Re: DO NOT REPLY [Bug 45023] DEFLATE preventing 304 NOT MODIFIED response

[Nick Kew]

On 19 Aug 2008, at 14:41, [EMAIL PROTECTED] wrote:


--- Comment #5 from rahul [EMAIL PROTECTED]  2008-08-19 06:41:51 PST ---
Created an attachment (id=22453)
 -- (https://issues.apache.org/bugzilla/attachment.cgi?id=22453)
A POC slightly better than the above conf lines,

Adds an input filter ETAG that can be used like below, along with  
DEFLATE

to let apache recognize ($1)-gzip as $1

AddInputFilter ETAG .txt
AddOutputFilterByType DEFLATE text/plain


Neat little fix (insofar as that problem admits of a neat fix).
But I dislike using an input filter just to manipulate request headers
(that's what processing hooks are for), and the sysop shouldn't
have to configure it.

Does something bad happen if you put the check in a post_read_request
hook instead?

--
Nick Kew

Re: [PATCH] Dynamic locking upcalls in mod_ssl

[Joe Orton]

On Wed, Aug 20, 2008 at 10:36:37AM -0400, Sander Temme wrote:

 On Aug 18, 2008, at 5:18 AM, Joe Orton wrote:

 So generally pconf is the right pool to use, along with a cleanup
 registered against that pool which sets the callbacks to NULL.

 Yes, with the cleanup it no longer hangs.  What about stashing a pool  
 reference in a global, is that a red flag?

Given that the lifetime of the callbacks is now constrained, is the new 
global pool still needed?

Also any reason to put the structure in ssl_private.h rather than the .c 
file directly?

joe

Re: [PATCH] Dynamic locking upcalls in mod_ssl

[Plüm, Rüdiger, VF-Group]

 

 -Ursprüngliche Nachricht-
 Von: Joe Orton 
 Gesendet: Donnerstag, 21. August 2008 13:41
 An: dev@httpd.apache.org
 Betreff: Re: [PATCH] Dynamic locking upcalls in mod_ssl
 
 On Wed, Aug 20, 2008 at 10:36:37AM -0400, Sander Temme wrote:
 
  On Aug 18, 2008, at 5:18 AM, Joe Orton wrote:
 
  So generally pconf is the right pool to use, along with a cleanup
  registered against that pool which sets the callbacks to NULL.
 
  Yes, with the cleanup it no longer hangs.  What about 
 stashing a pool  
  reference in a global, is that a red flag?
 
 Given that the lifetime of the callbacks is now constrained, 
 is the new 
 global pool still needed?

Where does this patch use a global pool? It keeps a reference on the pconf
pool in a global variable, but it no longer creates a global pool.
Or do I miss your point?

Regards

Rüdiger

Re: Dropping mod_sed into /trunk/ ?

[Jeff Trawick]

On Wed, Aug 20, 2008 at 6:53 PM, Nick Kew [EMAIL PROTECTED] wrote:


 Any thoughts on dropping it in to trunk


Is it best to preserve the current files/filenames (sed.h, libsed.h, sed0.c,
etc.) to better reflect the history of that code, or should the files be
combined/renamed to something that makes more sense for an Apache module
that shares space with a lot of other modules?  (I'm assuming this goes into
modules/filters and not its own modules/sed.)

Re: [PATCH] Dynamic locking upcalls in mod_ssl

[Joe Orton]

On Thu, Aug 21, 2008 at 01:49:35PM +0200, Plüm, Rüdiger, VF-Group wrote:
  Given that the lifetime of the callbacks is now constrained, is the 
  new global pool still needed?
 
 Where does this patch use a global pool? It keeps a reference on the pconf
 pool in a global variable, but it no longer creates a global pool.
 Or do I miss your point?

Oh, sorry, I missed that the dynlockpool is now parented off pconf.  
Ignore me and carry on ;)

joe

Re: Dropping mod_sed into /trunk/ ?

[Jorge Schrauwen]

On Thu, Aug 21, 2008 at 1:53 PM, Jeff Trawick [EMAIL PROTECTED] wrote:

 On Wed, Aug 20, 2008 at 6:53 PM, Nick Kew [EMAIL PROTECTED] wrote:


 Any thoughts on dropping it in to trunk


 Is it best to preserve the current files/filenames (sed.h, libsed.h,
 sed0.c, etc.) to better reflect the history of that code, or should the
 files be combined/renamed to something that makes more sense for an Apache
 module that shares space with a lot of other modules?  (I'm assuming this
 goes into modules/filters and not its own modules/sed.)



Renaming them to fit better in for the apache file tree seems a good idea.
If its not done it will probably get done at some point in the future
anyway.

~Jorge

Re: Dropping mod_sed into /trunk/ ?

[rahul]

| Any thoughts on dropping it in to trunk, with a view
| to including it as standard in 2.4 in due course?
| 
| mod_sed is much more than a mere string-or-regexp search-and-replace

What happens to mod_substitute? especially since what substitute
provides seems to be a strict subset of mod_sed ?

rahul
--
1. e4 _

Re: Dropping mod_sed into /trunk/ ?

[Jim Jagielski]

On Aug 20, 2008, at 6:53 PM, Nick Kew wrote:


A little while ago, Basant Kukreja published mod_sed under the
Apache license.  He's now also written a blog entry that could
become the basis for a tutorial into how mod_sed is much more
than a mere string-or-regexp search-and-replace filter:

http://blogs.sun.com/basant/entry/using_mod_sed_to_filter

I happen to know that Basant and Sun will be happy for us
to adopt mod_sed, and I think that with that blog entry
reworked into a howto doc, it'll add real value to httpd.

Any thoughts on dropping it in to trunk, with a view
to including it as standard in 2.4 in due course?



We will need, of course, the IP clearance issues resolved.

Re: svn commit: r686809 - /httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c

[Jim Jagielski]

On Aug 19, 2008, at 11:44 PM, William A. Rowe, Jr. wrote:


William A. Rowe, Jr. wrote:

Different issue; different response.
Bill Barker wrote:

Nick Kew [EMAIL PROTECTED] wrote in message
-1.  Semicolon is a perfectly valid character in a session-id, so  
that

risks breaking other apps.  The fact that Tomcat treats it as a
separator doesn't commit other appservers to do the same.


No, an un-escaped semicolon is a reserved character by RFC 2396,  
section 2.2.  Since RFC 2616 section 3.2.1 uses 2396 as a  
reference, then an un-escaped semicolon isn't valid in a session-id.


Sorry, I answered too quickly, everything in the reserved set have
two meanings in the context of the URI


 reserved= ; | / | ? | : | @ |  | = | + |
   $ | ,


So let's study ;'s meaning

3.3. Path Component

  The path component contains data, specific to the authority (or the
  scheme if there is no authority component), identifying the resource
  within the scope of that scheme and authority.

 path  = [ abs_path | opaque_part ]

 path_segments = segment *( / segment )
 segment   = *pchar *( ; param )
 param = *pchar

 pchar = unreserved | escaped |
 : | @ |  | = | + | $ | ,

  The path may consist of a sequence of path segments separated by a
  single slash / character.  Within a path segment, the characters
  /, ;, =, and ? are reserved.  Each path segment may  
include a

  sequence of parameters, indicated by the semicolon ; character.
  The parameters are not significant to the parsing of relative
  references.

This is not what Jim's patch represented, so I concur with Nick, -1 to
the patch committed.



Please note that get_path_param() is ONLY used to get the sticky
route via the session data and only in find_session_route().

In any case, I agree that both solutions are non-optimal... This
leads me to believe that whether we should treat ';' as special
for session/route data should be runtime configurable. I propose
a simple envar... Sound OK?

Re: Dropping mod_sed into /trunk/ ?

[Nick Kew]

On 21 Aug 2008, at 13:02, rahul wrote:


| Any thoughts on dropping it in to trunk, with a view
| to including it as standard in 2.4 in due course?
|
| mod_sed is much more than a mere string-or-regexp search-and- 
replace


What happens to mod_substitute? especially since what substitute
provides seems to be a strict subset of mod_sed ?


That's a decision that can wait for 2.4, by which time we should have
more user feedback to base it on.

--
Nick Kew

Re: svn commit: r686809 - /httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c

[Nick Kew]

On 21 Aug 2008, at 13:39, Jim Jagielski wrote:

In any case, I agree that both solutions are non-optimal... This
leads me to believe that whether we should treat ';' as special
for session/route data should be runtime configurable. I propose
a simple envar... Sound OK?


+1.

(assuming I understand your meaning aright)

--
Nick Kew

Re: Dropping mod_sed into /trunk/ ?

[Nick Kew]

On 21 Aug 2008, at 13:28, Jim Jagielski wrote:



On Aug 20, 2008, at 6:53 PM, Nick Kew wrote:


A little while ago, Basant Kukreja published mod_sed under the
Apache license.  He's now also written a blog entry that could
become the basis for a tutorial into how mod_sed is much more
than a mere string-or-regexp search-and-replace filter:

http://blogs.sun.com/basant/entry/using_mod_sed_to_filter

I happen to know that Basant and Sun will be happy for us
to adopt mod_sed, and I think that with that blog entry
reworked into a howto doc, it'll add real value to httpd.

Any thoughts on dropping it in to trunk, with a view
to including it as standard in 2.4 in due course?



We will need, of course, the IP clearance issues resolved.



Of course we have a long-standing CCLA from Sun.

Basant, do we have an ICLA from you?
http://www.apache.org/licenses/icla.{txt|pdf}

(Technically it's sufficient that it's Apache-licensed, if we preserve
the third-party notices.  But that's not really what's proposed :-)

--
Nick Kew

Re: [PATCH] Dynamic locking upcalls in mod_ssl

[Sander Temme]

On Aug 21, 2008, at 7:41 AM, Joe Orton wrote:


Yes, with the cleanup it no longer hangs.  What about stashing a pool
reference in a global, is that a red flag?


Given that the lifetime of the callbacks is now constrained, is the  
new

global pool still needed?


As Rüdiger mentioned, the pool is no longer created out of a NULL  
parent.  Putting in the cleanup allowed me to use pconf without  
hanging the parent on shutdown.  It's still a global reference,  
because the prototypes of the OpenSSL callbacks don't allow me to pass  
user data back in.


Also any reason to put the structure in ssl_private.h rather than  
the .c

file directly?



None.  I'll move it.

S.

--
Sander Temme
[EMAIL PROTECTED]
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF





smime.p7s
Description: S/MIME cryptographic signature

Re: SNI in 2.2.x (Re: Time for 2.2.10?)

[Oden Eriksson]

Den Wednesday 20 August 2008 13:10:52 skrev Nick Kew:
 On Wed, 20 Aug 2008 12:06:33 +0200

 Oden Eriksson [EMAIL PROTECTED] wrote:
  FYI: This patch is applied in Mandriva Linux.

 Any feedback?  Bug reports coming from their users?

No reports so far. It was requested by our users though.

 If you'd said Debuntu or Deadrat+family, we might infer a user
 community big enough to rely on (FSreasonableVO rely).
 Not sure about Mandriva, but it's surely better than nothing.

 It seems clear that users *really* want it.  I'd say that adds
 weight to the argument for including it and taking the risk.
 It might be worth a --with-SNI configuration option, which
 would label it as an experimental feature.

BTW: In mandriva Cooker (current) you can do this:

[EMAIL PROTECTED] /]# LC_ALL=C urpmi apache-mod_
No package named apache-mod_
The following packages contain apache-mod_:
apache-mod_activex_filter
apache-mod_annodex
apache-mod_anticrack
apache-mod_antispam
apache-mod_apparmor
apache-mod_apreq
apache-mod_athena
apache-mod_auth_cert
apache-mod_auth_form
apache-mod_auth_gforge
apache-mod_auth_imap
apache-mod_auth_kerb
apache-mod_auth_memcookie
apache-mod_auth_msfix
apache-mod_auth_mysql
apache-mod_auth_nds
apache-mod_auth_ntlm_winbind
apache-mod_auth_openid
apache-mod_auth_openpgp
apache-mod_auth_pgsql
apache-mod_auth_pubtkt
apache-mod_auth_radius
apache-mod_auth_remote
apache-mod_auth_sdb
apache-mod_auth_shadow
apache-mod_auth_token
apache-mod_auth_xradius
apache-mod_authenticache
apache-mod_authn_bugzilla
apache-mod_authn_dbd
apache-mod_authn_dbi
apache-mod_authn_imap
apache-mod_authn_nufw
apache-mod_authn_sasl
apache-mod_authnz_external
apache-mod_authz_ldap
apache-mod_authz_unixgroup
apache-mod_axis2
apache-mod_backtrace
apache-mod_benchmark
apache-mod_bt
apache-mod_but
apache-mod_bw
apache-mod_bwshare
apache-mod_cache
apache-mod_cachem
apache-mod_cband
apache-mod_cfg_ldap
apache-mod_cguard
apache-mod_chm
apache-mod_chroot
apache-mod_cidr
apache-mod_clamav
apache-mod_coredumper
apache-mod_countm
apache-mod_crowd
apache-mod_dav
apache-mod_dav_repos
apache-mod_dav_svn
apache-mod_dbd
apache-mod_dbi_pool
apache-mod_defensible
apache-mod_deflate
apache-mod_delay
apache-mod_diagnostics
apache-mod_disk_cache
apache-mod_dns
apache-mod_dnsbl
apache-mod_dnsbl_lookup
apache-mod_dnssd
apache-mod_domaintree
apache-mod_dontdothat
apache-mod_encoding
apache-mod_estraier
apache-mod_evasive
apache-mod_extract_forwarded
apache-mod_fakessl
apache-mod_fastcgi
apache-mod_fcgid
apache-mod_file_cache
apache-mod_form
apache-mod_fortress
apache-mod_ftp
apache-mod_ftpd
apache-mod_geo
apache-mod_geoip
apache-mod_gnutls
apache-mod_gzip_disk
apache-mod_httpbl
apache-mod_i18n
apache-mod_ifier
apache-mod_injection
apache-mod_ip_count
apache-mod_ipenv
apache-mod_jsmin
apache-mod_layout
apache-mod_ldap
apache-mod_ldap_userdir
apache-mod_limitipconn
apache-mod_line_edit
apache-mod_load_average
apache-mod_log_access
apache-mod_log_data
apache-mod_log_dbd
apache-mod_log_rotate
apache-mod_log_sql
apache-mod_log_sqlite
apache-mod_loopback
apache-mod_lua
apache-mod_macro
apache-mod_mbox
apache-mod_mem_cache
apache-mod_memcache
apache-mod_memcached
apache-mod_memcached_cache
apache-mod_mime_xattr
apache-mod_mm_auth_ldap
apache-mod_mono
apache-mod_musicindex
apache-mod_mya
apache-mod_ndb
apache-mod_nss
apache-mod_ntlm
apache-mod_parmguard
apache-mod_perl
apache-mod_php
apache-mod_protection
apache-mod_proxy
apache-mod_proxy_ajp
apache-mod_proxy_fcgi
apache-mod_proxy_html
apache-mod_proxy_xml
apache-mod_pubcookie
apache-mod_put
apache-mod_python
apache-mod_qos
apache-mod_random
apache-mod_replace
apache-mod_roaming
apache-mod_rpaf
apache-mod_ruby
apache-mod_ruid
apache-mod_scgi
apache-mod_schema
apache-mod_scrmable
apache-mod_security
apache-mod_security2
apache-mod_sesehe
apache-mod_sleep
apache-mod_smbauth
apache-mod_smtpd
apache-mod_smtpd_rbl
apache-mod_spam_die
apache-mod_spin
apache-mod_sqil
apache-mod_ssl
apache-mod_stats
apache-mod_suexec
apache-mod_suphp
apache-mod_svn_view
apache-mod_tcl
apache-mod_tidy
apache-mod_traf_thief
apache-mod_transform
apache-mod_umask
apache-mod_upload
apache-mod_userdir
apache-mod_variety
apache-mod_vdbh
apache-mod_vhost_dbi
apache-mod_vhost_hash_alias
apache-mod_vhost_ldap
apache-mod_vhost_limit
apache-mod_vhost_mysql
apache-mod_vhost_mysql1
apache-mod_vhost_pgsql
apache-mod_vhost_sqlite3
apache-mod_vhs
apache-mod_watchcat
apache-mod_webfilter
apache-mod_websh
apache-mod_whatkilledus
apache-mod_wsgi
apache-mod_xhtml
apache-mod_xhtml_neg
apache-mod_xml2
apache-mod_xmlns
apache-mod_xsendfile
apache-mod_xslt2
apache-mod_xslt_filter
apache-mod_ziplook
apache-mod_zipread
apache-mod_zrkadlo

No idea about the other distros.

Re: Dropping mod_sed into /trunk/ ?

[Basant Kumar kukreja]

Thanks Nick for your initiative to make it part of Apache httpd. I am glad to
contribute to the Apache Software Foundation.

On Thu, Aug 21, 2008 at 02:04:14PM +0100, Nick Kew wrote:

 On 21 Aug 2008, at 13:28, Jim Jagielski wrote:


 On Aug 20, 2008, at 6:53 PM, Nick Kew wrote:

 A little while ago, Basant Kukreja published mod_sed under the
 Apache license.  He's now also written a blog entry that could
 become the basis for a tutorial into how mod_sed is much more
 than a mere string-or-regexp search-and-replace filter:

 http://blogs.sun.com/basant/entry/using_mod_sed_to_filter

 I happen to know that Basant and Sun will be happy for us
 to adopt mod_sed, and I think that with that blog entry
 reworked into a howto doc, it'll add real value to httpd.

 Any thoughts on dropping it in to trunk, with a view
 to including it as standard in 2.4 in due course?


 We will need, of course, the IP clearance issues resolved.


 Of course we have a long-standing CCLA from Sun.

 Basant, do we have an ICLA from you?
 http://www.apache.org/licenses/icla.{txt|pdf}

 (Technically it's sufficient that it's Apache-licensed, if we preserve
 the third-party notices.  But that's not really what's proposed :-)
I have not yet send the ICLA. I will send the signed document and post it in a
day or two.

 -- 
 Nick Kew
Regards,
Basant.

Re: SNI in 2.2.x (Re: Time for 2.2.10?)

[Ian G]

Nick Kew [EMAIL PROTECTED]wrote:

...
It might be worth a --with-SNI configuration option, which 
would label it as an experimental feature.


I imagine the use of SNI would need to be configured in 
httpd.conf anyway, in the virtual host parts.


Would an overall directive like:

PermitVhostTLSWithSNI = yes

be nicer?  (with default Off.)  Just a thought.

iang



smime.p7s
Description: S/MIME Cryptographic Signature

[community] 2.3.0 alpha on October 1?

[William A. Rowe, Jr.]

I'm thinking of tagging 2.3.0 alpha a month before we gather in New Orleans
for ApacheCon 2008/US http://us.apachecon.com/c/acus2008/ so that we can
begin to gather community feedback and actually /do/ something about it at
the hackathon.

Ok, I'm using 'we' sort of liberally, I'm training a day of httpd all day
Mon, and Rich takes the stage Tuesday which happens to be BarCamp day moreso
than hackathon.  Since it doesn't look likely for me to do so much hacking,
the least I can do is offer to RM the first alpha.

Which brings me to the other half of [community], I'm proposing we hold
an Apache httpd {next} barcamp session for the community who are at
ApacheCon BarCamp on Tuesday to learn about what has changed, what might
change, and perhaps if we get enough folks to express interest ... about
what they want to change.  Think in terms of Rich's What I hate about
Apache, x 15 voices or so :)

Thoughts?