BEGIN PGP SIGNED MESSAGE-
Apache 1.3.27 Released
The Apache Software Foundation and The Apache Server Project are
pleased to announce the release of version 1.3.27 of the Apache HTTP
Server. This Announcement notes the significant changes in 1.3.27
* Joshua Slive wrote:
[RLimitNPROC]
> I think it still applies: It says that using that directive may limit
> the total number of cgi processes that can be launched at one time.
And that's not true, as far I can see.
The directive works for me as follows:
mod_cgi creates a new process via fork
André Malo wrote:
> * Daniel Lopez wrote:
>
>
>>>| Note: If CGI processes are not running under userids other than the
>>>| web server userid, this directive will limit the number of
>>>| processes that the server itself can create. Evidence of this
>>>| situation will be indicated by "cannot fo
* Daniel Lopez wrote:
>> | Note: If CGI processes are not running under userids other than the
>> | web server userid, this directive will limit the number of
>> | processes that the server itself can create. Evidence of this
>> | situation will be indicated by "cannot fork" messages in the
>> |
Justin Erenkrantz <[EMAIL PROTECTED]> writes:
> --On Thursday, October 3, 2002 11:37 AM -0400 Jeff Trawick
> <[EMAIL PROTECTED]> wrote:
>
> > I committed the patch as-is... somebody with recent autoconf can play
> > with the quotes later :)
>
> Actually, we can do better than this.
>
> If you
--On Thursday, October 3, 2002 11:37 AM -0400 Jeff Trawick
<[EMAIL PROTECTED]> wrote:
> I committed the patch as-is... somebody with recent autoconf can play
> with the quotes later :)
Actually, we can do better than this.
If you pass NI_NAMEREQD to getnameinfo(), it will return an error code
Sander Temme <[EMAIL PROTECTED]> writes:
> Seems to do the right thing here:
Thanks for testing...
> checking if APR supports IPv6... "no -- the platform has problems supporting
> IPv6"
those quotes suck, but it looks like that whole section of
configure.in does not agree with some level of au
--On Thursday, October 3, 2002 9:46 AM -0400 Jeff Trawick
<[EMAIL PROTECTED]> wrote:
> This patch disables IPv6 on Darwin. I think it is needed until there
> is a fix from Apple or we figure out that we're doing something wrong.
ISTR a thread on darwin-development about IPv6 and lookups being
>>>the files are really large and hard to read;
>>>probably it would really be better using tcpdump -W (output file) on the
>>>server side when the response is coming in. This output file can easily
>>>be read with Ethereal (Menu Tool, "Follow TCP/IP Stream") or any other
>>>tcpdump [EMAIL PROTECT
> This patch disables IPv6 on Darwin. I think it is needed until there
> is a fix from Apple or we figure out that we're doing something wrong.
+1
Tested on:
Darwin shadow.local. 6.1 Darwin Kernel Version 6.1: Fri Sep 6 23:24:34 PDT
2002; root:xnu/xnu-344.2.obj~2/RELEASE_PPC Power Macintosh
> Sander Temme <[EMAIL PROTECTED]> writes:
>
>> Looks like it does the right thing:
>
> no, look how it bungled finding the hostname when passed a mapped
> address (like we would get back from accept):
Argh. Goes to prove that I shouldn't get up in the middle of the night to do
stuff like that.
[X] release 2.0.43 GA as is
Including mod_logio.c would cascade into to many make file changes at
least on NetWare. Having a little extra documentation shouldn't hurt
anything.
Brad
Brad Nicholes
Senior Software Engineer
Novell, Inc., the leading provider of Net business solutions
http://www.
Hi,
I had this problem (proxying Exchange) few month ago, when apache 2.0
was just released...
I was unable with apache 1.3 to proxy my OWA (outlook web access).
When i sniffed the connection, i saw that for the login/pass process,
Exchange was sending a 401 until he found a valid authentificat
"William A. Rowe, Jr." <[EMAIL PROTECTED]> writes:
> For this release, will you write a one-liner (much like I'm writing for
> the present logio docs and missing logio module), recommending
> that change and documenting the option?
>
> We can get this into Announcement, presuming the majority go
ftp://ftp.wuga.org/pub/tcpflow.tar.gz
tcpflow/
tcpflow/2.0.42/
tcpflow/2.0.42/ie
tcpflow/1.3.26/
tcpflow/1.3.26/mozilla
tcpflow/1.3.26/ie1
tcpflow/1.3.24/
tcpflow/1.3.24/ie
the flows should now show both directions (into reverse proxy and into
IIS). the flows (for 1.3.26 and 2.0.42) are limit
Robin P. Blanchard wrote:
> attached is tcpflow.tar.gz, containing:
> tcpflow/
> tcpflow/2.0.42/
> tcpflow/2.0.42/mozilla
> tcpflow/2.0.42/ie
> tcpflow/1.3.26/
> tcpflow/1.3.26/ie
> tcpflow/1.3.26/mozilla
I can only see flows from the browser to apache, but not from apache to
exchange. I need t
For this release, will you write a one-liner (much like I'm writing for
the present logio docs and missing logio module), recommending
that change and documenting the option?
We can get this into Announcement, presuming the majority goes
with 'release as is' which seems to be the current tide.
B
This patch disables IPv6 on Darwin. I think it is needed until there
is a fix from Apple or we figure out that we're doing something wrong.
This patch manages to avoid screwing up IPv6 detection on Linux, but
that is about all I can say about it.
Index: configure.in
"William A. Rowe, Jr." <[EMAIL PROTECTED]> writes:
> for testing from http://httpd.apache.org/dev/dist/ in your preferred
> .tar.gz, .tar.Z or -win32-src.zip format (-win32-src.zip containing
> the msvc makefiles.)
>
> We expect to release this image due to two minor security
> exposures sometim
Sander Temme <[EMAIL PROTECTED]> writes:
> Looks like it does the right thing:
no, look how it bungled finding the hostname when passed a mapped
address (like we would get back from accept):
> [MonaLisa:~/projects/ipv6test] sctemme% ./gni_mapped
> look up via IPv4: 0/www.ibm.com
> look up via I
I vote with Thom. Test and release it. Better to have secure tested
code with confusing docs.
Thom May wrote:
> * William A. Rowe, Jr. ([EMAIL PROTECTED]) wrote :
>
>>You are right.
>>
>>Folks, please vote (for the next hour or so) for one of the following
>>(everyone is welcome to vote here...
On Thu, Oct 03, 2002 at 07:59:19AM -0500, William A. Rowe, Jr. wrote:
> [x] release 2.0.43 GA as is
* William A. Rowe, Jr. ([EMAIL PROTECTED]) wrote :
> You are right.
>
> Folks, please vote (for the next hour or so) for one of the following
> (everyone is welcome to vote here...)
>
> [x] release 2.0.43 GA as is
> [ ] roll 2.0.44 again, plus mod_logio.c
> [ ] roll 2.0.44 again, minus mod
You are right.
Folks, please vote (for the next hour or so) for one of the following
(everyone is welcome to vote here...)
[ ] release 2.0.43 GA as is
[ ] roll 2.0.44 again, plus mod_logio.c
[ ] roll 2.0.44 again, minus mod_logio docs
I'll tally within a few hours so we can stay on some s
Robin P. Blanchard wrote:
> attached is tcpflow.tar.gz, containing:
You forgot the attachment...
Regards,
Graham
--
-
[EMAIL PROTECTED]"There's a moon
over Bourbon Street
> > http://www.apache.org/~trawick/gni_mapped.c
> > and see what happens? It should print
> >
> > look up via IPv4: 0/www.ibm.com
> > look up via IPv6: 0/www.ibm.com
>
[dyn-205:~/tmp/g] dirkx% gcc gni_mapped.c
gni_mapped.c: In function `main':
gni_mapped.c:35: warning: implicit
>> I have stepped through the code of a regular (IPv6-enabled) builda bit and
>> it appears that what comes back from accept(2) is an IPv6 address, which
>> apparently doesn't resolve correctly from mod_authz_host.c. Indeed, the
>> remote address information is eventually (sa_common.c:508) passed
Sander Temme <[EMAIL PROTECTED]> writes:
> I have stepped through the code of a regular (IPv6-enabled) builda bit and
> it appears that what comes back from accept(2) is an IPv6 address, which
> apparently doesn't resolve correctly from mod_authz_host.c. Indeed, the
> remote address information i
Sander Temme <[EMAIL PROTECTED]> writes:
> On MacOSX 10.2 "Jaguar", hostname based access control is broken in Apache
> 2.0. This problem appears in the access tests of the perl-framework, where
> any test that tests something like 'Deny from localhost' fails. I have since
> determined that deny
Somehow the mod_logio.xml and mod_logio.html.en files have gone in but the
actual module didn't. That might confuse a few people...
Bojan
Quoting "William A. Rowe, Jr." <[EMAIL PROTECTED]>:
> for testing from http://httpd.apache.org/dev/dist/ in your preferred
> .tar.gz, .tar.Z or -win32-src.zi
35 matches
Mail list logo
