on this and the attached patch?
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
Index: include/httpd.h
===
--- include/httpd.h (revision 579662)
+++ include/httpd.h (working copy)
@@ -233,6
on the milestone of closing all
diagnosed protocol violations in mod_proxy (excluding cache).
I expect to be in a position to post a roadmap to that
milestone within the next couple of days.
I believe today's fix to PR13986 is also a proxy protocol fix
(PR16139), but that remains to be tested.
--
Nick
:
* cross-reference the above to existing reports in
Bugzilla, and update PR43454 to track fixes.
* Hack up something to extract an Executive Summary
from Co-Advisor reports.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
at 2.2.4 till there's a 2.2.7 ready to fly.
That's a valid option (I'm on 2.2.5 for my live server). But choice
is a Good Thing, and Steffen is offering it to his users.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
On Tue, 18 Sep 2007 15:01:33 +0530
rahul [EMAIL PROTECTED] wrote:
Hi,
[Nick Kew:]
...
| PR#35256 (which I was on the point of entering anew when I
| found it). The simple patch to 35256 fixes the specific
| instance of un-breaking AllowEncodedSlashes, but what proxy
| could use
companies to log the originating port of all traffic.
Is there a reference for that legislation, and whatever debate there
was surrounding it? As in, what do they expect to gain from it?
Any feedback is appreciated :)
Looks harmless, and evidently adds value for you.
--
Nick Kew
than
tracing death-threats or naughty pictures back to the last
anonymiser or zombie in their path. If governments are
doing that, it'll just induce botnets to randomise a
bit more, or mimic patterns of legitimate users.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
dynamically in a useful
manner is going to be a complex job that should probably
have its own separate module, based on a reslist and a
usage-counting strategy to drop little-used workers.
Or something like that.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http
, a worker management module
will be a useful optional extra for both to have.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
On Sun, 9 Sep 2007 01:21:29 +0100
Nick Kew [EMAIL PROTECTED] wrote:
PR 41798 and many related ones (eg 39746, 38980 - both of which I've
closed today) show a history of incorrect URL-unescaping in mod_proxy.
Since then I've found several more duplicates in bugzilla.
Furthermore, it's
the bug I'm looking to fix.
The reverse proxy (gateway) is just an origin server with a
stupid name -- it must send a redirect if it makes the above
change to a URI.
That would then be handled at the uri_decode stage, before
mod_proxy ever looks at it.
--
Nick Kew
Application Development
pot-luck with a student. But you're unlikely to prompt anyone
into developing it from scratch unless they themselves have an
existing need for it.
[1] http://apache.webthing.com/
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
, and eliminate any duplication.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
for others, but I simply missed it.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
An application that understands tar may unpack that.
Does a Content-Disposition header help with IE7?
And would it help browsers if we supply a Content-MD5 header?
--
Nick Kew
? If a rewriterule[P] enables backends
to be derived from the request URI, then you're creating unlimited
numbers of workers, which may never be used. Where are the limits
on that?
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
be inviting people to break RFC2616 and caching.
Can you not achieve the same thing by removing the unwanted
vary entry with mod_headers' Header edit?
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
about using apr_pstrndup instead?
Indeed.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
loop and modified it as above.
As for running past a \0 (which would imply a malformed input stream),
the caller expects a string, so the first NULL will terminate it
either way. Also either way the terminating condition is the
APR_ASCII_LF, or an input error.
--
Nick Kew
Application Development
On Sun, 09 Sep 2007 11:25:26 +0200
Ruediger Pluem [EMAIL PROTECTED] wrote:
On 09/09/2007 02:21 AM, Nick Kew wrote:
PR 41798 and many related ones (eg 39746, 38980 - both of which I've
closed today) show a history of incorrect URL-unescaping in
mod_proxy.
For PR41798, the attached
On Sun, 09 Sep 2007 22:00:25 +0200
Ruediger Pluem [EMAIL PROTECTED] wrote:
[chop]
Thanks for the analysis. It's the insights I was looking for
together with some points I'd argue. But I need to give it more
think-time before proposing a revised patch.
--
Nick Kew
Application Development
.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
Index: modules/proxy/mod_proxy.c
===
--- modules/proxy/mod_proxy.c (revision 573827)
+++ modules/proxy/mod_proxy.c (working copy
of last year ;-)
Talking of which, a grep finds some more instances of 2006.
Some interesting instances are ap_release.h, and common.xsl
from whence it propagates to every page of documentation!
I've taken the liberty of updating them in 2.0 and 2.2,
as well as trunk.
--
Nick Kew
Application
,
+ URI cannot be parsed: , url, NULL));
The second arg to ap_pstrcat is presented as a new arg to ap_proxyerror.
The old formatting was better.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
.
But if you're relying on that, it points to a problem in your
design. Though in that case, you can still set r-status and
return APR_EGENERAL, and hope the content generator (which is
in control) does what you want.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http
if (in the absence of
any objections here) I haven't applied it in 24 hours.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
of keeping a record of changes likely to affect many users, and
perhaps ship a 2.2-compat configuration? Our CHANGES is a
detailed record that few will have the stomach to read, and could
perhaps use an executive summary (GOTCHAS?)
--
Nick Kew
Application Development with Apache - the Apache Modules
...
Maybe put out the announcements together, with 2.0 availability
delayed briefly due to issues with the bundled APR.
(Life would be so much simpler if dependencies were separated).
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
.
--
Nick Kew
instead of hdrs2. This sounds wrong to me.
Good catch yet again. Dammit, I need a break.
Just fixed in r563803.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
to recent discussion, in particular
http://marc.info/?l=apache-httpd-devm=118622934222115w=2
and take a look at mod_deflate in /trunk/ and STATUS in 2.2.
Any thoughts there?
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
that is correct. If the filter cannot adjust content-range
appropriately it should either do nothing or fail, I'd say.
Yep. That wants another patch, which I'll be happy to do.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
by merging headers at the point
where the first data are passed into the output chain.
Looking to 2.4, any strong reason we shouldn't dispense with
r-content_encoding and let mod_mime friends set the header?
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http
On Mon, 6 Aug 2007 14:10:10 -0700
Roy T. Fielding [EMAIL PROTECTED] wrote:
On Aug 6, 2007, at 1:10 PM, Nick Kew wrote:
PRs 23287 and 42993, and recent discussion here, show up some
issues with handling Content-Encoding. Specifically regarding
mod_deflate, but also relevant to any other
(or ???) not taking forever?
[1] excluding the last chunk, which is already in /trunk/
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
session management
to database operations (i.e. design what you need to do), then
code it.
[I presume you have a need for serverside session information
to be shared across all workers, or you wouldn't have asked.]
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http
for, but a function registered
with ap_hook_monitor will be polled in the apache parent process.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
the input filter - I didn't
plan to think through the extra complexities in the output:-)
If it'll get your vote, I'll change all three filters to remove
themselves and log a warning if called with a byterange. But that
feels to me like a separate patch.
--
Nick Kew
Application Development
nothing or fail, I'd say.
I agree with this. See my additional mail from today.
And mine.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
On Thu, 2 Aug 2007 19:16:16 -0400
Joshua Slive [EMAIL PROTECTED] wrote:
On 8/2/07, Nick Kew [EMAIL PROTECTED] wrote:
As for 2.x bugs, there are quite a few which are going to be
harder to deal with. Perhaps we want a new Archived status,
for PRs which have merit but which aren't going
, and unload
when apache shut down ?
http://www.apachetutor.org/dev/pools
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
was an old one
that's been languishing in bugzilla.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
(also from having no recollection of ever having seen more
than one token in a real-life Content-Encoding).
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
them with
apr_pool_cleanup_register as soon as you create the doc.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
now, so an update will have to wait:-)
Thanks,
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
/,
are you sure this patch is compatible with 2.2?
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
.
OK, good. That tells me *if* I find time to look at it,
that time won't be wasted.
Nevertheless, a 2.2 patch (maybe at people.apache.org/~rederpj/)
would perhaps make it easier to review?
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
to help with this off-list, that would be great to avoid pestering
here :)
It's your question that I find hard to decipher.
But from what you've said elsewhere, I wonder if mod_ssl or mod_deflate
might be a model for what you're doing?
--
Nick Kew
Application Development with Apache - the Apache
and a rewritemap. I've recently had a similar issue
with another module, which started life using match rules defined in
httpd.conf, then grew to derive them from rewritemap+dbm. Worked
fine until it constructed a match-rule from a corrupted database entry.
--
Nick Kew
Application Development
, and really belongs on [EMAIL PROTECTED],
not here, as it's entirely an APR decision.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
. Against it is the complexity.
AFAICS we still have the potential issue in the /trunk/ code where a
connection
goes stale and prepared statements need to be recreated. I have a
proposal
for that, but it would be good to sync trunk with 2.2 first.
--
Nick Kew
= '\.(' . join('|', @srcs_extensions) . ')$';
+my $srcs_regex = $ENV{'APXS_SRC_EXT'}
+ ? \. . $ENV{'APXS_SRC_EXT'} . $
+ : '\.(' . join('|', @srcs_extensions) . ')$';
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http
:-)
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
me) are not so sure what the idea behind it
is.
To give the workers time to finish serving current requests rather
than aborting them.
We're open to patches if you have a better design.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
On Sat, 07 Jul 2007 05:44:27 -0400
Tom Donovan [EMAIL PROTECTED] wrote:
Nick Kew wrote:
On Fri, 06 Jul 2007 18:37:07 -0700
Matthew Kent [EMAIL PROTECTED] wrote:
think its the mysql_ping reconnection clobbering the prepared
statement
used in mod_authn_dbd.
Buggrit. I can't
as the mod_deflate code
is a usage example.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
note, dropping it in as a subproject would
improve visibility and get it under version control.
/me puts look at this on his todo list.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
in future)?
What problem does it solve?
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
be solved by documentation.
Maybe not quite as simple, but when the alternative is accepting
new connections whilst running as root.
And if you really want it to be that simple, a solution would be
to create a pre-packaged distribution that uses cgi+suexec to serve
static files.
--
Nick Kew
on debian/ubuntu presents
problems, at:
http://www.regdeveloper.co.uk/2006/11/04/apache_packages_support_vacuum/
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
like fastcgi?
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
support, but I suspect
he does. He certainly has a lively Apache/Windows community
and offers free downloads of Windows binaries of Apache itself
and popular third-party modules.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
, where are they created?
If you ignore me, I'll be happy to ignore you.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
passwords in plaintext
because [... make your case here ...]. If you convince
people it adds value, then maybe we'll adopt it.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
they might be otherwise.
Second, I
don't know anything at all about perl,
In that case, scrap the idea of using it to prototype this.
The great virtue of perl's taint checking is that it will simply
refuse to run mail without securing your call to it. That
makes it a great teacher!
--
Nick Kew
that *should* go in.
PR#39710 is simple enough to review, and another release without
fixing that would be a huge WTF??? I'm also part way through
reviewing Chris's mod_dbd rewrite. It's clearly an improvement on
what we have, but getting three +1s by the weekend seems optimistic.
--
Nick Kew
Application
of the regulars
can help improve it for everyone?
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
;
+}
+
+return ret;
+1 as a practical fix.
For the wishlist: review whether we can do this more cleanly by making
ap_meets_conditions set r-status instead of returning a value (as in,
declare it void and see what breaks:-)
--
Nick Kew
Application Development
really don't know when I'll have any time for that.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
exist (it was never set up), so this fails. This patch
should fix all that (or so I hope :-).
Obviously, against 2.2.x branch.
Thanks. I've just reviewed both patches, and added them as an
attacment to PR#42327 and a proposal in STATUS.
--
Nick Kew
Application Development with Apache
On Thu, 10 May 2007 10:02:12 -0700
Chris Darroch [EMAIL PROTECTED] wrote:
Nick Kew wrote:
Thanks. I've just reviewed both patches, and added them as an
attachment to PR#42327 and a proposal in STATUS.
I apologize for joining this thread a little late. I know it's
more complicated
://issues.apache.org/bugzilla/show_bug.cgi?id=39329
It was left open for more reports to come in (what variant of the fix
will work best, etc). But it wants revisiting.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
would break something?
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
reason why it's preferable to use LoadFile to
load your libraries, rather than link them in.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
support, and a call to mysql_ssl_set().
If anyone test-drives that and can confirm it works, it would be
great to patch apr_dbd_mysql to support this within Apache DBD.
From the mod_dbd perspective, this could be an additional
optional argument to DBDParams.
--
Nick Kew
Application Development
a fix, can we just
apply the patch (which reverses r231167)?
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
in a filter, and
maybe look at existing input filters such as mod_upload.
If your purpose is to parse POSTed (or PUT) XML, then you don't
necessarily want an input filter: you might also parse it in the
handler.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http
of such a module ?
Sounds like you want a streaming SAX-based filter. There are several
at http://apache.webthing.com/ (my company site). For XML, you'd want
mod_publisher or mod_xmlns.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
it isn't.
Your reading of the RFC is correct but irrelevant. The semantics of
Location are (like Directory) based on path components.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
post, which hinted at a naive and unreliable filter.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
. How would one
go about doing that in a C module? Are there any examples?
... and I don't know what it refers to as an SSI handler (I expect
a primitive mod_include alternative).
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
On Mon, 9 Apr 2007 11:08:55 -0400
Jeff Trawick [EMAIL PROTECTED] wrote:
On 4/5/07, Nick Kew [EMAIL PROTECTED] wrote:
On Thu, 5 Apr 2007 10:04:19 +0100
Joe Orton [EMAIL PROTECTED] wrote:
I agree that the intended behaviour of the original code was
intuitively correct, only = 400
. As in an HTTP/1.0
request without a Host: header.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
explain what information
you want is actually being lost in a forward proxy (if indeed
that is your underlying problem)?
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
than an On/Off flag, and checking
r-status conf-error_override
That way we'll get existing behaviour with it set to 300 (so we
can alias On to that), and get the behaviour you want with 400
(which could perhaps be given another alias).
Any objections to that?
--
Nick Kew
Application
at
http://www.apachetutor.org/dev/pools
but I suspect you've figured most of it out already.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
are the same as in ErrorDocument
(which is, after all, what you're invoking with ProxyErrorOverride).
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
Thanks.
Bug me if I don't get around to reviewing/applying it.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
is in the /include directory. Use doxygen
to generate a prettified version of it.
If you want a more general overview with narrative and examples,
follow my signature.
And for future reference, the modules-dev mailinglist is probably
your best place to post.
--
Nick Kew
Application Development
On Mon, 26 Mar 2007 17:34:45 +0100
Torsten Foertsch [EMAIL PROTECTED] wrote:
On Saturday 24 March 2007 13:53, Nick Kew wrote:
Thanks for persisting!
Thanks for applying the patch. I have marked the bug as fixed.
I was leaving that for when it gets into the 2.2.x tree,
lest someone else
?
no.
But bear in mind the exact details may vary between MPMs.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
of the same error,
and is unfixed!
Thanks for persisting!
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
On Sat, 24 Mar 2007 09:11:46 -0700
Justin Erenkrantz [EMAIL PROTECTED] wrote:
On 3/23/07, Nick Kew [EMAIL PROTECTED] wrote:
I'm developing a DBD-based DAV backend.
I've been trying to use lazy evaluation for efficiency.
But there are obstacles in the way.
I've just added an SQL
towards a possible review of mod_dav.
Meanwhile, anyone BTDT and have insights to share?
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
of a public API). If you can find a round tuit for
making that jump from specific to generic then great, but until then I
think we should welcome alternatives into the ecosystem. This one has
a simple, clean-ish API and looks pretty easy to work with.
--
Nick Kew
Application Development
On Wed, 21 Mar 2007 22:59:41 +0100
Helmut Tessarek [EMAIL PROTECTED] wrote:
Hi everybody,
Nick Kew suggested that I should post my findings and ideas regarding
the DBD framework, APR and caching.
Indeed. I think we stand to gain insights, and perhaps also code,
from discussing it here
On Thu, 22 Mar 2007 17:16:03 +0530
Akila Amarathunga [EMAIL PROTECTED] wrote:
Hi All,
You're on the wrong list. The users list is thattaway.
I really appreciate if some one can help me out here..
http://www.apachetutor.org/admin/reverseproxies
--
Nick Kew
Application Development
module's server config.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
801 - 900 of 1431 matches
Mail list logo