[idea] web-application security powered by SELinux

Hello, Now I have considered the way to work web-applications with restrictive privileges set based on an identification of the client. It enables to check and prevent violated actions from (buggy) applications using features provided by the operating system. I'm concerned about most of web-appli

Re: [face2face] BOF Thurs 8:30pm at ApacheCon

On 24.03.2009 17:19, William A. Rowe, Jr. wrote: > Apache httpd Server 3.0; What Color is your Pony? > > A Birds of a Feather session for developers and users > > 20:30-21:30; Thursday 26-03; Lausanne Room; Moevenpick Lets make a photo there. Regards Rüdiger

Re: SIGQUIT using default signal handler instead of sig_coredump

On Tue, Mar 24, 2009 at 11:20 PM, Ruediger Pluem wrote: > On 24.03.2009 19:12, Eric Covener wrote: > > SIGQUIT (3) does not go through sig_coredump(). Is this intentional to > > short-circuit the sig_coredump handling in the case something is > > broken there? > I dunno about the intentions. >

Re: Mod_proxy_http override

On 24.03.2009 19:57, Dingwell, Robert A. wrote: > Hi, > > Is there a way to override http proxy handling to use a different module > other then mod_proxy_http? I¹ve been trying to use apache as a forwarding > proxy but I have an issue with the way it handles connection refused cases > from a serv

Patch: mod_lua usage of APR_DECLARE / compiling using MSVC

The APR_DECLARE and AP_LUA_DECLARE both perform useful (and different) tasks when compiling under win32/MSVC. Attached is a patch which I think corrects the usage of these macros in mod_lua - it certainly cuts down on the number of errors spat out by MSVC. Also included is moving "apr_table_t *rs;"

Re: SIGQUIT using default signal handler instead of sig_coredump

On 24.03.2009 19:12, Eric Covener wrote: > SIGQUIT (3) does not go through sig_coredump(). Is this intentional to > short-circuit the sig_coredump handling in the case something is > broken there? IMHO SIGQUIT isn't supposed to cause a coredump. Only "fatal" signals are supposed to do this. If you

Re: mod_lua check for lua compilation error

On Tue, Mar 24, 2009 at 7:57 PM, Brian McCallister wrote: > On Sat, Mar 21, 2009 at 10:54 AM, Bertrand Mansion > wrote: >> In order to be able to detect if a lua file fails to compile and get >> an informative error message like : >>  Error! >>  /web/localhost/htdocs/info.lua:174: '=' expected n

current status of loadable MPM changes

http://people.apache.org/~trawick/loadable_mpms.txt (you'll find additional stuff I forgot/didn't realize before long) something I'm in a relative hurry to get feedback on is this part: 2. retain data How can MPMs retain data across unload of the DSO? s->process->server_pool userdata won'

status of loadable MPM work

See http://people.apache.org/~trawick/loadable_mpms.txt (I'm sure you'll find some things I've omitted before long) Something in there I'm in a hurry to hear feedback on is 2. retain data How can MPMs retain data across unload of the DSO? s->process->server_pool userdata won't work as-is be

Re: Mod_proxy_http override

Dingwell, Robert A. wrote: Getting to Step Two means that it found an address and Step Two itself is going to attempt to make the initial connection to that address. My issue then comes into play where the address of a server is known but the server could refuse the connection on a particular p

status of loadable MPM work

See http://people.apache.org/~trawick/loadable_mpms.txt (I'm sure you'll find some things I've omitted before long) Something in there I'm in a hurry to hear feedback on is 2. retain data How can MPMs retain data across unload of the DSO? s->process->server_pool userdata won't work as-is be

Re: mod_lua check for lua compilation error

On Tue, Mar 24, 2009 at 6:57 PM, Brian McCallister wrote: > I think the lua_State may hold the compilation problems, but am not > sure, need to go poke around -- I won't have a chance for a while > still, am dealing with a family medical issue for a couple weeks > (nothing urgent, just needing att

Re: [PATCH] mod_dbd with more than one pool

Sorry for coming into this discussion late. I think this is an excellent set of patches. I had developed a similar enhancement to allow mod_dbd to connect with multiple databases at my last job but never had a chance to make it available here. Your version is far more clever and configurable. I

Re: mod_lua check for lua compilation error

On Sat, Mar 21, 2009 at 10:54 AM, Bertrand Mansion wrote: > In order to be able to detect if a lua file fails to compile and get > an informative error message like : >  Error! >  /web/localhost/htdocs/info.lua:174: '=' expected near '+' > instead of : >  Error! >  attempt to call a nil value > >

Mod_proxy_http override

Hi, Is there a way to override http proxy handling to use a different module other then mod_proxy_http? I¹ve been trying to use apache as a forwarding proxy but I have an issue with the way it handles connection refused cases from a server. I believe my issue lies within the code section below

SIGQUIT using default signal handler instead of sig_coredump

SIGQUIT (3) does not go through sig_coredump(). Is this intentional to short-circuit the sig_coredump handling in the case something is broken there? I'd like to document for CoreDumpDirectory, so people from Java world aren't left scratching their heads. -- Eric Covener cove...@gmail.com

Re: [VOTE] release 2.3.2 as alpha

Hi guys, On Mon, Mar 23, 2009 at 4:35 PM, Gregg L. Smith wrote: > Hello Devs, > > With the talk of removing pcre I've been dreading this day. I too am having issues with pcre when trying to move a custom module from 2.0 to 2.2. The ap_ apis seems to behave differently and doesnt match the way i

Re: [VOTE] release 2.3.2 as alpha

Yes, hopefully someone will since I'm not there yet and I've tasted 2.3 on two prior occasions and would love to again.. For the record, the pcre and deftables projects has been removed from the Apache workspace, but their cousin seem to still exist in the makefile, so command line builds pcre

Re: moving towards loadable MPMs

Paul Querna wrote: I was hoping someone will address the separation of child process management from the mpm. Majority of this stuff is common and duplicated across mpms while there can be an api for that thought. Yes, the simple mpm inteded to go there, and only uses APR functions for threadp

[face2face] BOF Thurs 8:30pm at ApacheCon

Apache httpd Server 3.0; What Color is your Pony? A Birds of a Feather session for developers and users 20:30-21:30; Thursday 26-03; Lausanne Room; Moevenpick -- http://wiki.apache.org/httpd/Face2Face/BoFAcEu09 Please feel free to add to the wiki page what you would like to se

Re: ProxyPassReverse and paths

On Mar 24, 2009, at 11:46 AM, William A. Rowe, Jr. wrote: Jim Jagielski wrote: On 2nd thought the whole idea of a balancer itself incorporating a path in conjunction with each ind. members also possibly having one is a big can of worms. Need to mull this over... Let me try mind-mapping t

Re: ProxyPassReverse and paths

Jim Jagielski wrote: On 2nd thought the whole idea of a balancer itself incorporating a path in conjunction with each ind. members also possibly having one is a big can of worms. Need to mull this over... Let me try mind-mapping this out - please sanity check a whole group of assumptions.

Re: ProxyPassReverse and paths

On 2nd thought the whole idea of a balancer itself incorporating a path in conjunction with each ind. members also possibly having one is a big can of worms. Need to mull this over...

Re: ProxyPassReverse and paths

On 24.03.2009 14:57, Jim Jagielski wrote: > > On Mar 24, 2009, at 9:44 AM, Ruediger Pluem wrote: > >> On 24.03.2009 14:28, Jim Jagielski wrote: >>> There have been a few times when people get caught up when >>> using ProxyPassReverse with balancers that contain a path... >>> After all, the normal

Re: [VOTE] release 2.3.2 as alpha

On 23 Mar 2009, at 20:35, Gregg L. Smith wrote: Hello Devs, With the talk of removing pcre I've been dreading this day. Sorry, can't help with Windows. But it's good that you've flagged the issue: hopefully someone will figure it out. For the record, pcre also caught me out on MacOS. I

Re: ProxyPassReverse and paths

On Mar 24, 2009, at 9:44 AM, Ruediger Pluem wrote: On 24.03.2009 14:28, Jim Jagielski wrote: There have been a few times when people get caught up when using ProxyPassReverse with balancers that contain a path... After all, the normal convention is everywhere you see a ProxyPass there should b

Re: moving towards loadable MPMs

On Tue, Mar 24, 2009 at 2:42 PM, Mladen Turk wrote: > Jeff Trawick wrote: >> >> On Tue, Mar 24, 2009 at 12:41 PM, Mladen Turk > > wrote: >> >>    Jeff Trawick wrote: >> >> >>        (no plans here to touch WinNT MPMs, and I don't see any >>        compelling reason to leav

Re: ProxyPassReverse and paths

On 24.03.2009 14:28, Jim Jagielski wrote: > There have been a few times when people get caught up when > using ProxyPassReverse with balancers that contain a path... > After all, the normal convention is everywhere you see a > ProxyPass there should be a corresponding ProxyPassReverse > that follow

Re: moving towards loadable MPMs

Jeff Trawick wrote: On Tue, Mar 24, 2009 at 12:41 PM, Mladen Turk > wrote: Jeff Trawick wrote: (no plans here to touch WinNT MPMs, and I don't see any compelling reason to leave it broken; it should build as before once the inevitable minor

ProxyPassReverse and paths

There have been a few times when people get caught up when using ProxyPassReverse with balancers that contain a path... After all, the normal convention is everywhere you see a ProxyPass there should be a corresponding ProxyPassReverse that follows the same format. However in cases where ProxyPass

Re: moving towards loadable MPMs

On Tue, Mar 24, 2009 at 12:41 PM, Mladen Turk wrote: > Jeff Trawick wrote: > >> >> (no plans here to touch WinNT MPMs, and I don't see any compelling reason >> to leave it broken; it should build as before once the inevitable minor >> slips are corrected) >> >> > The major problem with that is th

Re: svn commit: r757427 - /httpd/httpd/trunk/modules/mappers/mod_rewrite.c

Would it be useful to put some sort of notice of this in r->notes? Not just here but everyplace we escape. We get tripped up on this a lot :/ Just a thought (and maybe not a very good one) On Mar 23, 2009, at 11:59 AM, jor...@apache.org wrote: Author: jorton Date: Mon Mar 23 15:59:36 2009 New

Re: moving towards loadable MPMs

Jeff Trawick wrote: (no plans here to touch WinNT MPMs, and I don't see any compelling reason to leave it broken; it should build as before once the inevitable minor slips are corrected) The major problem with that is the huge amount of platform dependent code for managing the service, reg

moving towards loadable MPMs

MPMs are tightly bound into the server through several mechanisms: they define key functions ap_mpm_query and ap_mpm_run they define global variables like ap_server_conf build-time symbols in MPMDIR/mpm.h that enable generation of support code or provide macros for core to use I'm working on remov

Fwd: The revival of rsync+http

I guess people around here are aware of Tridge's old rproxy, which was mentioned here before:  http://marc.info/?l=apache-httpd-dev&m=96942551231967&w=2  http://marc.info/?l=apache-httpd-dev&m=93121563713572&w=2 This post is just to mention that there is a revival of the concep, being hacked into