of issues, including for us potentially breaking case-insensitivity rules in
matching
hostnames, and perhaps other configuration matters. What happens if we make
locale a configurable parameter for hostnames and use strcasecmp_l?
--
Nick Kew
On Thu, 17 Dec 2020 17:31:20 +
Nick Kew wrote:
> > On 17 Dec 2020, at 16:22, Joe Orton wrote:
> [chop]
> Thanks for prompting me to take a proper look at where this thread
> started.
Further thought: anything hardwired will come up against future
use cases where i
> On 17 Dec 2020, at 16:22, Joe Orton wrote:
>
> On Wed, Dec 16, 2020 at 07:41:59PM +0000, Nick Kew wrote:
>>> On 16 Dec 2020, at 17:47, Yann Ylavic wrote:
>>>> Wouldn't this stop matching "application/xml" for instance?
>>>>
>>>
x = strstr(ctype, "xml"))
>|| x == ctype || !strchr("/+", x[-1])
> || apr_isalnum(x[3])) {
> ?
Be liberal in what you accept. You can limit it further in configuration,
but you can't override a hardwired check.
It certainly needs to operate on text/html for mod_proxy_html, and users might
find reasons for running it on other text types as an alternative to an iconv
filter like mod_charset(_lite).
--
Nick Kew
oduce something RH and later
commit it to trunk? If so, would you want to preserve the
vendor number or just reassign a new one?
No strong views, but if pressed I'd +1 to Stefan's suggestion.
Simple, and something you can do without touching our repos.
--
Nick Kew
r own input filter module.
That is, if I've understood you aright?
--
Nick Kew
I'd consider hooking it earlier in the request cycle, or into mod_proxy
instead. How does mod_proxy_fcgi fit your vision?
--
Nick Kew
your
module will continue to work with (at least) future 2.4.x
releases. That give you C or any language with C linkage.
If you deviate from the API, you're on your own.
Alternatives that (broadly speaking) wrap the C API are also
possible: see for example mod_perl and mod_lua.
--
Nick Kew
any insights you don't, but I'll be happy to take a look.
That could be this evening.
--
Nick Kew
ing like an @CHANGES tag in
a svn commit message?
--
Nick Kew
t;from" Gitbox and without meaningful
subject lines just provokes [select all] --> delete.
--
Nick Kew
A first-pass implementation might be for the Location directive
to issue a warning if it matches a directory in the filesystem.
--
Nick Kew
-apr
Not something I'd try with a non-release version. Decide what apr you
want (either trunk or 1.x should work), install that first, then use that to
build your httpd.
--
Nick Kew
> On 7 Oct 2019, at 15:06, Daniel Gruno wrote:
>
> On 06/10/2019 17.59, Nick Kew wrote:
>>
>> OK, I've just dug up an example in an Apache/Github project. A simple
>> renaming
>> of a source file, that with "svn mv" would have preserved history,
> On 6 Oct 2019, at 04:06, Daniel Gruno wrote:
>
> On 05/10/2019 19.30, Nick Kew wrote:
>>>
>> If it moves to github, how and at what level is history preserved? Github
>> can do
>> alarming things with history even for a project that's always been ther
at's not best-of-both-worlds, why not?
--
Nick Kew
t in general terms, that sounds like the kind of thing that could comfortably
be implemented as a module. Is that your plan if you don't find an existing
implementation?
--
Nick Kew
nterest, is that with a libxml2-enabled APR version?
Guess I need to test-drive that on Mac/latest, which has bitten me
on similar platform issues before now!
--
Nick Kew
nt out that there's nothing wrong with the existing stuff.
If I were to refactor the error messages, I'd be looking to take all remaining
actual HTML out of the server itself, and into documents (or templates) under
the control of the sysop.
(And I wouldn't touch your indexhtml with a bargepole)!
--
Nick Kew
bombed on me. Unlikely to have
time to dig into that before at least Friday, so no vote
likely unless you leave it open all week or thereabouts.
--
Nick Kew
module (or equivalent), but you'd use configuration to determine
when it should or shouldn't be invoked to process a request.
--
Nick Kew
s, however, as task that's been done in open source
code you can look at, or perhaps use instead of reinventing
their wheel. Either Ironbee or mod_security will scan a
request body for you.
> btw, Nick I bought your book - it was a great help :)
Thanks :)
--
Nick Kew
} while (!end && (status == APR_SUCCESS));
>> if (status == APR_SUCCESS) {
>> return DECLINED;
>> } else {
>> return HTTP_INTERNAL_SERVER_ERROR;
>> }
>> }
Minor tip there: you're turning EAGAIN into a fatal error.
--
Nick Kew
nt stringcmp(const char *a, const char *b, unsigned int flags)
where flags would control behaviour such as case-independence,
and equivalence over URLencoding, HTML encoding, HTML entities,
and whatever else someone might like to support (maybe integrate
with locale too?).
Anyone know of such a thing?
--
Nick Kew
processing a request URL, it's processing contents
in the response. Contents destined, and encoded, for a HTTP Client.
The resemblence is entirely coincidental. To align the behaviour
on grounds of consistency would seem to me misleading!
--
Nick Kew
What is the right thing to do?
I prefer to leave it to server admins to find the match that works for them.
I don't recollect this particular question ever arising in 15 years, which
kind-of
suggests users are not confused by it!
--
Nick Kew
up if a proposal seemed likely to cause them real difficulties.
So open discussion here *should* provide a reasonable level of engagement
with our distributors.
—
Nick Kew
s with a more complex process.
Sorry if the above is negative. I promise to try and contribute
a positive suggestion!
—
Nick Kew
’d never attempt to take a lead, not
least because potential conflict-of-interest with my publisher’s copyright.
—
Nick Kew
e
evangelism
still has momentum. Insofar as we care about market share, we could respond in
kind,
preferably avoiding the wilder fringe.
—
Nick Kew
UD.
Come to think of it, from memory of developing nginx modules, their
error message framework looks a lot like ours. It's in english too.
Though I never delved into its internals.
—
Nick Kew
what you refer to is the latter, it’s natural for any incumbent market-leader
to feature in such unflattering comparisons, while challenger communities
have more tendency to be evangelical. Though nowadays nginx should be
up there with us on the wrong side of challenger comparisons!
—
Nick Kew
s.
I’m not saying you’re wrong: in fact I think there’s merit in the proposal.
But it would need a considered roadmap from here to there.
—
Nick Kew
text and highlight them.
OK, it’s an overhead, but error pages are small.
A sysop could of course have the option to disable it.
—
Nick Kew
ewriteRule [P] in htaccess isn't anywhere near "screwed up".
I disagree. .htaccess has no business enabling a user to
access server resources outside his/her own directories.
AllowOverride Fileinfo is a mess of largely-unrelated stuff,
as pointed out by (IIRC) Jacob in the earlier discussion.
--
Nick Kew
d and the
reporter agreed that it could be brought to dev@).
--
Nick Kew
d and the
reporter agreed that it could be brought to dev@).
--
Nick Kew
not-bugs in the bugzilla count. Maybe we could deal
with those with a new RESOLVED category (RESOLVED-PATCH?) and update the
docs to invite users to search patch-bugs?
—
Nick Kew
noying (even scary) Warning
in 2.4, and see what reactions that brings.
--
Nick Kew
tags in a manner similar to what the OP seems to
envisage, and mod_proxy_html which uses a markup-aware parser
that feeds each <...> as an event to your registered callback.
Either of those modules would be a startingpoint to look at.
--
Nick Kew
rom 2.0 days of hacking some ugly workaround, though the
details elude me. But wouldn't it make more sense to review that
in 2.5/trunk rather than the stable branch?
--
Nick Kew
s.
So why not KISS and stick with that fallback for all 2.4?
--
Nick Kew
oblem (perhaps due to a bug outside your control),
issue a blocking call to your own upstream and don't return
anything until you have data (or EOS).
Or if I were working around a bug in closed source, I might
try inserting a placeholder such as an empty data bucket.
--
Nick Kew
s or AllowOverride? Things that looked
like a good idea at the time but led to all sorts of issues as the
server evolved!
OK, perhaps that's unduly harsh: this will be less problematic to
maintain. Are you enumerating cases?
--
Nick Kew
, or my blog article at
https://bahumbug.wordpress.com/2017/04/27/pretty-good-phishing/
--
Nick Kew
roll.
Sorry, interest may be slow rather than absent altogether. It's on
my to-do list to check this out, paying more attention than usual
to build defaults that might live on for a long time.
--
Nick Kew
re:
> https://bz.apache.org/bugzilla/show_bug.cgi?id=61179
> https://bz.apache.org/bugzilla/attachment.cgi?id=35048
That's exactly the right place.
At first glance, patch looks interesting, and I'm minded to
adopt (some version of) it for trunk. Though I think I'd
default it to 0 (off) rather than your 255. Any other views?
--
Nick Kew
ommit
policy to the project as a whole? Surely the CTR is in
recognition of its experimental status, to lubricate the
process of hacking it into shape.
--
Nick Kew
apr-util with pgsql! Or use your distro package.
This confusion is one more argument for unbundling apr/apr-util
from httpd!
--
Nick Kew
gt; -Tom
What does your config.log say about it?
If it's all greek to you, post it along with your config.nice
to a pastebin and bug me or someone to take a look.
--
Nick Kew
y your options?
--
Nick Kew
SON parsers: when I last looked,
each had its own data models at a higher level than could be usefully unified.
But I’m open to persuasion.
I did some work on this, albeit for a subset of JSON required by a particular
project.
I’ll try & dig that up, to see if there’s anything worth salvaging.
—
Nick Kew
n run something ahead of mod_ssl getting in to a connection.
Not sure if that actually leads anywhere useful. Just a thought,
if you haven't already tried it. Your main problem is that you
have a hack that shoehorns vhosts in where they don't belong.
--
Nick Kew
sions. Apache HTTPD,
along with other web software, is being updated to the new
standard.
Unsafe should get you legacy behaviour unless the docs and
CHANGES say otherwise. If you're getting discrepancies,
that's probably worth a bug report.
--
Nick Kew
ign? Say, a
bucket that serves data from a static file by seek/read,
just to see how it behaves in different configurations
and whether you can make the architecture work for you?
--
Nick Kew
d file for the benefit
of future byterange requests.
--
Nick Kew
rror message you need!
--
Nick Kew
hat
I needed to add. I have an idea something may have been needed in
both mod_proxy and mod_proxy_http. It certainly gave rise to issues
with how to document it without a major reorg. Envvars offered a
straightforward workaround.
--
Nick Kew
to apache.
> [ mod_proxy_protocol.c ]
> Copyright 2014 Cloudzilla Inc.
If that's in our svn, it should probably have another line
asserting Apache copyright alongside that one. As in,
for instance, mod_proxy_html.
--
Nick Kew
it - becomes hopelessly inefficient for large requests.
There's some discussion of the issue in the mod_proxy docs,
as mod_proxy has an option to support HTTP/1.0 backends that
need an explicit Content-Length.
--
Nick Kew
cgid were found (nonsense: mod_cgid.so
is in its expected place in /modules/ ). Looks like some gremlin
in the test suite, plus running those tests when CGI tests had been
skipped.
--
Nick Kew
On Sat, 17 Dec 2016 18:35:22 -0600
William A Rowe Jr <wr...@rowe-clan.net> wrote:
> On Dec 17, 2016 17:22, "Nick Kew" <n...@apache.org> wrote:
>
>
> Got some test errors with the new stuff. Investigating.
>
> Test Summary Report
> ---
On Sat, 17 Dec 2016 23:21:09 +
Nick Kew <n...@apache.org> wrote:
> Got some test errors with the new stuff. Investigating.
>
> Test Summary Report
> ---
> t/apache/http_strict.t(Wstat: 0 Tests: 78 Failed: 5)
> Failed tests: 72-75, 77
20.56 csys = 112.71 CPU) Result: FAIL
Failed 2/103 test programs. 5/2623 subtests failed.
[warning] server localhost:8529 shutdown
[ error] error running tests (please examine t/logs/error_log)
--
Nick Kew
format.
>
> Thoughts...?
Ideally that should be the job of an output filter.
If mod_status were to generate a single standard-ish
format, like JSON or XML, a general-purpose filter
could generate other formats.
--
Nick Kew
round both here and in the area
upstairs several times this morning. No sign of any
coordinated hacking, except the inevitable infra huddle.
Am I just missing some (other?) hackathon area where you're
all gathered?
--
Nick Kew
ou use for that?
What happens if you build everything yourself,
or alternatively use everything from the distro?
Where's the traceback from your segfault?
--
Nick Kew
n MUST be absolute.
Though in practice, there was a lot of confusion,
with the CGI spec - and hence serverside apps -
permitting the relative semantics. Seems recent
HTTP came into line with CGI on this one.
--
Nick Kew
s a crash,
* and error handling won't help.
*/
foo = apr_palloc(pool, sz);
--
Nick Kew
e" there may help by marking it as
low-hanging fruit.
--
Nick Kew
g
then you have a good model. If not, you learn lessons from it.
Either way, thanks for posting to tell us about your project!
As Jacob points out, the modules-dev list is a good resource
for technical help. It's low-traffic, but still populated by
a fair few people willing and able to help.
--
Nick Kew
who's hacked it.
So mod_h2 could safely deal with protocol filters. Or by
extension could explicitly set a flag to trigger a core
change as per this patch.
Does this merit that level of hack?
--
Nick Kew
ispense with entirely. As a compromise it was re-implemented
within mod_filter, where it could co-exist with other dynamic
filter configuration.
Your observation tells us the semantics aren't quite compatible.
And your patch looks good - thanks.
--
Nick Kew
On Thu, 3 Dec 2015 12:23:24 -0600
William A Rowe Jr <wr...@rowe-clan.net> wrote:
> On Thu, Dec 3, 2015 at 10:32 AM, Nick Kew <n...@apache.org> wrote:
> Yup, and I'm not proposing to eliminate the mechanism, I'm proposing
> that the existing 'core' subset be codified in fewer
t
> all). And along with cleaning up the httpd 2.next API, and i18n of
> error output which I am continuing on first once the mod_ssl issues
> for mod_ftp are resolved (my current project).
Hmmm. There's some nice-to-have in there, but it also sounds like
a big hack.
> Last thought
strong trust.
Just a thought.
--
Nick Kew
ly easier than that. Before investing in
new development, consider:
- Could you hook your notification into regular piped logging?
- Would regular logging through an API like syslog or spread
serve (there are third-party modules for those).
- Would a security-oriented tool like Ironbee be complete overkill?
--
Nick Kew
e for anyone interested.
Our bugzilla would serve, as would somewhere else you
publish from, like github or a personal site.
--
Nick Kew
s don't just fall through the gaps and get ignored?
--
Nick Kew
On Fri, 23 Oct 2015 15:22:27 -0400
Eric Covener <cove...@gmail.com> wrote:
> My opinion is to make it opt-in before the next 2.4, but I am not
> committed to that.
Hehe. I was leaning towards introducing separate vars for
full URL and fragment. But your patch looks good to me.
--
Nick Kew
mod_charset_lite.
>
> So basically mod_xml2enc will detect the incoming encoding (whatever it may
> be)?
I suggest instead of debating here, take a look at it.
Start with the docs, and then move on to the code if necessary.
--
Nick Kew
d over the years and test-driven on a wide
range of scripts, including non-Latin charsets such
as Russian/Cyrillic and Arabic.
--
Nick Kew
option would be to overhaul that.
Note, mod_transform is GPL. Originally my decision when I released
its earlier predecessor, before I was part of the dev@httpd team.
I'd be happy to re-license it as Apache, and I don't think
any of my co-developers would object.
--
Nick Kew
pping the ball on it. IIRC the outcome was,
they were both happy to re-license, but there had also been one
or two third-party patches raising a questionmark over whether we
should consult anyone else.
Cc: Paul. Do you recollect that? You still in contact with Edward?
--
Nick Kew
of course honourable mentions to other developers
such as your good self.
--
Nick Kew
uld perhaps
review bugzilla workflow (IMHO a weakness in how we
work now) at the same time?
--
Nick Kew
g like C comma-list syntax?
But I expect the line of least resistance would be to use
plain regexp rather than expr.
--
Nick Kew
On Thu, 2015-10-01 at 13:32 +0100, Nick Kew wrote:
> > Header set X-USER "expr=%{REMOTE_USER} =~ s/([^@]*)@.*/$1/"
> But I expect the line of least resistance would be to use
> plain regexp rather than expr.
Come to think of it, using regexp that looks a lot like:
some might say mod_perl or mod_rewrite).
> >>>> Header set X-USER "expr=%{REMOTE_USER} =~ s/([^@]*)@.*/$1/"
One further thought there that might be easier to work,
or a staging post on the way to your goal:
X-USER = $_
# (or whatever backref syntax you prefer).
--
Nick Kew
to another
+ patch.
Agreed it comes from existing code, but I wonder if its meaning and purpose
haven't got lost since it was originally written?
I'm +1 if that's either removed or if the comment clarifies what
actual case the TODO would be dealing with.
--
Nick Kew
a new one. Or other
configuration variants.
--
Nick Kew
any royalties
payable to the ASF. In the case of an entirely new work,
there'd be no such strings attached, but it would
probably be inappropriate for me to take a coordinating
role or to contribute material from the old book.
Anyone interested?
--
Nick Kew
.
New directive as per Yann's suggestion? Maybe, but perhaps OTT.
If so, it would be good to make it 2.4-only and keep trunk pure.
And add it to upgrade notes!
--
Nick Kew
-of like asking us to concern ourselves
with the nuances of ext2/3/4 vs XFS vs JFS vs ZFS vs NTFS, etc.
We are agnostic.
--
Nick Kew
(or earlier) Apache releases?
--
Nick Kew
clean. So, a few questions:
I don't know a clean answer: it's not a problem I've ever tackled.
But if you don't find a better solution, you can improve a little
on your existing one by running your child_init after other modules
have done theirs with APR_HOOK_LAST.
--
Nick Kew
at your work,
and put my money (or at least timeeffort) where my mouth is!
--
Nick Kew
enough votes?
The file STATUS in 2.4.x shows current votes.
(See also CHANGES, which documents what has already made it).
--
Nick Kew
,
should it be eligible for lazy-consensus backport?
The proponent posts here on a speak now or forever hold your peace
basis, and goes ahead if no discussion calls it into question.
--
Nick Kew
startup behind my back!
Suggestion 1: make it a module.
Suggestion 2: consider something lighter-weight than RDF.
e.g. an X-latest: header in our own server
response to HEAD / .
--
Nick Kew
1 - 100 of 1431 matches
Mail list logo
