On Mon, Dec 08, 2003 at 04:32:28PM -0500, Jeff Trawick wrote:
but APU_0_9_BRANCH for apr-util
$ cat srclib/apr/CVS/Tag
TAPR_0_9_BRANCH
$ cat srclib/apr-util/CVS/Tag
TAPU_0_9_BRANCH
(ouch)
Ups, my bad - I wonder why cvs didn't barf when I did that - I'll fix
my mess soon.
vh
Mads
; then
module_selection=$i
module_default=shared
else
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
- that way it will be
simple for anyone who cares about security to enable the module, and for
those who don't care for the quite significant added overhead, it will be
easy to turn on if they suspect a problem.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
- but runtime configurable would certainly
be nice.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
, a new directive
EnableExceptionHook {on|off}
which defaults to off must be used to tell sig_coredump() to call such
hooks.
Any objections?
No objections at all.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
the trace looks similar with mod_whatkilledus_13. Without either of
them it looks fine.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
+1 after testing - my only reservation is that
BTFile and WKUFile could probably use more verbose naming.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
with prefork and worker - seems to work well. All that seems
to be missing are the config directives.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
On Thu, Mar 04, 2004 at 07:41:54AM +0100, André Malo wrote:
I'd prefer the %{SSL:...} variant and using ssl_var_lookup_ssl. All other
Agreed. It makes sense to me to make a specific point out of where those
variables came from.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water
of httpd-test from a couple
of hours ago)
- t/modules/includes.t test 49 is failing; however, I think it's a bug in
httpd-test. That test is calling single_space(), but that function is
corrupting the response such that it fails (removes too many spaces).
The same error here.
vh
Mads
to the mod_ssl mailinglist
(where this question belongs) that it doesn't affect 1.3
or is it simply that mod_ssl, prior to apache 2, is not the
responsibility of ASF?
It isn't an ASF project. Mod_ssl is a project run by Ralf Engelschall.
vh
Mads Toftum
--
`Darn it, who spiked my coffee
this?
Wouldn't adding the port to ServerName be what you need?
ServerName example.com:80
Iirc it is even suggested in the docs.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
it, there was a great uproar when we suggested getting rid of
mod_asis and mod_imap, which are both essentially unused - so it doesn't
seem to make sense to go thrashing about in code that sees a fair bit of
use.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
to be trimming. I'd just rather not lose mod_rewrite in the
same way as the debugging log level of mod_ssl disappeared,
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
be an idea to make the choice of
digest configurable - I can think of cases where the extra overhead of
a digest with fewer collisions would be worth the extra cycles.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
would be useful for those
modules that doesn't need incubation, but are not quite at a state where
we would want to distribute them? It would probably also make tings easier
for bringing in new committers.
just my kr .02
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
On Tue, Sep 26, 2006 at 11:54:32AM -0500, William A. Rowe, Jr. wrote:
Most lists in the ASF don't do this for many good reasons, but I noticed
which is why I'm -1 to polluting the subject - there's plenty of X-
headers to work on.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water
for a
customer and would much prefer to see it supported ;)
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
On Wed, Dec 06, 2006 at 01:30:26PM +0100, Lars Eilebrecht wrote:
I voted -1 at that time which is a veto.
My opinion hasn't changed and I still think that it is a very
stupid idea to add a feature that allows our users to do
something which is stupid and absurd.
I agree.
vh
Mads Toftum
On Wed, Dec 06, 2006 at 03:45:54PM +0100, Lars Eilebrecht wrote:
So, is that a -1 or -0?
A peanut gallery -1. I feel very strongly about pretending to implement
security measures that does not help one bit.
vh
Mads Toftum
--
http://soulfood.dk
with Dutch things seem pretty silly random idea.
Now that people are talking about waka support and http as a module, D
seems more appropriate than ever.
vh
Mads Toftum
--
http://soulfood.dk
to this article, so it must be true) was
unfortunate, and undesirable.
+1 - I don't think a single users abuse should force us into making a
catch all policy. Part of the price of running a wiki is that you'll
have to deal with abuse from time to time.
vh
Mads Toftum
--
http://soulfood.dk
/httpd/httpd/branches/2.2.x/modules/experimental/mod_case_filter.c
vh
Mads Toftum
--
http://soulfood.dk
think perhaps a directive like SSIProxyURL defaulting to off would be
an absolute minimal requirement to keep unsspecting people out of
trouble.
vh
Mads Toftum
--
http://soulfood.dk
was to get bucket brigedes.
vh
Mads Toftum
--
http://soulfood.dk
think that'd be quite useful (especially going by Justins reluctance
to add it to apr-util which would have been my preferred location).
vh
Mads Toftum
--
http://soulfood.dk
:-).
It is - http://docs.sun.com/app/docs/doc/816-5166/6mbb1kpvk?a=view
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
from the peanut gallery - and it would make a good selling point for
people to upgrade from 2.0.x.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
for quite a while is likely to help along 2.2
adoption.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
CPAN for modules.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
be fairly simple
to handle that at the os level.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
On Wed, Dec 14, 2005 at 12:21:20PM -0800, Paul Querna wrote:
- progname=httpd] )
+ progname=d] )
Looks good although I wonder wether it wouldn't be better to go for
+ progname=D] )
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
alerted him to the fact (they showed up with failing
permissions in a cron job) - at least it is fixed now.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
or scripts rewritten to
something slightly more commonly used than zsh.
If someone were to contemplate making a general version of those
scripts - what would have a reasonable chance of getting accepted? perl?
ksh? C?
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
On Tue, Jan 10, 2006 at 09:51:36AM -0800, Paul Querna wrote:
Python!
Excellent choice - at least that way I won't have to even consider
trying ;)
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
it seems to be
consistently in that line and they started to turn up after our last
httpd upgrade on ajax.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
of open connections (and having a way to decide how many). Making a
provider out of it might be good too - I can sertainly see cases where
other modules might want to make http requests without having to go the
proxy way.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
in apr.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
think there's any 2.2-only features being used on a.o).
That's generally something only done for the latest and greatest - I
don't think 1.3 has been tested that way for years.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
On Sat, Apr 01, 2006 at 11:28:15AM -0800, Paul Querna wrote:
2.2.1, embedding APR 1.2.6 and APR-Util 1.2.6, is available from:
http://httpd.apache.org/dev/dist/
Please Test and Vote on releasing 2.2.1 as GA.
Tests ok on Solaris 10 (U2-beta, sunstudio)
vh
Mads Toftum
--
`Darn it, who
On Mon, Apr 17, 2006 at 02:25:46PM +0200, Jorge Schrauwen wrote:
I've seen a mod_snmp somewhere:
http://www.mod-snmp.com/mod_snmp.html
don't know how if its free and for what version though.
SNMP module for Apache 1.3.x as you can see on www.mod-snmp.com
vh
Mads Toftum
--
`Darn it, who
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
On Mon, Apr 17, 2006 at 10:15:09AM -0700, Garrett Rooney wrote:
Perhaps, but AFAICT infra@ doesn't have this kind of thing lying
around at the moment, so unless someone is going to step up with
hardware people can use it's kind of a showstopper.
Correct.
vh
Mads Toftum
--
`Darn it, who
really like to see the current source stay as it is with mod_ssl
included. If anything, it shouldn't be too hard to produce a patch that
strips out mod_ssl at release time if we want to roll an extra non crypto
version for that handfull of countries.
vh
Mads Toftum
--
`Darn it, who spiked my coffee
of old versions is just like giving people enough
rope...
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
. In particular:
http://developers.sun.com/prodtech/cc/downloads/index.jsp
yeah, it does mention FREE for SDN members - but that's just another
way of asking people to register before downloading.
(helios has been running studio 11 since november).
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water
targeted worms that keep hitting my
apache installs seem to suggest that obscuring the server name will at
most lead to a false sense of security. Besides, if you really care, I'm
pretty sure it wouldn't be all that hard to guess what server it is by
looking at all the rest of the headers.
vh
Mads
of
the participants.
+1 and volunteering to moderate.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
PROTECTED] (or [EMAIL PROTECTED]) and to take end user
questions up with the
module author or [EMAIL PROTECTED] list.
I know that you and Nick follow the list, and I'm pretty sure that other
pmc members do as well (and otherwise maybe me with my member hat on
might do the trick).
vh
Mads
there's more than enough mutilated httpd packages out there to
warrant such a list. Perhaps packagers@ would be better?
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
much further than that (ie. no need to
cover the joys of jarfiles ;)
just my $.02
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
a specific
version, I could see where it would be nice to go the other way and
remove a specific cipher.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
was a mistake on my part - I wanted to say protocol but got
distracted ;)
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
the same by making sure that the date
is more recent on the output files.
Anyone able to elaborate on what these two files are for and wether or
not I really do need to install yacc?
You don't need to rebuild those files, so no need for yacc and friends.
vh
Mads Toftum
--
`Darn it, who
as if the user entered the certificate DN as
user and password as password.
There's an example in my mod_ssl talk from ApacheCon 2004 - see page 19
of http://cvs.apache.org/~mads/ac2004/MO18mod_ssl.pdf
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
with SSLVerifyClient)
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
box):
http://httpd.apache.org/docs-2.0/mod/perchild.html
This module is not functional. Development of this module is not
complete and is not currently active. Do not use perchild unless you
are a programmer willing to help fix it.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water
is too much trouble to be worth
enabling other than when requested explicitly - there's the whole crypto
regs issue and it does link in another lib, which is something that I
prefer limiting to when it is actually needed.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
On Mon, Jun 27, 2005 at 08:05:27AM -0700, Paul Querna wrote:
The ASF has Helios, a quad opteron running solaris 10. httpd has
requested a Zone on there, but one has not been created yet...
Unless I hear any complaints, I'll create a zone later today or
tomorrow.
vh
Mads Toftum
--
`Darn
: );
ERR_print_errors_fp(stderr);
exit(1);
+1 from the peanut gallery.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
,
relatively safe changes and complete rewrites of large chunks of code.
2.0 took very long to settle because it was very much a moving target, I
would hate for the same to keep happening with a 2.2 release.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
is:
SSLRequire committers in PeerExtList(1.3.6.1.4.1.18060.1);
SetEnvIf SSL_PeerExtList(etc) ...
+1 on concept /peanutgallery
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
mod cache requestor
is currently stuck with curl? I wouldn't mind seeing serf or similar
functionality in apr - there seems to be plenty of uses for it.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
to if they want to improve scalability.
big +1 - let's not toss all the cool new features before the release and
get into the same situation as 1.3 - 2.0 having trouble convincing
people that it was worth the upgrade.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
are there, but rather
that they're not clearly marked as experimental?
Then how about grouping the modules in an experimental section of --help
output? Or to take it even further, perhaps a --enable-experimental
flag?
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
to be able to integrate into the existing docs, then
this would be the way to go.
+1 for module usage documentation, anything elshe should be -1^Wstrongly
discouraged. But that said, doxygen is what is already used for the inline
api docs, so that's fine for documenting the functions.
vh
Mads
to
support/ would be useful too, not automating the process as much as some
people has previously argued against, but still keeping the process of
signing certs fairly simple. Whatever we end up with, I'll work on
getting that into our docs before 2.2 is released.
vh
Mads Toftum
--
`Darn it, who spiked
, or by just substituting a - whenever ident is not turned on?
Having a module for it might be a bit overkill though ;)
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
?
Generally I like the idea, but I'm a bit wary about setting a default value
other than unlimited because it could break existing configs. The other
thing I'm not quite sure about is how you would make this work for rules
in .htaccess? (but I may be missing something)
vh
Mads Toftum
--
`Darn
where even more than a couple would be useful. So I'm all for
limiting to 10 (or even 5 for that matter) as long as it will result in an
explanatory message to the error_log (LogLevel debug).
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
, so I'd definetely say it is time to remove them.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
provide a nice compromise between the flexibility of using
httpd.conf to specify each vhost and the speed of vhost_alias.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
On Thu, Jul 24, 2003 at 01:57:26PM -0700, Aaron Bannert wrote:
Where should it be installed? $prefix/lib maybe?
How about $prefix/conf?
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
not think it should
be included mainly because of the dependency on libxml2.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
SSLLogLevel trace weren't.
The purpose is to debug things that might not do exactly as expected, not
just plain error logging.
I didn't like the fact that the ssl log went into the common error log for
just that reason, but to do the same to the RewriteLog would be even more
of a PITA.
/rant
vh
Mads
, and that RewriteLog does
not have any uses on a production server. So I agree to this patch in
concept (even if I can't help hoping that this is something that will not
be turned off in binary distributions).
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
this is that Rewrite logging makes for a nasty
performance hit - so if anything, then at least make this happen only
with an AllowOverride.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
, but it is ready for a review now...
Excellent! This has been sorely missed - I agree that you should just
commit it as it is.
vh
Mads Toftum
--
Speaking at ApacheCon 2003 - http://ApacheCon.com/
T03, Apache 2 mod_ssl tutorial (3h)
WE03, Troubleshooting Apache configurations
WE11, Apache
for - http://www.bestpractical.com/rt
An example is http://rt.cpan.org
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
more than an hour).
vh
Mads Toftum
--
With a rubber duck, one's never alone.
-- The Hitchhiker's Guide to the Galaxy
there was a reminder from the makefile after having
built the server was also nice.
vh
Mads Toftum
--
With a rubber duck, one's never alone.
-- The Hitchhiker's Guide to the Galaxy
and mod_ssl it would be
really nice if they were a bit closer to production quality before
apache 1.3 was closed down. Actually waiting for something like
more than 1/3 of the apache installations to be apache2 would be
nice IMHO.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water
.
Secondly, mod_ssl _is_ production quality.
I'm not sure that I agree - loads of fixes has gone in since 2.0.35
and both the MAJOR CHANGES and the TODO lists are rather long. It
did not get nearly enough testing before the release IMHO. And the
SSL docs need an overhaul too.
vh
Mads Toftum
DEFAULT_SCOREBOARD=logs/apache_runtime_status
-D DEFAULT_LOCKFILE=logs/accept.lock
-D DEFAULT_ERRORLOG=logs/error_log
-D AP_TYPES_CONFIG_FILE=conf/mime.types
-D SERVER_CONFIG_FILE=conf/httpd.conf
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
not consider what will
probably take the shortest time - stabilizing this new bit of code or getting a new
release rolled. If a new release is likely to happen within a couple of weeks, then
wait a bit - otherwise go ahead and get it in there.
vh
Mads Toftum
--
`Darn it, who spiked my coffee
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
for ssl_expr_parse.h and ssl_expr_scan.c also.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
would be really
nice, especially because the only binaries that I can find are apache 1.3.12 on
sunfreeware and a 2.0.39 in dist/httpd/binaries/solaris/. Not that I mind rolling my
own packages, but we might help people move to 2.0 faster this way.
vh
Mads Toftum
--
`Darn it, who spiked my coffee
sense in a perlified version as part of
the test code.
vh
Mads Toftum
--
http://soulfood.dk
similar but much more complex (?).
Yes. Being able to check a URL seems more useful than plain ping.
Even more useful would be recording the time a backend takes to answer a
request and using that to distribute requests.
vh
Mads Toftum
--
http://soulfood.dk
On Tue, Feb 19, 2008 at 09:30:30AM -0500, Jim Jagielski wrote:
I propose mod_domain to match the IANA port number
assignment.
Seems more confusing than mod_named.
vh
Mads Toftum
--
http://soulfood.dk
the overhead of
maintaining yet another branch? tbh. I'd much rather see work going
towards 3.x ;)
vh
Mads Toftum
--
http://soulfood.dk
? the whole 2.x bunch or?
just my $.02
Mads Toftum
--
http://soulfood.dk
Theo just announced dtrace probes for httpd:
http://www.opensolaris.org/jive/thread.jspa?threadID=59306tstart=0
I wouldn't mind seeing those (or something similar) make it into trunk.
vh
Mads Toftum
--
http://soulfood.dk
On Wed, Aug 20, 2008 at 02:08:02PM +0200, Jorge Schrauwen wrote:
I like the idea of using --with-SNI and labeling it as experimental.
Yeah, good way to move forward.
Maybe leave it of by default though?
absolutely. It would seem rather odd to turn on experimental by default.
vh
Mads Toftum
provider is simply not designed for that as is evidenced by its poor
usability under those circumstances.
Agreed. The pid provider alone is not nearly as useful as the patch frm
OmniTI.
vh
Mads Toftum
--
http://soulfood.dk
the To: rather
than adding yet another clumsy workaround for gmail oddities.
vh
Mads Toftum
--
http://soulfood.dk
fine
for ages.
vh
Mads Toftum
--
http://soulfood.dk
1 - 100 of 122 matches
Mail list logo
